mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 07:49:25 +08:00
Compare commits
79 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b84367f6b4 | |||
| e2073802f1 | |||
| fda4d2e864 | |||
| 7b3e855e21 | |||
| cc6e6148ba | |||
| 5fb6cb0184 | |||
| 0fca3c517f | |||
| a6252ee320 | |||
| dc354dd6f4 | |||
| 0709454a21 | |||
| 0d6bb32e12 | |||
| c325474822 | |||
| b788e792b3 | |||
| dfc8f433f5 | |||
| f7c4cb4b62 | |||
| ae563d12fe | |||
| 95ad9352a7 | |||
| a420681cfc | |||
| 791d3fa06c | |||
| 3ff3285708 | |||
| 2096a8e2e4 | |||
| 7e47019aea | |||
| 24e4420a57 | |||
| 76383ad9cb | |||
| 4fb4df63cc | |||
| 5cff64305d | |||
| 71715cc16c | |||
| 7dac9a2668 | |||
| 1770f8752c | |||
| 43ba59d390 | |||
| 16fd1b23a2 | |||
| 7cc3319c1c | |||
| bec274441b | |||
| 55b62460f6 | |||
| 3f81e70297 | |||
| d9c9ecad39 | |||
| 61b9c4a45a | |||
| 1fed97e2a1 | |||
| 65ad4ec686 | |||
| ab76703044 | |||
| 5ee94c9bb8 | |||
| 909ae871e0 | |||
| ee98d3bf21 | |||
| 327a7918aa | |||
| c0cda4ecd4 | |||
| c101334c9e | |||
| 68f209b6d3 | |||
| 7aedd71136 | |||
| bc18c3d293 | |||
| 47ab23c4e1 | |||
| 17725727bc | |||
| 024598227a | |||
| 52b9ed4441 | |||
| 7d27bad072 | |||
| 5944409604 | |||
| 198fccc7bf | |||
| cf3882becc | |||
| c80617c6c0 | |||
| 4fea6edcad | |||
| e574916fd0 | |||
| e72bec278e | |||
| 515b6eedc1 | |||
| bab49afeb3 | |||
| 8faa50a427 | |||
| 72912c67cf | |||
| 7bf49c8180 | |||
| a175f0b361 | |||
| 53d250fb17 | |||
| a9722a6205 | |||
| d8d6592253 | |||
| 03e205d93f | |||
| 4546316f22 | |||
| 5a0bf76710 | |||
| 4600e2e3f1 | |||
| 575943c869 | |||
| 93fc9897da | |||
| adb1b2a560 | |||
| 7e38ee602e | |||
| 3a7668549c |
@@ -24,7 +24,7 @@ inputs:
|
||||
};
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
luks.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices =
|
||||
@@ -62,6 +62,7 @@ inputs:
|
||||
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
|
||||
wireguardIp = "192.168.83.4";
|
||||
};
|
||||
misskey.instances.misskey = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -4,6 +4,12 @@ acme:
|
||||
token: ENC[AES256_GCM,data:OrYgBRU1VPpkpDzYMFHINfPSHsXEKABdZOcgiAiBJKcreBoaSVHUvg==,iv:XIeZPJhzmUi5ZHKBCYN5UA9HWH1K+26SvcIWVrHAYDA=,tag:3F93syLBZjcHwnRRkUEjlw==,type:str]
|
||||
wireguard:
|
||||
privateKey: ENC[AES256_GCM,data:VPlB4wSbWqSYw3rYRwfAMa39xrPcPZfz7sV2Cq3rmOhifnUPwggxnA+51do=,iv:utnyrB6Yfe5O94Oq4HDVFm/lQ9ZBoyvUT68r2G2PdwA=,tag:snm01vA+z2yKK8d2i5i2ig==,type:str]
|
||||
nginx:
|
||||
maxmind-license: ENC[AES256_GCM,data:ezBawTyn+oPKKy6sQuj2BQXhnO4PTbxYWRpQR9URCxqD7bFlnmWU1Q==,iv:eD4yLDA209x6HFtDaqyj8kRxTImdyZCgOminHWb9vt4=,tag:mx+qPp4L9jHRvL90XH1RwA==,type:str]
|
||||
redis:
|
||||
misskey-misskey: ENC[AES256_GCM,data:daHnurnqW0MI2uHd3gNT+ZczmytRdwBSsHGkCwNH9hJFMJW/U56HtjG5ivOQzYprWJ5uzgN98ivocbwzJEAGfg==,iv:aE9kvEErN06FNPPFQNchbmg/+SJCKT3QzCN/JTlZovk=,tag:iMo3MTssxKKT02zi8gCZPA==,type:str]
|
||||
postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:QhsmKzYmAV0kGPhtRjTK7npt/Nop5JM9EFPpD8K6KfUJ48w+r+4vTORmERu7D2+fE3XDXxNZeSJg//bGxMmhfg==,iv:qkjkrqepjQ4kbwoaceQSzEP5TjLsiY7ih/ESj5RFpHw=,tag:UtZVW30xcsbGUjU2HjoUvw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -28,8 +34,8 @@ sops:
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-24T05:14:57Z"
|
||||
mac: ENC[AES256_GCM,data:9xKBuoVeotcZfiqsKg+iXxOc5BV9kGVvR5f9Anu6DauBceYIBxgeVCDU3dRUPz67MkOK/n2w9+gLchQxUyK8G4ECRTESL+GKpZslNVThb2j6vswLXNBHqsQCoQBlYOiKw5ZM1gpdYJPni8qpsdGvTwc5JkW+FH6v1BdZWaUhc3U=,iv:SyLiMXsQhS+8FFlSMXiD9ETD+mIsz6mePXnJzBODK5g=,tag:YpiU58lJ5Nb78EMyEmJdbw==,type:str]
|
||||
lastmodified: "2024-10-05T02:43:05Z"
|
||||
mac: ENC[AES256_GCM,data:NyXFwcVCCRfU+QSJVwov38SzRag1vhgfyQ0xtOheKtK/UaA+2Vqiqatp/lKWeri9ltpw5xWBYQnmE6aBHEkrj5RvoXeho3CUWiSqsB/3COn3FSfXGGJ2M642dnCtWqHfTrGNW7bhq/lBisODvtv+SAs108R5yYXhXWotUs/p+W0=,iv:Wsel2unj5X/dBCwt5sLzHmUIqm9c0uqzzpfnUkxq5cc=,tag:a5/I8GWuUOy4F4lOx9TH+w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.0
|
||||
|
||||
@@ -13,7 +13,7 @@ inputs:
|
||||
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
decrypt.auto =
|
||||
luks.auto =
|
||||
{
|
||||
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
|
||||
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
|
||||
@@ -23,7 +23,7 @@ inputs:
|
||||
resume = "/dev/mapper/swap";
|
||||
rollingRootfs = {};
|
||||
};
|
||||
grub.windowsEntries."7AF0-D2F2" = "Windows";
|
||||
grub.windowsEntries."645C-284C" = "Windows";
|
||||
nix =
|
||||
{
|
||||
marches =
|
||||
@@ -41,7 +41,7 @@ inputs:
|
||||
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
|
||||
"alderlake"
|
||||
];
|
||||
remote.master = { enable = true; hosts = [ "xmupc1" "xmupc2" "srv1-node0" "srv1-node1" ]; };
|
||||
remote.master = { enable = true; hosts = [ "xmupc1" "xmupc2" ]; };
|
||||
githubToken.enable = true;
|
||||
};
|
||||
nixpkgs =
|
||||
@@ -62,7 +62,7 @@ inputs:
|
||||
gpu =
|
||||
{
|
||||
type = "amd+nvidia";
|
||||
nvidia = { prime.busId = { amd = "5:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
|
||||
nvidia = { prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
|
||||
};
|
||||
legion = {};
|
||||
};
|
||||
@@ -77,7 +77,6 @@ inputs:
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
private = true;
|
||||
hostsAllowed = "192.168. 127.";
|
||||
shares =
|
||||
{
|
||||
@@ -137,13 +136,13 @@ inputs:
|
||||
gpus."4060" = 1;
|
||||
};
|
||||
partitions.localhost = [ "pc" ];
|
||||
tui = { cpuMpiThreads = 4; cpuOpenmpThreads = 4; gpus = [ "4060" ]; };
|
||||
};
|
||||
ollama = {};
|
||||
waydroid = {};
|
||||
docker = {};
|
||||
};
|
||||
bugs = [ "xmunet" "backlight" "amdpstate" ];
|
||||
user.users = [ "chn" "zzn" ];
|
||||
bugs = [ "xmunet" "backlight" "amdpstate" "bluetooth" ];
|
||||
};
|
||||
boot =
|
||||
{
|
||||
@@ -169,6 +168,8 @@ inputs:
|
||||
};
|
||||
# 禁止鼠标等在睡眠时唤醒
|
||||
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
|
||||
# 允许kvm读取物理硬盘
|
||||
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
|
||||
networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
|
||||
services.colord.enable = true;
|
||||
environment.persistence."/nix/archive" =
|
||||
|
||||
@@ -17,14 +17,13 @@ inputs:
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
kernel.variant = "xanmod-lts";
|
||||
gui.enable = true;
|
||||
};
|
||||
hardware.cpus = [ "intel" ];
|
||||
services =
|
||||
{
|
||||
snapper.enable = true;
|
||||
sshd = {};
|
||||
sshd.passwordAuthentication = true;
|
||||
smartd.enable = true;
|
||||
slurm =
|
||||
{
|
||||
@@ -48,25 +47,27 @@ inputs:
|
||||
{
|
||||
name = "n2"; address = "192.168.178.3";
|
||||
cpu = { sockets = 4; cores = 8; threads = 2; };
|
||||
memoryMB = 30720;
|
||||
memoryMB = 61440;
|
||||
};
|
||||
srv1-node3 =
|
||||
{
|
||||
name = "n3"; address = "192.168.178.4";
|
||||
cpu = { sockets = 4; cores = 8; threads = 2; };
|
||||
memoryMB = 30720;
|
||||
memoryMB = 38912;
|
||||
};
|
||||
};
|
||||
partitions =
|
||||
{
|
||||
localhost = [ "srv1-node0" ];
|
||||
old = [ "srv1-node1" "srv1-node2" "srv1-node3" ];
|
||||
old = [ "srv1-node1" "srv1-node3" ];
|
||||
fdtd = [ "srv1-node2" ];
|
||||
all = [ "srv1-node0" "srv1-node1" "srv1-node2" "srv1-node3" ];
|
||||
};
|
||||
tui = { cpuMpiThreads = 8; cpuOpenmpThreads = 10; };
|
||||
setupFirewall = true;
|
||||
};
|
||||
};
|
||||
user.users = [ "chn" ];
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ inputs:
|
||||
{
|
||||
system =
|
||||
{
|
||||
nix = { marches = [ "cascadelake" "broadwell" ]; remote.slave.enable = true; };
|
||||
nixpkgs.march = "cascadelake";
|
||||
networking.networkd.static =
|
||||
{
|
||||
@@ -17,11 +16,7 @@ inputs:
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client =
|
||||
{
|
||||
enable = true;
|
||||
dnsmasq.extraInterfaces = [ "eno146" ];
|
||||
};
|
||||
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
@@ -30,31 +25,20 @@ inputs:
|
||||
publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
|
||||
wireguardIp = "192.168.83.9";
|
||||
};
|
||||
nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; };
|
||||
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
hostsAllowed = "";
|
||||
shares = { home.path = "/home"; root.path = "/"; };
|
||||
};
|
||||
};
|
||||
packages.packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
|
||||
};
|
||||
services.nfs.server =
|
||||
{
|
||||
enable = true;
|
||||
exports =
|
||||
''
|
||||
/ 192.168.178.0/24(rw,no_root_squash,fsid=0,sync,crossmnt)
|
||||
/home 192.168.178.0/24(rw,no_root_squash,sync,crossmnt)
|
||||
'';
|
||||
};
|
||||
networking =
|
||||
{
|
||||
firewall.allowedTCPPorts = [ 2049 ];
|
||||
};
|
||||
# allow other machine access network by this machine
|
||||
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
|
||||
services.rpcbind.enable = true;
|
||||
fileSystems =
|
||||
{
|
||||
"/nix/share/home" =
|
||||
{
|
||||
device = "/home";
|
||||
options = [ "rbind" ];
|
||||
};
|
||||
};
