chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:xrdp
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:envfs
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

133 Commits
xrdp ... envfs

Author SHA1 Message Date
chn
24d167cb3f system.envfs: 整理 2024-03-25 11:26:53 +08:00
chn
dda3eb369f update envfs 2024-03-25 11:17:28 +08:00
chn
60d7cddcb7 devices.xmupc*: switch gpu 2024-03-24 22:14:21 +08:00
chn
6bb54b042c devices.xmupc2: set frequency 2024-03-24 21:04:44 +08:00
chn
32a38afebb system.user: automatically create directories 2024-03-24 20:41:41 +08:00
chn
22c31b4511 system.networking: move impermanence config 2024-03-24 20:27:08 +08:00
chn
dba0ed975b services.fail2ban: 整理 2024-03-24 18:23:50 +08:00
chn
beca8ed39c services.beesd: 整理 2024-03-24 18:19:58 +08:00
chn
489a6d8866 localPackages.vasp: fix 2024-03-24 17:53:45 +08:00
chn
2d8dc72c52 devices.xmupc2: set cpu governor 2024-03-24 17:45:10 +08:00
chn
8bfde16836 add note 2024-03-24 15:53:02 +08:00
chn
a2702a8690 localPackages.vasp: fix 2024-03-24 14:39:07 +08:00
chn
72541d6f77 localPackages.vasp: fix 2024-03-24 14:01:51 +08:00
chn
52459243ed devices.vps6: fix 2024-03-24 13:59:41 +08:00
chn
398f4de618 services.acme: fix 2024-03-24 13:55:47 +08:00
chn
17051ccd12 devices.pc: fix 2024-03-24 13:55:06 +08:00
chn
4c037193cd localPackages.vasp: fix 2024-03-24 13:53:39 +08:00
chn
2331cdc8d3 localPackages.vasp: fix 2024-03-24 13:53:39 +08:00
chn
234f9116f5 localPackages.vasp: fix 2024-03-24 13:53:39 +08:00
chn
eb5e634125 services.httpua: 整理 2024-03-24 10:23:24 +08:00
chn
06763b5920 services.fz-new-order: 整理 2024-03-24 10:23:24 +08:00
chn
50b79be223 整理coturn acme 2024-03-24 10:23:24 +08:00
chn
2356bbb83b packages: disable nix-ld 2024-03-23 15:51:26 +08:00
chn
8efdd284a5 devices.pc: migrate to new partition 2024-03-23 14:37:29 +08:00
chn
6cbe29b4f6 localPackages.vasp: enable fftlib for some builds 2024-03-22 20:43:10 +08:00
chn
59b7fab8bc services.slurm: set DefCpuPerGPU to 1 2024-03-22 20:32:46 +08:00
chn
e636d78fb7 system.security.pam: fix 2024-03-22 20:21:25 +08:00
chn
8854f3f775 users: fix 2024-03-22 19:58:39 +08:00
chn
a345125b7c system.networking: fix 2024-03-22 09:59:02 +08:00
chn
73c8197355 services.beesd: fix 2024-03-22 09:58:42 +08:00
chn
1a5b81a317 system.networking: rewrite 2024-03-21 21:49:29 +08:00
chn
d97a5a4ada services.dae: disable wait for network 2024-03-21 16:37:32 +08:00
chn
48528c3115 devices.pc: fix dns 2024-03-21 16:02:05 +08:00
chn
82b13e7574 devices.vps7: switch to networkd 2024-03-21 15:43:19 +08:00
chn
f8cb743b60 devices.vps6: switch to networkd 2024-03-21 15:42:14 +08:00
chn
2042904cca system.impermanence: only persistent networkmanager connections if enabled 2024-03-21 15:37:21 +08:00
chn
dce1220b24 devices.nas: switch to networkd 2024-03-21 15:30:33 +08:00
chn
28f3976a48 system.networking: fix 2024-03-21 15:12:44 +08:00
chn
8da6495ab7 system.networking: add networkd support 2024-03-21 14:34:11 +08:00
chn
5c280cb15b user: 整理 2024-03-20 20:36:09 +08:00
chn
4a4d89a9ce packages.vscode: add plugin 2024-03-20 11:32:38 +08:00
chn
a5f91fea97 user: 整理 2024-03-20 09:44:41 +08:00
chn
6380195afe user: 整理 2024-03-20 09:08:20 +08:00
chn
d804019b54 user: remove unused subuid 2024-03-19 22:07:52 +08:00
chn
74c4efaa9c user: 整理 2024-03-19 22:06:46 +08:00
chn
cfb7998237 move system.user to user 2024-03-19 20:12:16 +08:00
chn
cf7151d65b users -> user 2024-03-19 20:05:41 +08:00
chn
b3bcbd99fe add gricad 2024-03-19 18:37:08 +08:00
chn
c964d542b5 Revert "devices.surface: use cachyos kernel" 
This reverts commit 937c2be976.
 2024-03-18 21:16:57 +08:00
chn
9ef099b802 localPackages.vasp.gnu-mkl: init 2024-03-18 19:52:25 +08:00
chn
193aa605c6 services.xray: use xray to handle dns and route by domain 2024-03-18 12:17:06 +08:00
chn
996c8463da services.xray: use dnsmasq to handle dns 2024-03-18 11:54:23 +08:00
chn
f24e139c06 update linux-surface 2024-03-17 23:49:21 +08:00
chn
c243bb0e12 system.kernel: use default scheduler 2024-03-17 21:21:27 +08:00
chn
d45d4f05f9 system.kernel: set scheduler at boot 2024-03-17 15:25:05 +08:00
chn
937c2be976 devices.surface: use cachyos kernel 2024-03-17 15:14:53 +08:00
chn
12a2f13ade packages: add scx if use cachyos kernel 2024-03-17 14:10:20 +08:00
chn
5b67ec05cf devices.pc: switch to cachyos 2024-03-17 13:05:05 +08:00
chn
7daf2a0a19 use findModules 2024-03-17 00:17:49 +08:00
chn
9e31283c30 add chaotic 2024-03-17 00:16:32 +08:00
chn
14a14c8572 localPackages.vasp: fix 2024-03-17 00:16:32 +08:00
chn
a73b010701 services.xray: fix dns 2024-03-16 22:53:49 +08:00
chn
77e7427c95 localPackages: add workaround for gb 2024-03-16 14:47:52 +08:00
chn
8a6935eb59 localPackages: 整理 2024-03-16 12:16:23 +08:00
chn
86f9436872 add nix-flatpak 2024-03-16 11:45:36 +08:00
chn
ab6a6f0513 packages: add gh & warp-terminal 2024-03-16 00:08:24 +08:00
chn
1fe8a11efa add note 2024-03-15 21:46:03 +08:00
chn
199983763c devices.xmupc1: add p5000 2024-03-15 21:37:48 +08:00
chn
bd60bea419 add note 2024-03-15 20:31:29 +08:00
chn
4168a456f8 add note 2024-03-15 20:04:29 +08:00
chn
31af52f129 add note 2024-03-15 20:02:54 +08:00
chn
72c0dbf60a localPackages.vasp.amd: fix 2024-03-15 19:47:13 +08:00
chn
36e6a64e1b localPackages.vasp.amd: fix 2024-03-15 19:25:27 +08:00
chn
f3a1a298fa services.xray.client: add noproxyUsers option 2024-03-15 13:23:21 +08:00
chn
da629f2480 system.fileSystem.resume: fix 2024-03-15 11:07:33 +08:00
chn
e8e316b8bb system.fileSystems.rollingRootfs: fix 2024-03-15 11:03:50 +08:00
chn
51077626dc services.xray.server: generalize settings 2024-03-15 10:56:36 +08:00
chn
584298407d Revert "packages: remove mumax" 
This reverts commit 176ec68189.
 2024-03-14 23:52:56 +08:00
chn
176ec68189 packages: remove mumax 2024-03-14 23:12:23 +08:00
chn
e922d8c19a devices.vps6: remove some xray user 2024-03-14 23:04:27 +08:00
chn
bbc8071fa4 localPackages.vasp.amd: init 2024-03-14 22:47:47 +08:00
chn
23f92b206b localPackages.aocc: init 2024-03-14 11:12:50 +08:00
chn
8e2c742340 localPackages.vasp: fix 2024-03-13 17:21:02 +08:00
chn
55b26b28aa add note 2024-03-13 16:03:39 +08:00
chn
a05a5f8792 localPackages.vasp.intel: fix 2024-03-13 15:58:20 +08:00
chn
6ede310d9f services.slurm: fix 2024-03-13 15:36:14 +08:00
chn
8469e4ae50 localPackages.vasp.intel: fix 2024-03-13 12:24:57 +08:00
chn
d44c026ab4 services.slurm: fix 2024-03-12 23:57:59 +08:00
chn
9de690ef37 services.xray: fix 2024-03-12 21:52:19 +08:00
chn
3a78bf355c localPackages.vasp.intel: fix build 2024-03-12 21:36:43 +08:00
chn
3805b34055 system.nixpkgs: fix build 2024-03-12 21:27:47 +08:00
chn
f899852185 localPackages.hdf5: fix build 2024-03-12 20:55:20 +08:00
chn
20d73a7928 add note 2024-03-12 20:25:46 +08:00
chn
87646c470d add note 2024-03-12 20:21:06 +08:00
chn
408d9e63a8 devices.xmupc2: enable snapper 2024-03-12 19:47:47 +08:00
chn
0a35bb6de8 整理构建 2024-03-12 19:40:55 +08:00
chn
c273d0422b system.nix: use gccarch-exact-<march> to enforce build 2024-03-12 15:27:58 +08:00
chn
326d384275 localPackages.vasp.intel: fix 2024-03-12 15:16:54 +08:00
chn
079c97a064 devices.xmupc1: add note 2024-03-12 12:03:34 +08:00
chn
ccc5727723 try to fix xrdp 2024-03-11 21:59:14 +08:00
chn
2728a53b43 devices.xmupc1/2: remove nix.remote.slave.mandatoryFeatures 2024-03-11 18:09:33 +08:00
chn
0f53e77a87 devices.xmupc1: add p5000 support 2024-03-11 17:35:06 +08:00
chn
1a77615cd8 devices.pc: add hosts 2024-03-11 16:44:25 +08:00
chn
1a944085e2 services.groupshare: fix 2024-03-11 16:30:24 +08:00
chn
2390edb22f system.nix.remote: init 2024-03-11 16:27:53 +08:00
chn
cce3917e26 services.groupshare: fix 2024-03-11 15:33:26 +08:00
chn
182481d4d5 services.xrdp: try to fix 2024-03-11 15:17:30 +08:00
chn
87caab3535 devices.xmupc1/2: fix samba 2024-03-11 13:21:17 +08:00
chn
fc93afc10a services.xray: fix 2024-03-10 22:36:40 +08:00
chn
fe56da23eb devices.nas: fix dae 2024-03-10 22:28:42 +08:00
chn
d4dadea0f9 devices.xmupc1: remove 10T disk 2024-03-10 22:14:07 +08:00
chn
7817f832be reset user password 2024-03-10 21:50:45 +08:00
chn
eb85700981 add note 2024-03-10 21:29:58 +08:00
chn
0317d0361f devices.xmupc2: fix slurm 2024-03-10 21:21:20 +08:00
chn
5357b73c29 devices.xmupc2: fix slurm 2024-03-10 21:15:42 +08:00
chn
d5ddd05437 add note 2024-03-10 21:15:23 +08:00
chn
ffb0a5d622 add doc 2024-03-10 20:42:03 +08:00
chn
02faddaf7b devices.xmupc2: fix slurm 2024-03-10 19:27:45 +08:00
chn
c17c173654 devices.xmupc2: enable beesd and xrdp 2024-03-10 17:16:06 +08:00
chn
8148570b89 services.xray: use dae 2024-03-10 16:39:32 +08:00
chn
712c290357 localPackages.vasp: fix 2024-03-10 14:01:32 +08:00
chn
d53a82366b localPackages.vasp: fix 2024-03-10 11:38:13 +08:00
chn
3a269a9897 services.slurm: add sockets option 2024-03-09 18:44:30 +08:00
chn
499f2e0fb3 packages.ssh: add xmupc2 config 2024-03-09 17:17:36 +08:00
chn
bd5ab4758f devices.xmupc2: finalize setup 2024-03-09 16:00:39 +08:00
chn
ed651581b4 devices.xmupc2: fix build 2024-03-09 15:12:45 +08:00
chn
2b32d0b57c Merge branch 'xmupc2' into production 2024-03-09 12:53:42 +08:00
chn
075a5f255f devices.xmupc2: init 2024-03-09 12:53:32 +08:00
chn
a424e65001 packages: typora use unstable 2024-03-09 03:54:00 +08:00
chn
097010113d system.fileSystems.rollingRootfs: fix 2024-03-08 18:43:42 +08:00
chn
f9f0d5137a packages: add tor-browser 2024-03-08 14:55:16 +08:00
chn
22d557b12c services.xrdp: only enable optimise on explicit request 2024-03-08 14:22:15 +08:00
chn
2dd85db093 services.xrdp: add optimise 2024-03-08 13:51:10 +08:00
122 changed files with 3412 additions and 1820 deletions
Expand all files Collapse all files

6
.sops.yaml
View File

@@ -6,6 +6,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
creation_rules:
- path_regex: devices/pc/secrets/.*$
key_groups:
@@ -37,3 +38,8 @@ creation_rules:
- age:
- *chn
- *xmupc1
- path_regex: devices/xmupc2/secrets/.*$
key_groups:
- age:
- *chn
- *xmupc2

26
devices/nas/default.nix
View File

@@ -37,14 +37,14 @@ inputs:
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
rollingRootfs.waitDevices = [ "/dev/mapper/root2" ];
};
initrd.sshd.enable = true;
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "nas";
networking = { hostname = "nas"; networkd = {}; };
gui.preferred = false;
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
@@ -60,24 +60,14 @@ inputs:
shares = { home.path = "/home"; root.path = "/"; };
};
sshd.enable = true;
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xray.client = {};
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
groupshare = {};
smartd.enable = true;
beesd =
beesd.instances =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
frpClient =
{
@@ -95,7 +85,7 @@ inputs:
wireguardIp = "192.168.83.4";
};
};
users.users = [ "chn" "xll" "zem" "yjq" "gb" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
};
};
}

49
devices/pc/default.nix
View File

@@ -10,22 +10,22 @@ inputs:
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
vfat."/dev/disk/by-uuid/E58F-416A" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/disk/by-uuid/066be4fd-8617-4fe1-9654-c133c2996d33"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
rollingRootfs = {};
};
grub =
{
@@ -50,10 +50,11 @@ inputs:
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
remote.master = { enable = true; hosts = [ "xmupc1" "xmupc2" ]; };
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel.patches = [ "cjktty" "lantian" "hibernate-progress" ];
kernel = { varient = "cachyos"; patches = [ "cjktty" "hibernate-progress" ]; };
networking.hostname = "pc";
sysctl.laptop-mode = 5;
};
@@ -77,7 +78,7 @@ inputs:
};
services =
{
snapper.enable = true;
# snapper.enable = true;
fontconfig.enable = true;
samba =
{
@@ -93,28 +94,11 @@ inputs:
};
};
sshd.enable = true;
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "74.211.99.69";
"beta.mirism.one" = "74.211.99.69";
"ng01.mirism.one" = "74.211.99.69";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
xray.client.dnsmasq.hosts = builtins.listToAttrs (builtins.map
(name: { inherit name; value = "74.211.99.69"; })
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ]);
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
acme.cert."debug.mirism.one" = {};
frpClient =
{
enable = true;
@@ -125,7 +109,7 @@ inputs:
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; }; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
wireguard =
{
enable = true;
@@ -134,11 +118,16 @@ inputs:
wireguardIp = "192.168.83.3";
};
gamemode = { enable = true; drmDevice = 1; };
slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 94208; gpus."4060" = 1; };
xrdp = { enable = true; hostname = [ "pc.chn.moe" ]; };
slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 90112; gpus."4060" = 1; };
xrdp =
{
enable = true;
hostname = [ "pc.chn.moe" ];
};
};
bugs = [ "xmunet" "backlight" "amdpstate" ];
};
networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
services.colord.enable = true;
virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; };
specialisation =

6
devices/pc/secrets/default.yaml
View File

@@ -20,6 +20,8 @@ wireguard:
privateKey: ENC[AES256_GCM,data:oIpiXJvEoyryS4eEutoe85Af0L5a5iNuOsCWCat9KEhr2ecY/vRimk/1fbA=,iv:dm2hTSNX7Q38yASon5o1jxEJZbWPXUWYydXYMBHF/sE=,tag:yrANhwIF/wHQGHGA1bfPgw==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -44,8 +46,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-07T12:35:41Z"
mac: ENC[AES256_GCM,data:Krgtb791wR+S0PQyV2h0Uyh7MKx9fOTHbetmgLoiGOHL8FMSvmWt3LCMQy+RyjnOIj9XRwb8l+kyTqkgeN4zEfKd1uuOh95Z/hLWhCkWs4dPaBu6Uw4aekH9ZUmQJZIr1lt2AIayRsVjaU0dIl4FOcLW+93ls95aluhvPPloJX0=,iv:MmJFdVpF4ZfxMRwbxPV/TC1Qt957vl0QvU0MZzUWdm8=,tag:6+VVFDdPSTycxnKO7Td6VA==,type:str]
lastmodified: "2024-03-11T08:27:38Z"
mac: ENC[AES256_GCM,data:X5AqIdnMzLNCHXbN3TuG4st907Rw080V8AqzesiwVFOjbBYRZWetCndtfE+/o8G1q5YE/Qwspy7HsxP5tCbSNI5c8P0XTjRTCEGyRFY8fM1TFIM32rCFjUot1iFC+l//iq62M/5iMhT2Z7pi+CDIyNMEE3TJMhBc8JmgTJXIsI8=,iv:UZXFi3rJgVHBNVqwNHlIkmW+xYkX6X2/54QQ1aZTmyU=,tag:SXyL69DZ5i0cQFvXnFkZIg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

12
devices/surface/default.nix
View File

@@ -26,7 +26,7 @@ inputs:
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
rollingRootfs = {};
};
nixpkgs.march = "skylake";
grub.installDevice = "efi";
@@ -50,13 +50,7 @@ inputs:
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xray.client = {};
firewall.trustedInterfaces = [ "virbr0" ];
wireguard =
{
@@ -65,7 +59,7 @@ inputs:
publicKey = "j7qEeODVMH31afKUQAmKRGLuqg8Bxd0dIPbo17LHqAo=";
wireguardIp = "192.168.83.5";
};
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 512; }; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
};
bugs = [ "xmunet" ];
};

16
devices/vps6/default.nix
View File

@@ -23,20 +23,20 @@ inputs:
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.hostname = "vps6";
networking = { hostname = "vps6"; networkd = {}; };
};
packages.packageSet = "server";
services =
{
snapper.enable = false;
sshd.enable = true;
xray.server = { enable = true; serverName = "vps6.xserver.chn.moe"; };
xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 13; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
@@ -64,20 +64,20 @@ inputs:
main.enable = true;
};
};
coturn.enable = true;
httpua.enable = true;
coturn = {};
httpua = {};
mirism.enable = true;
fail2ban.enable = true;
fail2ban = {};
wireguard =
{
enable = true;
peers = [ "pc" "nas" "vps7" "surface" "xmupc1" ];
peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";
lighthouse = true;
};
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 64; }; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
};
};
};

48
devices/vps6/secrets/default.yaml
View File

@@ -10,52 +10,26 @@ xray-server:
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
#ENC[AES256_GCM,data:93BxR0AEdQ==,iv:rf69GWpuxYt7fu1Fyv55pynuQDhi+TA5CwZK3cc3yBo=,tag:/hLy6atNMxLw6G3/qgMM4g==,type:comment]
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
#ENC[AES256_GCM,data:bnnxo/I=,iv:8jOo0P+8gk05O1vnxOiyGhaeD4wyuaaA3CCr8/DbzII=,tag:J6VSJZoko3EiWyn0ATcmqA==,type:comment]
#ENC[AES256_GCM,data:PTYBkBHs16U=,iv:qr3u7OveM1CmTBIf9gZK4fTRuLCpcZCwf8jmnd1L3Co=,tag:w3O41NG7yCwCVqPGh/6SXA==,type:comment]
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
#ENC[AES256_GCM,data:zsCT,iv:iTPnIsLoQKbmJuyFrf/aCKsiOy/TOrnbpJLu6dWFT4o=,tag:lFybPTAA7EedSsJ5dEfCLg==,type:comment]
user6: ENC[AES256_GCM,data:WLAKPPIHGvZrTaGMLFRQIgEYWFHYy0mD6sLJEYjCD+g93wek,iv:fCOxekJSBczJz/ODYwWgk1CqERc5q/87C+G/9ETuaSI=,tag:rkpBLQoEOPnWuE+U+BnzIQ==,type:str]
#ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
user7: ENC[AES256_GCM,data:7rxvmKbtYrDKBlo8kZIfd86KLd9EcSWB0ikasIRqfCZ24W0h,iv:Uplz4fnFymmBVZ9YTniHFFY3EVSrTYsg1+CTFqBu1WY=,tag:l3EPeYRHSeRsCyRhqFRrEg==,type:str]
user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user8: ENC[AES256_GCM,data:FNT3hHMwPJu3iI1LuOP1KvsoOonh+J/ecrNrRQO5TpunDPUq,iv:tTEB0MSUmQ39tNq9v1BTfaEcJY7Y59CPHRASMC1a4U8=,tag:klDm6Isk52hG8ubcFu6yHA==,type:str]
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
user9: ENC[AES256_GCM,data:4BD/4MXAVLhDm3EXdgTiEgPketf0WgflVPGb3/JMWXfycEKY,iv:jwE5sFVxZjORwoqCBdufP2EhetVtFGHyCP58AzJwle0=,tag:OCteA20hDBLI9zt1ET0tUQ==,type:str]
#ENC[AES256_GCM,data:U48hPlrJn2dF9g==,iv:W+6QEgemNa41VCT2OfBvEhuLAucLxfR+YZiDgdkkSnk=,tag:IhVstGnQ4EviT5ctMgyKiA==,type:comment]
user10: ENC[AES256_GCM,data:d9qxJQH9Jo8gJKUi5jjSdVwqzuHG+dj08Tk+TxhczJmlSaFT,iv:DS+9isZX2B9AYAyV4Yle4fpHzA/SHcR56B/GW8QdALw=,tag:9nUQ0OuMCuXGSZs2kjfnIQ==,type:str]
#ENC[AES256_GCM,data:DxZrs2B0LyPdLg==,iv:yZzEjyiY2s6gIPTsALl5xOsI0ByDvSBG4SI2+K6TLzI=,tag:hAniFFNS0SueybUKnRd2YQ==,type:comment]
user11: ENC[AES256_GCM,data:RPIH0DudfPJwPsa0yFLNqUy2EMwQh1bIqkmhCfteVTkUQGWP,iv:NH0aGTZ6nVqz2nn+o1HQS0PKpqHTBMkAhy0oFeyX/8k=,tag:kgd5zkHXW+oxRFC9x2VTUg==,type:str]
user8: ENC[AES256_GCM,data:H1gPtqF8vryD0rVH7HYzpMuZ3lufOBYczKwaTr4PidQtTyQK,iv:wh7NwFc/1ogNrnTTpm5L9dBqDVkvWiIsJZelR2mtR4Q=,tag:oEFdMFZJ9UYhsSVdefJ4rg==,type:str]
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
user12: ENC[AES256_GCM,data:Q+XcMYPWWeHqXZZt3lf9OurlWwVQGBJWTnRwDUvg7np19g3+,iv:ybREjo5/SFRN5LMSyYdm0ygkYoq/G1uBv9K0iGPqrh4=,tag:g2y8IJeXtHW1XjelOvT+/A==,type:str]
#ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
user13: ENC[AES256_GCM,data:IKKk8joJQ5rcSXV84jbYd4uox548czpcgXwTtyK4rFimQIoO,iv:ycVDDSb0qAtZE8WzEdKkaBYKY13JpKj+4xrgkLogikw=,tag:z9ty67NWIgGlh1psbE5qVQ==,type:str]
#ENC[AES256_GCM,data:ujz8CAgN2g==,iv:2KP2DwIfIPPnsyZRSptG6x80n0cQGoiYCFoLRbFeEos=,tag:oITBAiHs1odW3heSEOQAJA==,type:comment]
user14: ENC[AES256_GCM,data:WFhrirjRUEZlOaCLGvHzvRPyp5O+035k0bNFqCvs0UTdT0+y,iv:C2vvOexQwFFkQyvFd8tf7lca2ZZIF3hbSiOHa2RFfGU=,tag:zowYrIut44mRiq6/h0r4fQ==,type:str]
#ENC[AES256_GCM,data:t9mAcEcdBg==,iv:hzqb80+FtfsNP8ofYMyT0PwT8T8B3HYSGZUOrnk3SjM=,tag:0mbDe6S0bqbC/SffMr0AAg==,type:comment]
user15: ENC[AES256_GCM,data:Sfc4BWiQ5dz7K0kwlp/1e8x/ahPTnbTvSvFjz9R5KQL52uaO,iv:kzap3jQgm9P22teMkYJHlySh2azLBBuy/kpm+ylxIhM=,tag:2fOBw+McYdT3r+qoF/Wkzw==,type:str]
#ENC[AES256_GCM,data:S7Iodket2fLLhcDDuWgv6fVAbcg=,iv:2XlrHA0A36xrmEv7kqtL8i8EYnNpq7cjRMmsF+mPu4s=,tag:M6JvHYU6jqqinPoHcgnEZA==,type:comment]
user16: ENC[AES256_GCM,data:ijz4n66TY2tGpKLvGr7I6n+cOP6BfgpJdHmcPy2oTPGCvhR0,iv:RK8wi3Cj9XFVTqqt00DLru12Hiu/WJU8lV/v9MF5deI=,tag:6SHR8Yb2dO1rRY/xV5u9yw==,type:str]
#ENC[AES256_GCM,data:inAhj6SP8p4KahuZ+aSjPfnEcOY=,iv:eB6OvUkQvfdAkNuf95K7jAjZZ8i+nbsnsH3WEdRWFhw=,tag:dgw+RFY2cm6jF+R5z3Z+XA==,type:comment]
user17: ENC[AES256_GCM,data:Wz7tWzASeIKE9TzicUIwyOnjZDDICYvDAUu/scHrQoFjoOlE,iv:A2gPFSiIXaf1dQkFlXjw5yesKtv3qOVcIXzM2QspvDk=,tag:JWCVx2FJS84v2iMdzBxhlQ==,type:str]
user9: ENC[AES256_GCM,data:HVK9KvGfOcwn1joc3VrkjBjE6hrxQPOBD5RTtQUgBPepToh6,iv:VK9aQ64L/GajpledBxC8PNB1BdNYEqwcdL3GKttgxvs=,tag:O/piztCYBARtAFxTMNXGaA==,type:str]
#ENC[AES256_GCM,data:b839t/OihMOmz0gIcTo43r2MIw==,iv:8kaAFG7DhFOoitcvbFaAvE1NUSLFrFhy1KiMrqs4r/c=,tag:G4vSADa52ZfN5y5ytoFJoQ==,type:comment]
user18: ENC[AES256_GCM,data:xQMRt+YC1Kn0Qxtis9QVIypq4uHNLq2sWKxxQe515Kfg+zzw,iv:28nQibxqzx5Q17UkEwK0zYhu6mFJ8LUk78xxlQrIqFY=,tag:B7N/fC81v8VBTsDdIZDvDw==,type:str]
#ENC[AES256_GCM,data:fZFxSd9QDRBg/X5yFQia96I=,iv:cd9vJ+f+TJr4mmXPNwcsce0p7i36Nkt1OnUzqDhK4hE=,tag:FsOHS+zhr5wZNmJpMfG97w==,type:comment]
user19: ENC[AES256_GCM,data:Qjajmu6cfACT4eho6BK56zRd7BSXxo4fUeJ2RRawopVFZESJ,iv:QZN81pQxspe76V90NQxzsKmMwtvaC1qwuvd5a6WbrdU=,tag:/+LYeQLqvwM60DgIPtZzKA==,type:str]
user10: ENC[AES256_GCM,data:xjVkr/wy7OxRuNZKfQagfNxdVxTEyQP1ZhnR6jHy2gjBQ0RD,iv:G6iOBCHOqlvfEENY/ega/TUm81wgT2OOdZKZ6bPfg9o=,tag:p8AMa3bGsIl0hWQ09lSzgA==,type:str]
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
user20: ENC[AES256_GCM,data:uRSG6jOks7utk2bRdd5sndvqVnSGRhjkts2f3+V7JdEwQf4k,iv:xZdVv/H5RuliwSEWmgLViLquWZ5znGOpP9YwwLJfsyo=,tag:JR3BsCKkHpkE7woTaMHXwQ==,type:str]
#ENC[AES256_GCM,data:37f8REUu8PU0lfg=,iv:WOhsotX/O7Gg+YgkK5Fuw/njKz+1OgKSx0vXl1A32XY=,tag:IyjPLut59RuK/PpCyK4ZAQ==,type:comment]
user21: ENC[AES256_GCM,data:9cd7IY3zzoziXznclguxbmmZ5hfc2H1DPa+KW1geuybRlpB9,iv:NKwdt7ppRuNpn44f1ypNOoPS27Yqk3Z31ABQbflS9Gg=,tag:S2B1vR0PVd3FYu24XwTfpQ==,type:str]
user11: ENC[AES256_GCM,data:BIZ2zRgGv5/9AexiZZvu+m4A62YUWtAkjWWMu89GteqpWMBq,iv:13IJcDf18LjoxJk7uoKnuFZT6Ihxrxsy7DBaAaiFqus=,tag:RN7wj+uPneCkqNlMRyYrXw==,type:str]
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
user22: ENC[AES256_GCM,data:sCOmhXaJjzDIiuwP3Nh+yXQRYCppATzVWIdjOoMOlu+OFT+U,iv:HKRsCLJ/2jr7rGkM04uv4V1GKQheo2oxeFu4zqxcIAc=,tag:1swUo08hSzJ1PmQr/dBcgQ==,type:str]
user23: ENC[AES256_GCM,data:rgS6IdC4DBLvWWBkf5Db54yaNvagfISm5tHUD1KgeqrCR5x/,iv:ANQYEXssMfbU0bvk25dVYq+yQlMiVEyQCwrGPw1AGxc=,tag:d9sOvvxheWwsE/SeOgcWUQ==,type:str]
user24: ENC[AES256_GCM,data:3bn/ZG0En/OgY4PA4Ir8MaVWpJbX+ywpkoXQn7HChT+xhKFZ,iv:Jw8AG7vTc6j4VznekF6x2LXkoSFz960yqsSjPm1ORvw=,tag:EszCODBuLULKHJHh4Itq7A==,type:str]
user25: ENC[AES256_GCM,data:17bfY/7nClQ3c4OL/aNrUIuafPa1RLc9aLZUCyJMhsKp/1ob,iv:s6OD1AipescKuwdTw8x4hQkfHsl01FCh5c20SnpQk0g=,tag:+vlKdXWI6y7fU0AJIHVRJQ==,type:str]
user26: ENC[AES256_GCM,data:ubecAnPqdUhyEWU3vn3cbSFl0Ql/XfUbqWO9553jLqd2DP8R,iv:6GeibZBoBfJHWUjlW/eHbYwj6z9AFXDyom62BCpJp90=,tag:N3Al0SLPbC8lteky+aXNvA==,type:str]
user27: ENC[AES256_GCM,data:KM7HUEUHzXd+g/Vxy13uv+zOXLJ1BtSRPUnFIl2/u+ISu6MW,iv:fAxQRVjPsA3cFV1VLyIYMpG60sxi1pWW7153Cc8zjFM=,tag:HtiU8F5shQrFwonQEgQDiA==,type:str]
user28: ENC[AES256_GCM,data:FWuW6SmdA9l+yhTE7KEec72KZ7Ab0A9jYEWoHcLm1+DPydHk,iv:WipmZE/tZ5yCU+cDfeJCNpKv8o7T/zrcMzYRIVXI7FM=,tag:IDTNiPBGY9lER8fdIfL/6w==,type:str]
user29: ENC[AES256_GCM,data:SSP4igGqVthHTDOxOUodm1KEqPSOikWP/7jFKpYhXGe1wqrF,iv:ri82voK2BEArMlyV9F+NMTXQfV1pakGMoUyKh/LoYN4=,tag:VHZ/3DThAD7NmP3oOGyfcw==,type:str]
user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str]
telegram:
token: ENC[AES256_GCM,data:xsJoGgQ8pLeZqA2alGKkCyrvnjY6rVF5TlXn4GWDrStFBl65XXzwVY/9ZZthYQ==,iv:qTLfpRUyuIGFM668URfknhSRtx3WEHp/WTGzGUPuFd4=,tag:p8mF0tM+t02g7v2EQZN3Vg==,type:str]
chat: ENC[AES256_GCM,data:X1JxFQw0bPCu,iv:hf+TOSH2p9RdnXDFKxTpSRzxDLdJyzNHVV8MfOQuGWY=,tag:iiWw9IFiBGOOyOSl9Jj2wQ==,type:str]
@@ -99,8 +73,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-07T12:36:12Z"
mac: ENC[AES256_GCM,data:VECN4xQhoulbsTzIZpXKYY5/8ZuC+fkSluMPJbfqcvCCvvcyclIKJJQZin5SYAxGxewQZdeyZ4sfZ+lo+0/gXiiHQPz+jqrURGIWailfnUhM/6ziHVxXAdAq2j0XNDGt1Xf+rprG+R7xhqBHK6jt/EMJBuT4ar9heo/aJBtU2hk=,iv:pYzKQAVdY0qJKRzq4eESQNd94PpK8q6xwpOowtmreVQ=,tag:LlzVVl5U/uU3eJNck9LnrQ==,type:str]
lastmodified: "2024-03-14T15:01:58Z"
mac: ENC[AES256_GCM,data:hjG1VHHNTm7qt/f/t0VuziFPQKSv/1qYI2nvNrO7qeHywtEol1SbpaaF0kn8/8TOuZFfdrIECj4CrI2M1nWWEMF+1LBOI4ccBPDY/33tqg4B1ZX90GEdK0ZnaBn0/tEziu4i6wIKcPXQMnpftPrUXegQUKqMlnTTZKY2AGsPXoI=,iv:a+4+n31/3r+nhyAuL7o/lyd7NMA+e+AwfgHneNOFrx8=,tag:Ei8mQiI0+ZS8TWisc3NCDA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

