chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:tested
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:yoga
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

201 Commits
tested ... yoga

Author SHA1 Message Date
chn
183caffbd8 packages: exa to eza 2023-10-24 22:34:10 +08:00
chn
03cb6b7c2c update flake inputs 2023-10-24 22:32:32 +08:00
chn
a686d8259b packages: add microsoft-edge 2023-10-24 11:17:59 +08:00
chn
057e5a5d51 pc: remove modprobe config about iwlwifi 2023-10-23 17:12:08 +08:00
chn
9e36962acb pc: use last kernle 2023-10-23 17:11:35 +08:00
chn
0941aaf2ee pc: remove nvme workaround 2023-10-23 17:10:43 +08:00
chn
3197b26b10 fstrim: exclude bind mounts 2023-10-23 10:36:19 +08:00
chn
ea4b2cbeb8 system.fstrim: set interval to hourly 2023-10-22 20:34:58 +08:00
chn
65bd74aa2d 写入 knownHosts 2023-10-22 13:28:15 +08:00
chn
00572e7b29 packages: add try 2023-10-22 12:15:35 +08:00
chn
5be30df0af add haskell patch to nixpkgs-unstable 2023-10-22 00:30:20 +08:00
chn
e4219ddefb packages: add fastfetch 2023-10-21 20:22:37 +08:00
chn
108cf36835 packages.chromium: add MetaMask 2023-10-21 19:56:29 +08:00
chn
5645c3d1bd vps6: fix xlog proxy 2023-10-21 15:35:14 +08:00
chn
4a56408a7a local.pkgs.misskey: update 2023-10-21 14:23:24 +08:00
chn
c8d6ed06a6 vps6: enable forward for xlog 2023-10-21 14:05:37 +08:00
chn
b6122fde21 packages: add electrum 2023-10-21 11:07:03 +08:00
chn
85ed0026cb packages.vscode: add todo-tree 2023-10-20 20:52:10 +08:00
chn
7ef8b41350 yoga: workaround bugs 2023-10-19 20:08:33 +08:00
chn
856ccc5281 typo 2023-10-19 19:58:44 +08:00
chn
fb924cd8e0 fix lenovo-yogabook module not found for kernel-lts 2023-10-18 21:45:28 +08:00
chn
66e602e750 pc: use lts kernel 2023-10-18 21:15:37 +08:00
chn
570b82015e system.gui: disable plasma-nm when gui is not preferred 2023-10-18 20:57:58 +08:00
chn
eaa5a7f7a3 try workaround nvme bug 2023-10-16 10:43:09 +08:00
chn
f38b2b3596 update misskey 2023-10-15 18:06:26 +08:00
chn
c1eb35b7d8 bug.nvme: use software iommu 2023-10-15 14:40:31 +08:00
chn
0b90b9831f packages: add ydict 2023-10-15 14:02:50 +08:00
chn
a56011bf6d fix biu 2023-10-14 23:19:32 +08:00
chn
4bb77b3351 update libbiu 2023-10-14 22:51:07 +08:00
chn
2982615a25 nas: fix swap 2023-10-14 21:29:00 +08:00
chn
279483923e Revert "services.misskey: temporarily disable redis" 
This reverts commit 1334fe2b47.
 2023-10-14 19:57:17 +08:00
chn
1334fe2b47 services.misskey: temporarily disable redis 2023-10-14 19:30:00 +08:00
chn
954dd962bc vps7.services.meilisearch: do not limit io 2023-10-14 17:49:18 +08:00
chn
62255316be services.misskey: do not limit runtime 2023-10-14 17:48:23 +08:00
chn
b2aa00afa6 add libbiu 2023-10-14 16:20:48 +08:00
chn
41d14eff54 add tgbot-cpp 2023-10-14 14:23:12 +08:00
chn
97e25871ae add localPackages overlay 2023-10-13 21:13:28 +08:00
chn
b59f68d3b1 systemd coredump write to rootfs 2023-10-11 22:24:08 +08:00
chn
dc4a836bbb sysreq use 438 2023-10-11 19:27:44 +08:00
chn
a6cddb2f7f fix cjktty 2023-10-09 12:11:14 +08:00
chn
f05d75d041 add yogabook kmod 2023-10-09 11:56:54 +08:00
chn
df76f20ff5 try to get halo keyboard working 2023-10-08 23:19:09 +08:00
chn
7133b45ffe try to fix touch keyboard 2023-10-08 19:27:16 +08:00
chn
4370b99ee6 fix touch keyboard 2023-10-08 19:09:45 +08:00
chn
bfd47d1dcf yoga: enable halo-keyboard 2023-10-08 19:04:39 +08:00
chn
9b89e61f20 yoga: disable smartd 2023-10-08 19:03:18 +08:00
chn
f1e4bfd9bc fix halo-keyboard service 2023-10-08 19:01:26 +08:00
chn
62aa651c15 add chromiumos-touch-keyboard 2023-10-08 17:00:27 +08:00
chn
5ffdec57c0 add propagatedBuildInputs 2023-10-08 13:34:38 +08:00
chn
e20527b4cd add glad 2023-10-08 13:33:32 +08:00
chn
be54e681c3 add yoga to default 2023-10-08 11:55:20 +08:00
chn
fe9c7b9363 system: adjust swappiness 2023-10-08 11:35:53 +08:00
chn
62c3c6ab29 add checks 2023-10-08 10:57:57 +08:00
chn
f97db074e6 services.misskey: fix postgresql.enable 2023-10-08 10:53:28 +08:00
chn
22ef0c27f5 local.pkgs.matplotplusplus: enable opengl 2023-10-07 22:11:22 +08:00
chn
f6a5022aca merge next 2023-10-07 20:41:14 +08:00
chn
53020f6373 allow deploy to yoga 2023-10-07 19:46:39 +08:00
chn
089fd25d8c nas: enable swap 2023-10-07 19:14:59 +08:00
chn
effb920c82 Merge branch 'main' into next 2023-10-07 11:41:19 +08:00
chn
a2c316a6f7 fix aagl build failed 2023-10-06 16:58:30 +08:00
chn
857625884d system: enable fstrim 2023-10-06 16:24:06 +08:00
chn
56a63df3c2 add pslist 2023-10-06 11:54:49 +08:00
chn
fee894fa0a anime-game use native package 2023-10-05 21:30:59 +08:00
chn
723e859079 update everything 2023-10-05 21:14:51 +08:00
chn
864b4c06eb fix 2023-10-05 19:21:12 +08:00
chn
9ec12f8bfc Merge branch 'nas-beesd' 2023-10-05 19:16:26 +08:00
chn
27515d37fe nas: enable beesd 2023-10-05 19:16:12 +08:00
chn
cbec6f8d8d add jupyterlab 2023-10-05 18:58:02 +08:00
chn
4a7c532b31 Merge branch 'vps7-beesd' 2023-10-05 16:47:15 +08:00
chn
50aba26cfc vps7: enable beesd 2023-10-05 16:46:59 +08:00
chn
d7a781ad1a Merge branch 'vps6-beesd' 2023-10-05 16:17:24 +08:00
chn
625c3264af services.nextcloud: disable update checker 2023-10-05 16:12:53 +08:00
chn
9f78a34e6a vps6: enable beesd 2023-10-05 15:55:39 +08:00
chn
b72c8a43fa vps7: prepare for beesd 2023-10-05 15:52:39 +08:00
chn
286fc162c9 vps6: prepare for beesd 2023-10-05 15:45:30 +08:00
chn
47126a7429 local.pkgs: update rsshub 2023-10-05 11:30:12 +08:00
chn
be3c0e5821 services.nextcloud: add app 2023-10-04 21:06:35 +08:00
chn
14f62cf255 Revert "services.nextcloud: enable appstore" 
This reverts commit 60f3ccc506.
 2023-10-04 20:45:05 +08:00
chn
60f3ccc506 services.nextcloud: enable appstore 2023-10-04 20:38:20 +08:00
chn
2bac21f4cf services.nextcloud: fix mail 2023-10-04 20:06:45 +08:00
chn
ea02adcf4d vps6: enable nextcloud 2023-10-04 19:51:48 +08:00
chn
7fb51ba080 fix nextcloud mail config 2023-10-04 16:19:57 +08:00
chn
6020e071c0 fix 2023-10-04 15:56:11 +08:00
chn
c83c90050a fix 2023-10-04 15:51:11 +08:00
chn
15d89d99ad fix 2023-10-04 15:46:55 +08:00
chn
4b5078a76c fix 2023-10-04 15:42:34 +08:00
chn
073aa595d3 vps7: enable nextcloud 2023-10-04 15:41:00 +08:00
chn
2b5349ae06 services.nextcloud: init 2023-10-04 15:40:28 +08:00
chn
3f62ee0dcd fix 2023-10-04 12:11:40 +08:00
chn
b9f5478c26 vps6: enable photoprism 
vps7: enable photoprism
 2023-10-04 12:09:01 +08:00
chn
11ee42d876 fix 2023-10-04 12:04:54 +08:00
chn
d7adea94eb services.mariadb: fix user password and permissions 2023-10-04 11:48:39 +08:00
chn
990a5cf0be services.photoprism: init 2023-10-04 11:15:23 +08:00
chn
2cbe5945b7 services.mariadb: init 2023-10-04 10:13:56 +08:00
chn
e06623ce79 move zsh history 2023-10-04 00:35:59 +08:00
chn
4eeae31498 vps6: enable element-web 2023-10-03 21:47:46 +08:00
chn
9c75d2ac8d fix 2023-10-03 20:41:09 +08:00
chn
f2b88fa5a3 services.nginx.http: rename from httpProxy, allow static site 2023-10-03 20:34:54 +08:00
chn
259a1cc6f9 move xxx-proxy to nginx 2023-10-03 20:11:43 +08:00
chn
e4d1320373 restore old misskey 2023-10-03 19:00:33 +08:00
chn
4f24bcce18 vps7: migrate misskey 2023-10-03 11:44:31 +08:00
chn
e3336b95f8 fix 2023-10-02 22:27:35 +08:00
chn
97952ec828 service.misskey: allow multiple instances 2023-10-02 21:38:06 +08:00
chn
66bcb54311 prepare beesd for nas 2023-10-02 16:21:18 +08:00
chn
a0ef3198c2 fix remote-decrypt 2023-10-02 14:20:21 +08:00
chn
68b94f7216 nas: add networking driver into initrd 2023-10-02 14:10:23 +08:00
chn
b533b80f31 nas: enable sshd in initrd 2023-10-02 13:55:40 +08:00
chn
a7315cd8b5 fix initrd.nas.chn.moe 2023-10-02 13:52:32 +08:00
chn
0a6a8fdd7b fix remote-decrypt 2023-10-02 13:49:26 +08:00
chn
d6d0a0e230 nas: enable remote decryption 2023-10-02 13:36:27 +08:00
chn
8d583b626f nas.snapper: disable 2023-10-02 11:41:04 +08:00
chn
14ef69b54a pc.services.snapper: enable 
pc.services.beesd: adjust
 2023-10-02 09:54:58 +08:00
chn
b69d4648b5 Revert "services.beesd: use 4 threads" 
This reverts commit 70e6430750.
 2023-10-02 00:28:47 +08:00
chn
2efb0afcfe system.kernel: update to 6.4.15 2023-10-01 23:41:31 +08:00
chn
70e6430750 services.beesd: use 4 threads 2023-10-01 23:35:50 +08:00
chn
3dc8a2d73a bugs: add nvme 2023-10-01 23:12:34 +08:00
chn
795d55baee services.beesd: use 8 threads 2023-10-01 22:46:56 +08:00
chn
705d279a94 system.fileSystems.rollingRootfs: fix 2023-10-01 22:46:11 +08:00
chn
d88610f3b7 services.beesd: more threads 2023-10-01 19:54:14 +08:00
chn
e832412f3b system.fileSystems.rollingRootFs: make old rootfs readonly 2023-10-01 19:15:32 +08:00
chn
78b27d3ae5 system.impermanence: kvm image save to nodatacow 2023-10-01 18:29:27 +08:00
chn
a694ada2ee Revert "pc.services.beesd: disable" 
This reverts commit bacfb9ccf2.
 2023-10-01 18:01:40 +08:00
chn
bacfb9ccf2 pc.services.beesd: disable 
pc.services.snapper: enable
 2023-10-01 17:49:09 +08:00
chn
fbe4c21e9a Revert "services.beesd: adjust thread count" 
This reverts commit 4340106787.
 2023-10-01 17:45:38 +08:00
chn
4340106787 services.beesd: adjust thread count 2023-10-01 17:33:21 +08:00
chn
f42e1df555 services.snapper: remove patch 2023-10-01 17:08:11 +08:00
chn
63664f4fc7 pc.services.beesd: larger hash table size 
pc.snapper: disable
 2023-10-01 17:04:04 +08:00
chn
33b96bd46f pc: enable beesd 2023-10-01 16:25:25 +08:00
chn
106112d16f local.pkgs.misskey: fix 2023-10-01 16:11:46 +08:00
chn
38b6378160 services.beesd: disable 2023-10-01 09:22:08 +08:00
chn
33f7702330 packages: fix octave gui 2023-09-30 15:50:11 +08:00
chn
556ac1994d local.pkgs.misskey: 2023.9.1 -> 2023.9.3 2023-09-30 10:59:38 +08:00
chn
99aa6ecbf7 Revert "local.pkgs.misskey: use symlink for pnpm store" 
This reverts commit fde802ebfc.
 2023-09-30 10:54:41 +08:00
chn
fde802ebfc local.pkgs.misskey: use symlink for pnpm store 2023-09-30 10:51:37 +08:00
chn
1118e86d62 services.beesd: do not deduplicate snapshots 2023-09-30 10:45:57 +08:00
chn
ca59f06646 services.beesd: disable for boot 2023-09-29 18:33:35 +08:00
chn
9eec3611d4 services.beesd: set hashTableSizeMB 2023-09-29 10:52:14 +08:00
chn
3f54c4256c services.beesd: use only one thread 2023-09-29 09:38:44 +08:00
chn
91d7ab5b8f services.beesd: lower io priority 2023-09-29 01:02:39 +08:00
chn
dcf7f8ace0 system.nix: disable auto-optimise-store 2023-09-29 00:33:31 +08:00
chn
b7d524671a enable beesd for all machines 2023-09-29 00:32:48 +08:00
chn
f9a5581410 add beesd 2023-09-28 23:44:04 +08:00
chn
8c70c96d8e add nameof 2023-09-28 11:17:50 +08:00
chn
1957d68247 add eigen 2023-09-28 10:06:06 +08:00
chn
ceb91a8ed8 add btrfs-assistant 2023-09-28 00:41:49 +08:00
chn
093b27a225 system.networking.nebula: try to fix nebula at boot 2023-09-26 17:49:36 +08:00
chn
79cad7f58a users.yxy: add yxy_id_rsa.pub 2023-09-26 17:47:49 +08:00
chn
84ad6e3ae4 packages: prebuild unstablePackages.gcc13Stdenv 2023-09-26 13:52:38 +08:00
chn
6318b938c2 concurrencpp: fix cmake 2023-09-26 12:40:32 +08:00
chn
e21c7a916a add zpp-bits 2023-09-25 21:26:20 +08:00
chn
bdd8e82b4c services.misskey: fix version and add passthru 2023-09-25 16:33:18 +08:00
chn
e967a2511f services: misskey: update 2023-09-25 16:31:22 +08:00
chn
b509fd7a51 ssh: fix hpc ls color 2023-09-25 15:46:18 +08:00
chn
0259ee11ec services: misskey: fix build 2023-09-24 23:23:35 +08:00
chn
473c4f4d17 services: misskey: update 2023-09-24 21:42:40 +08:00
chn
469b765f99 meilisearch: add io limit 2023-09-24 20:47:46 +08:00
chn
ad7be5bc2b matplotplusplus: fix build 2023-09-23 18:44:19 +08:00
chn
fefd22a7eb matplotplusplus: fix build 2023-09-23 18:20:59 +08:00
chn
e4076219e1 add matplotplusplus 2023-09-23 17:33:17 +08:00
chn
8dc5b34cc1 packages: fix p10k instant prompt 2023-09-22 16:48:26 +08:00
chn
4f39c1a1f3 virtualisation: kvmHost: parallel shutdown 2023-09-21 15:46:58 +08:00
chn
cf6e8dff66 packages: update rsshub 2023-09-21 15:33:44 +08:00
chn
cb9665bbb6 Merge branch 'next' 2023-09-21 15:31:19 +08:00
chn
a419838515 ready to merge into main 2023-09-21 15:28:19 +08:00
chn
164c5737d2 packages: zsh: p10k instant prompt set to quiet 2023-09-21 14:06:05 +08:00
chn
91ba3d8ec2 openexr: fix build 2023-09-21 14:03:06 +08:00
chn
9fd8c2d7c6 system: impermanence: clear /home/chn/.cache 2023-09-21 00:10:52 +08:00
chn
11efee5bb3 packages: phonopy: update 2023-09-20 21:36:57 +08:00
chn
677e8111bf flake: default package do not build yoga 2023-09-20 16:52:45 +08:00
chn
d48beec819 system: networking: nebula: always restart 2023-09-20 16:51:46 +08:00
chn
6bf6eabaa3 meilisearch: allow to use 16G memory 2023-09-20 09:18:45 +08:00
chn
273fcbb7c5 packages: enable p10k instant prompt 2023-09-19 21:36:30 +08:00
chn
22aadba0da packages: add eigengdb 2023-09-19 19:47:42 +08:00
chn
5555396f5d vscode: add native debugger 2023-09-19 19:05:40 +08:00
chn
d935330515 lock: downgrade nix-vscode-extensions 2023-09-19 18:51:36 +08:00
chn
a215b50761 vscode: use stable version 2023-09-19 18:44:03 +08:00
chn
52fd57469e packages: update vscode 2023-09-19 18:36:49 +08:00
chn
b003a1be43 packages: add gdb 2023-09-19 16:52:49 +08:00
chn
4bd0b01d9b nixpkgs: currently do not use ccache 2023-09-19 14:29:33 +08:00
chn
c3901eeeb8 packages: add hdfview 2023-09-19 13:15:58 +08:00
chn
77c4a604e9 nixpkgs: enable ccache 2023-09-19 12:33:08 +08:00
chn
7c361dab09 chromium: enable ccache 2023-09-19 12:31:05 +08:00
chn
b9efd5eb70 update everything 2023-09-19 00:41:46 +08:00
chn
1a2d11cef8 nix-store: fix 2023-09-18 23:45:11 +08:00
chn
bfec0e24a0 nginx: externalIp allow multiple ips 2023-09-18 23:33:40 +08:00
chn
de9945635b pc: enable nginx transparent proxy 2023-09-18 23:29:41 +08:00
chn
915fcc348d vps7: enable fontconfig 2023-09-18 21:30:02 +08:00
chn
91475e40d3 security: disable u2f auth for backup key 2023-09-18 20:59:50 +08:00
chn
565b7dd6bc sshd: use key without fido2 pin 2023-09-18 20:46:49 +08:00
chn
5a2b46898d sshd: remove ca key support 2023-09-18 20:25:17 +08:00
chn
3850b9bc05 删除 docker huginn linger 
太难搞了,一年之内不再搞
 2023-09-18 20:02:33 +08:00
chn
fb8c3cf89d add docker 2023-09-18 19:21:04 +08:00
chn
df5be06957 users: enable linger 2023-09-18 19:08:04 +08:00
chn
894607b933 users: root: enable autoSubUidGidRange 2023-09-18 14:03:17 +08:00
chn
aec4d38497 清理,放弃使用 rootless docker 2023-09-18 14:02:05 +08:00
chn
2312a8398c temp 2023-09-18 06:47:49 +08:00
chn
2e4a542c06 system: set home-manager state version 2023-09-18 05:45:56 +08:00
chn
69c7177b73 users: minor fix 2023-09-18 05:40:04 +08:00
chn
981643af44 users: add linger option 2023-09-18 05:35:56 +08:00
chn
5f88cd5cf5 users: manually import sharedModules 2023-09-18 05:28:02 +08:00
chn
a519053c2a 整理 users 2023-09-18 05:16:38 +08:00
75 changed files with 2279 additions and 1283 deletions
Expand all files Collapse all files

