mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 04:19:22 +08:00
Compare commits
895 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0d444e570b | |||
| fcf9cb1943 | |||
| 6b080d7bed | |||
| a8fbca34c6 | |||
| 29f9309318 | |||
| e86581da43 | |||
| 1264a0e612 | |||
| 3967974068 | |||
| cfd8b12cff | |||
| ae6d56ebb3 | |||
| 6e7e78dd02 | |||
| 0b19563969 | |||
| c5273d720b | |||
| bda92824eb | |||
| 3893587b48 | |||
| c0e919adf4 | |||
| 1b7f706e51 | |||
| ad9ed28fca | |||
| 6c6a234a26 | |||
| 136583cf51 | |||
| 2ffc8c79e4 | |||
| 7cc2d28861 | |||
| a75179b11c | |||
| 2765efb973 | |||
| fb857db9f4 | |||
| 5227790451 | |||
| 4705912140 | |||
| 5eb9eaa199 | |||
| 64088c407f | |||
| 28fde40cc4 | |||
| 39461fb577 | |||
| 921ab1d8df | |||
| 593c01b039 | |||
| 238934ad36 | |||
| 0f0376a57d | |||
| 05a333756d | |||
| b868f94d01 | |||
| 544d600638 | |||
| 608fa7f46e | |||
| c515e4f3c6 | |||
| f25ff89cf4 | |||
| 553dd25488 | |||
| 7f86a2ea61 | |||
| 053ac5668e | |||
| 980edd9751 | |||
| ed9bad8211 | |||
| 27ff9dc82e | |||
| 66ef3a1eb9 | |||
| bd08ec2f3e | |||
| 566a917571 | |||
| 444449207e | |||
| ebfc90518f | |||
| 743e422b4f | |||
| 1e8b796512 | |||
| 2dbf1482e2 | |||
| fd7fc7aae2 | |||
| 804ffc9554 | |||
| 22e1d4f2f2 | |||
| bd95e5c7e5 | |||
| 8dcbc18eb9 | |||
| dc7d59fceb | |||
| a7f522bce8 | |||
| 0228860e5c | |||
| 23efd75504 | |||
| 9830bb15dc | |||
| b211e84d01 | |||
| 4028dc1d56 | |||
| fd1a81355c | |||
| b5965e2802 | |||
| 7a5a86b369 | |||
| 654798b1f8 | |||
| 011dcfd152 | |||
| 8ca519ac2f | |||
| 02a1232cf3 | |||
| f4a0e8385b | |||
| fcb5071e84 | |||
| c2cec0a10d | |||
| bb7ca773c0 | |||
| f793e2d42a | |||
| 1ea6614a9e | |||
| ac34dae3a7 | |||
| 7249047645 | |||
| 998d9a9b48 | |||
| b56e637660 | |||
| 1da5f62e4b | |||
| b8533c6f3e | |||
| 4171d3de62 | |||
| c86532bddd | |||
| 822fe1753f | |||
| aaf5948f80 | |||
| 83f7ea173c | |||
| 67bf92e772 | |||
| 5054b557bf | |||
| c07d104f44 | |||
| 4b0e7e2e5e | |||
| b7469542eb | |||
| 6114a8b0ca | |||
| a8351c6088 | |||
| 092885fce9 | |||
| 2afc42229f | |||
| 554a777637 | |||
| 8c685cf593 | |||
| 0741b1712a | |||
| 3f471d64f0 | |||
| 898f5cd3f5 | |||
| 7c34f06866 | |||
| 40d4dbbaed | |||
| 5100a482cf | |||
| 0b270cb9c2 | |||
| 1089ac48a3 | |||
| 2ac5d01af4 | |||
| e5c3eaa8a5 | |||
| 6b5067e2fd | |||
| 62b1926ab1 | |||
| 454463cd63 | |||
| ff80a7ce49 | |||
| dac39597cc | |||
| 7a19c017d4 | |||
| 7fe7b2382c | |||
| 806666b53c | |||
| bb0207cae6 | |||
| 292dc56aa9 | |||
| 934162ac8f | |||
| 7db2b38ca5 | |||
| 80f32d8d4e | |||
| 313b12364f | |||
| 5765835b87 | |||
| bb5da73734 | |||
| 9e22ca65c3 | |||
| d9d78424fc | |||
| 5c0b5ca78e | |||
| 94b67b308e | |||
| cdad2d0381 | |||
| 668b18d525 | |||
| 188c352cb6 | |||
| 0ef84c6c79 | |||
| fa396bd0ed | |||
| e718ccbae2 | |||
| 4012bc95d4 | |||
| 043050a491 | |||
| 38641ff593 | |||
| fbfad2b2a3 | |||
| b7d64b6d2f | |||
| ba7db8d042 | |||
| cb9604bb06 | |||
| 90bd7bf0f8 | |||
| 338f9072b3 | |||
| b56b6a8fcd | |||
| b0cbaf7a46 | |||
| 70caf942de | |||
| 66111e1dec | |||
| f39285ff0e | |||
| 9d5807d52a | |||
| e1e665d7f1 | |||
| 9874e9dce7 | |||
| 6b76ce497a | |||
| eda474f7d6 | |||
| 457bd2571c | |||
| 599b1e7ac0 | |||
| bcafae7509 | |||
| 86ff4c3feb | |||
| d3e11bae79 | |||
| d6a63ed7e5 | |||
| 8fb107b071 | |||
| c0eed934c7 | |||
| 1498a1989b | |||
| 8e029de511 | |||
| c9a231a4b2 | |||
| 4c1c00fcc5 | |||
| b0fee64fc7 | |||
| 2acd77be56 | |||
| b824220f15 | |||
| 2150fe6636 | |||
| 8f72efadd3 | |||
| 4a5e976d5b | |||
| 9858c48d90 | |||
| 2eb6f4ae67 | |||
| b4df678546 | |||
| 8bcecb9d9b | |||
| 2f40ba8166 | |||
| 7483935e93 | |||
| 8db43a7812 | |||
| 48bab70958 | |||
| 72337e2c7e | |||
| 9d0bea2683 | |||
| e4cf0007a3 | |||
| b745e79f6c | |||
| 6af5814ca6 | |||
| 53f596508e | |||
| 527e0028de | |||
| 19c1babd3c | |||
| 4e81de1d29 | |||
| 80b9ae7d8a | |||
| 01bde3548b | |||
| 8ee26927d0 | |||
| ce4b8d824a | |||
| 4c398d466a | |||
| cba657be2a | |||
| e19d24ee28 | |||
| 475a122108 | |||
| ceb1172d69 | |||
| 2e27420fb6 | |||
| 5197fb8afe | |||
| 6a1dbc7c3d | |||
| b0d4cb637a | |||
| 524953cff7 | |||
| 04975b986e | |||
| 4b4c883448 | |||
| 0cd648767b | |||
| 377a1a9011 | |||
| 5385eb7b7a | |||
| ffc17cf127 | |||
| df3f1d0ff2 | |||
| 9e59ef502b | |||
| 33c47388a8 | |||
| 8f5567576b | |||
| 2099aa9e12 | |||
| 0dfd0219af | |||
| da4f5fa5c5 | |||
| 505f93053f | |||
| ca26d7f8e1 | |||
| 3849301a72 | |||
| a12ff043e1 | |||
| 39ed76bae4 | |||
| 5066a83d6f | |||
| f6deb524df | |||
| 7a82f92743 | |||
| 34a444cc94 | |||
| 70f3ebdc42 | |||
| b3802d7ef0 | |||
| eb92fb319e | |||
| 0b9ccc9797 | |||
| 06321475bb | |||
| c21aed27ab | |||
| 3e1b621434 | |||
| f9dc3d7357 | |||
| 72350f15dd | |||
| e8eb6de0c0 | |||
| d3e290f19b | |||
| 5c8b43334f | |||
| 8cc28f6629 | |||
| d3024094ef | |||
| 984a80e1e3 | |||
| 94bfc5f711 | |||
| f4d71c9062 | |||
| 4581ab444c | |||
| 2557a33bc4 | |||
| ae705f203b | |||
| 1dd86833b9 | |||
| 96dbb612d0 | |||
| 1880d6edff | |||
| a72bac2f00 | |||
| 173f7bd6ba | |||
| dc66b05259 | |||
| c4a860ccac | |||
| a028de0e7b | |||
| 34278afedf | |||
| 4d2c9fd540 | |||
| 3244384cd2 | |||
| dbee578ed4 | |||
| 3700de79cb | |||
| 53f77d2873 | |||
| d77e71439d | |||
| aee3956c10 | |||
| 4080010669 | |||
| 502b09d6bc | |||
| 694cc41bf7 | |||
| e0a113747b | |||
| b6b5a7fecd | |||
| d5c7f2d842 | |||
| 28ee978c62 | |||
| a18d464a58 | |||
| c3491c8804 | |||
| 33f4031edc | |||
| 81ef46a464 | |||
| bb46b3b409 | |||
| efbfbb5eb0 | |||
| d1a6a37ed2 | |||
| d9d7bef796 | |||
| 325da64812 | |||
| 6c62d499f1 | |||
| 3639585a86 | |||
| 79084dc8e0 | |||
| ca15905e1a | |||
| bdb0652d24 | |||
| 6a375e241e | |||
| e4583277d3 | |||
| 17f9eb9d8f | |||
| 3d434264b9 | |||
| 411411d0af | |||
| 091f5dfc38 | |||
| c65f295518 | |||
| 50ca8f8232 | |||
| 9acf5a9afb | |||
| 3d6d7bb141 | |||
| 6030a965ce | |||
| 9c13e4efdc | |||
| 04cb3b86dd | |||
| 81874a7bbb | |||
| 6f422a9689 | |||
| f1be2f0d52 | |||
| 37d8d2ecde | |||
| 5afcec1f12 | |||
| cc785838de | |||
| e126b0cb2c | |||
| 25d6f8f4c7 | |||
| ced0fbf714 | |||
| 73d20da10f | |||
| 55a5085c23 | |||
| 6c89c350b1 | |||
| 21074ef749 | |||
| 510185f0ce | |||
| c1a3857389 | |||
| 2eabbf2796 | |||
| 74894efbde | |||
| 055599b5c7 | |||
| 5dabd06e71 | |||
| 289035d755 | |||
| abd242c99b | |||
| 4248975e94 | |||
| 1147ec64b7 | |||
| ab3300d7b4 | |||
| fd8d210336 | |||
| 08c8665cd6 | |||
| 041fc5e3af | |||
| 8493b31634 | |||
| 7f9dae314f | |||
| 1119f659b3 | |||
| a15ee17f22 | |||
| d2630dc2d2 | |||
| 9a0d1dc6a6 | |||
| 9f63ace01e | |||
| 378e8aad93 | |||
| 0f59021493 | |||
| 9d1179e422 | |||
| 06a2d200f3 | |||
| a96d365d58 | |||
| aad50566c8 | |||
| 4f254a863c | |||
| bcd14f67b2 | |||
| 143e14de8b | |||
| f17517d3df | |||
| 1d3022ea5a | |||
| ab3723b0e0 | |||
| 1d0a7261a3 | |||
| 96e7162e61 | |||
| 637620ab1d | |||
| 4979b39f73 | |||
| ba83828393 | |||
| ed1a98d7f8 | |||
| cb51844f5c | |||
| 59c35e4638 | |||
| 7efc011a8e | |||
| 895e371ac9 | |||
| 9b6507c92d | |||
| 995a88a156 | |||
| 010ea9b88f | |||
| a3cfa6a77a | |||
| b244b819dc | |||
| 22867656a5 | |||
| 13d571477b | |||
| 75e3b31219 | |||
| b5002abe0d | |||
| 42080c0b9a | |||
| 26c1e14910 | |||
| 5f9c8e3df2 | |||
| 3219a7283e | |||
| 37d2126c1a | |||
| 2ebd87a5e6 | |||
| 078292edb7 | |||
| a8bbc1d47a | |||
| fae98186d2 | |||
| 715fa9572f | |||
| 2b43d84981 | |||
| 959df1f144 | |||
| 12dd286e99 | |||
| 257e13e463 | |||
| 692de14ca0 | |||
| 5a913287a3 | |||
| 833acb4c21 | |||
| fba563c19b | |||
| 62806e0bab | |||
| efa024f0ae | |||
| 86495bb56f | |||
| 30efbe92a9 | |||
| 0d7eaae89c | |||
| e35e6b2e5d | |||
| 5e7ccc47cb | |||
| d1fc2b0a1c | |||
| b9dba325a9 | |||
| 66bae0761f | |||
| 714cd7c69f | |||
| 9c50c656a0 | |||
| e7771e8bdc | |||
| 348fb3006a | |||
| 52a7c41b93 | |||
| 7321486c25 | |||
| 0df3891fbd | |||
| 40652454e4 | |||
| 8b36f79574 | |||
| 855f656370 | |||
| 3f781ac120 | |||
| 71c90fe22a | |||
| 571b13476b | |||
| 8d3a779c28 | |||
| c7ab6b7536 | |||
| 4d55cb17c1 | |||
| 05ab0566cc | |||
| 8f36c57ff2 | |||
| ef02d3c7f8 | |||
| fabc48e0fc | |||
| 78d58ab06e | |||
| 4fa5f39eb4 | |||
| 3b8f573ccb | |||
| 7fe7b2aa00 | |||
| 9c10a367b2 | |||
| 1f726c3eef | |||
| e8774e5943 | |||
| a107201eb4 | |||
| 608693e1c5 | |||
| a8dc47bc3d | |||
| d322beb664 | |||
| 4d42334ed7 | |||
| c8d6ec6ff6 | |||
| 8ac73e5836 | |||
| 7f496e3f6c | |||
| bfeeb85235 | |||
| 5f909eed0c | |||
| c75c07f8df | |||
| 1a1e8c3b65 | |||
| 82b04b897a | |||
| 9ef5d5f35d | |||
| 1932d80220 | |||
| bc12375d04 | |||
| 1dde3e856b | |||
| a7976ae167 | |||
| 746b438058 | |||
| f480369f68 | |||
| e4e85996f5 | |||
| 890744ad77 | |||
| 06967ccffd | |||
| a1ce57fdbe | |||
| 832ca323d1 | |||
| 4c3a1a817d | |||
| a5a39007f6 | |||
| 766bf76564 | |||
| dd6298798c | |||
| efbb595678 | |||
| 179caceae0 | |||
| 8f2d054ae8 | |||
| 98c0d7824a | |||
| b48d3eeec1 | |||
| cca3d3afd3 | |||
| 0a2c1fe437 | |||
| 9320855ceb | |||
| dcc7f21f73 | |||
| 6d1e006741 | |||
| 2b281efb50 | |||
| de8aaf388c | |||
| 50e6069aed | |||
| dc0f444481 | |||
| f57bd8bb9b | |||
| 39d4ff9d4f | |||
| 24718f4125 | |||
| 21b04d953d | |||
| 21e9f53b39 | |||
| b8f27cc8e9 | |||
| 587bd4ded1 | |||
| f1c231bccc | |||
| 601dfa050d | |||
| 4887332da8 | |||
| f310054b03 | |||
| 8ced3ce943 | |||
| 47617baea8 | |||
| 65d05e7676 | |||
| feed87db2d | |||
| 8faf4b1d5c | |||
| d88d904013 | |||
| 5793e62f6a | |||
| 9c267052b0 | |||
| c69bd56b5f | |||
| 8e9185ec6b | |||
| 9774ea9a2d | |||
| ed57489bb3 | |||
| 2c3687b785 | |||
| 627f9cf9a8 | |||
| d83c3f38da | |||
| f43da51a0a | |||
| 7a3f945ca8 | |||
| 1c42579bc4 | |||
| 5d295ce114 | |||
| 0dc2fe9131 | |||
| 9aed79f30d | |||
| 32fe05d653 | |||
| 3988d626fc | |||
| 2b2fbd4ab5 | |||
| 351f8cd9fa | |||
| 5b95c9d5a5 | |||
| 2f4034a3f8 | |||
| 45eaad9ee2 | |||
| 77df06600d | |||
| e55578eb81 | |||
| 1224574cfa | |||
| 2d4555757e | |||
| 80b72bde87 | |||
| 70c53aa3cc | |||
| e6abe12bad | |||
| ff6cb0c803 | |||
| b8e5327c09 | |||
| e6e636ea09 | |||
| cac01d62a1 | |||
| 949cf6c326 | |||
| 04d6e0bc32 | |||
| 5884f26e5c | |||
| 7fed1fee7f | |||
| dc24c38857 | |||
| 3073c1ad9c | |||
| 5a534cd763 | |||
| 42b6ffe6c8 | |||
| e8423a9153 | |||
| ce94df1856 | |||
| 1768853fba | |||
| e5b982560d | |||
| e8e380e469 | |||
| 62774e052a | |||
| 656ffa32ac | |||
| c499715522 | |||
| 2eb0dedb04 | |||
| 298bba7dcd | |||
| 5ddaf317d6 | |||
| b56f81fc23 | |||
| 9ee1927cde | |||
| 918ff6641b | |||
| 7c20bab9ec | |||
| 1c88cf7607 | |||
| b96dda6f08 | |||
| 01c1389c79 | |||
| 2c76ca9425 | |||
| 2c1e466966 | |||
| 82435ec7ea | |||
| c26bdc7fd6 | |||
| 73b1e11052 | |||
| 76c5317b86 | |||
| ca3564ab44 | |||
| 6748c57588 | |||
| a8103fb3da | |||
| 14683a9711 | |||
| 22697b4caf | |||
| 37eb856076 | |||
| 38f6f97c2a | |||
| 7662b92c95 | |||
| 7a55486bb2 | |||
| 62913af307 | |||
| c96f02281d | |||
| c76256de89 | |||
| 491ff62f89 | |||
| c9dce7648c | |||
| b0d0566b7c | |||
| 5d6a98225d | |||
| 533f2d96f0 | |||
| 5fc8a9f7e8 | |||
| 38ea01a1f0 | |||
| b2cad6faee | |||
| cbbb6485fc | |||
| 1f3d8a189e | |||
| 0a9eac14de | |||
| 8cb7807383 | |||
| 5b11399fab | |||
| dc61586a4e | |||
| 450fac54c7 | |||
| 674ea92cf4 | |||
| 3fbb32955e | |||
| 1a196c3eec | |||
| 71af517886 | |||
| 97be517f27 | |||
| ba9c67d7e8 | |||
| f53e3d726a | |||
| f09d1f0717 | |||
| 7f442b2532 | |||
| 32b47cd5dd | |||
| df93212d11 | |||
| 8babcc5185 | |||
| 96d507a5ee | |||
| 21ec879c84 | |||
| 4c7c357aca | |||
| ce6b60b150 | |||
| 30c283523a | |||
| 66a7da7c0c | |||
| d0836dd35e | |||
| 4516dd39b3 | |||
| 97f36d2e92 | |||
| 2ded7a75f0 | |||
| 8379b95651 | |||
| 26d8e48e61 | |||
| 125bab0ea8 | |||
| 1f108a4ffc | |||
| 1259ace667 | |||
| 1325418934 | |||
| 780f86a0b7 | |||
| b6495a02a8 | |||
| e171f3cd97 | |||
| 6b8ecc62c1 | |||
| ef71e54d26 | |||
| b1b76c2984 | |||
| e110601a80 | |||
| cef3a1eb63 | |||
| bb8442a458 | |||
| b8320c00a7 | |||
| 3d162ddfb9 | |||
| ec321e117c | |||
| 29e15e70ab | |||
| eb3ec5828f | |||
| 9ec5772480 | |||
| 7796e96c20 | |||
| a5b9725b41 | |||
| c3e9ac4d3d | |||
| 759f68a0f7 | |||
| 57d73b193e | |||
| 6d528c35d7 | |||
| c027bb456c | |||
| a909023f14 | |||
| 3bc77fcc51 | |||
| 2866e242b2 | |||
| 736494a640 | |||
| 77dd73a2e7 | |||
| 39de1b5e9e | |||
| 012060a249 | |||
| 626aa6d459 | |||
| 82347260e6 | |||
| f6c205131e | |||
| 0d73b8293f | |||
| 8f1b70c22d | |||
| 90d6b827c7 | |||
| 8cb82861e5 | |||
| 78e2016797 | |||
| 126d47b841 | |||
| e6c4fbddab | |||
| b48c1dfe3f | |||
| d3b06ad1b7 | |||
| 5a873bee31 | |||
| f5caaaefe4 | |||
| b72575045a | |||
| 333dd32eee | |||
| f9ef305a80 | |||
| 18cb080b18 | |||
| ee86e9c244 | |||
| 0d45b6ffca | |||
| 8aebad64ce | |||
| d5a24a4323 | |||
| 919eb1247c | |||
| 524285fa67 | |||
| 091c16e887 | |||
| 285d23c2da | |||
| b690132c8e | |||
| 46eb66201c | |||
| 13a2c57312 | |||
| c8fa8a0974 | |||
| c5193590cb | |||
| cf896ff786 | |||
| 663415ad84 | |||
| 907a8f6080 | |||
| 7c32fa3b8a | |||
| 36b140bb16 | |||
| 7e40d8af38 | |||
| f5a3c4af12 | |||
| 03ddd14623 | |||
| 6f50f70cd7 | |||
| a2863615c0 | |||
| 8c38364596 | |||
| 2451f16442 | |||
| b36f9e9f69 | |||
| 585bb26dcb | |||
| f31a38af3c | |||
| 61e6393190 | |||
| c3410d8be0 | |||
| 596d1d4e91 | |||
| 893ed54b79 | |||
| d50ed59209 | |||
| 9da8f28997 | |||
| cf3a47ca56 | |||
| d28d4ec79f | |||
| bb97d11d77 | |||
| 98de92fd76 | |||
| ad40c0457e | |||
| 130e7008d2 | |||
| 74b9384a51 | |||
| d2b6ac8d2c | |||
| d1e3867481 | |||
| 02758bd2e4 | |||
| 78b67438a7 | |||
| 7441e19606 | |||
| fa1d0e6757 | |||
| 135eaf2760 | |||
| 2a04978872 | |||
| 22abe5378f | |||
| 382f74a127 | |||
| 300a69c389 | |||
| e306de5db7 | |||
| 50ca811ac3 | |||
| 9b92bb1180 | |||
| c3b4de09a5 | |||
| 0cd2c914f8 | |||
| 58836ecef9 | |||
| a314644f32 | |||
| 61bc7ae597 | |||
| fc18847cb6 | |||
| b59ef94230 | |||
| 0ea5eb6d03 | |||
| 6b32804066 | |||
| 9f4517773e | |||
| ae1f782dff | |||
| f4e400749c | |||
| 97fc833c2b | |||
| 48ad281bc0 | |||
| 6735cc33a0 | |||
| a5acade462 | |||
| 5ecf78a85c | |||
| f392e70230 | |||
| bd7afc99a4 | |||
| e0104154ea | |||
| 191e065863 | |||
| 0a80195146 | |||
| 34fcbc66fc | |||
| dd3020e7bb | |||
| 499f4e1791 | |||
| a4994d1dfb | |||
| 32202a3ec1 | |||
| 5352384ff3 | |||
| 46ad5f128c | |||
| cc28a59bb7 | |||
| 2db2e83d7c | |||
| a33bfc120a | |||
| 8ff34e7d0d | |||
| 4a40fd812f | |||
| 5e6acc9c20 | |||
| eaf15e7a8d | |||
| ce841d4e48 | |||
| 6f955e6f43 | |||
| ddd6098881 | |||
| 7083a784eb | |||
| 7e1608194e | |||
| b700c0ea23 | |||
| d82bb20cfc | |||
| f5aa96e7c8 | |||
| c1ebd6166b | |||
| fff3ae2b7a | |||
| c46aa581ba | |||
| cea0bded1c | |||
| 4fb265ea29 | |||
| ab5ede9fb5 | |||
| 3e01d93a19 | |||
| b2b7d1386d | |||
| c39bf8ed0a | |||
| dd95b9b282 | |||
| 698991d0b3 | |||
| 4c67d52a15 | |||
| 8221864e9d | |||
| 714aaeb39a | |||
| 9b10352368 | |||
| 3973b407ae | |||
| 1c69e74fd6 | |||
| 845f9c94ec | |||
| ebacc9a82b | |||
| 2502d0a975 | |||
| c6e37edf31 | |||
| f00cf457ae | |||
| 469e3be1c7 | |||
| 6911412e27 | |||
| 6e1b2c7ad8 | |||
| 7a17df0139 | |||
| 96de72a0c8 | |||
| 0317518f64 | |||
| 46440b22f8 | |||
| ae2f7d9852 | |||
| bb58891baa | |||
| dad924dcb0 | |||
| d383fbbb2c | |||
| f87e6e4dd4 | |||
| f6c0840456 | |||
| f07fc8229d | |||
| 706a50de5e | |||
| 3caf00eaee | |||
| 15f9d62cf1 | |||
| e2241af86b | |||
| 3d4b540a92 | |||
| 4786875dba | |||
| fe89f4a8ac | |||
| 5fd6dbf792 | |||
| 63e26a664a | |||
| 67ab1a0da1 | |||
| 91675797ec | |||
| bc7fa692a0 | |||
| db180c731b | |||
| d8c0913979 | |||
| a26a462120 | |||
| ceef07b39b | |||
| 78150703be | |||
| e61225cf06 | |||
| 0f2d9817a6 | |||
| 4c5eb870b8 | |||
| 5600583769 | |||
| 81ab3d6c3a | |||
| cc04e27a66 | |||
| bea7dd3677 | |||
| 489c37d7e8 | |||
| 47826f3113 | |||
| 3a423fe337 | |||
| 17dc62ce98 | |||
| 7e3816d1e3 | |||
| edfb2da897 | |||
| 7175664f77 | |||
| 98eb5bab0e | |||
| 95c4d529e1 | |||
| c30f1d0352 | |||
| 3c4950a061 | |||
| 0d96e6322d | |||
| e3b1b749b0 | |||
| 4bc5622c5b | |||
| a294d6e444 | |||
| 37095dfd06 | |||
| 7126aab865 | |||
| 576c22620a | |||
| 4c90b080e6 | |||
| f62870c965 | |||
| 831e36e41a | |||
| a933a93270 | |||
| 18d17257c3 | |||
| 047122de36 | |||
| b51c261cf7 | |||
| 8259251e4d | |||
| 9d76ad0ec7 | |||
| 015ae9d3a5 | |||
| fc78f269e9 | |||
| bf7248d64a | |||
| d46ad39a3b | |||
| d0c4512a8e | |||
| 9e29ea6c3e | |||
| 5ecce91910 | |||
| 5af7d027b7 | |||
| 2637c4a513 | |||
| 942936a3c7 | |||
| 5f254a7650 | |||
| 7c04e0f3f1 | |||
| 1e2ca2c551 | |||
| d5007d9bd7 | |||
| fc8df93eb8 | |||
| 83bc7c8602 | |||
| 54f8f188d2 | |||
| 89ebb5f256 | |||
| 65d016159d | |||
| ae8d4ebbd7 | |||
| 94a90f3d4d | |||
| beded12ff1 | |||
| 45471454f9 | |||
| ff9b27bf2c | |||
| e88b21fc00 | |||
| fe13324eda | |||
| b44d687899 | |||
| 28f3264875 | |||
| 79a00787ca | |||
| 88f43d1d77 | |||
| f2f39c2d8f | |||
| 3a3634f19d | |||
| ed17582ab9 | |||
| 0be60638fb | |||
| abd1aa43b0 | |||
| a7eba34dbe | |||
| deaf039cc7 | |||
| df742e71a7 | |||
| 9d8e6951d2 | |||
| 052763b90c | |||
| 9a00caf580 | |||
| 1fe989f3e7 | |||
| 910fcaf669 | |||
| ace959b132 | |||
| 700b058620 | |||
| f495477261 | |||
| 4f8845a468 | |||
| fc7e20fd85 | |||
| 15c9101dc6 | |||
| e93b76bb7e | |||
| 2d5df54eff | |||
| 5eabc6d809 | |||
| d4fed10ca5 | |||
| 63d2dca5a3 | |||
| 15417972b1 | |||
| 50ce967423 | |||
| 871c83c8a7 | |||
| 56b41e3e1c | |||
| 2d6bf11b68 | |||
| c110692e6e | |||
| fdf6f791d2 | |||
| 5d270e9c6e | |||
| f2130f53df | |||
| d1e99b55d6 |
5
.gitattributes
vendored
5
.gitattributes
vendored
@@ -1,6 +1 @@
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.icm filter=lfs diff=lfs merge=lfs -text
|
||||
*.jpg filter=lfs diff=lfs merge=lfs -text
|
||||
*.webp filter=lfs diff=lfs merge=lfs -text
|
||||
*.efi filter=lfs diff=lfs merge=lfs -text
|
||||
flake/branch.nix merge=ours
|
||||
|
||||
27
.sops.yaml
27
.sops.yaml
@@ -1,27 +1,26 @@
|
||||
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
|
||||
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- &srv3 age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
|
||||
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
creation_rules:
|
||||
- path_regex: devices/pc/.*$
|
||||
key_groups: [{ age: [ *chn, *pc ] }]
|
||||
- path_regex: devices/vps4/.*$
|
||||
key_groups: [{ age: [ *chn, *vps4 ] }]
|
||||
- path_regex: devices/vps6/.*$
|
||||
key_groups: [{ age: [ *chn, *vps6 ] }]
|
||||
- path_regex: devices/vps7/.*$
|
||||
key_groups: [{ age: [ *chn, *vps7 ] }]
|
||||
- path_regex: devices/nas/.*$
|
||||
key_groups: [{ age: [ *chn, *nas ] }]
|
||||
- path_regex: devices/one/.*$
|
||||
key_groups: [{ age: [ *chn, *one ] }]
|
||||
- path_regex: devices/srv1/secrets/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ] }]
|
||||
- path_regex: devices/srv1/node0/.*$
|
||||
@@ -36,12 +35,16 @@ creation_rules:
|
||||
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
|
||||
- path_regex: devices/srv2/node1/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
|
||||
- path_regex: devices/srv3/.*$
|
||||
key_groups: [{ age: [ *chn, *srv3 ] }]
|
||||
- path_regex: devices/test/.*$
|
||||
key_groups: [{ age: [ *chn, *test ] }]
|
||||
- path_regex: devices/test-pc/.*$
|
||||
key_groups: [{ age: [ *chn, *test-pc ] }]
|
||||
- path_regex: devices/test-pc-vm/.*$
|
||||
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
|
||||
- path_regex: devices/cross/secrets/default.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *vps6, *vps7, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
|
||||
*srv3 ]
|
||||
- age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
|
||||
*test, *test-pc, *test-pc-vm]
|
||||
- path_regex: devices/cross/secrets/chn.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *one, *nas ]
|
||||
- age: [ *chn, *pc, *nas ]
|
||||
|
||||
@@ -3,17 +3,16 @@ let devices =
|
||||
{
|
||||
nas =
|
||||
{
|
||||
"/dev/disk/by-uuid/a47f06e1-dc90-40a4-89ea-7c74226a5449".mapper = "root3";
|
||||
"/dev/disk/by-uuid/b3408fb5-68de-405b-9587-5e6fbd459ea2".mapper = "root4";
|
||||
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-root1".mapper = "root1";
|
||||
"/dev/disk/by-partlabel/nas-root2".mapper = "root2";
|
||||
"/dev/disk/by-partlabel/nas-root3" = { mapper = "root3"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-root4" = { mapper = "root4"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-ssd1" = { mapper = "ssd1"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-ssd2" = { mapper = "ssd2"; ssd = true; };
|
||||
};
|
||||
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
|
||||
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
|
||||
vps7."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
|
||||
srv3 =
|
||||
{
|
||||
"/dev/disk/by-partlabel/srv3-root1" = { mapper = "root1"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/srv3-swap" = { mapper = "swap"; ssd = true; };
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
BIN
devices/cross/luks-manual/vps4.key
Normal file
BIN
devices/cross/luks-manual/vps4.key
Normal file
Binary file not shown.
Binary file not shown.
