mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 04:19:22 +08:00
Compare commits
282 Commits
test-nebul
...
yoga
| Author | SHA1 | Date | |
|---|---|---|---|
| 183caffbd8 | |||
| 03cb6b7c2c | |||
| a686d8259b | |||
| 057e5a5d51 | |||
| 9e36962acb | |||
| 0941aaf2ee | |||
| 3197b26b10 | |||
| ea4b2cbeb8 | |||
| 65bd74aa2d | |||
| 00572e7b29 | |||
| 5be30df0af | |||
| e4219ddefb | |||
| 108cf36835 | |||
| 5645c3d1bd | |||
| 4a56408a7a | |||
| c8d6ed06a6 | |||
| b6122fde21 | |||
| 85ed0026cb | |||
| 7ef8b41350 | |||
| 856ccc5281 | |||
| fb924cd8e0 | |||
| 66e602e750 | |||
| 570b82015e | |||
| eaa5a7f7a3 | |||
| f38b2b3596 | |||
| c1eb35b7d8 | |||
| 0b90b9831f | |||
| a56011bf6d | |||
| 4bb77b3351 | |||
| 2982615a25 | |||
| 279483923e | |||
| 1334fe2b47 | |||
| 954dd962bc | |||
| 62255316be | |||
| b2aa00afa6 | |||
| 41d14eff54 | |||
| 97e25871ae | |||
| b59f68d3b1 | |||
| dc4a836bbb | |||
| a6cddb2f7f | |||
| f05d75d041 | |||
| df76f20ff5 | |||
| 7133b45ffe | |||
| 4370b99ee6 | |||
| bfd47d1dcf | |||
| 9b89e61f20 | |||
| f1e4bfd9bc | |||
| 62aa651c15 | |||
| 5ffdec57c0 | |||
| e20527b4cd | |||
| be54e681c3 | |||
| fe9c7b9363 | |||
| 62c3c6ab29 | |||
| f97db074e6 | |||
| 22ef0c27f5 | |||
| f6a5022aca | |||
| 53020f6373 | |||
| 089fd25d8c | |||
| effb920c82 | |||
| a2c316a6f7 | |||
| 857625884d | |||
| 56a63df3c2 | |||
| fee894fa0a | |||
| 723e859079 | |||
| 864b4c06eb | |||
| 9ec12f8bfc | |||
| 27515d37fe | |||
| cbec6f8d8d | |||
| 4a7c532b31 | |||
| 50aba26cfc | |||
| d7a781ad1a | |||
| 625c3264af | |||
| 9f78a34e6a | |||
| b72c8a43fa | |||
| 286fc162c9 | |||
| 47126a7429 | |||
| be3c0e5821 | |||
| 14f62cf255 | |||
| 60f3ccc506 | |||
| 2bac21f4cf | |||
| ea02adcf4d | |||
| 7fb51ba080 | |||
| 6020e071c0 | |||
| c83c90050a | |||
| 15d89d99ad | |||
| 4b5078a76c | |||
| 073aa595d3 | |||
| 2b5349ae06 | |||
| 3f62ee0dcd | |||
| b9f5478c26 | |||
| 11ee42d876 | |||
| d7adea94eb | |||
| 990a5cf0be | |||
| 2cbe5945b7 | |||
| e06623ce79 | |||
| 4eeae31498 | |||
| 9c75d2ac8d | |||
| f2b88fa5a3 | |||
| 259a1cc6f9 | |||
| e4d1320373 | |||
| 4f24bcce18 | |||
| e3336b95f8 | |||
| 97952ec828 | |||
| 66bcb54311 | |||
| a0ef3198c2 | |||
| 68b94f7216 | |||
| b533b80f31 | |||
| a7315cd8b5 | |||
| 0a6a8fdd7b | |||
| d6d0a0e230 | |||
| 8d583b626f | |||
| 14ef69b54a | |||
| b69d4648b5 | |||
| 2efb0afcfe | |||
| 70e6430750 | |||
| 3dc8a2d73a | |||
| 795d55baee | |||
| 705d279a94 | |||
| d88610f3b7 | |||
| e832412f3b | |||
| 78b27d3ae5 | |||
| a694ada2ee | |||
| bacfb9ccf2 | |||
| fbe4c21e9a | |||
| 4340106787 | |||
| f42e1df555 | |||
| 63664f4fc7 | |||
| 33b96bd46f | |||
| 106112d16f | |||
| 38b6378160 | |||
| 33f7702330 | |||
| 556ac1994d | |||
| 99aa6ecbf7 | |||
| fde802ebfc | |||
| 1118e86d62 | |||
| ca59f06646 | |||
| 9eec3611d4 | |||
| 3f54c4256c | |||
| 91d7ab5b8f | |||
| dcf7f8ace0 | |||
| b7d524671a | |||
| f9a5581410 | |||
| 8c70c96d8e | |||
| 1957d68247 | |||
| ceb91a8ed8 | |||
| 093b27a225 | |||
| 79cad7f58a | |||
| 84ad6e3ae4 | |||
| 6318b938c2 | |||
| e21c7a916a | |||
| bdd8e82b4c | |||
| e967a2511f | |||
| b509fd7a51 | |||
| 0259ee11ec | |||
| 473c4f4d17 | |||
| 469b765f99 | |||
| ad7be5bc2b | |||
| fefd22a7eb | |||
| e4076219e1 | |||
| 8dc5b34cc1 | |||
| 4f39c1a1f3 | |||
| cf6e8dff66 | |||
| cb9665bbb6 | |||
| a419838515 | |||
| 164c5737d2 | |||
| 91ba3d8ec2 | |||
| 9fd8c2d7c6 | |||
| 11efee5bb3 | |||
| 677e8111bf | |||
| d48beec819 | |||
| 6bf6eabaa3 | |||
| 273fcbb7c5 | |||
| 22aadba0da | |||
| 5555396f5d | |||
| d935330515 | |||
| a215b50761 | |||
| 52fd57469e | |||
| b003a1be43 | |||
| 4bd0b01d9b | |||
| c3901eeeb8 | |||
| 77c4a604e9 | |||
| 7c361dab09 | |||
| b9efd5eb70 | |||
| 1a2d11cef8 | |||
| bfec0e24a0 | |||
| de9945635b | |||
| 915fcc348d | |||
| 91475e40d3 | |||
| 565b7dd6bc | |||
| 5a2b46898d | |||
| 3850b9bc05 | |||
| fb8c3cf89d | |||
| df5be06957 | |||
| 894607b933 | |||
| aec4d38497 | |||
| 2312a8398c | |||
| 2e4a542c06 | |||
| 69c7177b73 | |||
| 981643af44 | |||
| 5f88cd5cf5 | |||
| a519053c2a | |||
| 34c0ee6ced | |||
| bdc7945e71 | |||
| beffb2bb95 | |||
| 77ecc9787c | |||
| f087027c6b | |||
| aad3849ee1 | |||
| f48a494e4f | |||
| 4463cab071 | |||
| 286967f7fe | |||
| fc6fa4b1db | |||
| a21d4258f2 | |||
| 4387adde3f | |||
| bb456479b0 | |||
| 9efc93db49 | |||
| 2130ded160 | |||
| d51a8177d6 | |||
| 0eb722dab1 | |||
| 25995e7dd8 | |||
| da1a328165 | |||
| 040352d30a | |||
| 544b071081 | |||
| f5ff5c3a9e | |||
| 9847e21bff | |||
| 4ad8abda21 | |||
| 0e7385c408 | |||
| ef7fe907a6 | |||
| 48b1480206 | |||
| eccdd913ed | |||
| 4eaa4f8df2 | |||
| 1e631be14d | |||
| 01213d9eff | |||
| b8dcfa0fd6 | |||
| 53be0e13c4 | |||
| 716a4cbfcf | |||
| d2c547ca46 | |||
| 3f917a0cd1 | |||
| a1e0e17543 | |||
| 128ce69ce3 | |||
| 58e862661f | |||
| 84effe92c6 | |||
| f5ae7b00f9 | |||
| e7fd01b42f | |||
| 6215e59f74 | |||
| 228a538819 | |||
| a08c325d86 | |||
| 007438ba1f | |||
| 9b03c80b9a | |||
| eef8b0f312 | |||
| dfcd4582ba | |||
| 0fc95d4abf | |||
| 32712534e4 | |||
| e7df638e35 | |||
| eba953b7ad | |||
| b286d9c8dc | |||
| 14d61eb3a7 | |||
| 77b8330ed5 | |||
| fd13864f48 | |||
| b4792327e6 | |||
| 558a61a0f1 | |||
| 87db616f7e | |||
| 96271f7ac6 | |||
| bc9c2a45d4 | |||
| 40dec0e342 | |||
| 812d646adc | |||
| 6f166dcb80 | |||
| 3ea27ee691 | |||
| 2615ed6437 | |||
| 7c674ebbf9 | |||
| 6d2c08e434 | |||
| 6d1266b2b4 | |||
| b402bff18b | |||
| eceb956c5e | |||
| 6aca2d605d | |||
| 42879f22cb | |||
| 04bf86f89e | |||
| d5cd5d256e | |||
| 12705172fb | |||
| 865f2c3c78 | |||
| c146f56df5 | |||
| c5a9da5a4b | |||
| 63ee2ce5d9 |
@@ -5,6 +5,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
|
||||
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
|
||||
- &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
|
||||
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
creation_rules:
|
||||
- path_regex: secrets/pc\.yaml$
|
||||
key_groups:
|
||||
@@ -29,6 +30,7 @@ creation_rules:
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- *nas
|
||||
- path_regex: secrets/xmupc1\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
||||
303
flake.lock
generated
303
flake.lock
generated
@@ -8,11 +8,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1691174970,
|
||||
"narHash": "sha256-8QpyT2OXYcXSdj8hM9uSSnApTOpzhndzNF+9a5pYuA0=",
|
||||
"lastModified": 1696252780,
|
||||
"narHash": "sha256-sQEjVzzstiaNLyiFJ19EMwwbDSSNDyQZIbPiLonlDCQ=",
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"rev": "79ee3b5d776cb268e481d4d2ad5960b92e3e61a6",
|
||||
"rev": "0c9d93bdb311f7948f9fb0e98d869316d78eec12",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -30,11 +30,11 @@
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686747123,
|
||||
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
|
||||
"lastModified": 1695052866,
|
||||
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
|
||||
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -165,11 +165,11 @@
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -226,6 +226,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_6": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
@@ -269,11 +285,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690933134,
|
||||
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
|
||||
"lastModified": 1696343447,
|
||||
"narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
|
||||
"rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -307,7 +323,7 @@
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
@@ -331,11 +347,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1657226504,
|
||||
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
|
||||
"lastModified": 1696331477,
|
||||
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
|
||||
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -346,7 +362,7 @@
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685518550,
|
||||
@@ -363,15 +379,12 @@
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -382,7 +395,7 @@
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
@@ -400,7 +413,7 @@
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"inputs": {
|
||||
"systems": "systems_7"
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
@@ -417,15 +430,12 @@
|
||||
}
|
||||
},
|
||||
"flake-utils_6": {
|
||||
"inputs": {
|
||||
"systems": "systems_8"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"lastModified": 1638122382,
|
||||
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -436,14 +446,14 @@
|
||||
},
|
||||
"flake-utils_7": {
|
||||
"inputs": {
|
||||
"systems": "systems_9"
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -454,7 +464,7 @@
|
||||
},
|
||||
"flake-utils_8": {
|
||||
"inputs": {
|
||||
"systems": "systems_10"
|
||||
"systems": "systems_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685518550,
|
||||
@@ -490,7 +500,7 @@
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_4",
|
||||
"haskell-flake": "haskell-flake",
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688568579,
|
||||
@@ -518,11 +528,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689397210,
|
||||
"narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=",
|
||||
"lastModified": 1695684520,
|
||||
"narHash": "sha256-yORqGB0i1OtEf9MOCCT2BIbOd8txPZn216CM+ylMmhY=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "hercules-ci-effects",
|
||||
"rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce",
|
||||
"rev": "91fae5824f5f1199f61693c6590b4a89abaed9d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -538,27 +548,26 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1691506824,
|
||||
"narHash": "sha256-Z2Ms7036CCEAfCmDBDy+sFauO6/7fx2UN3aoPCpp4tA=",
|
||||
"lastModified": 1698128422,
|
||||
"narHash": "sha256-Qf39ATHrj6wfeC+K6uwD/FnI7RKrdEiN3uWaciUi0rM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "7b8d43fbaf8450c30caaed5eab876897d0af891b",
|
||||
"rev": "6045b68ee725167ed0487f0fb88123202ba61923",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "master",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1690797372,
|
||||
"narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=",
|
||||
"lastModified": 1694622745,
|
||||
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851",
|
||||
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -630,11 +639,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1672245824,
|
||||
"narHash": "sha256-i596lbPiA/Rfx3DiJiCluxdgxWY7oGSgYMT7OmM+zik=",
|
||||
"lastModified": 1693989153,
|
||||
"narHash": "sha256-gx39Y3opGB25+44OjM+h1bdJyzgLD963va8ULGYlbhM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "napalm",
|
||||
"rev": "7c25a05cef52dc405f4688422ce0046ca94aadcf",
|
||||
"rev": "a8215ccf1c80070f51a92771f3bc637dd9b9f7ee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -678,11 +687,11 @@
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690903419,
|
||||
"narHash": "sha256-ciRzOsKNtAZDahTn0Y0zW7AgyrVh+b1WaW+sBDiV5PA=",
|
||||
"lastModified": 1695714965,
|
||||
"narHash": "sha256-uukcDCyFOIMo5vJWJbLJk2phHZtJ1DE7YrypSV48gII=",
|
||||
"owner": "thiagokokada",
|
||||
"repo": "nix-alien",
|
||||
"rev": "e1c6e6015e3c9a07d20c1e598dfea539b6337150",
|
||||
"rev": "a948cf76e084f4ac770793c6ff9c57ad8b8c099f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -698,11 +707,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1691292840,
|
||||
"narHash": "sha256-NA+o/NoOOQhzAQwB2JpeKoG+iYQ6yn/XXVxaGd5HSQI=",
|
||||
"lastModified": 1696131323,
|
||||
"narHash": "sha256-Y47r8Jo+9rs+XUWHcDPZtkQs6wFeZ24L4CQTfVwE+vY=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "6c626d54d0414d34c771c0f6f9d771bc8aaaa3c4",
|
||||
"rev": "031d4b22505fdea47bd53bfafad517cd03c26a4f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -720,30 +729,33 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693444987,
|
||||
"narHash": "sha256-XzFFVOCtOTmaKtnE3Y/iOC0i3ZAj2tdO5aWOa6J7IDc=",
|
||||
"lastModified": 1693358717,
|
||||
"narHash": "sha256-OYGe2Yay1QoodZZmvPYBFGAoTrRfyKLzFs2vON4gRek=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "f878309889d6d91867f4455d223df0f521e2a6d1",
|
||||
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixd": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_2",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693052712,
|
||||
"narHash": "sha256-7wrP6s4OEuR7BUasy76n7j+c09rp7wyOq7YVYviXw9s=",
|
||||
"lastModified": 1695137077,
|
||||
"narHash": "sha256-wJ8EpYjsqrR4GFAF67wJKmZd4q86KuODWAag4acQL5Q=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixd",
|
||||
"rev": "f88accc8a8231efdae900ff6a14cb6301a73cff9",
|
||||
"rev": "e8f144ca50fe71e74d247e5308ae7ce122f0a0e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -782,11 +794,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692283173,
|
||||
"narHash": "sha256-6bt+X2PpoyUAtEDWJM0XT0Z54JA2YHw62VoZRTRkz7s=",
|
||||
"lastModified": 1696478570,
|
||||
"narHash": "sha256-Zqktub0f4M8K0jDHFYaTwsGUddkH3UqHU0NNfGJmIKY=",
|
||||
"owner": "nixpak",
|
||||
"repo": "nixpak",
|
||||
"rev": "eef08f1a7e871e3017edbc54d0374292a9b6f67a",
|
||||
"rev": "271e01d3912c5c622ca7fa99d63d790bea980de0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -879,29 +891,29 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1691421349,
|
||||
"narHash": "sha256-RRJyX0CUrs4uW4gMhd/X4rcDG8PTgaaCQM5rXEJOx6g=",
|
||||
"owner": "NixOS",
|
||||
"lastModified": 1697904207,
|
||||
"narHash": "sha256-XnPRcBBIYiF7u7kStqgFQcfdEyNlUuS9/hcH0Yb5h0s=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "011567f35433879aae5024fc6ec53f2a0568a6c4",
|
||||
"rev": "cad11601e9b0f3191778d4a7bfd39622ea033f0b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"owner": "CHN-beta",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1689352711,
|
||||
"narHash": "sha256-xWYFt8vWnstDIVsZ26y9mf6h3714lVmXd6l+hTQz6tw=",
|
||||
"lastModified": 1692007866,
|
||||
"narHash": "sha256-X8w0vPZjZxMm68VCwh/BHDoKRGp+BgzQ6w7Nkif6IVM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2047c642ce0f75307e8a0f2ec94715218c481184",
|
||||
"rev": "de2b8ddf94d6cc6161b7659649594c79bd66c13b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -912,22 +924,6 @@
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1686398752,
|
||||
"narHash": "sha256-nGWNQVhSw4VSL+S0D0cbrNR9vs9Bq7rlYR+1K5f5j6w=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a30520bf8eabf8a5c37889d661e67a2dbcaa59e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1688322751,
|
||||
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
|
||||
@@ -943,13 +939,13 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1693843185,
|
||||
"narHash": "sha256-/huFNnA50JSUyEg68v9uiC4xl8shVsS5LgtNRlzZvHo=",
|
||||
"lastModified": 1697904207,
|
||||
"narHash": "sha256-XnPRcBBIYiF7u7kStqgFQcfdEyNlUuS9/hcH0Yb5h0s=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e7e8dca748d5fa1a29b5bb231bf8aa727c29b89c",
|
||||
"rev": "cad11601e9b0f3191778d4a7bfd39622ea033f0b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -961,11 +957,11 @@
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1691559855,
|
||||
"narHash": "sha256-UkXcNHsasO0sr8W8X8wGeM1bBuLC5tHEueryGSLaE+E=",
|
||||
"lastModified": 1696506445,
|
||||
"narHash": "sha256-ozu7YxmHsvxSyQazVlkajF8A8U7TaXz3asCL5hFxgNk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "c987eac4f579d9e989d5a0cde93d688592bda990",
|
||||
"rev": "0178289e0bd913fe9847605b01d6e15b7d076f6e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -980,14 +976,15 @@
|
||||
"flake-utils-plus": "flake-utils-plus",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"nvfetcher": "nvfetcher"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1691561203,
|
||||
"narHash": "sha256-GmujZtR1vlTkBMahLXLp3BXYYfC0vIczxkcd9XVt6/E=",
|
||||
"lastModified": 1696487499,
|
||||
"narHash": "sha256-wvrBwhLpdF+oK5v3Lzgb1Yhz3vT1DHzIL3HKST/tCwU=",
|
||||
"owner": "xddxdd",
|
||||
"repo": "nur-packages",
|
||||
"rev": "52a85ab474601e3661f30796aa0d7fe995fc0122",
|
||||
"rev": "9e53a952689cacfd88987c55466450e3076ced05",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1014,6 +1011,32 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nvfetcher": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_6",
|
||||
"flake-utils": [
|
||||
"nur-xddxdd",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nur-xddxdd",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693539235,
|
||||
"narHash": "sha256-ACmCq1+RnVq+EB7yeN6fThUR3cCJZb6lKEfv937WG84=",
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"rev": "2bcf73dea96497ac9c36ed320b457caa705f9485",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pnpm2nix-nzbr": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_8",
|
||||
@@ -1042,11 +1065,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1691502026,
|
||||
"narHash": "sha256-wGwoeLradgB38MqaUZrKQJIP5iPs4T15SxrVVtgORNo=",
|
||||
"lastModified": 1696260682,
|
||||
"narHash": "sha256-iccjl57qw6aEe9nsCYFbF2bl7NEI/3Y4cn1U+QYvrFk=",
|
||||
"owner": "Nix-QChem",
|
||||
"repo": "NixOS-QChem",
|
||||
"rev": "a03be624e055fc80d3b44619c9c179b4f96ab45a",
|
||||
"rev": "7324cb54b7687718ed7b05581998f105fe2fd3e3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1070,8 +1093,8 @@
|
||||
"nixd": "nixd",
|
||||
"nixos-cn": "nixos-cn",
|
||||
"nixpak": "nixpak",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-stable": "nixpkgs-stable_2",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nur": "nur",
|
||||
"nur-xddxdd": "nur-xddxdd",
|
||||
"pnpm2nix-nzbr": "pnpm2nix-nzbr",
|
||||
@@ -1086,15 +1109,15 @@
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": [
|
||||
"nixpkgs-stable"
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690199016,
|
||||
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
|
||||
"lastModified": 1696320910,
|
||||
"narHash": "sha256-fbuEc6wylH+0VxG48lhPBK+SQJHfo2lusUwWHZNipIM=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
|
||||
"rev": "746c7fa1a64c1671a4bf287737c27fdc7101c4c2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1135,21 +1158,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_10": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
@@ -1240,36 +1248,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_8": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_9": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"touchix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -1291,15 +1269,12 @@
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1310,7 +1285,7 @@
|
||||
},
|
||||
"utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
|
||||
294
flake.nix
294
flake.nix
@@ -4,12 +4,12 @@
|
||||
inputs =
|
||||
{
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
sops-nix =
|
||||
{
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; };
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
|
||||
};
|
||||
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
@@ -17,11 +17,15 @@
|
||||
nur.url = "github:nix-community/NUR";
|
||||
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-vscode-extensions =
|
||||
{
|
||||
url = "github:nix-community/nix-vscode-extensions?rev=50c4bce16b93e7ca8565d51fafabc05e9f0515da";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixd.url = "github:nix-community/nixd";
|
||||
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
@@ -40,7 +44,7 @@
|
||||
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
|
||||
(builtins.concatStringsSep "\n" (builtins.map
|
||||
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
|
||||
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ]));
|
||||
[ "pc" "vps6" "vps7" "nas" "yoga" ]));
|
||||
}
|
||||
// (
|
||||
builtins.listToAttrs (builtins.map
|
||||
@@ -49,7 +53,7 @@
|
||||
name = system;
|
||||
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
|
||||
})
|
||||
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ])
|
||||
[ "pc" "vps6" "vps7" "nas" "yoga" ])
|
||||
);
|
||||
nixosConfigurations = builtins.listToAttrs (builtins.map
|
||||
(system:
|
||||
@@ -62,8 +66,8 @@
|
||||
modules = localLib.mkModules
|
||||
(
|
||||
[
|
||||
(inputs: { config.nixpkgs.overlays = [(final: prev: { localPackages =
|
||||
(import ./local/pkgs { inherit (inputs) lib; pkgs = final; });})]; })
|
||||
(inputs: { config.nixpkgs.overlays = [(final: prev:
|
||||
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
|
||||
./modules
|
||||
]
|
||||
++ system.value
|
||||
@@ -122,14 +126,11 @@
|
||||
keepOutputs = true;
|
||||
};
|
||||
nixpkgs = { march = "alderlake"; cudaSupport = true; };
|
||||
gui.enable = true;
|
||||
kernel =
|
||||
{
|
||||
patches = [ "cjktty" "preempt" ];
|
||||
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
||||
};
|
||||
gui = { enable = true; preferred = true; };
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking = { hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
|
||||
networking =
|
||||
{ hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
@@ -193,6 +194,7 @@
|
||||
"debug.mirism.one" = "127.0.0.1";
|
||||
"initrd.vps6.chn.moe" = "74.211.99.69";
|
||||
"nix-store.chn.moe" = "127.0.0.1";
|
||||
"initrd.nas.chn.moe" = "192.168.1.185";
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -207,9 +209,14 @@
|
||||
};
|
||||
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
|
||||
smartd.enable = true;
|
||||
nginx = { enable = true; transparentProxy.enable = false; };
|
||||
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
|
||||
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
transparentProxy.externalIp = [ "192.168.82.3" ];
|
||||
applications.misskey.instances."xn--qbtm095lrg0bfka60z.chn.moe" = {};
|
||||
};
|
||||
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
|
||||
};
|
||||
bugs =
|
||||
[
|
||||
@@ -268,69 +275,41 @@
|
||||
enable = true;
|
||||
transparentProxy =
|
||||
{
|
||||
externalIp = "74.211.99.69";
|
||||
externalIp = [ "74.211.99.69" "192.168.82.1" ];
|
||||
map =
|
||||
{
|
||||
"ng01.mirism.one" = 7411;
|
||||
"beta.mirism.one" = 9114;
|
||||
"nix-store.chn.moe" = 7676;
|
||||
"direct.xn--qbtm095lrg0bfka60z.chn.moe" = 7676;
|
||||
};
|
||||
};
|
||||
};
|
||||
misskey-proxy =
|
||||
{
|
||||
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
|
||||
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
};
|
||||
coturn.enable = true;
|
||||
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
};
|
||||
};})
|
||||
];
|
||||
"vps4" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
streamProxy =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
map =
|
||||
{
|
||||
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe:443"; rewriteHttps = true; };
|
||||
"anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
|
||||
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
|
||||
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; rewriteHttps = true; };
|
||||
};
|
||||
};
|
||||
applications =
|
||||
{
|
||||
misskey.instances =
|
||||
{
|
||||
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
|
||||
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
"misskey.chn.moe".upstream = "internal.vps7.chn.moe:9727";
|
||||
};
|
||||
synapse.instances."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
vaultwarden = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
|
||||
element.instances."element.chn.moe" = {};
|
||||
photoprism.instances."photoprism.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
nextcloud.proxy = { enable = true; upstream = "internal.vps7.chn.moe"; };
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver3";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "vps4";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
packages.packageSet = "server";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
coturn.enable = true;
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 16; }; };
|
||||
};
|
||||
};})
|
||||
];
|
||||
@@ -380,15 +359,38 @@
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
sshd.enable = true;
|
||||
rsshub.enable = true;
|
||||
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ];
|
||||
applications =
|
||||
{
|
||||
misskey.instances =
|
||||
{
|
||||
"xn--s8w913fdga.chn.moe" = {};
|
||||
"misskey.chn.moe".upstream.port = 9727;
|
||||
};
|
||||
synapse.instances."synapse.chn.moe" = {};
|
||||
vaultwarden.enable = true;
|
||||
photoprism.instances."photoprism.chn.moe" = {};
|
||||
nextcloud.instance.enable = true;
|
||||
};
|
||||
};
|
||||
wallabag.enable = true;
|
||||
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
|
||||
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
|
||||
misskey.instances =
|
||||
{
|
||||
misskey.hostname = "xn--s8w913fdga.chn.moe";