118
flake.lock generated
View File

@@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1693886279,
"narHash": "sha256-oVCA5yz6zcsFzGCCwRpVDuDml7Z0sWQqW1fEWWcC0xM=",
"lastModified": 1696252780,
"narHash": "sha256-sQEjVzzstiaNLyiFJ19EMwwbDSSNDyQZIbPiLonlDCQ=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "8fc45fabbedef44a481c3bcabd9512732c0ade91",
"rev": "0c9d93bdb311f7948f9fb0e98d869316d78eec12",
"type": "github"
},
"original": {
@@ -30,11 +30,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1694158470,
"narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=",
"lastModified": 1695052866,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github"
},
"original": {
@@ -285,11 +285,11 @@
]
},
"locked": {
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"lastModified": 1696343447,
"narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
"type": "github"
},
"original": {
@@ -347,11 +347,11 @@
]
},
"locked": {
"lastModified": 1657226504,
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
@@ -449,11 +449,11 @@
"systems": "systems_6"
},
"locked": {
"lastModified": 1692799911,
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@@ -528,11 +528,11 @@
]
},
"locked": {
"lastModified": 1689397210,
"narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=",
"lastModified": 1695684520,
"narHash": "sha256-yORqGB0i1OtEf9MOCCT2BIbOd8txPZn216CM+ylMmhY=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce",
"rev": "91fae5824f5f1199f61693c6590b4a89abaed9d7",
"type": "github"
},
"original": {
@@ -548,27 +548,26 @@
]
},
"locked": {
"lastModified": 1693208669,
"narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
"lastModified": 1698128422,
"narHash": "sha256-Qf39ATHrj6wfeC+K6uwD/FnI7RKrdEiN3uWaciUi0rM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
"rev": "6045b68ee725167ed0487f0fb88123202ba61923",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1690797372,
"narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=",
"lastModified": 1694622745,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"type": "github"
},
"original": {
@@ -688,11 +687,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1693880502,
"narHash": "sha256-krCRVLNdlCI7l7F1Bb2ovkgac8hoz015LyYvm/+aYZw=",
"lastModified": 1695714965,
"narHash": "sha256-uukcDCyFOIMo5vJWJbLJk2phHZtJ1DE7YrypSV48gII=",
"owner": "thiagokokada",
"repo": "nix-alien",
"rev": "0fbd284930bcf1a5d1e3d07f2973e6f1738505cc",
"rev": "a948cf76e084f4ac770793c6ff9c57ad8b8c099f",
"type": "github"
},
"original": {
@@ -708,11 +707,11 @@
]
},
"locked": {
"lastModified": 1693711723,
"narHash": "sha256-5QmlVzskLciJ0QzYmZ6ULvKA7bP6pgV9wwrLBB0V3j0=",
"lastModified": 1696131323,
"narHash": "sha256-Y47r8Jo+9rs+XUWHcDPZtkQs6wFeZ24L4CQTfVwE+vY=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "aca56a79afb82208af2b39d8459dd29c10989135",
"rev": "031d4b22505fdea47bd53bfafad517cd03c26a4f",
"type": "github"
},
"original": {
@@ -730,16 +729,17 @@
]
},
"locked": {
"lastModified": 1694222210,
"narHash": "sha256-PzfwrGQMEpJk4lMK2a47bFbJpJFlAG/ihvZsL9U1Lik=",
"lastModified": 1693358717,
"narHash": "sha256-OYGe2Yay1QoodZZmvPYBFGAoTrRfyKLzFs2vON4gRek=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "5a63908466573a4a1c0466e38f33c42c73ec5136",
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
"type": "github"
}
},
@@ -751,11 +751,11 @@
]
},
"locked": {
"lastModified": 1693052712,
"narHash": "sha256-7wrP6s4OEuR7BUasy76n7j+c09rp7wyOq7YVYviXw9s=",
"lastModified": 1695137077,
"narHash": "sha256-wJ8EpYjsqrR4GFAF67wJKmZd4q86KuODWAag4acQL5Q=",
"owner": "nix-community",
"repo": "nixd",
"rev": "f88accc8a8231efdae900ff6a14cb6301a73cff9",
"rev": "e8f144ca50fe71e74d247e5308ae7ce122f0a0e6",
"type": "github"
},
"original": {
@@ -794,11 +794,11 @@
]
},
"locked": {
"lastModified": 1694192131,
"narHash": "sha256-nt5ypVXKh65lQFqKqWgytEzI841yUhpl6E291Briu+g=",
"lastModified": 1696478570,
"narHash": "sha256-Zqktub0f4M8K0jDHFYaTwsGUddkH3UqHU0NNfGJmIKY=",
"owner": "nixpak",
"repo": "nixpak",
"rev": "16bd2860238c53bb7a31f745693d7d3c33a1490c",
"rev": "271e01d3912c5c622ca7fa99d63d790bea980de0",
"type": "github"
},
"original": {
@@ -893,11 +893,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1694398355,
"narHash": "sha256-pUthVGI70SDT4M7FDihBuu4PDOmfySaUSjfY/QI6Y3Y=",
"lastModified": 1697904207,
"narHash": "sha256-XnPRcBBIYiF7u7kStqgFQcfdEyNlUuS9/hcH0Yb5h0s=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "4944d71d43387083e6b7c7530caf3b1902c5eb27",
"rev": "cad11601e9b0f3191778d4a7bfd39622ea033f0b",
"type": "github"
},
"original": {
@@ -941,27 +941,27 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1694855183,
"narHash": "sha256-WhYl7OMx0+QBzavtLQwghN1cZGmqfeWsZpmk9zJLkjs=",
"lastModified": 1697904207,
"narHash": "sha256-XnPRcBBIYiF7u7kStqgFQcfdEyNlUuS9/hcH0Yb5h0s=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "2c861d560da5e65325d06cd9a106a59a4c70bdb8",
"rev": "cad11601e9b0f3191778d4a7bfd39622ea033f0b",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"ref": "nixos-23.05",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1694237951,
"narHash": "sha256-6gql7EJIWwn3mUvG/RHf1iGUA3Ptfmalz9WdgX3noSY=",
"lastModified": 1696506445,
"narHash": "sha256-ozu7YxmHsvxSyQazVlkajF8A8U7TaXz3asCL5hFxgNk=",
"owner": "nix-community",
"repo": "NUR",
"rev": "19674a713837dcfbef704a16815a4bbc462cd57a",
"rev": "0178289e0bd913fe9847605b01d6e15b7d076f6e",
"type": "github"
},
"original": {
@@ -980,11 +980,11 @@
"nvfetcher": "nvfetcher"
},
"locked": {
"lastModified": 1694239804,
"narHash": "sha256-C5ERSMRp8kQEqyKS2yggXSqaKZUgnNyQD+zjy6iqXm0=",
"lastModified": 1696487499,
"narHash": "sha256-wvrBwhLpdF+oK5v3Lzgb1Yhz3vT1DHzIL3HKST/tCwU=",
"owner": "xddxdd",
"repo": "nur-packages",
"rev": "ce48d1df62cab988a5e8eefdf97bec8bdc46392f",
"rev": "9e53a952689cacfd88987c55466450e3076ced05",
"type": "github"
},
"original": {
@@ -1065,11 +1065,11 @@
]
},
"locked": {
"lastModified": 1693829707,
"narHash": "sha256-nBFIF+a1aqDIzmi+1Hue3zVXI4V4tK5R4aW2lyNXIXs=",
"lastModified": 1696260682,
"narHash": "sha256-iccjl57qw6aEe9nsCYFbF2bl7NEI/3Y4cn1U+QYvrFk=",
"owner": "Nix-QChem",
"repo": "NixOS-QChem",
"rev": "ac7ffea07370d0df2c2b934ea582f0cc8acd0ae1",
"rev": "7324cb54b7687718ed7b05581998f105fe2fd3e3",
"type": "github"
},
"original": {
@@ -1113,11 +1113,11 @@
]
},
"locked": {
"lastModified": 1693898833,
"narHash": "sha256-OIrMAGNYNeLs6IvBynxcXub7aSW3GEUvWNsb7zx6zuU=",
"lastModified": 1696320910,
"narHash": "sha256-fbuEc6wylH+0VxG48lhPBK+SQJHfo2lusUwWHZNipIM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "faf21ac162173c2deb54e5fdeed002a9bd6e8623",
"rev": "746c7fa1a64c1671a4bf287737c27fdc7101c4c2",
"type": "github"
},
"original": {

124
flake.nix
View File

@@ -3,9 +3,9 @@
inputs =
{
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
{
url = "github:Mic92/sops-nix";
@@ -17,7 +17,11 @@
nur.url = "github:nix-community/NUR";
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions =
{
url = "github:nix-community/nix-vscode-extensions?rev=50c4bce16b93e7ca8565d51fafabc05e9f0515da";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -123,11 +127,7 @@
};
nixpkgs = { march = "alderlake"; cudaSupport = true; };
gui = { enable = true; preferred = true; };
kernel =
{
patches = [ "cjktty" "preempt" ];
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking =
{ hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
@@ -194,6 +194,7 @@
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
@@ -208,9 +209,14 @@
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
nginx = { enable = true; transparentProxy.enable = false; };
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
nginx =
{
enable = true;
transparentProxy.externalIp = [ "192.168.82.3" ];
applications.misskey.instances."xn--qbtm095lrg0bfka60z.chn.moe" = {};
};
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
};
bugs =
[
@@ -269,7 +275,7 @@
enable = true;
transparentProxy =
{
externalIp = "74.211.99.69";
externalIp = [ "74.211.99.69" "192.168.82.1" ];
map =
{
"ng01.mirism.one" = 7411;
@@ -281,20 +287,29 @@
enable = true;
map =
{
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe"; rewriteHttps = true; };
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe:443"; rewriteHttps = true; };
"anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; rewriteHttps = true; };
};
};
};
misskey-proxy =
{
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
applications =
{
misskey.instances =
{
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
"misskey.chn.moe".upstream = "internal.vps7.chn.moe:9727";
};
synapse.instances."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
vaultwarden = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
element.instances."element.chn.moe" = {};
photoprism.instances."photoprism.chn.moe".upstream.address = "internal.vps7.chn.moe";
nextcloud.proxy = { enable = true; upstream = "internal.vps7.chn.moe"; };
};
};
coturn.enable = true;
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
vaultwarden-proxy = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 16; }; };
};
};})
];
@@ -344,17 +359,38 @@
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
sshd.enable = true;
rsshub.enable = true;
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
nginx =
{
enable = true;
transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ];
applications =
{
misskey.instances =
{
"xn--s8w913fdga.chn.moe" = {};
"misskey.chn.moe".upstream.port = 9727;
};
synapse.instances."synapse.chn.moe" = {};
vaultwarden.enable = true;
photoprism.instances."photoprism.chn.moe" = {};
nextcloud.instance.enable = true;
};
};
wallabag.enable = true;
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
misskey.instances =
{
misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
};
synapse.enable = true;
synapse-proxy."synapse.chn.moe" = {};
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
vaultwarden.enable = true;
vaultwarden-proxy.enable = true;
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
photoprism.enable = true;
nextcloud.enable = true;
};
};})
];
@@ -382,14 +418,25 @@
};
};
};
decrypt.auto =
decrypt.manual =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
enable = true;
devices =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
@@ -431,8 +478,17 @@
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
smartd.enable = true;
beesd =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 2048; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
};
};
users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
};})
];
"xmupc1" =
@@ -597,6 +653,7 @@
joystick.enable = true;
printer.enable = true;
sound.enable = true;
halo-keyboard.enable = true;
};
packages.packageSet = "desktop";
virtualization.docker.enable = true;
@@ -613,8 +670,8 @@
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
smartd.enable = true;
};
bugs = [ "xmunet" "firmware-unstable" ];
};})
];
}));
@@ -653,7 +710,10 @@
inputs.self.nixosConfigurations.${node};
};
})
[ "vps6" "vps7" "nas" ]);
[ "vps6" "vps7" "nas" "yoga" ]);
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
overlays.default = final: prev:
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); };
};
}