@@ -21,132 +21,155 @@ users:
|
||||
GROUPIII-3: ENC[AES256_GCM,data:c+HRdDZPugIVI2vmuOlorhjZzxS11c6CJiZ3ZEwFFHfIoIUmGsXoRPGraJ0BjI3W+XZbI6qk211yufTgXLVj7nOVi0PW/9mteg==,iv:H8DlkTjkL/f6Oa2LG3dHRsJuWkEqokUJ/mjMyDnEAc4=,tag:0QmUyfAbYnn7vs4AdwQtYw==,type:str]
|
||||
#ENC[AES256_GCM,data:F347rPlEQZyz,iv:VlbVlc/tFmmoe8lVDza7ZJgHavZ/1NM9mK3KZNVrpbk=,tag:iRdvv0ajtgrJgMe87vBFfA==,type:comment]
|
||||
zzn: ENC[AES256_GCM,data:P76cGOGJK3B7Z3nxZ9BlvvyegJ+4JX25kax7/Bj/0VKsH1cGEfyvNbPH8qYUZqm+zUvqEoFNZKWM4+IQKO7Zo9IXCJhGItL1Nw==,iv:e9lnHecgzSrHJkxumRpKGHzGlYbM5Yov4F4Dd4fIqrc=,tag:G7Cr7d1KZfldzYNRL1eSpA==,type:str]
|
||||
aleksana: ENC[AES256_GCM,data:xRqQLPpcv0Ymz7wV0jDDz1i6eKIZKEXvqofO58VSHEC9aVSTLV7aXLw2kQ8PrAPo4FAkne2F6MYQGRwZFIHOjxfhw+ncXVDHxg==,iv:OSbT/f2LRUFY3DEyCCbWkPzwsrsNdVz6ah5ITRt+Kjc=,tag:00z36RTe76p1uxFCchGcpg==,type:str]
|
||||
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
|
||||
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
|
||||
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
|
||||
telegram:
|
||||
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
|
||||
user:
|
||||
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
|
||||
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
|
||||
maxmind: ENC[AES256_GCM,data:KfTXvxX4zzXBfNMPmZY1z5jTHTByGfH9qEo6EUAQqZ1JOtNUomOWNQ==,iv:KcexOWAXFhWfli6bAMZ+61x960trZ3iE9UYMuOtJNms=,tag:reuuIe6MkONpeT44U6yUjQ==,type:str]
|
||||
acme:
|
||||
token: ENC[AES256_GCM,data:M8/R019chds8zr2BqnRnKP40NZxwq4fz06NaOeOOFYecLyDjIOq5mg==,iv:VPr4XD0Y+6G1P1xwMDyrWPiTvCYdiMV0nPcmqCvIA3Y=,tag:KEyCIHRmRkNviA4bMTMybg==,type:str]
|
||||
nginx:
|
||||
maxmind-license: ENC[AES256_GCM,data:MtmNo6hHlU75N6PvzF7P5i6Q+myV4Keb1JRXVeHxTennNpKfAndsKg==,iv:DqM91JX+1WX8Zqzha2Tm3ztFaSzKYQg+b9NvUm+6jxY=,tag:XnDTBL9MA/B8XfPZqdk7Eg==,type:str]
|
||||
token: ENC[AES256_GCM,data:DrNdcyf2tiZ5nmjYmsG13V63ZuZhNG1c/kkGM7eXQWvRvDbu37nKWA==,iv:xc4gtNvZ/BYG+KmT1XgFfG3Z17bBLURazG8tz4/laxE=,tag:khnYVQWjiiaQC9VsJyLV6A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RzdocjRWTTFGWVdqb2JE
|
||||
RDBiWjVNOHBSMlFNMHZOOFYxRzlVZmhKQ2w0CkpGbHRnNTY2NGdzVGx5QmprblNZ
|
||||
YmxCd2Q2VW1SOVZIeDk3Q09LdHdheG8KLS0tIFl5WThUOGozc0xBYVBVVEVFdU4v
|
||||
N2NKcnAwUE8zMDJhaWhqWTljNHppSjgKp4cb4FLsULkDS1VPZT9TLe8z8IH5Jt4d
|
||||
nCqerHvO5j8yo3tPs0BXS675i2HAnup0KQZay7NV7bztbRhWtTiF/A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR09MUytUL2h3cWlIanNF
|
||||
VWd6SVNWOGVlVVpGbGtyQWxnZlk0cEx2TFJzCmhtbGRFcDdlWDAxU3NneXloSS9U
|
||||
WXBtQmg4dFhOb3J3bThCUDliUmJ4NVUKLS0tIG1uQjdiODdHWVVrVGIwb2lPN1V1
|
||||
QjVyWFAzQTRDWXMyMXdUNytKcy9abmsKZ6maa6DoKPkDAYXGLVoLWIi3fzzs1SVF
|
||||
C/9y2PG/j7F8Pd4hUHl7ILWN/VNbYKQwGYp59+kKeAzeSHkJeTTKyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMnJuVVJjTWRIdzdiYlVS
|
||||
RHo1OEx3Y29yL3NuVmduN1loaTgxR01kVXowCjl0ZVhVd1liUnJSWEVRNlR5MzdY
|
||||
R29Pc0dJSXJvb2FjTDAwRW9xUCtQT2MKLS0tIFRUdHovemMvQkhUbkYzSVZyWmkv
|
||||
ZGlKUHAySWVlKytIUThXQlNPSERadEkK8L3GpqrTiuRaFtICkQmc8RSxBz2XykMZ
|
||||
irVZmqwE3787Ku3obqdBNPyB6w6tBGuf2g13PBpbctlYEioz9k5gKQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaitpVkkvNEFOMEZXK2s0
|
||||
Z1o0UTZ4NFRrd2NqNzhNVWhncmdWWDlzZ2swCkthMU50WldYajN1eEZCRVRUZ2d6
|
||||
TU8za1R0aUdCV3hZaVlIRE01UHdYc2MKLS0tIFNWcFdVWGc5dUVtWnVVbGh1WFVU
|
||||
UzFsYS9tL0xNeDBmQWIrTVB2MkVtdVUKjMADWap5h4NGj3ESamUHz3+8AtO2sOL6
|
||||
wFm/sTfEuhFqO8bodtBXB/veQOrr97Dw8PhO/6CO5JdGTEyFIZ3DoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOFprRWZQaVpMQkxJN2Vw
|
||||
RVB6QXN6bDJPcEt3YURaby9PZm1FZHhDRmtZClBiV0JobHZRejhWVzhOZThRTTJ1
|
||||
UE91bzdWMjJvYllIWXBmQkNReThIc00KLS0tIGRLa0V1b3ZWSVQzc01sUlBMVzBz
|
||||
blZyM0FpelBoTE5Ia2J3S2c0WE5FcVEKKTJ5jzNLkLixv+8DlcTrR9sWs6GihPG6
|
||||
x9w/Zu5H4DK9EVFyksTujRZZMI6o4lHzl2VIrgkTNQUwIPtsqo5KMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWDViT3JyRktZYldxN3Z0
|
||||
V3RWSXlOT0JEd0xJWlk3TzUyRFpFRytSRmtzCk4vNUk0UFN3bkRaaGdzenFwK3Ez
|
||||
WjdDVi80RGdENmp3TzBuRElFQmVwMmMKLS0tIHpsZU1XQ3p5N3FwNjJmRHMrSFVI
|
||||
TE9odnJrWGx6UFltTjN3WHNobTlqa3cKifobNMMKnEckbPp+mfeQVDldbLzvGM4/
|
||||
y6oSeXQzRKQwFOIH6z4nQjMiMKvpHDEcIbTzCrQ0QCxGKywH6PzmuQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHS1lrQmkyRVNkWFFhWEpm
|
||||
MXhOOEVWTTZQdkp6ajlFVGEvdmd1QlVQQXlBCjc5a1RobjhOb0ZXL2ZlSFVxV2hP
|
||||
OXVVMXpqN2hGQnZOcmVVbzBQT3QvYTQKLS0tIE1KSm5RRDBabTBTaDl4d29Fb1o3
|
||||
Wk5MNy9hQ1E1eTdzdG1Yb3Z2NlNTZlkKivBHX1XApj7EGG4k2N/5quJ2bINNt5lF
|
||||
DTFZfjfZY5TKMxq+/LoxMB9i/eRXxcUNUA9Bkex0HhE+VZS2AcTgAw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQWwvbXZoNHFxM1Y3L0pO
|
||||
cDlML1ZWWXppeWxaZjZwOFVvbHNubmxEYUI4ClB6Wm00dTRFUE8xTFNlUmdacjFU
|
||||
VGNiMFk1SHpOVnJ6RWdyVXk3WGkxZm8KLS0tIDFnamZqa1VqdUVXWFN5YW5CNGhh
|
||||
UHc5bCsvVFV2eDlLR2Q3STFCQXpZRzgKSVvG8HcDtBJAh8iNrQd+UKbgs/k5Yf2t
|
||||
KqMdODturfudk8QJn3pR97essszrsK/HS4yptp71bBSj3qK50Lp/rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpKy8yRHphTTcwc0dhYWFV
|
||||
SnNEZWQ4d1d6Qmx1VGJ3aVdJRms3SDZ1NkdzCjVpYUx0bW0vb1NMKzlQOWU5YWdT
|
||||
VlhXdEk0bGMvR0hjOFNBMWJuS2NUNlEKLS0tIENQWDZROFRuODh0N3h2RzVSVDZE
|
||||
c25adTFUVUh4NThIb0F4aStlUVJGaFkKirqc9ny+BYJgNuGlwLxdpTSPVe3V69oO
|
||||
qGN+m/nWfoPGO1hWZ55qR08P94VcP7KW0eK9r+TdrwQp9T1rOtHWZA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Rkc2MVhUc0tTUkNsenQ2
|
||||
aVM1dG9MSVpwaFloU1ZRWmVsaEtYVGY3NlFnCm5PM0VpWVFKdExJbExIMnZ0Tmw1
|
||||
eCtVdkRpVW9lcFA5bWwwbWNaYTMzejQKLS0tIHA4MTd1anM4NWtmQUx1cVlsWFVQ
|
||||
bk5iV2xRazdoZnY1dGhKSGFFdUFWY3MKGoxBih7fDQoZFxj8JjiRAl8D3/8xWBeq
|
||||
RS/8C6v+/V+Afnv9QN6uYt0l4YeGn8tv1TRNWXHZl0A6DFjzouwhZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaWpFOUV1S2lGREdZak45
|
||||
OVhCSk40OTMwMVhKZWJibmFsY0o1aE1PQWk4Cit6emhXU1QzV0ZueWs5R3VTRUg4
|
||||
TjZrK2RIOUN1ZU12THZqR09YeWtyMjQKLS0tIFR4SUlCYk1rd2U4SlkvRi9SODR6
|
||||
Nk5KamEzUTJkNi9lOFN3VXlEME5LN0kKwjcReB2V8kpavQTXift2KmHm603zTzw9
|
||||
Cx+UO+hkOQGsOLg+Q9A8t850vuqwuq28XHFQFJ7Ac5owhxCpriH9uA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2hsZGExRnFaclpUNEdr
|
||||
bkJJM2gySmtzUlVmZWoxZ3pST2l2dGtCdnhnClNWeVZqWTJ1Mk1pMGZCaXppU0lY
|
||||
RUtlT3YrQmZuVTZ3TjJYMlhGMTVMMncKLS0tIDJsaVQ3aHZIWHhXOFJ1WmpQUDNk
|
||||
SjBSRm4wWjhpUzFmVUtwdGUvbmVIV0EKzgfa9i+VJLPvBRrFbNavZtG1hK6jazoD
|
||||
WHkWedx4AUUJQQlp12Wetj/0yY9jF3BLv/wvEAusq6Z4dO2aHr3sRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUm5INDhONE9hZjU5MGRn
|
||||
ZzZLdUNPeHNSSHUrZzRxbTdjRGxhd2wyRWgwCjMzc2UrUEVOUTJqckR6WXpRR1p5
|
||||
TlA5MUtFRXBjazBhc3Rzc3MraFl1dzQKLS0tIFpYajU3Q2hPajhFbURSaXZ3MURT
|
||||
UXduR3Vvam54RmhoQkdrN1N2ejdEVmsKeC/robT8ijuPAQt75xnLFi+cz9i0idfU
|
||||
xCgD6JpqaIMwalpIAuVh6KD/tE9mwWIZSeNk2InGX7/bWmMEB8Dcgw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcWFOcXAyYjNoSEhLdEtC
|
||||
ang3bHJ2RmtaL2RManE0K3B0elg4aHJmODB3ClZLSXA5MmhVT2ZZSm9KSUlod3BB
|
||||
V05lT3h0a3NQZnMrNERwNk1LTHRiVlkKLS0tIElESTNEVUpZbk93WFpXNnRTYzY5
|
||||
K2tkMlVCRnBKdVRzWk9aQy9kUUx3L1kKNO9LsaJDfF0v/XCMYV0lmHLFakbVjj+H
|
||||
wGJZQYgu/sETDZQVMeu42fQ++IKElmpfq2/o6+gM7aI0RxLqnBryfw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUENVYm1DQ2h1aUxQaE5u
|
||||
VlBIcU8rdzNaZk5wWHpPNnhPUlVIWGtucjFFCmY4dWdSMy9WSWhBWmZUZGVnWlNP
|
||||
K0lFK1NLcGpzSDRXSG5SaUdxamgxekkKLS0tIGJWR0dTZ3kyd0dZSVRQVE93Rytl
|
||||
R1pKVklVbUlZZk1IaUpYVzlQUkplV1kKKN8vFbUrnsxgw5ViYoMBoyxqUOxnpmaQ
|
||||
YqMYedsrnvWvCx9xyu3Kj/MJ88zQchJzdVfg0dUcbY6KRz51m9HE2Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYnBzd1k5UEhXZ0wxSU02
|
||||
elZkYlhDWC9CbWFkRlM2bCs2dzNTSlk4TUJnCm1WVnVxaUYwZ1QvNHJRb29ER21P
|
||||
UWhOb2tETWRJR09Sb0l6VXRMaU5KZlkKLS0tIFA3TldTUmJ0Y0xJemJPS0wwK05D
|
||||
SHVXTGUraDE4anJOZFFuaHBKV1lMSWMKemZfKWbI0YR4QuR5zqvGKSnU3HzwZHvo
|
||||
DJ9u2eq7R7OwtDscn9qCwPThORxLMWdI3n+3+XVwAysqW2efrvnGgA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmhtaXFZL1dTV1FZVktv
|
||||
VUFMc2o3U2pubTgvbmNZMVIvcGVOZ0UrNGlrCnRwMENSUi80aWxjZ0xpQTVaU2Qr
|
||||
OVUzYVdVTFpxWVB0WXZKTkV0akwxK0EKLS0tIEovQkZzMUFlM210MFZuMHdqVi8r
|
||||
ZTR1VVB5akRxeWVtaUxoYUxKOEpSUzQK5sh8HyaZY1ww5vcoIktuVs/XUF88HYAO
|
||||
tmJiqZniKeOJT4xpBCQoelJ++oVzSqEAg4h5jgCXWN6dstrc71oVrA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOFZQZmRHVUdjTXpDbFFm
|
||||
SGt1d2lmYXVZa21iSFhMOTUzMmRIU3BIOUI4CmFvT1BMZmE1eC9tV3dJbVJ4ME8z
|
||||
N25hc0NyZmtMbGFxYmtPSkFkSGZ4bFEKLS0tIE5sUFBTanJONjhtR3BnYjVYdlYr
|
||||
NVZNeDFJOGJIdFlacE9LMmFuakZYUkUKmuK+ogCs3WH9TiGiUfRZ9L98aqRli91A
|
||||
1xHYMJOc5FwI+jaHp1m7nkn+egIOmKvyyejI2ZHQ84tItS+aoiI0bw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSWdybjBIZ2dieFZUbXY0
|
||||
RjNZc200SXBrMkM2b2NQY01vQ2dUQ3RYWURZCnY1bUJ5TjZkdllxRkhRc1VkbVpR
|
||||
cU5YU2V0RUhuaVFHNXhTd0JGNzVZVk0KLS0tIEc1L1dqYkZsN2xNMnlhKzgyeXRC
|
||||
Z0YybnhlK0tNQWw0UXNsY0hzcFVTVncKXXjQiIi4TAdDbeoL7uN0IQmjd1koP0OX
|
||||
2CVpK81DSNGPhS9wvrwE8QHkY10q07CHPWl7qr45ksD1XNG4PoTTFA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRHdHMFAvRFRCNmNES2R0
|
||||
Q3ptRDVrQ3JHaXBxSUlldVd5WUNFc1ZQeDBFCnNiMFErODJhbk5LQ1VGd01oU1N2
|
||||
eXk4Q3VRcUNNWURDUitUMWNOQlJaeWsKLS0tIDRKQ2M1Rnpla3o1NTlCeC9wbGJo
|
||||
cGZxcDUyYzZBMXRpbi94RkcvQXc5aDAKrHpvCDpECN5HS1qeNoiOwKWpT46bLQBd
|
||||
404XgHar20AswgDIjAMp5KJ1pkluQ9j5pVKNFjqJ+9sb3RLYM7Z06Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbi9wUEpGdjBYOE94NG1B
|
||||
SXB5clBwdDl1OTZPcjdMMmU4ODlUQndBejI4CldtWDFlNjl6bG5IcUErZVE0OENx
|
||||
QlBQYThrdzA5eDBMbk5acXYzb3BxVlUKLS0tIEJEc2MrejlSS0RVUkh2R2x0cjU5
|
||||
QUVaU2I4eHc3MGxaTzd2VW5hN3RscW8KzzdxiJ2BLDUEKAq+a1dVzJp3uAD39hUV
|
||||
gMsCnltQoWjGOFHWIXVWSOCB5HQ8MxeZpt8N/ZYKM1UnfhBFDfXRWw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3RhUHBORW1BNFh5M1c0
|
||||
QlhmUDY1T0ZmN2dGaUhLOVkxN2NiUklBU1hVCjY0MXBoNmw0ekpQYlMzdFZhNFA5
|
||||
NE9XdnlaaGdiSU1BYkRvcThaYmpVcTAKLS0tIGk4UHMwK20yQ2w0N0hoQnZYK2Fk
|
||||
czU0M2dQbU8rMkZJbEJaZ1NhcE1yZFEKUWe5IaDuPjfQ/m76m6DdvF8HWmDiVH1k
|
||||
IQk6sIJfbcINGOVP+JYGJPWgq6LGg1EdW4ONctosVk6kxRO30N0rVQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdVFHbnpZWjZDRWh5Z24y
|
||||
WmFWUGJ3bi9tbW9OYWJaOFQxdWtQYms0dUU4CmpRUnlLbTliY0FqS2JwMGpLNTgw
|
||||
cGN4MUVJeEI4WEhYcjRDSDIxS2NKWGcKLS0tIExQc0xvd0pFK25IWml0RDgxVlpU
|
||||
ZGsrNGpmYXFUUEEvVktjbnF5RHJ0eVkKJ6n4gnl0zcq9mHTWL+5bxJeLE1qKqAKV
|
||||
3ycuAffiQ0Oxv1tSOXjt6ODSds7jDS3Kq2I7q4nG5eqZLiwFXCh25Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YXF5aGRobkFVdFQzRFBp
|
||||
NnhvdWtxU2dxa2s4d2FiYnBrdmMvakU1cFhvCnJ4NWVCc0t2ajFpdWVMM25XUnE4
|
||||
a3E3N0laOEYwNDBNdTc4WjdZR2R3M1EKLS0tIC9WRGpJSUhhM0JGZVJWaHlvSkRH
|
||||
bXErdTlYQWh3cmZITWxIeDYzaklWbmcKKG08GymtessnDUfg/AgmQh9eyJx25Y+c
|
||||
RyhAdNl6Lu2Hv7e/oqr23SmwFuhzgPl6eL8t1Nz3s1KraShZazjpQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-18T10:27:14Z"
|
||||
mac: ENC[AES256_GCM,data:8lg6FxBT/mxCw6rbK/hm/yEnso6p81pC0BYtxrzFjVA5nXkvFYtXAsD9yxguyKavMoBOts2q48yvmwHJBR7v7werS3K3C8/pXbzO3ucDV2GKzhkXVzQqskRYOxYtE2doTTXbhbaeWlcqJ2CMnEzJKatW2G2Upxjw0EsuV/ej9SQ=,iv:NaDexdNX6JuUFAXY+pFevsLk2bizmIc2RUadayIRenU=,tag:KJR5SL1zIRKLJLf5PtEdsQ==,type:str]
|
||||
pgp: []
|
||||
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK2tkZXZkYWZWcEFhS1h2
|
||||
YTk2N3F4L3AzNzdmZXhLRXpOLzlRa1NNSXlnCjRNL3paejlRUTZrVEFwdWdzRzVp
|
||||
NVFReGwrZk9IdVhQSnFzK3lVMWRPOTgKLS0tIGs2azNoQm51ZDZrOEJDbEhRVTFu
|
||||
aVdEZ0s4SjljZFc5ZTJwK3ZON3VlRVkKB1apktkRqW0R/Epn3bZf/Aym5evUmxm+
|
||||
TLkJxTT6TVcgjobcpFvMmI+pqRWfh5Opj9a9lSe5QvsXxdgOs0mvzg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlhIdTdtNkpZU3Y5T1Vl
|
||||
WjZXLzJYVDdweFpITEh6cmszOVYrZWI5eTM0CmNSTnd4T3g0dFNiTDNCM2hEOTVo
|
||||
OS85R0VqdEZkTlhGWFNRZFpXZGlWTFEKLS0tIHQ1YWJrZERJUlZwZnU3RThucVRL
|
||||
NHdwcGl2Wk11TFdCd25OTE1nVDNYd2MKOxa2f7bFgFE2zCR1kKtC6giQhr1P79W0
|
||||
MKxil/x2T8rBNkK6sN0PjkphKdg9LVit86ilHPwTgnkl9oz8Cs6X5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL1ZjRzJNQVFNekFUVlQv
|
||||
SmJWMDRZMXNDaTNNd093b25kSk5nTDg0K244CmVLK08xKzlleXpWblRkbGZVMENi
|
||||
U0NGVVhycUN6OEZDNjFBUndSdnRLdE0KLS0tIHJEeTVIY2xwZWdqdG9JRVhsRENq
|
||||
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
|
||||
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-06T01:03:09Z"
|
||||
mac: ENC[AES256_GCM,data:9pJpUNzMogdijzFpjkCw4wEuOGn8B6Q/sKqzA6Pq73fp42t59BbdtK6ClTWqDRUG5MMmLVXYqdlrjPeHeRtXuQ0USNNFY6jC/p35/gB/+Gh+qqLY48YtBPjsV7aYkF8bVhC8EeDZPXvw6Hz5r+e1crVxcbOjk1uFXFVdoDGgsuQ=,iv:0QKuxk9WvCgLMJCNkX0/S/YonY/bmTvvN27DKcZGzv4=,tag:S9S/J57/GHjmVLJhtLDqDw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -2,25 +2,23 @@ inputs:
|
||||
let
|
||||
devices =
|
||||
{
|
||||
vps4 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
|
||||
};
|
||||
vps6 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
|
||||
# 通过 initrd.xxx.chn.moe 访问
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
|
||||
};
|
||||
vps7 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
|
||||
# 默认仅包括wireguard访问的域名和直接访问的域名,这里写额外的域名
|
||||
extraAccess = [ "ssh.git" ];
|
||||
};
|
||||
nas =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
|
||||
extraAccess = [ "ssh.git" ];
|
||||
};
|
||||
one.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIC5i2Z/vK0D5DBRg3WBzS2ejM0U+w3ZPDJRJySdPcJ5d";
|
||||
pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
|
||||
srv1-node0 =
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; };
|
||||
@@ -42,11 +40,6 @@ let
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
|
||||
proxyJump = "srv2";
|
||||
};
|
||||
srv3 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIg2wuwWqIOWNx1kVmreF6xTrGaW7rIaXsEPfCMe+5P9";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIPW7XPhNsIV0ZllaueVMHIRND97cHb6hE9O21oLaEdCX";
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
@@ -2,252 +2,212 @@ inputs:
|
||||
let
|
||||
publicKey =
|
||||
{
|
||||
vps4 = "sUB97q3lPyGkFqPmjETzDP71J69ZVfaUTWs85+HA12g=";
|
||||
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
|
||||
vps7 = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
|
||||
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
|
||||
one = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
|
||||
srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
|
||||
srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww=";
|
||||
srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo=";
|
||||
srv2-node0 = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
|
||||
srv2-node1 = "wc+DkY/WlGkLeI8cMcoRHcCcITNqX26P1v5JlkQwWSc=";
|
||||
srv3 = "a1pUi12SN6fIFiHA9W0N1ycuSz1fWUSpZnjz20OPaBk=";
|
||||
};
|
||||
dns = inputs.topInputs.self.config.dns.wireguard;
|
||||
networks = # 对于每个网络,只需要设置每个设备的 listenPort,以及每个设备的每个 peer 的 publicKey endpoint allowedIPs
|
||||
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
|
||||
listenPort =
|
||||
{
|
||||
# 星形网络,所有流量通过 vps6 中转
|
||||
wg0 = let vps6ListenIp = "144.34.225.59"; in
|
||||
{
|
||||
devices =
|
||||
{
|
||||
vps6 =
|
||||
{
|
||||
listenPort = 51820;
|
||||
peer = builtins.listToAttrs (builtins.map
|
||||
(peerName:
|
||||
{
|
||||
name = peerName;
|
||||
value =
|
||||
{
|
||||
publicKey = publicKey.${peerName};
|
||||
allowedIPs = [ "192.168.${builtins.toString dns.net.wg0}.${builtins.toString dns.peer.${peerName}}" ];
|
||||
};
|
||||
})
|
||||
(inputs.lib.remove "vps6" (builtins.attrNames publicKey)));
|
||||
};
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(deviceName:
|
||||
{
|
||||
name = deviceName;
|
||||
value.peer.vps6 =
|
||||
{
|
||||
publicKey = publicKey.vps6;
|
||||
endpoint = "${vps6ListenIp}:51820";
|
||||
allowedIPs = [ "192.168.${builtins.toString dns.net.wg0}.0/24" ];
|
||||
};
|
||||
})
|
||||
(inputs.lib.remove "vps6" (builtins.attrNames publicKey))));
|
||||
};
|
||||
# 两两互连
|
||||
wg0 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name 51820)
|
||||
(builtins.attrNames publicKey));
|
||||
wg1 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name (51820 + dns.peer.${name}))
|
||||
(builtins.attrNames publicKey));
|
||||
};
|
||||
subnet = # 设备之间可以直接连接的子网。若一个设备可以主动接受连接,则设置它接受连接的 ip;否则设置为 null
|
||||
{
|
||||
wg0 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map
|
||||
(n: { name = n; value = null; })
|
||||
(inputs.lib.subtractLists [ "vps4" "vps6" ] (builtins.attrNames publicKey)))
|
||||
))
|
||||
];
|
||||
wg1 =
|
||||
let
|
||||
# 查询域名对应的 ip
|
||||
getAddress = deviceName:
|
||||
let
|
||||
dns = inputs.topInputs.self.config.dns."chn.moe";
|
||||
f = domain:
|
||||
if dns.${domain}.type == "A" then dns.${domain}.value
|
||||
else if dns.${domain}.type == "CNAME" then f (inputs.lib.removeSuffix ".chn.moe." dns.${domain}.value)
|
||||
else throw "Not found ${domain}";
|
||||
in f deviceName;
|
||||
# 设备之间可以直接连接的子网
|
||||
# 若一个设备可以主动接受连接,则设置它接受连接的 ip;否则设置为 null
|
||||
subnet =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps6" "vps7" "srv3" ])
|
||||
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ])
|
||||
))
|
||||
# 校内网络
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: { name = n; value = getAddress n; }) [ "srv1-node0" "srv2-node0" ])
|
||||
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" ])
|
||||
))
|
||||
# 办公室或者宿舍局域网
|
||||
(builtins.listToAttrs (builtins.map (n: { name = n; value = getAddress n; }) [ "pc" "nas" "one" ]))
|
||||
# 集群内部网络
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: { name = "srv1-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; })
|
||||
(builtins.genList (n: n) 3)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: { name = "srv2-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; })
|
||||
(builtins.genList (n: n) 2)))
|
||||
];
|
||||
# 给定起止点,返回最短路径的第一跳的目的地
|
||||
# 如果两个设备不能连接,返回 null;
|
||||
# 如果可以直接、主动连接,返回 { ip = 地址; };如果可以直接连接但是被动连接,返回 { ip = null; };
|
||||
# 如果需要中转,返回 { jump = 下一跳; }
|
||||
connection =
|
||||
let
|
||||
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
|
||||
netToEdges = subnet:
|
||||
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
|
||||
in inputs.lib.unique (builtins.concatLists (builtins.map
|
||||
(dev1: builtins.map
|
||||
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
|
||||
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
|
||||
devWithAddress));
|
||||
# 在一个图中加入一个边,current 的结构是:from.to = null or { ip = "" or null; length = l; jump = ""; }
|
||||
addEdge = current: newEdge: builtins.mapAttrs
|
||||
(nameFrom: valueFrom: builtins.mapAttrs
|
||||
(nameTo: valueTo:
|
||||
# 忽略自己到自己的路
|
||||
if nameFrom == nameTo then null
|
||||
# 如果要加入的边包含起点
|
||||
else if newEdge ? "${nameFrom}" then
|
||||
# 如果要加入的边包含终点,那么这两个点可以直连
|
||||
if newEdge ? "${nameTo}" then { ip = newEdge.${nameTo}; length = 1; }
|
||||
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
|
||||
# 如果边的另外一个点到终点可以连接
|
||||
if current.${edgePoint2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边包不包含起点但包含终点
|
||||
else if newEdge ? "${nameTo}" then
|
||||
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
|
||||
# 如果起点与另外一个点可以相连
|
||||
if current.${nameFrom}.${edgePoint2} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果起点与另外一个点不可以相连,则不改变连接
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" "srv1-node0" "srv2-node0" ])
|
||||
))
|
||||
# 校内网络
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "srv1-node0" "srv2-node0" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" ])
|
||||
))
|
||||
# 办公室或者宿舍局域网
|
||||
(builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "pc" "nas" ]))
|
||||
# 集群内部网络
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 3)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 2)))
|
||||
];
|
||||
};
|
||||
# 给定起止点,返回最短路径的第一跳的目的地
|
||||
# 如果两个设备不能连接,返回 null;
|
||||
# 如果可以直接、主动连接,返回 { address = xx; port = xx; };如果可以直接连接但是被动连接,返回 { address = null; };
|
||||
# 如果需要中转,返回 { jump = 下一跳; }
|
||||
connection =
|
||||
let
|
||||
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
|
||||
# 边中至少有一个端点是可以接受连接的
|
||||
netToEdges = subnet:
|
||||
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
|
||||
in inputs.lib.unique (builtins.concatLists (builtins.map
|
||||
(dev1: builtins.map
|
||||
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
|
||||
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
|
||||
devWithAddress));
|
||||
# 在一个图中加入一个边
|
||||
# current 的结构是:from.to = null or { address = xxx or null; length = l; jump = ""; }
|
||||
addEdge = current: newEdge: builtins.mapAttrs
|
||||
(nameFrom: valueFrom: builtins.mapAttrs
|
||||
(nameTo: valueTo:
|
||||
# 不处理自己到自己的路
|
||||
if nameFrom == nameTo then null
|
||||
# 如果要加入的边包含起点
|
||||
else if newEdge ? "${nameFrom}" then
|
||||
# 如果要加入的边包含终点,那么这两个点可以直连
|
||||
if newEdge ? "${nameTo}"
|
||||
then { address = newEdge.${nameTo}; length = 1; }
|
||||
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
|
||||
# 如果边的另外一个点到终点可以连接
|
||||
if current.${edgePoint2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边不包含起点和终点
|
||||
else
|
||||
let
|
||||
edgePoints = builtins.attrNames newEdge;
|
||||
p1 = builtins.elemAt edgePoints 0;
|
||||
p2 = builtins.elemAt edgePoints 1;
|
||||
in
|
||||
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
|
||||
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
|
||||
else builtins.head (inputs.lib.sort
|
||||
(a: b: if a == null then false else if b == null then true else a.length < b.length)
|
||||
[
|
||||
# 原先的连接
|
||||
current.${nameFrom}.${nameTo}
|
||||
# 正着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 反着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
])
|
||||
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
|
||||
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边包不包含起点但包含终点
|
||||
else if newEdge ? "${nameTo}" then
|
||||
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
|
||||
# 如果起点与另外一个点可以相连
|
||||
if current.${nameFrom}.${edgePoint2} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果起点与另外一个点不可以相连,则不改变连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边不包含起点和终点
|
||||
else
|
||||
let
|
||||
edgePoints = builtins.attrNames newEdge;
|
||||
p1 = builtins.elemAt edgePoints 0;
|
||||
p2 = builtins.elemAt edgePoints 1;
|
||||
in
|
||||
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
|
||||
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
|
||||
else builtins.head (inputs.lib.sort
|
||||
(a: b: if a == null then false else if b == null then true else a.length < b.length)
|
||||
[
|
||||
# 原先的连接
|
||||
current.${nameFrom}.${nameTo}
|
||||
# 正着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 反着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
# 如果正着连接、反向连接都不行,那么就不更新连接
|
||||
else current.${nameFrom}.${nameTo})
|
||||
valueFrom)
|
||||
current;
|
||||
# 初始时,所有点之间都不连接
|
||||
init = builtins.listToAttrs (builtins.map
|
||||
(dev1:
|
||||
{
|
||||
name = dev1;
|
||||
value = builtins.listToAttrs (builtins.map
|
||||
(dev2: { name = dev2; value = null; })
|
||||
(builtins.attrNames publicKey));
|
||||
})
|
||||
(builtins.attrNames publicKey));
|
||||
in builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges subnet));
|
||||
in
|
||||
])
|
||||
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
|
||||
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
# 如果正着连接、反向连接都不行,那么就不更新连接
|
||||
else current.${nameFrom}.${nameTo})
|
||||
valueFrom)
|
||||
current;
|
||||
# 初始时,所有点之间都不连接
|
||||
init = builtins.listToAttrs (builtins.map
|
||||
(dev1:
|
||||
{
|
||||
name = dev1;
|
||||
value = builtins.listToAttrs (builtins.map
|
||||
(dev2: { name = dev2; value = null; })
|
||||
(builtins.attrNames publicKey));
|
||||
})
|
||||
(builtins.attrNames publicKey));
|
||||
in builtins.mapAttrs (_: v: builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges v))) subnet;
|
||||
networks = builtins.mapAttrs
|
||||
(n: v: builtins.listToAttrs (builtins.map
|
||||
(deviceName: inputs.lib.nameValuePair deviceName
|
||||
{
|
||||
devices = builtins.listToAttrs (builtins.map
|
||||
(deviceName:
|
||||
{
|
||||
name = deviceName;
|
||||
value =
|
||||
{
|
||||
listenPort = 51820 + dns.peer.${deviceName};
|
||||
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(peerName:
|
||||
# 如果不能直连,就不用加 peer
|
||||
inputs.lib.optionals (connection.${deviceName}.${peerName} ? ip)
|
||||
[{
|
||||
name = peerName;
|
||||
value =
|
||||
{
|
||||
publicKey = publicKey.${peerName};
|
||||
allowedIPs =
|
||||
[ "192.168.${builtins.toString dns.net.wg1}.${builtins.toString dns.peer.${peerName}}" ]
|
||||
++ builtins.map
|
||||
(destination:
|
||||
"192.168.${builtins.toString dns.net.wg1}.${builtins.toString dns.peer.${destination}}")
|
||||
(builtins.filter
|
||||
(destination: connection.${deviceName}.${destination}.jump or null == peerName)
|
||||
(builtins.attrNames publicKey));
|
||||
}
|
||||
// inputs.lib.optionalAttrs (connection.${deviceName}.${peerName}.ip != null)
|
||||
{
|
||||
endpoint = "${connection.${deviceName}.${peerName}.ip}:"
|
||||
+ builtins.toString (51820 + dns.peer.${peerName});
|
||||
};
|
||||
}])
|
||||
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
|
||||
};
|
||||
})
|
||||
(builtins.attrNames publicKey));
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
config.nixos.services.wireguard = inputs.lib.mkMerge (builtins.map
|
||||
(network:
|
||||
let inherit (inputs.config.nixos.model) hostname;
|
||||
in inputs.lib.optionalAttrs (network.value.devices ? ${hostname}) { ${network.name} =
|
||||
network.value.devices.${hostname}
|
||||
// {
|
||||