|
||||
# without this, tproxy does not work
|
||||
# TODO: why?
|
||||
networking.firewall.trustedInterfaces = [ "eno146" ];
|
||||
|
||||
@@ -4,6 +4,27 @@ xray-client:
|
||||
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
|
||||
acme:
|
||||
token: ENC[AES256_GCM,data:k5QU1aHvd/hSG4yncffSwnxQvhULHd0I8wtrXD2FcOH3SWswkmzMOA==,iv:WB18Wsl0nxUQ6Om3SXP5+0BtFbNZ8fCXTyPJqj6a9Ik=,tag:dKpr52W7Wdwws87r3hQxqw==,type:str]
|
||||
users:
|
||||
#ENC[AES256_GCM,data:rNA32tcCmriP,iv:No3Hyee58jDzZaXOD8SJYzgQXXs58oAddwC5Q9mo55E=,tag:RgZO7fgZkAr3Pawqt0dwmQ==,type:comment]
|
||||
xll: ENC[AES256_GCM,data:kq6gpuxBRbDP7Yi16WJrrsumnSfersI2kP5pT5efn5CjbL65JaW/Bff9P4OM6b3J21ObT0uRSmParBqW4OvN/UA4KXDhibqwRg==,iv:GvpNgy8kREgxp9v0cyIobgg2ZrrxylMmwq1hRaAoNA8=,tag:RpD/1FjWVglzt8sIAjjpsg==,type:str]
|
||||
#ENC[AES256_GCM,data:nl+uNO7GVV4r,iv:8hUmN4uWOqJE0g1aYA5dqQq+0oCpYGKe//yuECpmyBM=,tag:79XibRYMadJNE5Uy1O+4Jw==,type:comment]
|
||||
zem: ENC[AES256_GCM,data:t6zd/9ZoJWEkPhKyfaUXWQM2Y2unpUUq79SEKSt8nmWCQxlBk4PzMX031CwNde/0A4G3ARyIoU8vcFqp8NaBMA64INccKccrGQ==,iv:QOKpu7lm6uiPACNGa0QvHP81PP/4doS3r95h8/nexcs=,tag:J85l6pYh9WT/LyMbTrw+vA==,type:str]
|
||||
#ENC[AES256_GCM,data:7SGmLzQyXKWo,iv:lr7nM0r7eMc+sCNO8OgwwELH41zTk3W/1i+0rnTc+9s=,tag:ZOkLRhEsFXX6bODu6wUyiQ==,type:comment]
|
||||
yjq: ENC[AES256_GCM,data:8TF316O4M3UDoSA7rjBn12vUdHOcWXtrvuhqa6K65NaMhHU9rMrPHEikr0tqe5B5ojhh8PRRe+X/Dq19L4rJXThRfzdhALZzsA==,iv:2plZ2m0JuuUMQqYnyETCPH9x5jnLtNl396zvv7ay++s=,tag:X7YSLQOE9xnC63RWCht3GA==,type:str]
|
||||
#ENC[AES256_GCM,data:yclOn8oHwLYQ,iv:Ba7Q84z6e9/3lv43wdN+bd/aqO/y5qR5I6Z5O6o7U6E=,tag:ecaNN9MgZqDYBCbTlsOZtw==,type:comment]
|
||||
gb: ENC[AES256_GCM,data:piD2eh5iUXnCEkEyDULPkjbEG4Uc4izoVAuscbb9TPr7Q9WhCJX3FGRYrQp/wmZQ6UETR1jTejtbT9j/kI96BcN2onlwO/lqvw==,iv:oFWeoDp3GQA8aR+/AcJnhkovOWx7MgHoCKy5xdPIJMo=,tag:n2E+zuKckNAU7mOCJW+f1Q==,type:str]
|
||||
#ENC[AES256_GCM,data:hfcOjdrvK+YD,iv:8rUsS1exsOx+2YEgdATNcWGKqmaCNbpY1EEq1Gv1utE=,tag:Z0lq2ctHBWDtx2tyxOSIBw==,type:comment]
|
||||
wp: ENC[AES256_GCM,data:DUfGQpSg79W8KD/SWC2B4FqoPGoCrd1miczAQR5YApD00QopMmeDR28uTmHru2KU9DsjkdnWEbgfM49CwXt5FFJennqW36oYbg==,iv:D9+3CMZlJIHm+u14rAEikQoBM3jBQN8Lnx22DN2EIg4=,tag:ZegZmI1kf7Whcw3EE9dwPQ==,type:str]
|
||||
#ENC[AES256_GCM,data:6pwUu43Lu5/h,iv:lZQ5F8v9VZRGuUoEMH15JLvx40N08ahTEbdEoKEuvsg=,tag:zPMQy6d9/RcukBO1cyeM4A==,type:comment]
|
||||
hjp: ENC[AES256_GCM,data:dqoQ9hUbptm0//mlcFRrqLh1NpjxFPH+4jeyMG/x9Zvkszw7d71jvkO8KEPBfKnXpPBP2lvFyEqooIMWQJPYiIszHt2f0qSC7A==,iv:5nRcsaylcx74tQR1KddEpZUhmcynMvdHCcJYA7wfJnE=,tag:bGVKD1aDZJUlFg/zagP/eg==,type:str]
|
||||
#ENC[AES256_GCM,data:Idordi28++/e,iv:5TR6Z14yluxPhrD7ye2mXEQpD53qS9/ZJIZ+S1sTqco=,tag:IkmLWXdxDmFQxtpJxL61pg==,type:comment]
|
||||
GROUPIII-1: ENC[AES256_GCM,data:JuNtb5SRUrxfyjWFn3Be7EU51j/HlwiOpuN0m+Picf/2Bs97kflGnqGKstVRIjWEn4WzqscSaLRsbP9uFfSBHeJ152xfyOqkww==,iv:mQvIC6v+1fziRDYHYSFMOKof1ZcoFskpQDiCAF35sa0=,tag:0IL2VvdMorgE6oziscAB8Q==,type:str]
|
||||
#ENC[AES256_GCM,data:kyJP952K5atd,iv:TLMUPKshuWqbQ6koiZ9eTXcoDS3jLXYy/gCZbMGrRl4=,tag:M2tLLogovoG2PCojt9CJ9Q==,type:comment]
|
||||
GROUPIII-2: ENC[AES256_GCM,data:ifWnLx1YEewdviqHK8fdesM3c1m1T4g6twnz1cGv1yc4jit68pQWLrRMivdsM4tUcyU9GKwCaElVlvh+dgyy8EZQPKCbvJX6GA==,iv:T5FWReeZ0QOkGJiNfrVrUBhAhbXxlFQJKqQV2tzw9AQ=,tag:XClXGZDWGuoGxzPW7ne2Pg==,type:str]
|
||||
#ENC[AES256_GCM,data:t8QUVYG4v7fE,iv:N8hDAV7wulPHcfnYTXuZRhb9dQPZqKpfMKK1+ITaZTA=,tag:eKMJDOmqoWWQbv/mm3LaAw==,type:comment]
|
||||
GROUPIII-3: ENC[AES256_GCM,data:VlAA+g7SRZyhPSl0Gd1KS7dCwNgRA/o+d8anN88A7E8bSE1ckeTSp+J4YrbbUlLasLhliOZ/nDC0rti+hckGCrjMwweMorSIWg==,iv:7u1yNrN7uxHCF1MsJ2qt1jyQ0ZYYCYKUHwRff50P9oI=,tag:3raCWjdButfmcdy8mH25Jw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -28,8 +49,8 @@ sops:
|
||||
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
|
||||
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-15T10:53:47Z"
|
||||
mac: ENC[AES256_GCM,data:0bZzNFEh3hRHLLImLLxYiN82QW4JAiyvuzRtE2MH8xa+VAE1kKy+ceED32zhEKl/yG/9lbGaz0bZz/+ouZyBd6ejvAbOaHZGRc+GY4VyLQfvpEx+7W19VVTGW1Wsae1zQv6WAML2cRsSbZX7FZNTGnTH8YKC9nXB+y+RTOtR7x0=,iv:+t1Agt5UmaloJ45onPWbcqu5geHNaMwF8WojmZeRiY8=,tag:IZbqzVl6LVVaJUHJSYkY4w==,type:str]
|
||||
lastmodified: "2024-09-29T06:38:23Z"
|
||||
mac: ENC[AES256_GCM,data:n7MVBKCUW4xpIiVO4ysBqlG89LjzpDBx9GJWQTrSenLWV/YrIGUxA6QDlRg7yhqV9ldF9Q7hDve1KHw7OxKRx5ot5OZiD3Bq3TwJfS2DarJ2vi9oc1J+CXXach8gp3m4C4RkPJ/y1i3jB2nRfSw5Z/TtdPMbvGXlHh+hhriAqxM=,iv:tyBcXMZzgeUOgYJtU1XkptPOlNoFwH+4z6xTD89aKOw=,tag:apXU989ZL+D8WhWKFTdXTg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
||||
@@ -7,52 +7,22 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
networking.networkd.static =
|
||||
{
|
||||
eno1 = { ip = "192.168.1.11"; mask = 24; gateway = "192.168.1.1"; };
|
||||
eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
};
|
||||
networking.networkd.static.eno2 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
cluster.nodeType = "worker";
|
||||
initrd.sshd.enable = true;
|
||||
nix.remote.slave.enable = true;
|
||||
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
|
||||
};
|
||||
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
|
||||
packages.packages._packages = [(inputs.pkgs.runCommand "master-system" {}
|
||||
''
|
||||
mkdir -p $out/share
|
||||
ln -s ${inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel} \
|
||||
$out/share/master-system
|
||||
'')];
|
||||
packages.packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
|
||||
};
|
||||
specialisation =
|
||||
specialisation.no-share-home.configuration =
|
||||
{
|
||||
no-share-home.configuration =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
services.slurm.enable = inputs.lib.mkForce false;
|
||||
system.cluster.nodeType = inputs.lib.mkForce "master";
|
||||
};
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
fileSystems = inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType == "worker")
|
||||
{
|
||||
"/home" =
|
||||
{
|
||||
device = "192.168.178.1:/home";
|
||||
fsType = "nfs";
|
||||
neededForBoot = true;
|
||||
};
|
||||
};
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
|
||||
boot.initrd.systemd.extraBin =
|
||||
{
|
||||
"ifconfig" = "${inputs.pkgs.nettools}/bin/ifconfig";
|
||||
"mount.nfs" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs";
|
||||
"mount.nfs4" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs4";
|
||||
};
|
||||
services.rpcbind.enable = true;
|
||||
# make slurm sub process to be able to communicate with the master
|
||||
networking.firewall.trustedInterfaces = [ "eno2" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,4 +1,24 @@
|
||||
hello: ENC[AES256_GCM,data:wA==,iv:kLAdTomvGSJRmZiO916Ort8crRCp05vlSamVMJ/gLbU=,tag:QTxIe+dhLWVljw9Svuu7Tg==,type:int]
|
||||
users:
|
||||
#ENC[AES256_GCM,data:dgM035YLtZfl,iv:h7pHQ6YFa4hxcHMihQTegHmkaCMlfPtqdCqvJxSsXt8=,tag:V2v9C2TfErIOAihtTQpnSw==,type:comment]
|
||||
xll: ENC[AES256_GCM,data:/YL4vowFLFbbYv06yaKWZH5UNBKs0L6LQ+6O0IsiUZpgW5fGfp2A5JTlH6ne7RGyyTE4GNId0MC7byQbTHHwO+5zVYWpzjDCfQ==,iv:5/VKGsIohoutZf3F4Qj8PruAXSivQ0zsg1pwLwZbCLs=,tag:/vsrCISEbgQ7HnubWOtKow==,type:str]
|
||||
#ENC[AES256_GCM,data:oT8PFxQdwEt6,iv:eD/wF2toUAT991S0aO7NklpKSnMDH40+73IhU83H9t4=,tag:mxxAUdfHgC/hlvmLc2MlAA==,type:comment]
|
||||
zem: ENC[AES256_GCM,data:RpmSTr2ZKfUNWg5vYbKB00AG18GNQs+kgx82E9Mg5hoc3HKmbAyIzjxloMn/Bw3MOTnof6Cf1ZzVCs53Wz8YbZFClLEVdKhMKA==,iv:NQJQOxQa/RaGzvGgarq5kWL8ojB1bejEiqJUCJLxgyU=,tag:8cFFQ5kKpZji4YvEYOyzOg==,type:str]
|
||||
#ENC[AES256_GCM,data:keNqy5SdClQT,iv:N5LX7VJEwLHQ5HsFINs6LupP3rv/XAWFR2e/S52N+Oc=,tag:cqBh1bL1jAEk3mT0pLDd5A==,type:comment]
|
||||
yjq: ENC[AES256_GCM,data:TagWplgUyhaEAuFpup0TRIxWXIEGwsG/V+gOo/pXSGor30B/BF7+wVozYTZ/iSN7OJJw8I7IZGvxvh0v01BGz1RQO6MEEpSj5A==,iv:TeXXYlhfae78cJFdZk0Nnm24sP43wi9UM80vHwKfXFU=,tag:lhae9Ona5OMlTBAJg3PiIA==,type:str]
|
||||
#ENC[AES256_GCM,data:jmRMNpJLMqEo,iv:UOfzRSPDFsJ52sa2FVaQsVcU2P2bOYPzh4JLZ/8+hCg=,tag:8rCEYFELB2geXhfUjfZ18A==,type:comment]
|
||||
gb: ENC[AES256_GCM,data:RneeGyzmdxCceKPzOHaTtS1l6NzuS07NYBxYrLICMLWHPog08FTINWEZx1JmqbAloVna3wE43kPPa9s1w3VbtPBhzRpTVZfUtA==,iv:1vu79FhPiWQ2/G5xzzBdyc790yv/aYKIQFPhaDpBmoA=,tag:vkpT1bDfVufBkDmOs7RomQ==,type:str]
|
||||
#ENC[AES256_GCM,data:swW/4Fii+fHz,iv:9UZ8W6RY+n3XZkDCxSP/CQQn1Ji+mo2aqgmG9wTF/I4=,tag:2ifOyc0oGzM1iM3rouvvMw==,type:comment]
|
||||
wp: ENC[AES256_GCM,data:/cIBL7orNYqu6Ybahdd1UVdTbS1SHr3GGb3ib4FDxPUlp/Xr4ARMX+01N6pOahVYwE8Hwp6nr4TdvwFpe2/AE6v2rbyclSzJgA==,iv:ZGwmAgwiC15K5NhajLCTiuW2mLT2gt0KUicDFmMY+JE=,tag:8rcoY6/weOkML90FyDfiSw==,type:str]
|
||||
#ENC[AES256_GCM,data:6KbDgRf0Lmsh,iv:2vhLHgIzhCrdvQ7w6lCPKOmLlOVRJ5gJ+Pw5NSiMVVc=,tag:E6PwWCsUn3tZwV95zFbwhA==,type:comment]
|
||||
hjp: ENC[AES256_GCM,data:0hzP2t4ck/0GVa2OoZxETCSQvp0QYN+0MJYl5aJ5hzSOXbwBPlTcIbjckpWDacx4iKGw+skhv1Nhz9lGrhgvddzqb/o1GWkKUw==,iv:OzKTIxDm+AgDAy4rP31kts0PKHuNqBZWc0Vsvh6X8CY=,tag:7Y/6qP+TJd1o0a96gKq5JQ==,type:str]
|
||||
#ENC[AES256_GCM,data:PQmtt6/8T8Nm,iv:ZDUkaQts3hUQ1nncynoGw8gNV9jYvnXz9rOaqRC6yLE=,tag:jN8sUWnqoWbMlkLEqVKNkg==,type:comment]
|
||||
zzn: ENC[AES256_GCM,data:YNB9leH/qgXpApA+bnsZiBlfbQSEiOoqhDgKCbwz33zPVc8KRShSS4kWEseiMlYLv7Kfbfy94cEKLOaWBjuRmMrODmC3HZ+rtQ==,iv:Ju02Sz0PHoBftz2W818hmXQ3J/fzLacWv+gy4eGXvjU=,tag:B6mvgWUclyHXgno07jhXQw==,type:str]
|
||||
#ENC[AES256_GCM,data:UVi9/5NV0ySV,iv:E7ZZvvf6lNJdT4esykilJxhpTu7gqmu9w4w8rII/RSk=,tag:pnl3G0qt7ZzXlA9YWo7LiA==,type:comment]
|
||||
GROUPIII-1: ENC[AES256_GCM,data:M4LHqgN/WYk9Nh7Pawft1tplh/FiADu6GoyImyLGBk8rbNNLT5AXuNYGj97tVYxI0Hwek+zhnmcjAWdDtmkVzE7TcD1WAZbkTA==,iv:GN/jHnEikITXkLRR/tXnhYiTE5bIDOg1d9DrYeASoY4=,tag:hkoAHHYX+q1topjXkRyK2g==,type:str]
|
||||
#ENC[AES256_GCM,data:EVL/9hYcFl4F,iv:EZ8PMqklNEky0i940vwyQFXrgBoQRwwGDjBgRB18KGg=,tag:cnQzCU7XZ0EO6ojGaEk4Dg==,type:comment]
|
||||
GROUPIII-2: ENC[AES256_GCM,data:7HOyyFtPjhxtvz3cG561aslZ1Ct+DmR290XOxz34sA/vyA+gjvHTWoIpKPGVzSU8vGfaLLV4ta/nOUsK/VfUj00ngwTdkEDkrg==,iv:rkDAE24gaE7MzOcIUX87oMyK6ra0Pt/vUNrIV9p7aFY=,tag:24NTkSu8Fd785uC2Lwr2XQ==,type:str]
|
||||
#ENC[AES256_GCM,data:sa3uVs8+996Q,iv:eN3S4x/UROkZWV3U2pZpvULgoPdh42lM/Q+jZ13ohsk=,tag:IG0q/+ti4tthAejVp7MCPw==,type:comment]
|
||||
GROUPIII-3: ENC[AES256_GCM,data:jfeQWLGUWK4xfgRtS9RjjN76D+JLqTF526SI0XeYnUXtCsKhJYE88hgVnn7m/Af9g1OCj08+UDsM8cyKOJj3+m6h+IZQzCS4bg==,iv:Syf3SYAFvOtfOy4PeA/PcYbuUnABk6f5A+OmZYtdwv8=,tag:cib1RuKxGffjB7R5GSxotA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -23,8 +43,8 @@ sops:
|
||||
R1BkT1hoSWo1RlJnU0pCdTFYbDFoZmMKKF7cND1jSo+neTTJ+GwW4T0RTOX9mbME
|
||||
58wjAtkrKSD2vDFMQ/vtPNiohAt6RMdClLVm50yh7Oh961YmvJYnbA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-16T03:04:24Z"
|
||||
mac: ENC[AES256_GCM,data:2uq4QvP4l+WvV5G1FOj9nNmC9ZRvJcLUsLU0/Wrh7b6f+30g0lkw5M/WtHFd9CjrfB1O98Cvm3Y3ABsSTue5OLuAjACc+Jz5wvRbuLkWRNRU4HNdaAJIzN5Fqd6w+SR8vzLCe+NTcDlhEjdD0zcrRGD4+aM/cnn228sCTtRw1JY=,iv:MhHsNC/VJVPI8LVN9xuY4JZFlinuDI3C3Igo/O9/gbs=,tag:4jIbeOwspn7yZCrn8xKVrA==,type:str]
|
||||
lastmodified: "2024-09-29T06:38:35Z"
|
||||
mac: ENC[AES256_GCM,data:UWDwXUfk4R9CfgU2gv1NZsusLq5+VTsvjGQNst99MuxLz4sox8CZuuYsDLB2dobKrJua107yqhbM8Ps42JJVHZEf3WHqP08tRbdIWNVoakYR6UJlNS3WZVR+LlheQI5PfJqPqa7VFgZeSVm7weIPCHqvHt+ak76oyJK1VsI0f+k=,iv:VL9s+LUA/TrOsJNQWC0/v0Yh+hT8uh2vitc9h1xHBEY=,tag:iA8yMpm+0ANAC+2BLN9Agw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
||||
@@ -7,49 +7,38 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
networking.networkd.static.eno2 =
|
||||
{ ip = "192.168.178.3"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
cluster.nodeType = "worker";
|
||||
initrd.sshd.enable = true;
|
||||
nix.remote.slave.enable = true;
|
||||
};
|
||||
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
|
||||
packages.packages._packages = [(inputs.pkgs.runCommand "master-system" {}
|
||||
''
|
||||
mkdir -p $out/share
|
||||
ln -s ${inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel} \
|
||||
$out/share/master-system
|
||||
'')];
|
||||
};
|
||||
specialisation =
|
||||
{
|
||||
no-share-home.configuration =
|
||||
{
|
||||
nixos =
|
||||
networking.networkd.static =
|
||||