17
local/pkgs/biu/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{
stdenv, fetchFromGitHub, cmake, pkg-config, ninja,
fmt, boost, magic-enum, libbacktrace, concurrencpp, tgbot-cpp, nameof, eigen, range-v3
}: stdenv.mkDerivation rec
{
name = "libbiu";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "biu";
rev = "8ed2e52968f98d3a6ddbd01e86e57604ba3a7f54";
sha256 = "OqQ+QkjjIbpve/xn/DJA7ONw/bBg5zGNr+VJjc3o+K8=";
};
nativeBuildInputs = [ cmake pkg-config ninja ];
buildInputs = [ fmt boost magic-enum libbacktrace concurrencpp tgbot-cpp nameof eigen range-v3 ];
propagatedBuildInputs = buildInputs;
}

18
local/pkgs/chromiumos-touch-keyboard/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ lib, stdenv, fetchFromGitHub, fetchurl, cmake }: stdenv.mkDerivation rec
{
pname = "chromiumos-touch-keyboard";
version = "1.4.1";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "chromiumos_touch_keyboard";
rev = "32b72240ccac751a1b983152f65aa5b19503ffcf";
sha256 = "eFesDSBS2VzTOVfepgXYGynWvkrCSdCV9C/gcG/Ocbg=";
};
cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-Wno-error=stringop-truncation" ];
nativeBuildInputs = [ cmake ];
postInstall =
''
cp $out/etc/touch_keyboard/layouts/YB1-X9x-pc105.csv $out/etc/touch_keyboard/layout.csv
'';
}

5
local/pkgs/concurrencpp/default.nix
View File

@@ -10,9 +10,4 @@
sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
};
nativeBuildInputs = [ cmake ];
postInstall =
''
mv $out/include/concurrencpp-${version}/concurrencpp $out/include
rm -rf $out/include/concurrencpp-${version}
'';
}

16
local/pkgs/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs }: with pkgs;
{ lib, pkgs }: with pkgs; rec
{
typora = callPackage ./typora {};
upho = python3Packages.callPackage ./upho {};
@@ -7,7 +7,7 @@
oneapi = callPackage ./oneapi {};
send = callPackage ./send {};
rsshub = callPackage ./rsshub {};
misskey = callPackage ./misskey {};
misskey = callPackage ./misskey { vips = unstablePackages.vips; };
mk-meili-mgn = callPackage ./mk-meili-mgn {};
phonon-unfolding = callPackage ./phonon-unfolding {};
# vasp = callPackage ./vasp
@@ -26,4 +26,16 @@
huginn = callPackage ./huginn {};
v_sim = callPackage ./v_sim {};
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
eigengdb = python3Packages.callPackage ./eigengdb {};
nodesoup = callPackage ./nodesoup {};
matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup glad; };
zpp-bits = callPackage ./zpp-bits {};
eigen = callPackage ./eigen {};
nameof = callPackage ./nameof {};
pslist = callPackage ./pslist {};
glad = callPackage ./glad {};
chromiumos-touch-keyboard = callPackage ./chromiumos-touch-keyboard {};
yoga-support = callPackage ./yoga-support {};
tgbot-cpp = callPackage ./tgbot-cpp {};
biu = callPackage ./biu { inherit concurrencpp tgbot-cpp nameof; stdenv = gcc13Stdenv; };
}

12
local/pkgs/eigen/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, stdenv, fetchFromGitLab, cmake }: stdenv.mkDerivation rec
{
name = "eigen";
src = fetchFromGitLab
{
owner = "libeigen";
repo = name;
rev = "6d829e766ff1b1ab867d93631163cbc63ed5798f";
sha256 = "BXUnizcRPrOyiPpoyYJ4VVOjlG49aj80mgzPKmEYPKU=";
};
nativeBuildInputs = [ cmake ];
}

15
local/pkgs/eigengdb/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
{
name = "eigengdb";
src = fetchFromGitHub
{
owner = "dmillard";
repo = "eigengdb";
rev = "c741edef3f07f33429056eff48d79a62733ed494";
sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
};
doCheck = false;
buildInputs = [ gdb ];
nativeBuildInputs = [ gdb ];
propagatedBuildInputs = [ numpy ];
}

14
local/pkgs/glad/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ lib, stdenv, fetchFromGitHub, cmake, python3 }: stdenv.mkDerivation rec
{
pname = "glad";
version = "0.1.36";
src = fetchFromGitHub
{
owner = "Dav1dde";
repo = "glad";
rev = "v${version}";
sha256 = "FtkPz0xchwmqE+QgS+nSJVYaAfJSTUmZsObV/IPypVQ=";
};
cmakeFlags = [ "-DGLAD_REPRODUCIBLE=ON" "-DGLAD_INSTALL=ON" ];
nativeBuildInputs = [ cmake python3 ];
}

25
local/pkgs/matplotplusplus/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
stdenv, fetchFromGitHub, cmake, pkg-config, substituteAll,
gnuplot, libjpeg, libtiff, zlib, libpng, lapack, blas, fftw, opencv, nodesoup, cimg, glfw, libGL, python3, glad
}: stdenv.mkDerivation
{
pname = "matplotplusplus";
version = "1.2.0";
src = fetchFromGitHub
{
owner = "alandefreitas";
repo = "matplotplusplus";
rev = "a40344efa9dc5ea0c312e6e9ef4eb7238d98dc12";
sha256 = "6/dH/Rl2aAb8b+Ji5LwzkC+GWPOCBnYCrjy0qk8u/+I=";
};
cmakeFlags =
[
"-DBUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_EXAMPLES=OFF"
"-DMATPLOTPP_WITH_SYSTEM_NODESOUP=ON" "-DMATPLOTPP_WITH_SYSTEM_CIMG=ON"
"-DMATPLOTPP_BUILD_EXPERIMENTAL_OPENGL_BACKEND=ON" "-DGLAD_REPRODUCIBLE=ON"
];
buildInputs = [ gnuplot libjpeg libtiff zlib libpng lapack blas fftw opencv nodesoup cimg glfw libGL glad ];
nativeBuildInputs = [ cmake pkg-config python3 ];
propagatedBuildInputs = [ libGL glad glfw ];
propagatedNativeBuildInputs = [ python3 ];
}

70
local/pkgs/misskey/default.nix
View File

@@ -1,16 +1,16 @@
{
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs_20, writeShellScript, buildFHSEnv,
lib, stdenv, mkPnpmPackage, fetchFromGitHub, fetchurl, nodejs_20, writeShellScript, buildFHSEnv,
bash, cypress, vips, pkg-config
}:
let
pname = "misskey";
version = "13.14.2";
version = "2023.10.2";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "misskey";
rev = "e02ecb3819f6f05352d43b64ae59fa1bd683e2e0";
hash = "sha256-zsYM67LYUn+bI6kbdW9blftxw5TUxCdzlfaOOEgZz+Q=";
rev = "3f813d9808ebc1774457e02add8fe9c7a6937ff7";
sha256 = "63ZIil28jcMiL+c9FMj7m1OeCrLwsQZNHib+j8ar66s=";
fetchSubmodules = true;
};
originalPnpmPackage = mkPnpmPackage
@@ -26,14 +26,66 @@ let
export NODE_ENV=production
pnpm run migrateandstart
'';
re2 = stdenv.mkDerivation rec
{
pname = "re2";
version = "1.20.3";
srcs =
[
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-115.br";
sha256 = "0g2k0bki0zm0vaqpz25ww119qcs1flv63h6s5ib3103arpnzmb6d";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-115.gz";
sha256 = "1dr9zzzm67jknzvla1l5178lzmj6cfh8i1vsp5r4gkwdwbfh3ip0";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-108.br";
sha256 = "0wby987byhshb20np1gglj6y9ji7m7jza5jwa4hyxfxs1pkkmg1n";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-108.gz";
sha256 = "0q3dyxm63d2x0wxx23gdwym7r2gmaw4ahvmd35dgrj179ik290pi";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-93.br";
sha256 = "1wjmdni24353ppwfiyrv1zl9ci4g2habk0g2nz6b0sijagcy7bv3";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-93.gz";
sha256 = "0rgkryjh412g2m7rfrl2krsb9137prkk2y9ga8akn7qp1bqsbq1i";
})
];
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/${version}
for i in $srcs
do
cp $i $out/${version}/''${i#*-}
done
'';
};
in
stdenv.mkDerivation
stdenv.mkDerivation rec
{
inherit version src pname;
nativeBuildInputs =
[ bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config ];
buildInputs =
[
bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config
];
nativeBuildInputs = buildInputs;
CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
NODE_ENV = "production";
RE2_DOWNLOAD_MIRROR = "${re2}";
RE2_DOWNLOAD_SKIP_PATH = "true";
configurePhase =
''
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
@@ -67,4 +119,8 @@ in
mkdir -p $out/files
runHook postInstall
'';
passthru =
{
inherit originalPnpmPackage startScript re2;
};
}

20
local/pkgs/nameof/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
{
pname = "nameof";
version = "0.10.3";
src = fetchFromGitHub
{
owner = "Neargye";
repo = pname;
rev = "v${version}";
sha256 = "eHG0Y/BQGbwTrBHjq9SeSiIXaVqWp7PxIq7vCIECYPk=";
};
phases = [ "installPhase" ];
installPhase =
''
runHook preInstall
mkdir -p $out
cp -r $src/include $out
runHook postInstall
'';
}

13
local/pkgs/nodesoup/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ stdenv, fetchFromGitHub, cmake, pkg-config, cairo, pcre2, xorg }: stdenv.mkDerivation rec
{
name = "nodesoup";
src = fetchFromGitHub
{
owner = "olvb";
repo = "nodesoup";
rev = "3158ad082bb0cd1abee75418b12b35522dbca74f";
sha256 = "tFLq6QC3U3uvcuWsdRy2wnwcmAfH2MkI2oMcAiUBHSo=";
};
buildInputs = [ cairo pcre2.dev xorg.libXdmcp.dev ];
nativeBuildInputs = [ cmake pkg-config ];
}

27
local/pkgs/pslist/default.nix Normal file
View File

@@ -0,0 +1,27 @@
# http://launchpadlibrarian.net/632309499/pslist_1.4.0-4_all.deb
# https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz
{ lib, stdenv, fetchzip, perl, procps }: stdenv.mkDerivation
{
pname = "pslist";
version = "1.4.0";
src = fetchzip
{
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz";
sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
};
buildInstall = [ perl procps ];
installPhase =
''
mkdir -p $out/bin
cp $src/pslist $out/bin
ln -s pslist $out/bin/rkill
ln -s pslist $out/bin/rrenice
mkdir -p $out/share/man/man1
cp $src/pslist.1 $out/share/man/man1
ln -s pslist.1 $out/share/man/man1/rkill.1
ln -s pslist.1 $out/share/man/man1/rrenice.1
sed -i 's|/usr/bin/perl|${perl}/bin/perl|' $out/bin/pslist
sed -i 's|/bin/ps|${procps}/bin/ps|' $out/bin/pslist
'';
}

17
local/pkgs/rsshub/default.nix
View File

@@ -3,21 +3,20 @@
chromium, bash
}:
let
pname = "rsshub";
version = "20230829";
name = "rsshub";
src = fetchFromGitHub
{
owner = "DIYgod";
repo = "RSSHub";
rev = "afcf9774260dc6505263cf0428970e890f2f7b1d";
hash = "sha256-BQFE0Z5DsFTf0tylQ0NN89hCdXT/Y2M+YPa/10ccOVg=";
rev = "67d4a7ed3f877a8ceac6caebe874c4ce5c210bd8";
sha256 = "baJQWGrr1RdZoI2uAGp2uJO9epbjAUjks76knJSwVdE=";
};
originalPnpmPackage = mkPnpmPackage { inherit pname version src nodejs; };
originalPnpmPackage = mkPnpmPackage { inherit name src nodejs; };
nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
rsshub-unwrapped = stdenv.mkDerivation
{
inherit version src;
pname = "${pname}-unwrapped";
inherit src;
name = "${name}-unwrapped";
configurePhase =
''
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
@@ -44,9 +43,9 @@ let
export CHROMIUM_EXECUTABLE_PATH=chromium
pnpm start
'';
in stdenv.mkDerivation rec
in stdenv.mkDerivation
{
inherit pname version;
inherit name;
phases = [ "installPhase" ];
installPhase =
''

15
local/pkgs/tgbot-cpp/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ stdenv, fetchFromGitHub, cmake, pkg-config, boost, openssl, zlib, curl }: stdenv.mkDerivation rec
{
pname = "tgbot-cpp";
version = "1.7.2";
src = fetchFromGitHub
{
owner = "reo7sp";
repo = "tgbot-cpp";
rev = "v${version}";
sha256 = "TKirSxEUqFB1WtzNEfU4EJK3p7V5xcFIvA2+QVX7TlA=";
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ boost openssl zlib curl.dev ];
propagatedBuildInputs = buildInputs;
}

24
local/pkgs/yoga-support/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{ lib, stdenv, fetchFromGitHub, python3 }:
let
python = python3.withPackages (ps: with ps; [ evdev pyudev ]);
in stdenv.mkDerivation
{
name = "yogabook-support";
src = fetchFromGitHub
{
owner = "jekhor";
repo = "yogabook-support";
rev = "8ecf7861e469ba4094115fff0e81d537135e3f22";
sha256 = "4UtiQooCaeUDHc9YE9EQRJ2MNKvOqqCv85k0YyI2BO4=";
};
buildInputs = [ python ];
installPhase =
''
mkdir -p $out/bin
cp pen-key-handler yogabook-modes-handler $out/bin
mkdir -p $out/lib/udev/rules.d
cp 61-sensor-yogabook.rules $out/lib/udev/rules.d
mkdir -p $out/lib/udev/hwdb.d
cp 61-sensor-yogabook.hwdb $out/lib/udev/hwdb.d
'';
}