ip = "192.168.${builtins.toString dns.net.${network.name}}.${builtins.toString dns.peer.${hostname}}";
|
||||
};})
|
||||
(inputs.localLib.attrsToList networks));
|
||||
}
|
||||
ip = "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${deviceName}}";
|
||||
listenPort = listenPort.${n}.${deviceName};
|
||||
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(peerName:
|
||||
# 如果不能直连,就不用加 peer
|
||||
inputs.lib.optionals (v.${deviceName}.${peerName} ? address)
|
||||
[{
|
||||
name = peerName;
|
||||
value =
|
||||
{
|
||||
publicKey = publicKey.${peerName};
|
||||
allowedIPs =
|
||||
[ "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${peerName}}" ]
|
||||
++ builtins.map
|
||||
(destination:
|
||||
"192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${destination}}")
|
||||
(builtins.filter
|
||||
(destination: v.${deviceName}.${destination}.jump or null == peerName)
|
||||
(builtins.attrNames publicKey));
|
||||
}
|
||||
// inputs.lib.optionalAttrs (v.${deviceName}.${peerName}.address != null)
|
||||
{
|
||||
endpoint = "${v.${deviceName}.${peerName}.address}:"
|
||||
+ builtins.toString (listenPort.${n}.${peerName});
|
||||
};
|
||||
}])
|
||||
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
|
||||
})
|
||||
(builtins.attrNames publicKey))
|
||||
)
|
||||
connection;
|
||||
in { config.nixos.services.wireguard = builtins.mapAttrs (_: v: v.${inputs.config.nixos.model.hostname}) networks; }
|
||||
|
||||
@@ -1,15 +1,24 @@
|
||||
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' .#jykang
|
||||
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' -qR ./result | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' --export > data.nar
|
||||
# cat data.nar | nix-store --import
|
||||
inputs:
|
||||
let pkgs = import inputs.nixpkgs (import ../../modules/system/nixpkgs/buildNixpkgsConfig.nix
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = null; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; };
|
||||
});
|
||||
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' .#jykang
|
||||
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | grep -Fxv -f <(ssh jykang find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export | xz -T0 | pv > jykang.nar.xz
|
||||
# cat data.nar | nix-store --import
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = "haswell"; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
|
||||
});
|
||||
python-lyj =
|
||||
let python = pkgs.pkgs-2411.python310.withPackages (_: [ pkgs.localPackages.pybinding ]);
|
||||
in pkgs.runCommand "python-lyj" { }
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${python}/bin/python3 $out/bin/python-lyj
|
||||
'';
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "jykang";
|
||||
paths = with pkgs; [ hello iotop gnuplot ];
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
|
||||
@@ -35,7 +35,7 @@ if [ -f /etc/bashrc ]; then
|
||||
fi
|
||||
|
||||
if [ -z "${BASHRC_SOURCED-}" ]; then
|
||||
export PATH=$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts:$HOME/.nix/state/gcroots/current/bin
|
||||
export PATH=$HOME/.nix/state/gcroots/current/bin:$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts
|
||||
export BASHRC_SOURCED=1
|
||||
if [ "${HPCSTAT_SUBACCOUNT}" == "lyj" ]; then
|
||||
export PATH=$HOME/wuyaping/lyj/bin:$PATH
|
||||
|
||||
2
devices/jykang.xmuhpc/files/.config/nix/nix.conf
Normal file
2
devices/jykang.xmuhpc/files/.config/nix/nix.conf
Normal file
@@ -0,0 +1,2 @@
|
||||
store = local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log
|
||||
experimental-features = flakes nix-command
|
||||
@@ -10,6 +10,7 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlBxisj3sU9QC8UC5gX6sakf7G03ybbkmHtD2cybuZA qmx
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
|
||||
|
||||
@@ -4,42 +4,77 @@ inputs:
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model = { type = "desktop"; private = true; };
|
||||
model = { type = "server"; private = true; };
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/627D-1FAA" = "/boot";
|
||||
vfat."/dev/disk/by-partlabel/nas-boot" = "/boot";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/mapper/nix"."/nix" = "/nix";
|
||||
"/dev/mapper/root3" =
|
||||
{
|
||||
"/nix/rootfs" = "/nix/rootfs";
|
||||
"/nix/persistent" = "/nix/persistent";
|
||||
"/nix/nodatacow" = "/nix/nodatacow";
|
||||
"/nix/rootfs/current" = "/";
|
||||
"/nix/backup" = "/nix/backup";
|
||||
};
|
||||
"/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
"/dev/mapper/ssd1"."/nix/ssd" = "/nix/ssd";
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
# TODO: snapshot should take place just before switching root
|
||||
rollingRootfs.waitDevices =
|
||||
[ "/dev/mapper/root2" "/dev/mapper/root3" "/dev/mapper/root4" "/dev/mapper/ssd1" "/dev/mapper/ssd2" ];
|
||||
};
|
||||
initrd.sshd = {};
|
||||
nixpkgs.march = "silvermont";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
networking = {};
|
||||
nixpkgs.march = "alderlake";
|
||||
network =
|
||||
{
|
||||
bridge.nixvirt.interfaces = [ "enp3s0" ];
|
||||
static.nixvirt = { ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
};
|
||||
kernel.patches = [ "btrfs" ];
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
hardware.gpu.type = "intel";
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
|
||||
beesd = { "/" = { hashTableSizeMB = 10 * 128; threads = 4; }; "/nix" = {}; };
|
||||
xray =
|
||||
{
|
||||
client =
|
||||
{
|
||||
xray.serverName = "xserver2.vps4.chn.moe";
|
||||
dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
|
||||
};
|
||||
xmuServer = {};
|
||||
server.serverName = "xservernas.chn.moe";
|
||||
};
|
||||
beesd."/" = { hashTableSizeMB = 10 * 128; threads = 4; };
|
||||
nix-serve.hostname = "nix-store.nas.chn.moe";
|
||||
postgresql.mountFrom = "ssd";
|
||||
mariadb.mountFrom = "ssd";
|
||||
rsshub = {};
|
||||
misskey.instances =
|
||||
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
|
||||
synapse.instances =
|
||||
{
|
||||
synapse.matrixHostname = "synapse.chn.moe";
|
||||
matrix = { port = 8009; redisPort = 6380; };
|
||||
};
|
||||
vaultwarden = {};
|
||||
photoprism = {};
|
||||
nextcloud = {};
|
||||
freshrss = {};
|
||||
send = {};
|
||||
huginn = {};
|
||||
httpapi = {};
|
||||
gitea = {};
|
||||
grafana = {};
|
||||
podman = {};
|
||||
peertube = {};
|
||||
nginx.applications.webdav.instances."webdav.chn.moe" = {};
|
||||
# open-webui.ollamaHost = "192.168.83.3";
|
||||
nixvirt = {};
|
||||
};
|
||||
};
|
||||
systemd.tmpfiles.rules =
|
||||
[ "w /sys/class/powercap/intel-rapl/intel-rapl:0/constraint_0_power_limit_uw - - - - 10000000" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,14 +1,88 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
|
||||
wireless:
|
||||
#ENC[AES256_GCM,data:wjStmDz44D13rg==,iv:7Qdqk/3VfS6kZNMSD6P4zyuRkzgIb1PcH56rWBhuD80=,tag:RVfRu9zMAenZBk3+RFC9wg==,type:comment]
|
||||
"457": ENC[AES256_GCM,data:at6sfLdZUj7JTkumDLzoBoM6rNH3SGXvzso2ryYEXiFzy24e8cMKql2Sw3CHqWH9+cS6+rzuRLLeLJQMDN3dHw==,iv:nHEdqAIF7WK6kPkm01LoDmypvkHOhIR+tf9cAlv+1hs=,tag:3lMuOZ4qatv1LOSMwMiEoQ==,type:str]
|
||||
xray-xmu-server: ENC[AES256_GCM,data:3O5rFi5szla70M/c62JV4nGWKPSOREImrOucjeVYf9bde6K8,iv:PGCqlmHtaNuWOtAAeJ6O+CWFpMszijozU1OpUFrftjs=,tag:iGTOoNvQhhZy2FL9jy1KIQ==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:gToh4rgMOQ==,iv:A14sSC7ExbSZNOzzz6mOmWalSz9K6ROoSYgCqdF7j4U=,tag:1Jr2FfVQ9L2w+bWHh/NekQ==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:/ZrgvlpwDlKhcHqkBRsdqqJsNUxtb3ZnC36mc8qlJ+HP4mY3,iv:R5QzXY0mC72TDB0OcF4fJt3bc5L1Z96Q+n9kNbZP7m4=,tag:tjWSEcsG0udvQZZJ/RMTJw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:34FOslwr3AZNDg4YrS95S20agGXwGJRNGnpogMR7utbt1ELUxfQkiAU1qw==,iv:4fiJCi6TJM+NIlfI1qFX/eCNhcVaCWGsLA7iMjQpATw=,tag:eLz8HlQMprQNryk5saqyVQ==,type:str]
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:zr02XBgQ4H5jRnjpLtp9rjcysXP9qI7McOiBwaWhdylu5GevKmxlCd4h3pEUO74k+gJT88BzJ+S59P+6DS76Y5nlKqextGMzGjdq5XPkdDkSkKZBai2kkqBSyko=,iv:hyhroaDazMLFeLMGruiFeokZ2Tz3xKj+xCsiEUJ5faQ=,tag:w3805eqo6Y1pw65mjoRgOg==,type:str]
|
||||
nginx:
|
||||
detectAuth:
|
||||
chn: ENC[AES256_GCM,data:5kGvlFB332xf+PQCDmJ+EA==,iv:/BQI83lMdzmycQCe0k6Y8bwqV4Ma9vqgvgPWWqVAr1g=,tag:61AhVVNUx8+b55DkIjVifQ==,type:str]
|
||||
led: ENC[AES256_GCM,data:XFlK2jjo,iv:rTCHmoFU4S++eBywCa7NXsAmSqcSgCFXxnW0RyFA2a0=,tag:aK5IejgS060FrxQfmdxohw==,type:str]
|
||||
redis:
|
||||
rsshub: ENC[AES256_GCM,data:r2O88tXccKZw68Jg5tvUcpwf6y8Vs1kcZ7XbAReJ7aGyGH4MH3jTO72Hs7vh7185IUygXri0M2C6Ko2CY3gaLg==,iv:ZYbSqlcnga+JnC5Dxt2cTHiGTlkndSAB550ilSO+P1U=,tag:PgrW6H276sSvYe3NA6o/vA==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:Up0Q/4MjyCdXyL1EVoXbmW0J3QJCx1PlhClXSc2WpBNwpSfgmoJceLoXRbIs009JVjhn5tt7LO6EmwKiNc6yTA==,iv:myWj8+exXtg+t7Fs+ZPOLJXWtKEu0PyhTw68i7rnuTQ=,tag:WMpj06Swj3pMbSXgM0bNuQ==,type:str]
|
||||
misskey-misskey-old: ENC[AES256_GCM,data:yLVCQaElMWBdVnKa9hBNEnSxfOx/582SoCDpQM9QjEgWzYOmPIVoRsTAs10Gsw3PezJW54S+AUrNg1mV0f8Nwg==,iv:xYXQt2CsZyymdKMIoqKLzLeTMNff7RwGzBGDfBOoxlM=,tag:L3V+AZZyOJow/Sf1RzD38A==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:/wv5hG7cmHz8S3d411cGxFY87MNmo/6V/vXJsWqYr4afoVLMlqUgpf6ZkSPcj2PKBmB/X+RR1s/Mus9RIJKpzw==,iv:WMdKp63LsMyOGheurm6bM4qUUNVe3/WmkvCQ8PWxqoo=,tag:PHjeJ052LtCqerED4bgACQ==,type:str]
|
||||
send: ENC[AES256_GCM,data:5y0GGNdmVzl1Ro4bv8rab9dgmIOgNQBPPF02HfpOn/ctbSBzi9c96TJeIbDJVS2tN4P2+hSgP/XOR+hoM9prxw==,iv:4xf0b1/1f9vyVlQtIGmX5Ea/xNPyjXmA5/vazf5sOZA=,tag:b2211wLiDTvPKqRA3IpzOA==,type:str]
|
||||
synapse-synapse: ENC[AES256_GCM,data:3lSmLz+sO9fwomeb/NCTlSRwpbegH6g1vp0qKg4G/hnWsKCu2mK6TDhQbLCSDQEagw4oBDN68yEBQ0C0tvmd3w==,iv:9rrv3XvB4ELcZhdi2KNxnYFw+XH96U4SM0X9ZSGp0KA=,tag:Qn8FdMMOaDeB9Wb11F44xA==,type:str]
|
||||
synapse-matrix: ENC[AES256_GCM,data:NqDKomSPI6UcRDAjqVapBlmXXFHdHYS0w3jvJ4oQCvoeqYvNalkD009A6E6Br3w0/FGEKJQeTBI2MkYLlHAWcg==,iv:o8TDqzRDQCi4+Kv82BSTRyB4Y7mKhxM3c49hEbQuQmw=,tag:6RCKWwxC5Fw5N1QD/5UktQ==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:zzRRyCbXsqVVxDvS8kpBbOyozqi24d6G9K++/ToLQyt3TumefTssNehljNsb0oqsmZBLgLhND0T4WDhMf9//Ng==,iv:yDM/LREKnBW8noRzHPIdqg0TvmWAfxmVOplZkY8MSro=,tag:19uoxbEdGPOIzcQqm31H5Q==,type:str]
|
||||
postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:mcJM5hgd6Y6MjphFuH20QHU1zxPVnrd5CG3rwX3CekxpM4NzElhkD0pcWM0eTxbNQCM4V+lmjAvaQzBS8T9Mzg==,iv:eC2/GyNcZK31jxLYfRRw4l0aNhz1kcsjE/w4Y/P6ydQ=,tag:hNC2Fj327+O8/4/5/riTYw==,type:str]
|
||||
misskey_misskey_old: ENC[AES256_GCM,data:z4C8J2dAu6OhtRzkHGLb1u3pUGeRuTF1EHzjduO45zF9cpMufIs52u8vhzwmrEXm7bJP2lomyFtQRWNPqtPkVw==,iv:QA56d2wcAseFuhI+lgR5Op0TbKrzs+1Cd5v8/0i8/gE=,tag:Df63HfuHZhDn/0SL2/6fdA==,type:str]
|
||||
synapse_synapse: ENC[AES256_GCM,data:4Em7JbATF0Rs8pLjrVT9ZIxPaqecqxCGUtQPie69XWZIVuB/4AsmhPe4WmyJ2jPPmHBdzPHHLwQbd3ryusMzsg==,iv:49JsSMnsZzROuH5mXxMVEbkFOp0uf8gsps02vAH1Ovo=,tag:63LjUCFcnhqUsWqn/hDijQ==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:qP5i100QGGHbYLbmgI29eU1vjx3S9zAAJ6SuahykqehFcowJMG/x9L4VCfw8nMmvoDZDUDvOKsE/8XH6tJ8c8g==,iv:f+yahEvIwdchADrtQsX0EllR6jGzqLA5zwnnAaUjnck=,tag:Iy5JbgktJSoUPszcinb9vQ==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:XBsqWgTwAMMQ+aZVf91w343yqL7a1xEswc8CeC0NWsM/ZwabQfYeToVDKlQEGnItuyBRZfhSzH+EUsF7pXDB9Q==,iv:OEoqECAOuyJ0wjsaof8GFYaftEv8z7vH64RWlGHU9XI=,tag:nFoMasHkPawFxiLvclsP6w==,type:str]
|
||||
gitea: ENC[AES256_GCM,data:7afp3qF0jU+aGOktymlk4iDaK2EuYjLD0QcMQA2Nkxf+ac4PQFb1g4rsaPcxuNLn5ZFueq6QXCVUTPNdEeCJNA==,iv:OjNWbhRoi5fvVY8dtkoHWIPO1frXsmI8cuBxKgDHPmo=,tag:1s3+L08McDetU2BTMXWP+g==,type:str]
|
||||
grafana: ENC[AES256_GCM,data:jsKB0+FFRGDfCG/alFwQF1fvI+TOFAUN6gc3zraMkCsRzn6SBzPsyuOiDthTCyS2dx0+arwmn93TzX1fm/vKuQ==,iv:Vl7IsQRuP8TBTDfwJSU/QrHTSowukXtGPG38fu3QcnA=,tag:L5G8sN6ZcOWyoeQgvTYGrg==,type:str]
|
||||
synapse_matrix: ENC[AES256_GCM,data:uyV13dMgUzPLGmSGN3Hoi6u1tY9rMU186VUSl7HspZXFqhs+OmRGL86cf91o/owvz15WijIw4wuAP++T8MY4LA==,iv:TG7Fi3ETAvmrOxv8ZahnrOR7Z90Vf5YgHcOtPkzueJI=,tag:uH10mk1m0q3a0fGcDbH9HQ==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:J/qNYYuOhENTVFU+6Iz9P8Cy1FcHlD6xpPADDzdYDZuce9DEsnFq28d+tTJ7Z71IvOKvNySly7ru/R+Tu7rqpQ==,iv:sV34o2Zf7yLUovdVND7wh+rcoGglz4llc3xfSEllHNM=,tag:c9wzEAlWMINTN8TEZhDIRw==,type:str]
|
||||
rsshub:
|
||||
pixiv-refreshtoken: ENC[AES256_GCM,data:PVWacd0SAg2n76ExpQy5Hdg2WK2IdokhnZ0PoY7rNz7pLkBjlrMjbtCenQ==,iv:wPCVw0VVL4b/9TLvGd3fU+dDr/gIlSyUOO5pKF3CuzM=,tag:HgUrPEOCZK9DYsyowi55Ag==,type:str]
|
||||
youtube-key: ENC[AES256_GCM,data:XOPAZPIE8Hd3vKWAR8tlaXQp/FGeH2pIBmwym8h7TXUf+MGTGQko,iv:mv1csjmeKi/ZQIiuhzPIr3DPyygjWevhFGSK+URaQiA=,tag:yh4Zr9MpINU8O0eeH9+z3A==,type:str]
|
||||
youtube-client-id: ENC[AES256_GCM,data:HEJQeFtoyXaSQqprbpGY7qvYYsq1u23CMM5kGvgGsoP1xvEMcwRa3Lza8OhL/lk0MtKH0krojDyUMzWPZtohG9U3ad/t18YQPg==,iv:vT4V3VZU4lJx2djtjIOow/xuER2LQ4reQUOgCPeW+9Y=,tag:MFvBv/3hs2H6BQWGU9eeFg==,type:str]
|
||||
youtube-client-secret: ENC[AES256_GCM,data:7++nVoYfFxv304u9fxmk5W+38tP6Z+mMS/nh7adolhyfDXI=,iv:WlYBfwCz7//qM02ljM1prc/YnBwLOb60ATcUlnBK9ik=,tag:erwi1hRaSaUQ2cLp+S9QOw==,type:str]
|
||||
youtube-refresh-token: ENC[AES256_GCM,data:o9KEBZ18h+taPc3WoQ4EsbR/WbFn3wRhgdvLAz7dmM05Cktf9pgZ8iI1idWQZCJ0ehYL5VyizNhHrmkocXsHzCJ6i79J3uBl5vggWZ4v6/5cUBtNZXq5DYYG/EVN2RXjOdrkzYZnQA==,iv:CQzgvwhofMljnhNXYh+t6BkPJ3OO4GRPOSFZOVXe7TY=,tag:/1i73kP+RrkP76Tho27wkA==,type:str]
|
||||
twitter-auth-token: ENC[AES256_GCM,data:2OM7aZZYuE1A3aQMsDia5yy2cGVmaT7L3QljZ3J8IixA9zaJdFwu6w==,iv:vcc80V5PMqZk7lcvoyfl+XtoIhZ7g951OSRnXPywtao=,tag:EVL2NIiDTS5EHU8MxIZjpA==,type:str]
|
||||
bilibili-cookie: ENC[AES256_GCM,data:PoylF8gAs3dpRSdV6ClpaV9J6jRqRIsAYPlv1NiWy43hHmvEQac1tVrQfm0WHsxV3SfEaphyVH18bgwAcWnkWHbMTzKTWtzsJ74WrihRgksPiuttUm0JkTTr16g0jUtF8kSJiajQfDKmL0pEY9k3mnGnLltjIfntnqbH6dM11FRFy0Ixg0USUPiPz+uFMpJ7x6RHp+ypfhvMYsi5uuCiloCYMV4cUcr65gGym7a72S74vPdPQRzuGoz9fsJn/aPGPlhZR9L2k98TzQjp2jz5lbbGLEH6O1AH/aW9QlDuooF1ki9SvanQ,iv:nO6Adc002Twmw4Qov+EkhVu2TBN0NUEgaCoWOaTu7hE=,tag:cHG00fvDaTR7kAYIMPsICw==,type:str]
|
||||
zhihu-cookies: ENC[AES256_GCM,data:88obR6OzMhO07UM4Mqr928ik/LY8wjjuYRVJdFFJNwiq+q05DfKprrX0oh5barTBqWduZ/PZZzOswh8OgzyeVpRZwBLIz63AJSv+Zui6wV/KODITZs/iDC+UiEnGkh0kf93p3g/TUvxWDGwe7beydGiDXUZrvaQ2nKB7NBGAoohdsx3cXb+TPruj0U8G1GaqRscSjqoYJFhj30EJBH7Jqb687/Zms0oetgXi6KZ8Mw==,iv:tYjHMC7FVxQJ4mhst6pttxivCoSxVyv8qUPmXXDoqzs=,tag:c3UHpyGKvD48qi0rBlfyjA==,type:str]
|
||||
mail:
|
||||
bot: ENC[AES256_GCM,data:redeWqYAJlHVivVtywOD+Q==,iv:mDZ+4K4aj+05/KRij0oH+v7/JiBxs7y/x08Nz7U1sSQ=,tag:2FRwDxmN/mIuBjE39jl/Ng==,type:str]
|
||||
synapse:
|
||||
synapse:
|
||||
coturn: ENC[AES256_GCM,data:IAgJ3Lni1s/AGQxz2Tt0EpFoIwRZ7Y9TtDHsm7fyCcfDLNvwhNorTod5MSgiqFtHhWLzXf/iqh3/cWitIeuxAg==,iv:QUGCkeFMO+CA3tAXbM8h4KALFic6XbnW5pCxtPtJyb8=,tag:dq6qECRfcyUvJX5EwCPDvQ==,type:str]
|
||||
registration: ENC[AES256_GCM,data:HV4DXfW6h1Z/OaW73jXJ4oXs/FOJf4EXWrWlXsnqbOJyzhCszBOiGFAw/i+wx9sSB+k=,iv:8VIXG3Xqug8dYaw2Log9IrGpxqAXwXFk4MJ4JuzQsBY=,tag:3Ra69sIFOxtX4Wzehvz+lQ==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:ilCgbQjqIALJd+rz0XmEo6TLqO44NCBBG2vKv8QITLntZ80bgedKACXZogfMVCv7pTI=,iv:LQG1/agu05i7kFL2vWFnSCttivD7yyDijhWFfq50Xq4=,tag:2VfNhZA5OogXI/RaWohDag==,type:str]
|
||||
form: ENC[AES256_GCM,data:0NdGdzjSF1/Xo7jz+Y3sGK/szDlhgg6kWLCoBiqDmBSARZX8SnW9W5zlPKM4Xa0sG+o=,iv:XVxnFBK2f2tvhIshzQLqLeUMcO28MyLrrF5QZMUeUr8=,tag:5frMH5KQt1hL1u2ltDpApw==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:JPjrh78ySJwmfL7l5C2OT6pelzMfqaWRQK7MoMv3lQ3VXcWKrVsJZlfRQaTJbaEgK+qSiHh0T99LGA==,iv:DFefjxW8U9YK3kCQUPyxOHsh+ZhUYEj5DfOlKVZePxA=,tag:u7oyKnuVDqkyvzwvsyfV/A==,type:str]
|
||||
matrix:
|
||||
coturn: ENC[AES256_GCM,data:ecDAOVKq9+tJklCJK3ktiWQ6Ky+O5fjr9zS3b3PjwJUyCpIADvVhWBTmFeaVy2ApfuWbugGw8d5wCscpOOy/aw==,iv:p9l9X0UBK2mDpkR9+OX/j+ETYxMdzZhjowzOvA6Uk/Q=,tag:5IC3IsfXg4JmJ+m9F4ehPA==,type:str]
|
||||
registration: ENC[AES256_GCM,data:YnDk7rqVPi3uyzNSBvWLQPb2ZaayNzgubs4Hf0i/CN0hW4ha49AZtkcNka/hVtwTGMI=,iv:Zs7SpAecN8r2Sg7Ih190SUlbH5SLu19BDCUPX9ywYzw=,tag:RLZ6jIgOeFCDwzAu0008yA==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:YmEJKAZ6dyjBVyvK3Xi68TZtJHUuljAQMhlR6I8vNUOxuP766XYkU/z/YaH3R2rVv9Y=,iv:1/C8Fm2CIpo6Y+YnE80EtWvHfG6cQu/mYd10XjagJdg=,tag:QmtfqZ/3as+4gdF/b2OuxA==,type:str]
|
||||
form: ENC[AES256_GCM,data:rGLJQUMVpOBTCQEqQtiUk3SWitLL1tijBFqVDbohrUspUhTXgRmCQ/0eodhku3RiwcA=,iv:GSxZtwo4/FDRn/dA+L/NQFWcj45KEUSaV2sUL09vqe0=,tag:4dvt57c3Q73B6O/9/UsbNQ==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:mUY9Fn7TcBPs4HhSpRkj1weFezAzr5ld1xYE8kZcjRNU05MCGLTbPa+av6pYr0HoAaSyzBXmKBBZMQ==,iv:wX092d4eAJ2jLce6Y1EfewxGZsLnwOSce5RJoikCiRg=,tag:Uegzv54CvAI8d0NTz3UesQ==,type:str]
|
||||
vaultwarden:
|
||||
#ENC[AES256_GCM,data:wbKsGwBKrJYagX1AvY0o5FHXxOhrfjZ/+crasAh52uOFYGd0P8A7NnyF6JvNgH749dAT9H47DXRKBAclVVSqWPc=,iv:TZgJ7pwyGBpf7S4g7CL2dync2sGNzQ9369atAvLwFJ8=,tag:sxtkPHOmrjUb13zeWPBdng==,type:comment]
|
||||
admin_token: ENC[AES256_GCM,data:TrgqQwXBoCdsLeWQYkur4zS+Z4nCoDDoePnN5vm+AIcgYXVwjxcf/0AwXQIxVNEypYysPpoHKOigwhkf5kLazAMiBZ0goAflJT/S4nOLo90s+9kDCADXWnCeHNhBUg8fUulNPBbpqdfFKCJgJCD2WTI+V5yFLQ==,iv:maKU6pcxis7Cyrx9x26cUTBzA6ZKcKJWSP23w+MDehw=,tag:GYpPHp2slC6V8aKA1FHFAg==,type:str]
|
||||
mariadb:
|
||||
photoprism: ENC[AES256_GCM,data:h7TQh5ScGM30e42VSEg6AynwRUPHMRHddJcJotQtDbkFVgmfjHmAHTY22U5jWqjq4KXPN5ItRETLOMw9k9yOgg==,iv:jFTPaXortmiU+8m/NBTYjAXRXHCpD+UE5oeveH7/znk=,tag:3OOUUyHLQJROh5rZcX8bAg==,type:str]
|
||||
freshrss: ENC[AES256_GCM,data:Qjg5GIX13ccZi/DuqtWK0qzr2GK0GzzUdEZWXDhUhGxFWzgosADxDCc8wfOchItaJFefnVrpPxdAPvT+4TEH0g==,iv:oGii3o6sJYVc11kdQMh0Pa3GUbWqttFgjvSVEbTycZc=,tag:8GWWwuJjQBwDFl9pJvg90g==,type:str]
|
||||
huginn: ENC[AES256_GCM,data:/hFQdG/RGrX75qd0+WgwhnwR7p/CEVx1vPksRSudxmc1m4VO/AVzgMCWAz4310ctTEnn4GZinvD6QGFta5IOSA==,iv:mrPDZA6Bnw+SPVDDe64tivvvQtHWvCsPJbEnPqm12g4=,tag:ihXbIJwwtQ0RfaNfcaop4Q==,type:str]
|
||||
photoprism:
|
||||
adminPassword: ENC[AES256_GCM,data:QXrDNGSKdRZxc4mfwIhR5cmmmJysGV3cThSFlng3mEviaq0p+BvOa5Thtgw0CxQXdpgjrkui+837NJ/FxPUYvg==,iv:EkutxeDDWfSOVD9p1Ari/rkgf7EwTutDymZQ1uNm6FA=,tag:r3gXuefnIQ+5pPtGZajnZg==,type:str]
|
||||
nextcloud:
|
||||
admin: ENC[AES256_GCM,data:DJK+u19VP9cFvq4/P0+f7erXxZkRWI4NRrX9HdHO96xy9wZMtB+hEDN3zLQnkTTtmd2ZLs9+c9BsUNXZperGDQ==,iv:zX8Nxt5+O/mGVt5l1j8IojBkgxg5oDae6KWTXYz0hRE=,tag:MRyMx0OXYTCmtaySP/umNw==,type:str]
|
||||
freshrss:
|
||||
chn: ENC[AES256_GCM,data:wwHntnMeiGZ5v8CE7CGV,iv:snIdYdFpvv5HvcR5qucD2pZXXef3dhSU+2wK5SPrDjw=,tag:2RnujKKkQSoxvSNZPLS9Pg==,type:str]
|
||||
huginn:
|
||||
invitationCode: ENC[AES256_GCM,data:E8rEdAfUQX9oJEnvxVF5PmYFMd9PN8+K,iv:gZtUf+AkICLHD4h2beHbEfyoL4bcoOv0sivDFDB3vVY=,tag:4tlsPuED6jCXNE0iOayXsg==,type:str]
|
||||
grafana:
|
||||
secret: ENC[AES256_GCM,data:O2L0+R9QvOMJLKa941nxn+FeuZ5nOAm1iDlKW2vvk5Dyod0XLdGL1seWuYzpx+NL16qmC1u8jydDcBfUT+PAeA==,iv:Pqsr+POPAr8djdVMK5U4PiS1zUnZXLH3q588D/jOMys=,tag:QziP0kKT5oyI/RHaYHr2mw==,type:str]
|
||||
chn: ENC[AES256_GCM,data:xMwWBYChRIxw5KDjgCYBJWkbRRo5FUtyhZ0+SVRIgjQ=,iv:EIjECQHx3/2t+oMC16B1Xfwa8guiST2pdIKM1hNcuFA=,tag:BP8ElnMevqF6urDgBP/UAg==,type:str]
|
||||
peertube:
|
||||
secrets: ENC[AES256_GCM,data:9pm5hD8FdbmFIRZZX5+C0NyXn8qdt0OIlecu79xjVrWd8C6H7C01Uriw5M1qifTIJLDMvJC36Trci0/eniDsEA==,iv:iZ/KiwgFm5TyZBZxo8n9k3Lr3o3Vk+c4zFn9efPtJYw=,tag:HGgoRL1C3Nm/KTHGfq2Ejg==,type:str]
|
||||
password: ENC[AES256_GCM,data:PNrcz2PnGF6WGa7vL5PBWiM03xsA2B2imPiwHpU0IMPN/CMh77eMVtwmoxtl6QkGl1UKb12975NJsfJwJPg9gg==,iv:vjFl6SFNqZhTHmmxRckYAj8nZ1IbFtTfTAxYkdSf/lI=,tag:K2PpVnu+919MddGl5qJn+w==,type:str]
|
||||
open-webui:
|
||||
openai: ENC[AES256_GCM,data:E8/Szd4ZFat/R4UW6F4qVEvKmq55sT7mpY6hK274JDCYJgjfQdtJ3gY=,iv:Ryxy19pQsY9pFfz/E4SbBfxYx0N5BXqZtR/Kv9E+0uM=,tag:GEd5+N/ziOncF1UhrwgngQ==,type:str]
|
||||
webui: ENC[AES256_GCM,data:6rpvA80i+HXkDQgYCDIHbXwDfxHq/5tXQRK4piI=,iv:vVIBHf/9LnY1z4zVZGB0ZRBRwLpdXKvNhsYWySxhsiY=,tag:JmbDJKlZ2dH13+drXyXXPg==,type:str]
|
||||
nixvirt:
|
||||
yumieko: ENC[AES256_GCM,data:tO+67mdCFH8=,iv:vl+PLSBfMDk7rGmpjuZ8TnEC1B8tni2pphC7cTmxQU0=,tag:RVW5UaUD0g0HDpoGp2/mAA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -28,8 +102,7 @@ sops:
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-10T10:43:51Z"
|
||||
mac: ENC[AES256_GCM,data:vfsGxfHuVqPrrCYMrjuCS3jV4T5UjMkRGPskTPqbbouwG1i0wAofRHHxYmjC/oor1nllDTVkENAoxOfj56Tb1OQZl0frXhoc40vgqC3XEXouofYhDmIeEU1O/c9rBUYTaoHHgkHN38UuKXCVHhNh1LdEaExrE9XjOhNxoKz35wU=,iv:fHgbfvH2e/2iEa+dBzwhP3azFjhWep6RjXrRIUKtzG0=,tag:VjBBB3FUVgR5bFEPohBsDQ==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-09-07T00:23:06Z"
|
||||
mac: ENC[AES256_GCM,data:Vmcv7Hof4ZR8uXOwbk8zeKSfVldCxJQ696m3mCe6ar5FKpGja0f2XbW8a7tpuYqfwNa5Z7OCovku40PZ/TSmq91hQlZ+zbXe66nPx3/ybbQUSu1rvujprv36kvp1BQwK5A2clLEX7Vo7fGsTq1jX1AFrNM7zTJABrET/7yqVdTE=,iv:IkODPE4AMMLpBNbgwbOpYLWpG7IkRPKVBiLfxKASmPs=,tag:9xfwdCvaWvVey24dLmkFSQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model = { type = "desktop"; private = true; };
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/one-boot" = "/boot";
|
||||
btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
resume = { device = "/dev/mapper/root"; offset = 4728064; };
|
||||
rollingRootfs = {};
|
||||
};
|
||||
nixpkgs.march = "tigerlake";
|
||||
kernel.variant = "cachyos-lts";
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
services =
|
||||
{
|
||||
xray.client.enable = true;
|
||||
beesd."/".hashTableSizeMB = 64;
|
||||
sshd = {};
|
||||
kvm = {};
|
||||
};
|
||||
bugs = [ "xmunet" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,32 +0,0 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:GmfSlDQjO4aBq3u50jnFjOR9VxamYHzokUrO9IpIGuBx0j8e,iv:++O2wBUCnHDPowRgtxPQJQePXP2Cda74WXQvlKHbHNw=,tag:XDWhiXwT718RgrBw7L5yzw==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:OuduClOu9y9adCcV1+U/NLp/t1yWPkuyptproTJv4beImptrLOVGbhb5fb8=,iv:qa1jpzAlUEhPBznZw6j4CYquTCpmNZ+uNbyHjH2qGy4=,tag:+5I2CRuyCAMSy74xVtdJGA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOUJWMm5xT040cEoxQit5
|
||||
ZnhhQWVyWjlnejhzQlEvVVg3ZGVJb05iL1hjCnF5bzFTUTZFYkNQR0k5U0xmOW1t
|
||||
TXhsRHFIeVBBSXc1UURON2M4MDlTMEUKLS0tIGdSbTdZdmdjY0dmNjkrRjd0VkhK
|
||||
eWV6SDJqT1B2MEp1MURkV0E4S3Z0Zm8KX9lEjG4u2QRe1zH+13rbedCWl1B7vvl8
|
||||
2iMHj1qQ4JkCeq83llEH5IuDXKYnKKXSi8l3nU/l6Aw6yx/KHDFK/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2K3VKTVJqMTl2cWxUZHhM
|
||||
OVg5ZjN0VGNpVXQ5M1FKZHloZ0ZnWTZ2ZWowCjJIYTlhRU8wd1JienlUTHIwWXYw
|
||||
eFY1d2MxeStBd013VmszbTUzTkF6U2cKLS0tIDdDNXp4OTdQRjN0MGdIOS9oSldU
|
||||
ZW5PT3VYZWhDMkZUeHViZE41eUhna2sKc8J8mJ8ge9KMb5p6Xi/vRIIXZMEj6Ih+
|
||||
LjLKsgDfMbqNqKaQXSvC3tbvI/dDoiStyCsf4rkTY9QOkyEI80MtXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-10T10:44:01Z"
|
||||
mac: ENC[AES256_GCM,data:Sso6g9UEH7faygbcrypsnB/4h8cIwveLdVI+YgDDfTHMC5nxXj+xtfFHhzao1pkyvF0avUVjsMVXLRcB48eDcbZdXwBvoNKg0mpL7VAeOnDuwElI6GGpRVTaOsZC9LT9d1kuGkmavMljCvmaA3sPLZsvW3Hqjdicj+suMoQJ/nE=,iv:DYf0m9PfJ1qx3gI/6T6ByxJWHrdVGgiNMCVhcBOrgBw=,tag:Ddw2HFuCmk6PFnxF4G13hQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -11,49 +11,28 @@ inputs:
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
|
||||
vfat."/dev/disk/by-partlabel/pc-boot" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
luks.auto =
|
||||
{
|
||||
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
|
||||
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
|
||||
{ mapper = "swap"; ssd = true; before = [ "root1" ]; };
|
||||
};
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
resume = "/dev/mapper/swap";
|
||||
rollingRootfs = {};
|
||||
luks.auto."/dev/disk/by-partlabel/pc-root1" = { mapper = "root1"; ssd = true; };
|
||||
};
|
||||
grub.windowsEntries."08D3-10DE" = "Windows";
|
||||
nix.marches =
|
||||
[
|
||||
"znver2" "znver3" "znver4"
|
||||
# FXSR SAHF XSAVE
|
||||
"sandybridge"
|
||||
# FXSR PREFETCHW RDRND SAHF
|
||||
"silvermont"
|
||||
# SAHF FXSR XSAVE RDRND LZCNT HLE
|
||||
"haswell"
|
||||
"znver2" "znver3" "znver5"
|
||||
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
|
||||
"broadwell"
|
||||
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
|
||||
"skylake" "cascadelake"
|
||||
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
|
||||
"tigerlake"
|
||||
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
|
||||
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT PCONFIG PREFETCHW PTWRITE RDRND
|
||||
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
|
||||
"alderlake"
|
||||
];
|
||||
nixpkgs = { march = "znver4"; cuda.capabilities = [ "8.9" ]; };
|
||||
kernel.variant = "cachyos-lts";
|
||||
nixpkgs.march = "znver4";
|
||||
sysctl.laptop-mode = 5;
|
||||
kernel.variant = "xanmod-latest";
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "amd" ];
|
||||
gpu = { type = "nvidia"; nvidia = { dynamicBoost = true; driver = "beta"; }; };
|
||||
legion = {};
|
||||
};
|
||||
hardware.gpu.type = "amd";
|
||||
services =
|
||||
{
|
||||
samba =
|
||||
@@ -68,39 +47,19 @@ inputs:
|
||||
};
|
||||
};
|
||||
sshd = {};
|
||||
xray.client =
|
||||
xray.client.dnsmasq =
|
||||
{
|
||||
enable = true;
|
||||
dnsmasq.hosts = builtins.listToAttrs
|
||||
hosts = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(name: { inherit name; value = "144.34.225.59"; })
|
||||
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
|
||||
++ (builtins.map
|
||||
(name: { inherit name; value = "0.0.0.0"; })
|
||||
[ "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com" ])
|
||||
)
|
||||
// {
|
||||