{
|
||||
services.slurm.enable = inputs.lib.mkForce false;
|
||||
system.cluster.nodeType = inputs.lib.mkForce "master";
|
||||
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
eno2 = { ip = "192.168.178.3"; mask = 24; };
|
||||
};
|
||||
cluster.nodeType = "worker";
|
||||
fileSystems.mount =
|
||||
{
|
||||
nfs."192.168.178.1:/home" = "/home";
|
||||
btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
|
||||
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
|
||||
};
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
};
|
||||
fileSystems = inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType == "worker")
|
||||
{
|
||||
"/home" =
|
||||
services =
|
||||
{
|
||||
device = "192.168.178.1:/home";
|
||||
fsType = "nfs";
|
||||
neededForBoot = true;
|
||||
xray.client.enable = true;
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
|
||||
};
|
||||
packages.packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
|
||||
virtualization.kvmHost = { enable = true; gui = true; };
|
||||
};
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
|
||||
boot.initrd.systemd.extraBin =
|
||||
specialisation.no-share-home.configuration =
|
||||
{
|
||||
"ifconfig" = "${inputs.pkgs.nettools}/bin/ifconfig";
|
||||
"mount.nfs" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs";
|
||||
"mount.nfs4" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs4";
|
||||
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
services.rpcbind.enable = true;
|
||||
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
|
||||
# make slurm sub process to be able to communicate with the master
|
||||
networking.firewall.trustedInterfaces = [ "eno2" ];
|
||||
# add a bridge for kvm
|
||||
# 设置桥接之后,不能再给eno1配置ip,需要转而给 br0 配置ip
|
||||
networking.bridges.br0.interfaces = [ "eno1" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,4 +1,26 @@
|
||||
hello: ENC[AES256_GCM,data:/WGwXDnQio1BwD/zPoURTjVzTasWICOA7CBsgT5DbYIkKLt5DxzogeYWpiqjVg==,iv:BY82U/y9V8PYtn3Bre+nabGBcVgFbppIQZb7GhgY62I=,tag:JFqrezoWNJ8ZACCKQ43n5g==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
|
||||
users:
|
||||
#ENC[AES256_GCM,data:bAA1+Mx9xsFr,iv:5GWh+DyuRydCKm8K1kaiTJIt4ReEugHFnKYfan6RAE4=,tag:VqcWjIMIYhkSj6f/ZclTVw==,type:comment]
|
||||
xll: ENC[AES256_GCM,data:lqzwlETuKuKa2wh+ickMFiWyprcnIBfRBjri+NWoltxib/LWzEEbyetRc4AKyVaBiDhsOTw6MazPNy2mhcAFwb6pM+QKce5ntA==,iv:VaGQux8MJNPZeHwDpM+yJ47XvOul0qRE8xVdSWjYRhY=,tag:rBWdTPmJX9YsP0l1FtVbJw==,type:str]
|
||||
#ENC[AES256_GCM,data:AgppEXaJcXhQ,iv:gI4nUzfy7w9yqaWlT1NYk1cHdErCJsrlilwYSGxxCdw=,tag:/A6zwbvQdhX9MLfAdXIVqw==,type:comment]
|
||||
zem: ENC[AES256_GCM,data:t0rCwed8EzXbEuwTabzSLUd/Gln3YD9IT56JNVHwlodAvFYwtTDJe3cy7K17TmIkL1Nk/hAGzQ2BIZJxaKq7A5pSNIUO1zqMUQ==,iv:jSKCoNKQ5a91kK19w5mE0lJ9lh391ACq64UtLvJ4kLI=,tag:d6+IrgLyCw05vvLcCF5+yQ==,type:str]
|
||||
#ENC[AES256_GCM,data:s39KO3hHcrOK,iv:ICtP2r9JMjcieHZdyHpj5Z1DympJUcHq2jPpjUwSOzM=,tag:Es3YS+mEg5I3SIujfs50jQ==,type:comment]
|
||||
yjq: ENC[AES256_GCM,data:gOc59J2eiND+qJJRwLYvTymfrjWNRWw8IwLxDdS2cSu0yTN5SWF1eEg+tYmDqqhPmXkIlenL8VyIZD2P+Qi+Vi7l1pZMnneRCw==,iv:TsWOmHlClMgpXbNsCyvs+wkTvvKViAooA36+O4eQesk=,tag:jp5ZO9tlCPNTNZXWXCUEeg==,type:str]
|
||||
#ENC[AES256_GCM,data:JmmZl+8nta5Q,iv:qWGS5i+ntmJ9x3HFClVdfypQKqSTUx827OFu/wxx3HQ=,tag:SzvgJtIQb1Z02GDwkAhveQ==,type:comment]
|
||||
gb: ENC[AES256_GCM,data:pgwGyp/QC+h05grD345pJrJefm4NWd0e6mQEzrsqCbjMi9Ak2nUD+K09mIKQJ39NttC+NQZezRmKUJjDBH50s0O69nBlPOJtgA==,iv:ZLm6KUzD8fTq4YpxhdYjtp7bbDjP7Sy+0fnDO0W5GY0=,tag:H2mNHIQvHe+3YzZ9ITVdOg==,type:str]
|
||||
#ENC[AES256_GCM,data:94hwxSaMkbIB,iv:4Xjukoo7rxeu4SWjwFeLo5fwSX6a8mpkTOIpnOnR/Io=,tag:XOjY6ziyDdMNo53NFSjcJQ==,type:comment]
|
||||
wp: ENC[AES256_GCM,data:9/aVAQskZyQrfhVFVHfpdTWDLdoP2ZO7gG6bNcRpOJEBle3V9XqVSwmLViIIysy4XxoR3cym/7WXB96O3C8feK7sbihaRpT+Dg==,iv:WPnDArVKqV7u3EIQ0CMectK1W6gXKOo37oOybyob3As=,tag:1R/0qjRzif4/sTFSs55NuQ==,type:str]
|
||||
#ENC[AES256_GCM,data:RluXnmnn8CAI,iv:OqzKfed5CARE/KKur0GXDpLBqStEva7YVoQMQX4+FnU=,tag:prOaqWk6ARxEKvnhOnCZhw==,type:comment]
|
||||
hjp: ENC[AES256_GCM,data:Tb9vCi68B88UZc/ZVSxEI+esKOLlFcAPAaMk9FDmkBycZmzDjHfkUKCxVcOMtqeNSluVZ/5IFgowaYbk9ncK6yoYTjXjj1Z0lA==,iv:COs+ijt0h+UygyhWDQV23NRd/xBcfeqz6CO7D+xw7t8=,tag:RaIMaGrgHkidB9vqLR6cNw==,type:str]
|
||||
#ENC[AES256_GCM,data:pymPvP+KjTd2,iv:g5tmBMQevuzES9FVlRten8Vzy5nvgamDNPo6Vy018T4=,tag:sMYZAyyAzEyS5CsAyC7xtw==,type:comment]
|
||||
zzn: ENC[AES256_GCM,data:CJ8cOBjblYIc0GoiPnIbbWfYDfpQW5u31R9T/P0/aVuxi6P44wYYH0posVGthR1laqHIlu8bzgeRyTbBYir/Mw1AGokAnFLEPQ==,iv:dJXFcZ9f3xe3rcPzOLd6AMFh6EyJXlv3/+uR2x9XYsw=,tag:4I1WqtloUSXNeQ6AlVPY5g==,type:str]
|
||||
#ENC[AES256_GCM,data:r1Rl1+lfgMad,iv:9RGwiYlePcXZFDxw5uc1yEwZ4N3lStmE1cGmsj5dPls=,tag:yGChsxZtIzDjMUgIkd+PdA==,type:comment]
|
||||
GROUPIII-1: ENC[AES256_GCM,data:IIZpTdr5jpidbxYCQ+fODOHdoWI51upPI3yxYlrAAd+RE62t6PzAvHKFmKPivbHmQS5RZrJXE7zm9JtwiodRmPl0pYLxYNBpFQ==,iv:WQc1pOungm1gEqYPk/MITbjs1l83ikcys47CARRgoFk=,tag:sS2mXDIWl32ZZzDtictv9g==,type:str]
|
||||
#ENC[AES256_GCM,data:VtrWQKVtCHtA,iv:ap/n2HxQ7dgKOA8rIfenv9LOwwAh1na8+I9O/k/wMxs=,tag:Vl03ortuZ5OS2qcBMnc59g==,type:comment]
|
||||
GROUPIII-2: ENC[AES256_GCM,data:fkxYmHEQnCjx/srKBgjreIR0S7mcXyl1h3H80PFsH3A/yCGnJbFCGK1GW1++Q+tziOnEWCTLZ/l9dlPuB5BFSK7iHiVXtkOfVQ==,iv:z6duWl+LFpS5RJnCGxb3yvgHp96uJYoSsAThWrbGYfg=,tag:AKWisEg506eOgdp/4tLU7g==,type:str]
|
||||
#ENC[AES256_GCM,data:e8HuWaLrvHx5,iv:ZKvfRQtOMV6v3MSCDVoPEsxldI+ZRYJBwrKAD8YZzPc=,tag:tPL3IyjC8f+S+6MoMJSd0A==,type:comment]
|
||||
GROUPIII-3: ENC[AES256_GCM,data:if1S/3AxNLkWvDQJom+4EPRBOpkAPNTkEcqHHLAuEJATSNLlIhVLOPgt10cM4LWx2TdG8V2TcZip9qnr4ABHMsPF5vm6Y53r9Q==,iv:Rba0So8DXJrSC88mjwT8j2AVy84TPm0R6AVf2ZmXNBg=,tag:qiSeYLrw/6QJ7vMiPEZ66A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -23,8 +45,8 @@ sops:
|
||||
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
|
||||
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-20T05:30:52Z"
|
||||
mac: ENC[AES256_GCM,data:nSrkKUo4yB57aetzdJ1sjSKcm5STQ6jfMhvY4/tXft2P9zRYigSP4PkZj7z+knxcIx9sFdA86h8X45oUjxaAa5xDJpgmvC/EEKxm5rZtVTxYYYdy40W72qThVuKUasWpYrrGZbZEbTu3Dad1yfJTilwofRtxoo1Nmj5lMvw+HRo=,iv:UvBSF5GLEj+hTZksrIV3Ow+HQ/xjqwCUuwqkdz8g0Qg=,tag:U5wJPhmeevB2i2GBgMGBFQ==,type:str]
|
||||
lastmodified: "2024-09-29T06:38:42Z"
|
||||
mac: ENC[AES256_GCM,data:tb6UXalJcNqd1bCJ4pdWQ5lctAXMrwAJsGagNIjtAklVx/0vibEBTvtVdI3CSNA3OuDguyXc/ECGEqlPNpoRq/F5JINfnirEbaBL6KhNkFxaSLVP7mu1u0KH93qhzA2j4jofderpxj+FvOOMVZNuZkrcSPDoufPA/ypY+YaKuu8=,iv:KPyXi7AD6FSmoZKYUDh2zLZnArvdcHau5XZHk8CbwI4=,tag:7T1jUJ7eNkY9VYt2eP+brg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
||||
@@ -10,46 +10,19 @@ inputs:
|
||||
networking.networkd.static.eno2 =
|
||||
{ ip = "192.168.178.4"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
cluster.nodeType = "worker";
|
||||
initrd.sshd.enable = true;
|
||||
nix.remote.slave.enable = true;
|
||||
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
|
||||
};
|
||||
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
|
||||
packages.packages._packages = [(inputs.pkgs.runCommand "master-system" {}
|
||||
''
|
||||
mkdir -p $out/share
|
||||
ln -s ${inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel} \
|
||||
$out/share/master-system
|
||||
'')];
|
||||
packages.packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
|
||||
};
|
||||
specialisation =
|
||||
specialisation.no-share-home.configuration =
|
||||
{
|
||||
no-share-home.configuration =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
services.slurm.enable = inputs.lib.mkForce false;
|
||||
system.cluster.nodeType = inputs.lib.mkForce "master";
|
||||
};
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
fileSystems = inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType == "worker")
|
||||
{
|
||||
"/home" =
|
||||
{
|
||||
device = "192.168.178.1:/home";
|
||||
fsType = "nfs";
|
||||
neededForBoot = true;
|
||||
};
|
||||
};
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
|
||||
boot.initrd.systemd.extraBin =
|
||||
{
|
||||
"ifconfig" = "${inputs.pkgs.nettools}/bin/ifconfig";
|
||||
"mount.nfs" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs";
|
||||
"mount.nfs4" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs4";
|
||||
};
|
||||
services.rpcbind.enable = true;
|
||||
# make slurm sub process to be able to communicate with the master
|
||||
networking.firewall.trustedInterfaces = [ "eno2" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,4 +1,24 @@
|
||||
hello: ENC[AES256_GCM,data:DCfr682OxZ49pR5Q/sYZxqMdmUothpOOQOiKiPc0Xoh/gJ19qA0yVrO7aKk3Bg==,iv:B01Qfkiy3/B3MYskqFAxEZNoGjb8+A5wcyjq8Bj987k=,tag:e3/VHntKiG+/8xHz/nFXYg==,type:str]
|
||||
users:
|
||||
#ENC[AES256_GCM,data:uBjvj5Y6SIk8,iv:WxYu6Xkh2T7kb3uLqgkJJtHvCmWyvntcGfCKJfSfSmo=,tag:ueHbPNX3KOVO9RdQnw/nog==,type:comment]
|
||||
xll: ENC[AES256_GCM,data:Cp2wBFygUBlZnf0oAAxB5L8/qD/LwKksp0YG4Ic7nay8E8kXJGSYDyTK5AdeVh8/MxLgVVY6LMWtUOzFe3WU1u71pgBGF4x+yw==,iv:wXfcHuJzqWmm++vysZW3z4TLEOkgWTUF/pqFDfgwny8=,tag:k9o2yp1AksTGOgREOLlprQ==,type:str]
|
||||
#ENC[AES256_GCM,data:4CsCDEg/UChs,iv:ENErjaF65B1dCuD56/DCqe37WSCu1q28s2khMyF7I8E=,tag:q9mxHCAsuDGygseYU0pRDg==,type:comment]
|
||||
zem: ENC[AES256_GCM,data:cPDlicY4vrQ5VTyfCVN0zH5EIV8kH2xqlFEUkmwO3TmKV69Qx0nE+6yiUhENKR72zY3p5w4ZFEtF7maqqklWvThkeSs059aFpA==,iv:g+nASIzOUZuyX5MCFcKOJKsKTQhcpSY4sIKArlVZh8o=,tag:WaAYcxHmFs6/EG3oy56xJA==,type:str]
|
||||
#ENC[AES256_GCM,data:fu6KBkGEtzD/,iv:OzClxptcUbrbgmYYoQYcInG5Tl6HrjSRVrt3iIaSrqI=,tag:kc+AxJ7UI45j6eW69CiBkA==,type:comment]
|
||||
yjq: ENC[AES256_GCM,data:QGpjtIrtio3Jc4kGam5cjqCHZJl2c0wWQAD8BXXhiWfwbQF+sQSTk2V3FbvOlHjqcT92ab8qWCCFjIqBH4DJUq+z/eleX6Y4wQ==,iv:aky2Q2kpEf2EhcR9UXIAyf+BSW9CIZCGbyZCp0l3X4c=,tag:RHLILdrK3duFA2iZDDigEw==,type:str]
|
||||
#ENC[AES256_GCM,data:YUQ73+HZk69O,iv:wY5da+RRnPpXOD5+HdKkyYZ04ZpB3NBtRjRq5Utzlvw=,tag:BE8MhvbxTkn3rG4Pe/zitw==,type:comment]
|
||||
gb: ENC[AES256_GCM,data:AkPFt/GGyeKdYtY/cW774Yi4rrxhTFRzXe/hf0rbwFESwf4pwgfdcr9e3bp6mfmNy86CCDMsUVPtg49q+DV+9CwHU1ETe1vIbg==,iv:L/kLfEjt3WEQmgAXjOAsnE2Sp45DQP9LLKcZe1FjnVs=,tag:HluImuMHEhiE8yAw3fjNQg==,type:str]
|
||||
#ENC[AES256_GCM,data:WCkGncBugE2H,iv:ZN3edJuEDKrHo9OZs0jbU1ATI5+WpfVul5i7SK51ME0=,tag:rgxwqwPJcdDNMnRFlxNplA==,type:comment]
|
||||
wp: ENC[AES256_GCM,data:n7S4got9Q/7s7rZQldnB1wJlB36uqjremc1UDeUmzs6I9Gp9YPj7dJBDAHBNzWruo83ciP6PygHcCmHzBojISgW/HdD5j9cgJw==,iv:ymjB5YWxJJXBA80a2MPYHXBV+bNxUhroPWu+1GJo4XY=,tag:GGVz7kzBrSomBityyZBdvg==,type:str]
|
||||
#ENC[AES256_GCM,data:2aKW2wBhF2oG,iv:wXRX5ZAr5O0c/H1WvzK1+kG1NbZU92h89NgXB8lHfMk=,tag:gAW2oQxz2dUthyNvMlmxcA==,type:comment]
|
||||
hjp: ENC[AES256_GCM,data:+9MKYP96nBdLFVcTkpSS/hiTLdTOf5+Rs3dpUus/ym7gl2+aA2rGtlGS+ozALeUV1seNlVAuyhclZG2dH9uhaudlQvQw5ntAzQ==,iv:eobXw5ahEl9I2HlXD+y3NtGFOlPulk+aKVFxuCRe2+g=,tag:zt6MveyltO2xxThG9grZqQ==,type:str]
|
||||
#ENC[AES256_GCM,data:WLU7JBd7ZNES,iv:GkmmM1n0Squ0rundsz4Q+1dkF9BcCaV1hID8bt/gmxI=,tag:MMukyZlOeE0CcnI51VYPWg==,type:comment]
|
||||
zzn: ENC[AES256_GCM,data:5uNrzv43K/TQlGDldxqUYscDoEduTJdRz0jgd5dBh3N3bMNHulZbD95IVAj87OkLgdOtlDPZz3DfB5oxKBVcV0XE/E7GwJKILg==,iv:SB/uOB1SdhC5zGCY/OzBRY6wgGQLwKYuFgekxZpX1Y4=,tag:ckOxmdXvhQjGMPssoLeMPQ==,type:str]
|
||||
#ENC[AES256_GCM,data:xLPmYdIcIUz7,iv:NqaKJJgyMwfVfAYgEAMHXo1qLYfyOHhIcV++lseKcNQ=,tag:qXDuROf4A9T2H61KtrQUpQ==,type:comment]
|
||||
GROUPIII-1: ENC[AES256_GCM,data:izqFF2JD0ZEeNlqrQ9sJcEcrnp/WmyJL46jszmR4fLwrFGcMoekSfOTkzjO8upogY5fIDsn02dwh4mLX74vA8DjeRTaDKZyyfw==,iv:lknYrGgDFQen2w8mtLNHewQXara1ikWvGdvVA8a6Fyg=,tag:EiiMBUhF6YOafD7MCIMA5A==,type:str]
|
||||
#ENC[AES256_GCM,data:Zt6KCQ3chnLi,iv:RpMBGf2zDVWN13PpTr0Zj18ORdIZT2u34BestCjyLsU=,tag:aBuN2QGhxgnOXPC1NOoROQ==,type:comment]
|
||||
GROUPIII-2: ENC[AES256_GCM,data:fAczfnHue47oHJm/8Hcu8iC+scxUQRNZlJWSCFnmtn8PzbOtPXGVLYaZJs3SRE0F7yYsOUZlHnEPaK5bFjCHioindbS0oimBfQ==,iv:F14TVM+UxXm0UbAgLmQpkI4v+jhQ84a4G8IuWRw1k/o=,tag:R+r0be31nLC0T6Isl9/sdA==,type:str]
|
||||
#ENC[AES256_GCM,data:xccChTyxO80R,iv:tSxhbmVwhwD1IbXRNglS+WWMXfzUDaoJfCNqfKWqVko=,tag:XrFTahck6EKRf79NNeMRfg==,type:comment]
|
||||
