diff --git a/config/base.nix b/config/base.nix index 32ba71e..ae7be01 100644 --- a/config/base.nix +++ b/config/base.nix @@ -6,7 +6,7 @@ networking.hostName = hostname; # don't change this unless you know what you are doing! # for further information, see wiki.nixos.org - system.stateVersion = "24.11"; + system.stateVersion = "25.05"; # disable this since we already have machine-id persisted systemd.services."systemd-machine-id-commit".enable = !config.my.persist.enable; @@ -14,7 +14,7 @@ home = { # nicely reload system units when changing configs systemd.user.startServices = "sd-switch"; - home.stateVersion = "24.11"; + home.stateVersion = "25.05"; }; xdg.enable = true; diff --git a/config/hosts/imxyy-nix/default.nix b/config/hosts/ccl-nix/default.nix similarity index 100% rename from config/hosts/imxyy-nix/default.nix rename to config/hosts/ccl-nix/default.nix diff --git a/config/hosts/imxyy-nix/hardware.nix b/config/hosts/ccl-nix/hardware.nix similarity index 100% rename from config/hosts/imxyy-nix/hardware.nix rename to config/hosts/ccl-nix/hardware.nix diff --git a/config/hosts/imxyy-nix/home.nix b/config/hosts/ccl-nix/home.nix similarity index 100% rename from config/hosts/imxyy-nix/home.nix rename to config/hosts/ccl-nix/home.nix diff --git a/config/hosts/imxyy-nix/net.nix b/config/hosts/ccl-nix/net.nix similarity index 100% rename from config/hosts/imxyy-nix/net.nix rename to config/hosts/ccl-nix/net.nix diff --git a/config/hosts/imxyy-nix/nixos.nix b/config/hosts/ccl-nix/nixos.nix similarity index 100% rename from config/hosts/imxyy-nix/nixos.nix rename to config/hosts/ccl-nix/nixos.nix diff --git a/config/hosts/imxyy-nix/virt.nix b/config/hosts/ccl-nix/virt.nix similarity index 100% rename from config/hosts/imxyy-nix/virt.nix rename to config/hosts/ccl-nix/virt.nix diff --git a/config/hosts/imxyy-nix-server/ai.nix b/config/hosts/imxyy-nix-server/ai.nix deleted file mode 100644 index a677316..0000000 --- a/config/hosts/imxyy-nix-server/ai.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - services.open-webui = { - enable = true; - host = "127.0.0.1"; - port = 8089; - package = pkgs.stable.open-webui; - }; - services.caddy.virtualHosts."ai.imxyy.top" = { - extraConfig = '' - reverse_proxy :8089 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/build.nix b/config/hosts/imxyy-nix-server/build.nix deleted file mode 100644 index b3c24dc..0000000 --- a/config/hosts/imxyy-nix-server/build.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - pkgs, - secrets, - ... -}: -{ - sops.secrets.et-imxyy-nix-server-nixremote = { - sopsFile = secrets.et-imxyy-nix-server-nixremote; - format = "binary"; - }; - environment.systemPackages = [ pkgs.easytier ]; - systemd.services."easytier-nixremote" = { - enable = true; - script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server-nixremote.path}"; - serviceConfig = { - Restart = "always"; - RestartSec = 30; - User = "root"; - }; - wantedBy = [ "multi-user.target" ]; - after = [ - "network.target" - "sops-nix.service" - ]; - }; - users.groups.nixremote = { }; - users.users.nixremote = { - isSystemUser = true; - description = "nix remote build user"; - group = "nixremote"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix" - ]; - }; - nix.settings.trusted-users = [ - "nixremote" - ]; -} diff --git a/config/hosts/imxyy-nix-server/caddy.nix b/config/hosts/imxyy-nix-server/caddy.nix deleted file mode 100644 index c0e3f5f..0000000 --- a/config/hosts/imxyy-nix-server/caddy.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - services.caddy = { - enable = true; - email = "acme@imxyy.top"; - }; - security.acme = { - acceptTerms = true; - defaults.email = "acme@imxyy.top"; - }; -} diff --git a/config/hosts/imxyy-nix-server/code.nix b/config/hosts/imxyy-nix-server/code.nix deleted file mode 100644 index cee2d66..0000000 --- a/config/hosts/imxyy-nix-server/code.