|
||||
misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
|
||||
};
|
||||
synapse.enable = true;
|
||||
synapse-proxy."synapse.chn.moe" = {};
|
||||
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
|
||||
vaultwarden.enable = true;
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
|
||||
photoprism.enable = true;
|
||||
nextcloud.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
@@ -402,40 +404,91 @@
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
|
||||
"/dev/mapper/nix"."/nix" = "/nix";
|
||||
"/dev/mapper/root1" =
|
||||
{
|
||||
"/nix/rootfs" = "/nix/rootfs";
|
||||
"/nix/persistent" = "/nix/persistent";
|
||||
"/nix/nodatacow" = "/nix/nodatacow";
|
||||
"/nix/rootfs/current" = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
devices =
|
||||
{
|
||||
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
|
||||
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
|
||||
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
|
||||
};
|
||||
delayedMount = [ "/" "/nix" ];
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "silvermont";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
grub.installDevice = "efi";
|
||||
nixpkgs.march = "silvermont";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "nas";
|
||||
networking =
|
||||
{ hostname = "nas"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
gui.enable = true;
|
||||
};
|
||||
packages.packageSet = "server";
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" ];
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
fontconfig.enable = true;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
hostsAllowed = "192.168. 127.";
|
||||
shares =
|
||||
{
|
||||
home.path = "/home";
|
||||
root.path = "/";
|
||||
};
|
||||
};
|
||||
sshd = { enable = true; passwordAuthentication = true; };
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
|
||||
groupshare.enable = true;
|
||||
smartd.enable = true;
|
||||
beesd =
|
||||
{
|
||||
enable = true;
|
||||
instances =
|
||||
{
|
||||
root = { device = "/"; hashTableSizeMB = 2048; };
|
||||
nix = { device = "/nix"; hashTableSizeMB = 128; };
|
||||
};
|
||||
};
|
||||
};
|
||||
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
|
||||
};})
|
||||
];
|
||||
"xmupc1" =
|
||||
@@ -600,6 +653,7 @@
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
halo-keyboard.enable = true;
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
virtualization.docker.enable = true;
|
||||
@@ -616,65 +670,8 @@
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" ];
|
||||
smartd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
"pe" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/A0F1-74E5" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a7546428-1982-4931-a61f-b7eabd185097"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto."/dev/disk/by-uuid/0b800efa-6381-4908-bd63-7fa46322a2a9" =
|
||||
{ mapper = "root"; ssd = true; };
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "efiRemovable";
|
||||
gui.enable = true;
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "pe";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" "nvidia" ];
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
virtualization.docker.enable = true;
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
sshd.enable = true;
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" ];
|
||||
smartd.enable = true;
|
||||
};
|
||||
bugs = [ "xmunet" "firmware-unstable" ];
|
||||
};})
|
||||
];
|
||||
}));
|
||||
@@ -713,7 +710,10 @@
|
||||
inputs.self.nixosConfigurations.${node};
|
||||
};
|
||||
})
|
||||
[ "vps6" "vps4" "vps7" ]);
|
||||
[ "vps6" "vps7" "nas" "yoga" ]);
|
||||
};
|
||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
|
||||
overlays.default = final: prev:
|
||||
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); };
|
||||
};
|
||||
}
|
||||
|
||||
17
local/pkgs/biu/default.nix
Normal file
17
local/pkgs/biu/default.nix
Normal file
@@ -0,0 +1,17 @@
|
||||
{
|
||||
stdenv, fetchFromGitHub, cmake, pkg-config, ninja,
|
||||
fmt, boost, magic-enum, libbacktrace, concurrencpp, tgbot-cpp, nameof, eigen, range-v3
|
||||
}: stdenv.mkDerivation rec
|
||||
{
|
||||
name = "libbiu";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "biu";
|
||||
rev = "8ed2e52968f98d3a6ddbd01e86e57604ba3a7f54";
|
||||
sha256 = "OqQ+QkjjIbpve/xn/DJA7ONw/bBg5zGNr+VJjc3o+K8=";
|
||||
};
|
||||
nativeBuildInputs = [ cmake pkg-config ninja ];
|
||||
buildInputs = [ fmt boost magic-enum libbacktrace concurrencpp tgbot-cpp nameof eigen range-v3 ];
|
||||
propagatedBuildInputs = buildInputs;
|
||||
}
|
||||
18
local/pkgs/chromiumos-touch-keyboard/default.nix
Normal file
18
local/pkgs/chromiumos-touch-keyboard/default.nix
Normal file
@@ -0,0 +1,18 @@
|
||||
{ lib, stdenv, fetchFromGitHub, fetchurl, cmake }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "chromiumos-touch-keyboard";
|
||||
version = "1.4.1";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "chromiumos_touch_keyboard";
|
||||
rev = "32b72240ccac751a1b983152f65aa5b19503ffcf";
|
||||
sha256 = "eFesDSBS2VzTOVfepgXYGynWvkrCSdCV9C/gcG/Ocbg=";
|
||||
};
|
||||
cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-Wno-error=stringop-truncation" ];
|
||||
nativeBuildInputs = [ cmake ];
|
||||
postInstall =
|
||||
''
|
||||
cp $out/etc/touch_keyboard/layouts/YB1-X9x-pc105.csv $out/etc/touch_keyboard/layout.csv
|
||||
'';
|
||||
}
|
||||
13
local/pkgs/concurrencpp/default.nix
Normal file
13
local/pkgs/concurrencpp/default.nix
Normal file
@@ -0,0 +1,13 @@
|
||||
{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "concurrencpp";
|
||||
version = "0.1.7";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "David-Haim";
|
||||
repo = "concurrencpp";
|
||||
rev = "v.${version}";
|
||||
sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
|
||||
};
|
||||
nativeBuildInputs = [ cmake ];
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
{ lib, pkgs }: with pkgs;
|
||||
{ lib, pkgs }: with pkgs; rec
|
||||
{
|
||||
typora = callPackage ./typora {};
|
||||
upho = python3Packages.callPackage ./upho {};
|
||||
@@ -7,7 +7,7 @@
|
||||
oneapi = callPackage ./oneapi {};
|
||||
send = callPackage ./send {};
|
||||
rsshub = callPackage ./rsshub {};
|
||||
misskey = callPackage ./misskey {};
|
||||
misskey = callPackage ./misskey { vips = unstablePackages.vips; };
|
||||
mk-meili-mgn = callPackage ./mk-meili-mgn {};
|
||||
phonon-unfolding = callPackage ./phonon-unfolding {};
|
||||
# vasp = callPackage ./vasp
|
||||
@@ -16,7 +16,26 @@
|
||||
# intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
|
||||
# ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
|
||||
# };
|
||||
vasp = callPackage ./vasp { openmp = llvmPackages.openmp; };
|
||||
vasp = callPackage ./vasp
|
||||
{
|
||||
openmp = llvmPackages.openmp;
|
||||
openmpi = pkgs.openmpi.override { cudaSupport = false; };
|
||||
};
|
||||
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
|
||||
# "12to11" = callPackage ./12to11 {};
|
||||
huginn = callPackage ./huginn {};
|
||||
v_sim = callPackage ./v_sim {};
|
||||
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
|
||||
eigengdb = python3Packages.callPackage ./eigengdb {};
|
||||
nodesoup = callPackage ./nodesoup {};
|
||||
matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup glad; };
|
||||
zpp-bits = callPackage ./zpp-bits {};
|
||||
eigen = callPackage ./eigen {};
|
||||
nameof = callPackage ./nameof {};
|
||||
pslist = callPackage ./pslist {};
|
||||
glad = callPackage ./glad {};
|
||||
chromiumos-touch-keyboard = callPackage ./chromiumos-touch-keyboard {};
|
||||
yoga-support = callPackage ./yoga-support {};
|
||||
tgbot-cpp = callPackage ./tgbot-cpp {};
|
||||
biu = callPackage ./biu { inherit concurrencpp tgbot-cpp nameof; stdenv = gcc13Stdenv; };
|
||||
}
|
||||
|
||||
12
local/pkgs/eigen/default.nix
Normal file
12
local/pkgs/eigen/default.nix
Normal file
@@ -0,0 +1,12 @@
|
||||
{ lib, stdenv, fetchFromGitLab, cmake }: stdenv.mkDerivation rec
|
||||
{
|
||||
name = "eigen";
|
||||
src = fetchFromGitLab
|
||||
{
|
||||
owner = "libeigen";
|
||||
repo = name;
|
||||
rev = "6d829e766ff1b1ab867d93631163cbc63ed5798f";
|
||||
sha256 = "BXUnizcRPrOyiPpoyYJ4VVOjlG49aj80mgzPKmEYPKU=";
|
||||
};
|
||||
nativeBuildInputs = [ cmake ];
|
||||
}
|
||||
15
local/pkgs/eigengdb/default.nix
Normal file
15
local/pkgs/eigengdb/default.nix
Normal file
@@ -0,0 +1,15 @@
|
||||
{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
|
||||
{
|
||||
name = "eigengdb";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "dmillard";
|
||||
repo = "eigengdb";
|
||||
rev = "c741edef3f07f33429056eff48d79a62733ed494";
|
||||
sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
|
||||
};
|
||||
doCheck = false;
|
||||
buildInputs = [ gdb ];
|
||||
nativeBuildInputs = [ gdb ];
|
||||
propagatedBuildInputs = [ numpy ];
|
||||
}
|
||||
14
local/pkgs/glad/default.nix
Normal file
14
local/pkgs/glad/default.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
{ lib, stdenv, fetchFromGitHub, cmake, python3 }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "glad";
|
||||
version = "0.1.36";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "Dav1dde";
|
||||
repo = "glad";
|
||||
rev = "v${version}";
|
||||
sha256 = "FtkPz0xchwmqE+QgS+nSJVYaAfJSTUmZsObV/IPypVQ=";
|
||||
};
|
||||
cmakeFlags = [ "-DGLAD_REPRODUCIBLE=ON" "-DGLAD_INSTALL=ON" ];
|
||||
nativeBuildInputs = [ cmake python3 ];
|
||||
}
|
||||
29
local/pkgs/huginn/default.nix
Normal file
29
local/pkgs/huginn/default.nix
Normal file
@@ -0,0 +1,29 @@
|
||||
{ lib, stdenv, bundlerEnv, fetchFromGitHub }:
|
||||
let
|
||||
pname = "huginn";
|
||||
version = "20230723";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "huginn";
|
||||
rev = "a02977ad420a01b6460634af19f714db4a8f8f36";
|
||||
hash = "sha256-Ty2EDCIjbvcf3PzPupcV4s7ZfAFTuYEjSfy0m+Yt3j4=";
|
||||
};
|
||||
gems = bundlerEnv
|
||||
{
|
||||
name = "${pname}-${version}-gems";
|
||||
gemdir = "${src}";
|
||||
gemfile = "${src}/Gemfile";
|
||||
lockfile = "${src}/Gemfile.lock";
|
||||
gemset = "${src}/gemset.nix";
|
||||
copyGemFiles = true;
|
||||
};
|
||||
in stdenv.mkDerivation
|
||||
{
|
||||
inherit pname version src;
|
||||
buildInputs = [ gems gems.wrappedRuby ];
|
||||
installPhase =
|
||||
''
|
||||
false
|
||||
'';
|
||||
}
|
||||
25
local/pkgs/matplotplusplus/default.nix
Normal file
25
local/pkgs/matplotplusplus/default.nix
Normal file
@@ -0,0 +1,25 @@
|
||||
{
|
||||
stdenv, fetchFromGitHub, cmake, pkg-config, substituteAll,
|
||||
gnuplot, libjpeg, libtiff, zlib, libpng, lapack, blas, fftw, opencv, nodesoup, cimg, glfw, libGL, python3, glad
|
||||
}: stdenv.mkDerivation
|
||||
{
|
||||
pname = "matplotplusplus";
|
||||
version = "1.2.0";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "alandefreitas";
|
||||
repo = "matplotplusplus";
|
||||
rev = "a40344efa9dc5ea0c312e6e9ef4eb7238d98dc12";
|
||||
sha256 = "6/dH/Rl2aAb8b+Ji5LwzkC+GWPOCBnYCrjy0qk8u/+I=";
|
||||
};
|
||||
cmakeFlags =
|
||||
[
|
||||
"-DBUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_EXAMPLES=OFF"
|
||||
"-DMATPLOTPP_WITH_SYSTEM_NODESOUP=ON" "-DMATPLOTPP_WITH_SYSTEM_CIMG=ON"
|
||||
"-DMATPLOTPP_BUILD_EXPERIMENTAL_OPENGL_BACKEND=ON" "-DGLAD_REPRODUCIBLE=ON"
|
||||
];
|
||||
buildInputs = [ gnuplot libjpeg libtiff zlib libpng lapack blas fftw opencv nodesoup cimg glfw libGL glad ];
|
||||
nativeBuildInputs = [ cmake pkg-config python3 ];
|
||||
propagatedBuildInputs = [ libGL glad glfw ];
|
||||
propagatedNativeBuildInputs = [ python3 ];
|
||||
}
|
||||
@@ -1,16 +1,16 @@
|
||||
{
|
||||
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs_20, writeShellScript, buildFHSEnv,
|
||||
lib, stdenv, mkPnpmPackage, fetchFromGitHub, fetchurl, nodejs_20, writeShellScript, buildFHSEnv,
|
||||
bash, cypress, vips, pkg-config
|
||||
}:
|
||||
let
|
||||
pname = "misskey";
|
||||
version = "13.14.2";
|
||||
version = "2023.10.2";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "misskey";
|
||||
rev = "e02ecb3819f6f05352d43b64ae59fa1bd683e2e0";
|
||||
hash = "sha256-zsYM67LYUn+bI6kbdW9blftxw5TUxCdzlfaOOEgZz+Q=";
|
||||
rev = "3f813d9808ebc1774457e02add8fe9c7a6937ff7";
|
||||
sha256 = "63ZIil28jcMiL+c9FMj7m1OeCrLwsQZNHib+j8ar66s=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
originalPnpmPackage = mkPnpmPackage
|
||||
@@ -26,14 +26,66 @@ let
|
||||
export NODE_ENV=production
|
||||
pnpm run migrateandstart
|
||||
'';
|
||||
re2 = stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "re2";
|
||||
version = "1.20.3";
|
||||
srcs =
|
||||
[
|
||||
(fetchurl
|
||||
{
|
||||
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-115.br";
|
||||
sha256 = "0g2k0bki0zm0vaqpz25ww119qcs1flv63h6s5ib3103arpnzmb6d";
|
||||
})
|
||||
(fetchurl
|
||||
{
|
||||
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-115.gz";
|
||||
sha256 = "1dr9zzzm67jknzvla1l5178lzmj6cfh8i1vsp5r4gkwdwbfh3ip0";
|
||||
})
|
||||
(fetchurl
|
||||
{
|
||||
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-108.br";
|
||||
sha256 = "0wby987byhshb20np1gglj6y9ji7m7jza5jwa4hyxfxs1pkkmg1n";
|
||||
})
|
||||
(fetchurl
|
||||
{
|
||||
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-108.gz";
|
||||
sha256 = "0q3dyxm63d2x0wxx23gdwym7r2gmaw4ahvmd35dgrj179ik290pi";
|
||||
})
|
||||
(fetchurl
|
||||
{
|
||||
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-93.br";
|
||||
sha256 = "1wjmdni24353ppwfiyrv1zl9ci4g2habk0g2nz6b0sijagcy7bv3";
|
||||
})
|
||||
(fetchurl
|
||||
{
|
||||
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-93.gz";
|
||||
sha256 = "0rgkryjh412g2m7rfrl2krsb9137prkk2y9ga8akn7qp1bqsbq1i";
|
||||
})
|
||||
];
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/${version}
|
||||
for i in $srcs
|
||||
do
|
||||
cp $i $out/${version}/''${i#*-}
|
||||
done
|
||||
'';
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation
|
||||
stdenv.mkDerivation rec
|
||||
{
|
||||
inherit version src pname;
|
||||
nativeBuildInputs =
|
||||
[ bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config ];
|
||||
buildInputs =
|
||||
[
|
||||
bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config
|
||||
];
|
||||
nativeBuildInputs = buildInputs;
|
||||
CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
|
||||
NODE_ENV = "production";
|
||||
RE2_DOWNLOAD_MIRROR = "${re2}";
|
||||
RE2_DOWNLOAD_SKIP_PATH = "true";
|
||||
configurePhase =
|
||||
''
|
||||
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
|
||||
@@ -67,4 +119,8 @@ in
|
||||
mkdir -p $out/files
|
||||
runHook postInstall
|
||||
'';
|
||||
passthru =
|
||||
{
|
||||
inherit originalPnpmPackage startScript re2;
|
||||
};
|
||||
}
|
||||
|
||||
20
local/pkgs/nameof/default.nix
Normal file
20
local/pkgs/nameof/default.nix
Normal file
@@ -0,0 +1,20 @@
|
||||
{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "nameof";
|
||||
version = "0.10.3";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "Neargye";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "eHG0Y/BQGbwTrBHjq9SeSiIXaVqWp7PxIq7vCIECYPk=";
|
||||
};
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
cp -r $src/include $out
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
||||
13
local/pkgs/nodesoup/default.nix
Normal file
13
local/pkgs/nodesoup/default.nix
Normal file
@@ -0,0 +1,13 @@
|
||||
{ stdenv, fetchFromGitHub, cmake, pkg-config, cairo, pcre2, xorg }: stdenv.mkDerivation rec
|
||||
{
|
||||
name = "nodesoup";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "olvb";
|
||||
repo = "nodesoup";
|
||||
rev = "3158ad082bb0cd1abee75418b12b35522dbca74f";
|
||||
sha256 = "tFLq6QC3U3uvcuWsdRy2wnwcmAfH2MkI2oMcAiUBHSo=";
|
||||
};
|
||||
buildInputs = [ cairo pcre2.dev xorg.libXdmcp.dev ];
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
}
|
||||
27
local/pkgs/pslist/default.nix
Normal file
27
local/pkgs/pslist/default.nix
Normal file
@@ -0,0 +1,27 @@
|
||||
# http://launchpadlibrarian.net/632309499/pslist_1.4.0-4_all.deb
|
||||
# https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz
|
||||
{ lib, stdenv, fetchzip, perl, procps }: stdenv.mkDerivation
|
||||
{
|
||||
pname = "pslist";
|
||||
version = "1.4.0";
|
||||
src = fetchzip
|
||||
{
|
||||
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz";
|
||||
sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
|
||||
};
|
||||
buildInstall = [ perl procps ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
cp $src/pslist $out/bin
|
||||
ln -s pslist $out/bin/rkill
|
||||
ln -s pslist $out/bin/rrenice
|
||||
mkdir -p $out/share/man/man1
|
||||
cp $src/pslist.1 $out/share/man/man1
|
||||
ln -s pslist.1 $out/share/man/man1/rkill.1
|
||||
ln -s pslist.1 $out/share/man/man1/rrenice.1
|
||||
|
||||
sed -i 's|/usr/bin/perl|${perl}/bin/perl|' $out/bin/pslist
|
||||
sed -i 's|/bin/ps|${procps}/bin/ps|' $out/bin/pslist
|
||||
'';
|
||||
}
|
||||
@@ -3,21 +3,20 @@
|
||||
chromium, bash
|
||||
}:
|
||||
let
|
||||
pname = "rsshub";
|
||||
version = "20230829";
|
||||
name = "rsshub";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "DIYgod";
|
||||
repo = "RSSHub";
|
||||
rev = "afcf9774260dc6505263cf0428970e890f2f7b1d";
|
||||
hash = "sha256-BQFE0Z5DsFTf0tylQ0NN89hCdXT/Y2M+YPa/10ccOVg=";
|
||||
rev = "67d4a7ed3f877a8ceac6caebe874c4ce5c210bd8";
|
||||
sha256 = "baJQWGrr1RdZoI2uAGp2uJO9epbjAUjks76knJSwVdE=";
|
||||
};
|
||||
originalPnpmPackage = mkPnpmPackage { inherit pname version src nodejs; };
|
||||
originalPnpmPackage = mkPnpmPackage { inherit name src nodejs; };
|
||||
nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
|
||||
rsshub-unwrapped = stdenv.mkDerivation
|
||||
{
|
||||
inherit version src;
|
||||
pname = "${pname}-unwrapped";
|
||||
inherit src;
|
||||
name = "${name}-unwrapped";
|
||||
configurePhase =
|
||||
''
|
||||
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
|
||||
@@ -44,9 +43,9 @@ let
|
||||
export CHROMIUM_EXECUTABLE_PATH=chromium
|
||||
pnpm start
|
||||
'';
|
||||
in stdenv.mkDerivation rec
|
||||
in stdenv.mkDerivation
|
||||
{
|
||||
inherit pname version;
|
||||
inherit name;
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
|
||||
15
local/pkgs/tgbot-cpp/default.nix
Normal file
15
local/pkgs/tgbot-cpp/default.nix
Normal file
@@ -0,0 +1,15 @@
|
||||
{ stdenv, fetchFromGitHub, cmake, pkg-config, boost, openssl, zlib, curl }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "tgbot-cpp";
|
||||
version = "1.7.2";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "reo7sp";
|
||||
repo = "tgbot-cpp";
|
||||
rev = "v${version}";
|
||||
sha256 = "TKirSxEUqFB1WtzNEfU4EJK3p7V5xcFIvA2+QVX7TlA=";
|
||||
};
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
buildInputs = [ boost openssl zlib curl.dev ];
|
||||
propagatedBuildInputs = buildInputs;
|
||||
}
|
||||
28
local/pkgs/v_sim/default.nix
Normal file
28
local/pkgs/v_sim/default.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
stdenv, lib, fetchFromGitLab,
|
||||
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
|
||||
glib, gtk3, epoxy, libyaml
|
||||
}:
|
||||
stdenv.mkDerivation
|
||||
{
|
||||
pname = "v_sim";
|
||||
version = "3.8.0_p20230824";
|
||||
src = fetchFromGitLab
|
||||
{
|
||||
owner = "l_sim";
|
||||
repo = "v_sim";
|
||||
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
|
||||
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
|
||||
};
|
||||
buildInputs = [ glib gtk3 epoxy libyaml ];
|
||||
nativeBuildInputs =
|
||||
[
|
||||
autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
|
||||
gtk-doc gfortran libxslt.bin
|
||||
];
|
||||
enableParallelBuilding = true;
|
||||
postPatch =
|
||||
''
|
||||
./autogen.sh
|
||||
'';
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook,
|
||||
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook, makeWrapper,
|
||||
glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
|
||||
}:
|
||||
|
||||
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec
|
||||
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook ];
|
||||
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook makeWrapper ];
|
||||
buildInputs = [ glib gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst ];
|
||||
|
||||
unpackPhase = "tar -xf ${src}";
|
||||
@@ -35,13 +35,7 @@ stdenv.mkDerivation rec
|
||||
cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
|
||||
|
||||
mkdir -p $out/bin
|
||||
tee $out/bin/vesta << EOF
|
||||
#!${stdenv.shell}
|
||||
export XDG_DATA_DIRS=$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
|
||||
export PATH="\$PATH\''${PATH:+:}${xdg-utils}/bin"
|
||||
$out/opt/VESTA-gtk3/VESTA "\$@"
|
||||
EOF
|
||||
chmod +x $out/bin/vesta
|
||||
makeWrapper $out/opt/VESTA-gtk3/VESTA $out/bin/vesta
|
||||
|
||||
patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
|
||||
'';
|
||||
|
||||
24
local/pkgs/yoga-support/default.nix
Normal file
24
local/pkgs/yoga-support/default.nix
Normal file
@@ -0,0 +1,24 @@
|
||||
{ lib, stdenv, fetchFromGitHub, python3 }:
|
||||
let
|
||||
python = python3.withPackages (ps: with ps; [ evdev pyudev ]);
|
||||
in stdenv.mkDerivation
|
||||
{
|
||||
name = "yogabook-support";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "jekhor";
|
||||
repo = "yogabook-support";
|
||||
rev = "8ecf7861e469ba4094115fff0e81d537135e3f22";
|
||||
sha256 = "4UtiQooCaeUDHc9YE9EQRJ2MNKvOqqCv85k0YyI2BO4=";
|
||||
};
|
||||
buildInputs = [ python ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
cp pen-key-handler yogabook-modes-handler $out/bin
|
||||
mkdir -p $out/lib/udev/rules.d
|
||||
cp 61-sensor-yogabook.rules $out/lib/udev/rules.d
|
||||
mkdir -p $out/lib/udev/hwdb.d
|
||||
cp 61-sensor-yogabook.hwdb $out/lib/udev/hwdb.d
|
||||
'';
|
||||
}
|
||||
18
local/pkgs/zpp-bits/default.nix
Normal file
18
local/pkgs/zpp-bits/default.nix
Normal file
@@ -0,0 +1,18 @@
|
||||
{ stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "zpp-bits";
|
||||
version = "4.4.19";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "eyalz800";
|
||||
repo = "zpp_bits";
|
||||
rev = "v${version}";
|
||||
sha256 = "ejIwrvCFALuBQbQhTfzjBb11oMR/akKnboB60GWbjlQ=";
|
||||
};
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/include
|
||||
cp $src/zpp_bits.h $out/include
|
||||
'';
|
||||
}
|
||||
@@ -46,10 +46,8 @@ inputs:
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
# xmunet use old encryption
|
||||
xmunet.nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];});
|
||||
};
|
||||
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
|
||||
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
|
||||
suspend-hibernate-waydroid.systemd.services =
|
||||
let
|
||||
systemctl = "${inputs.pkgs.systemd}/bin/systemctl";
|
||||
@@ -75,6 +73,9 @@ inputs:
|
||||
firefox.programs.firefox.enable = inputs.lib.mkForce false;
|
||||
embree.nixpkgs.overlays =
|
||||
[(final: prev: { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })];
|
||||
nvme.boot.kernelParams = [ "nvme_core.default_ps_max_latency_us=0" "iommu=soft" "pcie_aspm=off" ];
|
||||
firmware-unstable.nixpkgs.overlays =
|
||||
[ (final: prev: { linux-firmware = final.unstablePackages.linux-firmware; }) ];
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
@@ -21,6 +21,7 @@ inputs:
|
||||
topInputs.napalm.overlays.default
|
||||
topInputs.pnpm2nix-nzbr.overlays.default
|
||||
topInputs.lmix.overlays.default
|
||||
(final: prev: topInputs.aagl.overlays.default {} final.unstablePackages)
|
||||
(import "${topInputs.dguibert-nur-packages}/overlays/nvhpc-overlay")
|
||||
(final: prev:
|
||||
{
|
||||
|
||||
@@ -15,6 +15,7 @@ inputs:
|
||||
busId = mkOption { type = types.attrsOf types.str; default = {}; };
|
||||
};
|
||||
gamemode.drmDevice = mkOption { type = types.int; default = 0; };
|
||||
halo-keyboard.enable = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -101,7 +102,7 @@ inputs:
|
||||
let
|
||||
packages =
|
||||
{
|
||||
intel = [ intel-compute-runtime intel-media-driver intel-vaapi-driver libvdpau-va-gl ];
|
||||
intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
|
||||
nvidia = [ vaapiVdpau ];
|
||||
};
|
||||
in
|
||||
@@ -142,5 +143,51 @@ inputs:
|
||||
}
|
||||
)
|
||||
{ programs.gamemode.settings.gpu.gpu_device = "${toString hardware.gamemode.drmDevice}"; }
|
||||
# halo-keyboard
|
||||
(mkIf hardware.halo-keyboard.enable
|
||||
(
|
||||
let
|
||||
keyboard = inputs.pkgs.localPackages.chromiumos-touch-keyboard;
|
||||
support = inputs.pkgs.localPackages.yoga-support;
|
||||
in
|
||||
{
|
||||
services.udev.packages = [ keyboard support ];
|
||||
systemd.services =
|
||||
{
|
||||