"4006024680.com" = "192.168.199.1";
|
||||
"hpc.xmu.edu.cn" = "121.192.191.11";
|
||||
};
|
||||
);
|
||||
extraInterfaces = [ "wlo1" ];
|
||||
};
|
||||
acme.cert."debug.mirism.one" = {};
|
||||
frpClient =
|
||||
{
|
||||
enable = true;
|
||||
serverName = "frp.chn.moe";
|
||||
user = "pc";
|
||||
stcpVisitor =
|
||||
{
|
||||
"yy.vnc".localPort = 6187;
|
||||
"temp.ssh".localPort = 6188;
|
||||
};
|
||||
};
|
||||
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
|
||||
nix-serve = {};
|
||||
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
|
||||
beesd."/" = { hashTableSizeMB = 4 * 128; threads = 4; };
|
||||
gamemode = { enable = true; drmDevice = 0; };
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
@@ -110,60 +69,25 @@ inputs:
|
||||
name = "pc"; address = "127.0.0.1";
|
||||
cpu = { sockets = 2; cores = 8; threads = 2; };
|
||||
memoryGB = 80;
|
||||
gpus."4060" = 1;
|
||||
};
|
||||
partitions.localhost = [ "pc" ];
|
||||
tui =
|
||||
{
|
||||
cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
|
||||
gpuQueues = [{ name = "localhost"; gpuIds = [ "4060" ]; }];
|
||||
};
|
||||
tui.cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
|
||||
};
|
||||
ollama = {};
|
||||
docker = {};
|
||||
podman = {};
|
||||
ananicy = {};
|
||||
keyd = {};
|
||||
lumericalLicenseManager = {};
|
||||
searx = {};
|
||||
kvm = {};
|
||||
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
|
||||
kvm.aarch64 = true;
|
||||
peerBanHelper = {};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
lumericalLicenseManager.macAddress = "10:5f:ad:10:3e:ca";
|
||||
};
|
||||
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
|
||||
packages = { android-studio = {}; mathematica = {}; };
|
||||
bugs = [ "xmunet" "amdpstate" "iwlwifi" ];
|
||||
packages = { mathematica = {}; vasp = {}; lumerical = {}; };
|
||||
user.users = [ "chn" "xly" ];
|
||||
};
|
||||
boot.loader.grub =
|
||||
{
|
||||
extraFiles =
|
||||
{
|
||||
"DisplayEngine.efi" = ./bios/DisplayEngine.efi;
|
||||
"SetupBrowser.efi" = ./bios/SetupBrowser.efi;
|
||||
"UiApp.efi" = ./bios/UiApp.efi;
|
||||
"EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
|
||||
"nixos.iso" = inputs.topInputs.self.src.iso.nixos;
|
||||
};
|
||||
extraEntries =
|
||||
''
|
||||
menuentry 'Advanced UEFI Firmware Settings' {
|
||||
insmod fat
|
||||
insmod chain
|
||||
chainloader @bootRoot@/EFI/Boot/Bootx64.efi
|
||||
}
|
||||
menuentry 'Live ISO' {
|
||||
set iso_path=@bootRoot@/nixos.iso
|
||||
export iso_path
|
||||
search --set=root --file "$iso_path"
|
||||
loopback loop "$iso_path"
|
||||
root=(loop)
|
||||
configfile /boot/grub/loopback.cfg
|
||||
loopback --delete loop
|
||||
}
|
||||
'';
|
||||
};
|
||||
# 禁止鼠标等在睡眠时唤醒
|
||||
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
|
||||
# 允许kvm读取物理硬盘
|
||||
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
|
||||
networking.extraHosts = "144.34.225.59 mirism.one beta.mirism.one ng01.mirism.one";
|
||||
services.colord.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:XU7/GZ8cJmDwNsrQfoFHrquZT5QkjvTPZfnghX3BLyvPLlrX,iv:e/BQkZ5ydWD4P/qT9OUloB8/cXImfkG3YZnuIeNLoTc=,tag:EW3ZBzGnyIrUfcMeJqm4aA==,type:str]
|
||||
frp:
|
||||
token: ENC[AES256_GCM,data:0mE8/cWqHKNquCIiqgbjcNhipKk7KEfbZ+qRYbu+iZr7AH9QjfYZQiMJNp4Aa3JWwBLYAnpf,iv:ID4cc8Tn0H9b1CimXlPamMlhlAkafhRApDHo/CCQ4BE=,tag:BUuU/BCj16R7FlKlpubawA==,type:str]
|
||||
stcp:
|
||||
yy.vnc: ENC[AES256_GCM,data:IsZWkNGYHrbQcgvOSURDnA==,iv:4XO8RFBdNopLKYxCACmkXLMPu0wIVx64y0C7m2bsTVA=,tag:fMHzU9aQm0bRr8pTKwpuHQ==,type:str]
|
||||
temp.ssh: ENC[AES256_GCM,data:XG9WpTR8Bw==,iv:XiMTPN8Gx1nNssf4r+VXTvUATiUNsOYJ2jeHjhDSyTs=,tag:JS3NlA4cs/6IA19PJYrStg==,type:str]
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
|
||||
postgresql:
|
||||
@@ -16,15 +11,12 @@ mariadb:
|
||||
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
|
||||
nix:
|
||||
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
|
||||
wechat2tg:
|
||||
token: ENC[AES256_GCM,data:PrZWR8WiZ7grkpTLqMxwbnkwZttl7n0e1lc1mdHJiFUWq/PqG2wNBC27C58jMg==,iv:02XHhfpN8YPix0REbJDnsBbvCwifbdwBwfuJ2glbvjo=,tag:6aWNqBfwulsjMbl+D6L9vw==,type:str]
|
||||
searx:
|
||||
secret-key: ENC[AES256_GCM,data:KhIP+Rz3rMfNgPEGTlKGvm6gl1/ZuPI=,iv:GcaLEJHKJO3n6IaeiFr9PaJ6eNx04/VjX3UgmBF429g=,tag:HkplyH9hTHUaEZ709TyitA==,type:str]
|
||||
xray-xmu-client:
|
||||
uuid: ENC[AES256_GCM,data:XiUkReTJLAxZNWFVeD6EiOtUX5tsyPLFi6QyDBdHyB4v5/mD,iv:QppdtP2CFDEVhlrmDJKYBGc1zYGJvpGYxLfsBAMxDSI=,tag:jzMSFRit+aBzWMkaa3+5hA==,type:str]
|
||||
cookie: ENC[AES256_GCM,data:0jqSEZloX2/c8Zg4WTKkLw==,iv:BKLm1KMoRrH0uO6hPMsv2a7sG0AwNRrdbpmABP4BszA=,tag:pBs+rQIhhNO4Qr6q1V3MUA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -44,8 +36,7 @@ sops:
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-13T05:59:15Z"
|
||||
mac: ENC[AES256_GCM,data:/m/cioV71s7HJ7ObIDCr69wDLn2xk/lTRqmUCx46u7tzOwMsYqU6DghBsZuaUN1r22CbMi1wtmSziDisKStOGY27pswNe7IuEo4IhVz5sJNxcWCxpYo8ttrCUeaJ7Y0vFbseIn1l1UObfubhhvVdxDsE0RoxLK7Ka8hJW5aEksM=,iv:GKmlbRXFexMegBWBVx4vusA0ceZZnwGIN2FkSpGXMdY=,tag:yoCnH94Ph0AUjkN3CTg6wA==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-08-01T07:22:50Z"
|
||||
mac: ENC[AES256_GCM,data:f4fultak/52Gq6nn1hJJYw3AMeuR3J6gcxtPDG/WKkNV+B+gtabWp5R8J8wLWFJ4C1ZsGHDYMTvTfSUlDVdm1dGpxJtFzdfoBBdajj8s2mju6nMQUFoNFRmHDZEQBdIzfXpob1+7Rsr+bBmg7HnFvjR0ozuaQP9QHsHEZxJVbnU=,iv:xh4OIom1TFgKralXw6rrOR/1xpD5SpY2tHfJUq6v41o=,tag:0QOtWN6DcGf3/gorusbXtQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
30
devices/r2s/default.nix
Normal file
30
devices/r2s/default.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.arch = "aarch64";
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount.btrfs."/dev/disk/by-partlabel/r2s-root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
network = {};
|
||||
# uboot 起始位置 0x8000 字节,这个地方还在分区表内部;除此以外还需要预留一些空间,预留32M足够。
|
||||
uboot.buildArgs =
|
||||
{
|
||||
defconfig = "nanopi-r2s-rk3328_defconfig";
|
||||
filesToInstall = [ "u-boot-rockchip.bin" ];
|
||||
env.BL31 = "${inputs.pkgs.armTrustedFirmwareRK3328}/bl31.elf";
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -16,10 +16,8 @@ inputs:
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
};
|
||||
hardware.cpus = [ "intel" ];
|
||||
services =
|
||||
{
|
||||
sshd.passwordAuthentication = true;
|
||||
@@ -61,8 +59,10 @@ inputs:
|
||||
{ name = "n1"; mpiThreads = 8; openmpThreads = 4; }
|
||||
];
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
};
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
|
||||
packages.vasp = {};
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -8,26 +8,31 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "cascadelake";
|
||||
networking.static =
|
||||
network =
|
||||
{
|
||||
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
|
||||
eno146 = { ip = "192.168.178.1"; mask = 24; };
|
||||
static =
|
||||
{
|
||||
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
|
||||
eno146 = { ip = "192.168.178.1"; mask = 24; };
|
||||
};
|
||||
masquerade = [ "eno146" ];
|
||||
trust = [ "eno146" ];
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
|
||||
sshd.motd = true;
|
||||
xray.client.dnsmasq.extraInterfaces = [ "eno146" ];
|
||||
beesd."/" = { hashTableSizeMB = 128; threads = 4; };
|
||||
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
};
|
||||
packages.packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
|
||||
packages =
|
||||
{
|
||||
desktop = {};
|
||||
packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
|
||||
};
|
||||
};
|
||||
# allow other machine access network by this machine
|
||||
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
|
||||
# without this, tproxy does not work
|
||||
# TODO: why?
|
||||
networking.firewall.trustedInterfaces = [ "eno146" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -7,18 +7,14 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
networking.static.eno2 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
network =
|
||||
{
|
||||
static.eno2 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
};
|
||||
services.beesd."/".threads = 4;
|
||||
};
|
||||
specialisation.no-share-home.configuration =
|
||||
{
|
||||
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
|
||||
# make slurm sub process to be able to communicate with the master
|
||||
networking.firewall.trustedInterfaces = [ "eno2" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -7,31 +7,25 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
networking.static =
|
||||
network =
|
||||
{
|
||||
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
eno2 = { ip = "192.168.178.3"; mask = 24; };
|
||||
static =
|
||||
{
|
||||
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
eno2 = { ip = "192.168.178.3"; mask = 24; };
|
||||
};
|
||||
trust = [ "eno2" ];
|
||||
bridge.br0.interfaces = [ "eno1" ];
|
||||
};
|
||||
fileSystems.mount.btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
|
||||
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client.enable = true;
|
||||
xray.client = {};
|
||||
beesd."/".threads = 4;
|
||||
kvm = {};
|
||||
kvm.nodatacow = true;
|
||||
};
|
||||
};
|
||||
specialisation.no-share-home.configuration =
|
||||
{
|
||||
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
|
||||
# make slurm sub process to be able to communicate with the master
|
||||
networking.firewall.trustedInterfaces = [ "eno2" ];
|
||||
# add a bridge for kvm
|
||||
# 设置桥接之后,不能再给eno1配置ip,需要转而给 br0 配置ip
|
||||
networking.bridges.br0.interfaces = [ "eno1" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -7,16 +7,11 @@ inputs:
|
||||
model.type = "server";
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
fileSystems.mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
|
||||
{
|
||||
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
|
||||
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = {};
|
||||
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
|
||||
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
nixpkgs.cuda.capabilities =
|
||||
[
|
||||
@@ -24,16 +19,18 @@ inputs:
|
||||
"6.1"
|
||||
# 2080 Ti
|
||||
"7.5"
|
||||
# A30
|
||||
"8.0"
|
||||
# 3090
|
||||
"8.6"
|
||||
# 4090
|
||||
"8.9"
|
||||
];
|
||||
};
|
||||
hardware.gpu = { type = "nvidia"; nvidia.open = false; };
|
||||
hardware.gpu.type = "nvidia";
|
||||
services =
|
||||
{
|
||||
sshd = { passwordAuthentication = true; groupBanner = true; };
|
||||
sshd = {};
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
@@ -77,8 +74,21 @@ inputs:
|
||||
];
|
||||
};
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
};
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" ];
|
||||
packages = { vasp = {}; desktop = {}; lumerical = {}; };
|
||||
user.users =
|
||||
[
|
||||
# 组内
|
||||
"chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "qmx" "xly"
|
||||
# 组外
|
||||
"yxf" # 小芳同志
|
||||
"hss" # 还没见到本人
|
||||
"zzn" # 张宗南
|
||||
"zqq" # 庄芹芹
|
||||
"zgq" # 希望能接好班
|
||||
"lly" # 这谁?
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -5,31 +5,39 @@ inputs:
|
||||
nixos =
|
||||
{
|
||||
model.cluster.nodeType = "master";
|
||||
hardware.cpus = [ "intel" ];
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "skylake";
|
||||
networking =
|
||||
nixpkgs.march = "icelake-server";
|
||||
network =
|
||||
{
|
||||
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
|
||||
wireless = [ "457的5G" ];
|
||||
masquerade = [ "eno2" ];
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
nix.remote.slave = {};
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node0-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client =
|
||||
{ enable = true; dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; }; };
|
||||
xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
|
||||
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
|
||||
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
hpcstat = {};
|
||||
ollama = {};
|
||||
sshd = { groupBanner = true; motd = true; };
|
||||
speedtest = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
};
|
||||
};
|
||||
# allow other machine access network by this machine
|
||||
systemd.network.networks."10-eno2".networkConfig.IPMasquerade = "both";
|
||||
# without this, tproxy does not work
|
||||
networking.firewall.trustedInterfaces = [ "eno2" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,13 +6,9 @@ mariadb:
|
||||
hpcstat:
|
||||
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
|
||||
wireless:
|
||||
#ENC[AES256_GCM,data:xrg3Wxj/ghbWgg==,iv:6stu7voI5no2Y3YmnMrvTS8hev3eqjoWAyD5zTgyehc=,tag:cxkS7y7S1oM+/SJmlT10fw==,type:comment]
|
||||
457的5G: ENC[AES256_GCM,data:QjHlyGU4JIYymyh41T+c33T3EOpbqDOoD3U+v6/BzjlWLLeZQXU2hwPCVh4fi2bwn7yNkp4ygAYmFPVPZWoT1A==,iv:Tc6Guzsn5hkjWH6UWSb1KlfWCBXIi2OWdn/wttmCXnQ=,tag:FhyH6JmjSTuqSeFy+GyQhg==,type:str]
|
||||
#ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment]
|
||||
409的5G: ENC[AES256_GCM,data:K9wm3zedoil7jHgTcb+VmbdbkG2dgrMdr3BmDRUHDVADqLANMvnUMSecggYTO4HaiI9q6uv2/BSkluanD5K4Dw==,iv:7dGET3ULKlnaDMVmkuXDek+hQPLZ2VUbPqvEOX+5jlQ=,tag:MBGmQ0NNNqX+T9EsBiWCaw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -32,8 +28,7 @@ sops:
|
||||
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
|
||||
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-10T10:44:43Z"
|
||||
mac: ENC[AES256_GCM,data:6EeWT8IiCGyRdR/9WDoTTM8bBuhzf2LtP1kahCgfvFpU6g5HB+qG5O0eXaL0DMKg7OQJKHIS/wZVaEierVwno0CnP1WR7y9l6Rlab2nVG4YCNkEkwqZgIWFOUi0aZrZQc7WC3rUk1gxiJK38nEa4ebk8oqAbyHyKHsFAeUcMbqA=,iv:oqRLvYsXct+OwcymXslEH4o03vLNeV2eU/4zK8R+gKs=,tag:0d1DYjCGRewUd4aHPIpFSw==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-07-12T04:13:47Z"
|
||||
mac: ENC[AES256_GCM,data:W+e5d1scvV24AdVdl7Pisp9HxsXQ/tPjN2NV/Bd0RXZNBRB7LNQrSfk1GadboBnihW0ctAQOFk66PZsxwE2czfFL2/yzFxm9Cf11Mc822ZL3BwjnQBK4uR9LJrbjL7x1lFUk9v0AIPhjrir8F6dcX8mq6++hHNN0wjGaH3J9E0Y=,iv:RK7e4Dxog+Qsgk6gxK0f8PN8oF9bjWIrTyYK67Cdras=,tag:QSKsETYXbhnvhhjavP4UiA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -4,23 +4,23 @@ inputs:
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
hardware.cpus = [ "amd" ];
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "znver3";
|
||||
networking.static.enp58s0 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
network =
|
||||
{
|
||||
static.enp58s0 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "enp58s0" ];
|
||||
};
|
||||
fileSystems.swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
beesd."/".hashTableSizeMB = 64;
|
||||
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
|
||||
};
|
||||
services.beesd."/".hashTableSizeMB = 64;
|
||||
};
|
||||
services.hardware.bolt.enable = true;
|
||||
specialisation.no-share-home.configuration =
|
||||
{
|
||||
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "no-share-home" ];
|
||||
};
|
||||
boot.initrd.systemd.network.networks."10-enp58s0" = inputs.config.systemd.network.networks."10-enp58s0";
|
||||
# make slurm sub process to be able to communicate with the master
|
||||
networking.firewall.trustedInterfaces = [ "enp58s0" ];
|
||||
};
|
||||
}
|
||||
|
||||
43
devices/srv2/node2/default.nix
Normal file
43
devices/srv2/node2/default.nix
Normal file
@@ -0,0 +1,43 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.cluster.nodeType = "master";
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "skylake";
|
||||
network =
|
||||
{
|
||||
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
|
||||
masquerade = [ "eno2" ];
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
nix.remote.slave = {};
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/dev/disk/by-partlabel/srv2-node2-swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node2-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
|
||||
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
|
||||
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
hpcstat = {};
|
||||
ollama = {};
|
||||
sshd = { groupBanner = true; motd = true; };
|
||||
speedtest = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
34
devices/srv2/node2/secrets.yaml
Normal file
34
devices/srv2/node2/secrets.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:TEi3LAZA0BaPxeXA1yFMD6fQPRKSndVyAzNycCD/5CYXmNVyO7zv4o23ahg=,iv:tEKFPyuqmpsWf0vDoSaw4Ai6S5DzacZFA4otNgnknxY=,tag:qZJzr/Yyoex2hDfVtT6nYA==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
|
||||
hpcstat:
|
||||
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
|
||||
wireless:
|
||||
#ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment]
|
||||
409的5G: ENC[AES256_GCM,data:K9wm3zedoil7jHgTcb+VmbdbkG2dgrMdr3BmDRUHDVADqLANMvnUMSecggYTO4HaiI9q6uv2/BSkluanD5K4Dw==,iv:7dGET3ULKlnaDMVmkuXDek+hQPLZ2VUbPqvEOX+5jlQ=,tag:MBGmQ0NNNqX+T9EsBiWCaw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
|
||||
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
|
||||
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
|
||||
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
|
||||
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
|
||||
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
|
||||
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
|
||||
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
|
||||
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-12T04:13:47Z"
|
||||
mac: ENC[AES256_GCM,data:W+e5d1scvV24AdVdl7Pisp9HxsXQ/tPjN2NV/Bd0RXZNBRB7LNQrSfk1GadboBnihW0ctAQOFk66PZsxwE2czfFL2/yzFxm9Cf11Mc822ZL3BwjnQBK4uR9LJrbjL7x1lFUk9v0AIPhjrir8F6dcX8mq6++hHNN0wjGaH3J9E0Y=,iv:RK7e4Dxog+Qsgk6gxK0f8PN8oF9bjWIrTyYK67Cdras=,tag:QSKsETYXbhnvhhjavP4UiA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,53 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.type = "server";
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/srv3-boot" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
nixpkgs.march = "haswell";
|
||||
initrd.sshd = {};
|
||||
networking.static.eno1 =
|
||||
{
|
||||
ip = "23.135.236.216";
|
||||
mask = 24;
|
||||
gateway = "23.135.236.1";
|
||||
dns = "8.8.8.8";
|
||||
};
|
||||
};
|
||||
hardware.cpus = [ "intel" ];
|
||||
services =
|
||||
{
|
||||
# 大部分空间用于存储虚拟机(nodatacow),其它内容不多
|
||||
beesd."/".hashTableSizeMB = 32;
|
||||
sshd = {};
|
||||
nixvirt =
|
||||
{
|
||||
test =
|
||||
{
|
||||
uuid = "6cb275dc-19e5-4c8d-b705-5faab72aa3ee";
|
||||
storage = "test";
|
||||
memoryGB = 8;
|
||||
cpus = 4;
|
||||
vncPort = 15900;
|
||||
};
|
||||
};
|
||||
};
|
||||
user.users = [ "chn" "aleksana" ];
|
||||
};
|
||||
# TODO: use a generic way
|
||||
boot.initrd.systemd.network.networks."10-eno1" = inputs.config.systemd.network.networks."10-eno1";
|
||||
};
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
wireguard: ENC[AES256_GCM,data:Coe4iIEnJVDb4a9KUVTRkXl4kng5Zo6x1Iyr0ErgR2b9bN287mvO6jPUPSc=,iv:fiNUUKobJjitcoxBemIah5Cl5+dSz2Q7sbiOT8bDrRM=,tag:rHfNeRGTxnyVYAu8P/2ewA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaURzWlFQNUpObmtvaUd2
|
||||
bVc2UXRHajFPeXR5eTNqQnBhaWVOTXRDSEhVCjJVREN5MzF2MXhMSGIvNlM0endj
|
||||
ZGVhTUFrTXVXRTlvYThaRVZBWmwxd2sKLS0tIDNTME1EaHFKY2J2SWxrRWFpaVJ4
|
||||
Sm5xUlU2TXpyMUJQWVpoRUdlTnVjOFkKZErjPuX3nNFc3jFPBX462qs9hwguyxUD
|
||||
POxmT4DMCPAaEz+lNB+Qa03P3TYFJ3LfqTsO7QXO2f9113wFqF2lFg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxd2RzNEttTzk5cXVhc2RK
|
||||
R3hxM1N4TmkyNGp0Z2ZwODZBL0RuMW1qNjFjCkI0N2FMUkd0eENPK0w4MWVJY2d4
|
||||
NWlvUFdQbUh3SFIycDczZlg0ZEJMalkKLS0tIGs4dHlocTRseXRWYVFxMkdrV2x2
|
||||
d0h3aDh5QXFZYWJFdmNVYnJxQ3pBeVUKTl0XVvtwJcz+RpSylgDPl/R8msInxvWX
|
||||
eQGmrDHibeE1V+KSDiuNzC4MVRIrOnh1beHrhnVQ86HwPVgJqs2FoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-18T11:50:01Z"
|
||||
mac: ENC[AES256_GCM,data:4e0OGsOFiLg4inOdsz1CuMymQLrqPO/kiSR6iuDz2WbTs/FKjrYh1EbcqgYwwsQzM2rf4X3vwzD1+oKYe94Ld2U+93JgVBhcxU856CTA3N+kbScqHwHeAY9gQSU0L3GwL1t7gKsRdNK5AJjDEFpHYxiWMrVlWVArWzbw3d9PGRs=,iv:1Pb0FWfC/nsLsOtBJa4YoNbERtuCq2nwL5qW0tX0syY=,tag:mmd+XnyduLoAz/pXZRwToA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
40
devices/vps4/default.nix
Normal file
40
devices/vps4/default.nix
Normal file
@@ -0,0 +1,40 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
fail2ban = {};
|
||||
xray.server.serverName = "xserver2.vps4.chn.moe";
|
||||
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.nas.chn.moe"; })
|
||||
[
|
||||
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
|
||||
"photoprism" "nextcloud" "freshrss" "huginn" "api" "webdav" "chat"
|
||||
]);
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
66
devices/vps4/secrets.yaml
Normal file
66
devices/vps4/secrets.yaml
Normal file
@@ -0,0 +1,66 @@
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
|
||||
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
|
||||
#ENC[AES256_GCM,data:4Y00hDJ+8Hjq3Q==,iv:XWZYNC1T5B55B43tcuzzvOOFtHqZJ9XDuEaYQOO5cR4=,tag:5oNFsqUtSiv8CY6aHyGjNQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:MRMdc7LRYqgRsfKKW6LnP14g3JoFT6g7jzkXW8gIAeqypyoc,iv:tfPBD2FkIljz3xasYNJsj3vh2lEObrvSZ95FyCgWcTs=,tag:B1PQpyX24DqrPscL/pjZmQ==,type:str]
|
||||
#ENC[AES256_GCM,data:gGd3kkNcyIwOXg4=,iv:vILDvtdvopPM8lZDDpedvtXYHpoPvPn1A8AJca41r9A=,tag:2LMImcmdyPKsQDloq7041Q==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:+KUVcqy18t6Fd+QNgB5DeZkNSA6lsjebO+xnzxzIjWuZ9UmS,iv:qugbmBv9jk1yfH2s0A0jla0DR3jkdXLVUeWGcj6v68U=,tag:4FUf/guDzPqgDcb1086WTA==,type:str]
|
||||
#ENC[AES256_GCM,data:jCgKe0t2xQ==,iv:UE48L/JpobN6LUd6Z9RlsUGSJ1sHHgiL6xj8lPztwJc=,tag:xnwWLQm+GIUzsfBO/TXhrg==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:3yrdvbcH/ToAQpTLppSVp2FNGjatyBInKP85bAY9OrEtzhhQ,iv:4zvb1nzKjrCNWWKelOnDhsNBAC7Ak6ZpJlvQKqGJrgc=,tag:dBOTBJDJhJsKHKg/vGmpxQ==,type:str]
|
||||
#ENC[AES256_GCM,data:2ptsDQ==,iv:dEzyk6NQcFZQPx8h/ViCqtRaQ/8dfMTVKBq+iguk6nU=,tag:11SLIAhtcHja4G9HUXr9Ng==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:NO9rpzFkySistf9++oXpo1tBaa4XtPtcCGR+2IWmhQYEH/l1,iv:OG+U0avgo9mjmU3soxRNL71ZC7Ee4ijpsJMRn3jYvhw=,tag:QuBFX2KHgNJ+f3RwqEH4+Q==,type:str]
|
||||
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:Ie8M385wtRx8bWIdCupnda799kL0OLBsWdk9pHTY7IxxaZbn,iv:OrRYOkaC9uI9E1Eb8GYqmYr9VAUM895oO8NSdvxUPCQ=,tag:NZTUE4KnUjhg/auoALavTA==,type:str]
|
||||
#ENC[AES256_GCM,data:Wwq+ypJgx6OcXA==,iv:dSvFz4I5tFx+ZVClxNGKwcbIQe7OY43OzAhqRiDK2TQ=,tag:CYUs1cJ/zqc+Y0yFec7Upw==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:2GyFDXIiAN3mTobwnY4czV2Egoin3B5Ih+aet3yT+krPTkPq,iv:NwrzO//HXwKMudgD+yK1hsj9o71RG6BfBle3logvuLE=,tag:WWpioPsnhHvVSrzAmN16Sg==,type:str]
|
||||
#ENC[AES256_GCM,data:vVz6E2juGqXS1Q==,iv:9itEkwMsW8cqSzwV2EZtgJVgaW7aJJ5fw1rLuKFwiKM=,tag:9hRADkot8kELoYAgd6Dz7Q==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:HgSVrry+nKGW9X9N6h8hsI9VETKtSEi+/ZC9QvNZW4zETQxt,iv:ERgmCDPBpboA/+Sxeq6BvWoMxsv3Kkczqb/mbXz9pOk=,tag:bklzRg9toKy//6T8xdtbRw==,type:str]
|
||||
#ENC[AES256_GCM,data:2sHxXec=,iv:aA61+cmDw4rHab7RuRRK3eUDx5d6gpmfw4RpQ6Nd0mc=,tag:H9kovJyn3Te3ir9X234VGA==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:CqrwaZp1fHd/WEGQH3xWI8DZ2/AavCqwTtwZeHmnrct5yoD3,iv:IBOHGQlw+uQt8Ryp/mCDcglfSPNXvvHOjNnrT+7nOHQ=,tag:tEkGEtPaOBK+P3LrQzOLsQ==,type:str]
|
||||
#ENC[AES256_GCM,data:Rw4BWXZutQ==,iv:rXe2i1G/xQkpBl0wh6VIzaNoidCc3JL4sy6v5hcOF/M=,tag:2tZyH8B0ZL7XptKHk6TcAQ==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:CsbquwEn+iOKCzda8z26FYk2i5aPk2xzqGIYORiD4lotvnFE,iv:zHPmlT4LAc6NDjXrExze23dZZFIj0c1eR4WW74cu+qs=,tag:5MDFrZNgv54mK05ImSvpkw==,type:str]
|
||||
#ENC[AES256_GCM,data:vqYkwGVcQ8yZbA==,iv:1ckVSiAgjuT/K0MuVHe8D2hHE7X2qxCHpb+y6nrFCsI=,tag:so9oFl6bXlJT2O+prplazw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:KUraqncs8iPr7z+COfJ1z0TLNLlgctxy8FCav95+kkVXtStx,iv:Uv90bnVmmQh6f9pKOWmEKCul5VPxF7rrQ9GYrsCGPp8=,tag:I0r5o8xIYuq5/MIXSOHT3Q==,type:str]
|
||||
#ENC[AES256_GCM,data:F2x+2zrePYDkCA==,iv:aTMeqvGVI43xLsN9submgciiJEjY4hYypJ9RJLIBYTE=,tag:quKW+MATVzRw1bda2jGjdg==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:BjnUUnNyqUvvPbfa1CeYvcVbMOwz6/Em4YhxRgmlicOSwro+,iv:LULwzjV5PRihTHNZFJ21IrDG3rW3qX4CYwF4Xu1KdZg=,tag:pZAI4OEx24d6h/h9JyQ/hA==,type:str]
|
||||
#ENC[AES256_GCM,data:aka1O9hn/dZX3Q==,iv:rWik4cYtHY/Z3xQ0p/i49zTXVmKEQDV4OMn12UaQr3Q=,tag:hPm4bugH9RAtsykj0BJ0Pw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:URZqRUDtG5FDrZDsmI7CFn4ilp97GJtgaVVB+j0dRUdtVGoq,iv:iUkcr6Oo29y5PIGF/GJRltn5DD19yEcBIsJAaYs43AI=,tag:gzSsjeQxvjvfFVkDHPkfvQ==,type:str]
|
||||
#ENC[AES256_GCM,data:JkMniTrakuonAA==,iv:V5KmQL+C5O2mb3ktlm1ITjLaa1NxToQlyToqYbGme9U=,tag:UTZm05uyb5j0Pf9vuxyIxg==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:fFtnkBnaOktHaIfk7dN2U73UkloToiLvP3Pg2VAqPzvTE49h,iv:DZrba7RWmaeOQsqh3Kq/IuFS9so5u5ItK5WwV/65FYE=,tag:v+pOozYvrJJIsj7A/a3S/g==,type:str]
|
||||
#ENC[AES256_GCM,data:gR0WsUYdBZBWjA==,iv:rnXZQaDNu+cEzneEa6/2pO+qUXl/fut8FJ3n90A6ATs=,tag:azNGPfWv+ZgOU/B5PMCVZg==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:S8VSoBIR/RqwctgYPtyIPEK2hXLr4LZ/jJvvFHA6CGgp9/Ff,iv:8eLCZEaiquwZyswwLkLoJcl7UPWTVYmQqZ2egAGFWWM=,tag:VgJiSt8eRcRhppMXkAkmKg==,type:str]
|
||||
#ENC[AES256_GCM,data:vWW1bNyENgcspxI=,iv:xXCrjHyxVtodkVu/wgy1OrHGGm20nEd1iyparWcycYE=,tag:FRu132btquzXkiLXlnq1Iw==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:Wux6pzwor0B1A9d1y0QEpcNnYn1pObloHxghSONHcsQ266/7,iv:jWSuswV6vTQdL764I/zxFC5gkFOa5Qwj54rggmmZX7I=,tag:4hmqBTn0T3a6Sjt9lofwbg==,type:str]