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, ... }: -{ - services.postgresql.ensureUsers = [ - { - name = "coder"; - ensureDBOwnership = true; - } - ]; - services.postgresql.ensureDatabases = [ "coder" ]; - virtualisation.oci-containers.containers.coder = { - image = "ghcr.io/coder/coder:latest"; - environment = { - CODER_ACCESS_URL = "https://coder.imxyy.top"; - CODER_HTTP_ADDRESS = "0.0.0.0:8086"; - CODER_PG_CONNECTION_URL = "postgresql://coder:coderdatabase@127.0.0.1/coder?sslmode=disable"; - }; - extraOptions = [ - "--network=host" - "--group-add=${toString config.users.groups.podman.gid}" - ]; - volumes = [ - "/var/lib/coder:/home/coder/.config" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - ports = [ "8086:8086" ]; - }; - services.caddy.virtualHosts."coder.imxyy.top" = { - extraConfig = '' - reverse_proxy :8086 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/default.nix b/config/hosts/imxyy-nix-server/default.nix deleted file mode 100644 index 371ddeb..0000000 --- a/config/hosts/imxyy-nix-server/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - imports = [ - ./nixos.nix - ./hardware.nix - ./home.nix - ./virt.nix - ./docker.nix - ./minecraft.nix - ./samba.nix - ./net.nix - ./caddy.nix - ./nextcloud.nix - ./mail.nix - ./gitea.nix - ./vault.nix - ./homepage.nix - ./code.nix - ./yesplaymusic.nix - ./ai.nix - ./grafana.nix - ./note.nix - ./matrix.nix - ./minio.nix - ./build.nix - ./immich.nix - ]; -} diff --git a/config/hosts/imxyy-nix-server/docker.nix b/config/hosts/imxyy-nix-server/docker.nix deleted file mode 100644 index ec2064c..0000000 --- a/config/hosts/imxyy-nix-server/docker.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib, ... }: -{ - virtualisation.oci-containers.backend = lib.mkForce "podman"; - virtualisation.podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - }; -} diff --git a/config/hosts/imxyy-nix-server/gitea.nix b/config/hosts/imxyy-nix-server/gitea.nix deleted file mode 100644 index 501a675..0000000 --- a/config/hosts/imxyy-nix-server/gitea.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - services.caddy.virtualHosts."git.imxyy.top" = { - extraConfig = '' - reverse_proxy :8082 { - header_up X-Real-IP {remote_host} - } - ''; - }; - services.gitea = { - enable = true; - appName = "imxyy_soope_'s Gitea"; - user = "git"; - group = "git"; - mailerPasswordFile = "/var/lib/gitea/smtp_password"; - stateDir = "/mnt/nas/gitea"; - settings = { - globalSection = { - LANDING_PAGE = "explore"; - }; - server = { - DOMAIN = "git.imxyy.top"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 8082; - ROOT_URL = "https://git.imxyy.top/"; - SSH_PORT = 2222; - }; - service = { - REGISTER_MANUAL_CONFIRM = true; - }; - }; - }; - services.openssh.ports = [ - 22 - 2222 - ]; - users = { - users.git = { - isNormalUser = true; - description = "git user"; - group = "git"; - home = "/mnt/nas/gitea"; - }; - groups.git = { }; - }; -} diff --git a/config/hosts/imxyy-nix-server/grafana.nix b/config/hosts/imxyy-nix-server/grafana.nix deleted file mode 100644 index ad1ea54..0000000 --- a/config/hosts/imxyy-nix-server/grafana.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ pkgs, ... }: -{ - services.grafana = { - enable = true; - settings = { - server = { - http_addr = "0.0.0.0"; - http_port = 8090; - domain = "grafana.imxyy.top"; - }; - }; - }; - services.prometheus = { - enable = true; - package = pkgs.stable.prometheus; - port = 8091; - exporters = { - node = { - enable = true; - port = 8092; - enabledCollectors = [ - "systemd" - "zfs" - ]; - }; - }; - scrapeConfigs = [ - { - job_name = "node"; - static_configs = [ - { - targets = [ "127.0.0.1:8092" ]; - } - ]; - } - ]; - }; - services.caddy.virtualHosts."grafana.imxyy.top" = { - extraConfig = '' - reverse_proxy :8090 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/hardware.nix b/config/hosts/imxyy-nix-server/hardware.nix deleted file mode 100644 index 2472cce..0000000 --- a/config/hosts/imxyy-nix-server/hardware.