10
devices/vps7/default.nix
View File

@@ -23,13 +23,13 @@ inputs:
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "broadwell";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.hostname = "vps7";
networking = { hostname = "vps7"; networkd = {}; };
gui.preferred = false;
};
packages.packageSet = "desktop";
@@ -52,18 +52,18 @@ inputs:
};
xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
vaultwarden.enable = true;
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 1024; };
photoprism.enable = true;
nextcloud.enable = true;
freshrss.enable = true;
send.enable = true;
huginn.enable = true;
fz-new-order.enable = true;
fz-new-order = {};
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
httpapi.enable = true;
gitea.enable = true;
grafana.enable = true;
fail2ban.enable = true;
fail2ban = {};
wireguard =
{
enable = true;

229
devices/xmupc1/README.md
View File

@@ -1,49 +1,53 @@
# slurm
# 硬件
* CPU16 核 32 线程。
* 内存96 G。
* 显卡:
* 409024 G 显存。
* 309024 G 显存。
* 2080Ti: 12 G 显存。
* 硬盘2 T。
# 队列系统SLURM
## 基本概念
队列系统换成了 slurm。这是个正经的队列系统不像之前那样是临时手搓的可靠性应该会好很多
学校的 hpc 上用的是 PBS和这个不一样但很多概念是相通的例如队列、节点等当然这里只有一个队列和一个节点
这里简单记录一下如何使用。更多内容,网上随便搜一下 slurm 的教程就可以找到很多介绍,也可以看官网文档。
先说明一下机器的硬件配置CPU 有 16 个核,每个核 2 线程,也就是总共 32 个线程。
slurm 限制 CPU 按照核(而不是线程)分配,
提交任务时, `sbatch` 命令中的 `cpu` 或者 `core` (它俩是同义词)都是指核的数量而不是线程数
(也就是说,实际运行的线程数要再乘以 2
VASP 支持两个层面的并行,一个叫 MPI一个叫 OpenMP实际运行的线程数是两者的乘积。
MPI 并行的数量就是提交任务时指定的 task 的数量,
OpenMP 并行的数量等于提交任务时指定的分配给每个 task 的 CPU 的数量再乘以 2
也就是最终的线程数等于指定的 CPU 数量乘以 2。
此外还有一个限制:当使用 GPU 时MPI 并行的数量必须等于 GPU 的数量,否则 VASP 会在开头报个警告然后只用 CPU 计算(但不会报错)。
SLURM 是一个用来对任务排队的系统,轮到某个任务时,再调用其它程序来执行这个任务
## 常用命令
提交一个 VASP GPU 任务的例子:
```bash
sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia-6.4.0 mpirun vasp-std
sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia-640
```
* `--gpus=1` 指定使用一个 GPU排到这个任务时哪个空闲就使用哪个
可以指定具体使用哪个GPU例如 `--gpus=4090:1`
可以简写为 `-G`
这个选项实际上是 `--gres` 选项的一种简便写法,当需求更复杂时(例如,指定使用一个 3090 和一个 4090就需要用 `--gres`
例如:`--gres=gpu:3090:1,gpu:4090:1`
“gre” 是 “generic resource” 的缩写。
* `--ntasks-per-gpu=1` 是一定要写的
* `--job-name=` 指定任务的名字。可以简写为 `-J`。也可以不指定
* 默认情况下,一个 task 会搭配分配一个 CPU 核(两个线程),一般不用修改。如果一定要修改,用 `--cpus-per-task`
* `--gpus` 指定使用GPU 的情况:
* 要占用任意一个 GPU排到这个任务时哪个空闲就使用哪个`--gpus=1`。要占用任意两个就写 `--gpus=2`,以此类推
但一般来说,**单个任务不要占用超过一个 GPU**,多个显卡的速度会比单个更慢
* 要指定具体使用哪个 GPU 时,写 `--gpus=4090:1`。2080 Ti 需要写为 `2080_ti`P5000 需要写为 `p5000`
* 当需要使用多个不同类型的显卡(例如,指定使用一个 3090 和一个 4090`--gres=gpu:3090:1,gpu:4090:1`
* `--ntasks-per-gpu=1` 对于 VASP 来说一定要写。
* `--job-name=xxx` 指定任务的名字。可以简写为 `-J`。也可以不指定
* 默认情况下,一个 task 会搭配分配一个 CPU 核(一个线程),一般已经够用。如果一定要修改,用 `--cpus-per-task`
* `vasp-nvidia-640` 指调用 std 版本,要使用 gam 或 ncl 版本时,写为例如 `vasp-nvidia-640-gam`
提交一个 VASP CPU 任务的例子:
```bash
sbatch --ntasks=2 --cpus-per-task=2 --job-name="my great job" vasp-gnu-6.4.0 mpirun vasp-std
sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great job" vasp-intel-640
```
* `--ntasks=2` 指定在 MPI 层面上并行的数量
可以简写为 `-n`
* `--cpus-per-task=2` 指定每个 task 使用的 CPU 核的数量OpenMP 并行的数量等于这个数再乘以 2
* `--ntasks=4 --cpus-per-task=4` 指定使用占用多少核
* CPU 的调度是个非常复杂的问题,而且 slurm 和 Intel MPI 之间的兼容性也不算好,因此**推荐照抄下面的设置**
也可以自己测试一下怎样分配更好,但不要随意地设置。不同的设置会成倍地影响性能
* 对于 xmupc1`--ntasks=3 --cpus-per-task=4`
* 对于 xmupc2`--ntasks=4 --cpus-per-task=10`
* `--hint=nomultithread` 记得写。
* `--job-name=xxx` 指定任务的名字。可以简写为 `-J`。也可以不指定。
* `vasp-intel-640` 指调用 std 版本,要使用 gam 或 ncl 版本时,写为例如 `vasp-intel-640-gam`
要把其它程序提交到队列里,也是类似的写法。请自行举一反三。
要列出已经提交(包括已经完成、取消、失败)的任务:
@@ -62,13 +66,25 @@ scancel -n my_great_job
scancel -u chn
```
要将自己已经提交的一个任务优先级提到最高(只是自己已经提交任务的最高,不影响别人的任务):
要将自己已经提交的一个任务优先级提到最高(相应降低其它任务的优先级,使得总体来说不影响别人的任务):
```bash
scontrol top job_id
scontrol top 114514
```
## sbatch 的更多参数
要显示一个任务的详细信息(不包括服务器重启之前算过的任务):
```bash
scontrol show job 114514
```
要显示一个任务的详细信息(包括服务器重启之前算过的任务):
```bash
sacct --units M --format=ALL -j 114514 | bat -S
```
## `sbatch` 的更多参数
```bash
# 提交一个新任务,但是礼让后面的任务(推迟到指定时间再开始排队)
@@ -101,25 +117,162 @@ scontrol top job_id
--wrap=
```
# ssh
# 支持的连接协议
## SSH
ssh 就是 putty winscp 之类的工具使用的那个协议。
* 地址:office.chn.moe(如果在校外,需要厦大 VPN
* 地址:xmupc1.chn.moe
* 端口6007
* 用户名:自己名字的拼音首字母
* 可以用密码登陆,也可以用证书登陆。
要从本机登陆到学校 hpc 的 jykang 账户,使用下面的命令:
从一台服务器登陆到其它服务器,只需要使用 `ssh`` 命令:
```bash
ssh jykang
ssh xmupc1
ssh xmupc2
ssh user@host
```
# rdp
直接从另外一台服务器下载文件,可以使用 `rsync` 命令:
```bash
rsync -avzP jykang:/path/to/remote/directory_or_file /path/to/local/directory
```
将另外一个服务器的某个目录挂载到这个服务器,可以使用 `sshfs` 命令:
```bash
sshfs jykang:/path/to/remote/directory /path/to/local/directory
```
用完之后记得卸载(不卸载也不会有什么后果,只是怕之后忘记了以为这是本地的目录,以及如果网络不稳定的话,运行在这里的软件可能会卡住):
```bash
umount /path/to/local/directory
```
如果不喜欢敲命令来挂载/卸载远程目录,也可以 RDP 登陆后用 dolphin。
## RDP
就是 windows 那个远程桌面。
* 地址xmupc1.chn.moe(如果在校外,需要厦大 VPN
* 地址xmupc1.chn.moe
* 用户名:自己名字的拼音首字母
* 密码和 ssh 一样。
* 密码和 ssh 一样(使用同样的验证机制)
RDP 暂时没有硬件加速(主要是毛玻璃之类的特效会有点卡)。
记得在连接时点击“显示选项”将“体验”中的连接速度改为“LAN10 Mbps 或更高)”,不然会很卡。
## samba
samba 就是 windows 共享文件夹的那个协议。
* 地址xmupc1.chn.moe
* 用户名:自己名字的拼音首字母
* 初始密码和 ssh 一样,你可以自己修改密码(使用 `smbpasswd` 命令。samba 的密码和 ssh/rdp 的密码是分开的,它们使用不同的验证机制。
在 windows 上,可以直接在资源管理器中输入 `\\xmupc1.chn.moe` 访问。
也可以将它作为一个网络驱动器添加(地址同样是 `\\xmupc1.chn.moe`)。
# 计算软件
## VASP
VASP 有很多很多个版本,具体来说:
* VASP 多个版本可以共存。目前安装了两个版本6.3.1 和 6.4.0。
* VASP 可以用不同的编译器编译。目前安装的有nvidia、gnu、intel 和 amd。nvidia 使用 GPU 计算,其它的只能用 CPU 计算。
* VASP 的 std/gam/ncl 版本有一点区别,一般用 std只有一个 gamma 点的时候用 gam 会快一点,系统中存在方向不平行的磁矩时必须用 ncl。
* 无论哪个版本,都集成了下面这些补丁:
* HDF5用于生成 hdf5 格式的输出文件。
* wannier90我也不知道干啥的随手加上的。
* OPTCELL如果存在一个 `OPTCELL` 文件VASP 会据此决定弛豫时仅优化哪几个晶胞参数。
* MPI shared memory用来减小内存占用。
如何提交 VASP 到队列系统已经在上面介绍过了。下面的例子是,如果要直接运行一个任务的写法:
```bash
vasp-nvidia-640-env mpirun -np 1 -x CUDA_DEVICE_ORDER=PCI_BUS_ID -x CUDA_VISIBLE_DEVICES=0 -x OMP_NUM_THREADS=4 vasp-std
vasp-gnu-640-env mpirun -np 2 -x OMP_NUM_THREADS=4 vasp-std
vasp-intel-640-env mpirun -n 2 -genv OMP_NUM_THREADS=4 vasp-std
vasp-amd-640-env mpirun -np 2 -x OMP_NUM_THREADS=4 vasp-std
```
其中 `CUDA_VISIBLE_DEVICES` 用于指定用哪几个显卡计算(多个显卡用逗号分隔)。
要查看显卡的编号,可以用 `CUDA_DEVICE_ORDER=PCI_BUS_ID vasp-nvidia-640-env nvaccelinfo` 命令。
这里 `vasp-xxx-6.4.0` 命令的作用是,进入一个安装了对应版本的 VASP 的环境,实际上和 VASP 关系不大;
后面的 `mpirun xxx` 才是真的调用 VASP。
所以实际上你也可以在这个环境里做别的事情,例如执行上面的 `nvaccelinfo` 命令。
## mumax
问龚斌,我没用过。
## lammps
除了我应该没人用,就不写了。
## quantum espresso
我也只用过一次。大规模用到了再说吧。
# 其它软件
我自己电脑上有的软件,服务器都有装,用于科研的比如 VESTA 什么的。可以自己去菜单里翻一翻。
## 操作系统
操作系统是 NixOS是一个相对来说比较小众的系统。
它是一个所谓“函数式”的系统。
也就说,理想情况下,系统的状态(包括装了什么软件、每个软件和服务的设置等等)是由一组配置文件唯一决定的(这组配置文件放在 `/etc/nixos` 中)。
要修改系统的状态(新增软件、修改设置等等),只需要修改这组配置文件,然后要求系统应用这组配置文件就可以了,
系统会自动计算出应该怎么做(增加、删除、修改哪些文件,重启哪些服务等等)。
这样设计有许多好处,例如可以方便地回滚到之前任意一个时刻的状态(方便在调试时试错);
一份配置文件可以描述多台机器的系统,在一台上调试好后在其它机器上直接部署;
以及适合抄或者引用别人写好的配置文件。
以上都是对于管理员来说的好处。对于用户来说的好处不是太多,但是也有一些。
举个例子,如果用户需要使用一个没有安装的软件(例如 `phonopy`,当然实际上这个已经装了),只需要在要执行的命令前加一个逗号:
```bash
, phonopy --dim 2 2 2
```
系统就会帮你下载所有的依赖,并在一个隔离的环境中运行这个命令(不会影响这之后系统的状态)。
还有一个命令可能也有用,叫 `try`。
它会在当前的文件系统上添加一个 overlay之后执行的命令对文件的修改只会发生在这个 overlay 上;
命令执行完成后,它会告诉你哪些文件发生了改变,然后可以选择实际应用这些改变还是丢弃这些改变。
例如:
```bash
try phonopy --dim 2 2 2
```
这个命令和 NixOS 无关,只是突然想起来了。
## 文件系统
文件系统是 BtrFS。它的好处有
* 同样的内容只占用一份空间;以及内容会被压缩存储(在读取时自动解压)。这样大致可以节省一半左右的空间。
例如现在 xll 目录里放了 213 G 文件,但只占用了 137 G 空间。
* 每小时自动备份,放置在 `/nix/persistent/.snapshots` 中,大致上会保留最近一周的备份。如果你误删了什么文件,可以去里面找回。
## ZSH
所谓 “shell” 就是将敲击的一行行命令转换成操作系统能理解的系统调用C 语言的函数)的那个东西,也就是负责解释敲进去的命令的意思的那个程序。
大多情况下默认的 shell 是 bash但我装的服务器上用 zsh。
zsh 几乎完全兼容 bash 的语法,除此以外有一些顺手的功能:
* 如果忘记了曾经输入过的一个命令,输入其中的几个连续的字母或者单词(不一定是开头的几个字母),然后按 `` 键,就会自动在历史命令中依次搜索。
例如我输入 `install` 按几下 `` 键,就可以找到 `sudo nixos-rebuild boot --flake . --install-bootloader --option substituters https://nix-store.chn.moe` 这个东西。
* 如果从头开始输入一个曾经输入过的命令,会用浅灰色提示这个命令。要直接补全全部命令,按 `` 键。要补全一个单词,按 `Ctrl` + `` 键。
* 常用的命令,以及常用命令的常用选项,按几下 `tab` 键,会自动补全或者弹出提示。

30
devices/xmupc1/default.nix
View File

@@ -24,7 +24,7 @@ inputs:
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12"; path = "/nix/rootfs"; };
rollingRootfs = {};
};
grub.installDevice = "efi";
nixpkgs =
@@ -35,6 +35,8 @@ inputs:
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
@@ -48,6 +50,7 @@ inputs:
gui = { preferred = false; autoStart = true; };
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "xmupc1";
nix.remote.slave.enable = true;
};
hardware =
{
@@ -65,23 +68,13 @@ inputs:
snapper.enable = true;
fontconfig.enable = true;
sshd = { enable = true; passwordAuthentication = true; };
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xray.client = {};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
smartd.enable = true;
beesd =
beesd.instances =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 512; };
};
root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 512; };
};
wireguard =
{
@@ -95,18 +88,19 @@ inputs:
enable = true;
cpu = { cores = 16; threads = 2; };
memoryMB = 94208;
gpus = { "3090" = 1; "4090" = 1; };
gpus = { "2080_ti" = 1; "3090" = 1; "4090" = 1; };
};
xrdp = { enable = true; hostname = [ "xmupc1.chn.moe" ]; };
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
hostsAllowed = "";
shares = { home.path = "/home"; root.path = "/"; };
};
groupshare = {};
};
bugs = [ "xmunet" "amdpstate" ];
users.users = [ "chn" "xll" "zem" "yjq" "gb" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
};
services.hardware.bolt.enable = true;
};

16
devices/xmupc1/secrets/default.yaml
View File

@@ -7,10 +7,14 @@ xray-client:
wireguard:
privateKey: ENC[AES256_GCM,data:Azaqung7llErB7/IdnOnEkwjQ39yQHKcO7VgvMDCDTExM7nS0zx+yMYX4ls=,iv:FX8oLHMBVEnKkYOg8q2A9vFmtRZDws5T87+lEl7+2G8=,tag:DdOQUbNKB6JK7Tp6McQ0Og==,type:str]
users:
xll: ENC[AES256_GCM,data:tGzKVg4prhg9oXOSX0FJIAWdF79CWsFuiU8U12dSnkBIgRXPZlJkz9mLLTENm6SjftItt/ku4MDj94KnM+nPYkIorTYtEuergg==,iv:oavvRf7/21LuDksUiXLfR2/qQNz5O6JyroxX1DwC6gc=,tag:qYbW1ZQtXo+2qGrl5wuZkA==,type:str]
zem: ENC[AES256_GCM,data:r2BDtAfMohsnoqw51/flvkiXe/EtJtDhakEyOTPX2E7cikfPtPD9iJPd2RnNkS3QPBKg08ex5ce2e3ywzGgNX5RKrxIacpxSSA==,iv:VfhEqTvS9qVFGif+SkBdz8VR6BXEnncMYcPQW4qqNk8=,tag:t4JBEhX+6iqnrd0JoLKpmA==,type:str]
yjq: ENC[AES256_GCM,data:Yb9gVDrWhpmBYI8JlGee30J+PVFVGLo4btFVGToUVj3Sr2bPetY96mEJoxYQha7SPKBoZ7+ePzWYiYOi43MZ6sYndj3C6sYmYg==,iv:2H2+ZmIIDJAKds1XSMqVcUpsix3rbxLkVlBIIAK3ifg=,tag:7redx03BsscRrk+e7dqXdg==,type:str]
gb: ENC[AES256_GCM,data:ZoprrHc2l0nkqy4ujYQfxNENMEnfpRhCIxX7jMPoWeTrJt2sE1AloWeVFsArJKTx8krpW96X3AXpUIauMH9kc/CviPop2QMgDw==,iv:fOIVPEHDvyZ45G9uRbx2gBE0KuZy+aEWALlXusDJ1YU=,tag:G6hZLn9/99Kj+wZAeNyxkQ==,type:str]
#ENC[AES256_GCM,data:1RG/IM/UrLCk,iv:LY2QCBN0gYwuhVwS/WIrjt4MEHhjPPQG+cjTZJhU6Zc=,tag:AEL+smmitSqW+D70K74LbQ==,type:comment]
xll: ENC[AES256_GCM,data:YauaeGHDVAnMXp9hSz4r4jNsioF79Q+WplfsYGpl4g5FxoakhfjRlnfzrLmMO3mWEIBOmDqeShbDEulyV5O47CIBGaMUUHe+Gg==,iv:RNwRfghJBb0PO4A/T5d5J1U0NsXdygXlWq/FfF8MO4U=,tag:BOh666TYGbCCHcgB/uBhTw==,type:str]
#ENC[AES256_GCM,data:zxOQcoOzJNBK,iv:YJQB8lV+nhwm5XYMpDIyt0IDHBlHTiHO8cpgXkXe/dQ=,tag:re5ekGkYRewPdxv83mtLUQ==,type:comment]
zem: ENC[AES256_GCM,data:bIxVN4T3Gh3aSa1gylkPmW3/uT5xQAlruC+L3zk0Tc3KvwBCQA5DpxXU8ZxjeK0P0xGi02U7gFWgm+yxp6otdCsUEmWed4EHHw==,iv:vpKpY0nRUwuI5mCcYTOD3zN/E21wHl4ZbRDUPoFmdhQ=,tag:m5WTzCgOTC7oqU4yfV9gkQ==,type:str]
#ENC[AES256_GCM,data:ZnMFN0WzjKDd,iv:t1YHrNoHOohYsdBOqoV6OtfS5ig6CTS8jW5mKy0oSQA=,tag:WkgrH1ZXcbHruxJY/hVsmg==,type:comment]
yjq: ENC[AES256_GCM,data:ua0DINHutjt2Pk+SfHRQRV99mT3Cnw6rRKO8VRIAlP0dY6QhK9wkNdyRYWYRBKVrWgyFQMGNFYAxIpymjF/X7mBOVI2sOHLgkw==,iv:PUZ6S0KICuqoSA2sDLxdL4gtAOQnQXOUY+5f3qDZgpc=,tag:f39P34vAUOrV23BsKkRarA==,type:str]
#ENC[AES256_GCM,data:6qNjSdjck4Vz,iv:c/GNqCNgRgwgL+2f6Vumtjb/ub9WCBSy8R02NRCDqk8=,tag:b/tucJsHTjSfcK0vgHtE8A==,type:comment]
gb: ENC[AES256_GCM,data:3eAKBiJoC1owCHTFd3Xq8vI8VK980evePc92xCXJJ21M9D1MdbwN8ySZ3Ovjk7VfQmEo8oRv1Ll1sftyrXYoeTHmJsNDxCpR6A==,iv:Ju/ERNuGrgO5kYlbvmkbLJkgiW3Elou34AsJTFITCUg=,tag:POVlxYh9kZ1BMSbt97IVOQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
sops:
@@ -37,8 +41,8 @@ sops:
ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-26T06:04:25Z"
mac: ENC[AES256_GCM,data:2d3i3rcRYrB58vJuyhP4AIB11Ns+zQq0Pli1LF4sAKb75OmJ/qlRcwJKlOCASdY95FfzOQDGjfZheg58fVSd9EbYxX+npMXGUiODa8JRTHgQye3/qjFv14v49zKFJ0dNs13XnOEA4QAry/7gDlb0+M44bNRGPSZSoFX2yJ53smw=,iv:I1YDN6+26BmaWR84kq9zXNXjQ4cRvtzrS2Q13PlUjp0=,tag:sgxcTpOr7T2oXjb5qLRrqw==,type:str]
lastmodified: "2024-03-10T13:47:17Z"
mac: ENC[AES256_GCM,data:19w2Q1SRhKIyxibGgKa+CkEhiizFJ27FePOlMll+8tJVJRzfIl8KrutlRi0hMhEYFlML0bWunbINUEIg7yJbIwFCSjxFDnqKsCT3iClT3kaktxr5+0R+ECoQTGGV67VkT5WY/LT3V1zdLYI38MVaBQObGKCpBs23nIK2QXrg39Q=,iv:q1ezSmo14vsmEE8owxnsonWMq2uj6mrVjKNh+RuK+cE=,tag:QBc99UEaEPiEgZH+Z3Z8tA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

31
devices/xmupc2/README.md Normal file
View File

@@ -0,0 +1,31 @@
# 硬件
* CPU44 核 88 线程。
* 内存256 G。
* 显卡:
* 409024 G 显存。
* P500016 G 显存。
* 硬盘18 T。
# 支持的连接协议
## SSH
* 地址xmupc2.chn.moe
* 端口6394
* 用户名:自己名字的拼音首字母
* 可以用密码登陆,也可以用证书登陆。
## RDP
* 地址xmupc2.chn.moe
* 用户名:自己名字的拼音首字母
* 密码和 ssh 一样(使用同样的验证机制)。
## samba
* 地址xmupc2.chn.moe
* 用户名:自己名字的拼音首字母
* 初始密码和 ssh 一样。
其它内容请阅读 [xmupc1](../xmupc1) 的说明,两台机器的软件大致是一样的。

96
devices/xmupc2/default.nix Normal file
View File

@@ -0,0 +1,96 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/23CA-F4C4" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/d187e03c-a2b6-455b-931a-8d35b529edac" =
{ "/nix/rootfs/current" = "/"; "/nix" = "/nix"; "/nix/boot" = "/boot"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "efi";
nixpkgs =
{
march = "skylake";
cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
gui = { preferred = false; autoStart = true; };
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "xmupc2";
nix.remote.slave.enable = true;
};
hardware =
{
cpus = [ "intel" ];
gpu.type = "nvidia";
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "workstation";
virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd = { enable = true; passwordAuthentication = true; };
xray.client = {};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
wireguardIp = "192.168.83.7";
};
slurm =
{
enable = true;
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryMB = 253952;
gpus = { "4090" = 1; "p5000" = 1; };
};
xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
samba =
{
enable = true;
hostsAllowed = "";
shares = { home.path = "/home"; root.path = "/"; };
};
groupshare = {};
};
bugs = [ "xmunet" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
};
};
}

48
devices/xmupc2/secrets/default.yaml Normal file
View File

@@ -0,0 +1,48 @@
acme:
cloudflare.ini: ENC[AES256_GCM,data:/y070fzfZFI/Jb9xS8UO7iRnjHJ3uItqsHqjyHPAqsTN4tSEyMpaE3KtNpecgWxk2PvLRfqdmdwu/bnGlIp7adU=,iv:fv4dbeK1F/cn5nhnSC1lTUqxeFPG/0lNqEvPWMH6Mzw=,tag:dE4clxPGraAXXsJM6NS8XQ==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:FPVSD8otQMNpbESNEHXCfQjB/zi3OVwZoyLijUtnHQlQzec7KVSiGw==,iv:DkkwCqvRmcFHQIXseh2fycCxZboJMYhHPu67GddenY4=,tag:iHEC8r5GcuB1QcZ5Uf8Skw==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:0Vw9NVs/Kxc52zUlmeAPFeOG8msdL0YopjhzFKRWhv6+kfb+SFObOP8EJ2M=,iv:KgIZIawbnN+1sIcMjNECkdtujPbg7yQktKVc25SXavI=,tag:b79oZP+GZKmM3OVFshvFhg==,type:str]
users:
#ENC[AES256_GCM,data:FP1Mr1TmRI4L,iv:3K4LMbOQPvF1ORWNyaXDoC5MXn3yColR4eKs9sm9y5s=,tag:f3guTegVXw1A6aqolKQnqA==,type:comment]
xll: ENC[AES256_GCM,data:CAEd+usnLKoQZ+0PLEiJfbZpz2pyn+I/edC2KbNXBXZPAgT7IDENMnSQyxme899KqRVL4nLrtHs82aA8+kl/dE+QYSTCFVVuHg==,iv:Hs8rb0Iu5Xw74p9/cL2gWfPLh61VaLzIltKUSjRFZjc=,tag:/u5vI0oTMQbNoCEzhcWqOw==,type:str]
#ENC[AES256_GCM,data:UIns0CnC/QmJ,iv:Gn4XDPcdTyDLXAgGq7qwayrN206Gx7JsJ3V9G+4bTyA=,tag:FITVs8Tgkiq1XoS8joXM1Q==,type:comment]
zem: ENC[AES256_GCM,data:znpGuS8LVxaztnwQlIwu3hykWRBUtQvOsniLaOasXDbw9lHGX8lwwYJuCE+0I14HmiZK/RrrouIwfAfcjZQzPyjJ/SRoOG1Vyg==,iv:YXHX43y99/w9102vhsvFLVOUtJmuRnLVLu+ywfn9URY=,tag:AzsmkXOyX7y/D+ndteuMmA==,type:str]
#ENC[AES256_GCM,data:6vMItERptBsX,iv:G0sDjEfLciheMxTZbeLIbWKlimPD1ANIk/VVdhQifXA=,tag:oR9FEdVx6W+0uDeKfb37iw==,type:comment]
yjq: ENC[AES256_GCM,data:sGPQ0xALULREnhzl9g/V91M5osMglsSps6R4gYn5OZc/4xVC1phF3qajVN3YMOr7kKgkHbF2Rjm6/2vuK0k1iYZnFswUAmFlmw==,iv:5vG1hn7SlX6HCpas2BgxBSwWqLby8OCxcH3EKNvceIc=,tag:TVwFBAuosKnEOZecq1phXw==,type:str]
#ENC[AES256_GCM,data:ALHxkRABA+ll,iv:r1IDiHLFcTdLID3q16zrLTavAwQfddC7bXMKcFZFveI=,tag:4Pd0/Q1BmH4gJjaM4hbqqQ==,type:comment]
gb: ENC[AES256_GCM,data:z4CrtdmdLJJ0qZzr7qvihnluJQgjtciX56KdEmtemiRu0llEJk9qz6a23aJ7m40Sfc38elF1/LsvjOuBOC87+BVkKDCj76phag==,iv:WrFVxkr3snmqDXZx5kAYCLp7ixEIzxoT7El3rV7Ovqg=,tag:iExf2Y/HObHQrKMTRvqn7A==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-10T13:46:59Z"
mac: ENC[AES256_GCM,data:j+bdp0emAtTNNI7aZsKTJ+uARsuyLb9GRV0CeIb2EoZaOmj5cJpUzYtcAWIdCYplt1ZScCcR7iQPUlCzUb0+pXth7QDibtGJcj0dqw87DoaY3cqm7jNkKteiIYxXOCmbMBgED9eMxQVdcGZTDSuTQ0KjFYoXkcUSriMsJltDUDc=,iv:+eLNmlxeqB/Q7Rmz5B/wZSajiesV+/ED3ROJuuShpfo=,tag:95xKRRuqRZkUFUjHbPrDNw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
devices/xmupc2/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYmNFOFlnbm1FdXdGWUNr\nOGN3THhDUyt4SDVzcHY5dEYrSWsrQm1UOFJvCmhXaWFlcC8wazROaXZzcm9tUnFM\nQlphZ0x6c0RhbzY0aGVFbXdOa1BHbG8KLS0tIHF2YUNTVnZ3Z25FSnFlTEdmdXhE\nb3Z2UEp1c2UrOUp3NEdNcE5HSFptbzAKWGSTwv6xUNs/f+p0Bhpzg8zZ7EVK8kMm\no13fru2Cnqrw8Cj0zfx+7LODpBVzo03fLYKqZ6kbPZGa12ihk+fD4g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRVMrenM2Q1ZheFVPc2Rz\nYVd6UGoxbkpSQlZsNFN1dmIzSkl6SERwaTBRCjlHV3MvTEpxbDY4OHZjeUd5NmRF\nRmc1NzVCMTA0bDhwajNlMWZKTlNKK2cKLS0tIHRZZ0cxY2dwV21iRDlmeE5UZkM4\nK1dKV24yY3FKV2J3U2VzZWt2QnBSTHcKn8mq+1RnJG/nBbH2mAFpSFSTHDWvMqJj\nsziW9lK0cH6bPxhcpDO4oG8K08bdGHUVGtx2Zk81CDqzfamlMzzG2Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-09T07:59:38Z",
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

614
flake.lock generated
View File

@@ -21,6 +21,39 @@
"type": "github"
}
},
"attic": {
"inputs": {
"crane": [
"chaotic",
"crane"
],
"flake-compat": [
"chaotic",
"flake-compat"
],
"flake-utils": [
"chaotic",
"flake-utils"
],
"nixpkgs": [
"chaotic",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1707922053,
"narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
"rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
"revCount": 193,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/zhaofengli/attic/0.1.193%2Brev-6eabc3f02fae3683bffab483e614bebfcd476b21/018da817-367d-75ac-bd41-470d92844bf2/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/zhaofengli/attic/0.1.%2A.tar.gz"
}
},
"blurred-wallpaper": {
"flake": false,
"locked": {
@@ -37,6 +70,44 @@
"type": "github"
}
},
"chaotic": {
"inputs": {
"attic": "attic",
"compare-to": "compare-to",
"conduit": "conduit",
"crane": "crane",
"fenix": "fenix",
"flake-compat": "flake-compat_2",
"flake-schemas": "flake-schemas",
"flake-utils": "flake-utils",
"home-manager": [
"home-manager"
],
"jovian": "jovian",
"jujutsu": "jujutsu",
"niri": "niri",
"nix-filter": "nix-filter",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems",
"yafas": "yafas"
},
"locked": {
"lastModified": 1710340554,
"narHash": "sha256-oMeBMZmLEcqPQ3DBG1xVhSm9+dV+ZNxaYn3wfro2p70=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "03b2bea544688068025df1912ff1e9a1ad4a642a",
"type": "github"
},
"original": {
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "03b2bea544688068025df1912ff1e9a1ad4a642a",
"type": "github"
}
},
"citation-style-language": {
"flake": false,
"locked": {
@@ -55,6 +126,20 @@
"url": "https://github.com/zepinglee/citeproc-lua"
}
},
"compare-to": {
"locked": {
"lastModified": 1695341185,
"narHash": "sha256-htO6DSbWyCgaDkxi7foPjXwJFPzGjVt3RRUbPSpNtZY=",
"rev": "98b8e330823a3570d328720f87a1153f8a7f2224",
"revCount": 2,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/chaotic-cx/nix-empty-flake/0.1.2%2Brev-98b8e330823a3570d328720f87a1153f8a7f2224/018aba35-d228-7fa9-b205-7616c89ef4e0/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/chaotic-cx/nix-empty-flake/%3D0.1.2.tar.gz"
}
},
"concurrencpp": {
"flake": false,
"locked": {
@@ -71,6 +156,51 @@
"type": "github"
}
},
"conduit": {
"inputs": {
"attic": [
"chaotic",
"attic"
],
"crane": [
"chaotic",
"crane"
],
"fenix": [
"chaotic",
"fenix"
],
"flake-compat": [
"chaotic",
"flake-compat"
],
"flake-utils": [
"chaotic",
"flake-utils"
],
"nix-filter": [
"chaotic",
"nix-filter"
],
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710562188,
"narHash": "sha256-KHlb4sK9fvp+9DoYWHLyaegoeLV7w8s7CsNMmNlKu1U=",
"owner": "girlbossceo",
"repo": "conduwuit",
"rev": "8d8467a4eafd264adb9c710e0638c08ae547dec4",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"repo": "conduwuit",
"type": "github"
}
},
"cppcoro": {
"flake": false,
"locked": {
@@ -87,6 +217,26 @@
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1706473297,
"narHash": "sha256-FbxuYIrHaXpsYCLtI1gCNJhd+qvERjPibXL3ctmVaCs=",
"rev": "fe812ef0dad5bb93a56c599d318be176d080281d",
"revCount": 493,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/ipetkov/crane/0.16.1/018d51be-1c17-765e-babc-c9e3bc8a5a14/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/ipetkov/crane/%2A.tar.gz"
}
},
"date": {
"flake": false,
"locked": {
@@ -105,7 +255,7 @@
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
@@ -241,11 +391,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1708989027,
"narHash": "sha256-14HU66SKCszBP0h+/g/5YLfSksSro+AeEUFFchH0VWA=",
"lastModified": 1711262477,
"narHash": "sha256-fK1OsvjJwQlTeGJHcngxM2iWICCJ/vnG1qJq6U3H7UQ=",
"owner": "Mic92",
"repo": "envfs",
"rev": "3273ab593b97adf85e89210233bf7d9324177e46",
"rev": "4aa4816dd9b5c38db4005ca18a42d8070242eec5",
"type": "github"
},
"original": {
@@ -334,6 +484,27 @@
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1709274179,
"narHash": "sha256-O6EC6QELBLHzhdzBOJj0chx8AOcd4nDRECIagfT5Nd0=",
"rev": "4be608f4f81d351aacca01b21ffd91028c23cc22",
"revCount": 1791,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1791%2Brev-4be608f4f81d351aacca01b21ffd91028c23cc22/018df913-b6d3-756c-b05c-358eca6e487d/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/nix-community/fenix/0.1.%2A.tar.gz"
}
},
"flake-compat": {
"flake": false,
"locked": {
@@ -355,25 +526,24 @@
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/%2A.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@@ -401,11 +571,11 @@
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@@ -430,6 +600,22 @@
"type": "github"
}
},
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -438,11 +624,11 @@
]
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