|
||||
#ENC[AES256_GCM,data:IJWHWxbhy+gxhxk=,iv:HzMi211JiVfHUhEJm+q/K0tCjUEXDhollUf8Bm+HVA0=,tag:P22Q/h+DUhhJayZftcvVfg==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:0X5x3SATZm25kVf8cu7TGm2t95DneLAqhP16fRQCtROzyZyg,iv:dmlwRmubnRq2fNdNz3lVlAVYpPjVHkFm60IvPcajjds=,tag:eDJYYf3eRw+FxfaHiRDk5Q==,type:str]
|
||||
#ENC[AES256_GCM,data:O3ovvRYzFrQY,iv:/Zs8e6u7wdp18AacZ3WWBvn5PDtXDnQ6ZyqLiyYmvAY=,tag:HmhKBI3aRCIR34vOEnv1iA==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:ee0naewdOjIxA0QEpmUyOSu++sUJQneEufhJBHiyOR7jAPTU,iv:09fZ0dLUZHp9wM2lCiIcTzFey2AkWBmnUCfq8W3FM6Y=,tag:dHBVo/Ok3Q9vy1pIbWC1Kw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:3h+cpSHULgwlI/zOI0IL4t4diDzm7qWW1sOWZqkFRWCB0CAfGyydGNlZkqA=,iv:pVpmw0aEDssQSr724h9NvJqFMHu0NupDfCSt1RWVnUk=,tag:fonuszujTzeo2HqO1OokEw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
|
||||
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
|
||||
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
|
||||
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
|
||||
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
|
||||
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
|
||||
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
|
||||
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
|
||||
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T07:42:38Z"
|
||||
mac: ENC[AES256_GCM,data:fQm8aI6KdoJVxcl4MQP7Q6EZVqmmLFo9A3Hjo/tKZA+VOYvQWFBxIKwy5Cj0SBi4pWsSjwG6pJZ7m6Wh/dDK4KlgkoaXgAYj+efHtScOH5Gkb0sTpAkHNL+/CJ/cO1doXiXRGj47fn1QB9o9WBaomtOWQbzDts4eFs9pdm8TAq4=,iv:91Ilig4j0ELHEatTY7ALKwwr8AzYnRwhKbdWDcufZF4=,tag:UfwaudQTNKu+uryCZjo3mw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -17,20 +17,16 @@ inputs:
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "znver2";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd = {};
|
||||
networking = {};
|
||||
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
xray.server.serverName = "vps6.xserver.chn.moe";
|
||||
frpServer = { enable = true; serverName = "frp.chn.moe"; };
|
||||
xray = { server = {}; xmuPersist = {}; };
|
||||
nginx =
|
||||
{
|
||||
streamProxy.map =
|
||||
@@ -38,19 +34,17 @@ inputs:
|
||||
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
|
||||
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
|
||||
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
|
||||
"xservernas.chn.moe" = { upstream = "wg0.nas.chn.moe:443"; proxyProtocol = false; };
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
|
||||
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.vps7.chn.moe"; })
|
||||
[ "xn--s8w913fdga" "misskey" "synapse" "matrix" "send" "api" "git" "grafana" "peertube" ]));
|
||||
[ "xn--qbtm095lrg0bfka60z" ]));
|
||||
applications =
|
||||
{
|
||||
element.instances."element.chn.moe" = {};
|
||||
synapse-admin.instances."synapse-admin.chn.moe" = {};
|
||||
catalog.enable = true;
|
||||
main.enable = true;
|
||||
main = {};
|
||||
nekomia.enable = true;
|
||||
blog = {};
|
||||
sticker = {};
|
||||
@@ -59,15 +53,36 @@ inputs:
|
||||
};
|
||||
coturn = {};
|
||||
httpua = {};
|
||||
mirism.enable = true;
|
||||
mirism = {};
|
||||
fail2ban = {};
|
||||
beesd."/" = {};
|
||||
# bind = {};
|
||||
};
|
||||
};
|
||||
specialisation.generic.configuration =
|
||||
networking.nftables.tables.forward =
|
||||
{
|
||||
nixos.system.nixpkgs.march = inputs.lib.mkForce null;
|
||||
system.nixos.tags = [ "generic" ];
|
||||
family = "inet";
|
||||
content =
|
||||
let
|
||||
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0";
|
||||
in
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname wg0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
frp:
|
||||
token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
|
||||
@@ -7,58 +5,48 @@ xray-server:
|
||||
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
|
||||
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
|
||||
#ENC[AES256_GCM,data:93BxR0AEdQ==,iv:rf69GWpuxYt7fu1Fyv55pynuQDhi+TA5CwZK3cc3yBo=,tag:/hLy6atNMxLw6G3/qgMM4g==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:+MKTpaA8hO8q0kyY0V1csedLOtIf760Vr0+WllGe9lgMJ5da,iv:5txOM3sFOhKVX4EVozb8XHWLU0fUNxCF9YAwTYaTL6c=,tag:jkgOVgiEc5phY1XNETsdpA==,type:str]
|
||||
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
|
||||
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
|
||||
user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str]
|
||||
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
|
||||
#ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
|
||||
user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str]
|
||||
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
|
||||
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:H1gPtqF8vryD0rVH7HYzpMuZ3lufOBYczKwaTr4PidQtTyQK,iv:wh7NwFc/1ogNrnTTpm5L9dBqDVkvWiIsJZelR2mtR4Q=,tag:oEFdMFZJ9UYhsSVdefJ4rg==,type:str]
|
||||
user8: ENC[AES256_GCM,data:AnZb12dioiCamubOb6fsGWoM55zfPMeRbu+j8bRRcMfSQFJf,iv:rB+4B11JFC0oS2ExUW18f5WvhnE4EuHh3IiEyxWeY3A=,tag:jt+3yxDvhusvB8ppbdAwzw==,type:str]
|
||||
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:HVK9KvGfOcwn1joc3VrkjBjE6hrxQPOBD5RTtQUgBPepToh6,iv:VK9aQ64L/GajpledBxC8PNB1BdNYEqwcdL3GKttgxvs=,tag:O/piztCYBARtAFxTMNXGaA==,type:str]
|
||||
user9: ENC[AES256_GCM,data:+SA+VcZcy5ckuS/46Dn093VvuqxrIACuqMAMx6Ko5yw0DVdW,iv:TeLXb1WI7uhcPDkXYSlKIxdE6Kz+nCnlB+ZYpWcaF4I=,tag:YB0sPD9yHMARhiMJs7JKcA==,type:str]
|
||||
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:xjVkr/wy7OxRuNZKfQagfNxdVxTEyQP1ZhnR6jHy2gjBQ0RD,iv:G6iOBCHOqlvfEENY/ega/TUm81wgT2OOdZKZ6bPfg9o=,tag:p8AMa3bGsIl0hWQ09lSzgA==,type:str]
|
||||
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
|
||||
user11: ENC[AES256_GCM,data:BIZ2zRgGv5/9AexiZZvu+m4A62YUWtAkjWWMu89GteqpWMBq,iv:13IJcDf18LjoxJk7uoKnuFZT6Ihxrxsy7DBaAaiFqus=,tag:RN7wj+uPneCkqNlMRyYrXw==,type:str]
|
||||
user10: ENC[AES256_GCM,data:Pec0CVGia/ZIaq7WerZlr0/waJ/Ev1OKwt7V3PBxBSFMLi7p,iv:wYTdhv4Xoe58KBIwV1vk/V4IcdVzQrBgmzGaRD7qHQs=,tag:IZVt5LmjTUge8XntujJlTA==,type:str]
|
||||
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str]
|
||||
user12: ENC[AES256_GCM,data:iTZViWyKkCU1y6mvB0NzkXf3I98U/+nCs21ZD6M285YKaU6q,iv:vFgA3sv/7ENcw3gyJLiiHLwroXtVJjAxZXViqjXF3mQ=,tag:u3b9Uu6TIPPYX0TW5X5Sjg==,type:str]
|
||||
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:ExbnvWDIBqga5+k2mpoT8AKBOXAvUNMjBTPXUKrmtWzz4l+L,iv:UI7CvSx2FHYGf6BEHS4e3iwHZZWkl2Zt5xg2WdKbLvY=,tag:ad0c7YW2Bxo+Dn+BoSZ0Ng==,type:str]
|
||||
#ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
|
||||
user14: ENC[AES256_GCM,data:dgNPPlJD5JOFPbKhlvlRHBLmUNKeDm/JAiawUVpBE7H07Box,iv:w+t9BkqYvlxVKr+x0MwtBz0/YSR/7z1OnZLIoPdW4gc=,tag:CR3GLbaO0jSQgA2HuwzRqg==,type:str]
|
||||
#ENC[AES256_GCM,data:X80nhW5a/JQ1IQ==,iv:2UTsNLLDr4uBAEcPyvmep1fqH43JLUiHc/zqQWChfDk=,tag:DJEArs1nVnlcJgqM2uy17A==,type:comment]
|
||||
user15: ENC[AES256_GCM,data:6AskiMLLl0HV6tm2rYpV46XW0jePQy+wme2oi3M7He7WsgVM,iv:lGfnFn69Vnjv5J3rp5sRazD5/B+8Nk8MNG7HIyf4HKA=,tag:Vbg82tdn3noOfhKVVx0Phg==,type:str]
|
||||
user13: ENC[AES256_GCM,data:ID/A7yCWQIWRoU7Emhel2ASZfTweqXYmpC5q6Fm6ptD0XfCu,iv:YrFjIilO4pH+QxVVDTqwkufj2VSC38y9lAJfD8w522I=,tag:1v/T7vWeh0LMi0OL0FVs9g==,type:str]
|
||||
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:fo6KJXlPDn7+FmxjEJQo9d79rDYemLFx6LanYZcJpKJR7Gxq,iv:yEUKPNZ9idrSqyVO9fhksP/7bjPMT/LzNK2VSq503/c=,tag:M87D44SIo9JzDB3ZyKu7fA==,type:str]
|
||||
user16: ENC[AES256_GCM,data:esInSvj+a90TAl+b/n9m2iJsH7e6tlQRwSsoLBCy8KA9a0Z3,iv:U4c0pZzqS1s5H6XW3YRSCvDhtxnwCnyKR/tObefX2Rw=,tag:YtY/t4xsmZaj4lC39XQ5SA==,type:str]
|
||||
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:gQInIcNFxJuCSsMDGq4yTp5JdMMmJRy1tY3PGLoLuuIXWV0a,iv:ya4n9Z7T9/bxeHqi5QqwJprEzDMsT6X0BuEXRS67wWk=,tag:RcjQfAHv8uc3PgN5c4bySA==,type:str]
|
||||
user17: ENC[AES256_GCM,data:6h343SreoMqz5ZHkdyDI/je4v10r5zBV7cWc6Pj4x5sI2cvE,iv:7WSikMxAZJUnv3+GPq40d8r9JkKRRH/SPW5F5fy5HHY=,tag:6h5Z7+WXT/dLNeEIrC0UGw==,type:str]
|
||||
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:dssxPEv8srXydunolaaDAYYo+BOXhp2PoqidOWH3z6NYBpyB,iv:WCLcMMwQJiHZBwreQpaOZp2saXvjBwgYUqSf7HQhMgA=,tag:5jsAVcgAgO+7JhBINz6tzQ==,type:str]
|
||||
user18: ENC[AES256_GCM,data:HJj0e6EHXEYmDXlZcS8UlfEQo/4y47w3sYKgb2Ojq6E4vMdE,iv:xThlGl/DDLLgoY5VkBSCx9HIvxy2ZlO5Q987vIMu0lA=,tag:gB07jP6Do4/6RmVaLB3Ecg==,type:str]
|
||||
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:+Mh15DR9xvFAwks86iuHEA9FpObKWTSuVOEzUDpBUS/h0hOz,iv:zYIkic2bibvwCBpomnJ9465mda1rbm3RERBZY9twXuc=,tag:bwdL6DAGgkGYhYFI2C4A+A==,type:str]
|
||||
user19: ENC[AES256_GCM,data:unW8dOhNbPNLWd7X2prpD82tcqUua7msq8nX3ykFs8STsuto,iv:OLaZ9XQDFGaA1VENgsSn/3HQXp957Zf9MD9GPZ4KLE8=,tag:UK27LK+De3AzbI2mEIsQpw==,type:str]
|
||||
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
|
||||
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
|
||||
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:G+Ls2+bbcP4RmeYhPF44STdbqNiw0UZVxac6GQXJUyCehgjm,iv:vXbwtGWgBINUauS4rsDj+4yoropzZ4IHOZxF9/jLPTY=,tag:SN1BZbQTOfcAF6krXEXtjA==,type:str]
|
||||
user22: ENC[AES256_GCM,data:LClSrxtBzuJUD4J4QaYXHUr8XSi+N7Zh193j/YeBZRm9sjgf,iv:djiq3+iVnuKK2HveoCm/j8FezzrHRGnjbyoO6iGm6eA=,tag:N5hqYyvJGxnwT8wbxdnjiA==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
|
||||
send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
coturn:
|
||||
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:5M7EAy/6+2UASWkjxE0Jrxwl0aNdAVZaUjQnD1wU3YvOAQ/c2DSL8hVtKf8=,iv:a2tXFf1+aP0JhdNtzP8e82KJ71m2o8nx+G0wIx4VMig=,tag:l4TS4QBz2fIkC9/GnZgHnQ==,type:str]
|
||||
xray-xmu-client:
|
||||
cookie: ENC[AES256_GCM,data:RZ2WFnsX7s/PVqA7ZKhGqw==,iv:CknFoAcHIiIwJI1IEXkFdWXcOCAZr50pfwmQN72OI8o=,tag:w2pNU1APxlSQsGMIEdE2OA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -78,8 +66,7 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T14:15:31Z"
|
||||
mac: ENC[AES256_GCM,data:XOG+e115arZG1uvFoLxCfAqr2pLI2ndS6bZKRyQlWaJK0Gti8RpQt1jVZ+Q3y5Ga8tpAvd7k5MYgRL0/H400ENCleM3vsh5s3VXjlSSxq4mfdkwhUH2E0t8OQyf8VXvs0SXZKhTOljETPu1pggB6iFUfEZ5e0kKRLRYWI4Tt94Y=,iv:mt60iMiKTcQP4b/f684j2IyFSWYzmq3XGK19CfZB53c=,tag:NyhQ0Lptv2E4jHuYAxcelA==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-08-01T05:54:47Z"
|
||||
mac: ENC[AES256_GCM,data:OtHwr58A1UOfYxQR88ay76fWmAyWPl5YtNbAiv0LXPLZPRtLGBJKuTjMaHr17AMepFZ+u5IPV2r8z1AUDj0opLXlv3Ik/DJ2PCcQTOBH+/lnSgzJKWfdCip9/wFR6N3dT0PKKLuBiURB9ZCYmtnq6E5+Guadc6ATYDSEpwbENZQ=,iv:kXsYMGjAtUlv1UqFU8Xv0zagohnpHkzSI72mq5HKY7k=,tag:KR+1A8l2VvbzDZV/00hbJg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -1,59 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "znver2";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd = {};
|
||||
networking = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
rsshub = {};
|
||||
misskey.instances =
|
||||
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
|
||||
synapse.instances =
|
||||
{
|
||||
synapse.matrixHostname = "synapse.chn.moe";
|
||||
matrix = { port = 8009; redisPort = 6380; };
|
||||
};
|
||||
vaultwarden.enable = true;
|
||||
beesd."/".hashTableSizeMB = 128;
|
||||
photoprism.enable = true;
|
||||
nextcloud = {};
|
||||
freshrss.enable = true;
|
||||
send = {};
|
||||
huginn = {};
|
||||
fz-new-order = {};
|
||||
httpapi.enable = true;
|
||||
gitea = { enable = true; ssh = {}; };
|
||||
grafana = {};
|
||||
fail2ban = {};
|
||||
xray.server.serverName = "xserver.vps7.chn.moe";
|
||||
docker = {};
|
||||
peertube = {};
|
||||
nginx.applications.webdav.instances."webdav.chn.moe" = {};
|
||||
open-webui.ollamaHost = "192.168.83.3";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,133 +0,0 @@
|
||||
nginx:
|
||||
detectAuth:
|
||||
chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
|
||||
led: ENC[AES256_GCM,data:Vb2p9v7U,iv:xJcKgvbc0KAP31uTpFiYlpvPoEHMWH3VkEqqyINKcyk=,tag:X2R+CHFj4N4i7cAK88IoSA==,type:str]
|
||||
redis:
|
||||
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
|
||||
misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
|
||||
send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
|
||||
synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
|
||||
synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
|
||||
postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
|
||||
misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str]
|
||||
synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
|
||||
gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
|
||||
grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
|
||||
synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
|
||||
rsshub:
|
||||
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
|
||||
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
|
||||
youtube-client-id: ENC[AES256_GCM,data:dPo4+HsfXHdxrgF9F0qJmOGcSHDCn2KIkHx3ZYZU94iv8ImiPI9dTRfoz0zq8UIN7rwIKidQu9GxCRrg9aXk34pc35SXzEh8JQ==,iv:ROVHb0QjVsNae9eJevG6qc5dc4gkrGt+Y7S2QYrzmQ4=,tag:Advoh75OKPC7CnIeL4GFbA==,type:str]
|
||||
youtube-client-secret: ENC[AES256_GCM,data:c/ALpo/4qJdccMgYiSLg9ZgG7ddaMYxHwJYZ/ogJN2ED21k=,iv:CkrIq+Vpuq28CsRNwdKRLnBq6L8NF37y4xhhnmHQHqQ=,tag:SKtHpm/QZWnGViDtSKlUUQ==,type:str]
|
||||
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
|
||||
twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
|
||||
bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
|
||||
zhihu-cookies: ENC[AES256_GCM,data:DgpvRB7IuRe1KuPFqhCbtyFrC02AUlaA9UWS+d8ix0nweItXwZrkqC03lXQY7nJr54H3SfKXNhtUp4nJmV2hqNQOqekrXVsKrG++UmcAr5Ciw1lTmilqM220igJ9YwiHxtsZrWgp4sTPlTTQIFu5xrGnvlSntBjXAjzStTk1R4XRmLV427QuKbNNQ5MjPXS1PYrtN0d4/qXLx74pNd9ZsNd9F4V0E75Zt6vKE8F7aA==,iv:5Lu/HD8Iw655pg84eFs2eEQS68QqA99uMBHlgelZvrI=,tag:Pnd7VWIAgNt+1vo+vyWDpQ==,type:str]
|
||||
mail:
|
||||
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
|
||||
synapse:
|
||||
synapse:
|
||||
coturn: ENC[AES256_GCM,data:9MDq0eXLHjJ8Cd2d1iogS1lnjI0A2+0ZK8OtLKRLqT16BVzQQJyhbkAYwkn1+9ppfrazsHFGrk7DVsA7PWjdmA==,iv:SOjwZIyzkMK9Q1fGkmBSr6nSIarNe/WeD91GPJRuZjg=,tag:1GljmXdK80NKTPSg6xJz0A==,type:str]
|
||||
registration: ENC[AES256_GCM,data:MmRJ3el59XaTwFImuCsiAm2zXeGhgvyUyw9AIv7FvxR4N3YWnHKALcQJtG52N4bmLXU=,iv:vm2R7XGzGET0eTcD2trl3xD2I09NzYmx5NPIY4KK4xM=,tag:exm8/ehPufeqtp6j61ap0Q==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:2/8GuF/a+ocVtLN0PU17JDvXw/RoXX/CXFHPlI9THl5bY8lBm6tEawijnOKVoFLovfU=,iv:GPAr3ZjqLf9ixevsZoQgs4cPkv0VL4WJoFfQZOdThlw=,tag:HRt/igDEfUJ3K39mG7b9Fg==,type:str]
|
||||
form: ENC[AES256_GCM,data:Z9cYL9ibRWmOhAYtB269n0cWZSvL4zGgc03ZRag0m8cz2j0god/Fn/w6kx3cyGK1C70=,iv:Yst6WSV63IvbMF5nnicIoBj77eSwVMnAHtHrKo2UcDk=,tag:4qf6F2rdctcCf4J9vECvYg==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:BbPJiNcVTqMAL2XG3K3CIbsb8EM4r8ct/WxPK10FHRwAnqChKy3CAviYU9gewO/tNZXHvUYUAUbPww==,iv:IZB/40EE3DIxAqagdH/a4kcSmiec5l24XLCQKCQNaRo=,tag:/1t0WAPBYmYrPTx4V4wgkw==,type:str]
|
||||
matrix:
|
||||
coturn: ENC[AES256_GCM,data:MwZKkYMefshuk46Cne4wn9ooFH8RCDbrxp+MbLJWli9iPHuzJJzUuQNU9EDL0aNbzyYEMt/7DErw42z6KrpGww==,iv:u/SVVTgfJO2FakiYU+uLHXjA4tHU/W6ASsR3S31+pWs=,tag:VTeKNOKwm2bsiZAOVXeBOQ==,type:str]
|
||||
registration: ENC[AES256_GCM,data:+pA61vTg12lYUyXjLrHSY7y/ExfTQffLlGUI4HBOSFFPTck7bu68FrCaHOIBTtEMfjU=,iv:Ex/phkBZxglG8HiRz+m7h2HNanpq2Pxwbm08vdM3xFc=,tag:mM3YEa70FnCeYIUthK4TeA==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:/+RaayKiPPpVV7OWWdaSkSSRHMjb8d58lZcpvltN9cYkN1btvMViEgdLSlfqzRRlPUE=,iv:pg9GXgNsrVWKlUAiCKZ2pYXugRH6MsBIMpHKoYWYLik=,tag:/mj5Ak7XAX/FH7sNPEVALw==,type:str]
|
||||
form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
|
||||
vaultwarden:
|
||||
#ENC[AES256_GCM,data:yFDD8GHjZWHN/Yh53DseevKAhDVwrHX60e8sGZnF4BUsUuPA/4S2PRzj7CtlpFzUH3kb0i+HkLKRvbchg93U3as=,iv:JGG7daEKs0oMKTNVi9GS7PrXn/8rFtVkHknACsEQR+g=,tag:RSN6fojLsI4dcuPu2eTiWA==,type:comment]
|
||||
admin_token: ENC[AES256_GCM,data:OpjREmxJSRj+aGVoP8KKRE7ClNqRtaV8va4WLVmpl1AO6D0q/GapJvhORHQb5s5ZjIAgvWTz1w+fh050Q9sPwRsNUke3FIcyeNy7k0PHgnnVIdxnU1Vn9KMz/SovjQ0/qEQ7tArvW/EXtKfwnP9lsz9m94VBvA==,iv:9AvDqMa2PeQOSrP2th3YBgA2RxPl3oKZTyUzi/yjRTM=,tag:HYFTQDgWvBsHQk8IZxWkfw==,type:str]
|
||||
mariadb:
|
||||
photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
|
||||
freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str]
|
||||
huginn: ENC[AES256_GCM,data:1Tdg1WDwGgFSXdChgif8knWS24BIFYnmaiSjJXxs5uj/v/5fJ1alb4K4XHW/kFRjQbuAOFfJiJ9ogJ1KAyk17A==,iv:qLMaQpVaKrjP7g2lWzhaNLghxwiV4YJmyYY1hrpu5I8=,tag:566JCENvOxgwD7tM3aQBiw==,type:str]
|
||||
photoprism:
|
||||
adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
|
||||
nextcloud:
|
||||
admin: ENC[AES256_GCM,data:1rglLrLtRf3yXQwfHDMZLewk8ueIbMFOC+1mtoAyLKnDmcQAoEQZ1vHw/hpKkFXJQ+QyX3sP8eUjRXuBEIVl3A==,iv:lfEGPEw9ybSdOYLDdaGCLXKgCvgRxn3k9eIy2DJHDYU=,tag:j4qRexbEAgK5HAGhr/wxfA==,type:str]
|
||||
freshrss:
|
||||
chn: ENC[AES256_GCM,data:XGcgfuRozJ/xowtmFPSW,iv:yZ9LTuVE8dGyrtE3vxLA2jLErvmt67XC0jefl1njiOM=,tag:J5d+oGFWhfXEFwVOnsJ2iA==,type:str]
|
||||
huginn:
|
||||
invitationCode: ENC[AES256_GCM,data:+m2AabRzUiCFy3MAKTB8d1IE05WHTcmZ,iv:ccdIPHl9N+bvPR/QCwZUwZOfWTeW6gWhhBjOpL85JRg=,tag:Ir2085K04XUGkAuoCG+7VQ==,type:str]
|
||||
fz-new-order:
|
||||
token: ENC[AES256_GCM,data:qhwWRflJbW1QMOhiPfbTIrEdQJyVtfZ1QycCgstdKD1Nh40=,iv:GvZ8MJig64l34jkvuJbMMjyNaPT5yz0/pFCc6KEPTvA=,tag:cMXo/6F9thl8k2iAhT507Q==,type:str]
|
||||
uids:
|
||||
#ENC[AES256_GCM,data:O3DOE3jFCg==,iv:9shUoHCLXsJPKHELlyWdreouEcyOqhsfVI2KaqwC4CU=,tag:tYKVv+/DuesSijZwWGdrig==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:2sieulGmi7mCYrJH24djrrmHArrFbOHZ9wUuKvY4f2k=,iv:lb5ODFOeQQ+D9HZnMw48n/DGRB7L51U4frBVcPx1mvk=,tag:MwZua6u+G478uGOwtGu4fQ==,type:str]
|
||||
#ENC[AES256_GCM,data:yeA9zF8Tug==,iv:VZuWLZnt1RBmkBWudKVvgJkYfqxIj/umEHVCfR6IG3k=,tag:1kj7HyjVT59n05VYJ1uP+w==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:Aw0ydspmf+PXKU27Pdzn4q/nY4sxXCADL1WGB7vm3eo=,iv:uTmVvGlW1HfdvoNbupSw3GyShsWTGVCoNrvVJ5BPUy0=,tag:k9KIoCWM6bSprwR8dmN+Hg==,type:str]
|
||||
#ENC[AES256_GCM,data:4G7DyLVVgQ==,iv:Ht/exln1QtL2BxjCaOTIXHRPDiSFYP4zIa7VaeMCuhE=,tag:btVLXf+WS/YgzRFbVFoAfQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:P5gmhaQ+VOWVOjTrsx34zUS8dsqIkzCwOImIE8TIfUc=,iv:IoJIUcNJmaBTyr0Ut6R7BN/UqyK8p4HtiwbXUl171pE=,tag:k99PGSL1cEALTmFVWH1uSg==,type:str]
|
||||
#ENC[AES256_GCM,data:TGrZBuCRgQ==,iv:9IOJ3Bkw9udS/y93TTtZ9o79aDq3Bb+DMEogJG77iqA=,tag:S/XcPX1f89IyfZnMoR9s/A==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:cAzf2X20rtQYyz1rLK6b4jo8utuUOdUHVYfCWdfPTDY=,iv:L5cg7aNdfnLTH2dKl4bWCqaujJ9tIvBJrJIoDIaBLwk=,tag:9Al6Wig4lz1my6hgozSsIA==,type:str]
|
||||
#ENC[AES256_GCM,data:b4iJ73sUoQ==,iv:A2hmi7lCR15E5jVR8E71GQuHgF4TdjDuQadXOtBon6k=,tag:eopTJdjN16u7PtpZdhKymQ==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:nUJ0lPuFOUVGCtq0IRSh5dAkAna7hoow1YOtFEgSoZc=,iv:D8phoZxdbQ2/Zaeq8498eRb0a7SZD5WnVdKv+u2pBak=,tag:Obu01n34JjyAVnF0f3uKzg==,type:str]
|
||||
config0:
|
||||
username: ENC[AES256_GCM,data:p8+q8u1A,iv:9s52kS5yLB4vQuGVXNtA4amZqT3eHTTybsbsQZRiFnk=,tag:7SA4SEzMHpP9H/rwoE+UJQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:58+gFodT,iv:ohZlT1BwnzCYv84xHgFsLRkiPMpE8lB8QVHwr0QtDWc=,tag:XF047RnXs6IbKsTnsm0D6g==,type:str]
|
||||
comment: ENC[AES256_GCM,data:T4XcbF1c,iv:hHdsMjU8rzPiduhT05v98pgDqxRW/Km5zmXCEZaT2AI=,tag:LWvwIEfbW2IuDELr4fEXKg==,type:str]
|
||||
config1:
|
||||
username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
|
||||
password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
|
||||
comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
|
||||
grafana:
|
||||
secret: ENC[AES256_GCM,data:QYhopqGcHGr+24qYlfaTdMtnyzmIZYG4PcvS9KYqC24W3M+HmloCkPHh7Y3ZTVg8MnrDGOcbA9YPLdY7eh/u4g==,iv:dh7egVIem2bgDbmWJ1sqH9fLdIYbAIQjnjNvyuEjVq0=,tag:DbIRVHbCcpKGcNc6sDTasA==,type:str]
|
||||
chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:rPZxIQ18KILFsCsriD0z649UqWPAl8M+49GI7bsEHr0t10rlYS8RiZFeKHk=,iv:rfS/PsX7y3ZBCs9YYPM4VoK9i7S2ShGHzcpBATx8Ots=,tag:i0spG0ZxB2Jm6XZwe19VDQ==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:aAZS,iv:Z+iJG7yC6HJeNdKCCpsZSc9Ny7kAt6GYfXUtZozMb4A=,tag:iMfwjqqmLvu5a8YpF7a0zQ==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:Q8MFrN/3SRgzSlwTx2GmpP/gvG1vpYiVgjsESzUoomsJaigP,iv:oLsf7AX3FE0tFOkJAbqrZVrCa6UxKjp450Sl1rs2Vs0=,tag:5w+AX0p4Or1GAQsEU3NxOQ==,type:str]
|
||||
#ENC[AES256_GCM,data:j3zVwqHmag==,iv:8+ol60wNlbV2RzMBe47VxIrZuec8aXDUNcQvHcxKuiA=,tag:1AgCMfZf9vzWiWDS6hkw2Q==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:ucCiL7uoSafFUP9IiwKOjJqgwNxNLmuHxYXsLYl0fBgbCT3F,iv:RbNPwvSWibODQqySRc+YW65nUvRwaeXT0eDh02sfrwM=,tag:iE7GGrkBxljBT9HdPzDOfA==,type:str]
|
||||
#ENC[AES256_GCM,data:x7dwVDe22M8=,iv:+fT7VUxZGd8SgS0PnEBqHLPLDuywu4s01iWB6TA/BKQ=,tag:CxfP7xSd4L9RBulSfViHaQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:e6PbRg30dzOJSXNmU6TML4AaFsSWEvZwN7MHAEX6fEW2p3hW,iv:Y+YYAO6hY9e/T8LSCr34M7riGmSzFIocmWwAwWjnZQs=,tag:LTkdGcRyrx7HqvbSYSsv4A==,type:str]
|
||||
#ENC[AES256_GCM,data:j83rYg==,iv:3oEdAoVz7aMcezcy2chTO0LQTtKpTrJJoQZx3PC03BU=,tag:ABteEIyr2Y6MbGQhmrQySQ==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:Uk0Ax9FVzmmYs+ggWy7z6FEkuj2tppGlvnQdoW6PDI1VA9oI,iv:wSxigXleRUalQR1/TzKfdUVrdyEUuq+Wg42gSv1QMAI=,tag:qn6nBWv6MlGhMarCfI13BA==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
|
||||
peertube:
|
||||
secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
|
||||
open-webui:
|
||||
openai: ENC[AES256_GCM,data:wMSmoEMLcjbMkEOdzCt1CGbmGZ/iMOWk7PR4m452K+/gEQy00wa6B98=,iv:2hKpB1F0a/fz85RY2YNFXrw1Njbzd2pZ68ITp6b7mzA=,tag:0xUjiHszVXv8qfzV8z3Zhg==,type:str]
|
||||
webui: ENC[AES256_GCM,data:+oEpNIyDEA1gH+Ax5P+ujKgXF8qleepYWwIVCuk=,iv:wmGy4T//UDAR8EC1w/j2vsCqi8dHOBnENLetp9+Ii/8=,tag:8OsFLn6xizQiTVJAEGPwWg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb0FWUkoxeWZ4K1lOb2k5
|
||||
cUZXQktjSTY3djFZOEJyL1dWd0dmWHV4Y3dzClMvSWNiNk9YSzFoRmhQSG9wb1NG
|
||||
ejRUeStyKy9qYWFwWHJraXFWREdhZFkKLS0tIExMb3VCWm13ZkJ3UXcrM3IrRGQv
|
||||
ZjhMWlAyRUpUYkVjb2lidHZPNkg4SUEKctTzocxhVXJ56sHH4BO6QkS5Rn9k/y2U
|
||||
IrZHT9b3nyyyZxhctOArjBXohwt1asNeAe7qsTypTtAMgKTRwggX9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Vi8vRTFFTW5tNW9OdnNQ
|
||||
MEpxeXY5MnRzTE9GUkRLMVl1cTRBcU1FSmhnCkdmY3RCcy9oS2lZOVJ0Ni9RL041
|
||||
UWo0TkxMblRqSkZoaDVYZm9xRFBCeDgKLS0tIEFVVkl0bUdoN3FVcThVRHpmVEJk
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-12T09:08:37Z"
|
||||
mac: ENC[AES256_GCM,data:cpstZVTMKxbUmB6UbkbaE8sUGVOuqWZre488eYv/7fR5si8amQ5rZ2S+F2UZNFpl598N8EQLPcHxxZYk12cOKB8rQxQsQeBu1N3AIfd/AmTAirYBqErzRVjGuR981PP1KoKi0O+8nMl0N6hnlFCUYrKD7mBF+l3TS4Fv98XFhZk=,iv:S7Kx5TszFPEWPQ3DY/rcDVkmcgFZr9GtmmiyHc/vWOg=,tag:7LuXtywrVNTvqmy1tWFI0Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
13
devices/xmuhk/README.md
Normal file
13
devices/xmuhk/README.md
Normal file
@@ -0,0 +1,13 @@
|
||||
# install nix
|
||||
|
||||
1. Build nix using `nix build github:NixOS/nixpkgs/nixos-24.11#nixStatic`, upload, create symlink `nix-store` `nix-build` etc. pointing to it.
|
||||
2. Upload `.config/nix/nix.conf`.
|
||||
|
||||
# install or update packages
|
||||
|
||||
1. On nixos, make sure `/public/home/xmuhk/.nix` is mounted correctly.
|
||||
2. Build using `sudo nix build --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' .#xmuhk` .
|
||||
3. Diff store using `sudo nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' -qR ./result | grep -Fxv -f <(ssh xmuhk find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' --export | xz -T0 | pv > xmuhk.nar.xz` .
|
||||
4. Upload `xmuhk.nar.xz` to hpc.
|
||||
5. On hpc, `pv xmuhk.nar.xz | xz -d | nix-store --import` .
|
||||
6. Create gcroot using `nix build /xxx-xmuhk -o .nix/state/gcroots/current`, where `/xxx-xmuhk` is the last path printed by `nix-store --import` .
|
||||
69
devices/xmuhk/default.nix
Normal file
69
devices/xmuhk/default.nix
Normal file
@@ -0,0 +1,69 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = null; cuda = null; nixRoot = "/public/home/xmuhk/.nix"; nixos = false; };
|
||||
});
|
||||
lumericalLicenseManager =
|
||||
let
|
||||
ip = "${pkgs.iproute2}/bin/ip";
|
||||
awk = "${pkgs.gawk}/bin/awk";
|
||||
sed = "${pkgs.gnused}/bin/sed";
|
||||
chmod = "${pkgs.coreutils}/bin/chmod";
|
||||
sing = "/public/software/singularity/singularity-3.8.3/bin/singularity";
|
||||
in pkgs.writeShellScriptBin "lumericalLicenseManager"
|
||||
''
|
||||
echo "Cleaning up..."
|
||||
${sing} instance stop lumericalLicenseManager || true
|
||||
[ -d /tmp/lumerical ] && chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical || true
|
||||
mkdir -p /tmp/lumerical
|
||||
while true; do
|
||||
if ! ss -tan | grep -q ".*TIME-WAIT .*:1084 "; then break; fi
|
||||
sleep 10
|
||||
done
|
||||
|
||||
echo "Extracting image..."
|
||||
${sing} build --sandbox /tmp/lumerical/lumericalLicenseManager \
|
||||
${inputs.self.src.lumerical.licenseManager.sifImageFile}
|
||||
mkdir /tmp/lumerical/lumericalLicenseManager/public
|
||||
|
||||
echo 'Searching for en* interface...'
|
||||
iface=$(${ip} -o link show | ${awk} -F': ' '/^[0-9]+: en/ {print $2; exit}')
|
||||
if [ -n "$iface" ]; then
|
||||
echo "Found interface: $iface"
|
||||
echo 'Extracting MAC address...'
|
||||
mac=$(${ip} link show "$iface" | ${awk} '/link\/ether/ {print $2}' | ${sed} 's/://g')
|
||||
echo "Extracted MAC address: $mac"
|
||||
else
|
||||
echo "No interface starting with 'en' found." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo 'Creating license file...'