touch-keyboard-handler.serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
WorkingDirectory = "/etc/touch_keyboard";
|
||||
# ExecStartPre = let sh = "${inputs.pkgs.bash}/bin/sh"; in
|
||||
# [
|
||||
# ''-${sh} -c "echo 0 > /sys/class/pwm/pwmchip1/export"''
|
||||
# ''${sh} -c "echo 0 > /sys/class/pwm/pwmchip1/pwm0/enable"''
|
||||
# ''${sh} -c "echo 1 > /sys/class/pwm/pwmchip1/pwm0/enable"''
|
||||
# ];
|
||||
ExecStart = "${keyboard}/bin/touch_keyboard_handler";
|
||||
};
|
||||
yogabook-modes-handler =
|
||||
{
|
||||
wantedBy = [ "default.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
ExecStart = "${support}/bin/yogabook-modes-handler";
|
||||
StandardOutput = "journal";
|
||||
};
|
||||
};
|
||||
monitor-sensor =
|
||||
{
|
||||
wantedBy = [ "default.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
ExecStart = "${inputs.pkgs.iio-sensor-proxy}/bin/monitor-sensor --hinge";
|
||||
};
|
||||
};
|
||||
};
|
||||
environment.etc."touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
|
||||
}
|
||||
))
|
||||
];
|
||||
}
|
||||
|
||||
@@ -25,290 +25,565 @@ inputs:
|
||||
_pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
};
|
||||
config = let inherit (inputs.lib) mkMerge mkIf; inherit (inputs.localLib) stripeTabs; in mkMerge
|
||||
[
|
||||
# >= server
|
||||
{
|
||||
nixos.packages = with inputs.pkgs;
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (builtins) concatLists map listToAttrs;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
in mkMerge
|
||||
[
|
||||
# >= server
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# shell
|
||||
ksh
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
nano bat
|
||||
# downloader
|
||||
wget aria2 curl
|
||||
# file manager
|
||||
tree exa trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz rar upx unzip inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.zip lzip p7zip
|
||||
# file system management
|
||||
sshfs e2fsprogs adb-sync duperemove compsize
|
||||
# disk management
|
||||
smartmontools hdparm
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
|
||||
# nix tools
|
||||
nix-output-monitor nix-tree
|
||||
# office
|
||||
todo-txt-cli
|
||||
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2
|
||||
])];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
nix-index-database.comma.enable = true;
|
||||
nix-index.enable = true;
|
||||
zsh =
|
||||
nixos =
|
||||
{
|
||||
enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
ohMyZsh =
|
||||
packages = with inputs.pkgs;
|
||||
{
|
||||
enable = true;
|
||||
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
|
||||
customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
|
||||
_packages =
|
||||
[
|
||||
# shell
|
||||
ksh
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch localPackages.pslist
|
||||
unstablePackages.fastfetch
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
nano bat
|
||||
# downloader
|
||||
wget aria2 curl
|
||||
# file manager
|
||||
tree eza trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz rar upx unzip zip lzip p7zip
|
||||
# file system management
|
||||
sshfs e2fsprogs adb-sync duperemove compsize
|
||||
# disk management
|
||||
smartmontools hdparm
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
|
||||
# nix tools
|
||||
nix-output-monitor nix-tree
|
||||
# office
|
||||
todo-txt-cli
|
||||
# development
|
||||
gdb unstablePackages.try
|
||||
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2 localPackages.eigengdb
|
||||
])];
|
||||
};
|
||||
};
|
||||
ccache.enable = true;
|
||||
command-not-found.enable = false;
|
||||
adb.enable = true;
|
||||
gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
autojump.enable = true;
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.gitFull;
|
||||
lfs.enable = true;
|
||||
config =
|
||||
users.sharedModules = [(home-inputs:
|
||||
{
|
||||
init.defaultBranch = "main";
|
||||
core = { quotepath = false; editor = "vim"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
fwupd.enable = true;
|
||||
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
|
||||
};
|
||||
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
|
||||
nixpkgs.config =
|
||||
{
|
||||
permittedInsecurePackages = with inputs.pkgs;
|
||||
[
|
||||
openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
|
||||
];
|
||||
allowUnfree = true;
|
||||
};
|
||||
}
|
||||
# >= desktop
|
||||
(
|
||||
mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
|
||||
{
|
||||
nixos.packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# system management
|
||||
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
|
||||
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
|
||||
# nix tools
|
||||
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
|
||||
cinny-desktop # nur-xddxdd.wine-wechat thunder
|
||||
# browser
|
||||
google-chrome
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# password and key management
|
||||
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
|
||||
# download
|
||||
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
|
||||
# office
|
||||
crow-translate zotero pandoc
|
||||
# development
|
||||
scrcpy
|
||||
# media
|
||||
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk
|
||||
# text editor
|
||||
localPackages.typora
|
||||
# themes
|
||||
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
|
||||
arc-kde-theme materia-theme
|
||||
# news
|
||||
fluent-reader rssguard
|
||||
# davinci-resolve playonlinux
|
||||
weston cage
|
||||
genymotion
|
||||
(
|
||||
vscode-with-extensions.override
|
||||
config.programs =
|
||||
{
|
||||
zsh =
|
||||
{
|
||||
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
|
||||
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
|
||||
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate deepl-translate ])
|
||||
++ (with ms-python; [ isort python vscode-pylance ])
|
||||
++ (with ms-toolsai;
|
||||
[
|
||||
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
|
||||
])
|
||||
++ (with ms-vscode;
|
||||
[
|
||||
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
|
||||
test-adapter-converter
|
||||
])
|
||||
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
|
||||
++ [
|
||||
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
|
||||
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
|
||||
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
|
||||
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
|
||||
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
|
||||
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
|
||||
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
|
||||
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
|
||||
];
|
||||
}
|
||||
)
|
||||
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
|
||||
enable = true;
|
||||
initExtraBeforeCompInit =
|
||||
''
|
||||
# p10k instant prompt
|
||||
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||||
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||||
HYPHEN_INSENSITIVE="true"
|
||||
export PATH=~/bin:$PATH
|
||||
function br
|
||||
{
|
||||
local cmd cmd_file code
|
||||
cmd_file=$(mktemp)
|
||||
if broot --outcmd "$cmd_file" "$@"; then
|
||||
cmd=$(<"$cmd_file")
|
||||
command rm -f "$cmd_file"
|
||||
eval "$cmd"
|
||||
else
|
||||
code=$?
|
||||
command rm -f "$cmd_file"
|
||||
return "$code"
|
||||
fi
|
||||
}
|
||||
alias todo="todo.sh"
|
||||
'';
|
||||
plugins =
|
||||
[
|
||||
{
|
||||
file = "powerlevel10k.zsh-theme";
|
||||
name = "powerlevel10k";
|
||||
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||||
}
|
||||
{
|
||||
file = "p10k.zsh";
|
||||
name = "powerlevel10k-config";
|
||||
src = ./p10k-config;
|
||||
}
|
||||
{
|
||||
name = "zsh-lsd";
|
||||
src = inputs.pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "z-shell";
|
||||
repo = "zsh-lsd";
|
||||
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
|
||||
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
|
||||
};
|
||||
}
|
||||
];
|
||||
history =
|
||||
{
|
||||
path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
|
||||
extended = true;
|
||||
save = 100000000;
|
||||
size = 100000000;
|
||||
share = true;
|
||||
};
|
||||
};
|
||||
direnv = { enable = true; nix-direnv.enable = true; };
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
extraConfig =
|
||||
{
|
||||
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
|
||||
advice.detachedHead = false;
|
||||
merge.conflictstyle = "diff3";
|
||||
diff.colorMoved = "default";
|
||||
};
|
||||
package = inputs.pkgs.gitFull;
|
||||
delta =
|
||||
{
|
||||
enable = true;
|
||||
options =
|
||||
{
|
||||
side-by-side = true;
|
||||
navigate = true;
|
||||
syntax-theme = "GitHub";
|
||||
light = true;
|
||||
zero-style = "syntax white";
|
||||
line-numbers-zero-style = "#ffffff";
|
||||
};
|
||||
};
|
||||
};
|
||||
ssh =
|
||||
{
|
||||
enable = true;
|
||||
controlMaster = "auto";
|
||||
controlPersist = "1m";
|
||||
compression = true;
|
||||
};
|
||||
vim =
|
||||
{
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
packageConfigurable = inputs.config.programs.vim.package;
|
||||
settings =
|
||||
{
|
||||
number = true;
|
||||
expandtab = false;
|
||||
shiftwidth = 2;
|
||||
tabstop = 2;
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
set clipboard=unnamedplus
|
||||
colorscheme evening
|
||||
'';
|
||||
};
|
||||
};
|
||||
})];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
steam.enable = true;
|
||||
kdeconnect.enable = true;
|
||||
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
|
||||
firefox =
|
||||
nix-index-database.comma.enable = true;
|
||||
nix-index.enable = true;
|
||||
zsh =
|
||||
{
|
||||
enable = true;
|
||||
languagePacks = [ "zh-CN" "en-US" ];
|
||||
nativeMessagingHosts.firefoxpwa = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
ohMyZsh =
|
||||
{
|
||||
enable = true;
|
||||
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
|
||||
customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
|
||||
};
|
||||
};
|
||||
vim.package = inputs.pkgs.vim-full;
|
||||
};
|
||||
nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
telegram-desktop = pkgs.telegram-desktop.overrideAttrs (attrs:
|
||||
ccache.enable = true;
|
||||
command-not-found.enable = false;
|
||||
adb.enable = true;
|
||||
gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
autojump.enable = true;
|
||||
git =
|
||||
{
|
||||
patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./telegram.patch ];
|
||||
});
|
||||
enable = true;
|
||||
package = inputs.pkgs.gitFull;
|
||||
lfs.enable = true;
|
||||
config =
|
||||
{
|
||||
init.defaultBranch = "main";
|
||||
core = { quotepath = false; editor = "vim"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
}
|
||||
)
|
||||
# >= workstation
|
||||
(
|
||||
mkIf (inputs.config.nixos.packages.packageSet == "workstation")
|
||||
{
|
||||
nixos.packages = with inputs.pkgs;
|
||||
services =
|
||||
{
|
||||
_packages =
|
||||
fwupd.enable = true;
|
||||
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
|
||||
openssh.knownHosts =
|
||||
let
|
||||
servers =
|
||||
{
|
||||
vps6 =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
|
||||
hostnames = [ "vps6.chn.moe" "74.211.99.69" "192.168.82.1" ];
|
||||
};
|
||||
"initrd.vps6" =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
|
||||
hostnames = [ "initrd.vps6.chn.moe" "74.211.99.69" ];
|
||||
};
|
||||
vps7 =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
|
||||
hostnames = [ "vps7.chn.moe" "95.111.228.40" "192.168.82.2" ];
|
||||
};
|
||||
"initrd.vps7" =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
|
||||
hostnames = [ "initrd.vps7.chn.moe" "95.111.228.40" ];
|
||||
};
|
||||
nas =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
|
||||
hostnames = [ "[office.chn.moe]:5440" "192.168.82.4" ];
|
||||
};
|
||||
"initrd.nas" =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
|
||||
hostnames = [ "[office.chn.moe]:5440" ];
|
||||
};
|
||||
pc =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
|
||||
hostnames = [ "192.168.8.2.3" ];
|
||||
};
|
||||
hpc =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVpsQW3kZt5alHC6mZhay3ZEe2fRGziG4YJWCv2nn/O";
|
||||
hostnames = [ "hpc.xmu.edu.cn" ];
|
||||
};
|
||||
github =
|
||||
{
|
||||
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
|
||||
hostnames = [ "github.com" ];
|
||||
};
|
||||
};
|
||||
in listToAttrs (concatLists (map
|
||||
(server:
|
||||
(
|
||||
if builtins.pathExists ./ssh/${server.name}_rsa.pub then
|
||||
[{
|
||||
name = "${server.name}-rsa";
|
||||
value =
|
||||
{
|
||||
publicKey = builtins.readFile ./ssh/${server.name}_rsa.pub;
|
||||
hostNames = server.value.hostnames;
|
||||
};
|
||||
}]
|
||||
else []
|
||||
)
|
||||
++ (
|
||||
if builtins.pathExists ./ssh/${server.name}_ecdsa.pub then
|
||||
[{
|
||||
name = "${server.name}-ecdsa";
|
||||
value =
|
||||
{
|
||||
publicKey = builtins.readFile ./ssh/${server.name}_ecdsa.pub;
|
||||
hostNames = server.value.hostnames;
|
||||
};
|
||||
}]
|
||||
else []
|
||||
)
|
||||
++ (
|
||||
if server.value ? ed25519 then
|
||||
[{
|
||||
name = "${server.name}-ed25519";
|
||||
value =
|
||||
{
|
||||
publicKey = server.value.ed25519;
|
||||
hostNames = server.value.hostnames;
|
||||
};
|
||||
}]
|
||||
else []
|
||||
))
|
||||
(attrsToList servers)));
|
||||
};
|
||||
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
|
||||
nixpkgs.config =
|
||||
{
|
||||
permittedInsecurePackages = with inputs.pkgs;
|
||||
[
|
||||
# nix tools
|
||||
nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
|
||||
nix-prefetch-docker pnpm-lock-export
|
||||
# instant messager
|
||||
zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack # jail
|
||||
# office
|
||||
libreoffice-qt texlive.combined.scheme-full texstudio poppler_utils pdftk gnuplot pdfchain
|
||||
# development
|
||||
jetbrains.clion android-studio dbeaver cling clang-tools_16 ccls fprettify
|
||||
# media
|
||||
nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
|
||||
# virtualization
|
||||
wine virt-viewer bottles # wine64
|
||||
# text editor
|
||||
appflowy notion-app-enhanced joplin-desktop standardnotes
|
||||
# math, physics and chemistry
|
||||
mathematica octave root ovito paraview localPackages.vesta qchem.quantum-espresso # vsim
|
||||
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit
|
||||
# news
|
||||
newsflash newsboat
|
||||
openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
|
||||
];
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
phonopy tensorflow keras openai scipy scikit-learn
|
||||
])];
|
||||
_prebuildPackages = [ httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2 ];
|
||||
allowUnfree = true;
|
||||
};
|
||||
programs =
|
||||
home-manager =
|
||||
{
|
||||
anime-game-launcher.enable = true;
|
||||
honkers-railway-launcher.enable = true;
|
||||
nix-ld.enable = true;
|
||||
gamemode =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
general.renice = 10;
|
||||
gpu =
|
||||
{
|
||||
apply_gpu_optimisations = "accept-responsibility";
|
||||
nv_powermizer_mode = 1;
|
||||
};
|
||||
custom = let notify-send = "${inputs.pkgs.libnotify}/bin/notify-send"; in
|
||||
{
|
||||
start = "${notify-send} 'GameMode started'";
|
||||
end = "${notify-send} 'GameMode ended'";
|
||||
};
|
||||
};
|
||||
};
|
||||
chromium =
|
||||
{
|
||||
enable = true;
|
||||
extraOpts =
|
||||
{
|
||||
PasswordManagerEnabled = false;
|
||||
};
|
||||
};
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
};
|
||||
}
|
||||
)
|
||||
# apply package configs
|
||||
{
|
||||
environment.systemPackages = let inherit (inputs.lib.lists) subtractLists; in with inputs.config.nixos.packages;
|
||||
(subtractLists excludePackages (_packages ++ extraPackages))
|
||||
++ [
|
||||
(inputs.pkgs.python3.withPackages (pythonPackages:
|
||||
subtractLists
|
||||
(builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
|
||||
excludePythonPackages))
|
||||
(builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
|
||||
(_pythonPackages ++ extraPythonPackages)))))
|
||||
(inputs.pkgs.callPackage ({ stdenv }: stdenv.mkDerivation
|
||||
# >= desktop
|
||||
(
|
||||
mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
name = "prebuild-packages";
|
||||
propagateBuildInputs = subtractLists excludePrebuildPackages (_prebuildPackages ++ extraPrebuildPackages);
|
||||
phases = [ "installPhase" ];
|
||||
installPhase = stripeTabs
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
runHook postInstall
|
||||
'';
|
||||
}) {})
|
||||
];
|
||||
}
|
||||
];
|
||||
packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# system management
|
||||
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
|
||||
wayland-utils clinfo glxinfo vulkan-tools dracut etcher unstablePackages.btrfs-assistant
|
||||
# nix tools
|
||||
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
|
||||
cinny-desktop # nur-xddxdd.wine-wechat thunder
|
||||
# browser
|
||||
google-chrome
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# password and key management
|
||||
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
|
||||
# download
|
||||
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
|
||||
# office
|
||||
unstablePackages.crow-translate zotero pandoc ydict
|
||||
# development
|
||||
scrcpy
|
||||
# media
|
||||
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
|
||||
# text editor
|
||||
localPackages.typora
|
||||
# themes
|
||||
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
|
||||
arc-kde-theme materia-theme
|
||||
# news
|
||||
fluent-reader rssguard
|
||||
# davinci-resolve playonlinux
|
||||
weston cage openbox krita
|
||||
genymotion hdfview electrum
|
||||
(
|
||||
vscode-with-extensions.override
|
||||
{
|
||||
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
|
||||
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
|
||||
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate deepl-translate ])
|
||||
++ (with ms-python; [ isort python vscode-pylance ])
|
||||
++ (with ms-toolsai;
|
||||
[
|
||||
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
|
||||
])
|
||||
++ (with ms-vscode;
|
||||
[
|
||||
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
|
||||
test-adapter-converter
|
||||
])
|
||||
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
|
||||
++ [
|
||||
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
|
||||
oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
|
||||
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
|
||||
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
|
||||
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug
|
||||
hbenl.vscode-test-explorer
|
||||
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
|
||||
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
|
||||
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
|
||||
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode webfreak.debug
|
||||
gruntfuggly.todo-tree
|
||||
];
|
||||
}
|
||||
)
|
||||
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
|
||||
};
|
||||
users.sharedModules =
|
||||
[{
|
||||
config =
|
||||
{
|
||||
programs =
|
||||
{
|
||||
chromium =
|
||||
{
|
||||
enable = true;
|
||||
extensions =
|
||||
[
|
||||
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
|
||||
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
|
||||
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
|
||||
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
|
||||
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
|
||||
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
|
||||
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
|
||||
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
|
||||
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
|
||||
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
|
||||
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
|
||||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
|
||||
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
|
||||
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
|
||||
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
|
||||
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
|
||||
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
|
||||
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
|
||||
{ id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask
|
||||
];
|
||||
};
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with inputs.pkgs.obs-studio-plugins;
|
||||
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
};
|
||||
home.file.".config/baloofilerc".text =
|
||||
''
|
||||
[Basic Settings]
|
||||
Indexing-Enabled=false
|
||||
'';
|
||||
};
|
||||
}];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
steam.enable = true;
|
||||
kdeconnect.enable = true;
|
||||
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
|
||||
firefox =
|
||||
{
|
||||
enable = true;
|
||||
languagePacks = [ "zh-CN" "en-US" ];
|
||||
nativeMessagingHosts.firefoxpwa = true;
|
||||
};
|
||||
vim.package = inputs.pkgs.genericPackages.vim-full;
|
||||
};
|
||||
nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
telegram-desktop = pkgs.telegram-desktop.overrideAttrs (attrs:
|
||||
{
|
||||
patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./telegram.patch ];
|
||||
});
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
}
|
||||
)
|
||||
# >= workstation
|
||||
(
|
||||
mkIf (inputs.config.nixos.packages.packageSet == "workstation")
|
||||
{
|
||||
nixos.packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# nix tools
|
||||
nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
|
||||
nix-prefetch-docker pnpm-lock-export bundix
|
||||
# instant messager
|
||||
zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack # jail
|
||||
# office
|
||||
libreoffice-qt texlive.combined.scheme-full texstudio poppler_utils pdftk gnuplot pdfchain
|
||||
# development
|
||||
jetbrains.clion android-studio dbeaver cling clang-tools_16 ccls fprettify
|
||||
# media
|
||||
nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
|
||||
# virtualization
|
||||
wineWowPackages.stagingFull virt-viewer bottles # wine64
|
||||
# text editor
|
||||
appflowy notion-app-enhanced joplin-desktop standardnotes
|
||||
# math, physics and chemistry
|
||||
mathematica octaveFull root ovito paraview localPackages.vesta qchem.quantum-espresso
|
||||
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit jmol localPackages.v_sim
|
||||
# news
|
||||
newsflash newsboat
|
||||
microsoft-edge
|
||||
];
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
phonopy tensorflow keras openai scipy scikit-learn jupyterlab
|
||||
])];
|
||||
_prebuildPackages =
|
||||
[
|
||||
httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2
|
||||
unstablePackages.gcc13Stdenv
|
||||
];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
|
||||
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
|
||||
nix-ld.enable = true;
|
||||
gamemode =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
general.renice = 10;
|
||||
gpu =
|
||||
{
|
||||
apply_gpu_optimisations = "accept-responsibility";
|
||||
nv_powermizer_mode = 1;
|
||||
};
|
||||
custom = let notify-send = "${inputs.pkgs.libnotify}/bin/notify-send"; in
|
||||
{
|
||||
start = "${notify-send} 'GameMode started'";
|
||||
end = "${notify-send} 'GameMode ended'";
|
||||
};
|
||||
};
|
||||
};
|
||||
chromium =
|
||||
{
|
||||
enable = true;
|
||||
extraOpts.PasswordManagerEnabled = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
# apply package configs
|
||||
{
|
||||
environment.systemPackages = let inherit (inputs.lib.lists) subtractLists; in with inputs.config.nixos.packages;
|
||||
(subtractLists excludePackages (_packages ++ extraPackages))
|
||||
++ [
|
||||
(inputs.pkgs.python3.withPackages (pythonPackages:
|
||||
subtractLists
|
||||
(builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
|
||||
excludePythonPackages))
|
||||
(builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
|
||||
(_pythonPackages ++ extraPythonPackages)))))
|
||||
(inputs.pkgs.callPackage ({ stdenv }: stdenv.mkDerivation
|
||||
{
|
||||
name = "prebuild-packages";
|
||||
propagateBuildInputs = subtractLists excludePrebuildPackages (_prebuildPackages ++ extraPrebuildPackages);
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
runHook postInstall
|
||||
'';
|
||||
}) {})
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
# programs.firejail =
|
||||
@@ -411,4 +686,4 @@ inputs:
|
||||
# x11-misc/optimus-manager
|
||||
# x11-misc/unclutter-xfixes
|
||||
|
||||
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
|
||||
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
|
||||
|
||||
@@ -1686,7 +1686,7 @@
|
||||
# - verbose: Enable instant prompt and print a warning when detecting console output during
|
||||
# zsh initialization. Choose this if you've never tried instant prompt, haven't
|
||||
# seen the warning, or if you are unsure what this all means.
|
||||
typeset -g POWERLEVEL9K_INSTANT_PROMPT=verbose
|
||||
typeset -g POWERLEVEL9K_INSTANT_PROMPT=quiet
|
||||
|
||||
# Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized.
|
||||
# For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload
|
||||
1
modules/packages/ssh/github_ecdsa.pub
Normal file
1
modules/packages/ssh/github_ecdsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||
1
modules/packages/ssh/github_rsa.pub
Normal file
1
modules/packages/ssh/github_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||
1
modules/packages/ssh/hpc_ecdsa.pub
Normal file
1
modules/packages/ssh/hpc_ecdsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDkkl7A9kWWBoi4b5g6Vus70ja1KhPfcZZjeU1/QbYdN8PRRw/hsGklrhefslKRbym/TMFS0ko0g5WUi9G5vbGw=
|
||||
1
modules/packages/ssh/hpc_rsa.pub
Normal file
1
modules/packages/ssh/hpc_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgs8MvV2nczjGMZ548tuAhgvCEd4uHu0VhLDSwQG7Nh/UR4Pgc5T9Nf7Vfwg96Lah/pwD5my4RaWis6bLMmlkYyDBKFBOsGYQUe5J5XfZdxk8pz+7L0Hq6gPfAZAdNlUiuFVKsvkE+NF42NgJyXSYQicPbu5LQiFwZGXlW20+LO8uBQ1y1xabKVpg8XGwordduL99VepwEzeLK/st+UVfW+mKgxkf9TuxvD2fuYIDZM7y2rXqcjf4/6OXA5kACsYK1MgZSFxgO/m6+1uCC1qBDseMTA3D+Tsjf9VtcqUE9dMd/dJ/uuILHJ0+oIqkykTCecPLgJY3Vh8rAtln/lbId
|
||||
1
modules/packages/ssh/nas_rsa.pub
Normal file
1
modules/packages/ssh/nas_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0+xafJMnOGCHv6OLljaq8iJ3ZBaIezv7AJ9rVWJXFg/QJRYBwct35c4zaVom7If8F+Ss+BTLMp33HZ8gLpoat6LkjARjy65Ycog3NOnEposX2JjZEYXDbovxEmcJkDXAIVmnaBUi3r22z4UI8OqsHPeRXj017O0yQrQQYEAw/IO/tSNQZt2k8JHxAX50UTqGFdgkriO1fYHBocq48m0nn3sXrMuM3yBe5zy3NngOHxMn7UxjECmAElsuu/nu1x083pRnv5NSa+JxDGJ+S6Zhj3nGGNwZesa51I4cJjsYLxgmO/NxL1J86bDp6HhK9C9799ruG60pGTw6HcvbKTgx7klUgn4936wsy7qukWqp53MvqrLSJkRb/HHU9zZqvzcjbwet+Iv1OAAok5QC88j7Jgenk3nbZw4BNFd2r/8rOZuXheDnMKOa61dXxnvoAO3Euk0RPdZqW1slT/DDyD/kB6TPY7yOywNURNnrwzfSsmravKi6bGA5t2Ehhpf2LETM=
|
||||
1
modules/packages/ssh/pc_rsa.pub
Normal file
1
modules/packages/ssh/pc_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyU7VvusseL2tDp7JkIXKGxRGQNHpYWVAPraUj17Xls7Z9e7HO6+GBiGP+bB9tZbzsoTNGHdXg8VaJmf98QAhhg0FcUb6IvWmfmPWzQ0MC8L+USqdDpaH7s9SOZF/yveNYCR5GOMmFdSW4OPVYIOrjPltDIe5S1SN2nOXvjxbLmuoMjg+5U4F0ii0ZaCRuMVDskeift+Amxe7iRnSzeDbECd0rJhaUb8gf3shz0Hp9lRUMej7cJH8LLP3m0s3Vk+kasKntz18MpJ6/3n+fR2aK75qkcq9FZaFA4tSIabh9eKoxlRCy7g8Qj6nNStW+ys/a1UYBFgAoTyE7e47o3dpcxR5oMLbeDwhOstWL0YOjEH1K5Wyj3eEOT71C6kuQBPcCJQ9q9hknRpW0mWe9Q6qaAzTgE9LLssijr/yTfYQk7zKEyo0i4f6buOfmyYZfnzfnCB3LiJKa98TVEEzrKYHIO44LwIkNf/YHOMDknzjYpav6HfDy+AebRHZFYhGax1YP/tP0Ve/FSq5rh6Vwuqa/zyfFUPZmZVf+EYXK7DdyuBhEZhBEu6QrjY60NRMTMLpnUZMcZXRAz9byMpAGcCYQv6gjU99ps8AkRjZNkn+FpAtDGT+oJxixQwyZMSxZ+ZuzkZGyBMeMplZXMMLICGZ2LRAgT0bxXLZUxHJBLwwnw==
|
||||
1
modules/packages/ssh/vps6_rsa.pub
Normal file
1
modules/packages/ssh/vps6_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYiP+ELuG5KTmafVjBkY0ZSggJg+mDkvZpF8d7NljMst0YwKWV3IgHnkAGXdTd7jlRgm9HH6oc8rP2R6Q8EJmfr+xcL1IQIWKuYAoddHlpe2Ds4EE74xbgm5Elf7FpdYNHUH9XyVmMmIhVSpLw2N10jUhvYqw+h+xC2nObEKZuBOt/lqrTGbC/EMv3+sDv0ApBh8lKt2yfjt88pnAj1LKPANDgIYSyQOllHQWeUY/eD/5Qc9XWR3uWclslVaxriRmEA0sNZlOFCeRIyDbYpSzQBdcnojkwt7Z5kjhaqGlT9g00fdiqO0OMaeY/G8ki3QxqjONqTEDqK+DpEZFO6jyZARcY6ki0ANc0AO4qosEC3gEbAvVwyPwDFtyDggMTHlTzaw8iakMGSDEk10zKaUOgZYLzC2yCWYYQS5mae9wC1gkXIGD51/laeq2E7NpM+nha6kp9weLVyvwf0DLfwsiP+0qlCLrxBLTSRa0HQ+BnQMi4r16Ss7YJwLf/oXrbOVk=
|
||||
1
modules/packages/ssh/vps7_rsa.pub
Normal file
1
modules/packages/ssh/vps7_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFwb7qi9/DvhpMvu43LRlTEC+3kPAA0KNeyk4FT4HlpRE/yxMxN6tgrP9vcx2c6TMfkRwIJKDcBuVVtKOVx+SDZo+nQBxpSz73v1qSmqlsy8D4gCk0a7cLgStb3Cvh0UZjJ5nVnxjzqY2CFnpnKYGmxL+a3qTj1KYPuA2wSsxkYVcHUfDj/uTtEDdRPaNTACsUxe1a57T/Tsjp+321+zKldYreozaABEBsexf9Z34+3vZvyQcfDB3QuxlBRPJBLik80QllpNpE1bqol8swoGEPbl/Ac7tNy+GtlwTG9SH1povmoT9K+8tjJaG2pD+z+vvgZQtJQh+aczYmEBJRZp3ksw1JH4eGqTWG/SDat9Isnx2NDhJe12b9izniDciuBScNySAazIDPidsCMUYjc9kgWdSOiODOtodj5IB+KazFVJgfpmzPv97LHVdjvR74usrgbFw2mYCw2YEiL3xjDYpQGmXSNklsQLwJiBe59oyS4QNpNYQzYD9StjgRIdvtmiM=
|
||||
39
modules/services/acme.nix
Normal file
39
modules/services/acme.nix
Normal file
@@ -0,0 +1,39 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
certs = mkOption
|
||||
{
|
||||
type = types.listOf (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) acme;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkIf acme.enable
|
||||
{
|
||||
security.acme =
|
||||
{
|
||||
acceptTerms = true;
|
||||
defaults.email = "chn@chn.moe";
|
||||
certs = listToAttrs (map
|
||||
(cert:
|
||||
{
|
||||
name = if builtins.typeOf cert == "string" then cert else builtins.elemAt cert 0;
|
||||
value =
|
||||
{
|
||||
dnsResolver = "8.8.8.8";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
|
||||
extraDomainNames = if builtins.typeOf cert == "string" then [] else builtins.tail cert;
|
||||
};
|
||||
})
|
||||
acme.certs);
|
||||
};
|
||||
sops.secrets."acme/cloudflare.ini" = {};
|
||||
};
|
||||
}
|
||||
50
modules/services/beesd.nix
Normal file
50
modules/services/beesd.nix
Normal file
@@ -0,0 +1,50 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
instances = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule { options =
|
||||
{
|
||||
device = mkOption { type = types.nonEmptyStr; };
|
||||
hashTableSizeMB = mkOption { type = types.int; };
|
||||
};})
|
||||
]);
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) beesd;
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) map listToAttrs;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
in mkIf beesd.enable
|
||||
{
|
||||
services.beesd.filesystems = listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
inherit (instance) name;
|
||||
value =
|
||||
{
|
||||
spec = instance.value.device or instance.value;
|
||||
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
|
||||
extraOptions = [ "--thread-count" "1" "--scan-mode" "3" ];
|
||||
};
|
||||
})
|
||||
(attrsToList beesd.instances));
|
||||
systemd.slices.system-beesd.sliceConfig =
|
||||
{
|
||||
CPUSchedulingPolicy = "idle";
|
||||
IOSchedulingClass = "idle";
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
Nice = 19;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature
|
||||
@@ -6,72 +6,30 @@ inputs:
|
||||
./redis.nix
|
||||
./rsshub.nix
|
||||
./misskey.nix
|
||||
./nginx.nix
|
||||
./nginx
|
||||
./meilisearch.nix
|
||||
./xray.nix
|
||||
./coturn.nix
|
||||
./synapse.nix
|
||||
./phpfpm.nix
|
||||
./xrdp.nix
|
||||
# ./docker.nix
|
||||
./groupshare.nix
|
||||
./acme.nix
|
||||
./samba.nix
|
||||
./sshd.nix
|
||||
./vaultwarden.nix
|
||||
./frp.nix
|
||||
./beesd.nix
|
||||
./snapper.nix
|
||||
./mariadb.nix
|
||||
./photoprism.nix
|
||||
./nextcloud.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
snapper =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
configs = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
};
|
||||
kmscon.enable = mkOption { type = types.bool; default = false; };
|
||||
fontconfig.enable = mkOption { type = types.bool; default = false; };
|
||||
samba =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
wsdd = mkOption { type = types.bool; default = false; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
hostsAllowed = mkOption { type = types.str; default = "127."; };
|
||||
shares = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
path = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
sshd.enable = mkOption { type = types.bool; default = false; };
|
||||
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
acme =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
certs = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
frpClient =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
user = mkOption { type = types.nonEmptyStr; };
|
||||
tcp = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
frpServer =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
};
|
||||
nix-serve =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
@@ -89,38 +47,6 @@ inputs:
|
||||
inherit (builtins) map listToAttrs toString;
|
||||
in mkMerge
|
||||
[
|
||||
(
|
||||
mkIf services.snapper.enable
|
||||
{
|
||||
services.snapper.configs =
|
||||
let
|
||||
f = (config:
|
||||
{
|
||||
inherit (config) name;
|
||||
value =
|
||||
{
|
||||
SUBVOLUME = config.value;
|
||||
TIMELINE_CREATE = true;
|
||||
TIMELINE_CLEANUP = true;
|
||||
TIMELINE_MIN_AGE = 1800;
|
||||
TIMELINE_LIMIT_HOURLY = "10";
|
||||
TIMELINE_LIMIT_DAILY = "7";
|
||||
TIMELINE_LIMIT_WEEKLY = "1";
|
||||
TIMELINE_LIMIT_MONTHLY = "0";
|
||||
TIMELINE_LIMIT_YEARLY = "0";
|
||||
};
|
||||
});
|
||||
in
|
||||
listToAttrs (map f (attrsToList services.snapper.configs));
|
||||
nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
snapper = pkgs.snapper.overrideAttrs (attrs:
|
||||
{
|
||||
patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./snapper.patch ];
|
||||
});
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.kmscon.enable
|
||||
{
|
||||
@@ -137,7 +63,7 @@ inputs:
|
||||
fonts =
|
||||
{
|
||||
fontDir.enable = true;
|
||||
packages = with inputs.pkgs;
|
||||
fonts = with inputs.pkgs;
|
||||
[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
|
||||
fontconfig.defaultFonts =
|
||||
{
|
||||
@@ -149,204 +75,7 @@ inputs:
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.samba.enable
|
||||
{
|
||||
# make shares visible for windows 10 clients
|
||||
services =
|
||||
{
|
||||
samba-wsdd.enable = services.samba.wsdd;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
openFirewall = !services.samba.private;
|
||||
securityType = "user";
|
||||
extraConfig =
|
||||
''
|
||||
workgroup = WORKGROUP
|
||||
server string = Samba Server
|
||||
server role = standalone server
|
||||
hosts allow = ${services.samba.hostsAllowed}
|
||||
dns proxy = no
|
||||
'';
|
||||
# obey pam restrictions = yes
|
||||
# encrypt passwords = no
|
||||
shares = listToAttrs (map
|
||||
(share:
|
||||
{
|
||||
name = share.name;
|
||||
value =
|
||||
{
|
||||
comment = if share.value.comment != null then share.value.comment else share.name;
|
||||
path = share.value.path;
|
||||
browseable = true;
|
||||
writeable = true;
|
||||
"create mask" = "664";
|
||||
"force create mode" = "644";
|
||||
"directory mask" = "2755";
|
||||
"force directory mode" = "2755";
|
||||
};
|
||||
})
|
||||
(attrsToList services.samba.shares));
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.sshd.enable
|
||||
{
|
||||
services.openssh =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
X11Forwarding = true;
|
||||
TrustedUserCAKeys = builtins.toString ./ca.pub;
|
||||
ChallengeResponseAuthentication = false;
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
UsePAM = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
|
||||
(
|
||||
mkIf services.acme.enable
|
||||
{
|
||||
security.acme =
|
||||
{
|
||||
acceptTerms = true;
|
||||
defaults.email = "chn@chn.moe";
|
||||
certs = listToAttrs (map
|
||||
(name:
|
||||
{
|
||||
name = name; value =
|
||||
{
|
||||
dnsResolver = "8.8.8.8";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
|
||||
};
|
||||
})
|
||||
services.acme.certs);
|
||||
};
|
||||
sops.secrets."acme/cloudflare.ini" = {};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf (services.frpClient.enable)
|
||||
{
|
||||
systemd.services.frpc =
|
||||
let
|
||||
frpc = "${inputs.pkgs.frp}/bin/frpc";
|
||||
config = inputs.config.sops.templates."frpc.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Client Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frpc} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frpc.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
(
|
||||
{
|
||||
common =
|
||||
{
|
||||
server_addr = services.frpClient.serverName;
|
||||
server_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
user = services.frpClient.user;
|
||||
tls_enable = true;
|
||||
};
|
||||
}
|
||||
// (listToAttrs (map
|
||||
(tcp:
|
||||
{
|
||||
name = tcp.name;
|
||||
value =
|
||||
{
|
||||
type = "tcp";
|
||||
local_ip = tcp.value.localIp;
|
||||
local_port = tcp.value.localPort;
|
||||
remote_port = tcp.value.remotePort;
|
||||
use_compression = true;
|
||||
};
|
||||
})
|
||||
(attrsToList services.frpClient.tcp))
|
||||
)
|
||||
);
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf (services.frpServer.enable)
|
||||
{
|
||||
systemd.services.frps =
|
||||
let
|
||||
frps = "${inputs.pkgs.frp}/bin/frps";
|
||||
config = inputs.config.sops.templates."frps.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Server Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frps} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frps.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
{
|
||||
common = let cert = inputs.config.security.acme.certs.${services.frpServer.serverName}.directory; in
|
||||
{
|
||||
bind_port = 7000;
|
||||
bind_udp_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
tls_cert_file = "${cert}/full.pem";
|
||||
tls_key_file = "${cert}/key.pem";
|
||||
tls_only = true;
|
||||
user_conn_timeout = 30;
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
nixos.services.acme = { enable = true; certs = [ services.frpServer.serverName ]; };
|
||||
security.acme.certs.${services.frpServer.serverName}.group = "frp";
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
networking.firewall.allowedTCPPorts = [ 7000 ];
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.nix-serve.enable
|
||||
{
|
||||
@@ -357,7 +86,8 @@ inputs:
|
||||
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
|
||||
};
|
||||
sops.secrets."store/signingKey" = {};
|
||||
nixos.services.nginx.httpProxy.${services.nix-serve.hostname}.upstream = "http://127.0.0.1:5000";
|
||||
nixos.services.nginx.http.${services.nix-serve.hostname} =
|
||||
{ rewriteHttps = true; locations."/".proxy.upstream = "http://127.0.0.1:5000"; };
|
||||
}
|
||||
)
|
||||
(mkIf services.smartd.enable { services.smartd.enable = true; })
|
||||
@@ -442,10 +172,10 @@ inputs:
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy."wallabag.chn.moe" =
|
||||
http."wallabag.chn.moe" =
|
||||
{
|
||||
upstream = "http://127.0.0.1:4398";
|
||||
setHeaders.Host = "wallabag.chn.moe";
|
||||
rewriteHttps = true;
|
||||
locations."/".proxy = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
|
||||
};
|
||||
};
|
||||
postgresql.enable = true;
|
||||
|
||||
@@ -1,103 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs: { options =
|
||||
{
|
||||
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
|
||||
image = mkOption { type = types.package; };
|
||||
imageName =
|
||||
mkOption { type = types.nonEmptyStr; default = with inputs.image; (imageName + ":" + imageTag); };
|
||||
ports = mkOption
|
||||
{
|
||||
type = types.listOf (types.oneOf
|
||||
[
|
||||
types.ints.unsigned
|
||||
types.submodule (inputs: { options =
|
||||
{
|
||||
hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
hostPort = mkOption { type = types.ints.unsigned; };
|
||||
containerPort = mkOption { type = types.ints.unsigned; };
|
||||
protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
|
||||
};})
|
||||
]);
|
||||
default = [];
|
||||
};
|
||||
environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) docker;
|
||||
in mkMerge
|
||||
[
|
||||
{
|
||||
virtualisation.oci-containers.containers = listToAttrs (map
|
||||
(container:
|
||||
{
|
||||
name = "${container.name}";
|
||||
value =
|
||||
{
|
||||
image = container.value.imageName;
|
||||
imageFile = container.value.image;
|
||||
ports = map
|
||||
(port:
|
||||
(
|
||||
if builtins.typeOf port == "int" then "127.0.0.1::${toString port}"
|
||||
else ("${port.value.hostIp}:${toString port.value.hostPort}"
|
||||
+ ":${toString port.value.containerPort}/${port.value.protocol}")
|
||||
))
|
||||
container.value.ports;
|
||||
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
|
||||
environmentFiles =
|
||||
if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
|
||||
then [ inputs.config.sops.templates."${container.name}/env".path ]
|
||||
else if builtins.typeOf container.value.environmentFile == "bool" then []
|
||||
else [ container.value.environmentFile ];
|
||||
};
|
||||
})
|
||||
(attrsToList docker));
|
||||
systemd.services = listToAttrs (concatLists (map
|
||||
(container:
|
||||
[
|
||||
{
|
||||
name = "docker-${container.value.user}-daemon";
|
||||
value =
|
||||
{
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
inherit (inputs.systemd.user.services.docker) description path;
|
||||
serviceConfig = inputs.systemd.user.services.docker.serviceConfig //
|
||||
{
|
||||
User = container.value.user;
|
||||
Group = container.value.user;
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
ExecStart = inputs.systemd.user.services.docker.serviceConfig.ExecStart
|
||||
+ " -H unix:///var/run/docker-rootless/${container.value.user}.sock";
|
||||
};
|
||||
unitConfig = { inherit (inputs.systemd.user.services.docker.unitConfig) StartLimitInterval; };
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "docker-${container.name}";
|
||||
value =
|
||||
{
|
||||
requires = [ "docker-${container.value.user}-daemon.service" ];
|
||||
after = [ "docker-${container.value.user}-daemon.service" ];
|
||||
environment.DOCKER_HOST = "unix:///var/run/docker-rootless/${container.value.user}.sock";
|
||||
serviceConfig = { User = container.value.user; Group = container.value.user; };
|
||||
};
|
||||
}
|
||||
])
|
||||
(attrsToList docker)));
|
||||
}
|
||||
(mkIf (docker != {})
|
||||
{
|
||||
systemd.tmpfiles.rules = [ "d /var/run/docker-rootless 0777" ];
|
||||
nixos.virtualization.docker.enable = true;
|
||||
})
|
||||
];
|
||||
}
|
||||
154
modules/services/frp.nix
Normal file
154
modules/services/frp.nix
Normal file
@@ -0,0 +1,154 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
frpClient =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
user = mkOption { type = types.nonEmptyStr; };
|
||||
tcp = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
frpServer =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) frpClient frpServer;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkMerge
|
||||
[
|
||||
(
|
||||
mkIf frpClient.enable
|
||||
{
|
||||
systemd.services.frpc =
|
||||
let
|
||||
frpc = "${inputs.pkgs.frp}/bin/frpc";
|
||||
config = inputs.config.sops.templates."frpc.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Client Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frpc} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frpc.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
(
|
||||
{
|
||||
common =
|
||||
{
|
||||
server_addr = frpClient.serverName;
|
||||
server_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
user = frpClient.user;
|
||||
tls_enable = true;
|
||||
};
|
||||
}
|
||||
// (listToAttrs (map
|
||||
(tcp:
|
||||
{
|
||||
name = tcp.name;
|
||||
value =
|
||||
{
|
||||
type = "tcp";
|
||||
local_ip = tcp.value.localIp;
|
||||
local_port = tcp.value.localPort;
|
||||
remote_port = tcp.value.remotePort;
|
||||
use_compression = true;
|
||||
};
|
||||
})
|
||||
(attrsToList frpClient.tcp))
|
||||
)
|
||||
);
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf frpServer.enable
|
||||
{
|
||||
systemd.services.frps =
|
||||
let
|
||||
frps = "${inputs.pkgs.frp}/bin/frps";
|
||||
config = inputs.config.sops.templates."frps.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Server Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frps} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frps.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
{
|
||||
common = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
|
||||
{
|
||||
bind_port = 7000;
|
||||
bind_udp_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
tls_cert_file = "${cert}/full.pem";
|
||||
tls_key_file = "${cert}/key.pem";
|
||||
tls_only = true;
|
||||
user_conn_timeout = 30;
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
nixos.services.acme = { enable = true; certs = [ frpServer.serverName ]; };
|
||||
security.acme.certs.${frpServer.serverName}.group = "frp";
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
networking.firewall.allowedTCPPorts = [ 7000 ];
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
42
modules/services/groupshare.nix
Normal file
42
modules/services/groupshare.nix
Normal file
@@ -0,0 +1,42 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
# hard to read value from inputs.config.users.users.xxx.home, causing infinite recursion
|
||||
mountPoints = mkOption { type = types.listOf types.str; default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.config.nixos.services) groupshare;
|
||||
users = inputs.config.users.groups.groupshare.members;
|
||||
in mkIf groupshare.enable
|
||||
{
|
||||
users.groups.groupshare = {};
|
||||
systemd.tmpfiles.rules = [ "d /var/lib/groupshare" ]
|
||||
++ (concatLists (map
|
||||
(user:
|
||||
[
|
||||
"d /var/lib/groupshare/${user} 2750 ${user} groupshare"
|
||||
# systemd 253 does not support 'X' bit, it should be manually set
|
||||
# sudo setfacl -m 'xxx' dir
|
||||
# ("a /var/lib/groupshare/${user} - - - - "
|
||||
# + "d:u:${user}:rwX,u:${user}:rwX,d:g:groupshare:r-X,g:groupshare:r-X,d:o::---,o::---,d:m::r-x,m::r-x")
|
||||
])
|
||||
users));
|
||||
fileSystems = listToAttrs (map
|
||||
(mountPoint:
|
||||
{
|
||||
name = mountPoint;
|
||||
value =
|
||||
{
|
||||
device = "/var/lib/groupshare";
|
||||
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
|
||||
depends = [ "/home" "/var/lib" ];
|
||||
};
|
||||
})
|
||||
groupshare.mountPoints);
|
||||
};
|
||||
}
|
||||
@@ -1,23 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.huginn.enable = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
|
||||
config = inputs.lib.mkIf inputs.config.nixos.services.huginn.enable
|
||||
{
|
||||
nixos.services =
|
||||
{
|
||||
docker.huginn =
|
||||
{
|
||||
image = inputs.pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "huginn/huginn";
|
||||
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
|
||||
sha256 = "0ls97k8ic7w5j54jlpwh8rrvj1y4pl4106j9pyap105r6p7dziiz";
|
||||
finalImageName = "huginn/huginn";
|
||||
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
|
||||
};
|
||||
ports = [ 3000 ];
|
||||
environmentFile = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
62
modules/services/mariadb.nix
Normal file
62
modules/services/mariadb.nix
Normal file
@@ -0,0 +1,62 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.mariadb = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
instances = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) mariadb;
|
||||
inherit (inputs.lib) mkAfter mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs concatStringsSep filter;
|
||||
in mkIf mariadb.enable
|
||||
{
|
||||
services =
|
||||
{
|
||||
mysql =
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.mariadb;
|
||||
ensureDatabases = map (db: db.value.database) (attrsToList mariadb.instances);
|
||||
ensureUsers = map
|
||||
(db:
|
||||
{
|
||||
name = db.value.user;
|
||||
ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES";
|
||||
})
|
||||
(attrsToList mariadb.instances);
|
||||
};
|
||||
mysqlBackup =
|
||||
{
|
||||
enable = true;
|
||||
databases = map (db: db.value.database) (attrsToList mariadb.instances);
|
||||
};
|
||||
};
|
||||
systemd.services.mysql.postStart = mkAfter (concatStringsSep "\n" (map
|
||||
(db:
|
||||
let
|
||||
passwordFile =
|
||||
if db.value.passwordFile or null != null then db.value.passwordFile
|
||||
else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
|
||||
mysql = "${inputs.config.services.mysql.package}/bin/mysql";
|
||||
in
|
||||
# set user password
|
||||
''echo "ALTER USER '${db.value.user}'@'localhost' IDENTIFIED VIA unix_socket OR mysql_native_password ''
|
||||
+ ''USING PASSWORD('$(cat ${passwordFile})');" | ${mysql} -N'')
|
||||
(attrsToList mariadb.instances)));
|
||||
sops.secrets = listToAttrs (map
|
||||
(db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
|
||||
(filter (db: db.value.passwordFile == null) (attrsToList mariadb.instances)));
|
||||
};
|
||||
}
|
||||
@@ -11,6 +11,7 @@ inputs:
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -37,7 +38,7 @@ inputs:
|
||||
Group = inputs.config.users.users.${instance.value.user}.group;
|
||||
ExecStart =
|
||||
let
|
||||
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
|
||||
meilisearch = inputs.pkgs.unstablePackages.meilisearch.overrideAttrs (prev:
|
||||
{
|
||||
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
|
||||
++ (
|
||||
@@ -58,11 +59,17 @@ inputs:
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
IOReadBandwidthMax = "/dev/mapper/root 20M";
|
||||