@@ -529,9 +715,43 @@
"type": "github"
}
},
"flake-schemas": {
"locked": {
"lastModified": 1693491534,
"narHash": "sha256-ifw8Td8kD08J8DxFbYjeIx5naHcDLz7s2IFP3X42I/U=",
"rev": "c702cbb663d6d70bbb716584a2ee3aeb35017279",
"revCount": 21,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.1/018a4c59-80e1-708a-bb4d-854930c20f72/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": [
"chaotic",
"systems"
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"revCount": 92,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/numtide/flake-utils/0.1.92%2Brev-b1d9ab70662946ef0850d488da1c9019f3a9752a/018e2ca5-e5a2-7f80-9261-445a8cecd4d7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/numtide/flake-utils/0.1.%2A.tar.gz"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
@@ -547,9 +767,9 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
@@ -565,9 +785,9 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1681202837,
@@ -583,7 +803,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
@@ -598,24 +818,6 @@
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
@@ -638,6 +840,24 @@
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_8": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
@@ -685,6 +905,22 @@
"type": "github"
}
},
"gricad": {
"flake": false,
"locked": {
"lastModified": 1709199491,
"narHash": "sha256-J32quO+kCOrOLkYQzFZpiPhUXJHE6GIrmb0VSlECKLM=",
"owner": "Gricad",
"repo": "nur-packages",
"rev": "4b4a489297f3a11b8d0883b02c0d154ce37f24e0",
"type": "github"
},
"original": {
"owner": "Gricad",
"repo": "nur-packages",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
@@ -746,6 +982,54 @@
"type": "github"
}
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710404304,
"narHash": "sha256-tYsUAsZgt9TT7d+r1KRYHWyBRWedJ39SXNBVSCQVsGQ=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "ffa51458aec4d53aac85b6dee1ee2ec29f4e953f",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"jujutsu": {
"inputs": {
"flake-utils": [
"chaotic",
"flake-utils"
],
"nixpkgs": [
"chaotic",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1710563757,
"narHash": "sha256-H5SZIo7O4zg/NqSdM71V2gYH4ex5WbBf6s9ue5s4nL4=",
"owner": "martinvonz",
"repo": "jj",
"rev": "8600750fceafbf489d42a99b36b1f48bbc1e416b",
"type": "github"
},
"original": {
"owner": "martinvonz",
"repo": "jj",
"type": "github"
}
},
"lepton": {
"flake": false,
"locked": {
@@ -765,11 +1049,11 @@
"linux-surface": {
"flake": false,
"locked": {
"lastModified": 1709062140,
"narHash": "sha256-yhNJ/0oQWkNkBrBePEYN4SEzlx8S4w/OK6KFYP/vCbk=",
"lastModified": 1710015335,
"narHash": "sha256-Mjk332F7vTGupjpfRv9OdvV9MZORb87L2D+cYI7f8CM=",
"owner": "linux-surface",
"repo": "linux-surface",
"rev": "0a6559d21ea3ccdb12ce2483fa6b6ad416f0c56f",
"rev": "3c1b47315d1e4f49b13903f07618310c65b16e64",
"type": "github"
},
"original": {
@@ -862,7 +1146,7 @@
},
"napalm": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
@@ -881,6 +1165,43 @@
"type": "github"
}
},
"niri": {
"inputs": {
"crane": [
"chaotic",
"crane"
],
"fenix": [
"chaotic",
"fenix"
],
"flake-utils": [
"chaotic",
"flake-utils"
],
"nix-filter": [
"chaotic",
"nix-filter"
],
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710525749,
"narHash": "sha256-LpV/mJLeShTPecVQZnIAb9PTCGziuMuGOJQUeAb2u/w=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "0c57815fbf47c69af9ed11fa8ebc1b52158a3ba2",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
"nix-doom-emacs": {
"inputs": {
"doom-emacs": "doom-emacs",
@@ -892,8 +1213,8 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3",
"format-all": "format-all",
"nix-straight": "nix-straight",
"nixpkgs": [
@@ -947,6 +1268,59 @@
"type": "github"
}
},
"nix-filter": {
"locked": {
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1708781964,
"narHash": "sha256-qbEZgB1mNuMADLmM64EtcRjDHXR3UFL4xVmoanv9wZU=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "09d07c73b4d9771f527a168e0b1b6d8a1f39de28",
"type": "github"
},
"original": {
"owner": "gmodena",
"repo": "nix-flatpak",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"chaotic",
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@@ -985,8 +1359,8 @@
},
"nix-vscode-extensions": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3",
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
]
@@ -1028,7 +1402,7 @@
},
"nixos-cn": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs"
]
@@ -1102,11 +1476,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1709464206,
"narHash": "sha256-p5qVVCzTmwMUsjBpHCrPHzXlITmJbw60gC6bwLgjLo8=",
"lastModified": 1710140976,
"narHash": "sha256-DNFKN7j4o4Ki71uhj7w+Ldgb/1ugYA6qB7xgV3U88eI=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "fc71cf1792071cdb1fc5e2457dd281cd5a5bedcf",
"rev": "5d5433bd0da0c3eafe4726c9186e93b43e09554d",
"type": "github"
},
"original": {
@@ -1200,6 +1574,22 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702780907,
"narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1709345434,
@@ -1266,9 +1656,9 @@
"nur-linyinfeng": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"flake-parts": "flake-parts_5",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"nixos-stable": "nixos-stable",
"nixpkgs": [
"nixpkgs"
@@ -1292,7 +1682,7 @@
},
"nur-xddxdd": {
"inputs": {
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_7",
"nixpkgs": [
"nixpkgs"
],
@@ -1343,7 +1733,7 @@
},
"nvfetcher_2": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_7",
"flake-utils": [
"nur-xddxdd",
"flake-utils"
@@ -1472,7 +1862,7 @@
},
"pnpm2nix-nzbr": {
"inputs": {
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_8",
"nixpkgs": [
"nixpkgs"
]
@@ -1532,6 +1922,7 @@
"inputs": {
"aagl": "aagl",
"blurred-wallpaper": "blurred-wallpaper",
"chaotic": "chaotic",
"citation-style-language": "citation-style-language",
"concurrencpp": "concurrencpp",
"cppcoro": "cppcoro",
@@ -1540,6 +1931,7 @@
"eigen": "eigen",
"envfs": "envfs",
"fluent-kde": "fluent-kde",
"gricad": "gricad",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lepton": "lepton",
@@ -1552,6 +1944,7 @@
"napalm": "napalm",
"nix-doom-emacs": "nix-doom-emacs",
"nix-fast-build": "nix-fast-build",
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixd": "nixd",
@@ -1612,6 +2005,50 @@
"type": "github"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1709219524,
"narHash": "sha256-8HHRXm4kYQLdUohNDUuCC3Rge7fXrtkjBUf0GERxrkM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "9efa23c4dacee88b93540632eb3d88c5dfebfe17",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"chaotic",
"jujutsu",
"flake-utils"
],
"nixpkgs": [
"chaotic",
"jujutsu",
"nixpkgs"
]
},
"locked": {
"lastModified": 1707444620,
"narHash": "sha256-P8kRkiJLFttN+hbAOlm11wPxUrQZqKle+QtVCqFiGXY=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "78503e9199010a4df714f29a4f9c00eb2ccae071",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rycee": {
"flake": false,
"locked": {
@@ -1685,16 +2122,16 @@
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"repo": "default-linux",
"type": "github"
}
},
@@ -1788,6 +2225,21 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tgbot-cpp": {
"flake": false,
"locked": {
@@ -1812,11 +2264,11 @@
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"lastModified": 1710781103,
"narHash": "sha256-nehQK/XTFxfa6rYKtbi8M1w+IU1v5twYhiyA4dg1vpg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"rev": "7ee5aaac63c30d3c97a8c56efe89f3b2aa9ae564",
"type": "github"
},
"original": {
@@ -1885,7 +2337,7 @@
},
"utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
@@ -1949,6 +2401,30 @@
"type": "github"
}
},
"yafas": {
"inputs": {
"flake-schemas": [
"chaotic",
"flake-schemas"
],
"systems": [
"chaotic",
"systems"
]
},
"locked": {
"lastModified": 1695926485,
"narHash": "sha256-wNFFnItckgSs8XeYhhv8vlJs2WF09fSQaWgw4xkDqHQ=",
"rev": "7772afd6686458ca0ddbc599a52cf5d337367653",
"revCount": 4,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/UbiqueLambda/yafas/0.1.4%2Brev-7772afd6686458ca0ddbc599a52cf5d337367653/018add18-ebb4-72c6-93fe-d1d8da361703/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/UbiqueLambda/yafas/0.1.%2A.tar.gz"
}
},
"zpp-bits": {
"flake": false,
"locked": {

17
flake.nix
View File

@@ -37,6 +37,13 @@
nixos-hardware.url = "github:CHN-beta/nixos-hardware";
envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-fast-build = { url = "github:/Mic92/nix-fast-build"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
chaotic =
{
url = "github:chaotic-cx/nyx?rev=03b2bea544688068025df1912ff1e9a1ad4a642a";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -97,11 +104,9 @@
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
(moduleInputs:
{
config.nixpkgs.overlays = [(final: prev: { localPackages =
import ./local/pkgs { inherit (moduleInputs) lib; pkgs = final; topInputs = inputs; };})];
})
(moduleInputs: { config.nixpkgs.overlays = [(prev: final:
# replace pkgs with final to avoid infinite recursion
{ localPackages = import ./local/pkgs (moduleInputs // { pkgs = final; }); })]; })
./modules
./devices/${system}
];
@@ -143,7 +148,7 @@
inputs.self.nixosConfigurations.${node};
};
})
[ "vps6" "vps7" "nas" "surface" "xmupc1" ]
[ "vps6" "vps7" "nas" "surface" "xmupc1" "xmupc2" ]
);
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;

25
local/lib/default.nix
View File

@@ -1,4 +1,4 @@
lib:
lib: rec
{
attrsToList = attrs: builtins.map (name: { inherit name; value = attrs.${name}; }) (builtins.attrNames attrs);
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
@@ -12,9 +12,9 @@ lib:
mkModules = moduleList:
(builtins.map
(
let handle = module:
if ( builtins.typeOf module ) == "path" then (handle (import module))
else if ( builtins.typeOf module ) == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
let handle = module: let type = builtins.typeOf module; in
if type == "path" || type == "string" then (handle (import module))
else if type == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
else module;
in handle
)
@@ -37,4 +37,21 @@ lib:
findIndex = e: list:
let findIndex_ = i: list: if (builtins.elemAt list i) == e then i else findIndex_ (i + 1) list;
in findIndex_ 0 list;
# return a list of path, including:
# - all .nix file in the directory except for default.nix
# - all directories containing a default.nix
findModules = path:
builtins.filter (path: path != null) (builtins.map
(subPath:
if subPath.value == "regular" && subPath.name != "default.nix"
then if lib.strings.hasSuffix ".nix" subPath.name
then "${path}/${subPath.name}"
else null
else if subPath.value == "directory"
then if (builtins.readDir "${path}/${subPath.name}")."default.nix" or null == "regular"
then "${path}/${subPath.name}"
else null
else null)
(attrsToList (builtins.readDir path)));
}

26
local/pkgs/aocc/default.nix
View File

@@ -1 +1,25 @@
1k9anln9hmdjflrkq4iacrmhma7gfrfj6d0b8ywxys0wfpdvy12v
{ version ? "4.2.0", stdenv, fetchurl, lib }:
let versions =
{
"4.1.0" = "1k9anln9hmdjflrkq4iacrmhma7gfrfj6d0b8ywxys0wfpdvy12v";
"4.2.0" = "1aycw6ygzr1db6xf3z7v5lpznhs8j7gcpkawd304vcj5qw75cnpd";
};
in stdenv.mkDerivation
{
pname = "aocc";
inherit version;
src = fetchurl
{
url = "https://download.amd.com/developer/eula/aocc/aocc-"
+ builtins.concatStringsSep "-" (lib.lists.take 2 (builtins.splitVersion version))
+ "/aocc-compiler-${version}.tar";
sha256 = versions.${version};
};
dontBuild = true;
installPhase =
''
mkdir -p $out
cp -r bin include lib lib32 libexec share $out
'';
dontFixup = true;
}

28
local/pkgs/aocl/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ version ? "4.2.0", stdenv, fetchurl, lib }:
let versions =
{
"4.1.0" = "04780c2zks0g76c4n4a2cbbhs1qz4lza4ffiw1fj0md3f1lxihr5";
"4.2.0" = "0p4x0zza6y18hjjs1971gyc5kjd2f8nzzynp2jabhl2vxiys2nnj";
};
in stdenv.mkDerivation
{
pname = "aocl";
inherit version;
src = fetchurl
{
url = "https://download.amd.com/developer/eula/aocl/aocl-"
+ builtins.concatStringsSep "-" (lib.lists.take 2 (builtins.splitVersion version))
+ "/aocl-linux-aocc-${version}.tar.gz";
sha256 = versions.${version};
};
dontBuild = true;
installPhase =
''
installDir=$(mktemp -d)
bash ./install.sh -t $installDir
mkdir -p $out
cp -r $installDir/${version}/aocc/lib_LP64 $out/lib
cp -r $installDir/${version}/aocc/include_LP64 $out/include
'';
dontFixup = true;
}

134
local/pkgs/default.nix
View File

@@ -1,69 +1,87 @@
{ lib, pkgs, topInputs }: with pkgs; rec
inputs: rec
{
typora = callPackage ./typora {};
vesta = callPackage ./vesta {};
rsshub = callPackage ./rsshub { src = topInputs.rsshub; };
misskey = callPackage ./misskey { nodejs = nodejs_21; src = topInputs.misskey; };
mk-meili-mgn = callPackage ./mk-meili-mgn {};
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
v-sim = callPackage ./v-sim { src = topInputs.v-sim; };
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; src = topInputs.concurrencpp; };
eigengdb = python3Packages.callPackage ./eigengdb {};
nodesoup = callPackage ./nodesoup { src = topInputs.nodesoup; };
matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup glad; src = topInputs.matplotplusplus; };
zpp-bits = callPackage ./zpp-bits { src = topInputs.zpp-bits; };
eigen = callPackage ./eigen { src = topInputs.eigen; };
nameof = callPackage ./nameof { src = topInputs.nameof; };
pslist = callPackage ./pslist {};
glad = callPackage ./glad {};
chromiumos-touch-keyboard = callPackage ./chromiumos-touch-keyboard {};
yoga-support = callPackage ./yoga-support {};
tgbot-cpp = callPackage ./tgbot-cpp { src = topInputs.tgbot-cpp; };
biu = callPackage ./biu { inherit concurrencpp tgbot-cpp nameof; stdenv = gcc13Stdenv; };
citation-style-language = callPackage ./citation-style-language { src = topInputs.citation-style-language; };
mirism = callPackage ./mirism
typora = inputs.pkgs.callPackage ./typora {};
vesta = inputs.pkgs.callPackage ./vesta {};
rsshub = inputs.pkgs.callPackage ./rsshub { src = inputs.topInputs.rsshub; };
misskey = inputs.pkgs.callPackage ./misskey { nodejs = inputs.pkgs.nodejs_21; src = inputs.topInputs.misskey; };
mk-meili-mgn = inputs.pkgs.callPackage ./mk-meili-mgn {};
vaspkit = inputs.pkgs.callPackage ./vaspkit { inherit (inputs.localLib) attrsToList; };
v-sim = inputs.pkgs.callPackage ./v-sim { src = inputs.topInputs.v-sim; };
concurrencpp = inputs.pkgs.callPackage ./concurrencpp
{ stdenv = inputs.pkgs.gcc13Stdenv; src = inputs.topInputs.concurrencpp; };
eigengdb = inputs.pkgs.python3Packages.callPackage ./eigengdb {};
nodesoup = inputs.pkgs.callPackage ./nodesoup { src = inputs.topInputs.nodesoup; };
matplotplusplus = inputs.pkgs.callPackage ./matplotplusplus
{ inherit nodesoup glad; src = inputs.topInputs.matplotplusplus; };
zpp-bits = inputs.pkgs.callPackage ./zpp-bits { src = inputs.topInputs.zpp-bits; };
eigen = inputs.pkgs.callPackage ./eigen { src = inputs.topInputs.eigen; };
nameof = inputs.pkgs.callPackage ./nameof { src = inputs.topInputs.nameof; };
pslist = inputs.pkgs.callPackage ./pslist {};
glad = inputs.pkgs.callPackage ./glad {};
chromiumos-touch-keyboard = inputs.pkgs.callPackage ./chromiumos-touch-keyboard {};
yoga-support = inputs.pkgs.callPackage ./yoga-support {};
tgbot-cpp = inputs.pkgs.callPackage ./tgbot-cpp { src = inputs.topInputs.tgbot-cpp; };
biu = inputs.pkgs.callPackage ./biu { inherit concurrencpp tgbot-cpp nameof; stdenv = inputs.pkgs.gcc13Stdenv; };
citation-style-language = inputs.pkgs.callPackage ./citation-style-language
{ src = inputs.topInputs.citation-style-language; };
mirism = inputs.pkgs.callPackage ./mirism
{
inherit cppcoro nameof tgbot-cpp date;
nghttp2 = pkgs."nghttp2-23.05".override { enableAsioLib = true; };
nghttp2 = inputs.pkgs.callPackage "${inputs.topInputs."nixpkgs-23.05"}/pkgs/development/libraries/nghttp2"
{ enableAsioLib = true; };
};
cppcoro = callPackage ./cppcoro { src = topInputs.cppcoro; };
date = callPackage ./date { src = topInputs.date; };
esbonio = python3Packages.callPackage ./esbonio {};
pix2tex = python3Packages.callPackage ./pix2tex {};
pyreadline3 = python3Packages.callPackage ./pyreadline3 {};
torchdata = python3Packages.callPackage ./torchdata {};
torchtext = python3Packages.callPackage ./torchtext { inherit torchdata; };
win11os-kde = callPackage ./win11os-kde { src = topInputs.win11os-kde; };
fluent-kde = callPackage ./fluent-kde { src = topInputs.fluent-kde; };
blurred-wallpaper = callPackage ./blurred-wallpaper { src = topInputs.blurred-wallpaper; };
slate = callPackage ./slate { src = topInputs.slate; };
nvhpc = callPackage ./nvhpc {};
lmod = callPackage ./lmod { src = topInputs.lmod; };
vasp =
cppcoro = inputs.pkgs.callPackage ./cppcoro { src = inputs.topInputs.cppcoro; };
date = inputs.pkgs.callPackage ./date { src = inputs.topInputs.date; };
esbonio = inputs.pkgs.python3Packages.callPackage ./esbonio {};
pix2tex = inputs.pkgs.python3Packages.callPackage ./pix2tex {};
pyreadline3 = inputs.pkgs.python3Packages.callPackage ./pyreadline3 {};
torchdata = inputs.pkgs.python3Packages.callPackage ./torchdata {};
torchtext = inputs.pkgs.python3Packages.callPackage ./torchtext { inherit torchdata; };
win11os-kde = inputs.pkgs.callPackage ./win11os-kde { src = inputs.topInputs.win11os-kde; };
fluent-kde = inputs.pkgs.callPackage ./fluent-kde { src = inputs.topInputs.fluent-kde; };
blurred-wallpaper = inputs.pkgs.callPackage ./blurred-wallpaper { src = inputs.topInputs.blurred-wallpaper; };
slate = inputs.pkgs.callPackage ./slate { src = inputs.topInputs.slate; };
nvhpc = inputs.pkgs.callPackage ./nvhpc {};
lmod = inputs.pkgs.callPackage ./lmod { src = inputs.topInputs.lmod; };
vasp = rec
{
source = callPackage ./vasp/source.nix {};
gnu = callPackage ./vasp/gnu
source = inputs.pkgs.callPackage ./vasp/source.nix {};
gnu = inputs.pkgs.callPackage ./vasp/gnu
{
inherit (llvmPackages) openmp;
inherit (unstablePackages) wannier90;
hdf5 = hdf5.override { mpiSupport = true; fortranSupport = true; };
inherit (inputs.pkgs.llvmPackages) openmp;
inherit wannier90 additionalCommands;
hdf5 = inputs.pkgs.hdf5.override { mpiSupport = true; fortranSupport = true; };
};
nvidia = callPackage ./vasp/nvidia
gnu-mkl = inputs.pkgs.callPackage ./vasp/gnu-mkl
{
inherit lmod;
nvhpc = nvhpc."24.1";
hdf5 = hdf5-nvhpc.override { nvhpc = nvhpc."24.1"; };
inherit (unstablePackages) wannier90;
};
intel = callPackage ./vasp/intel
{
inherit lmod;
oneapi = oneapi."2022.2";
hdf5 = hdf5.override { mpiSupport = true; fortranSupport = true; };
inherit (unstablePackages) wannier90;
inherit (inputs.pkgs.llvmPackages) openmp;
inherit wannier90 additionalCommands;
hdf5 = inputs.pkgs.hdf5.override { mpiSupport = true; fortranSupport = true; };
};
nvidia = inputs.pkgs.callPackage ./vasp/nvidia
{ inherit lmod nvhpc wannier90 additionalCommands; hdf5 = hdf5-nvhpc; };
intel = inputs.pkgs.callPackage ./vasp/intel
{ inherit lmod oneapi wannier90 additionalCommands; hdf5 = hdf5-oneapi; };
amd = inputs.pkgs.callPackage ./vasp/amd
{ inherit aocc aocl wannier90 additionalCommands; hdf5 = hdf5-aocc; openmpi = openmpi-aocc; gcc = gcc-pie; };
wannier90 = inputs.pkgs.callPackage
"${inputs.topInputs.nixpkgs-unstable}/pkgs/by-name/wa/wannier90/package.nix" {};
hdf5-nvhpc = inputs.pkgs.callPackage ./vasp/hdf5-nvhpc { inherit lmod nvhpc; inherit (inputs.pkgs.hdf5) src; };
hdf5-oneapi = inputs.pkgs.callPackage ./vasp/hdf5-oneapi { inherit lmod oneapi; inherit (inputs.pkgs.hdf5) src; };
hdf5-aocc = inputs.pkgs.callPackage ./vasp/hdf5-aocc
{ inherit (inputs.pkgs.hdf5) src; inherit aocc; openmpi = openmpi-aocc; gcc = gcc-pie; };
openmpi-aocc = inputs.pkgs.callPackage ./vasp/openmpi-aocc { inherit aocc; gcc = gcc-pie; };
gcc-pie = inputs.pkgs.wrapCC (inputs.pkgs.gcc.cc.overrideAttrs (prev:
{ configureFlags = prev.configureFlags ++ [ "--enable-default-pie" ];}));
additionalCommands = let uid = inputs.config.nixos.user.uid.gb; in
''[ "$(${inputs.pkgs.coreutils}/bin/id -u)" -eq ${builtins.toString uid} ] && exit 1'';
};
hdf5-nvhpc = callPackage ./hdf5-nvhpc { inherit lmod; inherit (hdf5) src; nvhpc = nvhpc."24.1"; };
oneapi = callPackage ./oneapi {};
mumax = callPackage ./mumax { src = topInputs.mumax; };
oneapi = inputs.pkgs.callPackage ./oneapi {};
mumax = inputs.pkgs.callPackage ./mumax { src = inputs.topInputs.mumax; };
aocc = inputs.pkgs.callPackage ./aocc {};
aocl = inputs.pkgs.callPackage ./aocl {};
fromYaml = content: builtins.fromJSON (builtins.readFile
(inputs.pkgs.runCommand "toJSON" {}
"${inputs.pkgs.remarshal}/bin/yaml2json ${builtins.toFile "content.yaml" content} $out"));
}

7
local/pkgs/nvhpc/default.nix
View File

@@ -1,4 +1,5 @@
{
version ? "24.1",
stdenvNoCC, fetchurl, buildFHSEnv,
gfortran, flock
}:
@@ -17,7 +18,7 @@ let
targetPkgs = pkgs: with pkgs; [ coreutils ];
extraBwrapArgs = [ "--bind" "$out" "$out" ];
};
in let buildNvhpc = version: stdenvNoCC.mkDerivation
in stdenvNoCC.mkDerivation
{
pname = "nvhpc";
inherit version;
@@ -38,5 +39,5 @@ in let buildNvhpc = version: stdenvNoCC.mkDerivation
mkdir -p $out
${builder}/bin/builder ./install
'';
};
in builtins.mapAttrs (version: _: buildNvhpc version) versions
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
}

8
local/pkgs/oneapi/default.nix
View File

@@ -1,4 +1,5 @@
{
version ? "2024.0",
stdenvNoCC, fetchurl, buildFHSEnv,
ncurses
}:
@@ -56,7 +57,7 @@ let
};
componentString = components: if components == null then "--components default" else
" --components " + (builtins.concatStringsSep ":" components);
in let buildOneapi = version: stdenvNoCC.mkDerivation rec
in stdenvNoCC.mkDerivation rec
{
pname = "oneapi";
inherit version;
@@ -84,5 +85,6 @@ in let buildOneapi = version: stdenvNoCC.mkDerivation rec
${builder}/bin/builder $out/share/intel/modulefiles-setup.sh --output-dir=$out/share/intel/modulefiles \
--ignore-latest
'';
};
in builtins.mapAttrs (version: _: buildOneapi version) versions
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
}

75
local/pkgs/vasp/amd/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{
buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll,
aocc, rsync, which, hdf5, wannier90, aocl, openmpi, gcc, zlib, glibc, binutils, libpsm2,
additionalCommands ? ""
}:
let
sources = import ../source.nix { inherit requireFile; };
buildEnv = buildFHSEnv
{
name = "buildEnv";