GROUPIII-3: ENC[AES256_GCM,data:LQAAYOKBVKRsVfwRJOr4jBCqnHKG60euQMngfuI82Dewwtnt4fKZ/iDg6otJIXwdMdiYI4ytr573GaAPyadt/UdDv+EqrLQ3qA==,iv:dD7djoiEBjrZCQCKkjzsVD+IK7T9sL02zxRG3b1uwQ8=,tag:sqJ0Q665aXVnPHWlTS0Rag==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -23,8 +43,8 @@ sops:
|
||||
bHQzK1EvVEhvZFI5MjVxL0Q5UVZYdGsKJl2M3eOB0lRyu2VO1qDjW1pNJ9HhwAS6
|
||||
g5yOa2fxLJn4bvmQAJYeNJ1Wi6sYaBvkbeOegjaKjW4ZvwhP5kWqRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-20T06:02:54Z"
|
||||
mac: ENC[AES256_GCM,data:OQYaHF7lMspMaXjK64fZhdd6w9EHWzvjYsJdGEEaSwj6nfgb8EPxn73hn8NMgubXnqxonqbrpwgUuI+u297ItEEsksWQGGe//UrLlAJlhPvgezOpeeBfT4iWUrbazam4Uakh457N9W0AX390D2VmDtSBMw60fqnIeSnJF6Jv5Gs=,iv:O0h2sKf4KibuP5ZfRWF8tEVnLyyZtwst66frYUC4Awo=,tag:y94K0y/nF4y1sfh+P/hWrA==,type:str]
|
||||
lastmodified: "2024-09-29T06:38:50Z"
|
||||
mac: ENC[AES256_GCM,data:pQDphBruG5s5trIOY1fvcCAnLDx+NcVJ6cEP48u92JRnM5cojYXbiFt6Mlq+bYLxkXb2PoKMBoohRbsNdYLRgz3BGAY//Kc5OHGWzi7r9t4/iuhcouZsV/6wHGnrJ0yECS2+LPkT+/JXnYv1ZJTpUR0TSmTvnCgJI6xpWt8HDSA=,iv:Oyn7UESWVDqh3kDFAX3opbC/XEYOa1s3wmGolc1uhTM=,tag:aasXTc9+bgLgCaLDNfbJGA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
||||
@@ -14,7 +14,7 @@ inputs:
|
||||
vfat."/dev/disk/by-uuid/4596-D670" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
decrypt.auto =
|
||||
luks.auto =
|
||||
{
|
||||
"/dev/disk/by-uuid/eda0042b-ffd5-47d1-b828-4cf99d744c9f" = { mapper = "root1"; ssd = true; };
|
||||
"/dev/disk/by-uuid/41d83848-f3dd-4b2f-946f-de1d2ae1cbd4" = { mapper = "swap"; ssd = true; };
|
||||
@@ -25,7 +25,7 @@ inputs:
|
||||
};
|
||||
nixpkgs.march = "skylake";
|
||||
nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; };
|
||||
kernel = { variant = "xanmod-lts"; patches = [ "surface" "hibernate-progress" ]; };
|
||||
kernel.patches = [ "surface" "hibernate-progress" ];
|
||||
gui.enable = true;
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
@@ -54,7 +54,7 @@ inputs:
|
||||
waydroid = {};
|
||||
docker = {};
|
||||
};
|
||||
bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
|
||||
bugs = [ "xmunet" "suspend-hibernate-no-platform" "bluetooth" ];
|
||||
packages.vasp = null;
|
||||
};
|
||||
powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
|
||||
|
||||
@@ -16,7 +16,7 @@ inputs:
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
luks.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
|
||||
@@ -30,7 +30,6 @@ inputs:
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd.enable = true;
|
||||
networking.networkd = {};
|
||||
kernel.variant = "xanmod-latest";
|
||||
nix-ld = null;
|
||||
binfmt = null;
|
||||
};
|
||||
|
||||
@@ -16,7 +16,7 @@ inputs:
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
luks.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
|
||||
@@ -36,7 +36,7 @@ inputs:
|
||||
{
|
||||
snapper.enable = true;
|
||||
sshd = {};
|
||||
xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 21; };
|
||||
xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 22; };
|
||||
frpServer = { enable = true; serverName = "frp.chn.moe"; };
|
||||
nginx =
|
||||
{
|
||||
@@ -52,8 +52,13 @@ inputs:
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
|
||||
[
|
||||
"xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
|
||||
"send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog"
|
||||
"xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
|
||||
"send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "peertube"
|
||||
]))
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; })
|
||||
[
|
||||
"misskey"
|
||||
]));
|
||||
applications =
|
||||
{
|
||||
@@ -62,6 +67,7 @@ inputs:
|
||||
catalog.enable = true;
|
||||
main.enable = true;
|
||||
nekomia.enable = true;
|
||||
blog = {};
|
||||
};
|
||||
};
|
||||
coturn = {};
|
||||
|
||||
@@ -46,6 +46,8 @@ xray-server:
|
||||
user19: ENC[AES256_GCM,data:+Mh15DR9xvFAwks86iuHEA9FpObKWTSuVOEzUDpBUS/h0hOz,iv:zYIkic2bibvwCBpomnJ9465mda1rbm3RERBZY9twXuc=,tag:bwdL6DAGgkGYhYFI2C4A+A==,type:str]
|
||||
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
|
||||
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
|
||||
nginx:
|
||||
#ENC[AES256_GCM,data:85LrqdTMIhSa,iv:mIQPYz8VPd5AxeMCQEdTGMD0Iqa5QEAa5+8JVFaj3JM=,tag:TcZd7S3WRPpEV9lHI1fzbw==,type:comment]
|
||||
@@ -89,8 +91,8 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-15T03:48:21Z"
|
||||
mac: ENC[AES256_GCM,data:kZDIr2NHVew+BsreAoYNAcP/3i2A7U1RGIiA6qok1EsXLcunO+vfjIZl3L/0CEEH4+u6PEXQ51atzufqOGpoq9XqorBMRDEdlhitZZIUZm8Cji9BJxixeTUQ+KmFEbdw8H1XDIPWOQJCmTUbkOElMzHO4BNtTpdjE4u1IZ0bUiY=,iv:cCjln5wrScDz7A5/OHVoAj671VtkBmK7H0pnpKLsjD8=,tag:rohzoGp2V1sS03W0z5hM/A==,type:str]
|
||||
lastmodified: "2024-09-26T04:24:17Z"
|
||||
mac: ENC[AES256_GCM,data:AXhLmyZWGD6KvMkyHqmCERE6eNE3pD5Pa/9mRBWZe4hiXL4mKTzCn5C/ODGQ1ZeQjDdP+awjJRvLRjMiYFhVlU8rKpg/f2G1gDr4cIbr61sCdzXKX8wFW0G7bJWxxpAC4X59+u9EJ3sNcyf7bJrMdkTzTYpgXh29mtl2bprcdJQ=,iv:pK4hYexcWng3GwOmWGqgyMsmATnXgcwR3NH4UxCwpvE=,tag:zpv64JWoXc5cDCukDuW51g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
||||
@@ -16,7 +16,7 @@ inputs:
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
luks.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
|
||||
@@ -30,7 +30,6 @@ inputs:
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd.enable = true;
|
||||
networking.networkd = {};
|
||||
kernel.variant = "xanmod-lts";
|
||||
};
|
||||
services =
|
||||
{
|
||||
@@ -38,8 +37,7 @@ inputs:
|
||||
sshd = {};
|
||||
rsshub.enable = true;
|
||||
wallabag.enable = true;
|
||||
misskey.instances =
|
||||
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
|
||||
misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe";
|
||||
synapse.instances =
|
||||
{
|
||||
synapse.matrixHostname = "synapse.chn.moe";
|
||||
@@ -53,7 +51,7 @@ inputs:
|
||||
send.enable = true;
|
||||
huginn.enable = true;
|
||||
fz-new-order = {};
|
||||
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; blog = {}; };
|
||||
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
|
||||
httpapi.enable = true;
|
||||
gitea = { enable = true; ssh = {}; };
|
||||
grafana.enable = true;
|
||||
@@ -71,6 +69,7 @@ inputs:
|
||||
xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
|
||||
writefreely = {};
|
||||
docker = {};
|
||||
peertube = {};
|
||||
};
|
||||
};
|
||||
specialisation.generic.configuration =
|
||||
|
||||
@@ -10,16 +10,15 @@ redis:
|
||||
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
|
||||
wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
|
||||
misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
|
||||
send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
|
||||
mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str]
|
||||
synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
|
||||
synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
|
||||
postgresql:
|
||||
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
|
||||
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
|
||||
misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str]
|
||||
synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
|
||||
@@ -29,6 +28,7 @@ postgresql:
|
||||
akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
|
||||
synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
|
||||
vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
|
||||
rsshub:
|
||||
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
|
||||
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
|
||||
@@ -122,6 +122,9 @@ xray-server:
|
||||
private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
|
||||
writefreely:
|
||||
chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str]
|
||||
peertube:
|
||||
secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -146,8 +149,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-02T23:57:33Z"
|
||||
mac: ENC[AES256_GCM,data:Tp7uSF3G1WALzv7jPSXGyIJbwYLHz4sF73NUoAI6KPboLs3juhDiZjJfkBkIIv4BawWNTvvAQfBL6hbpPbn3bLpkTvU8TiHyP9yiY5kJkid37I2s8KOHHaxKSu4CXlkAeXdZX0I1iujAOsKYUd2GnN19V07K0qwCtZOVvZXvjsk=,iv:fcsE7qXrcoaRdTv0C4nmfNvIDXtTXiKyF7TCfnkvRPg=,tag:Dgdq4gT2lzhkXZ10uUCwwQ==,type:str]
|
||||
lastmodified: "2024-10-05T02:43:01Z"
|
||||
mac: ENC[AES256_GCM,data:frMtsfATEGOCwkR5g6sOLszwtBq1rfHvofevbzDHuKwJQtI4IXpfgyohyQ64tZ7K6YLqR0bf3yP9A7zyIxAzIvgKciIDdIYI/LUCAmOsUE9On70UiVxFj8WAL700geHfr2X+1Vzl9suMBA3E8h9O02wcuuD4gumZlLgXqzmbtZE=,iv:oB8W9+KO8jJbSnICsN5CMRCRs6uM6y8xszCyWlRCkV0=,tag:JxLLwUsE/7nxDAzMmUYdjg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
||||
124
flake.lock
generated
124
flake.lock
generated
@@ -8,11 +8,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723815556,
|
||||
"narHash": "sha256-TgkChEFJHqrciuI1Va7buSs5RQHCSxbWRFmuOI+e2tY=",
|
||||
"lastModified": 1728233826,
|
||||
"narHash": "sha256-83/OY95iYtZFvjbDXBKo7SFs2GplDvpR2E5N/DDXSRs=",
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"rev": "4d7fa422b50b612aa29bfb8487472f1cd9bad85b",
|
||||
"rev": "7b8059162c32fc8a246bfb1736cd620751952fdc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -24,11 +24,11 @@
|
||||
"blog": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1726563057,
|
||||
"narHash": "sha256-0BuPxaijAnZvkYCFACLqhj3DRcb1gPJh6fXb+rfjOwc=",
|
||||
"lastModified": 1728549173,
|
||||
"narHash": "sha256-j2fKbd38tPnCS9TQNneGwfC8z9tASzrdoZT9iOOpIvc=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "837cd77a8ea5217bc18d155c977c28c73e29db15",
|
||||
"revCount": 1,
|
||||
"rev": "de2438b2894cd89c1e3626a8b78566e6c2b6d497",
|
||||
"revCount": 23,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/blog.git"
|
||||
},
|
||||
@@ -520,6 +520,24 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"inputs": {
|
||||
"systems": "systems_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"git-lfs-transfer": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@@ -577,11 +595,11 @@
|
||||
"hextra": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1724317530,
|
||||
"narHash": "sha256-luENDR+fn9NbqNkn9wpLRnD41MeerFEUsrDgKRpnmg8=",
|
||||
"lastModified": 1727602023,
|
||||
"narHash": "sha256-fYfevapv+7x4WmYmte3vhQeOakHMchBGC7eYvOMru+0=",
|
||||
"owner": "imfing",
|
||||
"repo": "hextra",
|
||||
"rev": "c6de4b5b6b1ec04647b0235e9c8b1158b1d58c09",
|
||||
"rev": "94624bcac67cf587ec1006a9c2f0d72fbce9f135",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -730,11 +748,11 @@
|
||||
"misskey": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1724207820,
|
||||
"narHash": "sha256-tm4YTpKqI7g4ACn8vkJUIFQmKcHlcDTkoBCrHEd3fp8=",
|
||||
"lastModified": 1727700498,
|
||||
"narHash": "sha256-h0oJ9128xsNGLzLTssjnTT+11vW4y+jrjy6p9qq6jFE=",
|
||||
"ref": "refs/heads/chn-mod",
|
||||
"rev": "ac5c495d437fcdba2c523308119477a750440f3d",
|
||||
"revCount": 25947,
|
||||
"rev": "1eeabe04311c4aed657b184666152eeb5e837df9",
|
||||
"revCount": 26110,
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/CHN-beta/misskey"
|
||||
@@ -968,13 +986,29 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-wallpaper": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1715952274,
|
||||
"narHash": "sha256-i2L4L9mV/wOl6QV+d8pyLZUHS+QIFJN5lYuQrP+CSjk=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "1ad78b20b21c9f4f7ba5f4c897f74276763317eb",
|
||||
"revCount": 1,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1724925520,
|
||||
"narHash": "sha256-MfvD4Ed4wCTG1V+h3rUN9j9csEi+2tgpRwhGAV4MFqw=",
|
||||
"lastModified": 1727884105,
|
||||
"narHash": "sha256-J4lHJFQp7AFEa+O52KgYMCXkffAgpXWGyD89AU8xeJE=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8c66b7335f2f4ab354e41d828b74d851c64c4b85",
|
||||
"rev": "e8db202a0ba0b25d01c01b49ed3025f7b0900d59",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1415,6 +1449,7 @@
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nix-vscode-extensions": "nix-vscode-extensions",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-wallpaper": "nixos-wallpaper",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-22.05": "nixpkgs-22.05",
|
||||