IOWriteBandwidthMax = "/dev/mapper/root 20M";
|
||||
Nice = 19;
|
||||
Slice = "-.slice";
|
||||
};
|
||||
}
|
||||
// (if meilisearch.ioLimitDevice != null then
|
||||
{
|
||||
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
|
||||
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
|
||||
# iostat -dx 1
|
||||
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
|
||||
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
|
||||
} else {});
|
||||
};
|
||||
})
|
||||
(attrsToList meilisearch.instances));
|
||||
@@ -91,10 +98,10 @@ inputs:
|
||||
env = "production"
|
||||
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
|
||||
log_level = "INFO"
|
||||
max_indexing_memory = "8Gb"
|
||||
max_indexing_memory = "16Gb"
|
||||
max_indexing_threads = 1
|
||||
'';
|
||||
owner = inputs.config.users.users.misskey.name;
|
||||
owner = instance.value.user;
|
||||
};
|
||||
})
|
||||
(attrsToList meilisearch.instances));
|
||||
|
||||
@@ -1,151 +1,165 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
options.nixos.services.misskey.instances = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
misskey =
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
autoStart = mkOption { type = types.bool; default = true; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
||||
redis.port = mkOption { type = types.ints.unsigned; default = 3545; };
|
||||
hostname = mkOption { type = types.str; default = "misskey.chn.moe"; };
|
||||
};
|
||||
misskey-proxy = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
meilisearch =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
||||
};})];
|
||||
default = "127.0.0.1:9726";
|
||||
};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
enable = mkOption { type = types.bool; default = true; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 7700; };
|
||||
};
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) misskey misskey-proxy;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (builtins) map listToAttrs toString replaceStrings;
|
||||
in mkMerge
|
||||
[
|
||||
(mkIf misskey.enable
|
||||
{
|
||||
systemd =
|
||||
inherit (inputs.config.nixos.services) misskey;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (builtins) map listToAttrs toString replaceStrings filter;
|
||||
in
|
||||
{
|
||||
systemd = mkMerge (map
|
||||
(instance:
|
||||
{
|
||||
services.misskey =
|
||||
services."misskey-${instance.name}" = rec
|
||||
{
|
||||
description = "misskey";
|
||||
after = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
|
||||
requires = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
|
||||
enable = instance.value.autoStart;
|
||||
description = "misskey ${instance.name}";
|
||||
after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
|
||||
++ (if instance.value.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ]
|
||||
else []);
|
||||
requires = after;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/default.yml".path;
|
||||
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
|
||||
serviceConfig = rec
|
||||
{
|
||||
User = inputs.config.users.users.misskey.name;
|
||||
Group = inputs.config.users.users.misskey.group;
|
||||
WorkingDirectory = "/var/lib/misskey/work";
|
||||
User = inputs.config.users.users."misskey-${instance.name}".name;
|
||||
Group = inputs.config.users.users."misskey-${instance.name}".group;
|
||||
WorkingDirectory = "/var/lib/misskey/${instance.name}/work";
|
||||
ExecStart = "${WorkingDirectory}/bin/misskey";
|
||||
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
|
||||
};
|
||||
fileSystems =
|
||||
tmpfiles.rules =
|
||||
[ "d /var/lib/misskey/${instance.name}/files 0700 misskey-${instance.name} misskey-${instance.name}" ];
|
||||
})
|
||||
(attrsToList misskey.instances));
|
||||
fileSystems = mkMerge (map
|
||||
(instance:
|
||||
{
|
||||
"/var/lib/misskey/work" =
|
||||
"/var/lib/misskey/${instance.name}/work" =
|
||||
{
|
||||
device = "${inputs.pkgs.localPackages.misskey}";
|
||||
options = [ "bind" ];
|
||||
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
|
||||
};
|
||||
"/var/lib/misskey/work/files" =
|
||||
"/var/lib/misskey/${instance.name}/work/files" =
|
||||
{
|
||||
device = "/var/lib/misskey/files";
|
||||
options = [ "bind" ];
|
||||
device = "/var/lib/misskey/${instance.name}/files";
|
||||
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
|
||||
};
|
||||
};
|
||||
sops.templates."misskey/default.yml" =
|
||||
})
|
||||
(attrsToList misskey.instances));
|
||||
sops.templates = listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
content =
|
||||
let
|
||||
placeholder = inputs.config.sops.placeholder;
|
||||
misskey = inputs.config.nixos.services.misskey;
|
||||
redis = inputs.config.nixos.services.redis.instances.misskey;
|
||||
in
|
||||
''
|
||||
url: https://${misskey.hostname}/
|
||||
port: ${toString misskey.port}
|
||||
db:
|
||||
host: 127.0.0.1
|
||||
port: 5432
|
||||
db: misskey
|
||||
user: misskey
|
||||
pass: ${placeholder."postgresql/misskey"}
|
||||
extra:
|
||||
statement_timeout: 60000
|
||||
dbReplications: false
|
||||
redis:
|
||||
host: 127.0.0.1
|
||||
port: ${toString redis.port}
|
||||
pass: ${placeholder."redis/misskey"}
|
||||
meilisearch:
|
||||
host: 127.0.0.1
|
||||
port: 7700
|
||||
apiKey: ${placeholder."meilisearch/misskey"}
|
||||
ssl: false
|
||||
index: misskey
|
||||
scope: global
|
||||
id: 'aid'
|
||||
proxyBypassHosts:
|
||||
- api.deepl.com
|
||||
- api-free.deepl.com
|
||||
- www.recaptcha.net
|
||||
- hcaptcha.com
|
||||
- challenges.cloudflare.com
|
||||
proxyRemoteFiles: true
|
||||
signToActivityPubGet: true
|
||||
maxFileSize: 1073741824
|
||||
'';
|
||||
owner = inputs.config.users.users.misskey.name;
|
||||
};
|
||||
users =
|
||||
name = "misskey/${instance.name}.yml";
|
||||
value =
|
||||
{
|
||||
content =
|
||||
let
|
||||
placeholder = inputs.config.sops.placeholder;
|
||||
redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
|
||||
meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
|
||||
in
|
||||
''
|
||||
url: https://${instance.value.hostname}/
|
||||
port: ${toString instance.value.port}
|
||||
db:
|
||||
host: 127.0.0.1
|
||||
port: 5432
|
||||
db: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
|
||||
user: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
|
||||
pass: ${placeholder."postgresql/misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"}
|
||||
extra:
|
||||
statement_timeout: 60000
|
||||
dbReplications: false
|
||||
redis:
|
||||
host: 127.0.0.1
|
||||
port: ${toString redis.port}
|
||||
pass: ${placeholder."redis/misskey-${instance.name}"}
|
||||
id: 'aid'
|
||||
proxyBypassHosts:
|
||||
- api.deepl.com
|
||||
- api-free.deepl.com
|
||||
- www.recaptcha.net
|
||||
- hcaptcha.com
|
||||
- challenges.cloudflare.com
|
||||
proxyRemoteFiles: true
|
||||
signToActivityPubGet: true
|
||||
maxFileSize: 1073741824
|
||||
''
|
||||
+ (if instance.value.meilisearch.enable then
|
||||
''
|
||||
meilisearch:
|
||||
host: 127.0.0.1
|
||||
port: ${toString meilisearch.port}
|
||||
apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
|
||||
ssl: false
|
||||
index: misskey
|
||||
scope: globa
|
||||
'' else "");
|
||||
owner = inputs.config.users.users."misskey-${instance.name}".name;
|
||||
};
|
||||
})
|
||||
(attrsToList misskey.instances));
|
||||
users = mkMerge (map
|
||||
(instance:
|
||||
{
|
||||
users.misskey = { isSystemUser = true; group = "misskey"; home = "/var/lib/misskey"; createHome = true; };
|
||||
groups.misskey = {};
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
redis.instances.misskey.port = 3545;
|
||||
postgresql = { enable = true; instances.misskey = {}; };
|
||||
meilisearch.instances.misskey = { user = inputs.config.users.users.misskey.name; port = 7700; };
|
||||
};
|
||||
})
|
||||
(mkIf (misskey-proxy != {})
|
||||
users."misskey-${instance.name}" =
|
||||
{
|
||||
isSystemUser = true;
|
||||
group = "misskey-${instance.name}";
|
||||
home = "/var/lib/misskey/${instance.name}";
|
||||
createHome = true;
|
||||
};
|
||||
groups."misskey-${instance.name}" = {};
|
||||
})
|
||||
(attrsToList misskey.instances));
|
||||
nixos.services =
|
||||
{
|
||||
nixos.services.nginx =
|
||||
redis.instances = listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
name = "misskey-${instance.name}";
|
||||
value.port = instance.value.redis.port;
|
||||
})
|
||||
(attrsToList misskey.instances));
|
||||
postgresql =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
})
|
||||
(attrsToList misskey-proxy));
|
||||
enable = mkIf (misskey.instances != {}) true;
|
||||
instances = listToAttrs (map
|
||||
(instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
|
||||
(attrsToList misskey.instances));
|
||||
};
|
||||
})
|
||||
];
|
||||
meilisearch.instances = listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
name = "misskey-${instance.name}";
|
||||
value =
|
||||
{
|
||||
user = inputs.config.users.users."misskey-${instance.name}".name;
|
||||
port = instance.value.meilisearch.port;
|
||||
};
|
||||
})
|
||||
(filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances)));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
89
modules/services/nextcloud.nix
Normal file
89
modules/services/nextcloud.nix
Normal file
@@ -0,0 +1,89 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nextcloud = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.str; default = "nextcloud.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) nextcloud;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (builtins) map listToAttrs toString replaceStrings filter toJSON;
|
||||
in mkIf nextcloud.enable
|
||||
{
|
||||
services.nextcloud =
|
||||
{
|
||||
enable = true;
|
||||
hostName = nextcloud.hostname;
|
||||
appstoreEnable = false;
|
||||
https = true;
|
||||
package = inputs.pkgs.nextcloud27;
|
||||
maxUploadSize = "10G";
|
||||
config =
|
||||
{
|
||||
dbtype = "pgsql";
|
||||
dbpassFile = inputs.config.sops.secrets."nextcloud/postgresql".path;
|
||||
dbport = 5432;
|
||||
adminuser = "admin";
|
||||
adminpassFile = inputs.config.sops.secrets."nextcloud/admin".path;
|
||||
overwriteProtocol = "https";
|
||||
defaultPhoneRegion = "CN";
|
||||
};
|
||||
configureRedis = true;
|
||||
extraOptions =
|
||||
{
|
||||
mail_domain = "chn.moe";
|
||||
mail_from_address = "bot";
|
||||
mail_smtphost = "mail.chn.moe";
|
||||
mail_smtpport = 465;
|
||||
mail_smtpsecure = "ssl";
|
||||
mail_smtpauth = true;
|
||||
mail_smtpname = "bot@chn.moe";
|
||||
updatechecker = false;
|
||||
};
|
||||
secretFile = inputs.config.sops.templates."nextcloud/secret".path;
|
||||
extraApps =
|
||||
{
|
||||
maps = inputs.pkgs.fetchNextcloudApp
|
||||
{
|
||||
url = "https://github.com/nextcloud/maps/releases/download/v1.1.1/maps-1.1.1.tar.gz";
|
||||
sha256 = "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9";
|
||||
};
|
||||
phonetrack = inputs.pkgs.fetchNextcloudApp
|
||||
{
|
||||
url = "https://github.com/julien-nc/phonetrack/releases/download/v0.7.6/phonetrack-0.7.6.tar.gz";
|
||||
sha256 = "1p15vw7c5c1h08czyxi1r6svjd5hjmnc0i6is4vl3xq2kfjmcyyx";
|
||||
};
|
||||
twofactor_webauthn = inputs.pkgs.fetchNextcloudApp
|
||||
{
|
||||
url = "https://github.com/nextcloud-releases/twofactor_webauthn/releases/download/v1.2.0/twofactor_webauthn-v1.2.0.tar.gz";
|
||||
sha256 = "1lqcw74rsnl8c4sirw9208ra3c8zl8zp93scs7y8fv2n4n60l465";
|
||||
};
|
||||
};
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
postgresql = { enable = true; instances.nextcloud = {}; };
|
||||
redis.instances.nextcloud.port = 3499;
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."nextcloud/secret" =
|
||||
{
|
||||
content = toJSON
|
||||
{
|
||||
redis.password = inputs.config.sops.placeholder."redis/nextcloud";
|
||||
mail_smtppassword = inputs.config.sops.placeholder."mail/bot";
|
||||
};
|
||||
owner = inputs.config.users.users.nextcloud.name;
|
||||
};
|
||||
secrets =
|
||||
{
|
||||
"nextcloud/postgresql" = { key = "postgresql/nextcloud"; owner = inputs.config.users.users.nextcloud.name; };
|
||||
"nextcloud/admin".owner = inputs.config.users.users.nextcloud.name;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
12
modules/services/nginx/applications/default.nix
Normal file
12
modules/services/nginx/applications/default.nix
Normal file
@@ -0,0 +1,12 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules
|
||||
[
|
||||
./misskey.nix
|
||||
./synapse.nix
|
||||
./vaultwarden.nix
|
||||
./element.nix
|
||||
./photoprism.nix
|
||||
./nextcloud.nix
|
||||
];
|
||||
}
|
||||
41
modules/services/nginx/applications/element.nix
Normal file
41
modules/services/nginx/applications/element.nix
Normal file
@@ -0,0 +1,41 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.element.instances = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
defaultServer = mkOption { type = types.nullOr types.nonEmptyStr; default = "element.chn.moe"; };
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications.element) instances;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs toString;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.http = listToAttrs (map
|
||||
(instance: with instance.value;
|
||||
{
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/".static.root =
|
||||
if defaultServer == null then toString inputs.pkgs.element-web
|
||||
else toString (inputs.pkgs.element-web.override { conf =
|
||||
{
|
||||
default_server_config."m.homeserver" =
|
||||
{
|
||||
base_url = "https://${defaultServer}";
|
||||
server_name = defaultServer;
|
||||
};
|
||||
disable_guests = false;
|
||||
};});
|
||||
};
|
||||
})
|
||||
(attrsToList instances));
|
||||
};
|
||||
}
|
||||
45
modules/services/nginx/applications/misskey.nix
Normal file
45
modules/services/nginx/applications/misskey.nix
Normal file
@@ -0,0 +1,45 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.misskey.instances = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
||||
};})];
|
||||
default = "127.0.0.1:9726";
|
||||
};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications.misskey) instances;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs toString;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.http = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/".proxy =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
};
|
||||
})
|
||||
(attrsToList instances));
|
||||
};
|
||||
}
|
||||
48
modules/services/nginx/applications/nextcloud.nix
Normal file
48
modules/services/nginx/applications/nextcloud.nix
Normal file
@@ -0,0 +1,48 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.nextcloud = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
instance.enable = mkOption
|
||||
{
|
||||
type = types.addCheck types.bool (value: value -> inputs.config.nixos.services.nextcloud.enable);
|
||||
default = false;
|
||||
};
|
||||
proxy =
|
||||
{
|
||||
enable = mkOption
|
||||
{
|
||||
type = types.addCheck types.bool
|
||||
(value: value -> !inputs.config.nixos.services.nginx.applications.nextcloud.instance.enable);
|
||||
default = false;
|
||||
};
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications) nextcloud;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkMerge
|
||||
[
|
||||
(mkIf (nextcloud.instance.enable)
|
||||
{
|
||||
nixos.services.nginx.http.${inputs.config.nixos.services.nextcloud.hostname}.rewriteHttps = true;
|
||||
services.nginx.virtualHosts.${inputs.config.nixos.services.nextcloud.hostname} = mkMerge
|
||||
[
|
||||
(inputs.config.services.nextcloud.nginx.recommendedConfig { upstream = "127.0.0.1"; })
|
||||
{ listen = [ { addr = "0.0.0.0"; port = 8417; ssl = true; extraParameters = [ "proxy_protocol" ]; } ]; }
|
||||
];
|
||||
})
|
||||
(mkIf (nextcloud.proxy.enable)
|
||||
{
|
||||
nixos.services.nginx.streamProxy.map.${inputs.config.nixos.services.nextcloud.hostname} =
|
||||
{
|
||||
upstream = "${nextcloud.proxy.upstream}:8417";
|
||||
rewriteHttps = true;
|
||||
proxyProtocol = true;
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
45
modules/services/nginx/applications/photoprism.nix
Normal file
45
modules/services/nginx/applications/photoprism.nix
Normal file
@@ -0,0 +1,45 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.photoprism.instances = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 2342; };
|
||||
};})];
|
||||
default = "127.0.0.1:2342";
|
||||
};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications.photoprism) instances;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs toString;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.http = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/".proxy =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
};
|
||||
})
|
||||
(attrsToList instances));
|
||||
};
|
||||
}
|
||||
46
modules/services/nginx/applications/synapse.nix
Normal file
46
modules/services/nginx/applications/synapse.nix
Normal file
@@ -0,0 +1,46 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.synapse.instances = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8008; };
|
||||
};})];
|
||||
default = "127.0.0.1:8008";
|
||||
};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications.synapse) instances;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.http = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/".proxy =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
};
|
||||
})
|
||||
(attrsToList instances));
|
||||
};
|
||||
}
|
||||
44
modules/services/nginx/applications/vaultwarden.nix
Normal file
44
modules/services/nginx/applications/vaultwarden.nix
Normal file
@@ -0,0 +1,44 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.vaultwarden = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8000; };
|
||||
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
|
||||
};})];
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications) vaultwarden;
|
||||
inherit (builtins) listToAttrs;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf vaultwarden.enable
|
||||
{
|
||||
nixos.services.nginx.http."${vaultwarden.hostname}" =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations = let upstream = vaultwarden.upstream; in (listToAttrs (map
|
||||
(location: { name = location; value.proxy =
|
||||
{
|
||||
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
|
||||
setHeaders = { Host = vaultwarden.hostname; Connection = ""; };
|
||||
};})
|
||||
[ "/" "/notifications/hub/negotiate" ]))
|
||||
// { "/notifications/hub".proxy =
|
||||
{
|
||||
upstream =
|
||||
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
|
||||
websocket = true;
|
||||
setHeaders.Host = vaultwarden.hostname;
|
||||
};};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,28 +1,77 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules
|
||||
[
|
||||
./applications
|
||||
];
|
||||
options.nixos.services.nginx = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
transparentProxy =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = true; };
|
||||
externalIp = mkOption { type = types.nonEmptyStr; };
|
||||
externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
|
||||
map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
|
||||
};
|
||||
httpProxy = mkOption
|
||||
http = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
rewriteHttps = mkOption { type = types.bool; default = false; };
|
||||
websocket = mkOption { type = types.bool; default = false; };
|
||||
http2 = mkOption { type = types.bool; default = true; };
|
||||
setHeaders = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
addAuth = mkOption { type = types.bool; default = false; };
|
||||
detectAuth = mkOption { type = types.bool; default = false; };
|
||||
locations = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.addCheck
|
||||
(types.submodule { options =
|
||||
{
|
||||
proxy = mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
websocket = mkOption { type = types.bool; default = false; };
|
||||
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
static = mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
root = mkOption { type = types.nonEmptyStr; };
|
||||
index = mkOption { type = types.nonEmptyStr; default = "index.html"; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
};})
|
||||
(value: (inputs.lib.count (value: value != null) (builtins.attrValues value)) == 1));
|
||||
default = {};
|
||||
};
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
streamProxy =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 5575; };
|
||||
portWithProxyProtocol = mkOption { type = types.ints.unsigned; default = 5576; };
|
||||
map = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
rewriteHttps = mkOption { type = types.bool; default = false; };
|
||||
proxyProtocol = mkOption { type = types.bool; default = false; };
|
||||
};})
|
||||
]);
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -65,40 +114,48 @@ inputs:
|
||||
value =
|
||||
{
|
||||
serverName = site.name;
|
||||
listen =
|
||||
[
|
||||
{ addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; }
|
||||
{ addr = "0.0.0.0"; port = 80; }
|
||||
];
|
||||
listen = [ { addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; } ]
|
||||
++ (if site.value.rewriteHttps then [ { addr = "0.0.0.0"; port = 80; } ] else []);
|
||||
useACMEHost = site.name;
|
||||
locations."/" =
|
||||
{
|
||||
proxyPass = site.value.upstream;
|
||||
proxyWebsockets = site.value.websocket;
|
||||
recommendedProxySettings = false;
|
||||
recommendedProxySettingsNoHost = true;
|
||||
basicAuthFile =
|
||||
if site.value.detectAuth then
|
||||
inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
|
||||
else null;
|
||||
extraConfig = concatStringsSep "\n"
|
||||
(
|
||||
(map
|
||||
(header: "proxy_set_header ${header.name} ${header.value};")
|
||||
(attrsToList site.value.setHeaders))
|
||||
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
|
||||
++ (
|
||||
if site.value.addAuth then
|
||||
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
|
||||
else [])
|
||||
);
|
||||
};
|
||||
addSSL = true;
|
||||
locations = listToAttrs (map
|
||||
(location:
|
||||
{
|
||||
inherit (location) name;
|
||||
value =
|
||||
if (location.value.proxy != null) then
|
||||
{
|
||||
proxyPass = location.value.proxy.upstream;
|
||||
proxyWebsockets = location.value.proxy.websocket;
|
||||
recommendedProxySettings = false;
|
||||
recommendedProxySettingsNoHost = true;
|
||||
extraConfig = concatStringsSep "\n"
|
||||
(
|
||||
(map
|
||||
(header: ''proxy_set_header ${header.name} "${header.value}";'')
|
||||
(attrsToList location.value.proxy.setHeaders))
|
||||
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
|
||||
++ (
|
||||
if site.value.addAuth then
|
||||
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
|
||||
else [])
|
||||
);
|
||||
}
|
||||
else if (location.value.static != null) then
|
||||
{
|
||||
root = location.value.static.root;
|
||||
index = location.value.static.index;
|
||||
}
|
||||
else {};
|
||||
})
|
||||
(attrsToList site.value.locations));
|
||||
forceSSL = site.value.rewriteHttps;
|
||||
http2 = site.value.http2;
|
||||
basicAuthFile =
|
||||
if site.value.detectAuth then inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
|
||||
else null;
|
||||
};
|
||||
})
|
||||
(attrsToList nginx.httpProxy));
|
||||
(attrsToList nginx.http));
|
||||
recommendedZstdSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
@@ -123,6 +180,16 @@ inputs:
|
||||
in
|
||||
(inputs.pkgs.nginxMainline.override (prev: { modules = prev.modules ++ [ nginx-geoip2 ]; }))
|
||||
.overrideAttrs (prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
|
||||
streamConfig =
|
||||
''
|
||||
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
|
||||
{
|
||||
$geoip2_data_country_code country iso_code;
|
||||
}
|
||||
resolver 8.8.8.8;
|
||||
'';
|
||||
# todo: use host dns
|
||||
resolver.addresses = [ "8.8.8.8" ];
|
||||
};
|
||||
geoipupdate =
|
||||
{
|
||||
@@ -149,14 +216,14 @@ inputs:
|
||||
owner = inputs.config.users.users.nginx.name;
|
||||
};
|
||||
})
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.httpProxy)));
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.http)));
|
||||
secrets = { "nginx/maxmind-license".owner = inputs.config.users.users.nginx.name; }
|
||||
// (listToAttrs (map
|
||||
(site: { name = "nginx/detectAuth/${site.name}"; value.owner = inputs.config.users.users.nginx.name; })
|
||||
(filter (site: site.value.detectAuth) (attrsToList nginx.httpProxy))))
|
||||
(filter (site: site.value.detectAuth) (attrsToList nginx.http))))
|
||||
// (listToAttrs (map
|
||||
(site: { name = "nginx/addAuth/${site.name}"; value = {}; })
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.httpProxy))));
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.http))));
|
||||
};
|
||||
systemd.services.nginx.serviceConfig =
|
||||
{
|
||||
@@ -168,23 +235,19 @@ inputs:
|
||||
nixos.services.acme =
|
||||
{
|
||||
enable = true;
|
||||
certs = map (cert: cert.name) (attrsToList nginx.httpProxy);
|
||||
certs = map (cert: cert.name) (attrsToList nginx.http);
|
||||
};
|
||||
security.acme.certs = listToAttrs (map
|
||||
(cert: { inherit (cert) name; value.group = inputs.config.services.nginx.group; })