targetPkgs = _: [ zlib aocc aocl openmpi gcc.cc gcc.cc.lib glibc.dev binutils.bintools ];
};
buildScript = writeScript "build"
''
mkdir -p bin
make DEPS=1 -j$NIX_BUILD_CORES
'';
include = version: substituteAll
{
src = ./makefile.include-${version};
gccArch = stdenvNoCC.hostPlatform.gcc.arch;
};
vasp = version: stdenvNoCC.mkDerivation rec
{
pname = "vasp-amd";
inherit version;
src = sources.${version};
configurePhase =
''
cp ${include version} makefile.include
cp ${../constr_cell_relax.F} src/constr_cell_relax.F
'';
buildInputs = [ wannier90 ];
nativeBuildInputs = [ rsync which ];
AMDBLIS_ROOT = aocl;
AMDLIBFLAME_ROOT = aocl;
AMDSCALAPACK_ROOT = aocl;
AMDFFTW_ROOT = aocl;
HDF5_ROOT = hdf5;
WANNIER90_ROOT = wannier90;
OMPI_CC = "clang";
OMPI_CXX = "clang++";
OMPI_FC = "flang";
buildPhase = "${buildEnv}/bin/buildEnv ${buildScript}";
installPhase =
''
mkdir -p $out/bin
for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
'';
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
};
startScript = version: writeScript "vasp-nvidia-${version}"
''
# if OMP_NUM_THREADS is not set, set it according to SLURM_CPUS_PER_TASK or to 1
if [ -z "''${OMP_NUM_THREADS-}" ]; then
if [ -n "''${SLURM_CPUS_PER_TASK-}" ]; then
OMP_NUM_THREADS=$SLURM_CPUS_PER_TASK
else
OMP_NUM_THREADS=1
fi
fi
export OMP_NUM_THREADS
${additionalCommands}
exec "$@"
'';
runEnv = version: buildFHSEnv
{
name = "vasp-amd-${builtins.replaceStrings ["."] [""] version}-env";
targetPkgs = _: [ zlib (vasp version) aocc aocl openmpi gcc.cc.lib hdf5 wannier90 libpsm2 ];
runScript = startScript version;
};
in builtins.mapAttrs (version: _: runEnv version) sources

91
local/pkgs/vasp/amd/makefile.include-6.3.1 Normal file
View File

@@ -0,0 +1,91 @@
# Default precompiler options
CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-DMPI -DMPI_BLOCK=8000 -Duse_collective \
-DscaLAPACK \
-DCACHE_SIZE=4000 \
-Davoidalloc \
-Dvasp6 \
-Duse_bse_te \
-Dtbdyn \
-Dfock_dblbuf \
-D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
CPP = flang -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS) -ffree-form
FC = mpif90 -fopenmp
FCL = mpif90 -fopenmp
FREE = -ffree-form -ffree-line-length-none
FFLAGS = -w -fno-fortran-main -Mbackslash
OFLAG = -O2
OFLAG_IN = $(OFLAG)
DEBUG = -O0
OBJECTS = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
OBJECTS_O2 += fft3dlib.o
# For what used to be vasp.5.lib
CPP_LIB = $(CPP)
FC_LIB = $(FC)
CC_LIB = clang
CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
# For the parser library
CXX_PARS = clang++
LLIBS = -lstdc++
##
## Customize as of this point! Of course you may change the preceding
## part of this file as well if you like, but it should rarely be
## necessary ...
##
# When compiling on the target machine itself, change this to the
# relevant target when cross-compiling for another architecture
VASP_TARGET_CPU ?= -march=@gccArch@
FFLAGS += $(VASP_TARGET_CPU)
# BLAS (mandatory)
AMDBLIS_ROOT ?= /path/to/your/amdblis/installation
BLAS = -L${AMDBLIS_ROOT}/lib -lblis-mt
# LAPACK (mandatory)
AMDLIBFLAME_ROOT ?= /path/to/your/amdlibflame/installation
LAPACK = -L${AMDLIBFLAME_ROOT}/lib -lflame
# scaLAPACK (mandatory)
AMDSCALAPACK_ROOT ?= /path/to/your/amdscalapack/installation
SCALAPACK = -L${AMDSCALAPACK_ROOT}/lib -lscalapack
LLIBS += $(SCALAPACK) $(LAPACK) $(BLAS)
# FFTW (mandatory)
AMDFFTW_ROOT ?= /path/to/your/amdfftw/installation
LLIBS += -L$(AMDFFTW_ROOT)/lib -lfftw3 -lfftw3_omp
INCS += -I$(AMDFFTW_ROOT)/include
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5
HDF5_ROOT ?= /path/to/your/hdf5/installation
LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
INCS += -I$(HDF5_ROOT)/include
# For the VASP-2-Wannier90 interface (optional)
CPP_OPTIONS += -DVASP2WANNIER90
WANNIER90_ROOT ?= /path/to/your/wannier90/installation
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
# For the fftlib library (recommended)
CPP_OPTIONS+= -Dsysv
FCL += fftlib.o
CXX_FFTLIB = clang++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
INCS_FFTLIB = -I./include -I$(AMDFFTW_ROOT)/include
LIBS += fftlib
LLIBS += -ldl

91
local/pkgs/vasp/amd/makefile.include-6.4.0 Normal file
View File

@@ -0,0 +1,91 @@
# Default precompiler options
CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-DMPI -DMPI_BLOCK=8000 -Duse_collective \
-DscaLAPACK \
-DCACHE_SIZE=4000 \
-Davoidalloc \
-Dvasp6 \
-Duse_bse_te \
-Dtbdyn \
-Dfock_dblbuf \
-D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
CPP = flang -E -ffree-form -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS) -ffree-form
FC = mpif90 -fopenmp
FCL = mpif90 -fopenmp
FREE = -ffree-form -ffree-line-length-none
FFLAGS = -w -fno-fortran-main -Mbackslash
OFLAG = -O2
OFLAG_IN = $(OFLAG)
DEBUG = -O0
OBJECTS = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
OBJECTS_O2 += fft3dlib.o
# For what used to be vasp.5.lib
CPP_LIB = $(CPP)
FC_LIB = $(FC)
CC_LIB = clang
CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
# For the parser library
CXX_PARS = clang++
LLIBS = -lstdc++
##
## Customize as of this point! Of course you may change the preceding
## part of this file as well if you like, but it should rarely be
## necessary ...
##
# When compiling on the target machine itself, change this to the
# relevant target when cross-compiling for another architecture
VASP_TARGET_CPU ?= -march=@gccArch@
FFLAGS += $(VASP_TARGET_CPU)
# BLAS (mandatory)
AMDBLIS_ROOT ?= /path/to/your/amdblis/installation
BLAS = -L${AMDBLIS_ROOT}/lib -lblis-mt
# LAPACK (mandatory)
AMDLIBFLAME_ROOT ?= /path/to/your/amdlibflame/installation
LAPACK = -L${AMDLIBFLAME_ROOT}/lib -lflame
# scaLAPACK (mandatory)
AMDSCALAPACK_ROOT ?= /path/to/your/amdscalapack/installation
SCALAPACK = -L${AMDSCALAPACK_ROOT}/lib -lscalapack
LLIBS += $(SCALAPACK) $(LAPACK) $(BLAS)
# FFTW (mandatory)
AMDFFTW_ROOT ?= /path/to/your/amdfftw/installation
LLIBS += -L$(AMDFFTW_ROOT)/lib -lfftw3 -lfftw3_omp
INCS += -I$(AMDFFTW_ROOT)/include
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5
HDF5_ROOT ?= /path/to/your/hdf5/installation
LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
INCS += -I$(HDF5_ROOT)/include
# For the VASP-2-Wannier90 interface (optional)
CPP_OPTIONS += -DVASP2WANNIER90
WANNIER90_ROOT ?= /path/to/your/wannier90/installation
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
# For the fftlib library (recommended)
CPP_OPTIONS+= -Dsysv
FCL += fftlib.o
CXX_FFTLIB = clang++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
INCS_FFTLIB = -I./include -I$(AMDFFTW_ROOT)/include
LIBS += fftlib
LLIBS += -ldl

57
local/pkgs/vasp/gnu-mkl/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
stdenvNoCC, requireFile, writeShellApplication,
rsync, mkl, mpi, openmp, gfortran, gcc, fftwMpi, hdf5, wannier90,
additionalCommands ? ""
}:
let
sources = import ../source.nix { inherit requireFile; };
include = version: ./makefile.include-${version};
vasp = version: stdenvNoCC.mkDerivation rec
{
pname = "vasp-gnu-mkl";
inherit version;
src = sources.${version};
configurePhase =
''
cp ${include version} makefile.include
cp ${../constr_cell_relax.F} src/constr_cell_relax.F
mkdir -p bin
'';
enableParallelBuilding = true;
makeFlags = "DEPS=1";
buildInputs = [ mkl mpi openmp fftwMpi.dev fftwMpi hdf5 hdf5.dev wannier90 ];
nativeBuildInputs = [ rsync gfortran gfortran.cc gcc ];
FFTW_ROOT = fftwMpi.dev;
HDF5_ROOT = hdf5.dev;
WANNIER90_ROOT = wannier90;
MKLROOT = mkl;
installPhase =
''
mkdir -p $out/bin
for i in std gam ncl; do
cp bin/vasp_$i $out/bin/vasp-$i
done
'';
};
startScript = version: writeShellApplication
{
name = "vasp-gnu-${builtins.replaceStrings ["."] [""] version}-env";
runtimeInputs = [(vasp version)];
text =
''
# if OMP_NUM_THREADS is not set, set it according to SLURM_CPUS_PER_TASK or to 1
if [ -z "''${OMP_NUM_THREADS-}" ]; then
if [ -n "''${SLURM_CPUS_PER_TASK-}" ]; then
OMP_NUM_THREADS=$SLURM_CPUS_PER_TASK
else
OMP_NUM_THREADS=1
fi
fi
export OMP_NUM_THREADS
${additionalCommands}
exec "$@"
'';
};
in builtins.mapAttrs (version: _: startScript version) sources

87
local/pkgs/vasp/gnu-mkl/makefile.include-6.3.1 Normal file
View File

@@ -0,0 +1,87 @@
# Default precompiler options
CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-DMPI -DMPI_BLOCK=8000 -Duse_collective \
-DscaLAPACK \
-DCACHE_SIZE=4000 \
-Davoidalloc \
-Dvasp6 \
-Duse_bse_te \
-Dtbdyn \
-Dfock_dblbuf \
-D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
CPP = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)
FC = mpif90 -fopenmp
FCL = mpif90 -fopenmp
FREE = -ffree-form -ffree-line-length-none
FFLAGS = -w -ffpe-summary=none
OFLAG = -O2
OFLAG_IN = $(OFLAG)
DEBUG = -O0
OBJECTS = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
OBJECTS_O2 += fft3dlib.o
# For what used to be vasp.5.lib
CPP_LIB = $(CPP)
FC_LIB = $(FC)
CC_LIB = gcc
CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
# For the parser library
CXX_PARS = g++
LLIBS = -lstdc++
##
## Customize as of this point! Of course you may change the preceding
## part of this file as well if you like, but it should rarely be
## necessary ...
##
# When compiling on the target machine itself, change this to the
# relevant target when cross-compiling for another architecture
# VASP_TARGET_CPU ?= -march=native
# FFLAGS += $(VASP_TARGET_CPU)
# For gcc-10 and higher (comment out for older versions)
FFLAGS += -fallow-argument-mismatch
# Intel MKL for FFTW, BLAS, LAPACK, and scaLAPACK
MKLROOT ?= /path/to/your/mkl/installation
LLIBS_MKL = -L$(MKLROOT)/lib/intel64 -Wl,--no-as-needed -lmkl_gf_lp64 -lmkl_gnu_thread -lmkl_core -lmkl_scalapack_lp64 -lmkl_blacs_openmpi_lp64 -lgomp -lpthread -lm -ldl
INCS = -I$(MKLROOT)/include/fftw
# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
# Comment out the two lines below if you want to use scaLAPACK from MKL instead
#SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
#LLIBS_MKL = -L$(SCALAPACK_ROOT)/lib -lscalapack -L$(MKLROOT)/lib/intel64 -Wl,--no-as-needed -lmkl_gf_lp64 -lmkl_gnu_thread -lmkl_core -lgomp -lpthread -lm -ldl
LLIBS += $(LLIBS_MKL)
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5
HDF5_ROOT ?= /path/to/your/hdf5/installation
LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
INCS += -I$(HDF5_ROOT)/include
# For the VASP-2-Wannier90 interface (optional)
CPP_OPTIONS += -DVASP2WANNIER90
WANNIER90_ROOT ?= /path/to/your/wannier90/installation
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
# For the fftlib library (hardly any benefit in combination with MKL's FFTs)
#CPP_OPTIONS+= -Dsysv
#FCL += fftlib.o
#CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_USE_MKL -DFFTLIB_THREADSAFE
#INCS_FFTLIB = -I./include -I$(MKLROOT)/include/fftw
#LIBS += fftlib
#LLIBS += -ldl

87
local/pkgs/vasp/gnu-mkl/makefile.include-6.4.0 Normal file
View File

@@ -0,0 +1,87 @@
# Default precompiler options
CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-DMPI -DMPI_BLOCK=8000 -Duse_collective \
-DscaLAPACK \
-DCACHE_SIZE=4000 \
-Davoidalloc \
-Dvasp6 \
-Duse_bse_te \
-Dtbdyn \
-Dfock_dblbuf \
-D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
CPP = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)
FC = mpif90 -fopenmp
FCL = mpif90 -fopenmp
FREE = -ffree-form -ffree-line-length-none
FFLAGS = -w -ffpe-summary=none
OFLAG = -O3
OFLAG_IN = $(OFLAG)
DEBUG = -O0
OBJECTS = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
OBJECTS_O2 += fft3dlib.o
# For what used to be vasp.5.lib
CPP_LIB = $(CPP)
FC_LIB = $(FC)
CC_LIB = gcc
CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
# For the parser library
CXX_PARS = g++
LLIBS = -lstdc++
##
## Customize as of this point! Of course you may change the preceding
## part of this file as well if you like, but it should rarely be
## necessary ...
##
# When compiling on the target machine itself, change this to the
# relevant target when cross-compiling for another architecture
# VASP_TARGET_CPU ?= -march=native
# FFLAGS += $(VASP_TARGET_CPU)
# For gcc-10 and higher (comment out for older versions)
FFLAGS += -fallow-argument-mismatch
# Intel MKL for FFTW, BLAS, LAPACK, and scaLAPACK
MKLROOT ?= /path/to/your/mkl/installation
LLIBS_MKL = -L$(MKLROOT)/lib/intel64 -Wl,--no-as-needed -lmkl_gf_lp64 -lmkl_gnu_thread -lmkl_core -lmkl_scalapack_lp64 -lmkl_blacs_openmpi_lp64 -lgomp -lpthread -lm -ldl
INCS = -I$(MKLROOT)/include/fftw
# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
# Comment out the two lines below if you want to use scaLAPACK from MKL instead
#SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
#LLIBS_MKL = -L$(SCALAPACK_ROOT)/lib -lscalapack -L$(MKLROOT)/lib/intel64 -Wl,--no-as-needed -lmkl_gf_lp64 -lmkl_gnu_thread -lmkl_core -lgomp -lpthread -lm -ldl
LLIBS += $(LLIBS_MKL)
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5
HDF5_ROOT ?= /path/to/your/hdf5/installation
LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
INCS += -I$(HDF5_ROOT)/include
# For the VASP-2-Wannier90 interface (optional)
CPP_OPTIONS += -DVASP2WANNIER90
WANNIER90_ROOT ?= /path/to/your/wannier90/installation
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
# For the fftlib library (hardly any benefit in combination with MKL's FFTs)
#CPP_OPTIONS+= -Dsysv
#FCL += fftlib.o
#CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_USE_MKL -DFFTLIB_THREADSAFE
#INCS_FFTLIB = -I./include -I$(MKLROOT)/include/fftw
#LIBS += fftlib
#LLIBS += -ldl

24
local/pkgs/vasp/gnu/default.nix
View File

@@ -1,9 +1,11 @@
{
stdenvNoCC, requireFile, writeShellApplication,
rsync, blas, scalapack, mpi, openmp, gfortran, gcc, fftwMpi, hdf5, wannier90
rsync, blas, scalapack, mpi, openmp, gfortran, gcc, fftwMpi, hdf5, wannier90,
additionalCommands ? ""
}:
let
sources = import ../source.nix { inherit requireFile; };
include = version: ./makefile.include-${version};
vasp = version: stdenvNoCC.mkDerivation rec
{
pname = "vasp-gnu";
@@ -11,7 +13,7 @@ let
src = sources.${version};
configurePhase =
''
cp ${./makefile.include-${version}} makefile.include
cp ${include version} makefile.include
cp ${../constr_cell_relax.F} src/constr_cell_relax.F
mkdir -p bin
'';
@@ -32,14 +34,22 @@ let
};
startScript = version: writeShellApplication
{
name = "vasp-gnu-${version}";
runtimeInputs = [ (vasp version) ];
name = "vasp-gnu-${builtins.replaceStrings ["."] [""] version}-env";
runtimeInputs = [(vasp version)];
text =
''
if [ -n "''${SLURM_CPUS_PER_TASK-}" ] && [ -n "''${SLURM_THREADS_PER_CPU-}" ]; then
export OMP_NUM_THREADS=$(( SLURM_CPUS_PER_TASK * SLURM_THREADS_PER_CPU ))
# if OMP_NUM_THREADS is not set, set it according to SLURM_CPUS_PER_TASK or to 1
if [ -z "''${OMP_NUM_THREADS-}" ]; then
if [ -n "''${SLURM_CPUS_PER_TASK-}" ]; then
OMP_NUM_THREADS=$SLURM_CPUS_PER_TASK
else
OMP_NUM_THREADS=1
fi
fi
export PATH=$PATH:$PWD
export OMP_NUM_THREADS
${additionalCommands}
exec "$@"
'';
};

12
local/pkgs/vasp/gnu/makefile.include-6.3.1
View File

@@ -84,9 +84,9 @@ WANNIER90_ROOT ?= /path/to/your/wannier90/installation
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
# For the fftlib library (recommended)
#CPP_OPTIONS+= -Dsysv
#FCL += fftlib.o
#CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
#INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
#LIBS += fftlib
#LLIBS += -ldl
CPP_OPTIONS+= -Dsysv
FCL += fftlib.o
CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
LIBS += fftlib
LLIBS += -ldl

3
local/pkgs/vasp/gnu/makefile.include-6.4.0
View File

@@ -87,7 +87,6 @@ LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
CPP_OPTIONS+= -Dsysv
FCL += fftlib.o
CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
# INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
INCS_FFTLIB = -I./include
INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
LIBS += fftlib
LLIBS += -ldl

46
local/pkgs/vasp/hdf5-aocc/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
buildFHSEnv, writeScript, stdenvNoCC,
src,
aocc, cmake, openmpi, zlib, gcc, glibc, binutils, pkg-config
}:
let
buildEnv = buildFHSEnv
{
name = "buildEnv";
targetPkgs = _: [ zlib aocc gcc.cc.lib.lib glibc.dev binutils.bintools openmpi pkg-config ];
extraBwrapArgs = [ "--bind" "$out" "$out" ];
};
buildScript = writeScript "build"
''
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=$out -DHDF5_INSTALL_CMAKE_DIR=$out/lib/cmake \
-DHDF5_BUILD_FORTRAN=ON -DHDF5_ENABLE_PARALLEL=ON ..
make -j$NIX_BUILD_CORES
make install
'';
in stdenvNoCC.mkDerivation
{
name = "hdf5-aocc";
inherit src;
dontConfigure = true;
enableParallelBuilding = true;
nativeBuildInputs = [ cmake ];
CC = "clang";
CXX = "clang++";
FC = "flang";
OMPI_CC = "clang";
OMPI_CXX = "clang++";
OMPI_FC = "flang";
CFLAGS = "-march=${stdenvNoCC.hostPlatform.gcc.arch} -O2";
CXXFLAGS = "-march=${stdenvNoCC.hostPlatform.gcc.arch} -O2";
FCFLAGS = "-march=${stdenvNoCC.hostPlatform.gcc.arch} -O2";
buildPhase =
''
mkdir -p $out
${buildEnv}/bin/buildEnv ${buildScript}
'';
dontInstall = true;
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
}

6
local/pkgs/hdf5-nvhpc/default.nix → local/pkgs/vasp/hdf5-nvhpc/default.nix
View File

@@ -1,8 +1,7 @@
{
buildFHSEnv, writeScript, stdenvNoCC,
src,
nvhpc, lmod, cmake, gfortran,
config, nvhpcArch ? config.nvhpcArch or "px"
nvhpc, lmod, cmake, gfortran
}:
let
buildEnv = buildFHSEnv
@@ -36,5 +35,6 @@ in stdenvNoCC.mkDerivation
${buildEnv}/bin/buildEnv ${buildScript}
'';
dontInstall = true;
requiredSystemFeatures = [ "nvhpcarch-${nvhpcArch}" ];
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
}

48
local/pkgs/vasp/hdf5-oneapi/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
buildFHSEnv, writeScript, stdenvNoCC, symlinkJoin,
src,
oneapi, lmod, cmake, gcc, glibc, binutils,
config, oneapiArch ? config.oneapiArch or "SSE3"
}:
let
gccFull = symlinkJoin { name = "gcc"; paths = [ gcc gcc.cc gcc.cc.lib glibc.dev binutils.bintools ]; };
buildEnv = buildFHSEnv
{
name = "buildEnv";
targetPkgs = pkgs: with pkgs; [ zlib (writeTextDir "etc/release" "") gccFull ];
extraBwrapArgs = [ "--bind" "$out" "$out" ];
};
buildScript = writeScript "build"
''
. ${lmod}/share/lmod/lmod/init/bash
module use ${oneapi}/share/intel/modulefiles
module load tbb compiler-rt oclfpga # dependencies
module load mpi mkl compiler
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=$out -DHDF5_INSTALL_CMAKE_DIR=$out/lib/cmake \
-DHDF5_BUILD_FORTRAN=ON -DHDF5_ENABLE_PARALLEL=ON -DBUILD_SHARED_LIBS=OFF -DBUILD_STATIC_LIBS=OFF \
-DBUILD_TESTING=OFF ..
make -j$NIX_BUILD_CORES
make install
'';
in stdenvNoCC.mkDerivation
{
name = "hdf5-oneapi";
inherit src;
dontConfigure = true;
enableParallelBuilding = true;
nativeBuildInputs = [ cmake ];
I_MPI_CC = "icx";
I_MPI_CXX = "icpx";
I_MPI_FC = "ifx";
I_MPI_F90 = "ifx";
buildPhase =
''
mkdir -p $out
${buildEnv}/bin/buildEnv ${buildScript}
'';
dontInstall = true;
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
}

89
local/pkgs/vasp/intel/default.nix
View File

@@ -1,15 +1,15 @@
{
buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll, symlinkJoin,
config, oneapiArch ? config.oneapiArch or "SSE3",
oneapi, gfortran, gcc, glibc, lmod, rsync, which, hdf5, wannier90
buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll, symlinkJoin, writeTextDir,
config, oneapiArch ? config.oneapiArch or "SSE3", additionalCommands ? "",
oneapi, gcc, glibc, lmod, rsync, which, wannier90, binutils, hdf5, zlib
}:
let
versions = import ../source.nix;
sources = import ../source.nix { inherit requireFile; };
buildEnv = buildFHSEnv
{
name = "buildEnv";
# make "module load mpi" success
targetPkgs = pkgs: with pkgs; [ zlib (writeTextDir "etc/release" "") ];
targetPkgs = _: [ zlib (writeTextDir "etc/release" "") gccFull ];
};
buildScript = writeScript "build"
''
@@ -18,34 +18,26 @@ let
module load tbb compiler-rt oclfpga # dependencies
module load mpi mkl compiler
mkdir -p bin
make DEPS=1 -j$NIX_BUILD_CORES std
make DEPS=1 -j$NIX_BUILD_CORES
'';
include = version: substituteAll
{
src = ./makefile.include-${version};
inherit oneapiArch;
gcc = symlinkJoin { name = "gcc"; paths = [ gfortran gfortran.cc gcc ]; };
};
gccFull = symlinkJoin { name = "gcc"; paths = [ gcc gcc.cc gcc.cc.lib glibc.dev binutils.bintools ]; };
vasp = version: stdenvNoCC.mkDerivation rec
{
pname = "vasp";
pname = "vasp-intel";
inherit version;
src = requireFile
{
name = "${pname}-${version}";
sha256 = versions.${version};
hashMode = "recursive";
message = "Source file not found.";
};
src = sources.${version};
configurePhase =
''
cp ${include version} makefile.include
cp ${../constr_cell_relax.F} src/constr_cell_relax.F
'';
enableParallelBuilding = false;
buildInputs = [ hdf5 hdf5.dev wannier90 glibc glibc.dev ];
nativeBuildInputs = [ gfortran gfortran.cc gcc rsync which ];
HDF5_ROOT = hdf5.dev;
nativeBuildInputs = [ rsync which ];
HDF5_ROOT = hdf5;
WANNIER90_ROOT = wannier90;
buildPhase = "${buildEnv}/bin/buildEnv ${buildScript}";
installPhase =
@@ -53,19 +45,64 @@ let
mkdir -p $out/bin
for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
'';
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
};
startScript = version: writeScript "vasp-intel-${version}"
startScript = { version, variant }: writeScript "vasp-intel-${version}"
''
. ${lmod}/share/lmod/lmod/init/bash
module use ${oneapi}/share/intel/modulefiles
module load tbb compiler-rt oclfpga # dependencies
module load mpi mkl compiler
exec "$@"
# if OMP_NUM_THREADS is not set, set it according to SLURM_CPUS_PER_TASK or to 1
if [ -z "''${OMP_NUM_THREADS-}" ]; then
if [ -n "''${SLURM_CPUS_PER_TASK-}" ]; then
OMP_NUM_THREADS=$SLURM_CPUS_PER_TASK
else
OMP_NUM_THREADS=1
fi
fi
export OMP_NUM_THREADS
# if I_MPI_PIN_PROCESSOR_LIST is not set, set it to allcores
if [ -z "''${I_MPI_PIN_PROCESSOR_LIST-}" ]; then
I_MPI_PIN_PROCESSOR_LIST=allcores
fi
export I_MPI_PIN_PROCESSOR_LIST
# set I_MPI_PIN I_MPI_PIN_DOMAIN I_MPI_DEBUG if not set
export I_MPI_PIN=''${I_MPI_PIN-yes}
export I_MPI_PIN_DOMAIN=''${I_MPI_PIN_DOMAIN-omp}
export I_MPI_DEBUG=''${I_MPI_DEBUG-4}
# fork to bootstrap, do not use srun, causing it could not find proper ld
export I_MPI_HYDRA_BOOTSTRAP=''${I_MPI_HYDRA_BOOTSTRAP-fork}
${additionalCommands}
${
if variant == "env" then ''exec "$@"''
else
''