18
local/pkgs/zpp-bits/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
{
pname = "zpp-bits";
version = "4.4.19";
src = fetchFromGitHub
{
owner = "eyalz800";
repo = "zpp_bits";
rev = "v${version}";
sha256 = "ejIwrvCFALuBQbQhTfzjBb11oMR/akKnboB60GWbjlQ=";
};
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/include
cp $src/zpp_bits.h $out/include
'';
}

9
modules/bugs/default.nix
View File

@@ -46,10 +46,8 @@ inputs:
wantedBy = [ "multi-user.target" ];
};
# xmunet use old encryption
xmunet.nixpkgs.config.packageOverrides = pkgs:
{
wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];});
};
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
suspend-hibernate-waydroid.systemd.services =
let
systemctl = "${inputs.pkgs.systemd}/bin/systemctl";
@@ -75,6 +73,9 @@ inputs:
firefox.programs.firefox.enable = inputs.lib.mkForce false;
embree.nixpkgs.overlays =
[(final: prev: { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })];
nvme.boot.kernelParams = [ "nvme_core.default_ps_max_latency_us=0" "iommu=soft" "pcie_aspm=off" ];
firmware-unstable.nixpkgs.overlays =
[ (final: prev: { linux-firmware = final.unstablePackages.linux-firmware; }) ];
};
in
{

1
modules/default.nix
View File

@@ -21,6 +21,7 @@ inputs:
topInputs.napalm.overlays.default
topInputs.pnpm2nix-nzbr.overlays.default
topInputs.lmix.overlays.default
(final: prev: topInputs.aagl.overlays.default {} final.unstablePackages)
(import "${topInputs.dguibert-nur-packages}/overlays/nvhpc-overlay")
(final: prev:
{

47
modules/hardware/default.nix
View File

@@ -15,6 +15,7 @@ inputs:
busId = mkOption { type = types.attrsOf types.str; default = {}; };
};
gamemode.drmDevice = mkOption { type = types.int; default = 0; };
halo-keyboard.enable = mkOption { type = types.bool; default = false; };
};
config =
let
@@ -142,5 +143,51 @@ inputs:
}
)
{ programs.gamemode.settings.gpu.gpu_device = "${toString hardware.gamemode.drmDevice}"; }
# halo-keyboard
(mkIf hardware.halo-keyboard.enable
(
let
keyboard = inputs.pkgs.localPackages.chromiumos-touch-keyboard;
support = inputs.pkgs.localPackages.yoga-support;
in
{
services.udev.packages = [ keyboard support ];
systemd.services =
{
touch-keyboard-handler.serviceConfig =
{
Type = "simple";
WorkingDirectory = "/etc/touch_keyboard";
# ExecStartPre = let sh = "${inputs.pkgs.bash}/bin/sh"; in
# [
# ''-${sh} -c "echo 0 > /sys/class/pwm/pwmchip1/export"''
# ''${sh} -c "echo 0 > /sys/class/pwm/pwmchip1/pwm0/enable"''
# ''${sh} -c "echo 1 > /sys/class/pwm/pwmchip1/pwm0/enable"''
# ];
ExecStart = "${keyboard}/bin/touch_keyboard_handler";
};
yogabook-modes-handler =
{
wantedBy = [ "default.target" ];
serviceConfig =
{
Type = "simple";
ExecStart = "${support}/bin/yogabook-modes-handler";
StandardOutput = "journal";
};
};
monitor-sensor =
{
wantedBy = [ "default.target" ];
serviceConfig =
{
Type = "simple";
ExecStart = "${inputs.pkgs.iio-sensor-proxy}/bin/monitor-sensor --hinge";
};
};
};
environment.etc."touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
}
))
];
}

972
modules/packages/default.nix
View File

File diff suppressed because it is too large Load Diff

2
modules/packages/p10k-config/p10k.zsh
View File

@@ -1686,7 +1686,7 @@
# - verbose: Enable instant prompt and print a warning when detecting console output during
# zsh initialization. Choose this if you've never tried instant prompt, haven't
# seen the warning, or if you are unsure what this all means.
typeset -g POWERLEVEL9K_INSTANT_PROMPT=verbose
typeset -g POWERLEVEL9K_INSTANT_PROMPT=quiet
# Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized.
# For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload

1
modules/packages/ssh/github_ecdsa.pub Normal file
View File

@@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

1
modules/packages/ssh/github_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

1
modules/packages/ssh/hpc_ecdsa.pub Normal file
View File

@@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDkkl7A9kWWBoi4b5g6Vus70ja1KhPfcZZjeU1/QbYdN8PRRw/hsGklrhefslKRbym/TMFS0ko0g5WUi9G5vbGw=

1
modules/packages/ssh/hpc_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgs8MvV2nczjGMZ548tuAhgvCEd4uHu0VhLDSwQG7Nh/UR4Pgc5T9Nf7Vfwg96Lah/pwD5my4RaWis6bLMmlkYyDBKFBOsGYQUe5J5XfZdxk8pz+7L0Hq6gPfAZAdNlUiuFVKsvkE+NF42NgJyXSYQicPbu5LQiFwZGXlW20+LO8uBQ1y1xabKVpg8XGwordduL99VepwEzeLK/st+UVfW+mKgxkf9TuxvD2fuYIDZM7y2rXqcjf4/6OXA5kACsYK1MgZSFxgO/m6+1uCC1qBDseMTA3D+Tsjf9VtcqUE9dMd/dJ/uuILHJ0+oIqkykTCecPLgJY3Vh8rAtln/lbId

1
modules/packages/ssh/nas_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0+xafJMnOGCHv6OLljaq8iJ3ZBaIezv7AJ9rVWJXFg/QJRYBwct35c4zaVom7If8F+Ss+BTLMp33HZ8gLpoat6LkjARjy65Ycog3NOnEposX2JjZEYXDbovxEmcJkDXAIVmnaBUi3r22z4UI8OqsHPeRXj017O0yQrQQYEAw/IO/tSNQZt2k8JHxAX50UTqGFdgkriO1fYHBocq48m0nn3sXrMuM3yBe5zy3NngOHxMn7UxjECmAElsuu/nu1x083pRnv5NSa+JxDGJ+S6Zhj3nGGNwZesa51I4cJjsYLxgmO/NxL1J86bDp6HhK9C9799ruG60pGTw6HcvbKTgx7klUgn4936wsy7qukWqp53MvqrLSJkRb/HHU9zZqvzcjbwet+Iv1OAAok5QC88j7Jgenk3nbZw4BNFd2r/8rOZuXheDnMKOa61dXxnvoAO3Euk0RPdZqW1slT/DDyD/kB6TPY7yOywNURNnrwzfSsmravKi6bGA5t2Ehhpf2LETM=

1
modules/packages/ssh/pc_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyU7VvusseL2tDp7JkIXKGxRGQNHpYWVAPraUj17Xls7Z9e7HO6+GBiGP+bB9tZbzsoTNGHdXg8VaJmf98QAhhg0FcUb6IvWmfmPWzQ0MC8L+USqdDpaH7s9SOZF/yveNYCR5GOMmFdSW4OPVYIOrjPltDIe5S1SN2nOXvjxbLmuoMjg+5U4F0ii0ZaCRuMVDskeift+Amxe7iRnSzeDbECd0rJhaUb8gf3shz0Hp9lRUMej7cJH8LLP3m0s3Vk+kasKntz18MpJ6/3n+fR2aK75qkcq9FZaFA4tSIabh9eKoxlRCy7g8Qj6nNStW+ys/a1UYBFgAoTyE7e47o3dpcxR5oMLbeDwhOstWL0YOjEH1K5Wyj3eEOT71C6kuQBPcCJQ9q9hknRpW0mWe9Q6qaAzTgE9LLssijr/yTfYQk7zKEyo0i4f6buOfmyYZfnzfnCB3LiJKa98TVEEzrKYHIO44LwIkNf/YHOMDknzjYpav6HfDy+AebRHZFYhGax1YP/tP0Ve/FSq5rh6Vwuqa/zyfFUPZmZVf+EYXK7DdyuBhEZhBEu6QrjY60NRMTMLpnUZMcZXRAz9byMpAGcCYQv6gjU99ps8AkRjZNkn+FpAtDGT+oJxixQwyZMSxZ+ZuzkZGyBMeMplZXMMLICGZ2LRAgT0bxXLZUxHJBLwwnw==

1
modules/packages/ssh/vps6_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYiP+ELuG5KTmafVjBkY0ZSggJg+mDkvZpF8d7NljMst0YwKWV3IgHnkAGXdTd7jlRgm9HH6oc8rP2R6Q8EJmfr+xcL1IQIWKuYAoddHlpe2Ds4EE74xbgm5Elf7FpdYNHUH9XyVmMmIhVSpLw2N10jUhvYqw+h+xC2nObEKZuBOt/lqrTGbC/EMv3+sDv0ApBh8lKt2yfjt88pnAj1LKPANDgIYSyQOllHQWeUY/eD/5Qc9XWR3uWclslVaxriRmEA0sNZlOFCeRIyDbYpSzQBdcnojkwt7Z5kjhaqGlT9g00fdiqO0OMaeY/G8ki3QxqjONqTEDqK+DpEZFO6jyZARcY6ki0ANc0AO4qosEC3gEbAvVwyPwDFtyDggMTHlTzaw8iakMGSDEk10zKaUOgZYLzC2yCWYYQS5mae9wC1gkXIGD51/laeq2E7NpM+nha6kp9weLVyvwf0DLfwsiP+0qlCLrxBLTSRa0HQ+BnQMi4r16Ss7YJwLf/oXrbOVk=

1
modules/packages/ssh/vps7_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFwb7qi9/DvhpMvu43LRlTEC+3kPAA0KNeyk4FT4HlpRE/yxMxN6tgrP9vcx2c6TMfkRwIJKDcBuVVtKOVx+SDZo+nQBxpSz73v1qSmqlsy8D4gCk0a7cLgStb3Cvh0UZjJ5nVnxjzqY2CFnpnKYGmxL+a3qTj1KYPuA2wSsxkYVcHUfDj/uTtEDdRPaNTACsUxe1a57T/Tsjp+321+zKldYreozaABEBsexf9Z34+3vZvyQcfDB3QuxlBRPJBLik80QllpNpE1bqol8swoGEPbl/Ac7tNy+GtlwTG9SH1povmoT9K+8tjJaG2pD+z+vvgZQtJQh+aczYmEBJRZp3ksw1JH4eGqTWG/SDat9Isnx2NDhJe12b9izniDciuBScNySAazIDPidsCMUYjc9kgWdSOiODOtodj5IB+KazFVJgfpmzPv97LHVdjvR74usrgbFw2mYCw2YEiL3xjDYpQGmXSNklsQLwJiBe59oyS4QNpNYQzYD9StjgRIdvtmiM=

50
modules/services/beesd.nix Normal file
View File

@@ -0,0 +1,50 @@
inputs:
{
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
instances = mkOption
{
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule { options =
{
device = mkOption { type = types.nonEmptyStr; };
hashTableSizeMB = mkOption { type = types.int; };
};})
]);
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services) beesd;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs;
inherit (inputs.localLib) attrsToList;
in mkIf beesd.enable
{
services.beesd.filesystems = listToAttrs (map
(instance:
{
inherit (instance) name;
value =
{
spec = instance.value.device or instance.value;
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
extraOptions = [ "--thread-count" "1" "--scan-mode" "3" ];
};
})
(attrsToList beesd.instances));
systemd.slices.system-beesd.sliceConfig =
{
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
};
};
}

53
modules/services/default.nix
View File

@@ -6,7 +6,7 @@ inputs:
./redis.nix
./rsshub.nix
./misskey.nix
./nginx.nix
./nginx
./meilisearch.nix
./xray.nix
./coturn.nix
@@ -19,15 +19,14 @@ inputs:
./sshd.nix
./vaultwarden.nix
./frp.nix
# ./docker.nix
./beesd.nix
./snapper.nix
./mariadb.nix
./photoprism.nix
./nextcloud.nix
];
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
snapper =
{
enable = mkOption { type = types.bool; default = false; };
configs = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
kmscon.enable = mkOption { type = types.bool; default = false; };
fontconfig.enable = mkOption { type = types.bool; default = false; };
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
@@ -48,38 +47,6 @@ inputs:
inherit (builtins) map listToAttrs toString;
in mkMerge
[
(
mkIf services.snapper.enable
{
services.snapper.configs =
let
f = (config:
{
inherit (config) name;
value =
{
SUBVOLUME = config.value;
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800;
TIMELINE_LIMIT_HOURLY = "10";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "1";
TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
};
});
in
listToAttrs (map f (attrsToList services.snapper.configs));
nixpkgs.config.packageOverrides = pkgs:
{
snapper = pkgs.snapper.overrideAttrs (attrs:
{
patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./snapper.patch ];
});
};
}
)
(
mkIf services.kmscon.enable
{
@@ -119,8 +86,8 @@ inputs:
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
};
sops.secrets."store/signingKey" = {};
nixos.services.nginx.httpProxy.${services.nix-serve.hostname} =
{ rewriteHttps = true; locations."/".upstream = "http://127.0.0.1:5000"; };
nixos.services.nginx.http.${services.nix-serve.hostname} =
{ rewriteHttps = true; locations."/".proxy.upstream = "http://127.0.0.1:5000"; };
}
)
(mkIf services.smartd.enable { services.smartd.enable = true; })
@@ -205,10 +172,10 @@ inputs:
nginx =
{
enable = true;
httpProxy."wallabag.chn.moe" =
http."wallabag.chn.moe" =
{
rewriteHttps = true;
locations."/" = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
locations."/".proxy = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
};
};
postgresql.enable = true;

103
modules/services/docker.nix
View File

@@ -1,103 +0,0 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in
{
type = types.attrsOf (types.submodule (inputs: { options =
{
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
image = mkOption { type = types.package; };
imageName =
mkOption { type = types.nonEmptyStr; default = with inputs.image; (imageName + ":" + imageTag); };
ports = mkOption
{
type = types.listOf (types.oneOf
[
types.ints.unsigned
types.submodule (inputs: { options =
{
hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
hostPort = mkOption { type = types.ints.unsigned; };
containerPort = mkOption { type = types.ints.unsigned; };
protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
};})
]);
default = [];
};
environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
};}));
default = {};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (builtins) listToAttrs map concatLists;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) docker;
in mkMerge
[
{
virtualisation.oci-containers.containers = listToAttrs (map
(container:
{
name = "${container.name}";
value =
{
image = container.value.imageName;
imageFile = container.value.image;
ports = map
(port:
(
if builtins.typeOf port == "int" then "127.0.0.1::${toString port}"
else ("${port.value.hostIp}:${toString port.value.hostPort}"
+ ":${toString port.value.containerPort}/${port.value.protocol}")
))
container.value.ports;
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles =
if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
then [ inputs.config.sops.templates."${container.name}/env".path ]
else if builtins.typeOf container.value.environmentFile == "bool" then []
else [ container.value.environmentFile ];
};
})
(attrsToList docker));
systemd.services = listToAttrs (concatLists (map
(container:
[
{
name = "docker-${container.value.user}-daemon";
value =
{
wantedBy = [ "multi-user.target" ];
inherit (inputs.systemd.user.services.docker) description path;
serviceConfig = inputs.systemd.user.services.docker.serviceConfig //
{
User = container.value.user;
Group = container.value.user;
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
ExecStart = inputs.systemd.user.services.docker.serviceConfig.ExecStart
+ " -H unix:///var/run/docker-rootless/${container.value.user}.sock";
};
unitConfig = { inherit (inputs.systemd.user.services.docker.unitConfig) StartLimitInterval; };
};
}
{
name = "docker-${container.name}";
value =
{
requires = [ "docker-${container.value.user}-daemon.service" ];
after = [ "docker-${container.value.user}-daemon.service" ];
environment.DOCKER_HOST = "unix:///var/run/docker-rootless/${container.value.user}.sock";
serviceConfig = { User = container.value.user; Group = container.value.user; };
};
}
])
(attrsToList docker)));
}
(mkIf (docker != {})
{
systemd.tmpfiles.rules = [ "d /var/run/docker-rootless 0777" ];
nixos.virtualization.docker.enable = true;
})
];
}