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - btrfs = "/dev/disk/by-uuid/c7889c5c-c5b6-4e3c-9645-dfd49c2e84d0"; -in -{ - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; - services.scx.enable = true; - boot.extraModulePackages = [ ]; - boot.tmp.useTmpfs = true; - boot.supportedFilesystems = [ "zfs" ]; - boot.zfs = { - extraPools = [ "data" ]; - forceImportRoot = false; - package = pkgs.zfs_cachyos; - }; - services.zfs.autoScrub.enable = true; - services.btrfs.autoScrub.enable = true; - networking.hostId = "10ca95b4"; - - fileSystems."/" = { - device = btrfs; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=root" - ]; - }; - - fileSystems."/nix" = { - device = btrfs; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=nix" - ]; - }; - - my.persist.location = "/nix/persist"; - fileSystems."/nix/persist" = { - device = btrfs; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=persist" - ]; - neededForBoot = true; - }; - - boot.initrd.postDeviceCommands = lib.mkAfter '' - mkdir /btrfs_tmp - mount ${btrfs} /btrfs_tmp - mkdir -p /btrfs_tmp/old_roots - if [[ -e /btrfs_tmp/root ]]; then - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - ''; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/32AA-2998"; - fsType = "vfat"; - options = [ - "uid=0" - "gid=0" - "fmask=0077" - "dmask=0077" - ]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault false; - - hardware.enableRedistributableFirmware = lib.mkDefault true; - hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; - - nixpkgs.hostPlatform = lib.mkForce "x86_64-linux"; -} diff --git a/config/hosts/imxyy-nix-server/home.nix b/config/hosts/imxyy-nix-server/home.nix deleted file mode 100644 index a37a287..0000000 --- a/config/hosts/imxyy-nix-server/home.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: -{ - my = { - cli.all.enable = true; - coding.editor.neovim.enable = true; - coding.misc.enable = true; - coding.langs.lua.enable = true; - coding.langs.rust.enable = true; - persist = { - enable = true; - homeDirs = [ - "workspace" - "Virt" - - ".local/state" - ".cache" - - ".ollama" - ]; - }; - }; -} diff --git a/config/hosts/imxyy-nix-server/homepage.nix b/config/hosts/imxyy-nix-server/homepage.nix deleted file mode 100644 index 5c8cc64..0000000 --- a/config/hosts/imxyy-nix-server/homepage.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - virtualisation.oci-containers.containers.sun-panel = { - image = "hslr/sun-panel:latest"; - volumes = [ - "/var/lib/sun-panel:/app/conf" - ]; - ports = [ "8085:3002" ]; - }; - services.caddy.virtualHosts."home.imxyy.top" = { - extraConfig = '' - reverse_proxy :8085 - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/immich.nix b/config/hosts/imxyy-nix-server/immich.nix deleted file mode 100644 index 4440587..0000000 --- a/config/hosts/imxyy-nix-server/immich.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: -{ - users.users.immich = { - home = "/mnt/nas/immich"; - createHome = true; - }; - services.immich = { - enable = true; - host = "127.0.0.1"; - port = 8096; - mediaLocation = "/mnt/nas/immich"; - group = "nextcloud"; - }; - services.caddy.virtualHosts."immich.imxyy.top" = { - extraConfig = '' - reverse_proxy :8096 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/mail.nix b/config/hosts/imxyy-nix-server/mail.nix deleted file mode 100644 index 7c9e747..0000000 --- a/config/hosts/imxyy-nix-server/mail.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ pkgs, ... }: -{ - services.roundcube = { - enable = true; - hostName = "mail.imxyy.top"; - plugins = [ - "contextmenu" - "persistent_login" - ]; - package = pkgs.roundcube.withPlugins ( - plugins: with plugins; [ - contextmenu - persistent_login - ] - ); - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['imap_conn_options'] = [ - 'ssl' => [ - 'verify_peer_name' => false, - ], - ]; - $config['imap_host'] = "tls://mail10.serv00.com"; - $config['imap_user'] = "%u"; - $config['imap_pass'] = "%p"; - $config['smtp_conn_options'] = [ - 'ssl' => [ - 'verify_peer_name' => false, - ], - ]; - $config['smtp_host'] = "tls://mail10.serv00.com"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; - }; - services.nginx.virtualHosts."mail.imxyy.top" = { - listen = [ - { - addr = "0.0.0.0"; - port = 8087; - } - ]; - forceSSL = false; - enableACME = false; - }; - services.caddy.virtualHosts."mail.imxyy.top" = { - extraConfig = '' - reverse_proxy :8087 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/matrix.nix b/config/hosts/imxyy-nix-server/matrix.nix deleted file mode 100644 index 3a86d3d..0000000 --- a/config/hosts/imxyy-nix-server/matrix.