if [ -n "''${SLURM_JOB_ID-}" ]; then
exec mpirun -n $SLURM_NTASKS ${vasp version}/bin/vasp-${variant}
else
exec mpirun -n 1 ${vasp version}/bin/vasp-${variant}
fi
''
}
'';
runEnv = version: buildFHSEnv
runEnv = { version, variant }: let shortVersion = builtins.replaceStrings ["."] [""] version; in buildFHSEnv
{
name = "vasp-intel-${shortVersion}${if variant == "" then "" else "-${variant}"}";
targetPkgs = _: [ zlib (vasp version) (writeTextDir "etc/release" "") gccFull ];
runScript = startScript { inherit version; variant = if variant == "" then "std" else variant; };
};
in builtins.mapAttrs
(version: _: symlinkJoin
{
name = "vasp-intel-${version}";
targetPkgs = pkgs: with pkgs; [ zlib (vasp version) (writeTextDir "etc/release" "") ];
runScript = startScript version;
};
in builtins.mapAttrs (version: _: runEnv version) versions
paths = builtins.map (variant: runEnv { inherit version variant; }) [ "" "env" "std" "gam" "ncl" ];
})
sources

13
local/pkgs/vasp/intel/makefile.include-6.3.1
View File

@@ -12,8 +12,8 @@ CPP_OPTIONS = -DHOST=\"LinuxIFC\" \
CPP = fpp -f_com=no -free -w0 $*$(FUFFIX) $*$(SUFFIX) $(CPP_OPTIONS)
FC = I_MPI_FC=ifort mpif90 -qopenmp
FCL = I_MPI_FC=ifort mpif90
FC = mpiifx -qopenmp
FCL = mpiifx
FREE = -free -names lowercase
@@ -30,7 +30,7 @@ OBJECTS_O2 += fft3dlib.o
# For what used to be vasp.5.lib
CPP_LIB = $(CPP)
FC_LIB = $(FC)
CC_LIB = icc
CC_LIB = icx
CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
@@ -38,7 +38,7 @@ FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
# For the parser library
CXX_PARS = icpc
CXX_PARS = icpx
LLIBS = -lstdc++
##
@@ -56,12 +56,13 @@ FFLAGS += $(VASP_TARGET_CPU)
# (Note: for Intel Parallel Studio's MKL use -mkl instead of -qmkl)
FCL += -qmkl
MKLROOT ?= /path/to/your/mkl/installation
LLIBS += -L$(MKLROOT)/lib/intel64 -lmkl_scalapack_lp64 -lmkl_blacs_intelmpi_lp64
INCS =-I$(MKLROOT)/include/fftw
# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
# Comment out the two lines below if you want to use scaLAPACK from MKL instead
#SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
#LLIBS += -L${SCALAPACK_ROOT}/lib -lscalapack
# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
# LLIBS += -L${SCALAPACK_ROOT}/lib -lscalapack
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5

13
local/pkgs/vasp/intel/makefile.include-6.4.0
View File

@@ -12,8 +12,8 @@ CPP_OPTIONS = -DHOST=\"LinuxIFC\" \
CPP = fpp -f_com=no -free -w0 $*$(FUFFIX) $*$(SUFFIX) $(CPP_OPTIONS)
FC = I_MPI_F90=ifort mpif90 -qopenmp
FCL = I_MPI_F90=ifort mpif90
FC = mpiifx -qopenmp
FCL = mpiifx
FREE = -free -names lowercase
@@ -30,7 +30,7 @@ OBJECTS_O2 += fft3dlib.o
# For what used to be vasp.5.lib
CPP_LIB = $(CPP)
FC_LIB = $(FC)
CC_LIB = icc
CC_LIB = icx
CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
@@ -38,7 +38,7 @@ FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
# For the parser library
CXX_PARS = icpc
CXX_PARS = icpx
LLIBS = -lstdc++
##
@@ -56,12 +56,13 @@ FFLAGS += $(VASP_TARGET_CPU)
# (Note: for Intel Parallel Studio's MKL use -mkl instead of -qmkl)
FCL += -qmkl
MKLROOT ?= /path/to/your/mkl/installation
LLIBS += -L$(MKLROOT)/lib/intel64 -lmkl_scalapack_lp64 -lmkl_blacs_intelmpi_lp64
INCS =-I$(MKLROOT)/include/fftw
# Use a separate scaLAPACK installation (optional but recommended in combination with OpenMPI)
# Comment out the two lines below if you want to use scaLAPACK from MKL instead
#SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
#LLIBS += -L${SCALAPACK_ROOT}/lib -lscalapack
# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
# LLIBS += -L${SCALAPACK_ROOT}/lib -lscalapack
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5

63
local/pkgs/vasp/nvidia/default.nix
View File

@@ -1,14 +1,14 @@
{
buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll,
config, cudaCapabilities ? config.cudaCapabilities, nvhpcArch ? config.nvhpcArch or "px",
nvhpc, lmod, mkl, gfortran, rsync, which, hdf5, wannier90
buildFHSEnv, writeScript, stdenvNoCC, requireFile, substituteAll, symlinkJoin,
config, cudaCapabilities ? config.cudaCapabilities, nvhpcArch ? config.nvhpcArch or "px", additionalCommands ? "",
nvhpc, lmod, mkl, gfortran, rsync, which, hdf5, wannier90, zlib
}:
let
sources = import ../source.nix { inherit requireFile; };
buildEnv = buildFHSEnv
{
name = "buildEnv";
targetPkgs = pkgs: with pkgs; [ zlib ];
targetPkgs = _: [ zlib ];
};
buildScript = writeScript "build"
''
@@ -28,7 +28,7 @@ let
};
vasp = version: stdenvNoCC.mkDerivation rec
{
pname = "vasp";
pname = "vasp-nvidia";
inherit version;
src = sources.${version};
configurePhase =
@@ -39,33 +39,58 @@ let
enableParallelBuilding = true;
buildInputs = [ mkl hdf5 wannier90 ];
nativeBuildInputs = [ gfortran rsync which ];
MKLROOT = "${mkl}";
HDF5_ROOT = "${hdf5}";
WANNIER90_ROOT = "${wannier90}";
MKLROOT = mkl;
HDF5_ROOT = hdf5;
WANNIER90_ROOT = wannier90;
buildPhase = "${buildEnv}/bin/buildEnv ${buildScript}";
installPhase =
''
mkdir -p $out/bin
for i in std gam ncl; do cp bin/vasp_$i $out/bin/vasp-$i; done
'';
requiredSystemFeatures = [ "nvhpcarch-${nvhpcArch}" ];
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
};
startScript = version: writeScript "vasp-nvidia-${version}"
startScript = { version, variant }: writeScript "vasp-nvidia-${version}"
''
. ${lmod}/share/lmod/lmod/init/bash
module use ${nvhpc}/share/nvhpc/modulefiles
module load nvhpc
# if SLURM_CPUS_PER_TASK and SLURM_THREADS_PER_CPU are set, use them to set OMP_NUM_THREADS
if [ -n "''${SLURM_CPUS_PER_TASK-}" ] && [ -n "''${SLURM_THREADS_PER_CPU-}" ]; then
export OMP_NUM_THREADS=$(( SLURM_CPUS_PER_TASK * SLURM_THREADS_PER_CPU ))
# if OMP_NUM_THREADS is not set, set it according to SLURM_CPUS_PER_TASK or to 1
if [ -z "''${OMP_NUM_THREADS-}" ]; then
if [ -n "''${SLURM_CPUS_PER_TASK-}" ]; then
OMP_NUM_THREADS=$SLURM_CPUS_PER_TASK
else
OMP_NUM_THREADS=1
fi
fi
exec "$@"
export OMP_NUM_THREADS
${additionalCommands}
${
if variant == "env" then ''exec "$@"''
else
''
if [ -n "''${SLURM_JOB_ID-}" ]; then
exec mpirun --bind-to none ${vasp version}/bin/vasp-${variant}
else
exec mpirun -np 1 ${vasp version}/bin/vasp-${variant}
fi
''
}
'';
runEnv = version: buildFHSEnv
runEnv = { version, variant }: let shortVersion = builtins.replaceStrings ["."] [""] version; in buildFHSEnv
{
name = "vasp-nvidia-${shortVersion}${if variant == "" then "" else "-${variant}"}";
targetPkgs = _: [ zlib (vasp version) ];
runScript = startScript { inherit version; variant = if variant == "" then "std" else variant; };
};
in builtins.mapAttrs
(version: _: symlinkJoin
{
name = "vasp-nvidia-${version}";
targetPkgs = pkgs: with pkgs; [ zlib (vasp version) ];
runScript = startScript version;
};
in builtins.mapAttrs (version: _: runEnv version) sources
paths = builtins.map (variant: runEnv { inherit version variant; }) [ "" "env" "std" "gam" "ncl" ];
})
sources

4
local/pkgs/vasp/nvidia/makefile.include-6.3.1
View File

@@ -69,8 +69,8 @@ NVROOT =$(shell which nvfortran | awk -F /compilers/bin/nvfortran '{ print
#NVROOT = $(NVHPC)/Linux_x86_64/$(NVVERSION)
## Improves performance when using NV HPC-SDK >=21.11 and CUDA >11.2
#OFLAG_IN = -fast -Mwarperf
#SOURCE_IN := nonlr.o
OFLAG_IN = -fast -Mwarperf
SOURCE_IN := nonlr.o
# Software emulation of quadruple precsion (mandatory)
QD ?= $(NVROOT)/compilers/extras/qd

4
local/pkgs/vasp/nvidia/makefile.include-6.4.0
View File

@@ -69,8 +69,8 @@ NVROOT =$(shell which nvfortran | awk -F /compilers/bin/nvfortran '{ print
#NVROOT = $(NVHPC)/Linux_x86_64/$(NVVERSION)
## Improves performance when using NV HPC-SDK >=21.11 and CUDA >11.2
#OFLAG_IN = -fast -Mwarperf
#SOURCE_IN := nonlr.o
OFLAG_IN = -fast -Mwarperf
SOURCE_IN := nonlr.o
# Software emulation of quadruple precsion (mandatory)
QD ?= $(NVROOT)/compilers/extras/qd

45
local/pkgs/vasp/openmpi-aocc/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
lib, buildFHSEnv, writeScript, stdenvNoCC,
openmpi,
aocc, cmake, libnl, pmix, libpsm2, libfabric, zlib, numactl, ucx, ucc, libevent, hwloc, rdma-core, perl, glibc, binutils, gcc
}:
let
buildEnv = buildFHSEnv
{
name = "buildEnv";
targetPkgs = _: [ zlib aocc gcc.cc.lib.lib glibc.dev binutils.bintools libnl numactl ucx ucc libevent hwloc rdma-core libpsm2 libfabric perl ];
extraBwrapArgs = [ "--bind" "$out" "$out" ];
};
buildScript = writeScript "build"
''
./configure --prefix=$out --disable-mca-dso
make -j$NIX_BUILD_CORES
make install
'';
in stdenvNoCC.mkDerivation
{
name = "openmpi-aocc";
inherit (openmpi) src postPatch;
dontConfigure = true;
CC = "clang";
CXX = "clang++";
FC = "flang";
OMPI_CC = "clang";
OMPI_CXX = "clang++";
OMPI_FC = "flang";
CFLAGS = "-march=${stdenvNoCC.hostPlatform.gcc.arch} -O2";
CXXFLAGS = "-march=${stdenvNoCC.hostPlatform.gcc.arch} -O2";
FCFLAGS = "-march=${stdenvNoCC.hostPlatform.gcc.arch} -O2";
enableParallelBuilding = true;
buildPhase =
''
runHook preBuild
mkdir -p $out
${buildEnv}/bin/buildEnv ${buildScript}
runHook postBuild
'';
postBuild = with openmpi; postInstall + postFixup;
dontInstall = true;
dontFixup = true;
requiredSystemFeatures = [ "gccarch-exact-${stdenvNoCC.hostPlatform.gcc.arch}" "big-parallel" ];
}

8
modules/default.nix
View File

@@ -13,6 +13,8 @@ inputs:
topInputs.nur.nixosModules.nur
topInputs.nur-xddxdd.nixosModules.setupOverlay
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
topInputs.chaotic.nixosModules.default
(inputs:
{
config =
@@ -31,10 +33,8 @@ inputs:
nur-linyinfeng = (topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
deploy-rs =
{ inherit (prev) deploy-rs; inherit ((topInputs.deploy-rs.overlay final prev).deploy-rs) lib; };
# needed by mirism
"nghttp2-23.05" =
inputs.pkgs.callPackage "${inputs.topInputs."nixpkgs-23.05"}/pkgs/development/libraries/nghttp2" {};
firefox-addons = (import "${topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
inherit (import topInputs.gricad { pkgs = final; }) intel-oneapi intel-oneapi-2022;
})
];
home-manager.sharedModules =
@@ -44,6 +44,6 @@ inputs:
];
};
})
./hardware ./packages ./system ./virtualization ./services ./bugs ./users
./hardware ./packages ./system ./virtualization ./services ./bugs ./user
];
}

2
modules/hardware/default.nix
View File

@@ -1,6 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules [ ./gpu.nix ./legion.nix ];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
options.nixos.hardware = let inherit (inputs.lib) mkOption types; in
{
bluetooth.enable = mkOption { type = types.bool; default = false; };

8
modules/packages/default.nix
View File

@@ -1,12 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./server
./desktop
./desktop-fat
./workstation
];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
options.nixos.packages =
let
inherit (inputs.lib) mkOption types;

4
modules/packages/desktop-fat/default.nix
View File

@@ -1,6 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules [ ./steam.nix ];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
config =
let
inherit (inputs.lib) mkIf;
@@ -24,7 +24,7 @@ inputs:
spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
waifu2x-converter-cpp inkscape blender
# editor
typora
unstablePackages.typora
# themes
orchis-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme arc-kde-theme materia-theme
# news

2
modules/packages/desktop/chromium.nix
View File

@@ -6,7 +6,7 @@ inputs:
in mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
programs.chromium = { enable = true; extraOpts.PasswordManagerEnabled = false; };
nixos.users.sharedModules =
nixos.user.sharedModules =
[{
config.programs.chromium =
{

4
modules/packages/desktop/default.nix
View File

@@ -1,6 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules [ ./vscode.nix ./firefox.nix ./chromium.nix ./plasma ];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
config =
let
inherit (inputs.lib) mkIf;
@@ -32,6 +32,8 @@ inputs:
# themes
tela-circle-icon-theme localPackages.win11os-kde localPackages.fluent-kde localPackages.blurred-wallpaper
localPackages.slate utterly-nord-plasma
# terminal
unstablePackages.warp-terminal
];
};
programs =

2
modules/packages/desktop/firefox.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
nixos.users.sharedModules = [{ config =
nixos.user.sharedModules = [{ config =
{
programs.firefox =
{

4
modules/packages/desktop/plasma/default.nix
View File

@@ -1,7 +1,7 @@
inputs:
{
imports = inputs.localLib.mkModules [ ./konsole.nix ];
config.nixos.users.sharedModules = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
config.nixos.user.sharedModules = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
[{
config.programs.plasma = inputs.lib.mkMerge
[

4
modules/packages/desktop/plasma/konsole.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
{
nixos.users.sharedModules =
nixos.user.sharedModules =
[(hmInputs: {
config =
{
@@ -79,6 +79,6 @@ inputs:
in inputs.lib.mkIf impermanence.enable (inputs.lib.mkMerge (builtins.map
(user:
{ "${impermanence.root}".users.${user}.directories = [ ".local/share/konsole" ".local/share/yakuake" ]; })
inputs.config.nixos.users.users));
inputs.config.nixos.user.users));
};
}

2
modules/packages/desktop/vscode.nix
View File

@@ -47,6 +47,8 @@ inputs:
# vasp
mystery.vasp-support
yutengjing.open-in-external-app
# ChatGPT-like plugin
codeium.codeium
];
}
)];

11
modules/packages/flatpak.nix Normal file
View File

@@ -0,0 +1,11 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
services.flatpak =
{
enable = true;
uninstallUnmanagedPackages = true;
};
};
}

14
modules/packages/server/default.nix
View File

@@ -1,11 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./ssh
./zsh
./gpg.nix
];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
config =
let
inherit (inputs.lib) mkIf;
@@ -49,15 +44,16 @@ inputs:
# office
todo-txt-cli pdfgrep
# development
gdb try inputs.topInputs.plasma-manager.packages.x86_64-linux.rc2nix hexo-cli
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
gdb try inputs.topInputs.plasma-manager.packages.x86_64-linux.rc2nix hexo-cli gh
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
openai python-telegram-bot fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
])];
};
users.sharedModules = [(home-inputs:
user.sharedModules = [(home-inputs:
{
config.programs =
{

12
modules/packages/server/ssh/default.nix
View File

@@ -66,6 +66,11 @@ inputs:
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
hostnames = [ "[office.chn.moe]:6007" "[xmupc1.chn.moe]:6007" "wireguard.xmupc1.chn.moe" "192.168.83.6" ];
};
xmupc2 =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
hostnames = [ "[xmupc2.chn.moe]:6394" "wireguard.xmupc2.chn.moe" "192.168.83.7" ];
};
};
in listToAttrs (concatLists (map
(server:
@@ -114,7 +119,7 @@ inputs:
extraConfig = "AddKeysToAgent yes";
};
environment.sessionVariables.SSH_ASKPASS_REQUIRE = "prefer";
nixos.users.sharedModules =
nixos.user.sharedModules =
[(hmInputs: {
config.programs.ssh =
{
@@ -128,7 +133,7 @@ inputs:
(host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
[
"vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" "wireguard.surface"
"wireguard.xmupc1"
"wireguard.xmupc1" "wireguard.xmupc2"
])
++ (builtins.map
(host:
@@ -175,7 +180,8 @@ inputs:
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 = { host = "xmupc1"; hostname = "office.chn.moe"; port = 6007; };
xmupc1 = { host = "xmupc1"; hostname = "xmupc1.chn.moe"; port = 6007; };
xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; };
nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
surface = { host = "surface"; hostname = "192.168.1.166"; };
gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };

1
modules/packages/server/ssh/xmupc2_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa7ZRmIAtuGd58MQXnJnPqmad+6u8JiBKb7+xEfMmVdeVtJ5lEfXCkZ0vbSMxnGZCLL3eVxdejaGToLw+ArEJ1cl6KzZdsdGy1wATFtJj4oYHtZ/MXg+qulNR4nQ6DGWfGR7FEXjZNaJfVuLBFBmUlsbotBdhaAJzw5+nnIxY5d86nfqzsYstMqB/1ZHLRTV9h/jp8XNgnUu1BR/oVk4eMvzTUbr42LedeB1anLnI0+ycAzol/XMpsUNuRLVhYhMbg9rpyoZF1WMBTjG2Jnv9JtCpJlnZaOjzh3eD8PBuyZtGyya7QxVkhH4ULUMNnuyi8E0IOJwdN4cQi61fa7rLtsYfUrN2w0nI/WRLiBxiuPbvq4tKeHi8DpM/MrUbZONY2eFo4CaX9sxYN6U65jDfsbK3x6Za0HhVt8zcPLGgESm4Y6O8YTQrdbpL1ifNFX2Y9B++FQw2iRoqa6U0Wrs6SfVQFp1RqnqSl6fLOCixl16PpHWqRilweKbg3uIMEqEc=

2
modules/packages/server/zsh/default.nix
View File

@@ -5,7 +5,7 @@ inputs:
inherit (inputs.lib) mkIf;
in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
nixos.users.sharedModules = [(home-inputs: { config.programs =
nixos.user.sharedModules = [(home-inputs: { config.programs =
{
zsh =
{

9
modules/packages/vasp.nix Normal file
View File

@@ -0,0 +1,9 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "workstation" inputs.config.nixos.packages._packageSets)
{
nixos.packages._packages = builtins.concatLists (builtins.map
(compiler: builtins.map (version: inputs.pkgs.localPackages.vasp.${compiler}.${version}) [ "6.3.1" "6.4.0" ])
[ "amd" "gnu" "gnu-mkl" "intel" "nvidia" ]);
};
}

12
modules/packages/workstation/default.nix
View File

@@ -28,25 +28,22 @@ inputs:
# text editor
appflowy notion-app-enhanced joplin-desktop standardnotes logseq
# math, physics and chemistry
mathematica paraview jmol mpi localPackages.mumax quantum-espresso
mathematica paraview jmol mpi quantum-espresso # localPackages.mumax
# encryption and password management
john crunch hashcat
# container and vm
genymotion davinci-resolve playonlinux
# browser
microsoft-edge
microsoft-edge tor-browser
# news
rssguard newsflash newsboat
]
++ (builtins.concatLists (builtins.map
(compiler: builtins.map (version: localPackages.vasp.${compiler}.${version}) [ "6.3.1" "6.4.0" ])
[ "gnu" "nvidia" ]));
];
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy tensorflow keras scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
])];
};
users.sharedModules =
user.sharedModules =
[{
config.programs =
{
@@ -64,7 +61,6 @@ inputs:
{
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
nix-ld.enable = true;
};
};
}

73
modules/services/acme.nix
View File

@@ -1,46 +1,43 @@
inputs:
{
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
cert = mkOption
type = types.nullOr (types.submodule { options =
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
cert = mkOption
{
domains = mkOption
{ type = types.nonEmptyListOf types.nonEmptyStr; default = [ submoduleInputs.config._module.args.name ]; };
group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};}));
default = {};
};
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) acme;
inherit (builtins) map listToAttrs;
inherit (inputs.localLib) attrsToList;
in mkIf acme.enable
{
security.acme =
{
acceptTerms = true;
defaults.email = "chn@chn.moe";
certs = listToAttrs (map
(cert:
{
name = builtins.elemAt cert.value.domains 0;
value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
extraDomainNames = builtins.tail cert.value.domains;
group = mkIf (cert.value.group != null) cert.value.group;
};
})
(attrsToList acme.cert));
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
domains = mkOption
{ type = types.nonEmptyListOf types.nonEmptyStr; default = [ submoduleInputs.config._module.args.name ]; };
group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};}));
default = {};
};
sops.secrets."acme/cloudflare.ini" = {};
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) acme; in inputs.lib.mkIf (acme != null)
{
security.acme =
{
acceptTerms = true;
defaults.email = "chn@chn.moe";
certs = builtins.listToAttrs (builtins.map
(cert:
{
name = builtins.elemAt cert.value.domains 0;
value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
extraDomainNames = builtins.tail cert.value.domains;
group = inputs.lib.mkIf (cert.value.group != null) cert.value.group;
};
})
(inputs.localLib.attrsToList acme.cert));
};
sops.secrets."acme/cloudflare.ini" = {};
};
}

92
modules/services/beesd.nix
View File

@@ -1,53 +1,55 @@
inputs:
{
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
instances = mkOption
type = types.nullOr (types.submodule { options =
{
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule
{
options =
instances = mkOption
{
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule
{
device = mkOption { type = types.nonEmptyStr; };
hashTableSizeMB = mkOption { type = types.ints.unsigned; default = 1024; };
threads = mkOption { type = types.ints.unsigned; default = 1; };
};})
]);
default = {};
options =
{
device = mkOption { type = types.nonEmptyStr; };
hashTableSizeMB = mkOption { type = types.ints.unsigned; default = 1024; };
threads = mkOption { type = types.ints.unsigned; default = 1; };
};})
]);
default = {};
};
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) beesd; in inputs.lib.mkIf (beesd != null)
{
services.beesd.filesystems = builtins.listToAttrs (map
(instance:
{
inherit (instance) name;
value =
{
spec = instance.value.device or instance.value;
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
extraOptions =
[
"--workaround-btrfs-send"
"--thread-count" "${builtins.toString instance.value.threads or 1}"
"--scan-mode" "3"
];
};
})
(inputs.localLib.attrsToList beesd.instances));
systemd.slices.system-beesd.sliceConfig =
{
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
};
};
config =
let
inherit (inputs.config.nixos.services) beesd;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs;
inherit (inputs.localLib) attrsToList;
in mkIf beesd.enable
{
services.beesd.filesystems = listToAttrs (map
(instance:
{
inherit (instance) name;
value =
{
spec = instance.value.device or instance.value;
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
extraOptions = [ "--thread-count" "${toString instance.value.threads or 1}" "--scan-mode" "3" ];
};
})
(attrsToList beesd.instances));
systemd.slices.system-beesd.sliceConfig =
{
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
};
};
}

59
modules/services/coturn.nix
View File

@@ -1,37 +1,32 @@
inputs:
{
options.nixos.services.coturn = let inherit (inputs.lib) mkOption types; in
options.nixos.services.coturn = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "coturn.chn.moe"; };
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.str; default = "coturn.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) coturn; in inputs.lib.mkIf (coturn != null)