|
||||
(attrsToList nginx.httpProxy));
|
||||
(attrsToList nginx.http));
|
||||
})
|
||||
(mkIf nginx.transparentProxy.enable
|
||||
{
|
||||
services.nginx.streamConfig =
|
||||
''
|
||||
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
|
||||
{
|
||||
$geoip2_data_country_code country iso_code;
|
||||
}
|
||||
log_format stream '[$time_local] $remote_addr-$geoip2_data_country_code "$ssl_preread_server_name"->$backend $bytes_sent $bytes_received';
|
||||
access_log syslog:server=unix:/dev/log stream;
|
||||
map $ssl_preread_server_name $backend
|
||||
log_format transparent_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
|
||||
'"$ssl_preread_server_name"->$transparent_proxy_backend $bytes_sent $bytes_received';
|
||||
map $ssl_preread_server_name $transparent_proxy_backend
|
||||
{
|
||||
${concatStringsSep "\n" (map
|
||||
(x: '' "${x.name}" 127.0.0.1:${toString x.value};'')
|
||||
@@ -192,20 +255,21 @@ inputs:
|
||||
(attrsToList nginx.transparentProxy.map)
|
||||
++ (map
|
||||
(site: { name = site.name; value = (if site.value.http2 then 443 else 3065); })
|
||||
(attrsToList nginx.httpProxy)
|
||||
(attrsToList nginx.http)
|
||||
)
|
||||
))}
|
||||
default 127.0.0.1:443;
|
||||
}
|
||||
server
|
||||
{
|
||||
listen ${nginx.transparentProxy.externalIp}:443;
|
||||
${concatStringsSep "\n " (map (ip: "listen ${ip}:443;") nginx.transparentProxy.externalIp)}
|
||||
ssl_preread on;
|
||||
proxy_bind $remote_addr transparent;
|
||||
proxy_pass $backend;
|
||||
proxy_pass $transparent_proxy_backend;
|
||||
proxy_connect_timeout 1s;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_buffer_size 128k;
|
||||
access_log syslog:server=unix:/dev/log transparent_proxy;
|
||||
}
|
||||
'';
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
@@ -260,5 +324,64 @@ inputs:
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
};
|
||||
})
|
||||
(mkIf nginx.streamProxy.enable
|
||||
{
|
||||
services.nginx =
|
||||
{
|
||||
streamConfig =
|
||||
''
|
||||
log_format stream_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
|
||||
'"$ssl_preread_server_name"->$stream_proxy_backend $bytes_sent $bytes_received';
|
||||
map $ssl_preread_server_name $stream_proxy_backend
|
||||
{
|
||||
${concatStringsSep "\n" (map
|
||||
(x: '' "${x.name}" "${x.value.upstream or x.value}";'')
|
||||
(attrsToList nginx.streamProxy.map))}
|
||||
}
|
||||
server
|
||||
{
|
||||
listen 127.0.0.1:${toString nginx.streamProxy.port};
|
||||
ssl_preread on;
|
||||
proxy_pass $stream_proxy_backend;
|
||||
proxy_connect_timeout 10s;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_buffer_size 128k;
|
||||
access_log syslog:server=unix:/dev/log stream_proxy;
|
||||
}
|
||||
server
|
||||
{
|
||||
listen 127.0.0.1:${toString nginx.streamProxy.portWithProxyProtocol};
|
||||
proxy_protocol on;
|
||||
ssl_preread on;
|
||||
proxy_pass $stream_proxy_backend;
|
||||
proxy_connect_timeout 10s;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_buffer_size 128k;
|
||||
access_log syslog:server=unix:/dev/log stream_proxy;
|
||||
}
|
||||
'';
|
||||
virtualHosts = listToAttrs (map
|
||||
(site:
|
||||
{
|
||||
inherit (site) name;
|
||||
value =
|
||||
{
|
||||
serverName = site.name;
|
||||
listen = [ { addr = "0.0.0.0"; port = 80; } ];
|
||||
locations."/".return = "301 https://${site.name}$request_uri";
|
||||
};
|
||||
})
|
||||
(filter (site: site.value.rewriteHttps or false) (attrsToList nginx.streamProxy.map)));
|
||||
};
|
||||
nixos.services.nginx.transparentProxy.map = listToAttrs
|
||||
(
|
||||
(map
|
||||
(site: { name = site.name; value = nginx.streamProxy.port; })
|
||||
(filter (site: !(site.value.proxyProtocol or false)) (attrsToList nginx.streamProxy.map)))
|
||||
++ (map
|
||||
(site: { name = site.name; value = nginx.streamProxy.portWithProxyProtocol; })
|
||||
(filter (site: site.value.proxyProtocol or false) (attrsToList nginx.streamProxy.map)))
|
||||
);
|
||||
})
|
||||
];
|
||||
}
|
||||
47
modules/services/photoprism.nix
Normal file
47
modules/services/photoprism.nix
Normal file
@@ -0,0 +1,47 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.photoprism = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.str; default = "photoprism.chn.moe"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 2342; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) photoprism;
|
||||
in mkIf photoprism.enable
|
||||
{
|
||||
services.photoprism =
|
||||
{
|
||||
enable = true;
|
||||
originalsPath = inputs.config.services.photoprism.storagePath + "/originals";
|
||||
settings =
|
||||
{
|
||||
PHOTOPRISM_SITE_URL = "https://${photoprism.hostname}";
|
||||
PHOTOPRISM_HTTP_PORT = "${toString photoprism.port}";
|
||||
PHOTOPRISM_DISABLE_TLS = "true";
|
||||
PHOTOPRISM_DETECT_NSFW = "true";
|
||||
PHOTOPRISM_UPLOAD_NSFW = "true";
|
||||
PHOTOPRISM_DATABASE_DRIVER = "mysql";
|
||||
PHOTOPRISM_DATABASE_SERVER = "127.0.0.1:3306";
|
||||
};
|
||||
};
|
||||
systemd.services.photoprism =
|
||||
{
|
||||
after = [ "mariadb.service" ];
|
||||
requires = [ "mariadb.service" ];
|
||||
serviceConfig.EnvironmentFile = inputs.config.sops.templates."photoprism/env".path;
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."photoprism/env".content = let placeholder = inputs.config.sops.placeholder; in
|
||||
''
|
||||
PHOTOPRISM_ADMIN_PASSWORD=${placeholder."photoprism/adminPassword"}
|
||||
PHOTOPRISM_DATABASE_PASSWORD=${placeholder."mariadb/photoprism"}
|
||||
'';
|
||||
secrets."photoprism/adminPassword" = {};
|
||||
};
|
||||
nixos.services.mariadb = { enable = true; instances.photoprism = {}; };
|
||||
};
|
||||
}
|
||||
@@ -17,8 +17,8 @@ inputs:
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) postgresql;
|
||||
inherit (inputs.lib) mkMerge mkAfter concatStringsSep mkIf;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.lib) mkAfter concatStringsSep mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs filter;
|
||||
in mkIf postgresql.enable
|
||||
{
|
||||
|
||||
@@ -60,10 +60,11 @@ inputs:
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy.${rsshub.hostname} =
|
||||
http.${rsshub.hostname} =
|
||||
{
|
||||
upstream = "http://127.0.0.1:${toString rsshub.port}";
|
||||
setHeaders.Host = rsshub.hostname;
|
||||
rewriteHttps = true;
|
||||
locations."/".proxy =
|
||||
{ upstream = "http://127.0.0.1:${toString rsshub.port}"; setHeaders.Host = rsshub.hostname; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
67
modules/services/samba.nix
Normal file
67
modules/services/samba.nix
Normal file
@@ -0,0 +1,67 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.samba = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
wsdd = mkOption { type = types.bool; default = false; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
hostsAllowed = mkOption { type = types.str; default = "127."; };
|
||||
shares = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
path = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) samba;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkIf samba.enable
|
||||
{
|
||||
services =
|
||||
{
|
||||
# make shares visible for windows 10 clients
|
||||
samba-wsdd.enable = samba.wsdd;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
# TCP 139 445 UDP 137 138
|
||||
openFirewall = !samba.private;
|
||||
securityType = "user";
|
||||
extraConfig =
|
||||
''
|
||||
workgroup = WORKGROUP
|
||||
server string = Samba Server
|
||||
server role = standalone server
|
||||
hosts allow = ${samba.hostsAllowed}
|
||||
dns proxy = no
|
||||
'';
|
||||
# obey pam restrictions = yes
|
||||
# encrypt passwords = no
|
||||
shares = listToAttrs (map
|
||||
(share:
|
||||
{
|
||||
name = share.name;
|
||||
value =
|
||||
{
|
||||
comment = if share.value.comment != null then share.value.comment else share.name;
|
||||
path = share.value.path;
|
||||
browseable = true;
|
||||
writeable = true;
|
||||
"create mask" = "644";
|
||||
"force create mode" = "644";
|
||||
"directory mask" = "2755";
|
||||
"force directory mode" = "2755";
|
||||
};
|
||||
})
|
||||
(attrsToList samba.shares));
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
37
modules/services/snapper.nix
Normal file
37
modules/services/snapper.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.snapper = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
configs = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.config.nixos) services;
|
||||
inherit (builtins) map listToAttrs toString;
|
||||
in mkIf services.snapper.enable
|
||||
{
|
||||
services.snapper.configs =
|
||||
let
|
||||
f = (config:
|
||||
{
|
||||
inherit (config) name;
|
||||
value =
|
||||
{
|
||||
SUBVOLUME = config.value;
|
||||
TIMELINE_CREATE = true;
|
||||
TIMELINE_CLEANUP = true;
|
||||
TIMELINE_MIN_AGE = 1800;
|
||||
TIMELINE_LIMIT_HOURLY = "10";
|
||||
TIMELINE_LIMIT_DAILY = "7";
|
||||
TIMELINE_LIMIT_WEEKLY = "1";
|
||||
TIMELINE_LIMIT_MONTHLY = "0";
|
||||
TIMELINE_LIMIT_YEARLY = "0";
|
||||
};
|
||||
});
|
||||
in
|
||||
listToAttrs (map f (attrsToList services.snapper.configs));
|
||||
};
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
diff --git a/snapper/FileUtils.cc b/snapper/FileUtils.cc
|
||||
index 9da572f..48f60fa 100644
|
||||
--- a/snapper/FileUtils.cc
|
||||
+++ b/snapper/FileUtils.cc
|
||||
@@ -424,7 +424,7 @@ namespace snapper
|
||||
v /= 62;
|
||||
}
|
||||
|
||||
- int fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR);
|
||||
+ int fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
|
||||
if (fd >= 0)
|
||||
return fd;
|
||||
else if (errno != EEXIST)
|
||||
27
modules/services/sshd.nix
Normal file
27
modules/services/sshd.nix
Normal file
@@ -0,0 +1,27 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
passwordAuthentication = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) sshd;
|
||||
in mkIf sshd.enable
|
||||
{
|
||||
services.openssh =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
X11Forwarding = true;
|
||||
ChallengeResponseAuthentication = false;
|
||||
PasswordAuthentication = sshd.passwordAuthentication;
|
||||
KbdInteractiveAuthentication = false;
|
||||
UsePAM = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,146 +1,102 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
options.nixos.services.synapse = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
synapse =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
autoStart = mkOption { type = types.bool; default = true; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8008; };
|
||||
hostname = mkOption { type = types.str; default = "synapse.chn.moe"; };
|
||||
};
|
||||
synapse-proxy = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8008; };
|
||||
};})];
|
||||
default = "127.0.0.1:8008";
|
||||
};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
autoStart = mkOption { type = types.bool; default = true; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8008; };
|
||||
hostname = mkOption { type = types.str; default = "synapse.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) synapse synapse-proxy;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (inputs.config.nixos.services) synapse;
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkMerge
|
||||
[
|
||||
(mkIf synapse.enable
|
||||
in mkIf synapse.enable
|
||||
{
|
||||
services.matrix-synapse =
|
||||
{
|
||||
services.matrix-synapse =
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
server_name = synapse.hostname;
|
||||
listeners =
|
||||
[{
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
port = 8008;
|
||||
resources = [{ names = [ "client" "federation" ]; compress = false; }];
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = true;
|
||||
}];
|
||||
database.name = "psycopg2";
|
||||
admin_contact = "mailto:chn@chn.moe";
|
||||
enable_registration = true;
|
||||
registrations_require_3pid = [ "email" ];
|
||||
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
|
||||
max_upload_size = "1024M";
|
||||
web_client_location = "https://element.chn.moe/";
|
||||
serve_server_wellknown = true;
|
||||
report_stats = true;
|
||||
trusted_key_servers = [{ server_name = "matrix.org"; }];
|
||||
suppress_key_server_warning = true;
|
||||
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
|
||||
{
|
||||
server_name = synapse.hostname;
|
||||
listeners =
|
||||
[{
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
port = 8008;
|
||||
resources = [{ names = [ "client" "federation" ]; compress = false; }];
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = true;
|
||||
}];
|
||||
database.name = "psycopg2";
|
||||
admin_contact = "mailto:chn@chn.moe";
|
||||
enable_registration = true;
|
||||
registrations_require_3pid = [ "email" ];
|
||||
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
|
||||
max_upload_size = "1024M";
|
||||
web_client_location = "https://element.chn.moe/";
|
||||
serve_server_wellknown = true;
|
||||
report_stats = true;
|
||||
trusted_key_servers = [{ server_name = "matrix.org"; }];
|
||||
suppress_key_server_warning = true;
|
||||
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
|
||||
version = 1;
|
||||
formatters.precise.format =
|
||||
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
|
||||
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
|
||||
root = { level = "INFO"; handlers = [ "console" ]; };
|
||||
disable_existing_loggers = true;
|
||||
};
|
||||
};
|
||||
extraConfigFiles = [ inputs.config.sops.templates."synapse/password.yaml".path ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."synapse/password.yaml" =
|
||||
{
|
||||
owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||
group = inputs.config.systemd.services.matrix-synapse.serviceConfig.Group;
|
||||
content = builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "password.yaml"
|
||||
{
|
||||
database =
|
||||
{
|
||||
version = 1;
|
||||
formatters.precise.format =
|
||||
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
|
||||
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
|
||||
root = { level = "INFO"; handlers = [ "console" ]; };
|
||||
disable_existing_loggers = true;
|
||||
name = "psycopg2";
|
||||
args =
|
||||
{
|
||||
user = "synapse";
|
||||
password = inputs.config.sops.placeholder."postgresql/synapse";
|
||||
database = "synapse";
|
||||
host = "127.0.0.1";
|
||||
port = "5432";
|
||||
};
|
||||
allow_unsafe_locale = true;
|
||||
};
|
||||
};
|
||||
extraConfigFiles = [ inputs.config.sops.templates."synapse/password.yaml".path ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."synapse/password.yaml" =
|
||||
{
|
||||
owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||
group = inputs.config.systemd.services.matrix-synapse.serviceConfig.Group;
|
||||
content = builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "password.yaml"
|
||||
turn_shared_secret = inputs.config.sops.placeholder."synapse/coturn";
|
||||
registration_shared_secret = inputs.config.sops.placeholder."synapse/registration";
|
||||
macaroon_secret_key = inputs.config.sops.placeholder."synapse/macaroon";
|
||||
form_secret = inputs.config.sops.placeholder."synapse/form";
|
||||
signing_key_path = inputs.config.sops.secrets."synapse/signing-key".path;
|
||||
email =
|
||||
{
|
||||
database =
|
||||
{
|
||||
name = "psycopg2";
|
||||
args =
|
||||
{
|
||||
user = "synapse";
|
||||
password = inputs.config.sops.placeholder."postgresql/synapse";
|
||||
database = "synapse";
|
||||
host = "127.0.0.1";
|
||||
port = "5432";
|
||||
};
|
||||
allow_unsafe_locale = true;
|
||||
};
|
||||
turn_shared_secret = inputs.config.sops.placeholder."synapse/coturn";
|
||||
registration_shared_secret = inputs.config.sops.placeholder."synapse/registration";
|
||||
macaroon_secret_key = inputs.config.sops.placeholder."synapse/macaroon";
|
||||
form_secret = inputs.config.sops.placeholder."synapse/form";
|
||||
signing_key_path = inputs.config.sops.secrets."synapse/signing-key".path;
|
||||
email =
|
||||
{
|
||||
smtp_host = "mail.chn.moe";
|
||||
smtp_port = 25;
|
||||
smtp_user = "bot@chn.moe";
|
||||
smtp_pass = inputs.config.sops.placeholder."mail/bot";
|
||||
require_transport_security = true;
|
||||
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
|
||||
app_name = "Haonan Chen's synapse";
|
||||
};
|
||||
});
|
||||
};
|
||||
secrets = (listToAttrs (map
|
||||
(secret: { name = "synapse/${secret}"; value = {}; })
|
||||
[ "coturn" "registration" "macaroon" "form" ]))
|
||||
// { "synapse/signing-key".owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User; }
|
||||
// { "mail/bot" = {}; };
|
||||
smtp_host = "mail.chn.moe";
|
||||
smtp_port = 25;
|
||||
smtp_user = "bot@chn.moe";
|
||||
smtp_pass = inputs.config.sops.placeholder."mail/bot";
|
||||
require_transport_security = true;
|
||||
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
|
||||
app_name = "Haonan Chen's synapse";
|
||||
};
|
||||
});
|
||||
};
|
||||
nixos.services.postgresql = { enable = true; instances.synapse = {}; };
|
||||
systemd.services.matrix-synapse.enable = synapse.autoStart;
|
||||
})
|
||||
(mkIf (synapse-proxy != {})
|
||||
{
|
||||
nixos.services.nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
})
|
||||
(attrsToList synapse-proxy));
|
||||
};
|
||||
})
|
||||
];
|
||||
secrets = (listToAttrs (map
|
||||
(secret: { name = "synapse/${secret}"; value = {}; })
|
||||
[ "coturn" "registration" "macaroon" "form" ]))
|
||||
// { "synapse/signing-key".owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User; }
|
||||
// { "mail/bot" = {}; };
|
||||
};
|
||||
nixos.services.postgresql = { enable = true; instances.synapse = {}; };
|
||||
systemd.services.matrix-synapse.enable = synapse.autoStart;
|
||||
};
|
||||
}
|
||||
|
||||
67
modules/services/vaultwarden.nix
Normal file
67
modules/services/vaultwarden.nix
Normal file
@@ -0,0 +1,67 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.vaultwarden = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
autoStart = mkOption { type = types.bool; default = true; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8000; };
|
||||
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
|
||||
hostname = mkOption { type = types.str; default = "vaultwarden.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) vaultwarden;
|
||||
inherit (builtins) listToAttrs;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf vaultwarden.enable
|
||||
{
|
||||
services.vaultwarden =
|
||||
{
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
config =
|
||||
{
|
||||
DATA_FOLDER = "/var/lib/vaultwarden";
|
||||
WEB_VAULT_ENABLED = true;
|
||||
WEBSOCKET_ENABLED = true;
|
||||
ROCKET_PORT = vaultwarden.port;
|
||||
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
|
||||
SIGNUPS_VERIFY = true;
|
||||
DOMAIN = "https://${vaultwarden.hostname}";
|
||||
SMTP_HOST = "mail.chn.moe";
|
||||
SMTP_FROM = "bot@chn.moe";
|
||||
SMTP_FROM_NAME = "vaultwarden";
|
||||
SMTP_SECURITY = "force_tls";
|
||||
SMTP_USERNAME = "bot@chn.moe";
|
||||
};
|
||||
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."vaultwarden.env" =
|
||||
let
|
||||
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
|
||||
placeholder = inputs.config.sops.placeholder;
|
||||
in
|
||||
{
|
||||
owner = serviceConfig.User;
|
||||
group = serviceConfig.Group;
|
||||
content =
|
||||
''
|
||||
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
|
||||
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
|
||||
SMTP_PASSWORD=${placeholder."mail/bot"}
|
||||
'';
|
||||
};
|
||||
secrets = listToAttrs (map
|
||||
(secret: { name = secret; value = {}; })
|
||||
[ "vaultwarden/admin_token" "mail/bot" ]);
|
||||
};
|
||||
systemd.services.vaultwarden =
|
||||
{
|
||||
enable = vaultwarden.autoStart;
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
|
||||
};
|
||||
}
|
||||
@@ -269,6 +269,12 @@ inputs:
|
||||
${iptables} -t mangle -N v2ray_mark -w
|
||||
${iptables} -t mangle -A OUTPUT -j v2ray_mark -w
|
||||
${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u v2ray) -j RETURN -w
|
||||
${
|
||||
if inputs.config.nixos.system.networking.nebula.enable then
|
||||
let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User; in
|
||||
"${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u ${user}) -j RETURN -w"
|
||||
else ""
|
||||
}
|
||||
${iptables} -t mangle -A v2ray_mark -m set --match-set noproxy_src_net src -j RETURN -w
|
||||
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1 -w
|
||||
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1 -w
|
||||
|
||||
@@ -4,14 +4,16 @@ inputs:
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 3389; };
|
||||
hostname = mkOption { type = types.nullOr types.str; default = null; };
|
||||
hostname = mkOption
|
||||
{
|
||||
type = types.nullOr (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.config.nixos.services) xrdp;
|
||||
inherit (builtins) map listToAttrs concatStringsSep toString filter attrValues;
|
||||
in mkIf xrdp.enable (mkMerge
|
||||
[
|
||||
{
|
||||
@@ -25,12 +27,18 @@ inputs:
|
||||
}
|
||||
(
|
||||
mkIf (xrdp.hostname != null)
|
||||
{
|
||||
services.xrdp = let keydir = inputs.config.security.acme.certs.${xrdp.hostname}.directory; in
|
||||
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
|
||||
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
|
||||
security.acme.certs.${xrdp.hostname}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
|
||||
}
|
||||
(
|
||||
let
|
||||
mainDomain = if builtins.typeOf xrdp.hostname == "string" then xrdp.hostname
|
||||
else builtins.elemAt xrdp.hostname 0;
|
||||
in
|
||||
{
|
||||
services.xrdp = let keydir = inputs.config.security.acme.certs.${mainDomain}.directory; in
|
||||
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
|
||||
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
|
||||
security.acme.certs.${mainDomain}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
|
||||
}
|
||||
)
|
||||
)
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@ inputs:
|
||||
imports = inputs.localLib.mkModules
|
||||
[
|
||||
./nix.nix
|
||||
./fileSystems.nix
|
||||
./fileSystems
|
||||
./grub.nix
|
||||
./initrd.nix
|
||||
./kernel.nix
|
||||
@@ -25,16 +25,17 @@ inputs:
|
||||
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
|
||||
'';
|
||||
dbus.implementation = "broker";
|
||||
fstrim = { enable = true; interval = "daily"; };
|
||||
};
|
||||
time.timeZone = "Asia/Shanghai";
|
||||
boot =
|
||||
{
|
||||
kernel.sysctl =
|
||||
{
|
||||
"vm.swappiness" = 10;
|
||||
"vm.oom_kill_allocating_task" = true;
|
||||
"vm.oom_dump_tasks" = false;
|
||||
"vm.overcommit_memory" = 1;
|
||||
"kernel.sysrq" = 438;
|
||||
};
|
||||
supportedFilesystems = [ "ntfs" ];
|
||||
consoleLogLevel = 7;
|
||||
@@ -61,9 +62,11 @@ inputs:
|
||||
defaultLocale = "C.UTF-8";
|
||||
supportedLocales = [ "zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8" ];
|
||||
};
|
||||
users.mutableUsers = false;
|
||||
# environment.pathsToLink = [ "/include" ];
|
||||
# environment.variables.CPATH = "/run/current-system/sw/include";
|
||||
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
home-manager.sharedModules = [{ home.stateVersion = "22.11"; }];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -39,6 +39,11 @@ inputs:
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
keyFile = mkOption
|
||||
{
|
||||
type = types.path;
|
||||
default = ./. + "/${inputs.config.nixos.system.networking.hostname}.key";
|
||||
};
|
||||
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
};
|
||||
@@ -79,7 +84,11 @@ inputs:
|
||||
# mount.vfat
|
||||
{
|
||||
fileSystems = listToAttrs (map
|
||||
(device: { name = device.value; value = { device = device.name; fsType = "vfat"; }; })
|
||||
(device:
|
||||
{
|
||||
name = device.value;
|
||||
value = { device = device.name; fsType = "vfat"; neededForBoot = true; };
|
||||
})
|
||||
(attrsToList fileSystems.mount.vfat));
|
||||
}
|
||||
# mount.btrfs
|
||||
@@ -106,7 +115,8 @@ inputs:
|
||||
# zstd:15 5m33s 7.16G
|
||||
# zstd:8 54s 7.32G
|
||||
# zstd:3 17s 7.52G
|
||||
options = [ "compress-force=zstd" "subvol=${subvol.name}" ];
|
||||
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
}
|
||||
)
|
||||
@@ -198,7 +208,7 @@ inputs:
|
||||
# mdadm
|
||||
(
|
||||
mkIf (fileSystems.mdadm != null)
|
||||
{ boot.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
|
||||
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
|
||||
)
|
||||
# swap
|
||||
{ swapDevices = map (device: { device = device; }) fileSystems.swap; }
|
||||
@@ -231,7 +241,9 @@ inputs:
|
||||
mount ${device} /mnt -m
|
||||
if [ -f /mnt${path}/current/.timestamp ]
|
||||
then
|
||||
mv /mnt${path}/current /mnt${path}/$(cat /mnt${path}/current/.timestamp)
|
||||
timestamp=$(cat /mnt${path}/current/.timestamp)
|
||||
mv /mnt${path}/current /mnt${path}/$timestamp
|
||||
btrfs property set -ts /mnt${path}/$timestamp ro true
|
||||
fi
|
||||
btrfs subvolume create /mnt${path}/current
|
||||
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
|
||||
BIN
modules/system/fileSystems/nas.key
Normal file
BIN
modules/system/fileSystems/nas.key
Normal file
Binary file not shown.