7
modules/services/groupshare.nix
View File

@@ -30,7 +30,12 @@ inputs:
(mountPoint:
{
name = mountPoint;
value = { device = "/var/lib/groupshare"; options = [ "bind" ]; depends = [ "/home" "/var/lib" ]; };
value =
{
device = "/var/lib/groupshare";
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
depends = [ "/home" "/var/lib" ];
};
})
groupshare.mountPoints);
};

23
modules/services/huginn.nix
View File

@@ -1,23 +0,0 @@
inputs:
{
options.nixos.services.huginn.enable = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
config = inputs.lib.mkIf inputs.config.nixos.services.huginn.enable
{
nixos.services =
{
docker.huginn =
{
image = inputs.pkgs.dockerTools.pullImage
{
imageName = "huginn/huginn";
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
sha256 = "0ls97k8ic7w5j54jlpwh8rrvj1y4pl4106j9pyap105r6p7dziiz";
finalImageName = "huginn/huginn";
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
};
ports = [ 3000 ];
environmentFile = true;
};
};
};
}

62
modules/services/mariadb.nix Normal file
View File

@@ -0,0 +1,62 @@
inputs:
{
options.nixos.services.mariadb = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
instances = mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};}));
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services) mariadb;
inherit (inputs.lib) mkAfter mkIf;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs concatStringsSep filter;
in mkIf mariadb.enable
{
services =
{
mysql =
{
enable = true;
package = inputs.pkgs.mariadb;
ensureDatabases = map (db: db.value.database) (attrsToList mariadb.instances);
ensureUsers = map
(db:
{
name = db.value.user;
ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES";
})
(attrsToList mariadb.instances);
};
mysqlBackup =
{
enable = true;
databases = map (db: db.value.database) (attrsToList mariadb.instances);
};
};
systemd.services.mysql.postStart = mkAfter (concatStringsSep "\n" (map
(db:
let
passwordFile =
if db.value.passwordFile or null != null then db.value.passwordFile
else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
mysql = "${inputs.config.services.mysql.package}/bin/mysql";
in
# set user password
''echo "ALTER USER '${db.value.user}'@'localhost' IDENTIFIED VIA unix_socket OR mysql_native_password ''
+ ''USING PASSWORD('$(cat ${passwordFile})');" | ${mysql} -N'')
(attrsToList mariadb.instances)));
sops.secrets = listToAttrs (map
(db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
(filter (db: db.value.passwordFile == null) (attrsToList mariadb.instances)));
};
}

15
modules/services/meilisearch.nix
View File

@@ -11,6 +11,7 @@ inputs:
};}));
default = {};
};
ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
config =
let
@@ -60,7 +61,15 @@ inputs:
IOWeight = 1;
Nice = 19;
Slice = "-.slice";
};
}
// (if meilisearch.ioLimitDevice != null then
{
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
# iostat -dx 1
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
} else {});
};
})
(attrsToList meilisearch.instances));
@@ -89,10 +98,10 @@ inputs:
env = "production"
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
log_level = "INFO"
max_indexing_memory = "8Gb"
max_indexing_memory = "16Gb"
max_indexing_threads = 1
'';
owner = inputs.config.users.users.misskey.name;
owner = instance.value.user;
};
})
(attrsToList meilisearch.instances));

254
modules/services/misskey.nix
View File

@@ -1,157 +1,165 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
options.nixos.services.misskey.instances = let inherit (inputs.lib) mkOption types; in mkOption
{
misskey =
type = types.attrsOf (types.submodule { options =
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 9726; };
redis.port = mkOption { type = types.ints.unsigned; default = 3545; };
hostname = mkOption { type = types.str; default = "misskey.chn.moe"; };
};
misskey-proxy = mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
meilisearch =
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 9726; };
};})];
default = "127.0.0.1:9726";
};
};}));
default = {};
};
enable = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 7700; };
};
};});
default = {};
};
config =
let
inherit (inputs.config.nixos.services) misskey misskey-proxy;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.lib) mkIf mkMerge;
inherit (builtins) map listToAttrs toString replaceStrings;
in mkMerge
[
(mkIf misskey.enable
{
systemd =
inherit (inputs.config.nixos.services) misskey;
inherit (inputs.localLib) attrsToList;
inherit (inputs.lib) mkMerge mkIf;
inherit (builtins) map listToAttrs toString replaceStrings filter;
in
{
systemd = mkMerge (map
(instance:
{
services.misskey =
services."misskey-${instance.name}" = rec
{
description = "misskey";
after = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
requires = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
enable = instance.value.autoStart;
description = "misskey ${instance.name}";
after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
++ (if instance.value.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ]
else []);
requires = after;
wantedBy = [ "multi-user.target" ];
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/default.yml".path;
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
serviceConfig = rec
{
User = inputs.config.users.users.misskey.name;
Group = inputs.config.users.users.misskey.group;
WorkingDirectory = "/var/lib/misskey/work";
User = inputs.config.users.users."misskey-${instance.name}".name;
Group = inputs.config.users.users."misskey-${instance.name}".group;
WorkingDirectory = "/var/lib/misskey/${instance.name}/work";
ExecStart = "${WorkingDirectory}/bin/misskey";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
Restart = "always";
RuntimeMaxSec = "1d";
};
};
tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
};
fileSystems =
tmpfiles.rules =
[ "d /var/lib/misskey/${instance.name}/files 0700 misskey-${instance.name} misskey-${instance.name}" ];
})
(attrsToList misskey.instances));
fileSystems = mkMerge (map
(instance:
{
"/var/lib/misskey/work" =
"/var/lib/misskey/${instance.name}/work" =
{
device = "${inputs.pkgs.localPackages.misskey}";
options = [ "bind" "private" "x-gvfs-hide" ];
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
};
"/var/lib/misskey/work/files" =
"/var/lib/misskey/${instance.name}/work/files" =
{
device = "/var/lib/misskey/files";
options = [ "bind" "private" "x-gvfs-hide" ];
device = "/var/lib/misskey/${instance.name}/files";
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
};
};
sops.templates."misskey/default.yml" =
})
(attrsToList misskey.instances));
sops.templates = listToAttrs (map
(instance:
{
content =
let
placeholder = inputs.config.sops.placeholder;
misskey = inputs.config.nixos.services.misskey;
redis = inputs.config.nixos.services.redis.instances.misskey;
in
''
url: https://${misskey.hostname}/
port: ${toString misskey.port}
db:
host: 127.0.0.1
port: 5432
db: misskey
user: misskey
pass: ${placeholder."postgresql/misskey"}
extra:
statement_timeout: 60000
dbReplications: false
redis:
host: 127.0.0.1
port: ${toString redis.port}
pass: ${placeholder."redis/misskey"}
meilisearch:
host: 127.0.0.1
port: 7700
apiKey: ${placeholder."meilisearch/misskey"}
ssl: false
index: misskey
scope: global
id: 'aid'
proxyBypassHosts:
- api.deepl.com
- api-free.deepl.com
- www.recaptcha.net
- hcaptcha.com
- challenges.cloudflare.com
proxyRemoteFiles: true
signToActivityPubGet: true
maxFileSize: 1073741824
'';
owner = inputs.config.users.users.misskey.name;
};
users =
name = "misskey/${instance.name}.yml";
value =
{
content =
let
placeholder = inputs.config.sops.placeholder;
redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
in
''
url: https://${instance.value.hostname}/
port: ${toString instance.value.port}
db:
host: 127.0.0.1
port: 5432
db: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
user: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
pass: ${placeholder."postgresql/misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"}
extra:
statement_timeout: 60000
dbReplications: false
redis:
host: 127.0.0.1
port: ${toString redis.port}
pass: ${placeholder."redis/misskey-${instance.name}"}
id: 'aid'
proxyBypassHosts:
- api.deepl.com
- api-free.deepl.com
- www.recaptcha.net
- hcaptcha.com
- challenges.cloudflare.com
proxyRemoteFiles: true
signToActivityPubGet: true
maxFileSize: 1073741824
''
+ (if instance.value.meilisearch.enable then
''
meilisearch:
host: 127.0.0.1
port: ${toString meilisearch.port}
apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
ssl: false
index: misskey
scope: globa
'' else "");
owner = inputs.config.users.users."misskey-${instance.name}".name;
};
})
(attrsToList misskey.instances));
users = mkMerge (map
(instance:
{
users.misskey = { isSystemUser = true; group = "misskey"; home = "/var/lib/misskey"; createHome = true; };
groups.misskey = {};
};
nixos.services =
{
redis.instances.misskey.port = 3545;
postgresql = { enable = true; instances.misskey = {}; };
meilisearch.instances.misskey = { user = inputs.config.users.users.misskey.name; port = 7700; };
};
})
(mkIf (misskey-proxy != {})
users."misskey-${instance.name}" =
{
isSystemUser = true;
group = "misskey-${instance.name}";
home = "/var/lib/misskey/${instance.name}";
createHome = true;
};
groups."misskey-${instance.name}" = {};
})
(attrsToList misskey.instances));
nixos.services =
{
nixos.services.nginx =
redis.instances = listToAttrs (map
(instance:
{
name = "misskey-${instance.name}";
value.port = instance.value.redis.port;
})
(attrsToList misskey.instances));
postgresql =
{
enable = true;
httpProxy = listToAttrs (map
(proxy: with proxy.value;
{
name = hostname;
value =
{
rewriteHttps = true;
locations."/" =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList misskey-proxy));
enable = mkIf (misskey.instances != {}) true;
instances = listToAttrs (map
(instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
(attrsToList misskey.instances));
};
})
];
meilisearch.instances = listToAttrs (map
(instance:
{
name = "misskey-${instance.name}";
value =
{
user = inputs.config.users.users."misskey-${instance.name}".name;
port = instance.value.meilisearch.port;
};
})
(filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances)));
};
};
}

89
modules/services/nextcloud.nix Normal file
View File

@@ -0,0 +1,89 @@
inputs:
{
options.nixos.services.nextcloud = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "nextcloud.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) nextcloud;
inherit (inputs.localLib) attrsToList;
inherit (inputs.lib) mkIf mkMerge;
inherit (builtins) map listToAttrs toString replaceStrings filter toJSON;
in mkIf nextcloud.enable
{
services.nextcloud =
{
enable = true;
hostName = nextcloud.hostname;
appstoreEnable = false;
https = true;
package = inputs.pkgs.nextcloud27;
maxUploadSize = "10G";
config =
{
dbtype = "pgsql";
dbpassFile = inputs.config.sops.secrets."nextcloud/postgresql".path;
dbport = 5432;
adminuser = "admin";
adminpassFile = inputs.config.sops.secrets."nextcloud/admin".path;
overwriteProtocol = "https";
defaultPhoneRegion = "CN";
};
configureRedis = true;
extraOptions =
{
mail_domain = "chn.moe";
mail_from_address = "bot";
mail_smtphost = "mail.chn.moe";
mail_smtpport = 465;
mail_smtpsecure = "ssl";
mail_smtpauth = true;
mail_smtpname = "bot@chn.moe";
updatechecker = false;
};
secretFile = inputs.config.sops.templates."nextcloud/secret".path;
extraApps =
{
maps = inputs.pkgs.fetchNextcloudApp
{
url = "https://github.com/nextcloud/maps/releases/download/v1.1.1/maps-1.1.1.tar.gz";
sha256 = "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9";
};
phonetrack = inputs.pkgs.fetchNextcloudApp
{
url = "https://github.com/julien-nc/phonetrack/releases/download/v0.7.6/phonetrack-0.7.6.tar.gz";
sha256 = "1p15vw7c5c1h08czyxi1r6svjd5hjmnc0i6is4vl3xq2kfjmcyyx";
};
twofactor_webauthn = inputs.pkgs.fetchNextcloudApp
{
url = "https://github.com/nextcloud-releases/twofactor_webauthn/releases/download/v1.2.0/twofactor_webauthn-v1.2.0.tar.gz";
sha256 = "1lqcw74rsnl8c4sirw9208ra3c8zl8zp93scs7y8fv2n4n60l465";
};
};
};
nixos.services =
{
postgresql = { enable = true; instances.nextcloud = {}; };
redis.instances.nextcloud.port = 3499;
};
sops =
{
templates."nextcloud/secret" =
{
content = toJSON
{
redis.password = inputs.config.sops.placeholder."redis/nextcloud";
mail_smtppassword = inputs.config.sops.placeholder."mail/bot";
};
owner = inputs.config.users.users.nextcloud.name;
};
secrets =
{
"nextcloud/postgresql" = { key = "postgresql/nextcloud"; owner = inputs.config.users.users.nextcloud.name; };
"nextcloud/admin".owner = inputs.config.users.users.nextcloud.name;
};
};
};
}

12
modules/services/nginx/applications/default.nix Normal file
View File

@@ -0,0 +1,12 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./misskey.nix
./synapse.nix
./vaultwarden.nix
./element.nix
./photoprism.nix
./nextcloud.nix
];
}

41
modules/services/nginx/applications/element.nix Normal file
View File

@@ -0,0 +1,41 @@
inputs:
{
options.nixos.services.nginx.applications.element.instances = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
defaultServer = mkOption { type = types.nullOr types.nonEmptyStr; default = "element.chn.moe"; };
};}));
default = {};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications.element) instances;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs toString;
in
{
nixos.services.nginx.http = listToAttrs (map
(instance: with instance.value;
{
name = hostname;
value =
{
rewriteHttps = true;
locations."/".static.root =
if defaultServer == null then toString inputs.pkgs.element-web
else toString (inputs.pkgs.element-web.override { conf =
{
default_server_config."m.homeserver" =
{
base_url = "https://${defaultServer}";
server_name = defaultServer;
};
disable_guests = false;
};});
};
})
(attrsToList instances));
};
}

45
modules/services/nginx/applications/misskey.nix Normal file
View File

@@ -0,0 +1,45 @@
inputs:
{
options.nixos.services.nginx.applications.misskey.instances = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 9726; };
};})];
default = "127.0.0.1:9726";
};
};}));
default = {};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications.misskey) instances;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs toString;
in
{
nixos.services.nginx.http = listToAttrs (map
(proxy: with proxy.value;
{
name = hostname;
value =
{
rewriteHttps = true;
locations."/".proxy =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList instances));
};
}