{
services.coturn = let keydir = inputs.config.security.acme.certs.${coturn.hostname}.directory; in
{
enable = true;
use-auth-secret = true;
static-auth-secret-file = inputs.config.sops.secrets."coturn/auth-secret".path;
realm = coturn.hostname;
cert = "${keydir}/full.pem";
pkey = "${keydir}/key.pem";
no-cli = true;
};
sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
nixos.services.acme.cert.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
networking.firewall = with inputs.config.services.coturn;
{
allowedUDPPorts = [ listening-port tls-listening-port ];
allowedTCPPorts = [ listening-port tls-listening-port ];
allowedUDPPortRanges = [{ from = min-port; to = max-port; }];
};
};
config =
let
inherit (inputs.config.nixos.services) coturn;
inherit (inputs.lib) mkIf;
in mkIf coturn.enable
{
services.coturn = let keydir = inputs.config.security.acme.certs.${coturn.hostname}.directory; in
{
enable = true;
use-auth-secret = true;
static-auth-secret-file = inputs.config.sops.secrets."coturn/auth-secret".path;
realm = coturn.hostname;
cert = "${keydir}/full.pem";
pkey = "${keydir}/key.pem";
no-cli = true;
};
sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
nixos.services.acme =
{
enable = true;
cert.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
};
networking.firewall = with inputs.config.services.coturn;
{
allowedUDPPorts = [ listening-port tls-listening-port ];
allowedTCPPorts = [ listening-port tls-listening-port ];
allowedUDPPortRanges = [ { from = min-port; to = max-port; } ];
};
};
}

45
modules/services/default.nix
View File

@@ -1,49 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./postgresql.nix
./redis.nix
./rsshub.nix
./misskey.nix
./nginx
./meilisearch.nix
./xray.nix
./coturn.nix
./synapse.nix
./phpfpm.nix
./xrdp.nix
./groupshare.nix
./acme.nix
./samba.nix
./sshd.nix
./vaultwarden.nix
./frp.nix
./beesd.nix
./snapper.nix
./mariadb.nix
./photoprism.nix
./nextcloud.nix
./freshrss.nix
./kmscon.nix
./fontconfig.nix
./nix-serve.nix
./send.nix
./huginn.nix
./httpua
./fz-new-order
./httpapi.nix
./mirism.nix
./mastodon.nix
./gitea.nix
./grafana.nix
./fail2ban.nix
./wireguard.nix
./akkoma.nix
./gamemode.nix
./vikunja.nix
./slurm.nix
];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };

18
modules/services/fail2ban.nix
View File

@@ -1,19 +1,9 @@
inputs:
{
options.nixos.services.fail2ban = let inherit (inputs.lib) mkOption types; in
options.nixos.services.fail2ban = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) fail2ban; in inputs.lib.mkIf (fail2ban != null)
{
enable = mkOption { type = types.bool; default = false; };
services.fail2ban = { enable = true; ignoreIP = [ "127.0.0.0/8" "192.168.0.0/16" "vps6.chn.moe" ]; };
};
config =
let
inherit (inputs.config.nixos.services) fail2ban;
inherit (inputs.lib) mkIf;
in mkIf fail2ban.enable
{
services.fail2ban =
{
enable = true;
ignoreIP = [ "127.0.0.0/8" "192.168.0.0/16" "vps6.chn.moe" ];
};
};
}

2
modules/services/fontconfig.nix
View File

@@ -26,6 +26,6 @@ inputs:
serif = [ "Liberation Serif" "Source Han Serif SC" ];
};
};
nixos.users.sharedModules = [{ config.xdg.configFile."fontconfig/conf.d/10-hm-fonts.conf".force = true; }];
nixos.user.sharedModules = [{ config.xdg.configFile."fontconfig/conf.d/10-hm-fonts.conf".force = true; }];
};
}

10
modules/services/frp.nix
View File

@@ -142,8 +142,8 @@ inputs:
};
users =
{
users.frp = { uid = inputs.config.nixos.system.user.user.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.system.user.group.frp;
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.user.gid.frp;
};
}
)
@@ -190,11 +190,11 @@ inputs:
};
secrets."frp/token" = {};
};
nixos.services.acme = { enable = true; cert.${frpServer.serverName}.group = "frp"; };
nixos.services.acme.cert.${frpServer.serverName}.group = "frp";
users =
{
users.frp = { uid = inputs.config.nixos.system.user.user.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.system.user.group.frp;
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.user.gid.frp;
};
networking.firewall.allowedTCPPorts = [ 7000 ];
}

203
modules/services/fz-new-order/default.nix
View File

@@ -1,115 +1,106 @@
inputs:
{
options.nixos.services.fz-new-order = let inherit (inputs.lib) mkOption types; in
options.nixos.services.fz-new-order = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
type = types.nullOr (types.submodule {});
default = null;
};
config =
let
inherit (inputs.config.nixos.services) fz-new-order;
inherit (inputs.localLib) attrsToList;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs toString concatLists;
in mkIf fz-new-order.enable
config = let inherit (inputs.config.nixos.services) fz-new-order; in inputs.lib.mkIf (fz-new-order != null)
{
users =
{
users =
users.fz-new-order =
{
users.fz-new-order =
{
uid = inputs.config.nixos.system.user.user.fz-new-order;
group = "fz-new-order";
home = "/var/lib/fz-new-order";
createHome = true;
isSystemUser = true;
};
groups.fz-new-order.gid = inputs.config.nixos.system.user.group.fz-new-order;
};
systemd =
{
timers.fz-new-order =
{
wantedBy = [ "timers.target" ];
timerConfig =
{
OnBootSec = "10m";
OnUnitActiveSec = "10m";
Unit = "fz-new-order.service";
};
};
services.fz-new-order = rec
{
description = "fz-new-order";
after = [ "network.target" ];
requires = after;
serviceConfig =
{
User = inputs.config.users.users."fz-new-order".name;
Group = inputs.config.users.users."fz-new-order".group;
WorkingDirectory = "/var/lib/fz-new-order";
ExecStart =
let
src = inputs.pkgs.substituteAll
{
src = ./main.cpp;
config_file = inputs.config.sops.templates."fz-new-order/config.json".path;
};
binary = inputs.pkgs.stdenv.mkDerivation
{
name = "fz-new-order";
inherit src;
buildInputs = with inputs.pkgs; [ jsoncpp.dev cereal fmt httplib ];
dontUnpack = true;
buildPhase =
''
runHook preBuild
g++ -std=c++20 -O2 -o fz-new-order ${src} -ljsoncpp -lfmt
runHook postBuild
'';
installPhase =
''
runHook preInstall
mkdir -p $out/bin
cp fz-new-order $out/bin/fz-new-order
runHook postInstall
'';
};
in "${binary}/bin/fz-new-order";
};
};
tmpfiles.rules =
[
"d /var/lib/fz-new-order 0700 fz-new-order fz-new-order"
"Z /var/lib/fz-new-order - fz-new-order fz-new-order"
];
};
sops = let userNum = 6; configNum = 2; in
{
templates."fz-new-order/config.json" =
{
owner = inputs.config.users.users."fz-new-order".name;
group = inputs.config.users.users."fz-new-order".group;
content = let placeholder = inputs.config.sops.placeholder; in builtins.toJSON
{
manager = placeholder."fz-new-order/manager";
token = placeholder."fz-new-order/token";
uids = map (j: placeholder."fz-new-order/uids/user${toString j}") (builtins.genList (n: n) userNum);
config = map
(i: listToAttrs (map
(attrName: { name = attrName; value = placeholder."fz-new-order/config${toString i}/${attrName}"; })
[ "username" "password" "comment" ]))
(builtins.genList (n: n) configNum);
};
};
secrets =
{ "fz-new-order/manager" = {}; "fz-new-order/token" = {}; }
// (listToAttrs (map
(i: { name = "fz-new-order/uids/user${toString i}"; value = {}; })
(builtins.genList (n: n) userNum)))
// (listToAttrs (concatLists (map
(i: map
(attrName: { name = "fz-new-order/config${toString i}/${attrName}"; value = {}; })
[ "username" "password" "comment" ])
(builtins.genList (n: n) configNum))));
uid = inputs.config.nixos.user.uid.fz-new-order;
group = "fz-new-order";
home = "/var/lib/fz-new-order";
createHome = true;
isSystemUser = true;
};
groups.fz-new-order.gid = inputs.config.nixos.user.gid.fz-new-order;
};
systemd =
{
timers.fz-new-order =
{
wantedBy = [ "timers.target" ];
timerConfig = { OnBootSec = "10m"; OnUnitActiveSec = "10m"; Unit = "fz-new-order.service"; };
};
services.fz-new-order = rec
{
description = "fz-new-order";
after = [ "network.target" ];
requires = after;
serviceConfig =
{
User = inputs.config.users.users."fz-new-order".name;
Group = inputs.config.users.users."fz-new-order".group;
WorkingDirectory = "/var/lib/fz-new-order";
ExecStart =
let
src = inputs.pkgs.substituteAll
{
src = ./main.cpp;
config_file = inputs.config.sops.templates."fz-new-order/config.json".path;
};
binary = inputs.pkgs.stdenv.mkDerivation
{
name = "fz-new-order";
inherit src;
buildInputs = with inputs.pkgs; [ jsoncpp.dev cereal fmt httplib ];
dontUnpack = true;
buildPhase =
''
runHook preBuild
g++ -std=c++20 -O2 -o fz-new-order ${src} -ljsoncpp -lfmt
runHook postBuild
'';
installPhase =
''
runHook preInstall
mkdir -p $out/bin
cp fz-new-order $out/bin/fz-new-order
runHook postInstall
'';
};
in "${binary}/bin/fz-new-order";
};
};
tmpfiles.rules =
[
"d /var/lib/fz-new-order 0700 fz-new-order fz-new-order"
"Z /var/lib/fz-new-order - fz-new-order fz-new-order"
];
};
sops = let userNum = 6; configNum = 2; in
{
templates."fz-new-order/config.json" =
{
owner = inputs.config.users.users."fz-new-order".name;
group = inputs.config.users.users."fz-new-order".group;
content = let placeholder = inputs.config.sops.placeholder; in builtins.toJSON
{
manager = placeholder."fz-new-order/manager";
token = placeholder."fz-new-order/token";
uids = builtins.map (j: placeholder."fz-new-order/uids/user${builtins.toString j}")
(builtins.genList (n: n) userNum);
config = builtins.map
(i: builtins.listToAttrs (builtins.map
(attrName: { name = attrName; value = placeholder."fz-new-order/config${toString i}/${attrName}"; })
[ "username" "password" "comment" ]))
(builtins.genList (n: n) configNum);
};
};
secrets =
{ "fz-new-order/manager" = {}; "fz-new-order/token" = {}; }
// (builtins.listToAttrs (builtins.map
(i: { name = "fz-new-order/uids/user${toString i}"; value = {}; })
(builtins.genList (n: n) userNum)))
// (builtins.listToAttrs (builtins.concatLists (builtins.map
(i: builtins.map
(attrName: { name = "fz-new-order/config${builtins.toString i}/${attrName}"; value = {}; })
[ "username" "password" "comment" ])
(builtins.genList (n: n) configNum))));
};
};
}

40
modules/services/groupshare.nix
View File

@@ -1,22 +1,26 @@
inputs:
{
options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in
options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
# hard to read value from inputs.config.users.users.xxx.home, causing infinite recursion
mountPoints = mkOption { type = types.listOf types.str; default = []; };
type = types.nullOr (types.submodule { options =
{
users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" "gb" "xll" "yjq" "zem" ]; };
};});
default = null;
};
config =
let
inherit (inputs.lib) mkIf;
inherit (builtins) listToAttrs map concatLists concatStringsSep;
inherit (inputs.config.nixos.services) groupshare;
users = inputs.config.users.groups.groupshare.members;
in mkIf groupshare.enable
users = inputs.lib.intersectLists groupshare.users inputs.config.nixos.user.users;
in inputs.lib.mkIf (groupshare != null)
{
users.groups.groupshare.gid = inputs.config.nixos.system.user.group.groupshare;
users =
{
users = builtins.listToAttrs (map (user: { name = user; value.extraGroups = [ "groupshare" ]; }) users);
groups.groupshare.gid = inputs.config.nixos.user.gid.groupshare;
};
systemd.tmpfiles.rules = [ "d /var/lib/groupshare" ]
++ (concatLists (map
++ (builtins.concatLists (map
(user:
[
"d /var/lib/groupshare/${user} 2750 ${user} groupshare"
@@ -25,22 +29,20 @@ inputs:
# d 指 default, 即目录下新创建的文件和目录的权限
# 大写 X 指仅给目录执行权限
# m 指 mask, 即对于所有者以外的用户, 该用户的权限最大为 m 指定的权限
+ (concatStringsSep "," (concatLists (map
+ (builtins.concatStringsSep "," (builtins.concatLists (map
(perm: [ "d:${perm}" perm ])
[ "u:${user}:rwX" "g:groupshare:r-X" "o::---" "m::r-x" ]))))
])
users));
fileSystems = listToAttrs (map
(mountPoint:
home-manager.users = builtins.listToAttrs (map
(user:
{
name = mountPoint;
value =
name = user;
value = homeInputs:
{
device = "/var/lib/groupshare";
options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
depends = [ "/home" "/var/lib" ];
config.home.file.groupshare.source = homeInputs.config.lib.file.mkOutOfStoreSymlink "/var/lib/groupshare";
};
})
groupshare.mountPoints);
users);
};
}

33
modules/services/httpua/default.nix
View File

@@ -1,25 +1,20 @@
inputs:
{
options.nixos.services.httpua = let inherit (inputs.lib) mkOption types; in
options.nixos.services.httpua = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "ua.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) httpua;
inherit (inputs.lib) mkIf;
inherit (builtins) toString;
in mkIf httpua.enable
type = types.nullOr (types.submodule { options =
{
nixos.services =
{
phpfpm.instances.httpua = {};
nginx.http.${httpua.hostname}.php =
{
root = toString ./.;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi;
};
};
hostname = mkOption { type = types.nonEmptyStr; default = "ua.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) httpua; in inputs.lib.mkIf (httpua != null)
{
nixos.services =
{
phpfpm.instances.httpua = {};
nginx.http.${httpua.hostname}.php =
{ root = "${./.}"; fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi; };
};
};
}

6
modules/services/mirism.nix
View File

@@ -13,8 +13,8 @@ inputs:
{
users =
{
users.mirism = { uid = inputs.config.nixos.system.user.user.mirism; group = "mirism"; isSystemUser = true; };
groups.mirism.gid = inputs.config.nixos.system.user.group.mirism;
users.mirism = { uid = inputs.config.nixos.user.uid.mirism; group = "mirism"; isSystemUser = true; };
groups.mirism.gid = inputs.config.nixos.user.gid.mirism;
};
systemd =
{
@@ -56,7 +56,7 @@ inputs:
})
[ "entry." "" ]);
};
acme = { enable = true; cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; }; };
acme.cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; };
};
environment.etc = listToAttrs (concatLists (map
(instance:

4
modules/services/misskey.nix
View File

@@ -125,13 +125,13 @@ inputs:
{
users."misskey-${instance.name}" =
{
uid = inputs.config.nixos.system.user.user."misskey-${instance.name}";
uid = inputs.config.nixos.user.uid."misskey-${instance.name}";
group = "misskey-${instance.name}";
home = "/var/lib/misskey/${instance.name}";
createHome = true;
isSystemUser = true;
};
groups."misskey-${instance.name}".gid = inputs.config.nixos.system.user.group."misskey-${instance.name}";
groups."misskey-${instance.name}".gid = inputs.config.nixos.user.gid."misskey-${instance.name}";
})
(attrsToList misskey.instances));
nixos.services =

11
modules/services/nginx/applications/default.nix
View File

@@ -1,13 +1,4 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./element.nix
./synapse-admin.nix
./kkmeeting.nix
./webdav.nix
./blog.nix
./catalog.nix
./main.nix
];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
}

15
modules/services/nginx/default.nix
View File

@@ -1,9 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./applications
];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
options.nixos.services.nginx = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
@@ -673,13 +670,9 @@ inputs:
(site: { inherit (site) name; value.rewriteHttps = {}; })
(filter (site: site.value.global.rewriteHttps) sites));
};
acme =
{
enable = true;
cert = listToAttrs (map
(site: { inherit (site) name; value.group = inputs.config.services.nginx.group; })
sites);
};
acme.cert = listToAttrs (map
(site: { inherit (site) name; value.group = inputs.config.services.nginx.group; })
sites);
};
sops =
let

4
modules/services/phpfpm.nix
View File

@@ -55,7 +55,7 @@ inputs:
inherit (pool) name;
value =
{
uid = inputs.config.nixos.system.user.user.${pool.name};
uid = inputs.config.nixos.user.uid.${pool.name};
group = pool.name;
extraGroups = [ "nginx" ];
isSystemUser = true;
@@ -63,7 +63,7 @@ inputs:
})
(filter (pool: pool.value.user == null) (attrsToList phpfpm.instances)));
groups = listToAttrs (map
(pool: { inherit (pool) name; value.gid = inputs.config.nixos.system.user.group.${pool.name}; })
(pool: { inherit (pool) name; value.gid = inputs.config.nixos.user.gid.${pool.name}; })
(filter (pool: pool.value.user == null) (attrsToList phpfpm.instances)));
};
};

4
modules/services/rsshub.nix
View File

@@ -54,8 +54,8 @@ inputs:
};
users =
{
users.rsshub = { uid = inputs.config.nixos.system.user.user.rsshub; group = "rsshub"; isSystemUser = true; };
groups.rsshub.gid = inputs.config.nixos.system.user.group.rsshub;
users.rsshub = { uid = inputs.config.nixos.user.uid.rsshub; group = "rsshub"; isSystemUser = true; };
groups.rsshub.gid = inputs.config.nixos.user.gid.rsshub;
};
nixos.services =
{

5
modules/services/slurm.nix
View File

@@ -5,6 +5,7 @@ inputs:
enable = mkOption { type = types.bool; default = false; };
cpu =
{
sockets = mkOption { type = types.ints.unsigned; default = 1; };
cores = mkOption { type = types.ints.unsigned; };
threads = mkOption { type = types.ints.unsigned; default = 1; };
};
@@ -47,7 +48,7 @@ inputs:
[
"localhost"
"RealMemory=${builtins.toString slurm.memoryMB}"
"Sockets=1"
"Sockets=${builtins.toString slurm.cpu.sockets}"
"CoresPerSocket=${builtins.toString slurm.cpu.cores}"
"ThreadsPerCore=${builtins.toString slurm.cpu.threads}"
"Gres=${gpuString}"
@@ -66,6 +67,8 @@ inputs:
SelectType=select/cons_tres
SelectTypeParameters=CR_Core
GresTypes=gpu
DefCpuPerGPU=1
TaskProlog=${inputs.pkgs.writeShellScript "set_env" taskProlog}
AccountingStorageType=accounting_storage/slurmdbd

4
modules/services/synapse.nix
View File

@@ -37,14 +37,14 @@ inputs:
{
users."synapse-${instance.name}" =
{
uid = inputs.config.nixos.system.user.user."synapse-${instance.name}";
uid = inputs.config.nixos.user.uid."synapse-${instance.name}";
group = "synapse-${instance.name}";
home = "/var/lib/synapse/${instance.name}";
createHome = true;
isSystemUser = true;
shell = "${inputs.pkgs.bash}/bin/bash";
};
groups."synapse-${instance.name}".gid = inputs.config.nixos.system.user.group."synapse-${instance.name}";
groups."synapse-${instance.name}".gid = inputs.config.nixos.user.gid."synapse-${instance.name}";
})
(attrsToList synapse.instances));
systemd = mkMerge (map

2
modules/services/wireguard.nix
View File

@@ -9,7 +9,7 @@ inputs:
behindNat = mkOption
{
type = types.bool;
default = inputs.config.nixos.services.xray.client.enable;
default = inputs.config.nixos.services.xray.client != null;
};
listenIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
# if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820

950
modules/services/xray.nix
View File

@@ -2,195 +2,457 @@ inputs:
{
options.nixos.services.xray = let inherit (inputs.lib) mkOption types; in
{
client =
client = mkOption
{
enable = mkOption { type = types.bool; default = false; };
serverAddress = mkOption { type = types.nonEmptyStr; };
serverName = mkOption { type = types.nonEmptyStr; };
dns = mkOption { type = types.submodule { options =
type = types.nullOr (types.submodule { options =
{
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
}; }; };
xray =
{
serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
};
dae =
{
lanInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optionals inputs.config.nixos.virtualization.docker.enable [ "docker0" ];
};
wanInterface = mkOption { type = types.listOf types.nonEmptyStr; default = [ "auto" ]; };
};
dnsmasq =
{
extraInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
};
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
};});
default = null;
};
server =
server = mkOption
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
type = types.nullOr (types.submodule { options =
{
serverName = mkOption { type = types.nonEmptyStr; };
userNumber = mkOption { type = types.ints.unsigned; };
};});
default = null;
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos.services) xray;
inherit (builtins) map listToAttrs toString genList length concatStringsSep;
in mkMerge
[
config = let inherit (inputs.config.nixos.services) xray; in inputs.lib.mkMerge
[
{
assertions =
[{
assertion = !(xray.client != null && xray.server != null);
message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
}];
}
(
inputs.lib.mkIf (xray.client != null)
{
assertions =
[{
assertion = !(xray.client.enable && xray.server.enable);
message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
}];
}
(
mkIf xray.client.enable
services =
{
services =
xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
dnsmasq =
{
dnsmasq =
enable = true;
settings =
{
enable = true;
settings =
no-poll = true;
log-queries = true;
server = [ "127.0.0.1#10853" ];
interface = xray.client.dnsmasq.extraInterfaces ++ [ "lo" ];
bind-dynamic = true;
address = map (host: "/${host.name}/${host.value}")
(inputs.localLib.attrsToList xray.client.dnsmasq.hosts);
};
};
dae =
{
enable = true;
package = inputs.pkgs.callPackage "${inputs.topInputs.nixpkgs-unstable}/pkgs/tools/networking/dae" {};
config =
let
lanString = (inputs.lib.optionalString (xray.client.dae.lanInterfaces != []) "lan_interface: ")
+ builtins.concatStringsSep "," xray.client.dae.lanInterfaces;
wanString = (inputs.lib.optionalString (xray.client.dae.wanInterface != []) "wan_interface: ")
+ builtins.concatStringsSep "," xray.client.dae.wanInterface;
in
''
global {
tproxy_port: 12345
tproxy_port_protect: true
so_mark_from_dae: 0
log_level: info
disable_waiting_network: true
${lanString}
${wanString}
auto_config_kernel_parameter: true
dial_mode: ip
allow_insecure: false
tls_implementation: tls
}
node {
'socks5://localhost:10884'
}
group {
default_group {
policy: fixed(0)
}
}
routing {
dscp(0x1) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
dip(8.8.8.8) -> default_group
dip(223.5.5.5) -> direct
dip(geoip:cn) -> direct
!dip(geoip:cn) -> default_group
fallback: default_group
}
'';
};
resolved.enable = false;
};
sops =
{
templates."xray-client.json" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content =
let
chinaDns = "223.5.5.5";
foreignDns = "8.8.8.8";
in
builtins.toJSON
{
no-poll = true;
log-queries = true;
server = [ "127.0.0.1#10853" ];
interface = xray.client.dns.extraInterfaces ++ [ "lo" ];
bind-dynamic = true;
ipset = [ "/yuanshen.com/noproxy_net" ];
address = map (host: "/${host.name}/${host.value}") (attrsToList xray.client.dns.hosts);
log.loglevel = "info";
dns =
{
servers =
# 先尝试匹配域名列表进行查询,若匹配成功则使用前两个 dns 查询。
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
[
{
address = chinaDns;