"nixpkgs-22.11": "nixpkgs-22.11",
|
||||
@@ -1435,9 +1470,11 @@
|
||||
"slate": "slate",
|
||||
"sockpp": "sockpp",
|
||||
"sops-nix": "sops-nix",
|
||||
"spectroscopy": "spectroscopy",
|
||||
"sqlite-orm": "sqlite-orm",
|
||||
"tgbot-cpp": "tgbot-cpp",
|
||||
"v-sim": "v-sim",
|
||||
"winapps": "winapps",
|
||||
"zpp-bits": "zpp-bits",
|
||||
"zxorm": "zxorm"
|
||||
}
|
||||
@@ -1546,6 +1583,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"spectroscopy": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1709899498,
|
||||
"narHash": "sha256-xZ3AzNqrL73SPyUtVKGE+GDppou/GoatBrRCYVfiv0s=",
|
||||
"owner": "skelton-group",
|
||||
"repo": "Phonopy-Spectroscopy",
|
||||
"rev": "316fbf4f45e2f8d134acf67374de905c705d7db7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "skelton-group",
|
||||
"repo": "Phonopy-Spectroscopy",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sqlite-orm": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@@ -1651,6 +1704,21 @@
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"systems_7": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tgbot-cpp": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@@ -1788,6 +1856,28 @@
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"winapps": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_5",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728108519,
|
||||
"narHash": "sha256-JnRyiNR1O79n90TPjDBNpqd/Qh6jnP4t92rCgK/s6qU=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "winapps",
|
||||
"rev": "64478a87a49d6093f4d4f3a281bf0eecd2e6f977",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "CHN-beta",
|
||||
"ref": "feat-nix-packaging",
|
||||
"repo": "winapps",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"yafas": {
|
||||
"inputs": {
|
||||
"flake-schemas": [
|
||||
|
||||
@@ -39,6 +39,7 @@
|
||||
catppuccin.url = "github:catppuccin/nix";
|
||||
bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
poetry2nix = { url = "github:CHN-beta/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
winapps = { url = "github:CHN-beta/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
|
||||
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
|
||||
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
|
||||
@@ -70,11 +71,10 @@
|
||||
hextra = { url = "github:imfing/hextra"; flake = false; };
|
||||
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
|
||||
py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
|
||||
pocketfft = { url = "github:/mreineck/pocketfft"; flake = false; };
|
||||
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
|
||||
blog = { url = "git+https://git.chn.moe/chn/blog.git"; flake = false; };
|
||||
|
||||
# does not support lfs yet
|
||||
# nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
|
||||
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
|
||||
spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
|
||||
};
|
||||
|
||||
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
|
||||
|
||||
@@ -11,8 +11,16 @@
|
||||
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
|
||||
(prev: { doCheck = false; patches = prev.patches ++ [ ../packages/hpcstat/openssh.patch ];});
|
||||
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
|
||||
# pkgsStatic.clangStdenv have a bug
|
||||
# https://github.com/NixOS/nixpkgs/issues/177129
|
||||
biu = pkgs.pkgsStatic.localPackages.biu.override { stdenv = pkgs.pkgsStatic.gcc14Stdenv; };
|
||||
in pkgs.pkgsStatic.localPackages.hpcstat.override
|
||||
{ inherit openssh duc; standalone = true; version = inputs.self.rev or "dirty"; };
|
||||
{
|
||||
inherit openssh duc biu;
|
||||
standalone = true;
|
||||
version = inputs.self.rev or "dirty";
|
||||
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
|
||||
};
|
||||
chn-bsub = pkgs.pkgsStatic.localPackages.chn-bsub;
|
||||
blog = pkgs.callPackage inputs.blog { inherit (inputs) hextra; };
|
||||
}
|
||||
|
||||
@@ -1,10 +1,2 @@
|
||||
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
|
||||
{
|
||||
nixos-wallpaper = pkgs.fetchgit
|
||||
{
|
||||
url = "https://git.chn.moe/chn/nixos-wallpaper.git";
|
||||
rev = "1ad78b20b21c9f4f7ba5f4c897f74276763317eb";
|
||||
sha256 = "0faahbzsr44bjmwr6508wi5hg59dfb57fzh5x6jh7zwmv4pzhqlb";
|
||||
fetchLFS = true;
|
||||
};
|
||||
}
|
||||
{}
|
||||
|
||||
@@ -40,6 +40,9 @@ inputs:
|
||||
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
|
||||
hibernate-mt7921e.powerManagement.resumeCommands =
|
||||
let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in "${modprobe} -r -w 3000 mt7921e && ${modprobe} mt7921e";
|
||||
# could not use bt keyboard
|
||||
# https://github.com/bluez/bluez/issues/745
|
||||
bluetooth.hardware.bluetooth.settings.General.JustWorksRepairing = "always";
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
@@ -28,6 +28,8 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
drivers = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.arch == "x86_64") [ inputs.pkgs.cnijfilter2 ];
|
||||
# TODO: remove in next update
|
||||
browsed.enable = false;
|
||||
};
|
||||
avahi = { enable = true; nssmdns4 = true; openFirewall = true; };
|
||||
};
|
||||
|
||||
@@ -24,19 +24,9 @@ inputs:
|
||||
excludePythonPackages))
|
||||
(builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
|
||||
(_pythonPackages ++ extraPythonPackages)))))
|
||||
(inputs.pkgs.callPackage ({ stdenv }: stdenv.mkDerivation
|
||||
{
|
||||
name = "prebuild-packages";
|
||||
propagateBuildInputs = inputs.lib.lists.subtractLists excludePrebuildPackages
|
||||
(_prebuildPackages ++ extraPrebuildPackages);
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
runHook postInstall
|
||||
'';
|
||||
}) {})
|
||||
(inputs.pkgs.writeTextDir "share/prebuild-packages"
|
||||
(builtins.concatStringsSep "\n" (builtins.map builtins.toString
|
||||
(inputs.lib.lists.subtractLists excludePrebuildPackages (_prebuildPackages ++ extraPrebuildPackages)))))
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -87,6 +87,8 @@ inputs:
|
||||
[
|
||||
phonopy scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
|
||||
# TODO: broken on python 3.12 tensorflow keras
|
||||
# for phonopy
|
||||
inputs.pkgs.localPackages.spectroscopy numpy
|
||||
])];
|
||||
};
|
||||
user.sharedModules =
|
||||
@@ -102,7 +104,7 @@ inputs:
|
||||
baloofilerc."Basic Settings".Indexing-Enabled.value = false;
|
||||
plasmarc.Wallpapers.usersWallpapers.value =
|
||||
let
|
||||
inherit (inputs.topInputs.self.src) nixos-wallpaper;
|
||||
inherit (inputs.topInputs) nixos-wallpaper;
|
||||
isPicture = f: builtins.elem (inputs.lib.last (inputs.lib.splitString "." f))
|
||||
[ "png" "jpg" "jpeg" "webp" ];
|
||||
in builtins.concatStringsSep "," (builtins.map (f: "${nixos-wallpaper}/${f.name}")
|
||||
|
||||
@@ -24,7 +24,8 @@ inputs:
|
||||
programs.firefox =
|
||||
{
|
||||
enable = true;
|
||||
nativeMessagingHosts = with inputs.pkgs; [ plasma-browser-integration uget-integrator firefoxpwa ];
|
||||
nativeMessagingHosts = with inputs.pkgs;
|
||||
[ kdePackages.plasma-browser-integration uget-integrator firefoxpwa ];
|
||||
# TODO: use fixed-version of plugins
|
||||
policies.DefaultDownloadDirectory = "\${home}/Downloads";
|
||||
profiles.default =
|
||||
|
||||
25
modules/packages/lammps.nix
Normal file
25
modules/packages/lammps.nix
Normal file
@@ -0,0 +1,25 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if inputs.config.nixos.system.gui.enable then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
|
||||
{
|
||||
nixos.packages.packages._packages =
|
||||
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null;
|
||||
in
|
||||
if cuda then [((inputs.pkgs.lammps-mpi.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
|
||||
.overrideAttrs (prev:
|
||||
{
|
||||
cmakeFlags = prev.cmakeFlags ++ inputs.lib.optionals cuda
|
||||
[
|
||||
"-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD"
|
||||
];
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ inputs.lib.optionals cuda
|
||||
[ inputs.pkgs.cudaPackages.cudatoolkit ];
|
||||
}))]
|
||||
else [ inputs.pkgs.lammps-mpi ];
|
||||
};
|
||||
}
|
||||
@@ -63,7 +63,12 @@ inputs:
|
||||
services =
|
||||
{
|
||||
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
|
||||
fwupd.enable = true;
|
||||
fwupd =
|
||||
{
|
||||
enable = true;
|
||||
# allow fwupd install firmware from any source (e.g. manually extracted from msi)
|
||||
daemonSettings.OnlyTrusted = false;
|
||||
};
|
||||
};
|
||||
home-manager = { useGlobalPkgs = true; useUserPackages = true; };
|
||||
# allow everyone run compsize
|
||||
|
||||
@@ -8,10 +8,12 @@ inputs:
|
||||
# TODO: add more options to correctly configure VASP
|
||||
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
|
||||
{
|
||||
nixos.packages.packages._packages = (with inputs.pkgs.localPackages.vasp; [ intel vtstscripts ])
|
||||
++ (with inputs.pkgs.localPackages; [ py4vasp vaspkit ])
|
||||
++ (inputs.lib.optional
|
||||
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
|
||||
inputs.pkgs.localPackages.vasp.nvidia);
|
||||
nixos.packages.packages._packages = with inputs.pkgs;
|
||||
(
|
||||
[ localPackages.vasp.intel localPackages.vasp.vtstscripts localPackages.py4vasp localPackages.vaspkit ]
|
||||
++ (inputs.lib.optional
|
||||
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
|
||||
localPackages.vasp.nvidia)
|
||||
);
|
||||
};
|
||||
}
|
||||
|
||||
47
modules/packages/winapps/default.nix
Normal file
47
modules/packages/winapps/default.nix
Normal file
@@ -0,0 +1,47 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if inputs.config.nixos.system.gui.enable then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
|
||||
{
|
||||
nixos.packages.packages._packages =
|
||||
[
|
||||
(inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {})
|
||||
(inputs.pkgs.runCommand "winapps-windows" {}
|
||||
''
|
||||
mkdir -p $out/share/applications
|
||||
cp ${inputs.pkgs.substituteAll { src = ./windows.desktop; path = inputs.topInputs.winapps; }} \
|
||||
$out/share/applications/windows.desktop
|
||||
'')
|
||||
]
|
||||
++ builtins.map
|
||||
(p: inputs.pkgs.runCommand "winapps-${p}" {}
|
||||
''
|
||||
mkdir -p $out/share/applications
|
||||
source ${inputs.topInputs.winapps}/apps/${p}/info
|
||||
# replace \ with \\
|
||||
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/\\/\\\\/g')
|
||||
# replace space with \s
|
||||
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/ /\\s/g')
|
||||
cat > $out/share/applications/${p}.desktop << EOF
|
||||
[Desktop Entry]
|
||||
Name=$NAME
|
||||
Exec=winapps manual "$WIN_EXECUTABLE" %F
|
||||
Terminal=false
|
||||
Type=Application
|
||||
Icon=${inputs.topInputs.winapps}/apps/${p}/icon.svg
|
||||
StartupWMClass=$FULL_NAME
|
||||
Comment=$FULL_NAME
|
||||
Categories=$CATEGORIES
|
||||
MimeType=$MIME_TYPES
|
||||
EOF
|
||||
'')
|
||||
[
|
||||
"access-o365" "acrobat-x-pro" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365"
|
||||
"visual-studio-comm" "word-o365"
|
||||
];
|
||||
};
|
||||
}
|
||||
9
modules/packages/winapps/windows.desktop
Normal file
9
modules/packages/winapps/windows.desktop
Normal file
@@ -0,0 +1,9 @@
|
||||
[Desktop Entry]
|
||||
Name=Windows
|
||||
Exec=winapps windows %F
|
||||
Terminal=false
|
||||
Type=Application
|
||||
Icon=@path@/icons/windows.svg
|
||||
StartupWMClass=Micorosoft Windows
|
||||
Comment=Micorosoft Windows
|
||||
Categories=Windows
|
||||
29
modules/services/nfs.nix
Normal file
29
modules/services/nfs.nix
Normal file
@@ -0,0 +1,29 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nfs = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
root = mkOption { type = types.nonEmptyStr; };
|
||||
exports = mkOption { type = types.listOf types.nonEmptyStr; };
|
||||
accessLimit = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) nfs; in inputs.lib.mkIf (nfs != null)
|
||||
{
|
||||
services =
|
||||
{
|
||||
rpcbind.enable = true;
|
||||