48
modules/services/nginx/applications/nextcloud.nix Normal file
View File

@@ -0,0 +1,48 @@
inputs:
{
options.nixos.services.nginx.applications.nextcloud = let inherit (inputs.lib) mkOption types; in
{
instance.enable = mkOption
{
type = types.addCheck types.bool (value: value -> inputs.config.nixos.services.nextcloud.enable);
default = false;
};
proxy =
{
enable = mkOption
{
type = types.addCheck types.bool
(value: value -> !inputs.config.nixos.services.nginx.applications.nextcloud.instance.enable);
default = false;
};
upstream = mkOption { type = types.nonEmptyStr; };
};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications) nextcloud;
inherit (inputs.lib) mkIf mkMerge;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs;
in mkMerge
[
(mkIf (nextcloud.instance.enable)
{
nixos.services.nginx.http.${inputs.config.nixos.services.nextcloud.hostname}.rewriteHttps = true;
services.nginx.virtualHosts.${inputs.config.nixos.services.nextcloud.hostname} = mkMerge
[
(inputs.config.services.nextcloud.nginx.recommendedConfig { upstream = "127.0.0.1"; })
{ listen = [ { addr = "0.0.0.0"; port = 8417; ssl = true; extraParameters = [ "proxy_protocol" ]; } ]; }
];
})
(mkIf (nextcloud.proxy.enable)
{
nixos.services.nginx.streamProxy.map.${inputs.config.nixos.services.nextcloud.hostname} =
{
upstream = "${nextcloud.proxy.upstream}:8417";
rewriteHttps = true;
proxyProtocol = true;
};
})
];
}

45
modules/services/nginx/applications/photoprism.nix Normal file
View File

@@ -0,0 +1,45 @@
inputs:
{
options.nixos.services.nginx.applications.photoprism.instances = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 2342; };
};})];
default = "127.0.0.1:2342";
};
};}));
default = {};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications.photoprism) instances;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs toString;
in
{
nixos.services.nginx.http = listToAttrs (map
(proxy: with proxy.value;
{
name = hostname;
value =
{
rewriteHttps = true;
locations."/".proxy =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList instances));
};
}

46
modules/services/nginx/applications/synapse.nix Normal file
View File

@@ -0,0 +1,46 @@
inputs:
{
options.nixos.services.nginx.applications.synapse.instances = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8008; };
};})];
default = "127.0.0.1:8008";
};
};}));
default = {};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications.synapse) instances;
inherit (inputs.localLib) attrsToList;
inherit (inputs.lib) mkIf mkMerge;
inherit (builtins) map listToAttrs;
in
{
nixos.services.nginx.http = listToAttrs (map
(proxy: with proxy.value;
{
name = hostname;
value =
{
rewriteHttps = true;
locations."/".proxy =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList instances));
};
}

44
modules/services/nginx/applications/vaultwarden.nix Normal file
View File

@@ -0,0 +1,44 @@
inputs:
{
options.nixos.services.nginx.applications.vaultwarden = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
};})];
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications) vaultwarden;
inherit (builtins) listToAttrs;
inherit (inputs.lib) mkIf;
in mkIf vaultwarden.enable
{
nixos.services.nginx.http."${vaultwarden.hostname}" =
{
rewriteHttps = true;
locations = let upstream = vaultwarden.upstream; in (listToAttrs (map
(location: { name = location; value.proxy =
{
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
setHeaders = { Host = vaultwarden.hostname; Connection = ""; };
};})
[ "/" "/notifications/hub/negotiate" ]))
// { "/notifications/hub".proxy =
{
upstream =
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
websocket = true;
setHeaders.Host = vaultwarden.hostname;
};};
};
};
}

121
modules/services/nginx.nix → modules/services/nginx/default.nix
View File

@@ -1,15 +1,19 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./applications
];
options.nixos.services.nginx = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
transparentProxy =
{
enable = mkOption { type = types.bool; default = true; };
externalIp = mkOption { type = types.nonEmptyStr; };
externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
};
httpProxy = mkOption
http = mkOption
{
type = types.attrsOf (types.submodule { options =
{
@@ -19,12 +23,31 @@ inputs:
detectAuth = mkOption { type = types.bool; default = false; };
locations = mkOption
{
type = types.attrsOf (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
websocket = mkOption { type = types.bool; default = false; };
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
};});
type = types.attrsOf (types.addCheck
(types.submodule { options =
{
proxy = mkOption
{
type = types.nullOr (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
websocket = mkOption { type = types.bool; default = false; };
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
};});
default = null;
};
static = mkOption
{
type = types.nullOr (types.submodule { options =
{
root = mkOption { type = types.nonEmptyStr; };
index = mkOption { type = types.nonEmptyStr; default = "index.html"; };
};});
default = null;
};
};})
(value: (inputs.lib.count (value: value != null) (builtins.attrValues value)) == 1));
default = {};
};
};});
default = {};
@@ -33,6 +56,7 @@ inputs:
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 5575; };
portWithProxyProtocol = mkOption { type = types.ints.unsigned; default = 5576; };
map = mkOption
{
type = types.attrsOf (types.oneOf
@@ -42,6 +66,7 @@ inputs:
{
upstream = mkOption { type = types.nonEmptyStr; };
rewriteHttps = mkOption { type = types.bool; default = false; };
proxyProtocol = mkOption { type = types.bool; default = false; };
};})
]);
default = {};
@@ -97,23 +122,30 @@ inputs:
{
inherit (location) name;
value =
{
proxyPass = location.value.upstream;
proxyWebsockets = location.value.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
extraConfig = concatStringsSep "\n"
(
(map
(header: ''proxy_set_header ${header.name} "${header.value}";'')
(attrsToList location.value.setHeaders))
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
++ (
if site.value.addAuth then
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
else [])
);
};
if (location.value.proxy != null) then
{
proxyPass = location.value.proxy.upstream;
proxyWebsockets = location.value.proxy.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
extraConfig = concatStringsSep "\n"
(
(map
(header: ''proxy_set_header ${header.name} "${header.value}";'')
(attrsToList location.value.proxy.setHeaders))
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
++ (
if site.value.addAuth then
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
else [])
);
}
else if (location.value.static != null) then
{
root = location.value.static.root;
index = location.value.static.index;
}
else {};
})
(attrsToList site.value.locations));
forceSSL = site.value.rewriteHttps;
@@ -123,7 +155,7 @@ inputs:
else null;
};
})
(attrsToList nginx.httpProxy));
(attrsToList nginx.http));
recommendedZstdSettings = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
@@ -184,14 +216,14 @@ inputs:
owner = inputs.config.users.users.nginx.name;
};
})
(filter (site: site.value.addAuth) (attrsToList nginx.httpProxy)));
(filter (site: site.value.addAuth) (attrsToList nginx.http)));
secrets = { "nginx/maxmind-license".owner = inputs.config.users.users.nginx.name; }
// (listToAttrs (map
(site: { name = "nginx/detectAuth/${site.name}"; value.owner = inputs.config.users.users.nginx.name; })
(filter (site: site.value.detectAuth) (attrsToList nginx.httpProxy))))
(filter (site: site.value.detectAuth) (attrsToList nginx.http))))
// (listToAttrs (map
(site: { name = "nginx/addAuth/${site.name}"; value = {}; })
(filter (site: site.value.addAuth) (attrsToList nginx.httpProxy))));
(filter (site: site.value.addAuth) (attrsToList nginx.http))));
};
systemd.services.nginx.serviceConfig =
{
@@ -203,11 +235,11 @@ inputs:
nixos.services.acme =
{
enable = true;
certs = map (cert: cert.name) (attrsToList nginx.httpProxy);
certs = map (cert: cert.name) (attrsToList nginx.http);
};
security.acme.certs = listToAttrs (map
(cert: { inherit (cert) name; value.group = inputs.config.services.nginx.group; })
(attrsToList nginx.httpProxy));
(attrsToList nginx.http));
})
(mkIf nginx.transparentProxy.enable
{
@@ -223,14 +255,14 @@ inputs:
(attrsToList nginx.transparentProxy.map)
++ (map
(site: { name = site.name; value = (if site.value.http2 then 443 else 3065); })
(attrsToList nginx.httpProxy)
(attrsToList nginx.http)
)
))}
default 127.0.0.1:443;
}
server
{
listen ${nginx.transparentProxy.externalIp}:443;
${concatStringsSep "\n " (map (ip: "listen ${ip}:443;") nginx.transparentProxy.externalIp)}
ssl_preread on;
proxy_bind $remote_addr transparent;
proxy_pass $transparent_proxy_backend;
@@ -316,6 +348,17 @@ inputs:
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log stream_proxy;
}
server
{
listen 127.0.0.1:${toString nginx.streamProxy.portWithProxyProtocol};
proxy_protocol on;
ssl_preread on;
proxy_pass $stream_proxy_backend;
proxy_connect_timeout 10s;
proxy_socket_keepalive on;
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log stream_proxy;
}
'';
virtualHosts = listToAttrs (map
(site:
@@ -330,9 +373,15 @@ inputs:
})
(filter (site: site.value.rewriteHttps or false) (attrsToList nginx.streamProxy.map)));
};
nixos.services.nginx.transparentProxy.map = listToAttrs (map
(site: { name = site.name; value = nginx.streamProxy.port; })
(attrsToList nginx.streamProxy.map));
nixos.services.nginx.transparentProxy.map = listToAttrs
(
(map
(site: { name = site.name; value = nginx.streamProxy.port; })
(filter (site: !(site.value.proxyProtocol or false)) (attrsToList nginx.streamProxy.map)))
++ (map
(site: { name = site.name; value = nginx.streamProxy.portWithProxyProtocol; })
(filter (site: site.value.proxyProtocol or false) (attrsToList nginx.streamProxy.map)))
);
})
];
}

47
modules/services/photoprism.nix Normal file
View File

@@ -0,0 +1,47 @@
inputs:
{
options.nixos.services.photoprism = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "photoprism.chn.moe"; };
port = mkOption { type = types.ints.unsigned; default = 2342; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) photoprism;
in mkIf photoprism.enable
{
services.photoprism =
{
enable = true;
originalsPath = inputs.config.services.photoprism.storagePath + "/originals";
settings =
{
PHOTOPRISM_SITE_URL = "https://${photoprism.hostname}";
PHOTOPRISM_HTTP_PORT = "${toString photoprism.port}";
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_DETECT_NSFW = "true";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_DATABASE_DRIVER = "mysql";
PHOTOPRISM_DATABASE_SERVER = "127.0.0.1:3306";
};
};
systemd.services.photoprism =
{
after = [ "mariadb.service" ];
requires = [ "mariadb.service" ];
serviceConfig.EnvironmentFile = inputs.config.sops.templates."photoprism/env".path;
};
sops =
{
templates."photoprism/env".content = let placeholder = inputs.config.sops.placeholder; in
''
PHOTOPRISM_ADMIN_PASSWORD=${placeholder."photoprism/adminPassword"}
PHOTOPRISM_DATABASE_PASSWORD=${placeholder."mariadb/photoprism"}
'';
secrets."photoprism/adminPassword" = {};
};
nixos.services.mariadb = { enable = true; instances.photoprism = {}; };
};
}

4
modules/services/postgresql.nix
View File

@@ -17,8 +17,8 @@ inputs:
config =
let
inherit (inputs.config.nixos.services) postgresql;
inherit (inputs.lib) mkMerge mkAfter concatStringsSep mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.lib) mkAfter concatStringsSep mkIf;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs filter;
in mkIf postgresql.enable
{

4
modules/services/rsshub.nix
View File

@@ -60,10 +60,10 @@ inputs:
nginx =
{
enable = true;
httpProxy.${rsshub.hostname} =
http.${rsshub.hostname} =
{
rewriteHttps = true;
locations."/" =
locations."/".proxy =
{ upstream = "http://127.0.0.1:${toString rsshub.port}"; setHeaders.Host = rsshub.hostname; };
};
};

37
modules/services/snapper.nix Normal file
View File

@@ -0,0 +1,37 @@
inputs:
{
options.nixos.services.snapper = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
configs = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos) services;
inherit (builtins) map listToAttrs toString;
in mkIf services.snapper.enable
{
services.snapper.configs =
let
f = (config:
{
inherit (config) name;
value =
{
SUBVOLUME = config.value;
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800;
TIMELINE_LIMIT_HOURLY = "10";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "1";
TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
};
});
in
listToAttrs (map f (attrsToList services.snapper.configs));
};
}

13
modules/services/snapper.patch
View File

@@ -1,13 +0,0 @@
diff --git a/snapper/FileUtils.cc b/snapper/FileUtils.cc
index 9da572f..48f60fa 100644
--- a/snapper/FileUtils.cc
+++ b/snapper/FileUtils.cc
@@ -424,7 +424,7 @@ namespace snapper
v /= 62;
}
- int fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR);
+ int fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (fd >= 0)
return fd;
else if (errno != EEXIST)

1
modules/services/ssh-ca.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature

8
modules/services/sshd.nix
View File

@@ -17,19 +17,11 @@ inputs:
settings =
{
X11Forwarding = true;
TrustedUserCAKeys = "${./ssh-ca.pub}";
ChallengeResponseAuthentication = false;
PasswordAuthentication = sshd.passwordAuthentication;
KbdInteractiveAuthentication = false;
UsePAM = true;
};
extraConfig =
''
Match User root
PasswordAuthentication no
Match User chn
PasswordAuthentication no
'';
};
};
}