BIN
modules/system/fileSystems/vps6.key
Normal file
BIN
modules/system/fileSystems/vps6.key
Normal file
Binary file not shown.
BIN
modules/system/fileSystems/vps7.key
Normal file
BIN
modules/system/fileSystems/vps7.key
Normal file
Binary file not shown.
@@ -3,6 +3,7 @@ inputs:
|
||||
options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
preferred = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -18,7 +19,11 @@ inputs:
|
||||
videoDrivers = inputs.config.nixos.hardware.gpus;
|
||||
};
|
||||
systemd.services.display-manager.after = [ "network-online.target" ];
|
||||
environment.sessionVariables."GTK_USE_PORTAL" = "1";
|
||||
environment =
|
||||
{
|
||||
sessionVariables."GTK_USE_PORTAL" = "1";
|
||||
plasma5.excludePackages = inputs.lib.mkIf (!gui.preferred) [ inputs.pkgs.plasma5Packages.plasma-nm ];
|
||||
};
|
||||
xdg.portal.extraPortals = map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "kde" "wlr" ];
|
||||
i18n.inputMethod =
|
||||
{
|
||||
|
||||
@@ -41,10 +41,20 @@ inputs:
|
||||
"${impermanence.root}" =
|
||||
{
|
||||
hideMounts = true;
|
||||
directories = []
|
||||
directories = [ "/var/lib/systemd/linger" "/var/lib/systemd/coredump" ]
|
||||
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
|
||||
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
|
||||
};
|
||||
}
|
||||
// (if builtins.elem "chn" inputs.config.nixos.users.users then
|
||||
{
|
||||
users.chn =
|
||||
{
|
||||
directories =
|
||||
[
|
||||
".cache"
|
||||
];
|
||||
};
|
||||
} else {});
|
||||
"${impermanence.nodatacow}" =
|
||||
{
|
||||
hideMounts = true;
|
||||
@@ -54,7 +64,17 @@ inputs:
|
||||
[{ directory = "/var/lib/postgresql"; user = user.name; group = user.group; mode = "0750"; }]
|
||||
else []
|
||||
)
|
||||
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else []);
|
||||
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
|
||||
++ (
|
||||
if inputs.config.nixos.virtualization.kvmHost.enable then
|
||||
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
|
||||
else []
|
||||
)
|
||||
++ (
|
||||
if inputs.config.nixos.services.mariadb.enable then let user = inputs.config.users.users.mysql; in
|
||||
[{ directory = "/var/lib/mysql"; user = user.name; group = user.group; mode = "0750"; }]
|
||||
else []
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -2,6 +2,7 @@ inputs:
|
||||
{
|
||||
options.nixos.system.kernel = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
useLts = mkOption { type = types.bool; default = false; };
|
||||
patches = mkOption { type = types.listOf (types.enum [ "cjktty" "preempt" ]); default = []; };
|
||||
modules =
|
||||
{
|
||||
@@ -25,33 +26,37 @@ inputs:
|
||||
"ahci" "ata_piix" "bfq" "failover" "net_failover" "nls_cp437" "nls_iso8859-1" "nvme" "sdhci_acpi" "sd_mod"
|
||||
"sr_mod" "usbcore" "usbhid" "usbip-core" "usb-common" "usb_storage" "vhci-hcd" "virtio" "virtio_blk"
|
||||
"virtio_net" "virtio_pci" "xhci_pci" "virtio_ring" "virtio_scsi" "cryptd" "crypto_simd" "libaes"
|
||||
] ++ kernel.modules.initrd;
|
||||
# networking for nas
|
||||
"igb"
|
||||
] ++ kernel.modules.initrd ++ (if (!kernel.useLts) then [ "lenovo-yogabook" ] else []);
|
||||
extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
|
||||
extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
|
||||
kernelParams = [ "delayacct" "acpi_osi=Linux" ];
|
||||
kernelPackages = inputs.pkgs.linuxPackagesFor (inputs.pkgs.linuxPackages_xanmod.kernel.override rec
|
||||
{
|
||||
src = inputs.pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "xanmod";
|
||||
repo = "linux";
|
||||
rev = modDirVersion;
|
||||
sha256 = "sha256-rvSQJb9MIOXkGEjHOPt3x+dqp1AysvQg7n5yYsg95fk=";
|
||||
};
|
||||
version = "6.4.12";
|
||||
modDirVersion = "6.4.12-xanmod1";
|
||||
});
|
||||
kernelPackages = inputs.pkgs."linuxPackages_xanmod${if kernel.useLts then "" else "_latest"}";
|
||||
kernelPatches =
|
||||
let
|
||||
patches =
|
||||
{
|
||||
cjktty =
|
||||
{
|
||||
patch = inputs.pkgs.fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.3.patch";
|
||||
sha256 = "sha256-QnsWruzhtiZnqzTUXkPk9Hb19Iddr4VTWXyV4r+iLvE=";
|
||||
};
|
||||
patch =
|
||||
let
|
||||
version = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
|
||||
major = builtins.elemAt version 0;
|
||||
minor = builtins.elemAt version 1;
|
||||
in inputs.pkgs.fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/"
|
||||
+ "v${major}.x/cjktty-${major}.${minor}.patch";
|
||||
sha256 =
|
||||
let
|
||||
hashes =
|
||||
{
|
||||
"6.1" = "11ddiammvjxx2m9v32p25l1ai759a1d6xhdpszgnihv7g2fzigf5";
|
||||
"6.5" = "0ckmbx53js04lrcvcsf8qk935v2pl9w0af2v1mqghfs0krakfgfh";
|
||||
};
|
||||
in hashes."${major}.${minor}";
|
||||
};
|
||||
extraStructuredConfig =
|
||||
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
|
||||
};
|
||||
|
||||
@@ -3,8 +3,9 @@ inputs:
|
||||
options.nixos.system.networking.nebula = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
# null: is lighthouse, non-empty string: is not lighthouse, and use this string as lighthouse address.
|
||||
# null: is lighthouse; non-empty string: is not lighthouse, and use this string as lighthouse address.
|
||||
lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
useRelay = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -17,18 +18,19 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
ca = ./ca.crt;
|
||||
# nebula-cert sign -name 1p9p -ip 192.168.82.4/24
|
||||
cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
|
||||
key = inputs.config.sops.templates."nebula/key-template".path;
|
||||
firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
|
||||
firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];
|
||||
}
|
||||
// (
|
||||
if nebula.lighthouse == null then { isLighthouse = true; }
|
||||
if nebula.lighthouse == null then { isLighthouse = true; isRelay = true; }
|
||||
else
|
||||
{
|
||||
lighthouses = [ "192.168.82.1" ];
|
||||
relays = if nebula.useRelay then [ "192.168.82.1" ] else [];
|
||||
staticHostMap."192.168.82.1" = [ "${nebula.lighthouse}:4242" ];
|
||||
listen.port = 0;
|
||||
}
|
||||
);
|
||||
sops =
|
||||
@@ -46,7 +48,11 @@ inputs:
|
||||
};
|
||||
secrets."nebula/key" = {};
|
||||
};
|
||||
networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
|
||||
// (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
|
||||
networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
|
||||
systemd.services."nebula@nebula" =
|
||||
{
|
||||
after = [ "network-online.target" ];
|
||||
serviceConfig.Restart = "always";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
6
modules/system/networking/nebula/nas.crt
Normal file
6
modules/system/networking/nebula/nas.crt
Normal file
@@ -0,0 +1,6 @@
|
||||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CmEKA25hcxIKhKShhQyA/v//DyiRxoCoBjCv/sW2BjoghACiJywxa2n7Aki9/HEU
|
||||
q2KpxFE+1Eshcgiy09UagFxKICju+bVGfbNKKrhV7SCNXhazgyVZYigGrzfpvHza
|
||||
nafWEkDfhP5lh+/rFLPZslxaU+jy1swpr+oipToAnZ9Lw5Wlefpmxo/8mTBb4a8T
|
||||
0jhdUC8x4ETwta6LbtWfo7uPinAJ
|
||||
-----END NEBULA CERTIFICATE-----
|
||||
@@ -26,7 +26,6 @@ inputs:
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
keep-outputs = nix.keepOutputs;
|
||||
keep-failed = true;
|
||||
auto-optimise-store = true;
|
||||
substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
|
||||
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
|
||||
show-trace = true;
|
||||
|
||||
@@ -22,17 +22,30 @@ inputs:
|
||||
{
|
||||
config.allowUnfree = true;
|
||||
config.cudaSupport = nixpkgs.cudaSupport;
|
||||
overlays = [(final: prev: { genericPackages =
|
||||
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };})];
|
||||
overlays = [(final: prev:
|
||||
{
|
||||
genericPackages =
|
||||
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
|
||||
waydroid = final.unstablePackages.waydroid;
|
||||
})];
|
||||
};
|
||||
}
|
||||
(
|
||||
mkConditional (nixpkgs.march != null)
|
||||
{
|
||||
programs.ccache.enable = true;
|
||||
nixpkgs =
|
||||
{
|
||||
hostPlatform = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
|
||||
config = { qchem-config.optArch = nixpkgs.march; oneapiArch = nixpkgs.oneapiArch; };
|
||||
overlays = [(final: prev:
|
||||
{
|
||||
unstablePackages = import inputs.topInputs.nixpkgs-unstable
|
||||
{
|
||||
localSystem = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
})];
|
||||
};
|
||||
boot.kernelPatches =
|
||||
[{
|
||||
@@ -56,7 +69,14 @@ inputs:
|
||||
};
|
||||
}];
|
||||
}
|
||||
{ nixpkgs.hostPlatform = "x86_64-linux"; }
|
||||
{
|
||||
nixpkgs =
|
||||
{
|
||||
hostPlatform = "x86_64-linux";
|
||||
overlays = [(final: prev: { unstablePackages = import inputs.topInputs.nixpkgs-unstable
|
||||
{ localSystem.system = "x86_64-linux"; config.allowUnfree = true; }; })];
|
||||
};
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
|
||||
@@ -25,13 +25,6 @@ inputs:
|
||||
"es256"
|
||||
"+presence"
|
||||
])
|
||||
(builtins.concatStringsSep ","
|
||||
[
|
||||
"WgLCnlQcGP4uVHI8OZrJWoLK6ezHtl404NVGsfH2LXsq0TNVZ7l2OidGpbYqIJwTn5yKu6t0MI7KdHYD18T/HA=="
|
||||
"GVPuwp38yb+A1Uur22hywW7mQJPOxuLXXKLlM9FU2bvVhpwdjWDvg+BB5YFAL9NjTW22V7Hy/a9UuSmZejs7dw=="
|
||||
"es256"
|
||||
"+presence"
|
||||
])
|
||||
])
|
||||
]);
|
||||
};
|
||||
|
||||
@@ -14,6 +14,6 @@ inputs: { config =
|
||||
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
|
||||
# do not clean /tmp
|
||||
timers.systemd-tmpfiles-clean.enable = false;
|
||||
coredump.enable = false;
|
||||
coredump = { enable = true; extraConfig = "Storage=none"; };
|
||||
};
|
||||
};}
|
||||
|
||||
@@ -1,276 +1,276 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) listToAttrs mkMerge;
|
||||
inherit (builtins) map;
|
||||
inherit (inputs.localLib) stripeTabs;
|
||||
in mkMerge
|
||||
[
|
||||
let
|
||||
allUsers =
|
||||
{
|
||||
root =
|
||||
{
|
||||
users =
|
||||
users.users.root =
|
||||
{
|
||||
users =
|
||||
{
|
||||
root =
|
||||
{
|
||||
shell = inputs.pkgs.zsh;
|
||||
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
||||
openssh.authorizedKeys.keys =
|
||||
[
|
||||
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
|
||||
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
|
||||
];
|
||||
};
|
||||
chn =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
|
||||
};
|
||||
};
|
||||
mutableUsers = false;
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
||||
openssh.authorizedKeys.keys =
|
||||
[
|
||||
(builtins.concatStringsSep ""
|
||||
[
|
||||
"sk-ssh-ed25519@openssh.com "
|
||||
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
|
||||
"chn@pc"
|
||||
])
|
||||
];
|
||||
};
|
||||
}
|
||||
# (mkMerge (map (user:
|
||||
# {
|
||||
# sops.secrets."password/${user}".neededForUsers = true;
|
||||
# users.users.${user}.passwordFile = inputs.config.sops.secrets."password/${user}".path;
|
||||
# }) [ "root" "chn" ]))
|
||||
{
|
||||
home-manager =
|
||||
home-manager.users.root =
|
||||
{
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
users =
|
||||
let
|
||||
normal = { gui ? false }: { pkgs, ...}:
|
||||
imports = inputs.config.nixos.users.sharedModules;
|
||||
config.programs.git =
|
||||
{
|
||||
extraConfig.core.editor = inputs.lib.mkForce "vim";
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
};
|
||||
};
|
||||
};
|
||||
chn =
|
||||
{
|
||||
users.users.chn =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
|
||||
openssh.authorizedKeys.keys =
|
||||
[
|
||||
# ykman fido credentials list
|
||||
# ykman fido credentials delete f2c1ca2d
|
||||
# ssh-keygen -t ed25519-sk -O resident
|
||||
# ssh-keygen -K
|
||||
(builtins.concatStringsSep ""
|
||||
[
|
||||
"sk-ssh-ed25519@openssh.com "
|
||||
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
|
||||
"chn@pc"
|
||||
])
|
||||
];
|
||||
};
|
||||
home-manager.users.chn =
|
||||
{
|
||||
imports = inputs.config.nixos.users.sharedModules;
|
||||
config =
|
||||
{
|
||||
programs =
|
||||
{
|
||||
git =
|
||||
{
|
||||
home.stateVersion = "22.11";
|
||||
programs =
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
};
|
||||
ssh.matchBlocks = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(host:
|
||||
{
|
||||
name = host.name;
|
||||
value = { host = host.name; hostname = host.value; user = "chn"; };
|
||||
})
|
||||
(inputs.localLib.attrsToList
|
||||
{
|
||||
vps3 = "vps3.chn.moe";
|
||||
vps4 = "vps4.chn.moe";
|
||||
vps5 = "vps5.chn.moe";
|
||||
vps6 = "vps6.chn.moe";
|
||||
vps7 = "vps7.chn.moe";
|
||||
}))
|
||||
++ (builtins.map
|
||||
(host:
|
||||
{
|
||||
name = host;
|
||||
value =
|
||||
{
|
||||
host = host;
|
||||
hostname = "hpc.xmu.edu.cn";
|
||||
user = host;
|
||||
extraOptions =
|
||||
{
|
||||
PubkeyAcceptedAlgorithms = "+ssh-rsa";
|
||||
HostkeyAlgorithms = "+ssh-rsa";
|
||||
SetEnv = "TERM=chn_unset_ls_colors:xterm-256color";
|
||||
# in .bash_profile:
|
||||
# if [[ $TERM == chn_unset_ls_colors* ]]; then
|
||||
# export TERM=${TERM#*:}
|
||||
# export CHN_LS_USE_COLOR=1
|
||||
# fi
|
||||
# in .bashrc
|
||||
# [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
|
||||
};
|
||||
};
|
||||
})
|
||||
[ "wlin" "jykang" "hwang" ])
|
||||
)
|
||||
// {
|
||||
xmupc1 =
|
||||
{
|
||||
zsh =
|
||||
{
|
||||
enable = true;
|
||||
initExtraBeforeCompInit =
|
||||
''
|
||||
# p10k instant prompt
|
||||
typeset -g POWERLEVEL9K_INSTANT_PROMPT=off
|
||||
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||||
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||||
|
||||
HYPHEN_INSENSITIVE="true"
|
||||
|
||||
export PATH=~/bin:$PATH
|
||||
|
||||
function br
|
||||
{
|
||||
local cmd cmd_file code
|
||||
cmd_file=$(mktemp)
|
||||
if broot --outcmd "$cmd_file" "$@"; then
|
||||
cmd=$(<"$cmd_file")
|
||||
command rm -f "$cmd_file"
|
||||
eval "$cmd"
|
||||
else
|
||||
code=$?