nfs.server =
|
||||
{
|
||||
enable = true;
|
||||
exports = "${nfs.root} ${nfs.accessLimit}(rw,no_root_squash,fsid=0,sync,crossmnt)\n"
|
||||
+ builtins.concatStringsSep "\n" (builtins.map
|
||||
(export: "${export} ${nfs.accessLimit}(rw,no_root_squash,sync,crossmnt)")
|
||||
nfs.exports);
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 2049 ];
|
||||
};
|
||||
}
|
||||
@@ -247,6 +247,9 @@ inputs:
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_session_reuse off;
|
||||
send_timeout 1d;
|
||||
# nginx will try to redirect https://blog.chn.moe/docs to https://blog.chn.moe:3068/docs/ in default
|
||||
# this make it redirect to /docs/ without hostname
|
||||
absolute_redirect off;
|
||||
'';
|
||||
proxyTimeout = "1d";
|
||||
recommendedZstdSettings = true;
|
||||
|
||||
65
modules/services/peertube.nix
Normal file
65
modules/services/peertube.nix
Normal file
@@ -0,0 +1,65 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.peertube = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = "peertube.chn.moe"; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) peertube; in inputs.lib.mkIf (peertube != null)
|
||||
{
|
||||
services.peertube =
|
||||
{
|
||||
enable = true;
|
||||
localDomain = peertube.hostname;
|
||||
listenHttp = 5046;
|
||||
listenWeb = 443;
|
||||
enableWebHttps = true;
|
||||
serviceEnvironmentFile = inputs.config.sops.templates."peertube/env".path;
|
||||
secrets.secretsFile = inputs.config.sops.secrets."peertube/secrets".path;
|
||||
configureNginx = true;
|
||||
database =
|
||||
{
|
||||
createLocally = true;
|
||||
host = "127.0.0.1";
|
||||
passwordFile = inputs.config.sops.secrets."peertube/postgresql".path;
|
||||
};
|
||||
redis =
|
||||
{
|
||||
host = "127.0.0.1";
|
||||
port = 7599;
|
||||
passwordFile = inputs.config.sops.secrets."redis/peertube".path;
|
||||
};
|
||||
smtp.passwordFile = inputs.config.sops.secrets."peertube/smtp".path;
|
||||
settings.smtp =
|
||||
{
|
||||
host = "mail.chn.moe";
|
||||
username = "bot@chn.moe";
|
||||
from_address = "bot@chn.moe";
|
||||
};
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."peertube/env".content =
|
||||
''
|
||||
PT_INITIAL_ROOT_PASSWORD=${inputs.config.sops.placeholder."peertube/password"}
|
||||
'';
|
||||
secrets =
|
||||
{
|
||||
"peertube/postgresql" = { owner = inputs.config.services.peertube.user; key = "postgresql/peertube"; };
|
||||
"peertube/password" = {};
|
||||
"peertube/secrets".owner = inputs.config.services.peertube.user;
|
||||
"peertube/smtp" = { owner = inputs.config.services.peertube.user; key = "mail/bot"; };
|
||||
};
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
nginx = { enable = true; https.${peertube.hostname}.global.configName = peertube.hostname; };
|
||||
postgresql.instances.peertube = {};
|
||||
redis.instances.peertube.port = 7599;
|
||||
};
|
||||
systemd.services.peertube.after = [ "redis-peertube.service" ];
|
||||
};
|
||||
}
|
||||
@@ -27,7 +27,7 @@ inputs:
|
||||
{
|
||||
cpuMpiThreads = mkOption { type = types.ints.unsigned; default = 1; };
|
||||
cpuOpenmpThreads = mkOption { type = types.ints.unsigned; default = 1; };
|
||||
gpus = mkOption { type = types.nullOr (types.attrsOf types.ints.unsigned); default = null; };
|
||||
gpus = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
};
|
||||
# 是否打开防火墙相应端口,对于多节点部署需要打开
|
||||
setupFirewall = mkOption { type = types.bool; default = false; };
|
||||
@@ -52,6 +52,15 @@ inputs:
|
||||
buildInputs = prev.buildInputs or [] ++ additionalInputs;
|
||||
LDFLAGS = prev.LDFLAGS or [] ++ additionalFlags;
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.wrapGAppsHook ];
|
||||
postInstall =
|
||||
''
|
||||
pushd contribs/pmi2
|
||||
make install
|
||||
popd
|
||||
pushd contribs/pmi
|
||||
make install
|
||||
popd
|
||||
'' + prev.postInstall;
|
||||
}
|
||||
);
|
||||
client.enable = true;
|
||||
@@ -113,6 +122,9 @@ inputs:
|
||||
|
||||
# automatically resume node after drain
|
||||
ReturnToService=2
|
||||
|
||||
# enable task plugins
|
||||
TaskPlugin=task/affinity,task/cgroup
|
||||
'';
|
||||
extraConfigPaths =
|
||||
let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
|
||||
|
||||
@@ -41,6 +41,7 @@ inputs:
|
||||
firewall =
|
||||
{
|
||||
allowedUDPPorts = inputs.lib.mkIf (!wireguard.behindNat) [ wireguard.listenPort ];
|
||||
trustedInterfaces = [ "wireguard" ];
|
||||
};
|
||||
wireguard.interfaces.wireguard =
|
||||
{
|
||||
|
||||
@@ -15,7 +15,7 @@ inputs:
|
||||
nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}";
|
||||
# 作为从机时,home-manager 需要被禁用
|
||||
systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map
|
||||
(user: { name = "home-manager-${user}"; value.enable = false; })
|
||||
(user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; })
|
||||
inputs.config.nixos.user.users));
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.system.fileSystems = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
mount =
|
||||
@@ -9,41 +10,6 @@ inputs:
|
||||
# device.subvol = mountPoint;
|
||||
btrfs = mkOption { type = types.attrsOf (types.attrsOf types.nonEmptyStr); default = {}; };
|
||||
};
|
||||
decrypt =
|
||||
{
|
||||
auto = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule
|
||||
{
|
||||
options =
|
||||
{
|
||||
mapper = mkOption { type = types.nonEmptyStr; };
|
||||
ssd = mkOption { type = types.bool; default = false; };
|
||||
before = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
manual =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
devices = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule
|
||||
{
|
||||
options =
|
||||
{
|
||||
mapper = mkOption { type = types.nonEmptyStr; };
|
||||
ssd = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
keyFile = mkOption
|
||||
{ type = types.path; default = ./. + "/${inputs.config.nixos.system.networking.hostname}.key"; };
|
||||
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
};
|
||||
# generate using: sudo mdadm --examine --scan
|
||||
mdadm = mkOption { type = types.nullOr types.lines; default = null; };
|
||||
swap = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
@@ -66,205 +32,112 @@ inputs:
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (builtins) listToAttrs map concatLists concatStringsSep;
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.system) fileSystems;
|
||||
in mkMerge
|
||||
[
|
||||
# mount.vfat
|
||||
{
|
||||
fileSystems = listToAttrs (map
|
||||
(device:
|
||||
{
|
||||
name = device.value;
|
||||
value = { device = device.name; fsType = "vfat"; neededForBoot = true; options = [ "noatime" ]; };
|
||||
})
|
||||
(attrsToList fileSystems.mount.vfat));
|
||||
}
|
||||
# mount.btrfs
|
||||
# Disable CoW for VM image and database: sudo chattr +C images
|
||||
# resize btrfs:
|
||||
# sudo btrfs filesystem resize -50G /nix
|
||||
# sudo cryptsetup status root
|
||||
# sudo cryptsetup -b 3787456512 resize root
|
||||
# sudo cfdisk /dev/nvme1n1p3
|
||||
{
|
||||
fileSystems = listToAttrs (concatLists (map
|
||||
config = let inherit (inputs.config.nixos.system) fileSystems; in inputs.lib.mkMerge
|
||||
[
|
||||
# mount.vfat
|
||||
{
|
||||
fileSystems = builtins.listToAttrs (builtins.map
|
||||
(device:
|
||||
{
|
||||
name = device.value;
|
||||
value = { device = device.name; fsType = "vfat"; neededForBoot = true; options = [ "noatime" ]; };
|
||||
})
|
||||
(inputs.localLib.attrsToList fileSystems.mount.vfat));
|
||||
}
|
||||
# mount.btrfs
|
||||
# Disable CoW for VM image and database: sudo chattr +C images
|
||||
# resize btrfs:
|
||||
# sudo btrfs filesystem resize -50G /nix
|
||||
# sudo cryptsetup status root
|
||||
# sudo cryptsetup -b 3787456512 resize root
|
||||
# sudo cfdisk /dev/nvme1n1p3
|
||||
{
|
||||
fileSystems = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(device: builtins.map
|
||||
(
|
||||
device: map
|
||||
(
|
||||
subvol:
|
||||
{
|
||||
name = subvol.value;
|
||||
value =
|
||||
{
|
||||
device = device.name;
|
||||
fsType = "btrfs";
|
||||
# zstd:15 cause sound stuttering
|
||||
# test on e20dae7d8b317f95718b5f4175bd4246c09735de mathematica ~15G
|
||||
# zstd:15 5m33s 7.16G
|
||||
# zstd:8 54s 7.32G
|
||||
# zstd:3 17s 7.52G
|
||||
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" "noatime" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
}
|
||||
)
|
||||
(attrsToList device.value)
|
||||
subvol:
|
||||
{
|
||||
name = subvol.value;
|
||||
value =
|
||||
{
|
||||
device = device.name;
|
||||
fsType = "btrfs";
|
||||
# zstd:15 cause sound stuttering
|
||||
# test on e20dae7d8b317f95718b5f4175bd4246c09735de mathematica ~15G
|
||||
# zstd:15 5m33s 7.16G
|
||||
# zstd:8 54s 7.32G
|
||||
# zstd:3 17s 7.52G
|
||||
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" "noatime" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
}
|
||||
)
|
||||
(attrsToList fileSystems.mount.btrfs)));
|
||||
(inputs.localLib.attrsToList device.value)
|
||||
)
|
||||
(inputs.localLib.attrsToList fileSystems.mount.btrfs)));
|
||||
}
|
||||
# mdadm
|
||||
(inputs.lib.mkIf (fileSystems.mdadm != null)
|
||||
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
|
||||
)
|
||||
# swap
|
||||
{ swapDevices = builtins.map (device: { device = device; }) fileSystems.swap; }
|
||||
# resume
|
||||
(inputs.lib.mkIf (fileSystems.resume != null) { boot =
|
||||
(
|
||||
if builtins.typeOf fileSystems.resume == "string" then
|
||||
{ resumeDevice = fileSystems.resume; }
|
||||
else
|
||||
{
|
||||
resumeDevice = fileSystems.resume.device;
|
||||
kernelModules = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
|
||||
}
|
||||
# decrypt.auto
|
||||
(
|
||||
mkIf (fileSystems.decrypt.auto != null)
|
||||
);})
|
||||
# rollingRootfs
|
||||
(inputs.lib.mkIf (fileSystems.rollingRootfs != null)
|
||||
{
|
||||
boot.initrd.systemd =
|
||||
{
|
||||
extraBin =
|
||||
{
|
||||
boot.initrd =
|
||||
{
|
||||
luks.devices = (listToAttrs (map
|
||||
(
|
||||
device:
|
||||
{
|
||||
name = device.value.mapper;
|
||||
value =
|
||||
{
|
||||
device = device.name;
|
||||
allowDiscards = device.value.ssd;
|
||||
bypassWorkqueues = device.value.ssd;
|
||||
crypttabExtraOpts = [ "fido2-device=auto" "x-initrd.attach" ];
|
||||
};
|
||||
}
|
||||
)
|
||||
(attrsToList fileSystems.decrypt.auto)));
|
||||
systemd.services =
|
||||
let
|
||||
createService = device:
|
||||
{
|
||||
name = "systemd-cryptsetup@${device.value.mapper}";
|
||||
value =
|
||||
{
|
||||
before = map (device: "systemd-cryptsetup@${device}.service") device.value.before;
|
||||
overrideStrategy = "asDropin";
|
||||
};
|
||||
};
|
||||
in
|
||||
listToAttrs (map createService
|
||||
(builtins.filter (device: device.value.before != null) (attrsToList fileSystems.decrypt.auto)));
|
||||
};
|
||||
}
|
||||
)
|
||||
# decrypt.manual
|
||||
(
|
||||
mkIf (fileSystems.decrypt.manual.enable)
|
||||
grep = "${inputs.pkgs.gnugrep}/bin/grep";
|
||||
awk = "${inputs.pkgs.gawk}/bin/awk";
|
||||
chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
|
||||
lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
|
||||
};
|
||||
services.roll-rootfs =
|
||||
{
|
||||
boot.initrd =
|
||||
{
|
||||
luks.forceLuksSupportInInitrd = true;
|
||||
systemd =
|
||||
{
|
||||
extraBin =
|
||||
{
|
||||
cryptsetup = "${inputs.pkgs.cryptsetup.bin}/bin/cryptsetup";
|
||||
usbip = "${inputs.config.boot.kernelPackages.usbip}/bin/usbip";
|
||||
sed = "${inputs.pkgs.gnused}/bin/sed";
|
||||
awk = "${inputs.pkgs.gawk}/bin/awk";
|
||||
decrypt = inputs.pkgs.writeShellScript "decrypt"
|
||||
''
|
||||
modprobe vhci-hcd
|
||||
busid=$(usbip list -r 127.0.0.1 | head -n4 | tail -n1 | awk '{print $1}' | sed 's/://')
|
||||
usbip attach -r 127.0.0.1 -b $busid
|
||||
${concatStringsSep "\n" (map
|
||||
(device: ''systemd-cryptsetup attach ${device.value.mapper} ${device.name} "" fido2-device=auto''
|
||||
+ (if device.value.ssd then ",discard" else ""))
|
||||
(attrsToList fileSystems.decrypt.manual.devices))}