|
||||
${sed} -i "s|xxxxxxxxxxxxx|$mac|" \
|
||||
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
|
||||
${sed} -i 's|2022.1231|2035.1231|g' \
|
||||
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
|
||||
|
||||
echo "Starting license manager..."
|
||||
${sing} instance start --writable /tmp/lumerical/lumericalLicenseManager lumericalLicenseManager
|
||||
${sing} exec instance://lumericalLicenseManager /bin/sh -c \
|
||||
"pushd /home/ansys_inc/shared_files/licensing; (./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"
|
||||
|
||||
cleanup() {
|
||||
echo "Stopping license manager..."
|
||||
${sing} instance stop lumericalLicenseManager
|
||||
chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical
|
||||
}
|
||||
trap cleanup SIGINT SIGTERM SIGHUP EXIT
|
||||
tail -f /dev/null
|
||||
'';
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "xmuhk";
|
||||
paths = (with pkgs; [ hello btop htop iotop pv localPackages.lumerical.lumerical.cmd ])
|
||||
++ [ lumericalLicenseManager ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
2
devices/xmuhk/files/.config/nix/nix.conf
Normal file
2
devices/xmuhk/files/.config/nix/nix.conf
Normal file
@@ -0,0 +1,2 @@
|
||||
store = local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log
|
||||
experimental-features = flakes nix-command
|
||||
2
doc/branch.md
Normal file
2
doc/branch.md
Normal file
@@ -0,0 +1,2 @@
|
||||
* archive: archive
|
||||
* one-fprint: test fingerpint on one
|
||||
16
doc/todo.md
16
doc/todo.md
@@ -1,6 +1,10 @@
|
||||
* 使用 wrap 好的 intel 编译器。
|
||||
* 在挂载根目录前(创建 rootfs 时),按用户复制需要的文件
|
||||
* 挑选一个好看的主题
|
||||
* 尝试一些别的计算软件
|
||||
* 解决 vscode 中的英语语法检查插件,尝试 valentjn.vscode-ltex
|
||||
* 调整 xmupc1 xmupc2 启动分区
|
||||
* 打包 intel 编译器
|
||||
* 切换到 niri,清理 plasma
|
||||
* 调整其它用户的 zsh 配置
|
||||
* 调整 motd
|
||||
* 找到 wg1 不能稳定工作的原因;确定 persistentKeepalive 发包的协议、是否会被正确 NAT。
|
||||
* 清理 mariadb,移动到 persistent
|
||||
* 清理多余文件
|
||||
* 移动日志到 persistent
|
||||
* 准备单独一个的 archive
|
||||
* 测试透明代理代理其它机器的情况
|
||||
|
||||
12
doc/upgrade.md
Normal file
12
doc/upgrade.md
Normal file
@@ -0,0 +1,12 @@
|
||||
* merge upstream, update flake
|
||||
* update src
|
||||
* fix all build errors
|
||||
* update modules (synapse)
|
||||
* update postgresql nextcloud
|
||||
* update stateVersion
|
||||
* switch
|
||||
* fix disabled packages
|
||||
* upstream patches
|
||||
* merge upstream again
|
||||
* switch
|
||||
* build all
|
||||
881
flake.lock
generated
881
flake.lock
generated
File diff suppressed because it is too large
Load Diff
44
flake.nix
44
flake.nix
@@ -3,42 +3,36 @@
|
||||
|
||||
inputs =
|
||||
{
|
||||
self.lfs = true;
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.11";
|
||||
"nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
|
||||
"nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-25.05";
|
||||
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
|
||||
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
|
||||
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
|
||||
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
home-manager = { url = "github:CHN-beta/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
home-manager = { url = "github:CHN-beta/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-vscode-extensions =
|
||||
{
|
||||
url = "github:nix-community/nix-vscode-extensions?rev=7aa26ebccf778efe880fda1290db9c1da56ffa4f";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
impermanence.url = "github:CHN-beta/impermanence";
|
||||
qchem = { url = "github:Nix-QChem/NixOS-QChem/master"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
plasma-manager =
|
||||
{
|
||||
url = "github:pjones/plasma-manager";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
|
||||
};
|
||||
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-flatpak.url = "github:gmodena/nix-flatpak";
|
||||
chaotic =
|
||||
{
|
||||
url = "github:chaotic-cx/nyx";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
|
||||
inputs = { nixpkgs.follows = "nixpkgs-unstable"; home-manager.follows = "home-manager"; };
|
||||
};
|
||||
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
|
||||
catppuccin.url = "github:catppuccin/nix";
|
||||
bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
bscpkgs = { url = "github:CHN-beta/bscpkgs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
cachyos-lts.url = "github:drakon64/nixos-cachyos-kernel";
|
||||
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
niri.url = "github:sodiboo/niri-flake";
|
||||
nix4vscode = { url = "github:nix-community/nix4vscode"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
|
||||
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
|
||||
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
|
||||
@@ -51,14 +45,10 @@
|
||||
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
|
||||
v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
|
||||
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
|
||||
blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
|
||||
slate = { url = "github:TheBigWazz/Slate"; flake = false; };
|
||||
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
|
||||
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
|
||||
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
|
||||
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
|
||||
sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
|
||||
git-lfs-transfer = { url = "github:charmbracelet/git-lfs-transfer"; flake = false; };
|
||||
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
|
||||
hextra = { url = "github:imfing/hextra"; flake = false; };
|
||||
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
|
||||
@@ -66,18 +56,18 @@
|
||||
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
|
||||
blog = { url = "git+https://git.chn.moe/chn/blog-public.git?lfs=1"; flake = false; };
|
||||
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git?lfs=1"; flake = false; };
|
||||
spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
|
||||
vaspberry = { url = "github:Infant83/VASPBERRY"; flake = false; };
|
||||
ufo = { url = "git+https://git.chn.moe/chn/ufo.git?lfs=1"; flake = false; };
|
||||
highfive = { url = "git+https://github.com/CHN-beta/HighFive?submodules=1"; flake = false; };
|
||||
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
|
||||
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
|
||||
octodns-cloudflare = { url = "github:octodns/octodns-cloudflare"; flake = false; };
|
||||
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
|
||||
phono3py = { url = "github:phonopy/phono3py/v3.14.1"; flake = false; };
|
||||
phono3py = { url = "github:phonopy/phono3py"; flake = false; };
|
||||
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
|
||||
speedtest = { url = "github:librespeed/speedtest"; flake = false; };
|
||||
pybinding = { url = "git+https://github.com/dean0x7d/pybinding?submodules=1"; flake = false; };
|
||||
};
|
||||
|
||||
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
|
||||
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
|
||||
{
|
||||
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
|
||||
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
|
||||
|
||||
@@ -34,20 +34,6 @@
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
};
|
||||
winjob =
|
||||
let inherit (pkgs) clang-tools_18; in let inherit (inputs.self.packages.x86_64-w64-mingw32) pkgs winjob;
|
||||
in pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
|
||||
{
|
||||
inputsFrom = [ winjob ];
|
||||
packages = [ clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
};
|
||||
mirism = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.mirism ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
};
|
||||
info = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.info ];
|
||||
@@ -55,4 +41,18 @@
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
vm = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.vm ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
xinli = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.xinli ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -2,41 +2,44 @@ localLib:
|
||||
let
|
||||
cname =
|
||||
{
|
||||
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "铜锣湾" "铜锣湾实验室" ];
|
||||
pc = [ "internal.nix-store" ];
|
||||
nas = [ "initrd.nas" ];
|
||||
office = [ "srv2-node0" ];
|
||||
office = [ "srv2-node0" "xserverxmu" ];
|
||||
vps4 =
|
||||
[
|
||||
"initrd.vps4" "xserver2.vps4"
|
||||
# to nas
|
||||
"git" "grafana" "matrix" "peertube" "send" "vikunja" "铜锣湾" "xservernas" "chat" "freshrss" "huginn" "nextcloud"
|
||||
"photoprism" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
|
||||
];
|
||||
vps6 =
|
||||
[
|
||||
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "nix-store" "sticker" "synapse-admin" "tgapi"
|
||||
"ua" "vps6.xserver"
|
||||
];
|
||||
vps7 =
|
||||
[
|
||||
"chat" "freshrss" "huginn" "initrd.vps7" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
|
||||
"xsession.vps7"
|
||||
"blog" "catalog" "coturn" "element" "initrd.vps6" "sticker" "synapse-admin" "tgapi" "ua" "xserver2"
|
||||
"xserver2.vps6"
|
||||
# to pc
|
||||
"铜锣湾实验室"
|
||||
];
|
||||
"xlog.autoroute" = [ "xlog" ];
|
||||
"wg0.srv1-node0" = [ "wg0.srv1" ];
|
||||
"wg0.srv2-node0" = [ "wg0.srv2" ];
|
||||
srv3 = [ "initrd.srv3" ];
|
||||
srv1-node0 = [ "srv1" ];
|
||||
srv2-node0 = [ "srv2" ];
|
||||
"wg1.pc" = [ "nix-store" ];
|
||||
"wg1.nas" = [ "nix-store.nas" ];
|
||||
"wg0.nas" = [ "ssh.git" ];
|
||||
};
|
||||
a =
|
||||
{
|
||||
nas = "192.168.1.2";
|
||||
pc = "192.168.1.3";
|
||||
one = "192.168.1.4";
|
||||
office = "210.34.16.60";
|
||||
office = "210.34.16.21";
|
||||
srv1-node0 = "59.77.36.250";
|
||||
vps4 = "104.234.37.61";
|
||||
vps6 = "144.34.225.59";
|
||||
vps7 = "144.126.144.62";
|
||||
search = "127.0.0.1";
|
||||
srv3 = "23.135.236.216";
|
||||
srv1-node1 = "192.168.178.2";
|
||||
srv1-node2 = "192.168.178.3";
|
||||
srv2-node1 = "192.168.178.2";
|
||||
"409test" = "192.168.1.5";
|
||||
};
|
||||
wireguard = import ./wireguard.nix;
|
||||
in
|
||||
@@ -55,11 +58,7 @@ in
|
||||
{ type = "TXT"; value = "v=spf1 include:mxlogin.com -all"; }
|
||||
];
|
||||
"_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
|
||||
autoroute =
|
||||
{
|
||||
type = "NS";
|
||||
values = builtins.map (suffix: "ns1.huaweicloud-dns.${suffix}.") [ "cn" "com" "net" "org" ];
|
||||
};
|
||||
autoroute = { type = "NS"; values = "vps6.chn.moe."; };
|
||||
"mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
|
||||
"webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
|
||||
"x._domainkey" =
|
||||
|
||||
@@ -2,16 +2,14 @@
|
||||
net = { wg0 = 83; wg1 = 84; };
|
||||
peer =
|
||||
{
|
||||
vps4 = 2;
|
||||
vps6 = 1;
|
||||
vps7 = 2;
|
||||
pc = 3;
|
||||
nas = 4;
|
||||
one = 5;
|
||||
srv1-node0 = 9;
|
||||
srv1-node1 = 6;
|
||||
srv1-node2 = 8;
|
||||
srv2-node0 = 7;
|
||||
srv2-node1 = 10;
|
||||
srv3 = 11;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -13,7 +13,23 @@ let
|
||||
(domain: writeTextDir "${domain.name}.yaml" (builtins.toJSON (addTtl domain.value)))
|
||||
(localLib.attrsToList config);
|
||||
};
|
||||
in lib.addMetaAttrs { config = config // { wireguard = import ./config/wireguard.nix; }; } (writeShellScript "dns-push"
|
||||
meta.config = config //
|
||||
{
|
||||
wireguard = import ./config/wireguard.nix;
|
||||
"chn.moe" = config."chn.moe"
|
||||
// {
|
||||
# 查询域名对应的 ip
|
||||
getAddress = deviceName:
|
||||
let
|
||||
dns = meta.config."chn.moe";
|
||||
f = domain:
|
||||
if dns.${domain}.type == "A" then dns.${domain}.value
|
||||
else if dns.${domain}.type == "CNAME" then f (lib.removeSuffix ".chn.moe." dns.${domain}.value)
|
||||
else throw "Not found ${domain}";
|
||||
in f deviceName;
|
||||
};
|
||||
};
|
||||
in lib.addMetaAttrs meta (writeShellScript "dns-push"
|
||||
''
|
||||
export OCTODNS_CONFIG=${configDir}
|
||||
export CLOUDFLARE_TOKEN=$(cat ${tokenPath})
|
||||
|
||||
13
flake/lib/buildNixpkgsConfig/boost188.patch
Normal file
13
flake/lib/buildNixpkgsConfig/boost188.patch
Normal file
@@ -0,0 +1,13 @@
|
||||
diff --git a/boost/process/v2/stdio.hpp b/boost/process/v2/stdio.hpp
|
||||
index 01d0216..4084e46 100644
|
||||
--- a/boost/process/v2/stdio.hpp
|
||||
+++ b/boost/process/v2/stdio.hpp
|
||||
@@ -184,7 +184,7 @@ struct process_io_binding
|
||||
process_io_binding & operator=(const process_io_binding &) = delete;
|
||||
|
||||
process_io_binding(process_io_binding && other) noexcept
|
||||
- : fd(other.fd), fd_needs_closing(other.fd), ec(other.ec)
|
||||
+ : fd(other.fd), fd_needs_closing(other.fd_needs_closing), ec(other.ec)
|
||||
{
|
||||
other.fd = target;
|
||||
other.fd_needs_closing = false;
|
||||
181
flake/lib/buildNixpkgsConfig/default.nix
Normal file
181
flake/lib/buildNixpkgsConfig/default.nix
Normal file
@@ -0,0 +1,181 @@
|
||||
# inputs = { lib, topInputs, ...}; nixpkgs = { march, cuda, nixRoot, nixos, arch };
|
||||
{ inputs, nixpkgs }:
|
||||
let
|
||||
platformConfig =
|
||||
if nixpkgs.march == null then { system = "${nixpkgs.arch or "x86_64"}-linux"; }
|
||||
else
|
||||
{
|
||||
${if nixpkgs.nixos then "hostPlatform" else "localSystem"} =
|
||||
{ system = "${nixpkgs.arch or "x86_64"}-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
|
||||
};
|
||||
cudaConfig = inputs.lib.optionalAttrs (nixpkgs.cuda != null)
|
||||
(
|
||||
{ cudaSupport = true; }
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.cuda.capabilities != null)
|
||||
{ cudaCapabilities = nixpkgs.cuda.capabilities; })
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
|
||||
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
|
||||
);
|
||||
allowInsecurePredicate = p: inputs.lib.warn "Allowing insecure package ${p.name or "${p.pname}-${p.version}"}" true;
|
||||
config = cudaConfig
|
||||
// {
|
||||
inherit allowInsecurePredicate;
|
||||
allowUnfree = true;
|
||||
android_sdk.accept_license = true;
|
||||
allowBroken = true;
|
||||
}
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
oneapiArch = let match = {}; in match.${nixpkgs.march} or nixpkgs.march;
|
||||
nvhpcArch = nixpkgs.march;
|
||||
# contentAddressedByDefault = true;
|
||||
})
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.nixRoot != null)
|
||||
{ nix = { storeDir = "${nixpkgs.nixRoot}/store"; stateDir = "${nixpkgs.nixRoot}/state"; }; });
|
||||
in platformConfig //
|
||||
{
|
||||
inherit config;
|
||||
overlays =
|
||||
[
|
||||
inputs.topInputs.aagl.overlays.default
|
||||
inputs.topInputs.nur-xddxdd.overlays.inSubTree
|
||||
inputs.topInputs.buildproxy.overlays.default
|
||||
inputs.topInputs.nix4vscode.overlays.default
|
||||
(final: prev:
|
||||
{
|
||||
nur-linyinfeng = (inputs.topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
|
||||
firefox-addons = (import "${inputs.topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
|
||||
})
|
||||
inputs.topInputs.self.overlays.default
|
||||
(final: prev:
|
||||
let
|
||||
inherit (final) system;
|
||||
genericPackages = import inputs.topInputs.nixpkgs
|
||||
{ inherit system; config = { allowUnfree = true; inherit allowInsecurePredicate; }; };
|
||||
in
|
||||
{
|
||||
inherit genericPackages;
|
||||
telegram-desktop = prev.telegram-desktop.override
|
||||
{
|
||||
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs
|
||||
(prev: { patches = prev.patches or [] ++ [ ./telegram.patch ]; });
|
||||
};
|
||||
libvirt = (prev.libvirt.override { iptables = final.nftables; }).overrideAttrs
|
||||
(prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
|
||||
podman = prev.podman.override { iptables = final.nftables; };
|
||||
root = (prev.root.override { stdenv = final.gcc13Stdenv; }).overrideAttrs (prev:
|
||||
{
|
||||
patches = prev.patches or [] ++ [ ./root.patch ];
|
||||
cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ];
|
||||
});
|
||||
boost188 = prev.boost188.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./boost188.patch ]; });
|
||||
inherit (final.pkgs-2411) iio-sensor-proxy;
|
||||
inherit (final.pkgs-unstable) bees;
|
||||
}
|
||||
// (
|
||||
let
|
||||
marchFilter = version:
|
||||
# old version of nixpkgs does not recognize znver5, use znver4 instead
|
||||
inputs.lib.optionalAttrs (inputs.lib.versionOlder version "25.05") { znver5 = "znver4"; };
|
||||
source =
|
||||
{
|
||||
pkgs-2305 = "nixpkgs-2305";
|
||||
pkgs-2311 = "nixpkgs-2311";
|
||||
pkgs-2411 =
|
||||
{
|
||||
source = "nixpkgs-2411";
|
||||
overlays =
|
||||
[
|
||||
inputs.topInputs.bscpkgs.overlays.default
|
||||
(final: prev: inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
{
|
||||
sphinx = prev.sphinx.overridePythonAttrs (prev:
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_xml_warnings" ]; });
|
||||
})];
|
||||
})
|
||||
];
|
||||
};
|
||||
pkgs-unstable =
|
||||
{
|
||||
source = "nixpkgs-unstable";
|
||||
overlays =
|
||||
[
|
||||
inputs.topInputs.self.overlays.default
|
||||
(_: _:
|
||||
{
|
||||
genericPackages = import inputs.topInputs.nixpkgs-unstable
|
||||
{ inherit system; config = { allowUnfree = true; inherit allowInsecurePredicate; }; };
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
packages = name:
|
||||
let flakeSource = inputs.topInputs.${source.${name}.source or source.${name}};
|
||||
in import flakeSource
|
||||
{
|
||||
localSystem =
|
||||
if nixpkgs.march == null then { system = "${nixpkgs.arch or "x86_64"}-linux"; }
|
||||
else
|
||||
let march = (marchFilter flakeSource.lib.version).${nixpkgs.march} or nixpkgs.march;
|
||||
in { system = "${nixpkgs.arch or "x86_64"}-linux"; gcc = { arch = march; tune = march; }; };
|
||||
inherit config;
|
||||
overlays = source.${name}.overlays or [(_: _: {})];
|
||||
};
|
||||
in builtins.listToAttrs (builtins.map
|
||||
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
|
||||
)
|
||||
// (inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx512Support)
|
||||
{ gsl = prev.gsl.overrideAttrs { doCheck = false; }; })
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx512Support)
|
||||
{ libhwy = prev.libhwy.override { stdenv = final.genericPackages.stdenv; }; })
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
libinsane = prev.libinsane.overrideAttrs (prev:
|
||||
{ nativeCheckInputs = builtins.filter (p: p.pname != "valgrind") prev.nativeCheckInputs; });
|
||||
lib2geom = prev.lib2geom.overrideAttrs (prev: { doCheck = false; });
|
||||
libreoffice-qt6-fresh = prev.libreoffice-qt6-fresh.override (prev:
|
||||
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
|
||||
''
|
||||
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
|
||||
'';});});
|
||||
libreoffice-still = prev.libreoffice-still.override (prev:
|
||||
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
|
||||
''
|
||||
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
|
||||
'';});});
|
||||
opencolorio = prev.opencolorio.overrideAttrs (prev: { doCheck = false; });
|
||||
openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
|
||||
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
|
||||
valkey = prev.valkey.overrideAttrs { doCheck = false; };
|
||||
# -march=xxx cause embree build failed
|
||||
# https://github.com/embree/embree/issues/115
|
||||
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
|
||||
simde = prev.simde.override { stdenv = final.genericPackages.stdenv; };
|
||||
ctranslate2 = prev.ctranslate2.overrideAttrs (prev:
|
||||
{ cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
(
|
||||
{
|
||||
scipy = prev.scipy.overridePythonAttrs (prev:
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
|
||||
rich = prev.rich.overridePythonAttrs (prev:
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_brokenpipeerror" ]; });
|
||||
}
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx2Support)
|
||||
{
|
||||
numcodecs = prev.numcodecs.overridePythonAttrs (prev:
|
||||
{
|
||||
disabledTests = prev.disabledTests or []
|
||||
++ [ "test_encode_decode" "test_partial_decode" "test_blosc" ];
|
||||
});
|
||||
})
|
||||
))];
|
||||
inherit (final.pkgs-2411) intelPackages_2023;
|
||||
})
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
|
||||
{ c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.arch or null == "aarch64") { nix = final.nixVersions.nix_2_29; })
|
||||
)];
|
||||
}
|
||||
634
flake/lib/buildNixpkgsConfig/libvirt.patch
Normal file
634
flake/lib/buildNixpkgsConfig/libvirt.patch
Normal file
@@ -0,0 +1,634 @@
|
||||
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
|
||||
index e8da15426e..7b5080ae5f 100644
|
||||
--- a/src/network/network_iptables.c
|
||||
+++ b/src/network/network_iptables.c
|
||||
@@ -744,13 +744,6 @@ iptablesForwardRejectIn(virFirewall *fw,
|
||||
const char *iface,
|
||||
iptablesAction action)
|
||||
{
|
||||
- virFirewallAddCmd(fw, layer,
|
||||
- "--table", "filter",
|
||||
- iptablesActionTypeToString(action),
|
||||
- VIR_IPTABLES_FWD_IN_CHAIN,
|
||||
- "--out-interface", iface,
|
||||
- "--jump", "REJECT",
|
||||
- NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
|
||||
index f8b5ab665d..54ed0c6f29 100644
|
||||
--- a/src/network/network_nftables.c
|
||||
+++ b/src/network/network_nftables.c
|
||||
@@ -504,13 +504,6 @@ nftablesAddForwardRejectIn(virFirewall *fw,
|
||||
virFirewallLayer layer,
|
||||
const char *iface)
|
||||
{
|
||||
- virFirewallAddCmd(fw, layer, "insert", "rule",
|
||||
- nftablesLayerTypeToString(layer),
|
||||
- VIR_NFTABLES_PRIVATE_TABLE,
|
||||
- VIR_NFTABLES_FWD_IN_CHAIN,
|
||||
- "oif", iface,
|
||||
- "counter", "reject",
|
||||
- NULL);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.iptables b/tests/networkxml2firewalldata/forward-dev-linux.iptables
|
||||
index bc483c4512..98be4b76ad 100644
|
||||
--- a/tests/networkxml2firewalldata/forward-dev-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/forward-dev-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.nftables b/tests/networkxml2firewalldata/forward-dev-linux.nftables
|
||||
index 8badb74beb..78c0110a32 100644
|
||||
--- a/tests/networkxml2firewalldata/forward-dev-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/forward-dev-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/isolated-linux.iptables b/tests/networkxml2firewalldata/isolated-linux.iptables
|
||||
index 135189ce41..d2d29933aa 100644
|
||||
--- a/tests/networkxml2firewalldata/isolated-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/isolated-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/isolated-linux.nftables b/tests/networkxml2firewalldata/isolated-linux.nftables
|
||||
index d1b4dac178..3d72c1fb09 100644
|
||||
--- a/tests/networkxml2firewalldata/isolated-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/isolated-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-default-linux.iptables b/tests/networkxml2firewalldata/nat-default-linux.iptables
|
||||
index 3cfa61333c..5f401194ed 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-default-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-default-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
|
||||
index 28508292f9..ef7b2b1bc8 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
|
||||
index ce295cbc6d..127ed35826 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
|
||||
index d8a9ba706d..20e51e203c 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
|
||||
index d78537dc5c..a87fe47480 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
|
||||
index a7f09cda59..816a4a8cac 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
|
||||
index ba7f234b82..9244705322 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
|
||||
index b826fe6134..904f515f3d 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
|
||||
index 1e5aa05231..b4f86a256f 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
|
||||
index d8a9ba706d..20e51e203c 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
|
||||
index c2e845cc4f..139110d068 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
|
||||
index ceaed6fa40..6db8eddf6c 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
|
||||
index 8e5c2c8193..0e7686359d 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
|
||||
index 1dc37a26ec..1d65869876 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.iptables b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
|
||||
index 565fff737c..3f2d1ccf5a 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-tftp-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
|
||||
@@ -87,12 +87,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
|
||||
index 28508292f9..ef7b2b1bc8 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/route-default-linux.iptables b/tests/networkxml2firewalldata/route-default-linux.iptables
|
||||
index a7b969c077..866d65014e 100644
|
||||
--- a/tests/networkxml2firewalldata/route-default-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/route-default-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
|
||||
index 282c9542a5..fc742c9fea 100644
|
||||
--- a/tests/networkxml2firewalldata/route-default-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -1,6 +1,6 @@
|
||||
lib: rec
|
||||
{
|
||||
attrsToList = attrs: builtins.map (name: { inherit name; value = attrs.${name}; }) (builtins.attrNames attrs);
|
||||
inherit (lib) attrsToList;
|
||||
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
|
||||
mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
|
||||
|
||||
@@ -86,4 +86,6 @@ lib: rec
|
||||
if (builtins.typeOf pattern) != "list" then throw "pattern should be a list"
|
||||
else if pattern == [] then origin
|
||||
else deepReplace (builtins.tail pattern) (replace ((builtins.head pattern) // { content = origin; }));
|
||||
|
||||
buildNixpkgsConfig = import ./buildNixpkgsConfig;
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
singles = [ "nas" "pc" "vps6" "vps7" "one" "srv3" ];
|
||||
cluster = { srv1 = 3; srv2 = 2; };
|
||||
singles = [ "nas" "pc" "vps4" "vps6" "r2s" ];
|
||||
cluster = { srv1 = 3; srv2 = 3; };
|
||||
deviceModules = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
@@ -25,9 +25,9 @@ let
|
||||
(localLib.attrsToList cluster)))
|
||||
);
|
||||
in builtins.mapAttrs
|
||||
(_: v: inputs.nixpkgs.lib.nixosSystem
|
||||
(n: v: inputs.nixpkgs.lib.nixosSystem
|
||||
{
|
||||
system = "x86_64-linux";
|
||||
system = null;
|
||||
specialArgs = { topInputs = inputs; inherit localLib; };
|
||||
modules = localLib.mkModules v;
|
||||
})
|
||||
|
||||
@@ -1,17 +1,16 @@
|
||||
{ inputs, localLib }: rec
|
||||
{
|
||||
pkgs = (import inputs.nixpkgs
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
system = "x86_64-linux";
|
||||
config.allowUnfree = true;
|
||||
overlays = [ inputs.self.overlays.default ];
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = null; cuda = null; nixRoot = null; nixos = false; };
|
||||
});
|
||||
hpcstat =
|
||||
let
|
||||
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
|
||||
(prev: { doCheck = false; patches = prev.patches ++ [ ../packages/hpcstat/openssh.patch ];});
|
||||
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
|
||||
glaze = pkgs.pkgsStatic.glaze.overrideAttrs
|
||||
glaze = pkgs.pkgs-2411.pkgsStatic.glaze.overrideAttrs
|
||||
(prev: { cmakeFlags = prev.cmakeFlags ++ [ "-Dglaze_ENABLE_FUZZING=OFF" ]; });
|
||||
# pkgsStatic.clangStdenv have a bug
|
||||
# https://github.com/NixOS/nixpkgs/issues/177129
|
||||
@@ -23,28 +22,31 @@
|
||||
version = inputs.self.rev or "dirty";
|
||||
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
|
||||
};
|
||||
inherit (pkgs.localPackages) blog;
|
||||
inherit (pkgs.localPackages.pkgsStatic) chn-bsub;
|
||||
vaspberry = pkgs.pkgsStatic.localPackages.vaspberry.override
|
||||
{
|
||||
gfortran = pkgs.pkgsStatic.gfortran;
|
||||
lapack = pkgs.pkgsStatic.openblas;
|
||||
};
|
||||
jykang = import ../devices/jykang.xmuhpc inputs;
|
||||
jykang = import ../devices/jykang.xmuhpc { inherit inputs localLib; };
|
||||
xmuhk = import ../devices/xmuhk { inherit inputs localLib; };
|
||||
src =
|
||||
let getDrv = x:
|
||||
if pkgs.lib.isDerivation x then [ x ]
|
||||
else if builtins.isAttrs x then builtins.concatMap getDrv (builtins.attrValues x)
|
||||
else if builtins.isList x then builtins.concatMap getDrv x
|
||||
else [];
|
||||
in pkgs.writeClosure (getDrv (inputs.self.outputs.src));
|
||||
in pkgs.writeText "src" (builtins.concatStringsSep "\n" (getDrv inputs.self.outputs.src));
|
||||
dns-push = pkgs.callPackage ./dns
|
||||
{
|
||||
inherit localLib;
|
||||
tokenPath = inputs.self.nixosConfigurations.pc.config.sops.secrets."acme/token".path;
|
||||
octodns = pkgs.octodns.withProviders (_: [ pkgs.localPackages.octodns-cloudflare ]);
|
||||
tokenPath = inputs.self.nixosConfigurations.pc.config.nixos.system.sops.secrets."acme/token".path;
|
||||
octodns = pkgs.octodns.withProviders (_: with pkgs.octodns-providers; [ cloudflare ]);
|
||||
};
|
||||
archive = pkgs.writeText "archive" (builtins.concatStringsSep "\n" (builtins.concatLists
|
||||
[
|
||||
(inputs.nixpkgs.lib.mapAttrsToList (_: v: v.config.system.build.toplevel) inputs.self.outputs.nixosConfigurations)
|
||||
[ src ]
|
||||
]));
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(system: { inherit (system) name; value = system.value.config.system.build.toplevel; })
|
||||
(localLib.attrsToList inputs.self.outputs.nixosConfigurations)))
|
||||
// (builtins.mapAttrs (_: v: v.config.system.build.toplevel) inputs.self.outputs.nixosConfigurations)
|
||||
|
||||
151
flake/src.nix
151
flake/src.nix
@@ -1,23 +1,22 @@
|
||||
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
|
||||
{
|
||||
git-lfs-transfer = "sha256-qHQeBI2b8EmUinowixqEuR6iGwNYQy3pSc8iPVfJemE=";
|
||||
nvhpc =
|
||||
{
|
||||
src = pkgs.fetchurl
|
||||
{
|
||||
url = "https://developer.download.nvidia.com/hpc-sdk/24.11/nvhpc_2024_2411_Linux_x86_64_cuda_12.6.tar.gz";
|
||||
sha256 = "080rb89p2z98b75wqssvp3s8x6b5n0556d0zskh3cfapcb08lh1r";
|
||||
url = "https://developer.download.nvidia.com/hpc-sdk/25.3/nvhpc_2025_253_Linux_x86_64_cuda_12.8.tar.gz";
|
||||
sha256 = "11gxb099yxrsxg9i6vydi7znxqiwqqkhgmg90s74qwpjyriqpbsp";
|
||||
};
|
||||
mpi = pkgs.requireFile
|
||||
{
|
||||
name = "openmpi-gitclone.tar.gz";
|
||||
# download from https://developer.nvidia.com/networking/hpc-x/eula?mrequest=downloads&mtype=hpc&mver=hpc-x&mname=v2.22/hpcx-v2.22-gcc-doca_ofed-ubuntu24.04-cuda12-x86_64.tbz
|
||||
# download from https://content.mellanox.com/hpc/hpc-x/v2.23/hpcx-v2.23-gcc-doca_ofed-ubuntu24.04-cuda12-x86_64.tbz
|
||||
# nix-prefetch-url file://$(pwd)/openmpi-gitclone.tar.gz
|
||||
sha256 = "05r5x6mgw2f2kcq9vhdkfj42panchzlbpns8qy57y4jsbmabwabi";
|
||||
sha256 = "1lx5gld4ay9p327hdlqsi72911cfm6s5v3yabjlmwr7sb27y8151";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
version = "24.11";
|
||||
cudaVersion = "12.6";
|
||||
version = "25.3";
|
||||
cudaVersion = "12.8";
|
||||
};
|
||||
iso =
|
||||
{
|
||||
@@ -30,15 +29,9 @@
|
||||
netboot = pkgs.fetchurl
|
||||
{
|
||||
url = "https://boot.netboot.xyz/ipxe/netboot.xyz.iso";
|
||||
sha256 = "01hlslbi2i3jkzjwn24drhd2lriaqiwr9hb83r0nib9y1jvr3k5p";
|
||||
sha256 = "6GeOcugqElGPoPXeaWVpjcV5bCFxNLShGgN/sjsVzuI=";
|
||||
};
|
||||
};
|
||||
nglview = pkgs.fetchPypi
|
||||
{
|
||||
pname = "nglview";
|
||||
version = "3.1.2";
|
||||
hash = "sha256-f2cu+itsoNs03paOW1dmsUsbPa3iEtL4oIPGAKETRc4=";
|
||||
};
|
||||
vasp =
|
||||
{
|
||||
vasp = pkgs.requireFile
|
||||
@@ -58,31 +51,19 @@
|
||||
script = pkgs.fetchzip
|
||||
{
|
||||
url = "http://theory.cm.utexas.edu/code/vtstscripts.tgz";
|
||||
sha256 = "18gsw2850ig1mg4spp39i0ygfcwx0lqnamysn5whiax22m8d5z67";
|
||||
sha256 = "0wz9sw72w5gydvavm6sbcfssvvdiw8gh8hs0d0p0b23839dw4w6j";
|
||||
};
|
||||
};
|
||||
};
|
||||
huginn = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "ghcr.io/huginn/huginn";
|
||||
imageDigest = "sha256:fdaa76b95534f3c3a799d527821681dd61b8b6fc24de0a7e109fc665b627f115";
|
||||
sha256 = "062c18360asnzl610n11vd46621cvkj26ay21l82f16r12k4qzwy";
|
||||
finalImageName = "huginn/huginn";
|
||||
imageDigest = "sha256:68e2c7082cd51d417e5ce76fe123810e9d52f4ab2018569df5b74b913ed3bc64";
|
||||
sha256 = "0jpdysdphy1lyj6zwx2b1kbgs6bfnpkkx85mf1b9ybh3is6gaz6s";
|
||||
finalImageName = "ghcr.io/huginn/huginn";
|
||||
finalImageTag = "latest";
|
||||
};
|
||||
misskey =
|
||||
{
|
||||
"https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.6/aiscript-dev-aiscript-languageserver-0.1.6.tgz" = "0092d5r67bhf4xkvrdn4a2rm1drjzy7b5sw8mi7hp4pqvpc20ylr";
|
||||
"https://github.com/misskey-dev/tabler-icons/archive/refs/tags/3.30.0-mi.1932+ab127beee.tar.gz" = "09aa34a02rdpcvrhl6xddzy173pg7pi9i551s692ggc3pq7fmdhw";
|
||||
};
|
||||
xmuvpn = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "hagb/docker-easyconnect";
|
||||
imageDigest = "sha256:1c3a86e41c1d2425a4fd555d279deaec6ff1e3c2287853eb16d23c9cb6dc3409";
|
||||
sha256 = "1jpk2y46lnk0mi6ir7hdx0p6378p0v6qjbh6jm9a4cv5abw0mb2k";
|
||||
finalImageName = "hagb/docker-easyconnec";
|
||||
finalImageTag = "7.6.7";
|
||||
};
|
||||
misskey = {};