domains = [ "geosite:geolocation-cn" ];
expectIPs = [ "geoip:cn" ];
skipFallback = true;
}
{
address = foreignDns;
domains = [ "geosite:geolocation-!cn" ];
expectIPs = [ "geoip:!cn" ];
skipFallback = true;
}
{ address = chinaDns; expectIPs = [ "geoip:cn" ]; }
{ address = foreignDns; }
];
disableCache = true;
queryStrategy = "UseIPv4";
tag = "dns-internal";
};
inbounds =
[
{
port = 10853;
protocol = "dokodemo-door";
settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
tag = "dns-in";
}
{
port = 10881;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "xmu-in";
}
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "common-in"; }
{ port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
];
outbounds =
[
{
protocol = "vless";
settings.vnext =
[{
address = xray.client.xray.serverAddress;
port = 443;
users =
[{
id = inputs.config.sops.placeholder."xray-client/uuid";
encryption = "none";
flow = "xtls-rprx-vision-udp443";
}];
}];
streamSettings =
{
network = "tcp";
security = "reality";
realitySettings =
{
serverName = xray.client.xray.serverName;
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
fingerprint = "firefox";
};
};
tag = "proxy-vless";
}
{ protocol = "freedom"; tag = "direct"; }
{ protocol = "dns"; tag = "dns-out"; }
{
protocol = "socks";
settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
tag = "xmu-out";
}
{ protocol = "blackhole"; tag = "block"; }
];
routing =
{
domainStrategy = "AsIs";
rules = builtins.map (rule: rule // { type = "field"; })
[
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
{ inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
{ inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
{
inboundTag = [ "common-in" ];
domain = [ "geosite:geolocation-!cn" ];
outboundTag = "proxy-vless";
}
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
];
};
};
};
secrets."xray-client/uuid" = {};
};
systemd.services =
{
xray =
{
serviceConfig =
{
DynamicUser = inputs.lib.mkForce false;
User = "v2ray";
Group = "v2ray";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
LimitNPROC = 65536;
LimitNOFILE = 524288;
};
restartTriggers = [ inputs.config.sops.templates."xray-client.json".file ];
};
v2ray-forwarder =
{
description = "v2ray-forwarder Daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
let
ipset = "${inputs.pkgs.ipset}/bin/ipset";
iptables = "${inputs.pkgs.iptables}/bin/iptables";
ip = "${inputs.pkgs.iproute}/bin/ip";
xmuPort = "10881";
in
{
Type = "simple";
RemainAfterExit = true;
ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start" (builtins.concatStringsSep "\n"
(
[
"${ipset} create xmu_net hash:net"
"${iptables} -t mangle -N v2ray -w"
"${iptables} -t mangle -A PREROUTING -j v2ray -w"
]
++ (map (action: "${iptables} -t mangle -A v2ray ${action} -w")
[
"-m set --match-set xmu_net dst -p tcp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
"-m set --match-set xmu_net dst -p udp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
])
++ [
"${iptables} -t mangle -N v2ray_mark -w"
"${iptables} -t mangle -A OUTPUT -j v2ray_mark -w"
]
++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
(
[ "-m set --match-set xmu_net dst -j MARK --set-mark 1/1" ]
++ (map
(user:
let uid = inputs.config.nixos.user.uid.${user};
in "-m owner --uid-owner ${toString uid} -j DSCP --set-dscp 0x1")
(xray.client.xray.noproxyUsers ++ [ "v2ray" ]))
))
++ [
"${ip} rule add fwmark 1/1 table 100"
"${ip} route add local 0.0.0.0/0 dev lo table 100"
]
));
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
''
${iptables} -t mangle -F v2ray -w
${iptables} -t mangle -D PREROUTING -j v2ray -w
${iptables} -t mangle -X v2ray -w
${iptables} -t mangle -F v2ray_mark -w
${iptables} -t mangle -D OUTPUT -j v2ray_mark -w
${iptables} -t mangle -X v2ray_mark -w
${ip} rule del fwmark 1/1 table 100
${ip} route del local 0.0.0.0/0 dev lo table 100
${ipset} destroy xmu_net
'';
};
};
};
users =
{
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
}
)
(
inputs.lib.mkIf (xray.server != null) (let userList = builtins.genList (n: n) xray.server.userNumber; in
{
services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; };
sops =
{
templates."xray-server.json" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content = builtins.toJSON
{
log.loglevel = "warning";
inbounds =
[
(
let
fallbackPort = toString
(with inputs.config.nixos.services.nginx.global; httpsPort + httpsPortShift.http2);
in
{
port = 4726;
listen = "127.0.0.1";
protocol = "vless";
settings =
{
clients = map
(n:
{
id = inputs.config.sops.placeholder."xray-server/clients/user${toString n}";
flow = "xtls-rprx-vision";
email = "${toString n}@xray.chn.moe";
})
userList;
decryption = "none";
fallbacks = [{ dest = "127.0.0.1:${fallbackPort}"; }];
};
streamSettings =
{
network = "tcp";
security = "reality";
realitySettings =
{
dest = "127.0.0.1:${fallbackPort}";
serverNames = [ xray.server.serverName ];
privateKey = inputs.config.sops.placeholder."xray-server/private-key";
minClientVer = "1.8.0";
shortIds = [ "" ];
};
};
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
tag = "in";
}
)
{
port = 4638;
listen = "127.0.0.1";
protocol = "vless";
settings = { clients = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; }]; decryption = "none"; };
streamSettings.network = "tcp";
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; };
tag = "in-localdns";
}
{
listen = "127.0.0.1";
port = 6149;
protocol = "dokodemo-door";
settings.address = "127.0.0.1";
tag = "api";
}
];
outbounds =
[
{ protocol = "freedom"; tag = "freedom"; }
{
protocol = "vless";
settings.vnext =
[{
address = "127.0.0.1";
port = 4638;
users = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; encryption = "none"; }];
}];
streamSettings.network = "tcp";
tag = "loopback-localdns";
}
];
routing =
{
domainStrategy = "AsIs";
rules = builtins.map (rule: rule // { type = "field"; })
[
{ inboundTag = [ "in" ]; domain = [ "domain:openai.com" ]; outboundTag = "loopback-localdns"; }
{ inboundTag = [ "in" ]; outboundTag = "freedom"; }
{ inboundTag = [ "in-localdns" ]; outboundTag = "freedom"; }
{ inboundTag = [ "api" ]; outboundTag = "api"; }
];
};
stats = {};
api = { tag = "api"; services = [ "StatsService" ]; };
policy =
{
levels."0" = { statsUserUplink = true; statsUserDownlink = true; };
system =
{
statsInboundUplink = true;
statsInboundDownlink = true;
statsOutboundUplink = true;
statsOutboundDownlink = true;
};
};
};
xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
};
sops =
{
templates."xray-client.json" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content =
let
chinaDns = "223.5.5.5";
foreignDns = "8.8.8.8";
in
builtins.toJSON
{
log.loglevel = "info";
dns =
{
servers =
# 先尝试匹配域名列表进行查询,若匹配成功则使用前两个 dns 查询。
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
[
{
address = chinaDns;
domains = [ "geosite:geolocation-cn" ];
expectIPs = [ "geoip:cn" ];
skipFallback = true;
}
{
address = foreignDns;
domains = [ "geosite:geolocation-!cn" ];
expectIPs = [ "geoip:!cn" ];
skipFallback = true;
}
{ address = chinaDns; expectIPs = [ "geoip:cn" ]; }
{ address = foreignDns; }
];
disableCache = true;
queryStrategy = "UseIPv4";
tag = "dns-internal";
};
inbounds =
[
{
port = 10853;
protocol = "dokodemo-door";
settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
tag = "dns-in";
}
{
port = 10880;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
tag = "common-in";
}
{
port = 10881;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "xmu-in";
}
{
port = 10883;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "proxy-in";
}
{ port = 10884; protocol = "socks"; tag = "proxy-socks-in"; }
{ port = 10882; protocol = "socks"; tag = "direct-in"; }
];
outbounds =
[
{
protocol = "vless";
settings.vnext =
[{
address = xray.client.serverAddress;
port = 443;
users =
[{
id = inputs.config.sops.placeholder."xray-client/uuid";
encryption = "none";
flow = "xtls-rprx-vision-udp443";
}];
}];
streamSettings =
{
network = "tcp";
security = "reality";
realitySettings =
{
serverName = xray.client.serverName;
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
fingerprint = "firefox";
};
};
tag = "proxy-vless";
}
{ protocol = "freedom"; tag = "direct"; }
{ protocol = "dns"; tag = "dns-out"; }
{
protocol = "socks";
settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
tag = "xmu-out";
}
{ protocol = "blackhole"; tag = "block"; }
];
routing =
{
domainStrategy = "AsIs";
rules = builtins.map (rule: rule // { type = "field"; })
[
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
{ inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
{ inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
{
inboundTag = [ "common-in" ];
domain = [ "geosite:geolocation-!cn" ];
outboundTag = "proxy-vless";
}
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
];
};
};
};
secrets."xray-client/uuid" = {};
};
systemd.services =
secrets = builtins.listToAttrs
(map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList)
// (builtins.listToAttrs (map
(name:
{
name = "xray-server/telegram/${name}";
value = (let user = inputs.config.users.users.v2ray; in { owner = user.name; inherit (user) group; });
})
[ "token" "chat" ]))
// { "xray-server/private-key" = {}; };
};
systemd =
{
services =
{
xray =
{
@@ -204,305 +466,67 @@ inputs:
LimitNPROC = 65536;
LimitNOFILE = 524288;
};
restartTriggers = [ inputs.config.sops.templates."xray-client.json".file ];
restartTriggers = [ inputs.config.sops.templates."xray-server.json".file ];
};
v2ray-forwarder =
xray-stat =
{
description = "v2ray-forwarder Daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
script =
let
ipset = "${inputs.pkgs.ipset}/bin/ipset";
iptables = "${inputs.pkgs.iptables}/bin/iptables";
ip = "${inputs.pkgs.iproute}/bin/ip";
autoPort = "10880";
xmuPort = "10881";
proxyPort = "10883";
xray = "${inputs.pkgs.xray}/bin/xray";
awk = "${inputs.pkgs.gawk}/bin/awk";
curl = "${inputs.pkgs.curl}/bin/curl";
jq = "${inputs.pkgs.jq}/bin/jq";
sed = "${inputs.pkgs.gnused}/bin/sed";
cat = "${inputs.pkgs.coreutils}/bin/cat";
token = inputs.config.sops.secrets."xray-server/telegram/token".path;
chat = inputs.config.sops.secrets."xray-server/telegram/chat".path;
in
{
Type = "simple";
RemainAfterExit = true;
ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start" (concatStringsSep "\n"
(
[ "${ipset} create lo_net hash:net" ]
++ (map (host: "${ipset} add lo_net ${host}")
[
"0.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12"
"192.0.0.0/24" "192.88.99.0/24" "192.168.0.0/16" "59.77.0.143" "198.18.0.0/15"
"198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "240.0.0.0/4" "255.255.255.255/32"
])
++ [
"${ipset} create xmu_net hash:net"
"${ipset} create noproxy_net hash:net"
"${ipset} add noproxy_net 223.5.5.5"
"${ipset} create noproxy_src_net hash:net"
"${ipset} create proxy_net hash:net"
"${ipset} add proxy_net 8.8.8.8"
]
++ [
"${iptables} -t mangle -N v2ray -w"
"${iptables} -t mangle -A PREROUTING -j v2ray -w"
]
++ (map (action: "${iptables} -t mangle -A v2ray ${action} -w")
[
"-m set --match-set noproxy_src_net src -j RETURN"
"-m set --match-set xmu_net dst -p tcp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
"-m set --match-set xmu_net dst -p udp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
"-m set --match-set noproxy_net dst -j RETURN"
"-m set --match-set proxy_net dst -p tcp -j TPROXY --on-port ${proxyPort} --tproxy-mark 1/1"
"-m set --match-set proxy_net dst -p udp -j TPROXY --on-port ${proxyPort} --tproxy-mark 1/1"
"-m set --match-set lo_net dst -j RETURN"
"-p tcp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
"-p udp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
])
++ [
"${iptables} -t mangle -N v2ray_mark -w"
"${iptables} -t mangle -A OUTPUT -j v2ray_mark -w"
]
++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
[
"-m owner --uid-owner $(id -u v2ray) -j RETURN"
"-m set --match-set noproxy_src_net src -j RETURN"
"-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1"
"-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1"
"-m set --match-set noproxy_net dst -j RETURN"
"-m set --match-set proxy_net dst -p tcp -j MARK --set-mark 1/1"
"-m set --match-set proxy_net dst -p udp -j MARK --set-mark 1/1"
"-m set --match-set lo_net dst -j RETURN"
"-p tcp -j MARK --set-mark 1/1"
"-p udp -j MARK --set-mark 1/1"
])
++ [
"${ip} rule add fwmark 1/1 table 100"
"${ip} route add local 0.0.0.0/0 dev lo table 100"
]
));
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop" (concatStringsSep "\n"
(
[
"${iptables} -t mangle -F v2ray -w"
"${iptables} -t mangle -D PREROUTING -j v2ray -w"
"${iptables} -t mangle -X v2ray -w"
"${iptables} -t mangle -F v2ray_mark -w"
"${iptables} -t mangle -D OUTPUT -j v2ray_mark -w"
"${iptables} -t mangle -X v2ray_mark -w"
"${ip} rule del fwmark 1/1 table 100"
"${ip} route del local 0.0.0.0/0 dev lo table 100"
]
++ (map (set: "${ipset} destroy ${set}")
[ "lo_net" "xmu_net" "noproxy_net" "noproxy_src_net" "proxy_net" ])
));
};
''
message='xray:\n'
for i in {0..${toString ((builtins.length userList) - 1)}}
do
upload_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
-name "user>>>''${i}@xray.chn.moe>>>traffic>>>uplink" | ${jq} '.stat.value' | ${sed} 's/"//g')
[ -z "$upload_bytes" ] && upload_bytes=0
download_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
-name "user>>>''${i}@xray.chn.moe>>>traffic>>>downlink" | ${jq} '.stat.value' | ${sed} 's/"//g')
[ -z "$download_bytes" ] && download_bytes=0
traffic_gb=$(echo | ${awk} "{printf \"%.3f\",(''${upload_bytes}+''${download_bytes})/1073741824}")
message="$message$i"'\t'"''${traffic_gb}"'G\n'
done
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"$message\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
'';
serviceConfig = { Type = "oneshot"; User = "v2ray"; Group = "v2ray"; };
};
};
users =
timers.xray-stat =
{
users.v2ray = { uid = inputs.config.nixos.system.user.user.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.system.user.group.v2ray;
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*-*-* 0:00:00"; Unit = "xray-stat.service"; };
};
environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
}
)
(
mkIf xray.server.enable (let userList = genList (n: n) 30; in
};
users =
{
services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; };
sops =
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
nixos.services =
{
acme.cert.${xray.server.serverName}.group = inputs.config.users.users.nginx.group;
nginx =
{
templates."xray-server.json" =
enable = true;
transparentProxy.map."${xray.server.serverName}" = 4726;
https."${xray.server.serverName}" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content = builtins.toJSON
{
log.loglevel = "warning";
inbounds =
[
(
let
fallbackPort = toString
(with inputs.config.nixos.services.nginx.global; httpsPort + httpsPortShift.http2);
in
{
port = 4726;
listen = "127.0.0.1";
protocol = "vless";
settings =
{
clients = map
(n:
{
id = inputs.config.sops.placeholder."xray-server/clients/user${toString n}";
flow = "xtls-rprx-vision";
email = "${toString n}@xray.chn.moe";
})
userList;
decryption = "none";
fallbacks = [{ dest = "127.0.0.1:${fallbackPort}"; }];
};
streamSettings =
{
network = "tcp";
security = "reality";
realitySettings =
{
dest = "127.0.0.1:${fallbackPort}";
serverNames = [ xray.server.serverName ];
privateKey = inputs.config.sops.placeholder."xray-server/private-key";
minClientVer = "1.8.0";
shortIds = [ "" ];
};
};
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
tag = "in";
}
)
{
port = 4638;
listen = "127.0.0.1";
protocol = "vless";
settings = { clients = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; }]; decryption = "none"; };
streamSettings.network = "tcp";
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; };
tag = "in-localdns";
}
{
listen = "127.0.0.1";
port = 6149;
protocol = "dokodemo-door";
settings.address = "127.0.0.1";
tag = "api";
}
];
outbounds =
[
{ protocol = "freedom"; tag = "freedom"; }
{
protocol = "vless";
settings.vnext =
[{
address = "127.0.0.1";
port = 4638;
users = [{ id = "be01f0a0-9976-42f5-b9ab-866eba6ed393"; encryption = "none"; }];
}];
streamSettings.network = "tcp";
tag = "loopback-localdns";
}
];
routing =
{
domainStrategy = "AsIs";
rules = builtins.map (rule: rule // { type = "field"; })
[
{ inboundTag = [ "in" ]; domain = [ "domain:openai.com" ]; outboundTag = "loopback-localdns"; }
{ inboundTag = [ "in" ]; outboundTag = "freedom"; }
{ inboundTag = [ "in-localdns" ]; outboundTag = "freedom"; }
{ inboundTag = [ "api" ]; outboundTag = "api"; }
];
};
stats = {};
api = { tag = "api"; services = [ "StatsService" ]; };
policy =
{
levels."0" = { statsUserUplink = true; statsUserDownlink = true; };
system =
{
statsInboundUplink = true;
statsInboundDownlink = true;
statsOutboundUplink = true;
statsOutboundDownlink = true;
};
};
};
};
secrets = listToAttrs (map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList)
// (listToAttrs (map
(name:
{
name = "xray-server/telegram/${name}";
value = (let user = inputs.config.users.users.v2ray; in { owner = user.name; inherit (user) group; });
})
[ "token" "chat" ]))
// { "xray-server/private-key" = {}; };
};
systemd =
{
services =
{
xray =
{
serviceConfig =
{
DynamicUser = inputs.lib.mkForce false;
User = "v2ray";
Group = "v2ray";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
LimitNPROC = 65536;
LimitNOFILE = 524288;
};
restartTriggers = [ inputs.config.sops.templates."xray-server.json".file ];
};
xray-stat =
{
script =
let
xray = "${inputs.pkgs.xray}/bin/xray";
awk = "${inputs.pkgs.gawk}/bin/awk";
curl = "${inputs.pkgs.curl}/bin/curl";
jq = "${inputs.pkgs.jq}/bin/jq";
sed = "${inputs.pkgs.gnused}/bin/sed";
cat = "${inputs.pkgs.coreutils}/bin/cat";
token = inputs.config.sops.secrets."xray-server/telegram/token".path;
chat = inputs.config.sops.secrets."xray-server/telegram/chat".path;
in
''
message='xray:\n'
for i in {0..${toString ((length userList) - 1)}}
do
upload_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
-name "user>>>''${i}@xray.chn.moe>>>traffic>>>uplink" | ${jq} '.stat.value' | ${sed} 's/"//g')
[ -z "$upload_bytes" ] && upload_bytes=0
download_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
-name "user>>>''${i}@xray.chn.moe>>>traffic>>>downlink" | ${jq} '.stat.value' | ${sed} 's/"//g')
[ -z "$download_bytes" ] && download_bytes=0
traffic_gb=$(echo | ${awk} "{printf \"%.3f\",(''${upload_bytes}+''${download_bytes})/1073741824}")
message="$message$i"'\t'"''${traffic_gb}"'G\n'
done
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"$message\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
'';
serviceConfig = { Type = "oneshot"; User = "v2ray"; Group = "v2ray"; };
};
};
timers.xray-stat =
{
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*-*-* 0:00:00"; Unit = "xray-stat.service"; };
listen.main = { proxyProtocol = false; addToTransparentProxy = false; };
location."/".return.return = "400";
};
};
users =
{
users.v2ray = { uid = inputs.config.nixos.system.user.user.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.system.user.group.v2ray;
};
nixos.services =
{
acme = { enable = true; cert.${xray.server.serverName}.group = inputs.config.users.users.nginx.group; };
nginx =
{
enable = true;
transparentProxy.map."${xray.server.serverName}" = 4726;
https."${xray.server.serverName}" =
{
listen.main = { proxyProtocol = false; addToTransparentProxy = false; };
location."/".return.return = "400";
};
};
};
}
))
];
};
}
))
];
}

38
modules/services/xrdp.nix
View File

@@ -7,12 +7,7 @@ inputs:
hostname = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
optimise =
{
type = mkOption
{
type = types.nullOr (types.enum [ "nvidia" "glamor" ]);
default =
{ intel = "glamor"; nvidia = "nvidia"; amd = "glamor"; }.${inputs.config.nixos.hardware.gpu.type} or null;
};
type = mkOption { type = types.nullOr (types.enum [ "nvidia" "glamor" ]); default = null; };
nvidiaBusId = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
};
@@ -24,27 +19,26 @@ inputs:
[
{
assertions =
[
{
assertion = !inputs.config.nixos.system.envfs.enable;
message = "Somehow xrdp could not start if envfs is enabled";
}
{
assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
message = "nvidiaBusId must be set if optimise type is nvidia";
}
];
[{
assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
message = "nvidiaBusId must be set if optimise type is nvidia";
}];
}
{
services.xrdp =
{
enable = true;
package = mkIf (xrdp.optimise.type != null)
(inputs.pkgs.xrdp.override { variant = xrdp.optimise.type; inherit (xrdp.optimise) nvidiaBusId; });
package = mkIf (xrdp.optimise.type != null) (inputs.pkgs.xrdp.override
{
variant = xrdp.optimise.type;
inherit (xrdp.optimise) nvidiaBusId;
nvidiaPackage = inputs.config.hardware.nvidia.package;
});
port = xrdp.port;
openFirewall = true;
defaultWindowManager = "${inputs.pkgs.plasma-workspace}/bin/startplasma-x11";
};
environment.etc.xrdp.source = "${inputs.config.services.xrdp.package}/etc/xrdp";
}
(
mkIf (xrdp.hostname != null)
@@ -56,12 +50,8 @@ inputs:
services.xrdp =
let keydir = inputs.config.security.acme.certs.${mainDomain}.directory;
in { sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
nixos.services.acme =
{
enable = true;
cert.${mainDomain} =
{ domains = xrdp.hostname; group = inputs.config.systemd.services.xrdp.serviceConfig.Group; };
};
nixos.services.acme.cert.${mainDomain} =
{ domains = xrdp.hostname; group = inputs.config.systemd.services.xrdp.serviceConfig.Group; };
}
)
)

20
modules/system/default.nix
View File

@@ -1,24 +1,6 @@
inputs:
{
imports = inputs.localLib.mkModules
[
./nix.nix
./fileSystems
./grub.nix
./initrd.nix
./kernel
./impermanence.nix
./gui.nix
./nixpkgs.nix
./networking.nix
./systemd.nix
./security.nix
./sops.nix
./user.nix
./sysctl.nix
./envfs.nix
./binfmt.nix
];
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
config =
{
services = { dbus.implementation = "broker"; fstrim.enable = true; acpid.enable = true; };

8
modules/system/envfs.nix
View File

@@ -1,10 +1,8 @@
inputs:
{
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
};
config = inputs.lib.mkIf inputs.config.nixos.system.envfs.enable (inputs.lib.mkMerge