|
||||
'';
|
||||
};
|
||||
services.wait-manual-decrypt =
|
||||
{
|
||||
wantedBy = [ "initrd-root-fs.target" ];
|
||||
before = [ "roll-rootfs.service" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = concatStringsSep "\n" (map
|
||||
(device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done")
|
||||
(attrsToList fileSystems.decrypt.manual.devices));
|
||||
};
|
||||
};
|
||||
};
|
||||
fileSystems = listToAttrs (map
|
||||
(mount: { name = mount; value.options = [ "x-systemd.device-timeout=48h" ]; })
|
||||
fileSystems.decrypt.manual.delayedMount);
|
||||
}
|
||||
)
|
||||
# mdadm
|
||||
(
|
||||
mkIf (fileSystems.mdadm != null)
|
||||
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
|
||||
)
|
||||
# swap
|
||||
{ swapDevices = map (device: { device = device; }) fileSystems.swap; }
|
||||
# resume
|
||||
(
|
||||
mkIf (fileSystems.resume != null) { boot =
|
||||
(
|
||||
if builtins.typeOf fileSystems.resume == "string" then
|
||||
{ resumeDevice = fileSystems.resume; }
|
||||
else
|
||||
{
|
||||
resumeDevice = fileSystems.resume.device;
|
||||
kernelModules = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
|
||||
}
|
||||
);}
|
||||
)
|
||||
# rollingRootfs
|
||||
(
|
||||
mkIf (fileSystems.rollingRootfs != null)
|
||||
{
|
||||
boot.initrd.systemd =
|
||||
{
|
||||
extraBin =
|
||||
{
|
||||
grep = "${inputs.pkgs.gnugrep}/bin/grep";
|
||||
awk = "${inputs.pkgs.gawk}/bin/awk";
|
||||
chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
|
||||
lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
|
||||
};
|
||||
services.roll-rootfs =
|
||||
{
|
||||
wantedBy = [ "initrd.target" ];
|
||||
after = [ "cryptsetup.target" "systemd-hibernate-resume.service" ];
|
||||
before = [ "local-fs-pre.target" "sysroot.mount" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script =
|
||||
let
|
||||
inherit (fileSystems.rollingRootfs) device path waitDevices;
|
||||
waitDevice = concatStringsSep "\n" (builtins.map
|
||||
(device: "while ! [ -e ${device} ]; do sleep 1; done") (waitDevices ++ [ device ]));
|
||||
in
|
||||
''
|
||||
while ! lsmod | grep -q btrfs; do sleep 1; done
|
||||
${waitDevice}
|
||||
mount ${device} /mnt -m
|
||||
if [ -f /mnt${path}/current/.timestamp ]
|
||||
then
|
||||
timestamp=$(cat /mnt${path}/current/.timestamp)
|
||||
subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
|
||||
mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
|
||||
btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
|
||||
fi
|
||||
btrfs subvolume create /mnt${path}/current
|
||||
chattr +C /mnt${path}/current
|
||||
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
|
||||
umount /mnt
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
];
|
||||
wantedBy = [ "initrd.target" ];
|
||||
after = [ "cryptsetup.target" "systemd-hibernate-resume.service" ];
|
||||
before = [ "local-fs-pre.target" "sysroot.mount" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script =
|
||||
let
|
||||
inherit (fileSystems.rollingRootfs) device path waitDevices;
|
||||
waitDevice = builtins.concatStringsSep "\n" (builtins.map
|
||||
(device: "while ! [ -e ${device} ]; do sleep 1; done") (waitDevices ++ [ device ]));
|
||||
in
|
||||
''
|
||||
while ! lsmod | grep -q btrfs; do sleep 1; done
|
||||
${waitDevice}
|
||||
mount ${device} /mnt -m
|
||||
if [ -f /mnt${path}/current/.timestamp ]
|
||||
then
|
||||
timestamp=$(cat /mnt${path}/current/.timestamp)
|
||||
subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
|
||||
mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
|
||||
btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
|
||||
fi
|
||||
btrfs subvolume create /mnt${path}/current
|
||||
chattr +C /mnt${path}/current
|
||||
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
|
||||
umount /mnt
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
|
||||
81
modules/system/fileSystems/luks/default.nix
Normal file
81
modules/system/fileSystems/luks/default.nix
Normal file
@@ -0,0 +1,81 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.system.fileSystems.luks = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
auto = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
mapper = mkOption { type = types.nonEmptyStr; };
|
||||
ssd = mkOption { type = types.bool; default = false; };
|
||||
before = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
manual =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
devices = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
mapper = mkOption { type = types.nonEmptyStr; };
|
||||
ssd = mkOption { type = types.bool; default = false; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system.fileSystems) luks; in inputs.lib.mkMerge
|
||||
[
|
||||
(inputs.lib.mkIf (luks.auto != null) { boot.initrd =
|
||||
{
|
||||
luks.devices = (builtins.listToAttrs (builtins.map
|
||||
(device:
|
||||
{
|
||||
name = device.value.mapper;
|
||||
value =
|
||||
{
|
||||
device = device.name;
|
||||
allowDiscards = device.value.ssd;
|
||||
bypassWorkqueues = device.value.ssd;
|
||||
crypttabExtraOpts = [ "fido2-device=auto" "x-initrd.attach" ];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList luks.auto)));
|
||||
systemd.services = builtins.listToAttrs (builtins.map
|
||||
(device:
|
||||
{
|
||||
name = "systemd-cryptsetup@${device.value.mapper}";
|
||||
value =
|
||||
{
|
||||
before = map (device: "systemd-cryptsetup@${device}.service") device.value.before;
|
||||
overrideStrategy = "asDropin";
|
||||
};
|
||||
})
|
||||
(builtins.filter (device: device.value.before != null) (inputs.localLib.attrsToList luks.auto)));
|
||||
};})
|
||||
(inputs.lib.mkIf luks.manual.enable
|
||||
{
|
||||
boot.initrd =
|
||||
{
|
||||
luks.forceLuksSupportInInitrd = true;
|
||||
systemd =
|
||||
{
|
||||
services.wait-manual-decrypt =
|
||||
{
|
||||
wantedBy = [ "initrd-root-fs.target" ];
|
||||
before = [ "roll-rootfs.service" ];
|
||||
unitConfig.DefaultDependencies = false;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = builtins.concatStringsSep "\n" (builtins.map
|
||||
(device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done")
|
||||
(inputs.localLib.attrsToList luks.manual.devices));
|
||||
};
|
||||
extraBin.cryptsetup = "${inputs.pkgs.cryptsetup}/bin/cryptsetup";
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
28
modules/system/fileSystems/nfs.nix
Normal file
28
modules/system/fileSystems/nfs.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.system.fileSystems.mount.nfs = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.attrsOf types.nonEmptyStr); default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system.fileSystems.mount) nfs; in inputs.lib.mkIf (nfs != null)
|
||||
{
|
||||
fileSystems = builtins.listToAttrs (builtins.map
|
||||
(device:
|
||||
{
|
||||
name = device.value;
|
||||
value = { device = device.name; fsType = "nfs"; neededForBoot = true; };
|
||||
})
|
||||
(inputs.localLib.attrsToList nfs));
|
||||
boot.initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
systemd.extraBin =
|
||||
{
|
||||
"ifconfig" = "${inputs.pkgs.nettools}/bin/ifconfig";
|
||||
"mount.nfs" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs";
|
||||
"mount.nfs4" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs4";
|
||||
};
|
||||
};
|
||||
services.rpcbind.enable = true;
|
||||
};
|
||||
}
|
||||
@@ -5,7 +5,7 @@ inputs:
|
||||
variant = mkOption
|
||||
{
|
||||
type = types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" "cachyos-server" "zen" ];
|
||||
default = "xanmod-latest";
|
||||
default = "xanmod-lts";
|
||||
};
|
||||
patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
modules =
|
||||
|
||||
@@ -75,10 +75,10 @@ inputs:
|
||||
(builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.ssid}";
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.ssid;
|
||||
matchConfig.Name = network;
|
||||
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
|
||||
@@ -13,6 +13,8 @@ inputs:
|
||||
"vm.oom_dump_tasks" = false;
|
||||
"vm.overcommit_memory" = inputs.lib.mkDefault 1;
|
||||
"kernel.sysrq" = 438;
|
||||
# set to larger value, otherwise the system will be very slow on low memory machines
|
||||
"vm.vfs_cache_pressure" = 100;
|
||||
};
|
||||
}
|
||||
(inputs.lib.mkIf (sysctl.laptop-mode != null) { boot.kernel.sysctl."vm.laptop_mode" = sysctl.laptop-mode; })
|
||||
|
||||
@@ -56,7 +56,7 @@ inputs:
|
||||
(system:
|
||||
{
|
||||
name = system.config.nixos.system.networking.hostname;
|
||||
value = system.config.nixos.system.fileSystems.decrypt.manual;
|
||||
value = system.config.nixos.system.fileSystems.luks.manual;
|
||||
})
|
||||
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
|
||||
cat = "${inputs.pkgs.coreutils}/bin/cat";
|
||||
@@ -68,7 +68,8 @@ inputs:
|
||||
(builtins.map (system: builtins.concatStringsSep "\n"
|
||||
[
|
||||
"decrypt-${system.name}() {"
|
||||
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
|
||||
" key=$(${cat} ${inputs.topInputs.self}/modules/system/fileSystems/luks/${system.name}.key \\"
|
||||
" | ${gpg} --decrypt)"
|
||||
(builtins.concatStringsSep "\n" (builtins.map
|
||||
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
|
||||
+ (if device.value.ssd then "--allow-discards " else "")
|
||||
|
||||
@@ -2,7 +2,7 @@ inputs:
|
||||
{
|
||||
config.home-manager.users.chn.config.programs.plasma.configFile =
|
||||
let
|
||||
inherit (inputs.topInputs.self.src) nixos-wallpaper;
|
||||
inherit (inputs.topInputs) nixos-wallpaper;
|
||||
wallpaper =
|
||||
{
|
||||
pc = "${nixos-wallpaper}/pixiv-117612023.png";
|
||||
|
||||
@@ -22,6 +22,9 @@ inputs:
|
||||
hjp = 1008;
|
||||
zzn = 1009;
|
||||
wm = 1010;
|
||||
GROUPIII-1 = 1011;
|
||||
GROUPIII-2 = 1012;
|
||||
GROUPIII-3 = 1013;
|
||||
misskey-misskey = 2000;
|
||||
misskey-misskey-old = 2001;
|
||||
frp = 2002;
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
int main()
|
||||
{
|
||||
using namespace biu::literals;
|
||||
struct student
|
||||
{
|
||||
int number;
|
||||
|
||||
@@ -55,26 +55,24 @@ inputs: rec
|
||||
{
|
||||
inherit vtst src;
|
||||
inherit (inputs.pkgs.intelPackages_2023) stdenv;
|
||||
mpi = inputs.pkgs.intelPackages_2023.intel-mpi;
|
||||
hdf5 = hdf5-oneapi;
|
||||
mpi = inputs.pkgs.openmpi.override
|
||||
{
|
||||
inherit (inputs.pkgs.intelPackages_2023) stdenv;
|
||||
enableSubstitute = false;
|
||||
};
|
||||
hdf5 = inputs.pkgs.hdf5.override
|
||||
{
|
||||
inherit (inputs.pkgs.intelPackages_2023) stdenv;
|
||||
cppSupport = false;
|
||||
fortranSupport = true;
|
||||
enableShared = false;
|
||||
enableStatic = true;
|
||||
};
|
||||
};
|
||||
hdf5-nvhpc = inputs.pkgs.callPackage ./vasp/hdf5-nvhpc { inherit lmod nvhpc; inherit (inputs.pkgs.hdf5) src; };
|
||||
hdf5-oneapi = inputs.pkgs.hdf5.override
|
||||
{
|
||||
inherit (inputs.pkgs.intelPackages_2023) stdenv;
|
||||
cppSupport = false;
|
||||
fortranSupport = true;
|
||||
# mpiSupport = true;
|
||||
enableShared = false;
|
||||
enableStatic = true;
|
||||
# fortran = builtins.toFile "empty" "";
|
||||
# mpi = builtins.toFile "empty" "";
|
||||
};
|
||||
vtst = (inputs.pkgs.callPackage ./vasp/vtst.nix {});
|
||||
vtstscripts = inputs.pkgs.callPackage ./vasp/vtstscripts.nix {};
|
||||
};
|
||||
# TODO: use other people packaged hpc version
|
||||
oneapi = inputs.pkgs.callPackage ./oneapi.nix {};
|
||||
mumax = inputs.pkgs.callPackage ./mumax.nix { src = inputs.topInputs.mumax; };
|
||||
kylin-virtual-keyboard = inputs.pkgs.libsForQt5.callPackage ./kylin-virtual-keyboard.nix
|
||||
{ src = inputs.topInputs.kylin-virtual-keyboard; };
|
||||
@@ -104,6 +102,7 @@ inputs: rec
|
||||
git-lfs-transfer = inputs.pkgs.callPackage ./git-lfs-transfer.nix { src = inputs.topInputs.git-lfs-transfer; };
|
||||
py4vasp = inputs.pkgs.callPackage ./py4vasp.nix { src = inputs.topInputs.py4vasp; };
|
||||
pocketfft = inputs.pkgs.callPackage ./pocketfft.nix { src = inputs.topInputs.pocketfft; };