|
||||
lumerical =
|
||||
{
|
||||
lumerical = pkgs.requireFile
|
||||
@@ -92,20 +73,50 @@
|
||||
hashMode = "recursive";
|
||||
message = "Source not found.";
|
||||
};
|
||||
licenseManagerImage = pkgs.requireFile
|
||||
licenseManager =
|
||||
{
|
||||
name = "lumericalLicenseManager.tar";
|
||||
sha256 = "VOtYMnDRUP74O2lAqMqBDLnXtNS8AhbBhyZBj/2aVoE=";
|
||||
message = "Source not found.";
|
||||
crack = pkgs.requireFile
|
||||
{
|
||||
name = "crack";
|
||||
sha256 = "1a1k3nlaidi0kk2xxamb4pm46iiz6k3sxynhd65y8riylrkck3md";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
src = pkgs.requireFile
|
||||
{
|
||||
name = "src";
|
||||
sha256 = "1h93r0bb37279dzghi3k2axf0b8g0mgacw0lcww5j3sx0sqjbg4l";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
image = "6803f9562b941c23db81a2eae5914561f96fa748536199a010fe6f24922b2878";
|
||||
imageFile = pkgs.requireFile
|
||||
{
|
||||
name = "lumericalLicenseManager.tar";
|
||||
sha256 = "ftEZADv8Mgo5coNKs+gxPZPl/YTV3FMMgrF3wUIBEiQ=";
|
||||
message = "Source not found.";
|
||||
};
|
||||
license = pkgs.requireFile
|
||||
{
|
||||
name = "license";
|
||||
sha256 = "07rwin14py6pl1brka7krz7k2g9x41h7ks7dmp1lxdassan86484";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
sifImageFile = pkgs.requireFile
|
||||
{
|
||||
name = "lumericalLicenseManager.sif";
|
||||
sha256 = "i0HGLiRWoKuQYYx44GBkDBbyUvFLbfFShi/hx7KBSuU=";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
};
|
||||
};
|
||||
vesta =
|
||||
vesta = rec
|
||||
{
|
||||
version = "3.90.0a";
|
||||
version = "3.5.8";
|
||||
src = pkgs.fetchurl
|
||||
{
|
||||
url = "https://jp-minerals.org/vesta/archives/testing/VESTA-gtk3-x86_64.tar.bz2";
|
||||
sha256 = "0bsvfr3409g2v1wgnfixpkjz1yzl2j1nlrk5a5rkdfs94rrvxzaa";
|
||||
url = "https://jp-minerals.org/vesta/archives/${version}/VESTA-gtk3.tar.bz2";
|
||||
sha256 = "1y4dhqhk0jy7kbkkx2c6lsrm5lirn796mq67r5j1s7xkq8jz1gkq";
|
||||
};
|
||||
desktopFile = pkgs.fetchurl
|
||||
{
|
||||
@@ -117,7 +128,7 @@
|
||||
mirism-old = pkgs.requireFile
|
||||
{
|
||||
name = "mirism";
|
||||
sha256 = "0f50pvdafhlmrlbf341mkp9q50v4ld5pbx92d2w1633f18zghbzf";
|
||||
sha256 = "1zhhzwi325g21kqdip7zzw1i9b354h1wpzd4zhzb1ql9kjdh87q3";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
@@ -126,7 +137,7 @@
|
||||
version = "1.4.0";
|
||||
src = pkgs.fetchzip
|
||||
{
|
||||
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz";
|
||||
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-6/pslist_1.4.0.orig.tar.xz";
|
||||
sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
|
||||
};
|
||||
};
|
||||
@@ -147,4 +158,62 @@
|
||||
};
|
||||
};
|
||||
mathematica = pkgs.mathematica.src;
|
||||
oneapi =
|
||||
{
|
||||
src = pkgs.fetchurl
|
||||
{
|
||||
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/2cf9c083-82b5-4a8f-a515-c599b09dcefc/"
|
||||
+ "intel-oneapi-hpc-toolkit-2025.1.1.40_offline.sh";
|
||||
sha256 = "1qjy9dsnskwqsk66fm99b3cch1wp3rl9dx7y884p3x5kwiqdma2x";
|
||||
};
|
||||
version = "2025.1";
|
||||
fullVersion = "2025.1.1.40";
|
||||
components =
|
||||
[
|
||||
"intel.oneapi.lin.dpcpp-cpp-common,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.dpcpp-cpp-common.runtime,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.ifort-compiler,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.compilers-common.runtime,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.mpi.runtime,v=2021.15.0+493"
|
||||
"intel.oneapi.lin.umf,v=0.10.0+355"
|
||||
"intel.oneapi.lin.tbb.runtime,v=2022.1.0+425"
|
||||
"intel.oneapi.lin.compilers-common,v=2025.1.1+10"
|
||||
];
|
||||
};
|
||||
rsshub = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "diygod/rsshub";
|
||||
imageDigest = "sha256:1f9d97263033752bf5e20c66a75e134e6045b6d69ae843c1f6610add696f8c22";
|
||||
hash = "sha256-zN47lhQc3EX28LmGF4N3rDUPqumwmhfGn1OpvBYd2Vw=";
|
||||
finalImageName = "rsshub";
|
||||
finalImageTag = "latest";
|
||||
};
|
||||
atat = pkgs.fetchurl
|
||||
{
|
||||
url = "https://axelvandewalle.github.io/www-avdw/atat/atat3_50.tar.gz";
|
||||
sha256 = "14sblzqsi5bxfhsjbq256bc2gfd7zrxyf5za0iaw77b592ppjg3m";
|
||||
};
|
||||
atomkit = pkgs.fetchurl
|
||||
{
|
||||
url = "mirror://sourceforge/atomkit/Binaries/atomkit.0.9.0.linux.x64.tar.gz";
|
||||
sha256 = "0y9z7wva7zikh83w9q431lgn3bqkh1v5w6iz90dwc75wqwk0w5jr";
|
||||
};
|
||||
guix = pkgs.fetchurl
|
||||
{
|
||||
url = "https://ci.guix.gnu.org/download/2857";
|
||||
name = "guix.iso";
|
||||
sha256 = "0xqabnay8wwqc1a96db8ix1a6bhvgm84s5is1q67rr432q7gqgd4";
|
||||
};
|
||||
peerBanHelper =
|
||||
{
|
||||
image = "ghostchu/peerbanhelper:v8.0.12";
|
||||
imageFile = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "ghostchu/peerbanhelper";
|
||||
imageDigest = "sha256:fce7047795fe1e6d730ea2583b390ccc336e79eb2d8dae8114f4f63f00208879";
|
||||
hash = "sha256-7Z2ewDpGFXyvCze9HZ7KwFwn9o9R6Y4pjJDcr5Wmy1g=";
|
||||
finalImageName = "ghostchu/peerbanhelper";
|
||||
finalImageTag = "v8.0.12";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -12,8 +12,12 @@ let bugs =
|
||||
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
|
||||
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
|
||||
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
|
||||
iwlwifi.nixos.system.kernel.modules.modprobeConfig =
|
||||
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
||||
iwlwifi.boot.extraModprobeConfig =
|
||||
''
|
||||
options iwlwifi power_save=0
|
||||
options iwlmvm power_scheme=1
|
||||
options iwlwifi uapsd_disable=1
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
@@ -12,6 +12,10 @@ inputs: let inherit (inputs) topInputs; in
|
||||
topInputs.catppuccin.nixosModules.catppuccin
|
||||
topInputs.aagl.nixosModules.default
|
||||
topInputs.nixvirt.nixosModules.default
|
||||
topInputs.niri.nixosModules.niri
|
||||
{ config.niri-flake.cache.enable = false; }
|
||||
# TODO: Remove after next release
|
||||
"${topInputs.nixpkgs-unstable}/nixos/modules/services/hardware/lact.nix"
|
||||
(inputs:
|
||||
{
|
||||
config =
|
||||
@@ -19,7 +23,7 @@ inputs: let inherit (inputs) topInputs; in
|
||||
home-manager.sharedModules =
|
||||
[
|
||||
topInputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
topInputs.catppuccin.homeManagerModules.catppuccin
|
||||
topInputs.catppuccin.homeModules.catppuccin
|
||||
];
|
||||
};
|
||||
})
|
||||
|
||||
29
modules/hardware/cpu.nix
Normal file
29
modules/hardware/cpu.nix
Normal file
@@ -0,0 +1,29 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.hardware.cpu = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.enum [ "intel" "amd" ]);
|
||||
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
|
||||
if march == null then null
|
||||
else if inputs.lib.hasInfix "znver" march then "amd"
|
||||
else if (inputs.lib.hasInfix "lake" march)
|
||||
|| (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ])
|
||||
then "intel"
|
||||
else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.hardware) cpu; in inputs.lib.mkIf (cpu != null) (inputs.lib.mkMerge
|
||||
[
|
||||
(inputs.lib.mkIf (cpu == "intel")
|
||||
{
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp" ];
|
||||
})
|
||||
(inputs.lib.mkIf (cpu == "amd")
|
||||
{
|
||||
hardware.cpu.amd = { updateMicrocode = true; ryzen-smu.enable = true; };
|
||||
environment.systemPackages = with inputs.pkgs; [ zenmonitor ];
|
||||
programs.ryzen-monitor-ng.enable = true;
|
||||
})
|
||||
]);
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.hardware.cpus = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
|
||||
config = let inherit (inputs.config.nixos.hardware) cpus; in inputs.lib.mkIf (cpus != [])
|
||||
{
|
||||
hardware.cpu = builtins.listToAttrs
|
||||
(builtins.map (name: { inherit name; value = { updateMicrocode = true; }; }) cpus);
|
||||
boot =
|
||||
{
|
||||
initrd.availableKernelModules =
|
||||
let modules =
|
||||
{
|
||||
intel =
|
||||
[
|
||||
"intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
|
||||
];
|
||||
amd = [];
|
||||
};
|
||||
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) cpus);
|
||||
};
|
||||
environment.systemPackages =
|
||||
let packages = with inputs.pkgs; { intel = []; amd = [ zenmonitor ]; };
|
||||
in builtins.concatLists (builtins.map (cpu: packages.${cpu}) cpus);
|
||||
};
|
||||
}
|
||||
@@ -21,13 +21,7 @@ inputs:
|
||||
{
|
||||
services =
|
||||
{
|
||||
printing =
|
||||
{
|
||||
enable = true;
|
||||
drivers = [ inputs.pkgs.cnijfilter2 ];
|
||||
# TODO: remove in next update
|
||||
browsed.enable = false;
|
||||
};
|
||||
printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
|
||||
avahi = { enable = true; nssmdns4 = true; openFirewall = true; };
|
||||
};
|
||||
}
|
||||
@@ -36,7 +30,7 @@ inputs:
|
||||
(
|
||||
inputs.lib.mkIf (hardware.sound != null)
|
||||
{
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.pulseaudio.enable = false;
|
||||
services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
|
||||
security.rtkit.enable = true;
|
||||
}
|
||||
|
||||
@@ -31,14 +31,18 @@ inputs:
|
||||
(
|
||||
let gpus = inputs.lib.strings.splitString "+" gpu.type; in
|
||||
{
|
||||
boot.initrd.availableKernelModules =
|
||||
let modules =
|
||||
{
|
||||
intel = [ "i915" ];
|
||||
nvidia = []; # early loading breaks resume from hibernation
|
||||
amd = [];
|
||||
};
|
||||
in builtins.concatLists (builtins.map (gpu: modules.${gpu}) gpus);
|
||||
boot =
|
||||
{
|
||||
initrd.availableKernelModules =
|
||||
let modules =
|
||||
{
|
||||
intel = [ "i915" ];
|
||||
nvidia = []; # early loading breaks resume from hibernation
|
||||
amd = [];
|
||||
};
|
||||
in builtins.concatLists (builtins.map (gpu: modules.${gpu}) gpus);
|
||||
blacklistedKernelModules = [ "nouveau" ];
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
graphics =
|
||||
@@ -66,7 +70,6 @@ inputs:
|
||||
prime.allowExternalGpu = true;
|
||||
};
|
||||
};
|
||||
boot.blacklistedKernelModules = [ "nouveau" ];
|
||||
services.xserver.videoDrivers =
|
||||
let driver = { intel = "modesetting"; amd = "amdgpu"; nvidia = "nvidia"; };
|
||||
in builtins.map (gpu: driver.${gpu}) gpus;
|
||||
@@ -78,6 +81,14 @@ inputs:
|
||||
amd = [];
|
||||
};
|
||||
in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
|
||||
environment.etc."nvidia/nvidia-application-profiles-rc.d/vram" = inputs.lib.mkIf (builtins.elem "nvidia" gpus)
|
||||
{
|
||||
source = inputs.pkgs.writeText "save-vram" (builtins.toJSON
|
||||
{
|
||||
rules = [{ pattern = { feature = "true"; matches = ""; }; profile = "save-vram"; }];
|
||||
profiles = [{ name = "save-vram"; settings = [{ key = "GLVidHeapReuseRatio"; value = 0; }]; }];
|
||||
});
|
||||
};
|
||||
}
|
||||
)
|
||||
# nvidia prime offload
|
||||
@@ -100,7 +111,7 @@ inputs:
|
||||
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =
|
||||
{
|
||||
opencl.enable = true;
|
||||
initrd.enable = true; # needed for waydroid
|
||||
initrd.enable = true;
|
||||
legacySupport.enable = true;
|
||||
amdvlk = { enable = true; support32Bit.enable = true; supportExperimental.enable = true; };
|
||||
};}
|
||||
|
||||
@@ -3,7 +3,8 @@ inputs:
|
||||
options.nixos.model = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; };
|
||||
type = mkOption { type = types.enum [ "vps" "desktop" "server" ]; default = "vps"; };
|
||||
arch = mkOption { type = types.nonEmptyStr; default = "x86_64"; };
|
||||
type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
cluster = mkOption
|
||||
{
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.android-studio = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) android-studio; in inputs.lib.mkIf (android-studio != null)
|
||||
{
|
||||
nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ];
|
||||
};
|
||||
}
|
||||
17
modules/packages/bash.nix
Normal file
17
modules/packages/bash.nix
Normal file
@@ -0,0 +1,17 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.bash = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.packages) bash; in inputs.lib.mkIf (bash != null)
|
||||
{
|
||||
nixos.user.sharedModules = [(homeInputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
# set bash history file path, avoid overwriting zsh history
|
||||
programs.bash = { enable = true; historyFile = "${homeInputs.config.xdg.dataHome}/bash/bash_history"; };
|
||||
home.shell.enableBashIntegration = true;
|
||||
};
|
||||
})];
|
||||
};
|
||||
}
|
||||
@@ -3,7 +3,7 @@ inputs:
|
||||
options.nixos.packages.chromium = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) chromium; in inputs.lib.mkIf (chromium != null)
|
||||
{
|
||||
|
||||
@@ -1,25 +1,63 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.packages.packages = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
_packages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_pythonEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
_vscodeEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
config =
|
||||
{
|
||||
environment.systemPackages = with inputs.config.nixos.packages.packages;
|
||||
_packages
|
||||
++ [
|
||||
(
|
||||
(inputs.pkgs.python3.withPackages (pythonPackages:
|
||||
builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages) _pythonPackages)))
|
||||
.override (prev: { makeWrapperArgs = prev.makeWrapperArgs or [] ++ _pythonEnvFlags; }))
|
||||
(inputs.pkgs.writeTextDir "share/prebuild-packages"
|
||||
(builtins.concatStringsSep "\n" (builtins.map builtins.toString _prebuildPackages)))
|
||||
];
|
||||
};
|
||||
options.nixos.packages =
|
||||
let
|
||||
inherit (inputs.lib) mkOption types;
|
||||
simpleSubmodule = mkOption { type = types.nullOr (types.submodule {}); default = null; };
|
||||
in
|
||||
{
|
||||
packages =
|
||||
{
|
||||
_packages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
|
||||
_pythonEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
_vscodeEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n simpleSubmodule)
|
||||
[ "vasp" "mathematica" "lumerical" "flatpak" "android-studio" ]));
|
||||
config = inputs.lib.mkMerge
|
||||
[
|
||||
{
|
||||
environment.systemPackages = with inputs.config.nixos.packages.packages;
|
||||
_packages
|
||||
++ [
|
||||
(
|
||||
(inputs.pkgs.python3.withPackages (pythonPackages:
|
||||
builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages) _pythonPackages)))
|
||||
.override (prev: { makeWrapperArgs = prev.makeWrapperArgs or [] ++ _pythonEnvFlags; }))
|
||||
(inputs.pkgs.writeTextDir "share/prebuild-packages"
|
||||
(builtins.concatStringsSep "\n" (builtins.map builtins.toString _prebuildPackages)))
|
||||
];
|
||||
}
|
||||
(inputs.lib.mkIf (inputs.config.nixos.packages.vasp != null)
|
||||
{
|
||||
nixos.packages.packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.vasp.nvidia else emptyDirectory)
|
||||
localPackages.atomkit (inputs.lib.mkAfter localPackages.atat)
|
||||
];
|
||||
_pythonPackages = [(_: [ localPackages.py4vasp ])];
|
||||
};
|
||||
})
|
||||
(inputs.lib.mkIf (inputs.config.nixos.packages.mathematica != null)
|
||||
{ nixos.packages.packages._packages = [ inputs.pkgs.mathematica ]; })
|
||||
(inputs.lib.mkIf (inputs.config.nixos.packages.lumerical != null)
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
packages.packages._packages = [ inputs.pkgs.localPackages.lumerical.lumerical.cmd ];
|
||||
services.lumericalLicenseManager = {};
|
||||
};
|
||||
})
|
||||
(inputs.lib.mkIf (inputs.config.nixos.packages.flatpak != null)
|
||||
{ services.flatpak = { enable = true; uninstallUnmanaged = true; }; })
|
||||
(inputs.lib.mkIf (inputs.config.nixos.packages.android-studio != null)
|
||||
{ nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ]; })
|
||||
];
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@ inputs:
|
||||
options.nixos.packages.desktop = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) desktop; in inputs.lib.mkIf (desktop != null)
|
||||
{
|
||||
@@ -27,20 +27,16 @@ inputs:
|
||||
# color management
|
||||
argyllcms xcalib
|
||||
# networking
|
||||
pkgs-unstable.remmina putty mtr-gui
|
||||
remmina putty mtr-gui
|
||||
# media
|
||||
mpv nomacs yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk qcm
|
||||
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins netease-cloud-music-gtk qcm
|
||||
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio
|
||||
(inkscape-with-extensions.override { inkscapeExtensions = null; })
|
||||
# themes
|
||||
klassy localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
|
||||
catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
|
||||
(catppuccin-kde.override { flavour = [ "latte" ]; }) (catppuccin-kvantum.override { variant = "latte"; })
|
||||
# terminal
|
||||
warp-terminal
|
||||
# development
|
||||
adb-sync scrcpy dbeaver-bin cling aircrack-ng
|
||||
weston cage openbox krita jetbrains.clion fprettify
|
||||
weston cage openbox krita fprettify # jetbrains.clion
|
||||
# desktop sharing
|
||||
rustdesk-flutter
|
||||
# password and key management
|
||||
@@ -49,53 +45,55 @@ inputs:
|
||||
# download
|
||||
qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
|
||||
# editor
|
||||
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq obsidian pkgs-unstable.code-cursor
|
||||
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq obsidian code-cursor
|
||||
# news
|
||||
fluent-reader rssguard newsflash newsboat follow
|
||||
# nix tools
|
||||
nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
|
||||
nix-template nil pnpm-lock-export bundix
|
||||
nix-template nil bundix
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord zoom-us slack nur-linyinfeng.wemeet nheko
|
||||
element-desktop telegram-desktop discord zoom-us slack nheko hexchat halloy
|
||||
fluffychat signal-desktop qq nur-xddxdd.wechat-uos-sandboxed cinny-desktop
|
||||
# browser
|
||||
google-chrome tor-browser microsoft-edge
|
||||
google-chrome tor-browser
|
||||
# office
|
||||
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain davinci-resolve
|
||||
ydict texstudio panoply pspp paperwork libreoffice-qt6-fresh ocrmypdf
|
||||
ydict texstudio panoply pspp libreoffice-qt6-fresh ocrmypdf typst # paperwork
|
||||
# required by ltex-plus.vscode-ltex-plus
|
||||
ltex-ls ltex-ls-plus
|
||||
# matplot++ needs old gnuplot
|
||||
inputs.pkgs."pkgs-23.11".gnuplot
|
||||
pkgs-2311.gnuplot
|
||||
# math, physics and chemistry
|
||||
octaveFull ovito localPackages.vesta localPackages.v-sim jmol mpi geogebra6 localPackages.ufo
|
||||
(quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14;
|
||||
wannier90 = inputs.pkgs.wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; }; })
|
||||
inputs.pkgs."pkgs-23.11".hdfview numbat qalculate-qt
|
||||
(quantum-espresso.override
|
||||
{
|
||||
stdenv = gcc14Stdenv;
|
||||
gfortran = gfortran14;
|
||||
wannier90 = wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; };
|
||||
})
|
||||
pkgs-2311.hdfview numbat qalculate-qt
|
||||
# virtualization
|
||||
virt-viewer bottles wineWowPackages.stagingFull genymotion playonlinux
|
||||
# media
|
||||
nur-xddxdd.svp
|
||||
# for kdenlive auto subtitle
|
||||
openai-whisper
|
||||
# TODO: remove on next release
|
||||
# phonopy have some bug, we use the version from nixpkgs-unstable
|
||||
(inputs.lib.hiPrio pkgs-unstable.python3Packages.phonopy)
|
||||
(inputs.lib.hiPrio pkgs-unstable.localPackages.phono3py)
|
||||
# daily management
|
||||
activitywatch
|
||||
]
|
||||
++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" "kalzium" ])))
|
||||
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
phonopy scipy scikit-learn jupyterlab autograd
|
||||
# TODO: broken on python 3.12 tensorflow keras
|
||||
# for phonopy
|
||||
inputs.pkgs.localPackages.spectroscopy numpy
|
||||
phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py
|
||||
tensorflow keras numpy
|
||||
])];
|
||||
};
|
||||
user.sharedModules =
|
||||
[{
|
||||
config.programs =
|
||||
{
|
||||
plasma =
|
||||
plasma = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
{
|
||||
enable = true;
|
||||
configFile =
|
||||
@@ -107,9 +105,15 @@ inputs:
|
||||
inherit (inputs.topInputs) nixos-wallpaper;
|
||||
isPicture = f: builtins.elem (inputs.lib.last (inputs.lib.splitString "." f))
|
||||
[ "png" "jpg" "jpeg" "webp" ];
|
||||
listDirRecursive =
|
||||
let listDir = dir:
|
||||
if dir.value == "directory" then builtins.concatLists
|
||||
(builtins.map (f: listDir f) (inputs.localLib.attrsToList (builtins.readDir dir.name)))
|
||||
else [ dir ];
|
||||
in dir: listDir { name = dir; value = "directory"; };
|
||||
in builtins.concatStringsSep "," (builtins.map (f: "${nixos-wallpaper}/${f.name}")
|
||||
(builtins.filter (f: (isPicture f.name) && (f.value == "regular"))
|
||||
(inputs.localLib.attrsToList (builtins.readDir nixos-wallpaper))));
|
||||
(listDirRecursive nixos-wallpaper)));
|
||||
};
|
||||
powerdevil =
|
||||
let config =
|
||||
@@ -125,7 +129,7 @@ inputs:
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with inputs.pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
plugins = with inputs.pkgs.obs-studio-plugins; [ wlrobs obs-vaapi droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
};
|
||||
}];
|
||||
@@ -135,11 +139,18 @@ inputs:
|
||||
adb.enable = true;
|
||||
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
|
||||
yubikey-touch-detector.enable = true;
|
||||
kdeconnect.enable = true;
|
||||
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
|
||||
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
|
||||
sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
|
||||
kdeconnect.enable = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde") true;
|
||||
kde-pim = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
{ enable = true; kmail = true; };
|
||||
coolercontrol =
|
||||
{
|
||||
enable = true;
|
||||
nvidiaSupport = if inputs.config.nixos.hardware.gpu.type == null then false
|
||||
else inputs.lib.hasSuffix "nvidia" inputs.config.nixos.hardware.gpu.type;
|
||||
};
|
||||
alvr = { enable = true; openFirewall = true; };
|
||||
localsend.enable = true;
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
services = { pcscd.enable = true; lact.enable = true; };
|
||||
};
|
||||
}
|
||||
|
||||
14
modules/packages/extra.nix
Normal file
14
modules/packages/extra.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.extra = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.packages) extra; in inputs.lib.mkIf (extra != null)
|
||||
{
|
||||
programs =
|
||||
{
|
||||
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
|
||||
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
|
||||
sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -12,11 +12,10 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
languagePacks = [ "zh-CN" "en-US" ];
|
||||
nativeMessagingHosts.packages = with inputs.pkgs; [ uget-integrator firefoxpwa ];
|
||||
nativeMessagingHosts.packages = with inputs.pkgs; [ uget-integrator ];
|
||||
};
|
||||
nixos =
|
||||
{
|
||||
packages.packages._packages = [ inputs.pkgs.firefoxpwa ];
|
||||
user.sharedModules =
|
||||
[{
|
||||
config =
|
||||
@@ -25,18 +24,23 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
nativeMessagingHosts = with inputs.pkgs;
|
||||
[ kdePackages.plasma-browser-integration uget-integrator firefoxpwa ];
|
||||
(
|
||||
[ uget-integrator ]
|
||||
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
[ kdePackages.plasma-browser-integration ])
|
||||
);
|
||||
# TODO: use fixed-version of plugins
|
||||
policies.DefaultDownloadDirectory = "\${home}/Downloads";
|
||||
profiles.default =
|
||||
{
|
||||
extensions = with inputs.pkgs.firefox-addons;
|
||||
extensions.packages = with inputs.pkgs.firefox-addons;
|
||||
[
|
||||
tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
|
||||
metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
|
||||
wappalyzer grammarly plasma-integration zotero-connector pwas-for-firefox smartproxy kiss-translator
|
||||
];
|
||||
search = { default = "Google"; force = true; };
|
||||
metamask pakkujs rsshub-radar rsspreview tabliss tree-style-tab ublock-origin
|
||||
wappalyzer grammarly zotero-connector smartproxy kiss-translator
|
||||
] ++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
[ plasma-integration ]);
|
||||
search = { default = "google"; force = true; };
|
||||
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
|
||||
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";
|
||||
extraConfig = builtins.readFile "${inputs.topInputs.lepton}/user.js";
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
|
||||
{
|
||||
services.flatpak = { enable = true; uninstallUnmanaged = true; };
|
||||
};
|
||||
}
|
||||
@@ -8,15 +8,15 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.gitFull;
|
||||
lfs.enable = true;
|
||||
lfs = { enable = true; enablePureSSHTransfer = true; };
|
||||
config =
|
||||
{
|
||||
init.defaultBranch = "main";
|
||||
core.quotepath = false;
|
||||
lfs.ssh.automultiplex = false; # 避免 lfs 一直要求触摸 yubikey
|
||||
receive.denyCurrentBranch = "warn"; # 允许 push 到非 bare 的仓库
|
||||
merge.ours.driver = true; # 允许 .gitattributes 中设置的 merge=ours 生效
|
||||
};
|
||||
};
|
||||
nixos.packages.packages._packages = [ inputs.pkgs.localPackages.git-lfs-transfer ]; # make pure ssh lfs work
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
|
||||
{
|
||||
nixos.packages.packages._packages =
|
||||
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null;
|
||||
in
|
||||
if cuda then [((inputs.pkgs.lammps.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
|
||||
.overrideAttrs (prev:
|
||||
{
|
||||
cmakeFlags = prev.cmakeFlags ++ [ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.cudaPackages.cudatoolkit ];
|
||||
buildInputs = prev.buildInputs ++ [ inputs.pkgs.mpi ];
|
||||
}))]
|
||||
else [ inputs.pkgs.lammps-mpi ];
|
||||
};
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.mathematica = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) mathematica; in inputs.lib.mkIf (mathematica != null)
|
||||
{ nixos.packages.packages._packages = [ inputs.pkgs.mathematica ]; };
|
||||
}
|
||||
@@ -1,18 +1,18 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.server = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
options.nixos.packages.minimal = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.packages) server; in inputs.lib.mkIf (server != null)
|
||||
config = let inherit (inputs.config.nixos.packages) minimal; in inputs.lib.mkIf (minimal != null)
|
||||
{
|
||||
nixos.packages.packages =
|
||||
{
|
||||
_packages = with inputs.pkgs;
|
||||
[
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq zellij ipfetch localPackages.pslist
|
||||
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils kitty
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq ipfetch localPackages.pslist
|
||||
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils kitty glib
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc acpica-tools
|
||||
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc acpica-tools ethtool
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
@@ -22,30 +22,50 @@ inputs:
|
||||
# file manager
|
||||
tree eza trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz upx unzip zip lzip p7zip rar
|
||||
pigz upx unzip zip lzip p7zip
|
||||
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then rar else emptyDirectory)
|
||||
# file system management
|
||||
sshfs e2fsprogs duperemove compsize exfatprogs
|
||||
sshfs e2fsprogs compsize exfatprogs
|
||||
# disk management
|
||||
smartmontools hdparm gptfdisk megacli
|
||||
smartmontools hdparm gptfdisk
|
||||
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then megacli else emptyDirectory)
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool libfido2
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools openvpn
|
||||
parted
|
||||
# nix tools
|
||||
pkgs-unstable.nix-output-monitor nix-tree ssh-to-age nix-inspect
|
||||
nix-output-monitor nix-tree ssh-to-age nix-inspect
|
||||
# development
|
||||
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
|
||||
(octodns.withProviders (_: [ localPackages.octodns-cloudflare ]))
|
||||
gdb try rr hexo-cli gh hugo
|
||||
# build failed on aarch64
|
||||
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then nix-init else emptyDirectory)
|
||||
(octodns.withProviders (_: with octodns-providers; [ cloudflare ]))
|
||||
# stupid things
|
||||
toilet lolcat localPackages.stickerpicker graph-easy
|
||||
# office
|
||||
pdfgrep ffmpeg-full hdf5 # todo-txt-cli
|
||||
pdfgrep ffmpeg-full hdf5
|
||||
# scientific computing
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.mumax else emptyDirectory)
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null
|
||||
then (lammps.override { stdenv = cudaPackages.backendStdenv; }).overrideAttrs (prev:
|
||||
{
|
||||
cmakeFlags = prev.cmakeFlags ++
|
||||
[ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ cudaPackages.cudatoolkit ];
|
||||
buildInputs = prev.buildInputs ++ [ mpi ];
|
||||
})
|
||||
else lammps-mpi)
|
||||
]
|
||||
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
|
||||
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
[ inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus odfpy
|
||||
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2 certifi
|
||||
charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
|
||||
# allow pandas read odf
|
||||
odfpy
|
||||
# for vasp plot-workfunc.py
|
||||
ase
|
||||
])];
|
||||
@@ -1,16 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.mumax = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default =
|
||||
if (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
|
||||
&& (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null)
|
||||
then {}
|
||||
else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) mumax; in inputs.lib.mkIf (mumax != null)
|
||||
{
|
||||
nixos.packages.packages._packages = [ inputs.pkgs.localPackages.mumax ];
|
||||
};
|
||||
}
|
||||
@@ -1,10 +1,7 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.nushell = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = {};
|
||||
};
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.packages) nushell; in inputs.lib.mkIf (nushell != null)
|
||||
{
|
||||
nixos =
|
||||
|
||||
@@ -6,11 +6,7 @@ inputs:
|
||||
{
|
||||
nixos.packages.packages =
|
||||
let
|
||||
root = inputs.pkgs.root.overrideAttrs (prev:
|
||||
{
|
||||
patches = prev.patches or [] ++ [ ./17253.patch ./17273.patch ];
|
||||
cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ];
|
||||
});
|
||||
inherit (inputs.pkgs) root;
|
||||
jupyterPath = inputs.pkgs.jupyter-kernel.create { definitions.root = rec
|
||||
{
|
||||
displayName = "ROOT";
|
||||
@@ -1,151 +0,0 @@
|
||||
From 1d2acc921853825af02059183b683c35f5075302 Mon Sep 17 00:00:00 2001
|
||||
From: chn <chn@chn.moe>
|
||||
Date: Wed, 11 Dec 2024 22:33:40 +0800
|
||||
Subject: [PATCH] add C++23 support
|
||||
|
||||
---
|
||||
graf3d/eve7/inc/ROOT/REveCaloData.hxx | 4 ++--
|
||||
graf3d/eve7/src/REveCaloData.cxx | 3 +++
|
||||
interpreter/cling/lib/Interpreter/CIFactory.cpp | 15 +++++++++++----
|
||||
.../Interpreter/IncrementalCUDADeviceCompiler.cpp | 2 ++
|
||||
.../cling/tools/Jupyter/kernel/clingkernel.py | 4 ++--
|
||||
.../inc/RooStats/HistFactory/HistRef.h | 3 +--
|
||||
.../inc/RooFit/Detail/NormalizationHelpers.h | 3 +--
|
||||
7 files changed, 22 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/graf3d/eve7/inc/ROOT/REveCaloData.hxx b/graf3d/eve7/inc/ROOT/REveCaloData.hxx
|
||||
index 79d2e7069504c..33152334730f4 100644
|
||||
--- a/graf3d/eve7/inc/ROOT/REveCaloData.hxx
|
||||
+++ b/graf3d/eve7/inc/ROOT/REveCaloData.hxx
|
||||
@@ -174,7 +174,7 @@ protected:
|
||||
|
||||
public:
|
||||
REveCaloData(const char* n="REveCaloData", const char* t="");
|
||||
- ~REveCaloData() override {}
|
||||
+ ~REveCaloData() override;
|
||||
|
||||
void FillImpliedSelectedSet(Set_t& impSelSet, const std::set<int>& sec_idcs) override;
|
||||
|
||||
@@ -220,7 +220,7 @@ public:
|
||||
Bool_t GetWrapTwoPi() const { return fWrapTwoPi; }
|
||||
void SetWrapTwoPi(Bool_t w) { fWrapTwoPi=w; }
|
||||
|
||||
- void SetSelector(REveCaloDataSelector* iSelector) { fSelector.reset(iSelector); }
|
||||
+ void SetSelector(REveCaloDataSelector* iSelector);
|
||||
REveCaloDataSelector* GetSelector() { return fSelector.get(); }
|
||||
|
||||
Int_t WriteCoreJson(nlohmann::json &j, Int_t rnr_offset) override;
|
||||
diff --git a/graf3d/eve7/src/REveCaloData.cxx b/graf3d/eve7/src/REveCaloData.cxx
|
||||
index a5248f3c51d39..dc19d7d1be4a4 100644
|
||||
--- a/graf3d/eve7/src/REveCaloData.cxx
|
||||
+++ b/graf3d/eve7/src/REveCaloData.cxx
|
||||
@@ -129,6 +129,9 @@ REveCaloData::REveCaloData(const char* n, const char* t):
|
||||
// Constructor.
|
||||
}
|
||||
|
||||
+REveCaloData::~REveCaloData() {}
|
||||
+void REveCaloData::SetSelector(REveCaloDataSelector* iSelector) { fSelector.reset(iSelector); }
|
||||
+
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
/// Process newly selected cells with given select-record.