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null) (inputs.lib.mkMerge
[
(builtins.elemAt inputs.topInputs.envfs.nixosModules.envfs.imports 0 inputs)
{ environment.variables.ENVFS_RESOLVE_ALWAYS = "1"; }

53
modules/system/fileSystems/default.nix
View File

@@ -50,17 +50,19 @@ inputs:
# device or { device, offset }
resume = mkOption
{
type = types.nullOr (types.str or (types.submodule
{
options =
{ device = mkOption { type = types.nonEmptyStr; }; offset = mkOption { type = types.ints.unsigned; }; };
}));
type = types.nullOr (types.oneOf [ types.nonEmptyStr (types.submodule { options =
{ device = mkOption { type = types.nonEmptyStr; }; offset = mkOption { type = types.ints.unsigned; }; };
})]);
default = null;
};
rollingRootfs = mkOption
{
type = types.nullOr (types.submodule { options =
{ device = mkOption { type = types.nonEmptyStr; }; path = mkOption { type = types.nonEmptyStr; }; }; });
{
device = mkOption { type = types.nonEmptyStr; default = inputs.config.fileSystems."/".device; };
path = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs"; };
waitDevices = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};});
default = null;
};
};
@@ -236,23 +238,28 @@ inputs:
before = [ "local-fs-pre.target" "sysroot.mount" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script = let inherit (fileSystems.rollingRootfs) device path; in
''
while ! lsmod | grep -q btrfs; do sleep 1; done
while ! [ -e ${device} ]; do sleep 1; done
mount ${device} /mnt -m
if [ -f /mnt${path}/current/.timestamp ]
then
timestamp=$(cat /mnt${path}/current/.timestamp)
subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
fi
btrfs subvolume create /mnt${path}/current
chattr +C /mnt${path}/current
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
umount /mnt
'';
script =
let
inherit (fileSystems.rollingRootfs) device path waitDevices;
waitDevice = concatStringsSep "\n" (builtins.map
(device: "while ! [ -e ${device} ]; do sleep 1; done") (waitDevices ++ [ device ]));
in
''
while ! lsmod | grep -q btrfs; do sleep 1; done
${waitDevice}
mount ${device} /mnt -m
if [ -f /mnt${path}/current/.timestamp ]
then
timestamp=$(cat /mnt${path}/current/.timestamp)
subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
fi
btrfs subvolume create /mnt${path}/current
chattr +C /mnt${path}/current
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
umount /mnt
'';
};
};
}

5
modules/system/impermanence.nix
View File

@@ -20,8 +20,6 @@ inputs:
hideMounts = true;
directories =
[
{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }
"/home"
"/root"
"/var/db"
"/var/lib"
@@ -48,11 +46,12 @@ inputs:
"/var/lib/systemd/linger"
"/var/lib/systemd/coredump"
{ directory = "/var/lib/docker"; mode = "0710"; }
"/var/lib/flatpak"
]
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
}
// (if builtins.elem "chn" inputs.config.nixos.users.users then
// (if builtins.elem "chn" inputs.config.nixos.user.users then
{
users.chn =
{

246
modules/system/kernel/default.nix
View File

@@ -2,7 +2,11 @@ inputs:
{
options.nixos.system.kernel = let inherit (inputs.lib) mkOption types; in
{
varient = mkOption { type = types.enum [ "lts" "latest" ]; default = "lts"; };
varient = mkOption
{
type = types.enum [ "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" ];
default = "xanmod-lts";
};
patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
modules =
{
@@ -12,123 +16,137 @@ inputs:
modprobeConfig = mkOption { type = types.listOf types.str; default = []; };
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) mkConditional;
inherit (inputs.config.nixos.system) kernel;
in { boot =
config = let inherit (inputs.config.nixos.system) kernel; in inputs.lib.mkMerge
[
{
kernelModules = [ "br_netfilter" ] ++ kernel.modules.load;
# modprobe --show-depends
initrd.availableKernelModules =
[
"ahci" "ata_piix" "bfq" "failover" "net_failover" "nls_cp437" "nls_iso8859-1" "nvme" "sdhci_acpi" "sd_mod"
"sr_mod" "usbcore" "usbhid" "usbip-core" "usb-common" "usb_storage" "vhci-hcd" "virtio" "virtio_blk"
"virtio_net" "virtio_pci" "xhci_pci" "virtio_ring" "virtio_scsi" "cryptd" "crypto_simd" "libaes"
# networking for nas
"igb"
# yoga
"lenovo_yogabook"
];
extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
kernelParams = [ "delayacct" "acpi_osi=Linux" "acpi.ec_no_wakeup=1" ];
kernelPackages =
boot =
{
lts = inputs.pkgs.linuxPackages_xanmod;
latest = inputs.pkgs.linuxPackages_xanmod_latest;
}.${kernel.varient};
kernelPatches =
let
patches =
{
cjktty =
[{
name = "cjktty";
patch =
let
version = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
major = builtins.elemAt version 0;
minor = builtins.elemAt version 1;
in inputs.pkgs.fetchurl
{
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/"
+ "v${major}.x/cjktty-${major}.${minor}.patch";
sha256 =
let
hashes =
{
"6.1" = "11ddiammvjxx2m9v32p25l1ai759a1d6xhdpszgnihv7g2fzigf5";
"6.6" = "19ib0syj3207ifr315gdrnpv6nhh435fmgl05c7k715nng40i827";
"6.7" = "1yfsmc0873xiwlirir0xfp9zyrpd09q1srgr3z4rl7i7lxzaqls8";
};
in hashes."${major}.${minor}";
};
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
}];
lantian =
[{
name = "lantian";
patch = null;
# pick from xddxdd/nur-packages dce93a
extraStructuredConfig = with inputs.lib.kernel;
{
ACPI_PCI_SLOT = yes;
ENERGY_MODEL = yes;
PARAVIRT_TIME_ACCOUNTING = yes;
PM_AUTOSLEEP = yes;
WQ_POWER_EFFICIENT_DEFAULT = yes;
PREEMPT_VOLUNTARY = inputs.lib.mkForce no;
PREEMPT = inputs.lib.mkForce yes;
NO_HZ_FULL = yes;
HZ_1000 = inputs.lib.mkForce yes;
HZ_250 = inputs.lib.mkForce no;
HZ = inputs.lib.mkForce (freeform "1000");
};
}];
surface =
let
version =
let versionArray = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
kernelPatches = builtins.map
(file:
kernelModules = [ "br_netfilter" ] ++ kernel.modules.load;
# modprobe --show-depends
initrd.availableKernelModules =
[
"ahci" "ata_piix" "bfq" "failover" "net_failover" "nls_cp437" "nls_iso8859-1" "nvme" "sdhci_acpi" "sd_mod"
"sr_mod" "usbcore" "usbhid" "usbip-core" "usb-common" "usb_storage" "vhci-hcd" "virtio" "virtio_blk"
"virtio_net" "virtio_pci" "xhci_pci" "virtio_ring" "virtio_scsi" "cryptd" "crypto_simd" "libaes"
# networking for nas
"igb"
];
extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
kernelParams = [ "delayacct" "acpi_osi=Linux" "acpi.ec_no_wakeup=1" ];
kernelPackages =
{
xanmod-lts = inputs.pkgs.linuxPackages_xanmod;
xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest;
cachyos = inputs.pkgs.linuxPackages_cachyos;
cachyos-lto = inputs.pkgs.linuxPackages_cachyos-lto;
}.${kernel.varient};
kernelPatches =
let
patches =
{
cjktty =
[{
name = "cjktty";
patch =
let
version = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
major = builtins.elemAt version 0;
minor = builtins.elemAt version 1;
in inputs.pkgs.fetchurl
{
name = "surface-${file.name}";
patch = "${inputs.topInputs.linux-surface}/patches/${version}/${file.name}";
})
(builtins.filter
(file: file.value == "regular")
(inputs.localLib.attrsToList (builtins.readDir
"${inputs.topInputs.linux-surface}/patches/${version}")));
kernelConfig = builtins.removeAttrs
(builtins.listToAttrs (builtins.concatLists (builtins.map
(configString:
if builtins.match "CONFIG_.*=." configString == [] then
(
let match = builtins.match "CONFIG_(.*)=(.)" configString; in with inputs.lib.kernel;
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/"
+ "v${major}.x/cjktty-${major}.${minor}.patch";
sha256 =
let
hashes =
{
"6.1" = "11ddiammvjxx2m9v32p25l1ai759a1d6xhdpszgnihv7g2fzigf5";
"6.6" = "19ib0syj3207ifr315gdrnpv6nhh435fmgl05c7k715nng40i827";
"6.7" = "1yfsmc0873xiwlirir0xfp9zyrpd09q1srgr3z4rl7i7lxzaqls8";
};
in hashes."${major}.${minor}";
};
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
}];
lantian =
[{
name = "lantian";
patch = null;
# pick from xddxdd/nur-packages dce93a
extraStructuredConfig = with inputs.lib.kernel;
{
ACPI_PCI_SLOT = yes;
ENERGY_MODEL = yes;
PARAVIRT_TIME_ACCOUNTING = yes;
PM_AUTOSLEEP = yes;
WQ_POWER_EFFICIENT_DEFAULT = yes;
PREEMPT_VOLUNTARY = inputs.lib.mkForce no;
PREEMPT = inputs.lib.mkForce yes;
NO_HZ_FULL = yes;
HZ_1000 = inputs.lib.mkForce yes;
HZ_250 = inputs.lib.mkForce no;
HZ = inputs.lib.mkForce (freeform "1000");
};
}];
surface =
let
version =
let versionArray = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
kernelPatches = builtins.map
(file:
{
name = "surface-${file.name}";
patch = "${inputs.topInputs.linux-surface}/patches/${version}/${file.name}";
})
(builtins.filter
(file: file.value == "regular")
(inputs.localLib.attrsToList (builtins.readDir
"${inputs.topInputs.linux-surface}/patches/${version}")));
kernelConfig = builtins.removeAttrs
(builtins.listToAttrs (builtins.concatLists (builtins.map
(configString:
if builtins.match "CONFIG_.*=." configString == [] then
(
let match = builtins.match "CONFIG_(.*)=(.)" configString; in with inputs.lib.kernel;
[{
name = builtins.elemAt match 0;
value = { m = module; y = yes; }.${builtins.elemAt match 1};
}]
)
else if builtins.match "# CONFIG_.* is not set" configString == [] then
[{
name = builtins.elemAt match 0;
value = { m = module; y = yes; }.${builtins.elemAt match 1};
name = builtins.elemAt (builtins.match "# CONFIG_(.*) is not set" configString) 0;
value = inputs.lib.kernel.unset;
}]
else if builtins.match "#.*" configString == [] then []
else if configString == "" then []
else throw "could not parse: ${configString}"
)
else if builtins.match "# CONFIG_.* is not set" configString == [] then
[{
name = builtins.elemAt (builtins.match "# CONFIG_(.*) is not set" configString) 0;
value = inputs.lib.kernel.unset;
}]
else if builtins.match "#.*" configString == [] then []
else if configString == "" then []
else throw "could not parse: ${configString}"
)
(inputs.lib.strings.splitString "\n"
(builtins.readFile "${inputs.topInputs.linux-surface}/configs/surface-${version}.config")))))
[ "VIDEO_IPU3_IMGU" ];
in kernelPatches ++ [{ name = "surface-config"; patch = null; extraStructuredConfig = kernelConfig; }];
hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
};
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};};
(inputs.lib.strings.splitString "\n"
(builtins.readFile "${inputs.topInputs.linux-surface}/configs/surface-${version}.config")))))
[ "VIDEO_IPU3_IMGU" ];
in kernelPatches ++ [{ name = "surface-config"; patch = null; extraStructuredConfig = kernelConfig; }];
hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
};
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
}
(
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "cachyos" kernel.varient)
(
let scx =
let rustPlatform = inputs.pkgs.unstablePackages.rustPlatform;
in inputs.pkgs.scx.override (prev:
{
scx-layered = prev.scx-layered.override { inherit rustPlatform; };
scx-rustland = prev.scx-rustland.override { inherit rustPlatform; };
scx-rusty = prev.scx-rusty.override { inherit rustPlatform; };
});
in { environment.systemPackages = [ scx ]; }
)
)
];
}

125
modules/system/networking.nix
View File

@@ -3,26 +3,34 @@ inputs:
options.nixos.system.networking = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
};
config =
let
inherit (inputs.config.nixos.system) networking;
in
networkManager.enable = mkOption
{ type = types.bool; default = inputs.config.nixos.system.networking.networkd == null; };
networkd = mkOption
{
networking =
type = types.nullOr (types.submodule { options =
{
networkmanager =
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
static = mkOption
{
enable = true;
# let networkmanager ignore the kernel command line `ip=xxx`
extraConfig =
''
[device]
keep-configuration=no
'';
type = types.attrsOf (types.submodule { options =
{
ip = mkOption { type = types.nonEmptyStr; };
mask = mkOption { type = types.ints.unsigned; };
gateway = mkOption { type = types.nonEmptyStr; };
dns = mkOption { type = types.nonEmptyStr; default = null; };
};});
default = {};
};
hostName = networking.hostname;
};
};});
default = null;
};
wireless = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
config = let inherit (inputs.config.nixos.system) networking; in inputs.lib.mkMerge
[
# general config
{
networking.hostName = networking.hostname;
boot.kernel.sysctl =
{
"net.core.rmem_max" = 67108864;
@@ -44,5 +52,88 @@ inputs:
"net.bridge.bridge-nf-call-ip6tables" = false;
"net.bridge.bridge-nf-call-arptables" = false;
};
};
}
# networkManager
(inputs.lib.mkIf networking.networkManager.enable
{
networking.networkmanager =
{
enable = true;
# let networkmanager ignore the kernel command line `ip=xxx`
extraConfig =
''
[device]
keep-configuration=no
'';
};
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
})
# networkd
(inputs.lib.mkIf (networking.networkd != null)
{
systemd.network =
{
enable = true;
networks = builtins.listToAttrs
(
(builtins.map
(network:
{
name = "10-${network.ssid}";
value =
{
matchConfig.Name = network.ssid;
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
linkConfig.RequiredForOnline = "routable";
};
})
networking.networkd.dhcp)
++ (builtins.map
(network:
{
name = "10-${network.name}";
value =
{
matchConfig.Name = network.name;
address = [ "${network.ip}/${builtins.toString network.mask}" ];
routes = [{ routeConfig.Gateway = network.gateway; }];
linkConfig.RequiredForOnline = "routable";
};
})
(inputs.localLib.attrsToList networking.networkd.static))
);
};
networking =
{
networkmanager.unmanaged = with networking.networkd; dhcp ++ (builtins.attrNames static);
useNetworkd = true;
};
})
# wpa_supplicant
(inputs.lib.mkIf (networking.wireless != [])
{
networking.wireless =
{
enable = true;
networks = builtins.listToAttrs (builtins.map
(network:
{
name = network;
value.psk = "@${builtins.hashString "md5" network}_PSK@";
})
networking.wireless);
environmentFile = inputs.config.sops.templates."wireless.env".path;
};
sops =
{
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
(network: "${builtins.hashString "md5" network}_PSK=${inputs.config.sops.placeholder."wireless/${network}"}")
networking.wireless);
secrets = builtins.listToAttrs (builtins.map
(network: { name = "wireless/${network}"; value = {}; })
networking.wireless);
};
})
];
}

66
modules/system/nix.nix
View File

@@ -7,6 +7,19 @@ inputs:
includeBuildDependencies = mkOption { type = types.bool; default = inputs.topInputs.self.config.archive; };
substituters = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
autoOptimiseStore = mkOption { type = types.bool; default = false; };
remote =
{
slave =
{
enable = mkOption { type = types.bool; default = false; };
mandatoryFeatures = mkOption { type = types.listOf types.nonEmptyStr; default = [ "big-parallel" ]; };
};
master =
{
enable = mkOption { type = types.bool; default = false; };
hosts = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
};
config = let inherit (inputs.config.nixos.system) nix; in inputs.lib.mkMerge
[
@@ -19,6 +32,7 @@ inputs:
keep-failed = true;
max-substitution-jobs = 4;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
trusted-users = [ "@wheel" ];
show-trace = true;
max-jobs = 4;
cores = 0;
@@ -65,20 +79,66 @@ inputs:
(with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ])
else nix.marches
))
++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "nvhpcarch-${march}" ]);
++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "gccarch-exact-${march}" ]);
}
# includeBuildDependencies
(inputs.lib.mkIf nix.includeBuildDependencies
{
system.includeBuildDependencies = nix.includeBuildDependencies;
}
})
# substituters
{
nix.settings.substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
}
# autoOptimiseStore
(inputs.lib.mkIf nix.autoOptimiseStore
{
nix.settings.auto-optimise-store = nix.autoOptimiseStore;
}
})
# remote.slave
(inputs.lib.mkIf nix.remote.slave.enable
{
nix =
{
sshServe =
{
enable = true;
keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAdUiHbT1Vs++5L0OPaMtYG7Wa0ejbJs2KBZ4QAspM4n nix-ssh@pc" ];
write = true;
protocol = "ssh-ng";
};
settings.trusted-users = [ "nix-ssh" ];
};
})
# remote.master
(inputs.lib.mkIf nix.remote.master.enable
{
assertions = builtins.map
(host:
{
assertion = inputs.topInputs.self.nixosConfigurations.${host}.config.nixos.system.nix.remote.slave.enable;
message = "remote.slave.enable is not set for ${host}";
})
nix.remote.master.hosts;
nix =
{
distributedBuilds = true;
buildMachines = builtins.map
(host: let hostConfig = inputs.topInputs.self.nixosConfigurations.${host}.config; in
{
hostName = host;
protocol = "ssh-ng";
systems = [ "x86_64-linux" ] ++ hostConfig.nix.settings.extra-platforms;
sshUser = "nix-ssh";
sshKey = inputs.config.sops.secrets."nix/remote".path;
maxJobs = 1;
inherit (hostConfig.nixos.system.nix.remote.slave) mandatoryFeatures;
supportedFeatures = hostConfig.nix.settings.system-features;
})
nix.remote.master.hosts;
};
sops.secrets."nix/remote" = {};
})
# c++ include path
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";

10
modules/system/nixpkgs.nix
View File

@@ -33,7 +33,6 @@ inputs:
{ cudaCapabilities = nixpkgs.cuda.capabilities; })
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
// (inputs.lib.optionalAttrs (nixpkgs.march != null) { nvhpcArch = nixpkgs.march; })
);
in
{
@@ -45,8 +44,13 @@ inputs:
(filter (package: inputs.pkgs ? ${package}) permittedInsecurePackages);
allowUnfree = true;
qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda.enable; };
oneapiArch = mkIf (nixpkgs.march != null) nixpkgs.march;
};
}
// (if nixpkgs.march == null then {} else
{
oneapiArch = let match = { znver3 = "CORE-AVX2"; znver4 = "CORE-AVX512"; };
in match.${nixpkgs.march} or nixpkgs.march;
nvhpcArch = nixpkgs.march;
});
overlays =
[(final: prev:
let

6
modules/system/security.nix
View File

@@ -31,8 +31,14 @@ inputs:
]);
};
yubico = { enable = true; id = "91291"; };
loginLimits =
[
{ domain = "@users"; item = "nofile"; value = 65536; }
{ domain = "@users"; item = "stack"; value = "unlimited"; }
];
};
sudo.extraConfig = "Defaults pwfeedback";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=65536:524288";
};
}

41
modules/system/user.nix
View File

@@ -1,41 +0,0 @@
inputs:
{
options.nixos.system.user = let inherit (inputs.lib) mkOption types; in
{
user = mkOption
{
type = types.attrsOf types.ints.unsigned;
readOnly = true;
default =
{
chn = 1000;
xll = 1001;
yjq = 1002;
yxy = 1003;
zem = 1004;
gb = 1005;
test = 1006;
misskey-misskey = 2000;
misskey-misskey-old = 2001;
frp = 2002;
mirism = 2003;
httpapi = 2004;
httpua = 2005;
rsshub = 2006;
v2ray = 2007;
fz-new-order = 2008;
synapse-synapse = 2009;
synapse-matrix = 2010;
};
};
group = mkOption
{
type = types.attrsOf types.ints.unsigned;
readOnly = true;
default = inputs.config.nixos.system.user.user //
{
groupshare = 3000;
};
};
};
}

82
modules/user/chn/default.nix Normal file
View File

@@ -0,0 +1,82 @@
inputs:
{
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos) user;
inherit (builtins) listToAttrs;
in mkIf (builtins.elem "chn" user.users)
{
users.users.chn =
{
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" ]
(builtins.attrNames inputs.config.users.groups);
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
openssh.authorizedKeys.keys = [(builtins.readFile ./id_ed25519_sk.pub)];
};
home-manager.users.chn =
{
config =
{
programs =
{
git = { userName = "chn"; userEmail = "chn@chn.moe"; };
ssh.matchBlocks =
{
# identityFile = "~/.ssh/xmuhk_id_rsa";
xmuhk = { host = "xmuhk"; hostname = "10.26.14.56"; user = "xmuhk"; };
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
}
// (listToAttrs (map
(system: { name = system; value.forwardAgent = true; })
[
"vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas"
"wireguard.surface" "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
]));
};
home =
{
file.groupshare.enable = false;
packages =
[
(
let
servers = builtins.filter
(system: system.value.enable)
(builtins.map
(system:
{
name = system.config.nixos.system.networking.hostname;
value = system.config.nixos.system.fileSystems.decrypt.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
cat = "${inputs.pkgs.coreutils}/bin/cat";
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
ssh = "${inputs.pkgs.openssh}/bin/ssh";
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
(
(builtins.map (system: builtins.concatStringsSep "\n"
[
"decrypt-${system.name}() {"
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
(builtins.concatStringsSep "\n" (builtins.map
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
+ (if device.value.ssd then "--allow-discards " else "")
+ "${device.name} ${device.value.mapper} -")
(inputs.localLib.attrsToList system.value.devices)))
"}"
])
servers)
++ [ "decrypt-$1" ]
))
)
];
};
pam.yubico.authorizedYubiKeys.ids = [ "cccccbgrhnub" ];
};
};
};
}

1
modules/user/chn/id_ed25519_sk.pub Normal file
View File

@@ -0,0 +1 @@
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= chn@pc

1
modules/user/chn/id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXlhoouWG+arWJz02vBP/lxpG2tUjx8jhGBnDeNyMu0OtGcnHMAWcb3YDP0A2XJIVFBCCZMM2REwnSNbHRSCl1mTdRbelfjA+7Jqn1wnrDXkAOG3S8WYXryPGpvavu6lgW7p+dIhGiTLWwRbFH+epFTn1hZ3A1UofVIWTOPdoOnx6k7DpQtIVMWiIXLg0jIkOZiTMr3jKfzLMBAqQ1xbCV2tVwbEY02yxxyxIznbpSPReyn1RDLWyqqLRd/oqGPzzhEXNGNAZWnSoItkYq9Bxh2AvMBihiTir3FEVPDgDLtS5LUpM93PV1yTr6JyCPAod9UAxpfBYzHKse0KCQFoZH chn@chn-PC

0
modules/users/chn/plasma/autostart.nix → modules/user/chn/plasma/autostart.nix
View File

4
modules/user/chn/plasma/default.nix Normal file
View File

@@ -0,0 +1,4 @@
inputs:
{
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
}

0
modules/users/chn/plasma/shortcuts.nix → modules/user/chn/plasma/shortcuts.nix
View File

0
modules/users/chn/plasma/theme.nix → modules/user/chn/plasma/theme.nix
View File

0
modules/users/chn/plasma/wallpaper/default.nix → modules/user/chn/plasma/wallpaper/default.nix
View File

0
modules/users/chn/plasma/wallpaper/fanbox-5405326-x4-chop.png → modules/user/chn/plasma/wallpaper/fanbox-5405326-x4-chop.png
View File

0
modules/users/chn/plasma/wallpaper/fanbox-5405326.png → modules/user/chn/plasma/wallpaper/fanbox-5405326.png
View File

Some files were not shown because too many files have changed in this diff Show More