|
||||
spectroscopy = inputs.pkgs.callPackage ./spectroscopy.nix { src = inputs.topInputs.spectroscopy; };
|
||||
|
||||
fromYaml = content: builtins.fromJSON (builtins.readFile
|
||||
(inputs.pkgs.runCommand "toJSON" {}
|
||||
|
||||
@@ -12,10 +12,9 @@ endif()
|
||||
|
||||
set(HPCSTAT_VERSION "unknown" CACHE STRING "Version of the hpcstat")
|
||||
|
||||
find_package(Boost REQUIRED COMPONENTS headers filesystem)
|
||||
find_package(Boost REQUIRED COMPONENTS url)
|
||||
find_package(SqliteOrm REQUIRED)
|
||||
find_package(nlohmann_json REQUIRED)
|
||||
find_package(range-v3 REQUIRED)
|
||||
find_package(date REQUIRED)
|
||||
find_package(httplib REQUIRED)
|
||||
find_package(termcolor REQUIRED)
|
||||
@@ -27,9 +26,8 @@ add_executable(hpcstat src/main.cpp src/env.cpp src/keys.cpp src/ssh.cpp src/sql
|
||||
# target_compile_features(hpcstat PRIVATE cxx_std_26)
|
||||
target_compile_options(hpcstat PRIVATE "-std=c++26")
|
||||
target_include_directories(hpcstat PRIVATE ${PROJECT_SOURCE_DIR}/include)
|
||||
target_link_libraries(hpcstat PRIVATE Boost::headers Boost::filesystem sqlite_orm::sqlite_orm
|
||||
nlohmann_json::nlohmann_json range-v3::range-v3 date::date date::date-tz httplib::httplib
|
||||
termcolor::termcolor biu::biu OpenXLSX::OpenXLSX)
|
||||
target_link_libraries(hpcstat PRIVATE Boost::url sqlite_orm::sqlite_orm nlohmann_json::nlohmann_json date::date
|
||||
date::date-tz httplib::httplib termcolor::termcolor biu::biu OpenXLSX::OpenXLSX)
|
||||
target_compile_definitions(hpcstat PRIVATE HPCSTAT_VERSION="${HPCSTAT_VERSION}")
|
||||
|
||||
install(TARGETS hpcstat RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
|
||||
@@ -53,23 +53,20 @@ int main(int argc, const char** argv)
|
||||
double percent = disk_stat->Total / 800 * 100;
|
||||
auto color = percent > 95 ? termcolor::red<char> :
|
||||
percent > 80 ? termcolor::yellow<char> : termcolor::green<char>;
|
||||
auto bgcolor = percent > 95 ? termcolor::on_red<char> :
|
||||
percent > 80 ? termcolor::on_yellow<char> : termcolor::on_green<char>;
|
||||
std::cout
|
||||
<< color << "disk usage: " << termcolor::reset
|
||||
<< bgcolor << termcolor::white
|
||||
<< "{:.1f}% ({:.1f}GB / ~800GB)"_f(percent, disk_stat->Total) << termcolor::reset
|
||||
<< color << " (estimated, counted at {})\n"_f(disk_stat->Time) << termcolor::reset;
|
||||
// 设置背景色后有时会难以辨认,因此只设置前景色
|
||||
std::cout << color
|
||||
<< "disk usage: {:.1f}% ({:.1f}GB / ~800GB) (estimated, counted at {})\n"_f
|
||||
(percent, disk_stat->Total, disk_stat->Time);
|
||||
if (percent > 80)
|
||||
{
|
||||
std::cout << color << "Top 3 directories owned by teacher:\n";
|
||||
std::cout << "Top 3 directories owned by teacher:\n";
|
||||
for (auto& [name, size] : disk_stat->Teacher | ranges::views::take(3))
|
||||
std::cout << " {:.1f}GB {}\n"_f(size, name);
|
||||
std::cout << color << "Top 3 directories owned by student:\n";
|
||||
std::cout << "Top 3 directories owned by student:\n";
|
||||
for (auto& [name, size] : disk_stat->Student | ranges::views::take(3))
|
||||
std::cout << " {:.1f}GB {}\n"_f(size, name);
|
||||
std::cout << termcolor::reset;
|
||||
}
|
||||
std::cout << termcolor::reset;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,90 +0,0 @@
|
||||
{
|
||||
version ? "2024.0",
|
||||
stdenvNoCC, fetchurl, buildFHSEnv,
|
||||
ncurses
|
||||
}:
|
||||
let
|
||||
versions =
|
||||
{
|
||||
"2022.2" =
|
||||
{
|
||||
basekit =
|
||||
{
|
||||
id = "18673";
|
||||
version = "2022.2.0.262";
|
||||
sha256 = "03qx6sb58mkhc7iyc8va4y1ihj6l3155dxwmqj8dfw7j2ma7r5f6";
|
||||
components =
|
||||
[
|
||||
"intel.oneapi.lin.dpcpp-ct"
|
||||
"intel.oneapi.lin.dpcpp_dbg"
|
||||
"intel.oneapi.lin.dpl"
|
||||
"intel.oneapi.lin.tbb.devel"
|
||||
"intel.oneapi.lin.ccl.devel"
|
||||
"intel.oneapi.lin.dpcpp-cpp-compiler"
|
||||
"intel.oneapi.lin.dpl"
|
||||
"intel.oneapi.lin.mkl.devel"
|
||||
];
|
||||
};
|
||||
hpckit =
|
||||
{
|
||||
id = "18679";
|
||||
version = "2022.2.0.191";
|
||||
sha256 = "0swz4w9bn58wwqjkqhjqnkcs8k8ms9nn9s8k7j5w6rzvsa6817d2";
|
||||
};
|
||||
};
|
||||
"2024.0" =
|
||||
{
|
||||
basekit =
|
||||
{
|
||||
id = "163da6e4-56eb-4948-aba3-debcec61c064";
|
||||
version = "2024.0.1.46";
|
||||
sha256 = "1sp1fgjv8xj8qxf8nv4lr1x5cxz7xl5wv4ixmfmcg0gyk28cjq1g";
|
||||
};
|
||||
hpckit =
|
||||
{
|
||||
id = "67c08c98-f311-4068-8b85-15d79c4f277a";
|
||||
version = "2024.0.1.38";
|
||||
sha256 = "06vpdz51w2v4ncgk8k6y2srlfbbdqdmb4v4bdwb67zsg9lmf8fp9";
|
||||
};
|
||||
};
|
||||
};
|
||||
builder = buildFHSEnv
|
||||
{
|
||||
name = "builder";
|
||||
targetPkgs = pkgs: with pkgs; [ coreutils zlib ];
|
||||
extraBwrapArgs = [ "--bind" "$out" "$out" ];
|
||||
runScript = "sh";
|
||||
};
|
||||
componentString = components: if components == null then "--components default" else
|
||||
" --components " + (builtins.concatStringsSep ":" components);
|
||||
in stdenvNoCC.mkDerivation rec
|
||||
{
|
||||
pname = "oneapi";
|
||||
inherit version;
|
||||
basekit = fetchurl
|
||||
{
|
||||
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/${versions.${version}.basekit.id}/"
|
||||
+ "l_BaseKit_p_${versions.${version}.basekit.version}_offline.sh";
|
||||
sha256 = versions.${version}.basekit.sha256;
|
||||
};
|
||||
hpckit = fetchurl
|
||||
{
|
||||
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/${versions.${version}.hpckit.id}/"
|
||||
+ "l_HPCKit_p_${versions.${version}.hpckit.version}_offline.sh";
|
||||
sha256 = versions.${version}.hpckit.sha256;
|
||||
};
|
||||
phases = [ "installPhase" ];
|
||||
nativeBuildInputs = [ ncurses ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out
|
||||
${builder}/bin/builder ${basekit} -a --silent --eula accept --install-dir $out/share/intel \
|
||||
${componentString versions.${version}.basekit.components or null}
|
||||
${builder}/bin/builder ${hpckit} -a --silent --eula accept --install-dir $out/share/intel \
|
||||
${componentString versions.${version}.hpckit.components or null}
|
||||
${builder}/bin/builder $out/share/intel/modulefiles-setup.sh --output-dir=$out/share/intel/modulefiles \
|
||||
--ignore-latest
|
||||
'';
|
||||
dontFixup = true;
|
||||
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
|
||||
}
|
||||
@@ -1,13 +1,7 @@
|
||||
{
|
||||
stdenv, lib, sbatchConfig ? null, substituteAll, runCommand,
|
||||
cmake, pkg-config, ftxui, biu
|
||||
}:
|
||||
stdenv.mkDerivation
|
||||
{ stdenv, cmake, pkg-config, ftxui, biu }: stdenv.mkDerivation
|
||||
{
|
||||
name = "sbatch-tui";
|
||||
src = ./.;
|
||||
preConfigure = lib.optionalString (sbatchConfig != null)
|
||||
"cp ${substituteAll ({ src = ./src/device.cpp.template; } // sbatchConfig)} src/device.cpp";
|
||||
buildInputs = [ ftxui biu ];
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
}
|
||||
|
||||
@@ -130,20 +130,22 @@ int main()
|
||||
state.submit_command =
|
||||
"sbatch --ntasks=1\n--gpus=1\n--job-name='{}'\n--output='{}'\nvasp-nvidia-{}"_f
|
||||
(state.job_name, state.output_file, state.vasp_version_entries[state.vasp_version_selected]);
|
||||
else if (state.device_type_entries[state.device_type_selected] == "CPU")
|
||||
else if (state.device_type_entries[state.device_type_selected] == "manually select GPU")
|
||||
state.submit_command =
|
||||
"sbatch --ntasks={}\n--cpus-per-task={}\n--hint=nomultithread\n--job-name='{}'\n--output='{}'"
|
||||
"\nvasp-intel-{}"_f
|
||||
"sbatch --ntasks=1\n--gres=gpu:{}:1\n--job-name='{}'\n--output='{}'\nvasp-nvidia-{}"_f
|
||||
(
|
||||
state.mpi_threads, state.openmp_threads, state.job_name, state.output_file,
|
||||
state.vasp_version_entries[state.vasp_version_selected]
|
||||
state.gpu_entries[state.gpu_selected],
|
||||
state.job_name, state.output_file, state.vasp_version_entries[state.vasp_version_selected]
|
||||
);
|
||||
else state.submit_command =
|
||||
"sbatch --ntasks=1\n--gres=gpu:{}:1\n--job-name='{}'\n--output='{}'\nvasp-nvidia-{}"_f
|
||||
"sbatch --ntasks={}\n--cpus-per-task={}\n"
|
||||
"--export=ALL,OMP_NUM_THREADS={},OMP_STACKSIZE=512m\n--hint=nomultithread\n--job-name='{}'\n"
|
||||
"--output='{}'\n--wrap=\"vasp-intel srun --mpi=pmix vasp-{}\""_f
|
||||
(
|
||||
state.gpu_entries[state.gpu_selected],
|
||||
state.job_name, state.output_file, state.vasp_version_entries[state.vasp_version_selected]
|
||||
state.mpi_threads, state.openmp_threads, state.openmp_threads, state.job_name, state.output_file,
|
||||
state.vasp_version_entries[state.vasp_version_selected]
|
||||
);
|
||||
|
||||
screen.Loop(confirm_interface);
|
||||
if (state.user_command == "quit") return EXIT_FAILURE;
|
||||
else if (state.user_command == "back") continue;
|
||||
|
||||
12
packages/spectroscopy.nix
Normal file
12
packages/spectroscopy.nix
Normal file
@@ -0,0 +1,12 @@
|
||||
{ src, python3, stdenv }: stdenv.mkDerivation
|
||||
{
|
||||
name = "spectroscopy";
|
||||
phases = [ "installPhase" "fixupPhase" ];
|
||||
buildInputs = [ python3 ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/${python3.sitePackages}
|
||||
cp -r ${src}/lib/spectroscopy $out/${python3.sitePackages}
|
||||
cp -r ${src}/scripts $out/bin
|
||||
'';
|
||||
}
|
||||
@@ -1,35 +1,45 @@
|
||||
{
|
||||
stdenv, src, rsync, which, wannier90, hdf5, vtst, mpi, mkl
|
||||
}: stdenv.mkDerivation
|
||||
{
|
||||
name = "vasp-intel";
|
||||
inherit src;
|
||||
# patches = [ ../vtst.patch ];
|
||||
configurePhase =
|
||||
''
|
||||
cp ${./makefile.include} makefile.include
|
||||
chmod +w makefile.include
|
||||
cp ${../constr_cell_relax.F} src/constr_cell_relax.F
|
||||
# cp -r ${vtst}/* src
|
||||
chmod -R +w src
|
||||
'';
|
||||
buildInputs = [ hdf5 wannier90 mkl ];
|
||||
nativeBuildInputs = [ rsync which mpi ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
|
||||
mkdir $out/src
|
||||
ln -s ${src} $out/src/vasp
|
||||
ln -s ${vtst} $out/src/vtst
|
||||
'';
|
||||
stdenv, src, writeShellScriptBin, lib,
|
||||
rsync, which, wannier90, hdf5, vtst, mpi, mkl
|
||||
}:
|
||||
let vasp = stdenv.mkDerivation
|
||||
{
|
||||
name = "vasp-intel";
|
||||
inherit src;
|
||||
# patches = [ ../vtst.patch ];
|
||||
configurePhase =
|
||||
''
|
||||
cp ${./makefile.include} makefile.include
|
||||
chmod +w makefile.include
|
||||
cp ${../constr_cell_relax.F} src/constr_cell_relax.F
|
||||
# cp -r ${vtst}/* src
|
||||
chmod -R +w src
|
||||
'';
|
||||
buildInputs = [ hdf5 wannier90 mkl ];
|
||||
nativeBuildInputs = [ rsync which mpi ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
|
||||
mkdir $out/src
|
||||
ln -s ${src} $out/src/vasp
|
||||
ln -s ${vtst} $out/src/vtst
|
||||
'';
|
||||
|
||||
# NIX_DEBUG = "7";
|
||||
# NIX_DEBUG = "7";
|
||||
|
||||
# enable parallel build
|
||||
enableParallelBuilding = true;
|
||||
DEPS = "1";
|
||||
# enable parallel build
|
||||
enableParallelBuilding = true;
|
||||
DEPS = "1";
|
||||
|
||||
# vasp directly include headers under ${mkl}/include/fftw
|
||||
MKLROOT = mkl;
|
||||
}
|
||||
# vasp directly include headers under ${mkl}/include/fftw
|
||||
MKLROOT = mkl;
|
||||
|
||||
# tell openmpi use ifx
|
||||
OMPI_F90 = "ifx";
|
||||
};
|
||||
in writeShellScriptBin "vasp-intel"
|
||||
''
|
||||
export PATH=${vasp}/bin:${mpi}/bin''${PATH:+:$PATH}
|
||||
exec "$@"
|
||||
''
|
||||
|
||||
@@ -12,8 +12,8 @@ CPP_OPTIONS = -DHOST=\"LinuxIFC\" \
|
||||
|
||||
CPP = fpp -f_com=no -free -w0 $*$(FUFFIX) $*$(SUFFIX) $(CPP_OPTIONS)
|
||||
|
||||
FC = mpiifx -qopenmp
|
||||
FCL = mpiifx
|
||||
FC = mpif90 -qopenmp
|
||||
FCL = mpif90
|
||||
|
||||
FREE = -free -names lowercase
|
||||
|
||||
@@ -42,7 +42,7 @@ CXX_PARS = icpx
|
||||
LLIBS = -lstdc++
|
||||
|
||||
FCL += -qmkl
|
||||
LLIBS += -lmkl_scalapack_lp64 -lmkl_blacs_intelmpi_lp64
|
||||
LLIBS += -lmkl_scalapack_lp64 -lmkl_intel_lp64 -lmkl_intel_thread -lmkl_core -lmkl_blacs_openmpi_lp64
|
||||
INCS =-I$(MKLROOT)/include/fftw
|
||||
|
||||
CPP_OPTIONS+= -DVASP_HDF5
|
||||
|
||||
Reference in New Issue
Block a user