222
modules/services/synapse.nix
View File

@@ -1,150 +1,102 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
options.nixos.services.synapse = let inherit (inputs.lib) mkOption types; in
{
synapse =
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8008; };
hostname = mkOption { type = types.str; default = "synapse.chn.moe"; };
};
synapse-proxy = mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8008; };
};})];
default = "127.0.0.1:8008";
};
};}));
default = {};
};
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8008; };
hostname = mkOption { type = types.str; default = "synapse.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) synapse synapse-proxy;
inherit (inputs.localLib) attrsToList;
inherit (inputs.lib) mkIf mkMerge;
inherit (inputs.config.nixos.services) synapse;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs;
in mkMerge
[
(mkIf synapse.enable
in mkIf synapse.enable
{
services.matrix-synapse =
{
services.matrix-synapse =
enable = true;
settings =
{
enable = true;
settings =
server_name = synapse.hostname;
listeners =
[{
bind_addresses = [ "0.0.0.0" ];
port = 8008;
resources = [{ names = [ "client" "federation" ]; compress = false; }];
tls = false;
type = "http";
x_forwarded = true;
}];
database.name = "psycopg2";
admin_contact = "mailto:chn@chn.moe";
enable_registration = true;
registrations_require_3pid = [ "email" ];
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
max_upload_size = "1024M";
web_client_location = "https://element.chn.moe/";
serve_server_wellknown = true;
report_stats = true;
trusted_key_servers = [{ server_name = "matrix.org"; }];
suppress_key_server_warning = true;
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
{
server_name = synapse.hostname;
listeners =
[{
bind_addresses = [ "0.0.0.0" ];
port = 8008;
resources = [{ names = [ "client" "federation" ]; compress = false; }];
tls = false;
type = "http";
x_forwarded = true;
}];
database.name = "psycopg2";
admin_contact = "mailto:chn@chn.moe";
enable_registration = true;
registrations_require_3pid = [ "email" ];
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
max_upload_size = "1024M";
web_client_location = "https://element.chn.moe/";
serve_server_wellknown = true;
report_stats = true;
trusted_key_servers = [{ server_name = "matrix.org"; }];
suppress_key_server_warning = true;
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
version = 1;
formatters.precise.format =
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
root = { level = "INFO"; handlers = [ "console" ]; };
disable_existing_loggers = true;
};
};
extraConfigFiles = [ inputs.config.sops.templates."synapse/password.yaml".path ];
};
sops =
{
templates."synapse/password.yaml" =
{
owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User;
group = inputs.config.systemd.services.matrix-synapse.serviceConfig.Group;
content = builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "password.yaml"
{
database =
{
version = 1;
formatters.precise.format =
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
root = { level = "INFO"; handlers = [ "console" ]; };
disable_existing_loggers = true;
name = "psycopg2";
args =
{
user = "synapse";
password = inputs.config.sops.placeholder."postgresql/synapse";
database = "synapse";
host = "127.0.0.1";
port = "5432";
};
allow_unsafe_locale = true;
};
};
extraConfigFiles = [ inputs.config.sops.templates."synapse/password.yaml".path ];
};
sops =
{
templates."synapse/password.yaml" =
{
owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User;
group = inputs.config.systemd.services.matrix-synapse.serviceConfig.Group;
content = builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "password.yaml"
turn_shared_secret = inputs.config.sops.placeholder."synapse/coturn";
registration_shared_secret = inputs.config.sops.placeholder."synapse/registration";
macaroon_secret_key = inputs.config.sops.placeholder."synapse/macaroon";
form_secret = inputs.config.sops.placeholder."synapse/form";
signing_key_path = inputs.config.sops.secrets."synapse/signing-key".path;
email =
{
database =
{
name = "psycopg2";
args =
{
user = "synapse";
password = inputs.config.sops.placeholder."postgresql/synapse";
database = "synapse";
host = "127.0.0.1";
port = "5432";
};
allow_unsafe_locale = true;
};
turn_shared_secret = inputs.config.sops.placeholder."synapse/coturn";
registration_shared_secret = inputs.config.sops.placeholder."synapse/registration";
macaroon_secret_key = inputs.config.sops.placeholder."synapse/macaroon";
form_secret = inputs.config.sops.placeholder."synapse/form";
signing_key_path = inputs.config.sops.secrets."synapse/signing-key".path;
email =
{
smtp_host = "mail.chn.moe";
smtp_port = 25;
smtp_user = "bot@chn.moe";
smtp_pass = inputs.config.sops.placeholder."mail/bot";
require_transport_security = true;
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
app_name = "Haonan Chen's synapse";
};
});
};
secrets = (listToAttrs (map
(secret: { name = "synapse/${secret}"; value = {}; })
[ "coturn" "registration" "macaroon" "form" ]))
// { "synapse/signing-key".owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User; }
// { "mail/bot" = {}; };
smtp_host = "mail.chn.moe";
smtp_port = 25;
smtp_user = "bot@chn.moe";
smtp_pass = inputs.config.sops.placeholder."mail/bot";
require_transport_security = true;
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
app_name = "Haonan Chen's synapse";
};
});
};
nixos.services.postgresql = { enable = true; instances.synapse = {}; };
systemd.services.matrix-synapse.enable = synapse.autoStart;
})
(mkIf (synapse-proxy != {})
{
nixos.services.nginx =
{
enable = true;
httpProxy = listToAttrs (map
(proxy: with proxy.value;
{
name = hostname;
value =
{
rewriteHttps = true;
locations."/" =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList synapse-proxy));
};
})
];
secrets = (listToAttrs (map
(secret: { name = "synapse/${secret}"; value = {}; })
[ "coturn" "registration" "macaroon" "form" ]))
// { "synapse/signing-key".owner = inputs.config.systemd.services.matrix-synapse.serviceConfig.User; }
// { "mail/bot" = {}; };
};
nixos.services.postgresql = { enable = true; instances.synapse = {}; };
systemd.services.matrix-synapse.enable = synapse.autoStart;
};
}

162
modules/services/vaultwarden.nix
View File

@@ -1,117 +1,67 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
options.nixos.services.vaultwarden = let inherit (inputs.lib) mkOption types; in
{
vaultwarden =
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
hostname = mkOption { type = types.str; default = "vaultwarden.chn.moe"; };
};
vaultwarden-proxy =
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
};})];
default = {};
};
};
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
hostname = mkOption { type = types.str; default = "vaultwarden.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) vaultwarden vaultwarden-proxy;
inherit (inputs.config.nixos.services) vaultwarden;
inherit (builtins) listToAttrs;
inherit (inputs.lib) mkIf mkMerge;
in mkMerge
[
(
mkIf vaultwarden.enable
inherit (inputs.lib) mkIf;
in mkIf vaultwarden.enable
{
services.vaultwarden =
{
enable = true;
dbBackend = "postgresql";
config =
{
services.vaultwarden =
DATA_FOLDER = "/var/lib/vaultwarden";
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
ROCKET_PORT = vaultwarden.port;
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
SIGNUPS_VERIFY = true;
DOMAIN = "https://${vaultwarden.hostname}";
SMTP_HOST = "mail.chn.moe";
SMTP_FROM = "bot@chn.moe";
SMTP_FROM_NAME = "vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "bot@chn.moe";
};
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
};
sops =
{
templates."vaultwarden.env" =
let
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
placeholder = inputs.config.sops.placeholder;
in
{
enable = true;
dbBackend = "postgresql";
config =
{
DATA_FOLDER = "/var/lib/vaultwarden";
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
ROCKET_PORT = vaultwarden.port;
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
SIGNUPS_VERIFY = true;
DOMAIN = "https://${vaultwarden.hostname}";
SMTP_HOST = "mail.chn.moe";
SMTP_FROM = "bot@chn.moe";
SMTP_FROM_NAME = "vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "bot@chn.moe";
};
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
owner = serviceConfig.User;
group = serviceConfig.Group;
content =
''
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
SMTP_PASSWORD=${placeholder."mail/bot"}
'';
};
sops =
{
templates."vaultwarden.env" =
let
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
placeholder = inputs.config.sops.placeholder;
in
{
owner = serviceConfig.User;
group = serviceConfig.Group;
content =
''
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
SMTP_PASSWORD=${placeholder."mail/bot"}
'';
};
secrets = listToAttrs (map
(secret: { name = secret; value = {}; })
[ "vaultwarden/admin_token" "mail/bot" ]);
};
systemd.services.vaultwarden =
{
enable = vaultwarden.autoStart;
after = [ "postgresql.service" ];
};
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
}
)
(
mkIf vaultwarden-proxy.enable
{
nixos.services.nginx =
{
enable = true;
httpProxy."${vaultwarden-proxy.hostname}" =
{
rewriteHttps = true;
locations = let upstream = vaultwarden-proxy.upstream; in (listToAttrs (map
(location: { name = location; value =
{
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
setHeaders = { Host = vaultwarden-proxy.hostname; Connection = ""; };
};})
[ "/" "/notifications/hub/negotiate" ]))
// { "/notifications/hub" =
{
upstream =
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
websocket = true;
setHeaders.Host = vaultwarden-proxy.hostname;
};};
};
};
}
)
];
secrets = listToAttrs (map
(secret: { name = secret; value = {}; })
[ "vaultwarden/admin_token" "mail/bot" ]);
};
systemd.services.vaultwarden =
{
enable = vaultwarden.autoStart;
after = [ "postgresql.service" ];
};
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
};
}

6
modules/system/default.nix
View File

@@ -3,7 +3,7 @@ inputs:
imports = inputs.localLib.mkModules
[
./nix.nix
./fileSystems.nix
./fileSystems
./grub.nix
./initrd.nix
./kernel.nix
@@ -25,16 +25,17 @@ inputs:
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
'';
dbus.implementation = "broker";
fstrim = { enable = true; interval = "daily"; };
};
time.timeZone = "Asia/Shanghai";
boot =
{
kernel.sysctl =
{
"vm.swappiness" = 10;
"vm.oom_kill_allocating_task" = true;
"vm.oom_dump_tasks" = false;
"vm.overcommit_memory" = 1;
"kernel.sysrq" = 438;
};
supportedFilesystems = [ "ntfs" ];
consoleLogLevel = 7;
@@ -66,5 +67,6 @@ inputs:
# environment.variables.CPATH = "/run/current-system/sw/include";
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
virtualisation.oci-containers.backend = "docker";
home-manager.sharedModules = [{ home.stateVersion = "22.11"; }];
};
}

9
modules/system/fileSystems.nix → modules/system/fileSystems/default.nix
View File

@@ -39,6 +39,11 @@ inputs:
});
default = {};
};
keyFile = mkOption
{
type = types.path;
default = ./. + "/${inputs.config.nixos.system.networking.hostname}.key";
};
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
@@ -236,7 +241,9 @@ inputs:
mount ${device} /mnt -m
if [ -f /mnt${path}/current/.timestamp ]
then
mv /mnt${path}/current /mnt${path}/$(cat /mnt${path}/current/.timestamp)
timestamp=$(cat /mnt${path}/current/.timestamp)
mv /mnt${path}/current /mnt${path}/$timestamp
btrfs property set -ts /mnt${path}/$timestamp ro true
fi
btrfs subvolume create /mnt${path}/current
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp

BIN
modules/system/fileSystems/nas.key Normal file
View File

Binary file not shown.

BIN
modules/system/fileSystems/vps6.key Normal file
View File

Binary file not shown.

BIN
modules/system/fileSystems/vps7.key Normal file
View File

Binary file not shown.

6
modules/system/gui.nix
View File

@@ -19,7 +19,11 @@ inputs:
videoDrivers = inputs.config.nixos.hardware.gpus;
};
systemd.services.display-manager.after = [ "network-online.target" ];
environment.sessionVariables."GTK_USE_PORTAL" = "1";
environment =
{
sessionVariables."GTK_USE_PORTAL" = "1";
plasma5.excludePackages = inputs.lib.mkIf (!gui.preferred) [ inputs.pkgs.plasma5Packages.plasma-nm ];
};
xdg.portal.extraPortals = map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "kde" "wlr" ];
i18n.inputMethod =
{

26
modules/system/impermanence.nix
View File

@@ -41,10 +41,20 @@ inputs:
"${impermanence.root}" =
{
hideMounts = true;
directories = []
directories = [ "/var/lib/systemd/linger" "/var/lib/systemd/coredump" ]
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
};
}
// (if builtins.elem "chn" inputs.config.nixos.users.users then
{
users.chn =
{
directories =
[
".cache"
];
};
} else {});
"${impermanence.nodatacow}" =
{
hideMounts = true;
@@ -54,7 +64,17 @@ inputs:
[{ directory = "/var/lib/postgresql"; user = user.name; group = user.group; mode = "0750"; }]
else []
)
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else []);
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
++ (
if inputs.config.nixos.virtualization.kvmHost.enable then
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
else []
)
++ (
if inputs.config.nixos.services.mariadb.enable then let user = inputs.config.users.users.mysql; in
[{ directory = "/var/lib/mysql"; user = user.name; group = user.group; mode = "0750"; }]
else []
);
};
};
};

41
modules/system/kernel.nix
View File

@@ -2,6 +2,7 @@ inputs:
{
options.nixos.system.kernel = let inherit (inputs.lib) mkOption types; in
{
useLts = mkOption { type = types.bool; default = false; };
patches = mkOption { type = types.listOf (types.enum [ "cjktty" "preempt" ]); default = []; };
modules =
{
@@ -25,33 +26,37 @@ inputs:
"ahci" "ata_piix" "bfq" "failover" "net_failover" "nls_cp437" "nls_iso8859-1" "nvme" "sdhci_acpi" "sd_mod"
"sr_mod" "usbcore" "usbhid" "usbip-core" "usb-common" "usb_storage" "vhci-hcd" "virtio" "virtio_blk"
"virtio_net" "virtio_pci" "xhci_pci" "virtio_ring" "virtio_scsi" "cryptd" "crypto_simd" "libaes"
] ++ kernel.modules.initrd;
# networking for nas
"igb"
] ++ kernel.modules.initrd ++ (if (!kernel.useLts) then [ "lenovo-yogabook" ] else []);
extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
kernelParams = [ "delayacct" "acpi_osi=Linux" ];
kernelPackages = inputs.pkgs.linuxPackagesFor (inputs.pkgs.linuxPackages_xanmod.kernel.override rec
{
src = inputs.pkgs.fetchFromGitHub
{
owner = "xanmod";
repo = "linux";
rev = modDirVersion;
hash = "sha256-EugTfBbeH9VTpIg1aDNfaY57NDCA70QIdsOfzxWMSeA=";
};
version = "6.4.14";
modDirVersion = "6.4.14-xanmod1";
});
kernelPackages = inputs.pkgs."linuxPackages_xanmod${if kernel.useLts then "" else "_latest"}";
kernelPatches =
let
patches =
{
cjktty =
{
patch = inputs.pkgs.fetchurl
{
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.4.patch";
sha256 = "1kvmddg18pw22valbgx2vlxiasgxvszzm5lzkz096xm51sz72rm0";
};
patch =
let
version = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
major = builtins.elemAt version 0;
minor = builtins.elemAt version 1;
in inputs.pkgs.fetchurl
{
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/"
+ "v${major}.x/cjktty-${major}.${minor}.patch";
sha256 =
let
hashes =
{
"6.1" = "11ddiammvjxx2m9v32p25l1ai759a1d6xhdpszgnihv7g2fzigf5";
"6.5" = "0ckmbx53js04lrcvcsf8qk935v2pl9w0af2v1mqghfs0krakfgfh";
};
in hashes."${major}.${minor}";
};
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
};

5
modules/system/networking/nebula/default.nix
View File

@@ -49,5 +49,10 @@ inputs:
secrets."nebula/key" = {};
};
networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
systemd.services."nebula@nebula" =
{
after = [ "network-online.target" ];
serviceConfig.Restart = "always";
};
};
}

1
modules/system/nix.nix
View File

@@ -26,7 +26,6 @@ inputs:
experimental-features = [ "nix-command" "flakes" ];
keep-outputs = nix.keepOutputs;
keep-failed = true;
auto-optimise-store = true;
substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
show-trace = true;

1
modules/system/nixpkgs.nix
View File

@@ -33,6 +33,7 @@ inputs:
(
mkConditional (nixpkgs.march != null)
{
programs.ccache.enable = true;
nixpkgs =
{
hostPlatform = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };

7
modules/system/security.nix
View File

@@ -25,13 +25,6 @@ inputs:
"es256"
"+presence"
])
(builtins.concatStringsSep ","
[
"WgLCnlQcGP4uVHI8OZrJWoLK6ezHtl404NVGsfH2LXsq0TNVZ7l2OidGpbYqIJwTn5yKu6t0MI7KdHYD18T/HA=="
"GVPuwp38yb+A1Uur22hywW7mQJPOxuLXXKLlM9FU2bvVhpwdjWDvg+BB5YFAL9NjTW22V7Hy/a9UuSmZejs7dw=="
"es256"
"+presence"
])
])
]);
};