|
||||
|
||||
diff --git a/interpreter/cling/lib/Interpreter/CIFactory.cpp b/interpreter/cling/lib/Interpreter/CIFactory.cpp
|
||||
index 385c03682575d..d33ce3a0039c5 100644
|
||||
--- a/interpreter/cling/lib/Interpreter/CIFactory.cpp
|
||||
+++ b/interpreter/cling/lib/Interpreter/CIFactory.cpp
|
||||
@@ -61,14 +61,18 @@ using namespace cling;
|
||||
|
||||
namespace {
|
||||
static constexpr unsigned CxxStdCompiledWith() {
|
||||
+ // The value of __cplusplus in GCC < 14 is 202100L when -std=c++2b or
|
||||
+ // -std=c++23 is specified, thus we relax the check to 202100L.
|
||||
+#if __cplusplus >= 202100L
|
||||
+ return 23;
|
||||
+#elif __cplusplus > 201703L
|
||||
+ return 20;
|
||||
+#elif __cplusplus > 201402L
|
||||
+ return 17;
|
||||
// The value of __cplusplus in GCC < 5.0 (e.g. 4.9.3) when
|
||||
// either -std=c++1y or -std=c++14 is specified is 201300L, which fails
|
||||
// the test for C++14 or more (201402L) as previously specified.
|
||||
// I would claim that the check should be relaxed to:
|
||||
-#if __cplusplus > 201703L
|
||||
- return 20;
|
||||
-#elif __cplusplus > 201402L
|
||||
- return 17;
|
||||
#elif __cplusplus > 201103L || (defined(_WIN32) && _MSC_VER >= 1900)
|
||||
return 14;
|
||||
#elif __cplusplus >= 201103L
|
||||
@@ -941,6 +945,8 @@ namespace {
|
||||
// Sanity check that clang delivered the language standard requested
|
||||
if (CompilerOpts.DefaultLanguage(&LangOpts)) {
|
||||
switch (CxxStdCompiledWith()) {
|
||||
+ case 23: assert(LangOpts.CPlusPlus23 && "Language version mismatch");
|
||||
+ LLVM_FALLTHROUGH;
|
||||
case 20: assert(LangOpts.CPlusPlus20 && "Language version mismatch");
|
||||
LLVM_FALLTHROUGH;
|
||||
case 17: assert(LangOpts.CPlusPlus17 && "Language version mismatch");
|
||||
@@ -1343,6 +1349,7 @@ namespace {
|
||||
// and by enforcing the std version now cling is telling clang what to
|
||||
// do, rather than after clang has dedcuded a default.
|
||||
switch (CxxStdCompiledWith()) {
|
||||
+ case 23: argvCompile.emplace_back("-std=c++23"); break;
|
||||
case 20: argvCompile.emplace_back("-std=c++20"); break;
|
||||
case 17: argvCompile.emplace_back("-std=c++17"); break;
|
||||
case 14: argvCompile.emplace_back("-std=c++14"); break;
|
||||
diff --git a/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp b/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp
|
||||
index ac6bd0e89444e..a492add8a01fc 100644
|
||||
--- a/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp
|
||||
+++ b/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp
|
||||
@@ -117,6 +117,8 @@ namespace cling {
|
||||
cppStdVersion = "-std=c++1z";
|
||||
if (langOpts.CPlusPlus20)
|
||||
cppStdVersion = "-std=c++20";
|
||||
+ if (langOpts.CPlusPlus23)
|
||||
+ cppStdVersion = "-std=c++23";
|
||||
|
||||
if (cppStdVersion.empty())
|
||||
llvm::errs()
|
||||
diff --git a/interpreter/cling/tools/Jupyter/kernel/clingkernel.py b/interpreter/cling/tools/Jupyter/kernel/clingkernel.py
|
||||
index 17fcbd116ecc6..17b4d24f23d86 100644
|
||||
--- a/interpreter/cling/tools/Jupyter/kernel/clingkernel.py
|
||||
+++ b/interpreter/cling/tools/Jupyter/kernel/clingkernel.py
|
||||
@@ -90,8 +90,8 @@ def _banner_default(self):
|
||||
flush_interval = Float(0.25, config=True)
|
||||
|
||||
std = CaselessStrEnum(default_value='c++11',
|
||||
- values = ['c++11', 'c++14', 'c++1z', 'c++17', 'c++20', 'c++2b'],
|
||||
- help="C++ standard to use, either c++2b, c++20, c++17, c++1z, c++14 or c++11").tag(config=True);
|
||||
+ values = ['c++11', 'c++14', 'c++1z', 'c++17', 'c++20', 'c++2b', 'c++23' ],
|
||||
+ help="C++ standard to use, either c++23, c++2b, c++20, c++17, c++1z, c++14 or c++11").tag(config=True);
|
||||
|
||||
def __init__(self, **kwargs):
|
||||
super(ClingKernel, self).__init__(**kwargs)
|
||||
diff --git a/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h b/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h
|
||||
index 7db9765004e0d..5b37542e6bdea 100644
|
||||
--- a/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h
|
||||
+++ b/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h
|
||||
@@ -12,8 +12,7 @@
|
||||
#define HISTFACTORY_HISTREF_H
|
||||
|
||||
#include <memory>
|
||||
-
|
||||
-class TH1;
|
||||
+#include <TH1.h>
|
||||
|
||||
namespace RooStats{
|
||||
namespace HistFactory {
|
||||
diff --git a/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h b/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h
|
||||
index c66954d0f0549..a849d7c2c8b4b 100644
|
||||
--- a/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h
|
||||
+++ b/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h
|
||||
@@ -70,8 +70,7 @@ template <class T>
|
||||
std::unique_ptr<T> compileForNormSet(T const &arg, RooArgSet const &normSet)
|
||||
{
|
||||
RooFit::Detail::CompileContext ctx{normSet};
|
||||
- std::unique_ptr<RooAbsArg> head = arg.compileForNormSet(normSet, ctx);
|
||||
- return std::unique_ptr<T>{static_cast<T *>(head.release())};
|
||||
+ return std::unique_ptr<T>{static_cast<T *>(arg.compileForNormSet(normSet, ctx).release())};
|
||||
}
|
||||
|
||||
} // namespace Detail
|
||||
@@ -1,23 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
};
|
||||
# TODO: add more options to correctly configure VASP
|
||||
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
|
||||
{
|
||||
nixos.packages.packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
(
|
||||
[ localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90 ]
|
||||
++ (inputs.lib.optional
|
||||
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null)
|
||||
localPackages.vasp.nvidia)
|
||||
);
|
||||
_pythonPackages = [(_: [ localPackages.py4vasp ])];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -3,71 +3,336 @@ inputs:
|
||||
options.nixos.packages.vscode = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) vscode; in inputs.lib.mkIf (vscode != null)
|
||||
{
|
||||
nixos.packages.packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[(
|
||||
vscode-with-extensions.override
|
||||
nixos.user.sharedModules =
|
||||
[(hmInputs: {
|
||||
config.programs.vscode = inputs.lib.mkIf (hmInputs.config.home.username != "root")
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.vscode.overrideAttrs (prev: { preFixup = prev.preFixup +
|
||||
''
|
||||
gappsWrapperArgs+=(
|
||||
${builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags}
|
||||
)
|
||||
'';});
|
||||
profiles.default =
|
||||
{
|
||||
vscodeExtensions =
|
||||
let extensions = builtins.listToAttrs (builtins.map
|
||||
(set:
|
||||
enableExtensionUpdateCheck = false;
|
||||
enableUpdateCheck = false;
|
||||
extensions = inputs.pkgs.nix4vscode.forVscode
|
||||
[
|
||||
"github.copilot" "github.copilot-chat" "github.github-vscode-theme"
|
||||
"intellsmi.comment-translate"
|
||||
"ms-vscode.cmake-tools" "ms-vscode.cpptools-extension-pack" "ms-vscode.hexeditor"
|
||||
"ms-vscode.remote-explorer"
|
||||
"ms-vscode-remote.remote-ssh"
|
||||
"donjayamanne.githistory" "fabiospampinato.vscode-diff"
|
||||
"llvm-vs-code-extensions.vscode-clangd" "ms-ceintl.vscode-language-pack-zh-hans"
|
||||
"oderwat.indent-rainbow"
|
||||
"guyutongxue.cpp-reference" "thfriedrich.lammps" "leetcode.vscode-leetcode" # "znck.grammarly"
|
||||
"james-yu.latex-workshop" "bbenoist.nix" "jnoortheen.nix-ide" "ccls-project.ccls"
|
||||
"brettm12345.nixfmt-vscode"
|
||||
"gruntfuggly.todo-tree"
|
||||
# restrctured text
|
||||
"lextudio.restructuredtext" "trond-snekvik.simple-rst" "swyddfa.esbonio" "chrisjsewell.myst-tml-syntax"
|
||||
# markdown
|
||||
"yzhang.markdown-all-in-one" "shd101wyy.markdown-preview-enhanced"
|
||||
# vasp
|
||||
"mystery.vasp-support"
|
||||
"yutengjing.open-in-external-app"
|
||||
# git graph
|
||||
"mhutchie.git-graph"
|
||||
# python
|
||||
"ms-python.python"
|
||||
# theme
|
||||
"pkief.material-icon-theme"
|
||||
# direnv
|
||||
"mkhl.direnv"
|
||||
# svg viewer
|
||||
"vitaliymaz.vscode-svg-previewer"
|
||||
# draw
|
||||
"pomdtr.excalidraw-editor"
|
||||
# typst
|
||||
"myriad-dreamin.tinymist"
|
||||
# grammaly alternative
|
||||
"ltex-plus.vscode-ltex-plus"
|
||||
# jupyter
|
||||
"ms-toolsai.jupyter" "ms-toolsai.jupyter-keymap" "ms-toolsai.jupyter-renderers"
|
||||
"ms-toolsai.vscode-jupyter-cell-tags" "ms-toolsai.vscode-jupyter-slideshow"
|
||||
"ms-toolsai.datawrangler"
|
||||
];
|
||||
keybindings =
|
||||
[
|
||||
# use alt+a to complete inline suggestions, instead of tab or ctrl+enter
|
||||
{
|
||||
key = "alt+a";
|
||||
command = "editor.action.inlineSuggest.commit";
|
||||
when = "inlineSuggestionVisible";
|
||||
}
|
||||
{
|
||||
key = "tab";
|
||||
command = "-editor.action.inlineSuggest.commit";
|
||||
}
|
||||
{
|
||||
key = "ctrl+enter";
|
||||
command = "-editor.action.inlineSuggest.commit";
|
||||
}
|
||||
# use ctrl+j to jump to pdf in latex
|
||||
{
|
||||
key = "ctrl+alt+j";
|
||||
command = "-latex-workshop.synctex";
|
||||
}
|
||||
{
|
||||
key = "ctrl+j";
|
||||
command = "-workbench.action.togglePanel";
|
||||
}
|
||||
{
|
||||
key = "ctrl+j";
|
||||
command = "latex-workshop.synctex";
|
||||
when = "editorTextFocus && editorLangId == 'latex'";
|
||||
}
|
||||
{
|
||||
key = "ctrl+l alt+j";
|
||||
command = "-latex-workshop.synctex";
|
||||
}
|
||||
# use ctrl+j=b to build latex
|
||||
{
|
||||
key = "ctrl+b";
|
||||
command = "-workbench.action.toggleSidebarVisibility";
|
||||
}
|
||||
{
|
||||
key = "ctrl+b";
|
||||
command = "latex-workshop.build";
|
||||
when = "editorLangId =~ /^latex$|^latex-expl3$|^rsweave$|^jlweave$|^pweave$/";
|
||||
}
|
||||
{
|
||||
key = "ctrl+l alt+b";
|
||||
command = "-latex-workshop.build";
|
||||
}
|
||||
# use alt+t to cd to current dir
|
||||
{
|
||||
key = "alt+t";
|
||||
command = "workbench.action.terminal.sendSequence";
|
||||
args.text = "cd '\${fileDirname}'\n";
|
||||
}
|
||||
];
|
||||
userSettings =
|
||||
{
|
||||
"security.workspace.trust.enabled" = false;
|
||||
"editor.fontFamily" = "'FiraCode Nerd Font Mono', 'Noto Sans Mono CJK SC', 'Droid Sans Mono', 'monospace', monospace, 'Droid Sans Fallback'";
|
||||
"editor.fontLigatures" = true;
|
||||
"workbench.iconTheme" = "material-icon-theme";
|
||||
"cmake.configureOnOpen" = true;
|
||||
"editor.mouseWheelZoom" = true;
|
||||
"extensions.ignoreRecommendations" = true;
|
||||
"editor.smoothScrolling" = true;
|
||||
"editor.cursorSmoothCaretAnimation" = "on";
|
||||
"workbench.list.smoothScrolling" = true;
|
||||
"files.hotExit" = "off";
|
||||
"editor.wordWrapColumn" = 120;
|
||||
"window.restoreWindows" = "none";
|
||||
"editor.inlineSuggest.enabled" = true;
|
||||
"github.copilot.enable"."*" = true;
|
||||
"editor.acceptSuggestionOnEnter" = "off";
|
||||
"terminal.integrated.scrollback" = 10000;
|
||||
"editor.rulers" = [ 120 ];
|
||||
"indentRainbow.ignoreErrorLanguages" = [ "*" ];
|
||||
"markdown.extension.completion.respectVscodeSearchExclude" = false;
|
||||
"markdown.extension.print.absoluteImgPath" = false;
|
||||
"editor.tabCompletion" = "on";
|
||||
"workbench.colorTheme" = "GitHub Light";
|
||||
"workbench.startupEditor" = "none";
|
||||
"debug.toolBarLocation" = "docked";
|
||||
"search.maxResults" = 100000;
|
||||
"editor.action.inlineSuggest.commit" = "Ctrl+Space";
|
||||
"window.dialogStyle" = "custom";
|
||||
"redhat.telemetry.enabled" = true;
|
||||
"[xml]"."editor.defaultFormatter" = "DotJoshJohnson.xml";
|
||||
"git.ignoreLegacyWarning" = true;
|
||||
"git.confirmSync" = false;
|
||||
"cmake.configureArgs" = [ "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" "-DCMAKE_EXPORT_COMPILE_COMMANDS=1" ];
|
||||
"editor.wordWrap" = "wordWrapColumn";
|
||||
"files.associations" = { "POSCAR" = "poscar"; "*.mod" = "lmps"; "*.vasp" = "poscar"; };
|
||||
"editor.stickyScroll.enabled" = true;
|
||||
"editor.minimap.showSlider" = "always";
|
||||
"editor.unicodeHighlight.allowedLocales" = { "zh-hans" = true; "zh-hant" = true; };
|
||||
"hexeditor.columnWidth" = 64;
|
||||
"latex-workshop.synctex.afterBuild.enabled" = true;
|
||||
"hexeditor.showDecodedText" = true;
|
||||
"hexeditor.defaultEndianness" = "little";
|
||||
"hexeditor.inspectorType" = "aside";
|
||||
"commentTranslate.hover.concise" = true;
|
||||
"commentTranslate.targetLanguage" = "en";
|
||||
"[python]"."editor.formatOnType" = true;
|
||||
"editor.minimap.renderCharacters" = false;
|
||||
"update.mode" = "none";
|
||||
"editor.tabSize" = 2;
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = "nil";
|
||||
"nix.formatterPath" = "nixpkgs-fmt";
|
||||
"nix.serverSettings"."nil" =
|
||||
{
|
||||
"diagnostics"."ignored" = [ "unused_binding" "unused_with" ];
|
||||
"formatting"."command" = [ "nixpkgs-fmt" ];
|
||||
};
|
||||
"xmake.envBehaviour" = "erase";
|
||||
"git.openRepositoryInParentFolders" = "never";
|
||||
"todo-tree.regex.regex" = "(//|#|<!--|;|/\\*|^|%|^[ \\t]*(-|\\d+.))\\s*($TAGS)";
|
||||
"latex-workshop.latex.recipes" =
|
||||
[
|
||||
{
|
||||
name = set;
|
||||
value = vscode-extensions.${set} or {}
|
||||
// nix-vscode-extensions.vscode-marketplace.${set}
|
||||
// nix-vscode-extensions.vscode-marketplace-release.${set} or {};
|
||||
})
|
||||
(inputs.lib.unique
|
||||
(
|
||||
(builtins.attrNames vscode-extensions)
|
||||
++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace)
|
||||
++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace-release)
|
||||
)));
|
||||
in with extensions;
|
||||
(with github; [ copilot github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate ])
|
||||
++ (with ms-vscode; [ cmake-tools cpptools-extension-pack hexeditor remote-explorer ])
|
||||
++ (with ms-vscode-remote; [ remote-ssh ])
|
||||
++ [
|
||||
donjayamanne.githistory fabiospampinato.vscode-diff
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
|
||||
oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference thfriedrich.lammps leetcode.vscode-leetcode # znck.grammarly
|
||||
james-yu.latex-workshop bbenoist.nix jnoortheen.nix-ide ccls-project.ccls
|
||||
brettm12345.nixfmt-vscode
|
||||
gruntfuggly.todo-tree
|
||||
# restrctured text
|
||||
lextudio.restructuredtext trond-snekvik.simple-rst swyddfa.esbonio chrisjsewell.myst-tml-syntax
|
||||
# markdown
|
||||
yzhang.markdown-all-in-one shd101wyy.markdown-preview-enhanced
|
||||
# vasp
|
||||
mystery.vasp-support
|
||||
yutengjing.open-in-external-app
|
||||
# git graph
|
||||
mhutchie.git-graph
|
||||
# python
|
||||
ms-python.python
|
||||
# theme
|
||||
pkief.material-icon-theme
|
||||
# direnv
|
||||
mkhl.direnv
|
||||
# svg viewer
|
||||
vitaliymaz.vscode-svg-previewer
|
||||
# draw
|
||||
pomdtr.excalidraw-editor
|
||||
]
|
||||
# jupyter
|
||||
# TODO: use last release
|
||||
++ (with vscode-extensions.ms-toolsai;
|
||||
[ jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow ]);
|
||||
extraFlags = builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags;
|
||||
}
|
||||
)];
|
||||
};
|
||||
name = "xelatex";
|
||||
tools = [ "xelatex" "bibtex" "xelatex" "xelatex" ];
|
||||
}
|
||||
{
|
||||
name = "latexmk";
|
||||
tools = [ "latexmk" ];
|
||||
}
|
||||
{
|
||||
name = "latexmk (latexmkrc)";
|
||||
tools = [ "latexmk_rconly" ];
|
||||
}
|
||||
{
|
||||
name = "latexmk (lualatex)";
|
||||
tools = [ "lualatexmk" ];
|
||||
}
|
||||
{
|
||||
name = "latexmk (xelatex)";
|
||||
tools = [ "xelatexmk" ];
|
||||
}
|
||||
{
|
||||
name = "pdflatex -> bibtex -> pdflatex * 2";
|
||||
tools = [ "pdflatex" "bibtex" "pdflatex" "pdflatex" ];
|
||||
}
|
||||
];
|
||||
"latex-workshop.latex.recipe.default" = "xelatex";
|
||||
"latex-workshop.bind.altKeymap.enabled" = true;
|
||||
"latex-workshop.latex.autoBuild.run" = "never";
|
||||
"cmake.showOptionsMovedNotification" = false;
|
||||
"markdown.extension.toc.plaintext" = true;
|
||||
"markdown.extension.katex.macros" = {};
|
||||
"markdown-preview-enhanced.mathRenderingOption" = "MathJax";
|
||||
"mesonbuild.downloadLanguageServer" = false;
|
||||
"genieai.openai.model" = "gpt-3.5-turbo-instruct";
|
||||
"codeium.enableConfig" = { "*" = true; "Log" = true; };
|
||||
"fortran.notifications.releaseNotes" = false;
|
||||
"markdown-preview-enhanced.enablePreviewZenMode" = true;
|
||||
"ccls.misc.compilationDatabaseDirectory" = "build";
|
||||
"C_Cpp.intelliSenseEngine" = "disabled";
|
||||
"clangd.arguments" = [ "-header-insertion=never" ];
|
||||
"cmake.ctestDefaultArgs" = [ "-T" "test" "--output-on-failure" "--verbose" ];
|
||||
"terminal.integrated.mouseWheelZoom" = true;
|
||||
"notebook.lineNumbers" = "on";
|
||||
"editor.codeActionsOnSave" = {};
|
||||
"jupyter.notebookFileRoot" = "\${workspaceFolder}";
|
||||
"svg.preview.transparencyGrid" = false;
|
||||
"svg.preview.boundingBox" = false;
|
||||
"latex-workshop.latex.tools" =
|
||||
[
|
||||
{
|
||||
name = "xelatex";
|
||||
command = "xelatex";
|
||||
args = [ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "%DOC%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "latexmk";
|
||||
command = "latexmk";
|
||||
args = [ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "-pdf" "-outdir=%OUTDIR%" "%DOC%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "lualatexmk";
|
||||
command = "latexmk";
|
||||
args =
|
||||
[ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "-lualatex" "-outdir=%OUTDIR%" "%DOC%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "xelatexmk";
|
||||
command = "latexmk";
|
||||
args =
|
||||
[ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "-xelatex" "-outdir=%OUTDIR%" "%DOC%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "latexmk_rconly";
|
||||
command = "latexmk";
|
||||
args = [ "%DOC%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "pdflatex";
|
||||
command = "pdflatex";
|
||||
args = [ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "%DOC%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "bibtex";
|
||||
command = "bibtex";
|
||||
args = [ "%DOCFILE%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "rnw2tex";
|
||||
command = "Rscript";
|
||||
args = [ "-e" "knitr::opts_knit$set(concordance = TRUE); knitr::knit('%DOCFILE_EXT%')" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "jnw2tex";
|
||||
command = "julia";
|
||||
args = [ "-e" "using Weave; weave(\"%DOC_EXT%\", doctype=\"tex\")" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "jnw2texminted";
|
||||
command = "julia";
|
||||
args = [ "-e" "using Weave; weave(\"%DOC_EXT%\", doctype=\"texminted\")" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "pnw2tex";
|
||||
command = "pweave";
|
||||
args = [ "-f" "tex" "%DOC_EXT%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "pnw2texminted";
|
||||
command = "pweave";
|
||||
args = [ "-f" "texminted" "%DOC_EXT%" ];
|
||||
env = {};
|
||||
}
|
||||
{
|
||||
name = "tectonic";
|
||||
command = "tectonic";
|
||||
args = [ "--synctex" "--keep-logs" "--print" "%DOC%.tex" ];
|
||||
env = {};
|
||||
}
|
||||
];
|
||||
"todo-tree.general.tags" = [ "BUG" "HACK" "FIXME" "TODO" ];
|
||||
"ltex.additionalRules.motherTongue" = "zh-CN";
|
||||
"ltex.ltex-ls.path" = "/run/current-system/sw";
|
||||
"cmake.ignoreCMakeListsMissing" = true;
|
||||
"[nix]"."editor.defaultFormatter" = "jnoortheen.nix-ide";
|
||||
"todo-tree.filtering.excludedWorkspaces" = [ "/nix/remote/**" ];
|
||||
"dataWrangler.outputRenderer.enabledTypes" =
|
||||
{
|
||||
"numpy.ndarray" = true;
|
||||
"builtins.list" = true;
|
||||
"builtins.dict" = true;
|
||||
};
|
||||
"ltex.language" = "auto";
|
||||
# maybe this could fix typst preview freezing on large project
|
||||
"tinymist.preview.partialRendering" = false;
|
||||
"tinymist.preview.refresh" = "onSave";
|
||||
"workbench.secondarySideBar.defaultVisibility" = "hidden";
|
||||
};
|
||||
};
|
||||
};
|
||||
})];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
};
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
|
||||
{
|
||||
nixos.packages.packages._packages =
|
||||
@@ -13,7 +10,7 @@ inputs:
|
||||
(inputs.pkgs.runCommand "winapps-windows" {}
|
||||
''
|
||||
mkdir -p $out/share/applications
|
||||
cp ${inputs.pkgs.substituteAll { src = ./windows.desktop; path = inputs.topInputs.winapps; }} \
|
||||
cp ${inputs.pkgs.replaceVars ./windows.desktop { path = inputs.topInputs.winapps; }} \
|
||||
$out/share/applications/windows.desktop
|
||||
'')
|
||||
]
|
||||
|
||||
17
modules/packages/zellij.nix
Normal file
17
modules/packages/zellij.nix
Normal file
@@ -0,0 +1,17 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.zellij = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.packages) zellij; in inputs.lib.mkIf (zellij != null)
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
packages.packages._packages = [ inputs.pkgs.zellij ];
|
||||
user.sharedModules =
|
||||
[{
|
||||
config.programs.zellij =
|
||||
{ enable = true; settings = { show_startup_tips = false; show_release_notes = false; }; };
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -4,85 +4,72 @@ inputs:
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.packages) zsh; in inputs.lib.mkIf (zsh != null)
|
||||
{
|
||||
nixos.user.sharedModules = [(home-inputs: { config.programs = inputs.lib.mkMerge
|
||||
[
|
||||
# general config
|
||||
{
|
||||
zsh =
|
||||
nixos.user.sharedModules = [(home-inputs:
|
||||
{
|
||||
config = inputs.lib.mkMerge
|
||||
[
|
||||
{
|
||||
enable = true;
|
||||
history =
|
||||
{
|
||||
path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
|
||||
extended = true;
|
||||
save = 100000000;
|
||||
size = 100000000;
|
||||
};
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
oh-my-zsh =
|
||||
programs.zsh =
|
||||
{
|
||||
enable = true;
|
||||
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
|
||||
theme = inputs.lib.mkDefault "clean";
|
||||
history =
|
||||
{
|
||||
path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
|
||||
extended = true;
|
||||
save = 100000000;
|
||||
size = 100000000;
|
||||
};
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
oh-my-zsh =
|
||||
{
|
||||
enable = true;
|
||||
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
|
||||
theme = inputs.lib.mkDefault "clean";
|
||||
};
|
||||
# ensure ~/.zlogin exists
|
||||
loginExtra = " ";
|
||||
};
|
||||
# ensure ~/.zlogin exists
|
||||
loginExtra = " ";
|
||||
};
|
||||
# set bash history file path, avoid overwriting zsh history
|
||||
bash = { enable = true; historyFile = "${home-inputs.config.xdg.dataHome}/bash/bash_history"; };
|
||||
}
|
||||
# config for root and chn
|
||||
{
|
||||
zsh = inputs.lib.mkIf (builtins.elem home-inputs.config.home.username [ "chn" "root" "aleksana" ])
|
||||
home.shell.enableZshIntegration = true;
|
||||
}
|
||||
{
|
||||
plugins =
|
||||
[
|
||||
programs.zsh = inputs.lib.mkIf
|
||||
(builtins.elem home-inputs.config.home.username [ "chn" "root" "aleksana" "alikia" "hjp" ])
|
||||
{
|
||||
file = "powerlevel10k.zsh-theme";
|
||||
name = "powerlevel10k";
|
||||
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||||
}
|
||||
{ file = "p10k.zsh"; name = "powerlevel10k-config"; src = ./p10k-config; }
|
||||
{
|
||||
name = "zsh-lsd";
|
||||
src = inputs.pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "z-shell";
|
||||
repo = "zsh-lsd";
|
||||
rev = "65bb5ac49190beda263aae552a9369127961632d";
|
||||
hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
|
||||
};
|
||||
}
|
||||
];
|
||||
initExtraBeforeCompInit =
|
||||
''
|
||||
# p10k instant prompt
|
||||
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||||
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||||
HYPHEN_INSENSITIVE="true"
|
||||
export PATH=~/bin:$PATH
|
||||
function br
|
||||
{
|
||||
local cmd cmd_file code
|
||||
cmd_file=$(mktemp)
|
||||
if broot --outcmd "$cmd_file" "$@"; then
|
||||
cmd=$(<"$cmd_file")
|
||||
command rm -f "$cmd_file"
|
||||
eval "$cmd"
|
||||
else
|
||||
code=$?
|
||||
command rm -f "$cmd_file"
|
||||
return "$code"
|
||||
fi
|
||||
}
|
||||
alias todo="todo.sh"
|
||||
'';
|
||||
oh-my-zsh.theme = "";
|
||||
};
|
||||
}
|
||||
];})];
|
||||
plugins =
|
||||
[
|
||||
{
|
||||
file = "powerlevel10k.zsh-theme";
|
||||
name = "powerlevel10k";
|
||||
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||||
}
|
||||
{ file = "p10k.zsh"; name = "powerlevel10k-config"; src = ./p10k-config; }
|
||||
{
|
||||
name = "zsh-lsd";
|
||||
src = inputs.pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "z-shell";
|
||||
repo = "zsh-lsd";
|
||||
rev = "65bb5ac49190beda263aae552a9369127961632d";
|
||||
hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
|
||||
};
|
||||
}
|
||||
];
|
||||
initContent = inputs.lib.mkOrder 550
|
||||
''
|
||||
# p10k instant prompt
|
||||
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||||
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||||
HYPHEN_INSENSITIVE="true"
|
||||
export PATH=~/bin:$PATH
|
||||
zstyle ':vcs_info:*' disable-patterns "/nix/remote/*"
|
||||
'';
|
||||
oh-my-zsh.theme = "";
|
||||
};
|
||||
}
|
||||
];
|
||||
})];
|
||||
environment.pathsToLink = [ "/share/zsh" ];
|
||||
programs.zsh.enable = true;
|
||||
};
|
||||
|
||||
@@ -34,21 +34,21 @@ inputs:
|
||||
name = builtins.elemAt cert.value.domains 0;
|
||||
value =
|
||||
{
|
||||
credentialsFile = inputs.config.sops.templates."acme/cloudflare.ini".path;
|
||||
credentialsFile = inputs.config.nixos.system.sops.templates."acme/cloudflare.ini".path;
|
||||
extraDomainNames = builtins.tail cert.value.domains;
|
||||
group = inputs.lib.mkIf (cert.value.group != null) cert.value.group;
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList acme.cert));
|
||||
};
|
||||
sops =
|
||||
nixos.system.sops =
|
||||
{
|
||||
templates."acme/cloudflare.ini".content =
|
||||
''
|
||||
CLOUDFLARE_DNS_API_TOKEN=${inputs.config.sops.placeholder."acme/token"}
|
||||
CLOUDFLARE_DNS_API_TOKEN=${inputs.config.nixos.system.sops.placeholder."acme/token"}
|
||||
CLOUDFLARE_PROPAGATION_TIMEOUT=300
|
||||
'';
|
||||
secrets."acme/token".sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml";
|
||||
secrets."acme/token" = {};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -15,17 +15,15 @@ inputs:
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) beesd; in inputs.lib.mkIf (beesd != null)
|
||||
{
|
||||
services.beesd.filesystems = builtins.mapAttrs
|
||||
(n: v:
|
||||
services.beesd.filesystems = inputs.lib.mapAttrs'
|
||||
(n: v: inputs.lib.nameValuePair (inputs.utils.escapeSystemdPath n)
|
||||
{
|
||||
spec = n;
|
||||
inherit (v) hashTableSizeMB;
|
||||
extraOptions =
|
||||
[
|
||||
"--workaround-btrfs-send"
|
||||
"--thread-count" "${builtins.toString v.threads}"
|
||||
"--loadavg-target" "${builtins.toString v.loadAverage}"
|
||||
"--scan-mode" "3"
|
||||
"--verbose" "4"
|
||||
];
|
||||
})
|
||||
|
||||
82
modules/services/bind.nix
Normal file
82
modules/services/bind.nix
Normal file
@@ -0,0 +1,82 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.bind = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule (submoduleInputs: {})); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services) bind; in inputs.lib.mkIf (bind != null)
|
||||
{
|
||||
services.bind =
|
||||
let
|
||||
chinaZone = inputs.pkgs.writeText "autoroute.chn.moe.china.zone"
|
||||
''
|
||||
$ORIGIN autoroute.chn.moe.
|
||||
$TTL 3600
|
||||
@ IN SOA vps6.chn.moe. chn.chn.moe. (
|
||||
2024071301 ; serial
|
||||
3600 ; refresh
|
||||
600 ; retry
|
||||
604800 ; expire
|
||||
300 ; minimum
|
||||
)
|
||||
@ IN NS vps6.chn.moe.
|
||||
@ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6"}
|
||||
'';
|
||||
globalZone = inputs.pkgs.writeText "autoroute.chn.moe.zone"
|
||||
''
|
||||
$ORIGIN autoroute.chn.moe.
|
||||
$TTL 3600
|
||||
@ IN SOA vps6.chn.moe. chn.chn.moe. (
|
||||
2024071301 ; serial
|
||||
3600 ; refresh
|
||||
600 ; retry
|
||||
604800 ; expire
|
||||
300 ; minimum
|
||||
)
|
||||
@ IN NS vps6.chn.moe.
|
||||
@ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "srv3"}
|
||||
'';
|
||||
nullZone = inputs.pkgs.writeText "null.zone" "";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.bind.overrideAttrs
|
||||
(prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
|
||||
listenOn = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6")];
|
||||
extraOptions =
|
||||
''
|
||||
recursion no;
|
||||
geoip-directory "${inputs.config.services.geoipupdate.settings.DatabaseDirectory}";
|
||||
'';
|
||||
extraConfig =
|
||||
''
|
||||
acl "china" {
|
||||
geoip country CN;
|
||||
};
|
||||
|
||||
view "china" {
|
||||
match-clients { china; };
|
||||
zone "autoroute.chn.moe" {
|
||||
type master;
|
||||
file "${chinaZone}";
|
||||
};
|
||||
zone "." {
|
||||
type hint;
|
||||
file "${nullZone}";
|
||||
};
|
||||
};
|
||||
view "global" {
|
||||
match-clients { any; };
|
||||
zone "autoroute.chn.moe" {
|
||||
type master;
|
||||
file "${globalZone}";
|
||||
};
|
||||
zone "." {
|
||||
type hint;
|
||||
file "${nullZone}";
|
||||
};
|
||||
};
|
||||
'';
|
||||
};
|
||||
nixos.services.geoipupdate = {};
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
}
|
||||
@@ -14,14 +14,17 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret-file = inputs.config.sops.secrets."coturn/auth-secret".path;
|
||||
static-auth-secret-file = inputs.config.nixos.system.sops.secrets."coturn/auth-secret".path;
|
||||
realm = coturn.hostname;
|
||||
cert = "${keydir}/full.pem";
|
||||
pkey = "${keydir}/key.pem";
|
||||
no-cli = true;
|
||||
};
|
||||
sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
|
||||
nixos.services.acme.cert.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
|
||||
nixos =
|
||||
{
|
||||
system.sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
|
||||
services.acme.cert.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
|
||||
};
|
||||
networking.firewall = with inputs.config.services.coturn;
|
||||
{
|
||||
allowedUDPPorts = [ listening-port tls-listening-port ];
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkIf (docker != null)
|
||||
{
|
||||
virtualisation.docker =
|
||||
{
|
||||
enable = true;
|
||||
# prevent create btrfs subvol
|
||||
storageDriver = "overlay2";
|
||||
daemon.settings.dns = [ "1.1.1.1" ];
|
||||
rootless =
|
||||
{
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
daemon.settings =
|
||||
{
|
||||
features.buildkit = true;
|
||||
# dns 127.0.0.1 make docker not work
|
||||
dns = [ "1.1.1.1" ];
|
||||
# prevent create btrfs subvol
|
||||
storage-driver = "overlay2";
|
||||
};
|
||||
};
|
||||
};
|
||||
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;
|
||||
networking.firewall.trustedInterfaces = [ "docker0" ];
|
||||
};
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user