|
||||
command rm -f "$cmd_file"
|
||||
return "$code"
|
||||
fi
|
||||
}
|
||||
|
||||
alias todo="todo.sh"
|
||||
'';
|
||||
plugins =
|
||||
[
|
||||
{
|
||||
file = "powerlevel10k.zsh-theme";
|
||||
name = "powerlevel10k";
|
||||
src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||||
}
|
||||
{
|
||||
file = "p10k.zsh";
|
||||
name = "powerlevel10k-config";
|
||||
src = ./p10k-config;
|
||||
}
|
||||
{
|
||||
name = "zsh-lsd";
|
||||
src = pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "z-shell";
|
||||
repo = "zsh-lsd";
|
||||
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
|
||||
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
|
||||
};
|
||||
}
|
||||
];
|
||||
history =
|
||||
{
|
||||
extended = true;
|
||||
save = 100000000;
|
||||
size = 100000000;
|
||||
share = true;
|
||||
};
|
||||
};
|
||||
direnv = { enable = true; nix-direnv.enable = true; };
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
userEmail = "chn@chn.moe";
|
||||
userName = "chn";
|
||||
extraConfig =
|
||||
{
|
||||
core.editor = if gui then "code --wait" else "vim";
|
||||
advice.detachedHead = false;
|
||||
merge.conflictstyle = "diff3";
|
||||
diff.colorMoved = "default";
|
||||
};
|
||||
package = pkgs.gitFull;
|
||||
delta =
|
||||
{
|
||||
enable = true;
|
||||
options =
|
||||
{
|
||||
side-by-side = true;
|
||||
navigate = true;
|
||||
syntax-theme = "GitHub";
|
||||
light = true;
|
||||
zero-style = "syntax white";
|
||||
line-numbers-zero-style = "#ffffff";
|
||||
};
|
||||
};
|
||||
};
|
||||
ssh =
|
||||
{
|
||||
enable = true;
|
||||
controlMaster = "auto";
|
||||
controlPersist = "1m";
|
||||
compression = true;
|
||||
matchBlocks = builtins.listToAttrs
|
||||
(
|
||||
(map
|
||||
(host:
|
||||
{
|
||||
name = host.name;
|
||||
value = { host = host.name; hostname = host.value; user = "chn"; };
|
||||
})
|
||||
(inputs.localLib.attrsToList
|
||||
{
|
||||
vps3 = "vps3.chn.moe";
|
||||
vps4 = "vps4.chn.moe";
|
||||
vps5 = "vps5.chn.moe";
|
||||
vps6 = "vps6.chn.moe";
|
||||
vps7 = "vps7.chn.moe";
|
||||
nas = "192.168.1.188";
|
||||
}))
|
||||
++ (map
|
||||
(host:
|
||||
{
|
||||
name = host;
|
||||
value =
|
||||
{
|
||||
host = host;
|
||||
hostname = "hpc.xmu.edu.cn";
|
||||
user = host;
|
||||
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
|
||||
};
|
||||
})
|
||||
[ "wlin" "jykang" "hwang" ])
|
||||
)
|
||||
// {
|
||||
xmupc1 =
|
||||
{
|
||||
host = "xmupc1";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmupc1-ext =
|
||||
{
|
||||
host = "xmupc1-ext";
|
||||
hostname = "vps3.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmuhk =
|
||||
{
|
||||
host = "xmuhk";
|
||||
hostname = "10.26.14.56";
|
||||
user = "xmuhk";
|
||||
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
||||
};
|
||||
xmuhk2 =
|
||||
{
|
||||
host = "xmuhk2";
|
||||
hostname = "183.233.219.132";
|
||||
user = "xmuhk";
|
||||
port = 62022;
|
||||
};
|
||||
};
|
||||
};
|
||||
vim =
|
||||
{
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
settings =
|
||||
{
|
||||
number = true;
|
||||
expandtab = false;
|
||||
shiftwidth = 2;
|
||||
tabstop = 2;
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
set clipboard=unnamedplus
|
||||
colorscheme evening
|
||||
'';
|
||||
};
|
||||
chromium =
|
||||
{
|
||||
package = inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.chromium;
|
||||
enable = inputs.config.programs.chromium.enable && gui;
|
||||
extensions =
|
||||
[
|
||||
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
|
||||
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
|
||||
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
|
||||
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
|
||||
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
|
||||
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
|
||||
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
|
||||
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
|
||||
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
|
||||
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
|
||||
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
|
||||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
|
||||
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
|
||||
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
|
||||
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
|
||||
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
|
||||
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
|
||||
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
|
||||
];
|
||||
};
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
host = "xmupc1";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
nas =
|
||||
{
|
||||
host = "nas";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 5440;
|
||||
};
|
||||
xmupc1-ext =
|
||||
{
|
||||
host = "xmupc1-ext";
|
||||
hostname = "vps3.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmuhk =
|
||||
{
|
||||
host = "xmuhk";
|
||||
hostname = "10.26.14.56";
|
||||
user = "xmuhk";
|
||||
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
||||
};
|
||||
xmuhk2 =
|
||||
{
|
||||
host = "xmuhk2";
|
||||
hostname = "183.233.219.132";
|
||||
user = "xmuhk";
|
||||
port = 62022;
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
root = normal { gui = false; };
|
||||
chn = normal { gui = inputs.config.nixos.system.gui.enable; };
|
||||
};
|
||||
home.packages =
|
||||
[
|
||||
(
|
||||
let
|
||||
servers = builtins.filter
|
||||
(system: system.value.enable)
|
||||
(builtins.map
|
||||
(system:
|
||||
{
|
||||
name = system.config.nixos.system.networking.hostname;
|
||||
value = system.config.nixos.system.fileSystems.decrypt.manual;
|
||||
})
|
||||
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
|
||||
cat = "${inputs.pkgs.coreutils}/bin/cat";
|
||||
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
|
||||
ssh = "${inputs.pkgs.openssh}/bin/ssh";
|
||||
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
|
||||
(
|
||||
(builtins.map (system: builtins.concatStringsSep "\n"
|
||||
[
|
||||
"decrypt-${system.name}() {"
|
||||
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
|
||||
(builtins.concatStringsSep "\n" (builtins.map
|
||||
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
|
||||
+ (if device.value.ssd then "--allow-discards " else "")
|
||||
+ "${device.name} ${device.value.mapper} -")
|
||||
(inputs.localLib.attrsToList system.value.devices)))
|
||||
"}"
|
||||
])
|
||||
servers)
|
||||
++ [ "decrypt-$1" ]
|
||||
))
|
||||
)
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
nixos.services.groupshare.mountPoints = [ "/home/chn/groupshare" ];
|
||||
};
|
||||
xll =
|
||||
{
|
||||
users.users.xll =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/xll".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./xll_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/xll".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
|
||||
};
|
||||
zem =
|
||||
{
|
||||
users.users.zem =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/zem".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./zem_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/zem".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
|
||||
};
|
||||
yjq =
|
||||
{
|
||||
users.users.yjq =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/yjq".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./yjq_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/yjq".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
|
||||
};
|
||||
yxy =
|
||||
{
|
||||
users.users.yxy =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/yxy".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./yxy_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/yxy".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.nixos.users = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
|
||||
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (builtins) map attrNames;
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.config.nixos) users;
|
||||
in mkMerge
|
||||
[
|
||||
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
|
||||
];
|
||||
}
|
||||
|
||||
# environment.persistence."/impermanence".users.chn =
|
||||
# {
|
||||
@@ -313,4 +313,4 @@ inputs:
|
||||
# ".viminfo"
|
||||
# ".zsh_history"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
1
modules/users/xll_id_rsa.pub
Normal file
1
modules/users/xll_id_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@chn-PC
|
||||
1
modules/users/yjq_id_rsa.pub
Normal file
1
modules/users/yjq_id_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@chn-PC
|
||||
1
modules/users/yxy_id_rsa.pub
Normal file
1
modules/users/yxy_id_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3D1PKR7xwlFBT/XdvGl9JkKTR0opBOQwxokR0Ri+zy0a6PgFFE6/L2NhgbHLQZt96J4lHl9ZxPdRgQ8Tc4+rptJiEX5VvZaNXmOC5wa5fGZuSj93HPEUzrtOv1sFzh2WgAeWd2nf7r/DoSYY91W1Bpsjx1YaeI6KvTHMeqoidTd17CcrMkIcOuYlgAHDeZ+vnxljTOddjK17D+AsG1+ThbDNwd97AlRv/pRkL2BAnHHNvL1UXVKg47IV4+60guB0Xqr947mSdCAomW1Oe9XbYooVRZZaVov1cv6NTQ0dZ6ktV3i+s7VXZh8dNkp46Hw68gI+fHp0I3mze5MblffpaGo2f0qQrJOROQygOyj/ihK1eMkPNKfdJE0odQ0z+1mwnwq5bhP5UPBvz6Z11M9Ez+/VtX3MG27RdVPMtoLSgHV7XwvVsvJQ5V+O+TkdO95IIlPuA2+1wj9O+Tsz4u4IS5xC7XXr9Jo+Mj1gbYnZqmTSldyBIkSUuKRgDF6oC4Fs= yxy@chn-xmupc1
|
||||
1
modules/users/zem_id_rsa.pub
Normal file
1
modules/users/zem_id_rsa.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@chn-PC
|
||||
@@ -67,7 +67,14 @@ inputs:
|
||||
};
|
||||
virtualisation =
|
||||
{
|
||||
libvirtd = { enable = true; qemu.runAsRoot = false; onBoot = "ignore"; onShutdown = "shutdown"; };
|
||||
libvirtd =
|
||||
{
|
||||
enable = true;
|
||||
qemu.runAsRoot = false;
|
||||
onBoot = "ignore";
|
||||
onShutdown = "shutdown";
|
||||
parallelShutdown = 4;
|
||||
};
|
||||
spiceUSBRedirection.enable = true;
|
||||
};
|
||||
environment.systemPackages = with inputs.pkgs; [ qemu_full win-spice ] ++
|
||||
|
||||
@@ -1,5 +1,14 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:0q37D3FVH95eSmw1KPuQSbt6zgzdt9iyO6Mnsk/CiDtp36BR,iv:V0sZLD4VAPF6LQg+mrWxpvnKfkCwQlmwGuJ86XEe8Ik=,tag:UEQAcpkv1LmuIBF50PL0lQ==,type:str]
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:zWLXEH628ZVDZk7U/9zEXocJatCJr7hZrCmh/pifPlxVvVud5RQxLvgRvhQ=,iv:YFn7spiIcaW/l8dQZvGhsERi81L2RKLUE/55Bht0TMQ=,tag:fVdIRCMeT6o0lrGVDjCVlA==,type:str]
|
||||
acme:
|
||||
cloudflare.ini: ENC[AES256_GCM,data:/LpP1qoVS+CG+5ska6vtmagHNrhcgr5e1QRzDdbdCYGnDB8Nca/GmIogzHCXsogQY/rwGTCZoXLKKEGToYiThwk=,iv:R++I0ued2wrVsmM/vYvBVMOp9M7HyZIfDOVOlg7GALE=,tag:gYchPuh8MHk3EEnGb9g4WA==,type:str]
|
||||
users:
|
||||
xll: ENC[AES256_GCM,data:XLSsz6fZ23PPaJS1Y5C3FAOks3wzb2f+Pv8TgyKrDBfMeoLk1M37A00OGJ2wsYxkuR0JV6Uoh+hhRpTUjOQnmLfQrBxPxxP8DA==,iv:jxEZX/flxxduM1sdrYfGHfMtFMYduMg0Lr6hY1pkAPg=,tag:CYy0y1e2S2Txz1OSh+XDHA==,type:str]
|
||||
zem: ENC[AES256_GCM,data:VCVLfGO9a06XhAOBciFf1u7A5jaQikAt2wZf+dCAi1BglXpM6Hof1yAunadYOwLOBFgGlP19kX53CBBlZtaqZFL2GRDzXP0woQ==,iv:AFYtHCCkzNrllN/fjQ8GKYs2TyV3uj3BsU5n1tBQAmM=,tag:5dP7c5N4yG2NS4T+Vg0Zpg==,type:str]
|
||||
yjq: ENC[AES256_GCM,data:yn6eGrySCxlRsFioaE2p1qlTHkIGC9l64+edjuDvt232xc+iFeD03EYfuulyr0GxYFwnlAwtaJnyMi5eOrSd1W6HeV3Canzdbw==,iv:qTc6vA8uQza8CB+BvffEN9GqHkiwNM4h9RkqQR14ylk=,tag:UZ2GYCJLjcWLuVXlscLviw==,type:str]
|
||||
yxy: ENC[AES256_GCM,data:71vjvwr29lfPCarnblpbW3WVyJK8EMV+cR4prc4AM3r0PG4z88P6i0IrzSy8XwkVPrEasfYXxn+vDbzXyi7kIWaWXrkjcyGTxg==,iv:LfkinvbIhchvgfgixIY8Wg6esrc+TOS4YWqRTJ0qfvw=,tag:mLPw6z8DOPrHsRpUHn3/gw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -9,14 +18,23 @@ sops:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbFR2bHMrRmdXWVVHTTlJ
|
||||
VVFoMXNBWUU0MGkrOWl0bEphb3JlSTlsN25nCjE1NTZwTHM1b09ZeS9GQ09pRFB0
|
||||
TFRPcW5MTGI1dTk0YXFsVmI1ZmVnTlUKLS0tIEpZNW1YMi9Gc0laRkxYbEw2TGd2
|
||||
MVRPMDVCeHVlOTBnWVNJZ21kcmlBTFkKKbyR6MGaKRvk23toLEdD9s7deQN2Dp9U
|
||||
fYn/X4SC7Wfm4atiDbLR3Jz6FhjRAN+s//lrojRb4yqoipa2AN5tPA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
|
||||
cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
|
||||
M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
|
||||
a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
|
||||
1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-23T12:21:23Z"
|
||||
mac: ENC[AES256_GCM,data:sUfKYYu4aQYa2hO09aRXDdlrxY9T8ePb4sMTf8hfHHZLRaxLubWy7JkzVdxlTDpCHEZIW5J5zpbcjpvE8ZC5G/m45iCLwJIqAM5teSoG5FW/hR2uzfSuRsF/5vh1xFREsGtMLYskBobvf9mssBwRXgaKOv4zAHzlBmEhTLTBFLg=,iv:TmjRAHISDSK1+M1WtrMYF20cdCPCqu05VhHl6/ipKB4=,tag:jwMdzZoFu1IOB3sg2/kxlg==,type:str]
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
|
||||
ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
|
||||
NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-14T11:09:58Z"
|
||||
mac: ENC[AES256_GCM,data:f6D4N+He7Zz0VA2FxUzTARfckidgVlDHE1hZrYW6jDf+v9ZK/c/JAj12zLNiCy9aG6rBz5K0jdWpnTsguMlTYCKUjLcD8MSW4KJErYmeVFLpfuiSBMr0+pcSVA9DpEmekaYl0GbnxrgQKrfEL0dthR6+9m5CsP/1bvEs34XcKGk=,iv:0YVxL5iVOvmFzThk7fua2Cqpty9lTX/tdKNii5gY/UA=,tag:d+NwYbpeDziniYXwQYVCdg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
@@ -7,15 +7,13 @@ frp:
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
|
||||
nginx:
|
||||
#ENC[AES256_GCM,data:sHSfWhEO9PHWTY0r,iv:XSyOSkzEVOjMF/9vjEVpcuKH6B2mdE5D7l9VKrSILO0=,tag:2YkAoPW5GqOjFpPF5IvApg==,type:comment]
|
||||
#ENC[AES256_GCM,data:Oaxg1nXYHLNOAF2V8lNF+4OtJz5bXOdEleXi89AW+dQvDgj0HMAAlxLiixlfhFW48Clcu+C+4opFZUk+4Q3GBePTQWeabgEFAZi+MgnVoiXzfizQpmve,iv:/NyV6W0vaXvS5qFKPw+7Iqe9po1VKQDLbHaC9Fa8Mto=,tag:JiCKJxhpAI9k11N9WxfZew==,type:comment]
|
||||
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
|
||||
postgresql:
|
||||
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
|
||||
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
|
||||
redis:
|
||||
misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
|
||||
meilisearch:
|
||||
misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:/wYR3Bz4LRk/Ks0vizlZS3Ebf5qVfnlBBqZEm/ZIBFdDuhddgu71cqCjTHIKQ6CYh3CoUyguKIIFWku/kOCHKA==,iv:dllKvZwxvZC4pVyEMOB9WNiVBsVxzo5kwbdYKCzzyrY=,tag:MvzqalVvBkyJoLbirN0V8Q==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
|
||||
sops:
|
||||
@@ -42,8 +40,8 @@ sops:
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-03T08:51:32Z"
|
||||
mac: ENC[AES256_GCM,data:PlBRhBHJ067MzX77ZaG7XzQviTixWWEZboFM8h1ezmei+Pf2PY4oDxRfmEgAodXD2EpM0x4cao3NPzMeAYtJK0YUViZRzdSbya/60W6Xzv0nrbJHh3xvvJmLVsMXyD3KKMcafTOrBsxnCg0gRro778Z63XkN/S9tA2tZfdZLLcY=,iv:9N223T+lBjYt0WLvvERbAFE1Z30ejWwZNDjByFjlW98=,tag:iTD7+P5uFlwe/xEX80QgMg==,type:str]
|
||||
lastmodified: "2023-10-03T10:45:13Z"
|
||||
mac: ENC[AES256_GCM,data:9O1o1uNvrSu4yEpVmvPLESrCqtkf+MXUud54hVgjd/Mmchsy0eTi3gMzbAb0i6vaaNH7hHVOT0GnSNiS67UjYemvx9xHOPuJxysmoUAvT6aVzap4XZirnnsKgfYGUwn/iECsEF3dGa2c4nCiPxdtac2BaGBlxFKuh1fWBKWrow0=,iv:a+xHAakjIPhDQRYJnb0BFxdXc0uXZmmZYv8kvOPoKBA=,tag:hWpzT1tMILYZKhQXgdmhXg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
@@ -22,9 +22,13 @@ xray-server:
|
||||
user7: ENC[AES256_GCM,data:7rxvmKbtYrDKBlo8kZIfd86KLd9EcSWB0ikasIRqfCZ24W0h,iv:Uplz4fnFymmBVZ9YTniHFFY3EVSrTYsg1+CTFqBu1WY=,tag:l3EPeYRHSeRsCyRhqFRrEg==,type:str]
|
||||
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:FNT3hHMwPJu3iI1LuOP1KvsoOonh+J/ecrNrRQO5TpunDPUq,iv:tTEB0MSUmQ39tNq9v1BTfaEcJY7Y59CPHRASMC1a4U8=,tag:klDm6Isk52hG8ubcFu6yHA==,type:str]
|
||||
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:4BD/4MXAVLhDm3EXdgTiEgPketf0WgflVPGb3/JMWXfycEKY,iv:jwE5sFVxZjORwoqCBdufP2EhetVtFGHyCP58AzJwle0=,tag:OCteA20hDBLI9zt1ET0tUQ==,type:str]
|
||||
#ENC[AES256_GCM,data:U48hPlrJn2dF9g==,iv:W+6QEgemNa41VCT2OfBvEhuLAucLxfR+YZiDgdkkSnk=,tag:IhVstGnQ4EviT5ctMgyKiA==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:d9qxJQH9Jo8gJKUi5jjSdVwqzuHG+dj08Tk+TxhczJmlSaFT,iv:DS+9isZX2B9AYAyV4Yle4fpHzA/SHcR56B/GW8QdALw=,tag:9nUQ0OuMCuXGSZs2kjfnIQ==,type:str]
|
||||
#ENC[AES256_GCM,data:DxZrs2B0LyPdLg==,iv:yZzEjyiY2s6gIPTsALl5xOsI0ByDvSBG4SI2+K6TLzI=,tag:hAniFFNS0SueybUKnRd2YQ==,type:comment]
|
||||
user11: ENC[AES256_GCM,data:RPIH0DudfPJwPsa0yFLNqUy2EMwQh1bIqkmhCfteVTkUQGWP,iv:NH0aGTZ6nVqz2nn+o1HQS0PKpqHTBMkAhy0oFeyX/8k=,tag:kgd5zkHXW+oxRFC9x2VTUg==,type:str]
|
||||
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:Q+XcMYPWWeHqXZZt3lf9OurlWwVQGBJWTnRwDUvg7np19g3+,iv:ybREjo5/SFRN5LMSyYdm0ygkYoq/G1uBv9K0iGPqrh4=,tag:g2y8IJeXtHW1XjelOvT+/A==,type:str]
|
||||
user13: ENC[AES256_GCM,data:IKKk8joJQ5rcSXV84jbYd4uox548czpcgXwTtyK4rFimQIoO,iv:ycVDDSb0qAtZE8WzEdKkaBYKY13JpKj+4xrgkLogikw=,tag:z9ty67NWIgGlh1psbE5qVQ==,type:str]
|
||||
user14: ENC[AES256_GCM,data:WFhrirjRUEZlOaCLGvHzvRPyp5O+035k0bNFqCvs0UTdT0+y,iv:C2vvOexQwFFkQyvFd8tf7lca2ZZIF3hbSiOHa2RFfGU=,tag:zowYrIut44mRiq6/h0r4fQ==,type:str]
|
||||
@@ -86,8 +90,8 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-03T08:50:37Z"
|
||||
mac: ENC[AES256_GCM,data:+w04X4hdgiBO3VpCI5tM2h+X13m3QOQeMdcmKGavqBoC9S+jx9dOoy2H9FdhjyYN/dkhglFqG5LMnHqEsdLGSwSxUsJDmHMm3MvFLJYIybvanNB+Gxb9+ooBNpC/e+d1iLg85mAUTXhLlezw5gaRHtwiQ4llOXZesE+c+Wnbbws=,iv:mM5lw8pFJoqYvz8uIi+oTqJFyIHq6HjspYTaEJp2xzY=,tag:9AqRnzwUxIV/ClJATxz95g==,type:str]
|
||||
lastmodified: "2023-10-11T05:09:24Z"
|
||||
mac: ENC[AES256_GCM,data:DJyMioOlgRFvRcjy6YNJdmEWSEk3XoChdmzYl3NoCjFj6Xe1wegYJ3Z2dPfPeY6kBrRyKeOg1Yfwwkjc8aj0TZCVVvlgV3q6CRFq7kk7e2wOUCo+Xz28XEL3S+mRMJWp8YYV2P3daS8HRfM72yC7t5JLuwCbyzu/CnxQVB2oxD8=,iv:f7zbYqwnySDg2tJc1CgRfQU2PCK2IbfMVMWsyZKlGNU=,tag:RRCXacPwq7IFv0+mcEdEXw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
@@ -8,13 +8,18 @@ nginx:
|
||||
redis:
|
||||
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
|
||||
wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
|
||||
misskey: ENC[AES256_GCM,data:eT0zEdnFyNNr7G6QMn5JpTa5M+iI9B4HdvPLvfwCGRZ6MyeYrpsO97B2V0YzIaJAi2Md20hMgJdD6BVXcDp9pA==,iv:e/2/ITEHCKATyAtGxWm9hJ8T/pcV6Je/RgU1AowXEfs=,tag:Ohdxg2Y/Hl5ewrv0Kv8ywA==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
|
||||
misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
|
||||
postgresql:
|
||||
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
|
||||
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
|
||||
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
|
||||
misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str]
|
||||
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
|
||||
meilisearch:
|
||||
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
|
||||
rsshub:
|
||||
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
|
||||
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
|
||||
@@ -32,6 +37,14 @@ synapse:
|
||||
signing-key: ENC[AES256_GCM,data:ZCayvU2lElUnuyVDL05XjO3v2P78ha9i9PEcLvpBLgNeYkh7nH9Z4kIAP6Pmbw39ufaSJuo5tZZPmA==,iv:CfxqL7dJbmG/jEcdDe+Su8uxsA4dkOq/CCOGlb3EDIk=,tag:9728QS3GLnTcerzDgtQEWw==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
|
||||
vaultwarden:
|
||||
admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
|
||||
mariadb:
|
||||
photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
|
||||
photoprism:
|
||||
adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
|
||||
nextcloud:
|
||||
admin: ENC[AES256_GCM,data:1rglLrLtRf3yXQwfHDMZLewk8ueIbMFOC+1mtoAyLKnDmcQAoEQZ1vHw/hpKkFXJQ+QyX3sP8eUjRXuBEIVl3A==,iv:lfEGPEw9ybSdOYLDdaGCLXKgCvgRxn3k9eIy2DJHDYU=,tag:j4qRexbEAgK5HAGhr/wxfA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -56,8 +69,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-03T08:51:12Z"
|
||||
mac: ENC[AES256_GCM,data:PKxrr1uONIi4ljjS6FFLApcvjVEda4lnsh005Ukmi4NF4fj5/Tyg/4+j85S3UGjgKlHUJsda9qit/23sZjb1IMGgQyL3HakOhEGc1JgbvlibcGm8ZE5LCznu9sp7BQ6hDnYmV1rAyWBDmO6zjNwdjT6NikZUY5o+KiXptLWaUYo=,iv:Gw07qLy4QijtdJa3e15YsbP9UhCS+hpJuApvkvIDc7c=,tag:zit2ySLqpJ7si+YrGINFmg==,type:str]
|
||||
lastmodified: "2023-10-04T07:35:42Z"
|
||||
mac: ENC[AES256_GCM,data:fa8ZjjFpm+j+HJtT1yv9Oyhdw7o9fQji6p9rAf+kBx7hR5mzVFO7hnH5a2Lbuw/cWuow8jSJjrVf1eg1ChXaL02GM38r8bnJy6Xwp/Yqg2crddrEIwzlS3yjkWWB1L/tPcd6VqWHmfKtPHaUpBtpOX6QarBTJ5xhh28E913im4U=,iv:v7CT8PiLpddOJvs44aRxsJ5iIgjOdOCKHD/FHsF2sII=,tag:R1PaS1g3yNk+yjMjXisqBA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
Reference in New Issue
Block a user