247
modules/users/default.nix
View File

@@ -1,26 +1,33 @@
inputs:
let
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf mkOption types;
users =
allUsers =
{
root =
{
users.users.root =
{
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
openssh.authorizedKeys.keys =
[
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
(builtins.concatStringsSep ""
[
"sk-ssh-ed25519@openssh.com "
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
"chn@pc"
])
];
};
home-manager.users.root.programs.git =
home-manager.users.root =
{
extraConfig.core.editor = inputs.lib.mkForce "vim";
userName = "chn";
userEmail = "chn@chn.moe";
imports = inputs.config.nixos.users.sharedModules;
config.programs.git =
{
extraConfig.core.editor = inputs.lib.mkForce "vim";
userName = "chn";
userEmail = "chn@chn.moe";
};
};
};
chn =
@@ -36,87 +43,144 @@ inputs:
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
openssh.authorizedKeys.keys =
[
# ykman fido credentials list
# ykman fido credentials delete f2c1ca2d
# ssh-keygen -t ed25519-sk -O resident
# ssh-keygen -K
(builtins.concatStringsSep ""
[
"sk-ssh-ed25519@openssh.com "
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh+Vso8FsUNFwPXFAAAABHNzaDo= "
"chn@chn.moe"
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
"chn@pc"
])
];
};
home-manager.users.chn.programs =
home-manager.users.chn =
{
git =
imports = inputs.config.nixos.users.sharedModules;
config =
{
userName = "chn";
userEmail = "chn@chn.moe";
};
ssh.matchBlocks = builtins.listToAttrs
(
(map
(host:
programs =
{
git =
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
}))
++ (map
(host:
{
name = host;
value =
userName = "chn";
userEmail = "chn@chn.moe";
};
ssh.matchBlocks = builtins.listToAttrs
(
(builtins.map
(host:
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
}))
++ (builtins.map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions =
{
PubkeyAcceptedAlgorithms = "+ssh-rsa";
HostkeyAlgorithms = "+ssh-rsa";
SetEnv = "TERM=chn_unset_ls_colors:xterm-256color";
# in .bash_profile:
# if [[ $TERM == chn_unset_ls_colors* ]]; then
# export TERM=${TERM#*:}
# export CHN_LS_USE_COLOR=1
# fi
# in .bashrc
# [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
};
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
nas =
{
host = "nas";
hostname = "office.chn.moe";
user = "chn";
port = 5440;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
nas =
{
host = "nas";
hostname = "office.chn.moe";
user = "chn";
port = 5440;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
};
};
};
home.packages =
[
(
let
servers = builtins.filter
(system: system.value.enable)
(builtins.map
(system:
{
name = system.config.nixos.system.networking.hostname;
value = system.config.nixos.system.fileSystems.decrypt.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
cat = "${inputs.pkgs.coreutils}/bin/cat";
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
ssh = "${inputs.pkgs.openssh}/bin/ssh";
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
(
(builtins.map (system: builtins.concatStringsSep "\n"
[
"decrypt-${system.name}() {"
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
(builtins.concatStringsSep "\n" (builtins.map
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
+ (if device.value.ssd then "--allow-discards " else "")
+ "${device.name} ${device.value.mapper} -")
(inputs.localLib.attrsToList system.value.devices)))
"}"
])
servers)
++ [ "decrypt-$1" ]
))
)
];
};
};
nixos.services.groupshare.mountPoints = [ "/home/chn/groupshare" ];
@@ -134,7 +198,7 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.xll = {};
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/xll".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
};
@@ -151,7 +215,7 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.zem = {};
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/zem".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
};
@@ -168,7 +232,7 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yjq = {};
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/yjq".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
};
@@ -181,18 +245,31 @@ inputs:
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/yxy".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./yxy_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yxy = {};
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/yxy".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
};
};
in
{
options.nixos.users = mkOption { type = types.listOf (types.enum (attrNames users)); default = [ "root" "chn" ]; };
config = mkMerge (map (user: mkIf (builtins.elem user inputs.config.nixos.users) users.${user}) (attrNames users));
options.nixos.users = let inherit (inputs.lib) mkOption types; in
{
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
};
config =
let
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.config.nixos) users;
in mkMerge
[
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
];
}
# environment.persistence."/impermanence".users.chn =
@@ -236,4 +313,4 @@ inputs:
# ".viminfo"
# ".zsh_history"
# ];
# };
# };

1
modules/users/yxy_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3D1PKR7xwlFBT/XdvGl9JkKTR0opBOQwxokR0Ri+zy0a6PgFFE6/L2NhgbHLQZt96J4lHl9ZxPdRgQ8Tc4+rptJiEX5VvZaNXmOC5wa5fGZuSj93HPEUzrtOv1sFzh2WgAeWd2nf7r/DoSYY91W1Bpsjx1YaeI6KvTHMeqoidTd17CcrMkIcOuYlgAHDeZ+vnxljTOddjK17D+AsG1+ThbDNwd97AlRv/pRkL2BAnHHNvL1UXVKg47IV4+60guB0Xqr947mSdCAomW1Oe9XbYooVRZZaVov1cv6NTQ0dZ6ktV3i+s7VXZh8dNkp46Hw68gI+fHp0I3mze5MblffpaGo2f0qQrJOROQygOyj/ihK1eMkPNKfdJE0odQ0z+1mwnwq5bhP5UPBvz6Z11M9Ez+/VtX3MG27RdVPMtoLSgHV7XwvVsvJQ5V+O+TkdO95IIlPuA2+1wj9O+Tsz4u4IS5xC7XXr9Jo+Mj1gbYnZqmTSldyBIkSUuKRgDF6oC4Fs= yxy@chn-xmupc1

9
modules/virtualization/default.nix
View File

@@ -67,7 +67,14 @@ inputs:
};
virtualisation =
{
libvirtd = { enable = true; qemu.runAsRoot = false; onBoot = "ignore"; onShutdown = "shutdown"; };
libvirtd =
{
enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
parallelShutdown = 4;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with inputs.pkgs; [ qemu_full win-spice ] ++

12
secrets/pc.yaml
View File

@@ -7,15 +7,13 @@ frp:
store:
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
nginx:
#ENC[AES256_GCM,data:sHSfWhEO9PHWTY0r,iv:XSyOSkzEVOjMF/9vjEVpcuKH6B2mdE5D7l9VKrSILO0=,tag:2YkAoPW5GqOjFpPF5IvApg==,type:comment]
#ENC[AES256_GCM,data:Oaxg1nXYHLNOAF2V8lNF+4OtJz5bXOdEleXi89AW+dQvDgj0HMAAlxLiixlfhFW48Clcu+C+4opFZUk+4Q3GBePTQWeabgEFAZi+MgnVoiXzfizQpmve,iv:/NyV6W0vaXvS5qFKPw+7Iqe9po1VKQDLbHaC9Fa8Mto=,tag:JiCKJxhpAI9k11N9WxfZew==,type:comment]
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
postgresql:
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
redis:
misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
misskey-misskey: ENC[AES256_GCM,data:/wYR3Bz4LRk/Ks0vizlZS3Ebf5qVfnlBBqZEm/ZIBFdDuhddgu71cqCjTHIKQ6CYh3CoUyguKIIFWku/kOCHKA==,iv:dllKvZwxvZC4pVyEMOB9WNiVBsVxzo5kwbdYKCzzyrY=,tag:MvzqalVvBkyJoLbirN0V8Q==,type:str]
nebula:
key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
sops:
@@ -42,8 +40,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:51:32Z"
mac: ENC[AES256_GCM,data:PlBRhBHJ067MzX77ZaG7XzQviTixWWEZboFM8h1ezmei+Pf2PY4oDxRfmEgAodXD2EpM0x4cao3NPzMeAYtJK0YUViZRzdSbya/60W6Xzv0nrbJHh3xvvJmLVsMXyD3KKMcafTOrBsxnCg0gRro778Z63XkN/S9tA2tZfdZLLcY=,iv:9N223T+lBjYt0WLvvERbAFE1Z30ejWwZNDjByFjlW98=,tag:iTD7+P5uFlwe/xEX80QgMg==,type:str]
lastmodified: "2023-10-03T10:45:13Z"
mac: ENC[AES256_GCM,data:9O1o1uNvrSu4yEpVmvPLESrCqtkf+MXUud54hVgjd/Mmchsy0eTi3gMzbAb0i6vaaNH7hHVOT0GnSNiS67UjYemvx9xHOPuJxysmoUAvT6aVzap4XZirnnsKgfYGUwn/iECsEF3dGa2c4nCiPxdtac2BaGBlxFKuh1fWBKWrow0=,iv:a+xHAakjIPhDQRYJnb0BFxdXc0uXZmmZYv8kvOPoKBA=,tag:hWpzT1tMILYZKhQXgdmhXg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

8
secrets/vps6.yaml
View File

@@ -22,9 +22,13 @@ xray-server:
user7: ENC[AES256_GCM,data:7rxvmKbtYrDKBlo8kZIfd86KLd9EcSWB0ikasIRqfCZ24W0h,iv:Uplz4fnFymmBVZ9YTniHFFY3EVSrTYsg1+CTFqBu1WY=,tag:l3EPeYRHSeRsCyRhqFRrEg==,type:str]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user8: ENC[AES256_GCM,data:FNT3hHMwPJu3iI1LuOP1KvsoOonh+J/ecrNrRQO5TpunDPUq,iv:tTEB0MSUmQ39tNq9v1BTfaEcJY7Y59CPHRASMC1a4U8=,tag:klDm6Isk52hG8ubcFu6yHA==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
user9: ENC[AES256_GCM,data:4BD/4MXAVLhDm3EXdgTiEgPketf0WgflVPGb3/JMWXfycEKY,iv:jwE5sFVxZjORwoqCBdufP2EhetVtFGHyCP58AzJwle0=,tag:OCteA20hDBLI9zt1ET0tUQ==,type:str]
#ENC[AES256_GCM,data:U48hPlrJn2dF9g==,iv:W+6QEgemNa41VCT2OfBvEhuLAucLxfR+YZiDgdkkSnk=,tag:IhVstGnQ4EviT5ctMgyKiA==,type:comment]
user10: ENC[AES256_GCM,data:d9qxJQH9Jo8gJKUi5jjSdVwqzuHG+dj08Tk+TxhczJmlSaFT,iv:DS+9isZX2B9AYAyV4Yle4fpHzA/SHcR56B/GW8QdALw=,tag:9nUQ0OuMCuXGSZs2kjfnIQ==,type:str]
#ENC[AES256_GCM,data:DxZrs2B0LyPdLg==,iv:yZzEjyiY2s6gIPTsALl5xOsI0ByDvSBG4SI2+K6TLzI=,tag:hAniFFNS0SueybUKnRd2YQ==,type:comment]
user11: ENC[AES256_GCM,data:RPIH0DudfPJwPsa0yFLNqUy2EMwQh1bIqkmhCfteVTkUQGWP,iv:NH0aGTZ6nVqz2nn+o1HQS0PKpqHTBMkAhy0oFeyX/8k=,tag:kgd5zkHXW+oxRFC9x2VTUg==,type:str]
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
user12: ENC[AES256_GCM,data:Q+XcMYPWWeHqXZZt3lf9OurlWwVQGBJWTnRwDUvg7np19g3+,iv:ybREjo5/SFRN5LMSyYdm0ygkYoq/G1uBv9K0iGPqrh4=,tag:g2y8IJeXtHW1XjelOvT+/A==,type:str]
user13: ENC[AES256_GCM,data:IKKk8joJQ5rcSXV84jbYd4uox548czpcgXwTtyK4rFimQIoO,iv:ycVDDSb0qAtZE8WzEdKkaBYKY13JpKj+4xrgkLogikw=,tag:z9ty67NWIgGlh1psbE5qVQ==,type:str]
user14: ENC[AES256_GCM,data:WFhrirjRUEZlOaCLGvHzvRPyp5O+035k0bNFqCvs0UTdT0+y,iv:C2vvOexQwFFkQyvFd8tf7lca2ZZIF3hbSiOHa2RFfGU=,tag:zowYrIut44mRiq6/h0r4fQ==,type:str]
@@ -86,8 +90,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:50:37Z"
mac: ENC[AES256_GCM,data:+w04X4hdgiBO3VpCI5tM2h+X13m3QOQeMdcmKGavqBoC9S+jx9dOoy2H9FdhjyYN/dkhglFqG5LMnHqEsdLGSwSxUsJDmHMm3MvFLJYIybvanNB+Gxb9+ooBNpC/e+d1iLg85mAUTXhLlezw5gaRHtwiQ4llOXZesE+c+Wnbbws=,iv:mM5lw8pFJoqYvz8uIi+oTqJFyIHq6HjspYTaEJp2xzY=,tag:9AqRnzwUxIV/ClJATxz95g==,type:str]
lastmodified: "2023-10-11T05:09:24Z"
mac: ENC[AES256_GCM,data:DJyMioOlgRFvRcjy6YNJdmEWSEk3XoChdmzYl3NoCjFj6Xe1wegYJ3Z2dPfPeY6kBrRyKeOg1Yfwwkjc8aj0TZCVVvlgV3q6CRFq7kk7e2wOUCo+Xz28XEL3S+mRMJWp8YYV2P3daS8HRfM72yC7t5JLuwCbyzu/CnxQVB2oxD8=,iv:f7zbYqwnySDg2tJc1CgRfQU2PCK2IbfMVMWsyZKlGNU=,tag:RRCXacPwq7IFv0+mcEdEXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

20
secrets/vps7.yaml
View File

@@ -8,14 +8,18 @@ nginx:
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
misskey: ENC[AES256_GCM,data:eT0zEdnFyNNr7G6QMn5JpTa5M+iI9B4HdvPLvfwCGRZ6MyeYrpsO97B2V0YzIaJAi2Md20hMgJdD6BVXcDp9pA==,iv:e/2/ITEHCKATyAtGxWm9hJ8T/pcV6Je/RgU1AowXEfs=,tag:Ohdxg2Y/Hl5ewrv0Kv8ywA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str]
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
postgresql:
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str]
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
@@ -35,6 +39,12 @@ nebula:
key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
vaultwarden:
admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:1rglLrLtRf3yXQwfHDMZLewk8ueIbMFOC+1mtoAyLKnDmcQAoEQZ1vHw/hpKkFXJQ+QyX3sP8eUjRXuBEIVl3A==,iv:lfEGPEw9ybSdOYLDdaGCLXKgCvgRxn3k9eIy2DJHDYU=,tag:j4qRexbEAgK5HAGhr/wxfA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -59,8 +69,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-16T06:00:05Z"
mac: ENC[AES256_GCM,data:1+Uqp+nb1zIkKVQzQWlEVBv3hAiBknHJSiVdEPxj4IzAAWc1okSsh8QYRkTA5WR54BL6I7xerITLvaqAIF1cNnmkZJ/bbbgXuQgwrrRfqDKzxOmtblQDxFO6A815VreLTfWjZN6/h3oEzH4DW+xRtd+js4n5L+nyLMee1O9kOi8=,iv:s6QN07djU9PAA2WRZ4xw2O0iDKqzmaEqVyRmeRoHNXE=,tag:y/KjOdf0cXl2XQbibjrVPQ==,type:str]
lastmodified: "2023-10-04T07:35:42Z"
mac: ENC[AES256_GCM,data:fa8ZjjFpm+j+HJtT1yv9Oyhdw7o9fQji6p9rAf+kBx7hR5mzVFO7hnH5a2Lbuw/cWuow8jSJjrVf1eg1ChXaL02GM38r8bnJy6Xwp/Yqg2crddrEIwzlS3yjkWWB1L/tPcd6VqWHmfKtPHaUpBtpOX6QarBTJ5xhh28E913im4U=,iv:v7CT8PiLpddOJvs44aRxsJ5iIgjOdOCKHD/FHsF2sII=,tag:R1PaS1g3yNk+yjMjXisqBA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3