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - services.matrix-synapse = { - enable = true; - settings = { - server_name = "matrix.imxyy.top"; - public_baseurl = "https://matrix.imxyy.top"; - listeners = [ - { - port = 8094; - bind_addresses = [ "127.0.0.1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ - "client" - "federation" - ]; - compress = true; - } - ]; - } - ]; - turn_uris = [ "turns:vkvm.imxyy.top:5349" ]; - turn_shared_secret = "ac779a48c03bb451839569d295a29aa6ab8c264277bec2df9c9c7f5e22936288"; - turn_user_lifetime = "1h"; - database_type = "psycopg2"; - database_args.database = "matrix-synapse"; - }; - extraConfigFiles = [ - "/var/lib/matrix-synapse/secret" - ]; - }; - services.caddy.virtualHosts."matrix.imxyy.top" = { - extraConfig = '' - reverse_proxy :8094 - handle_path /_matrix { - reverse_proxy :8094 - } - handle_path /_synapse/client { - reverse_proxy :8094 - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/minecraft.nix b/config/hosts/imxyy-nix-server/minecraft.nix deleted file mode 100644 index e743336..0000000 --- a/config/hosts/imxyy-nix-server/minecraft.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, pkgs, ... }: -{ - systemd.services."fabric1.20.6" = { - description = "fabric 1.20.6 minecraft server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - WorkingDirectory = "/opt/minecraft/fabric1.20.6"; - ExecStart = "${lib.getExe' pkgs.openjdk21 "java"} -Xms1G -Xmx5G -jar fabric-server-mc.1.20.6-loader.0.15.11-launcher.1.0.1.jar"; - Restart = "always"; - RestartSec = 120; - }; - }; - my.persist = { - nixosDirs = [ - "/opt/minecraft" - ]; - }; -} diff --git a/config/hosts/imxyy-nix-server/minio.nix b/config/hosts/imxyy-nix-server/minio.nix deleted file mode 100644 index e6ea606..0000000 --- a/config/hosts/imxyy-nix-server/minio.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, secrets, ... }: -{ - sops.secrets.minio-env = { - sopsFile = secrets.minio; - format = "dotenv"; - }; - services.minio = { - enable = true; - listenAddress = ":9000"; - consoleAddress = ":9001"; - region = "cn-south-gz"; - - configDir = "/mnt/nas/minio/config"; - dataDir = [ - "/mnt/nas/minio/data" - ]; - rootCredentialsFile = config.sops.secrets.minio-env.path; - }; - services.caddy.virtualHosts."minio.imxyy.top" = { - extraConfig = '' - handle_path /* { - reverse_proxy :9000 - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/net.nix b/config/hosts/imxyy-nix-server/net.nix deleted file mode 100644 index cf5300c..0000000 --- a/config/hosts/imxyy-nix-server/net.nix +++ /dev/null @@ -1,598 +0,0 @@ -{ - config, - lib, - pkgs, - username, - secrets, - ... -}: -{ - boot.kernelParams = [ - "biosdevname=0" - "net.ifnames=0" - ]; - networking = { - useDHCP = lib.mkForce false; - dhcpcd = { - wait = "background"; - IPv6rs = true; - extraConfig = '' - interface mac0 - noipv4 - ''; - }; - interfaces = { - eth0.wakeOnLan.enable = true; - eth1.wakeOnLan.enable = true; - mac0 = { - useDHCP = true; - ipv4.addresses = [ - { - address = "192.168.3.2"; - prefixLength = 24; - } - ]; - }; - }; - macvlans."mac0" = { - interface = "eth0"; - mode = "bridge"; - }; - defaultGateway = { - address = "192.168.3.1"; - interface = "mac0"; - }; - nameservers = [ - "192.168.3.2" - ]; - - firewall.enable = false; - nftables = { - enable = true; - flushRuleset = true; - ruleset = '' - table inet firewall { - set LANv4 { - type ipv4_addr - flags interval - - elements = { 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 } - } - set LANv6 { - type ipv6_addr - flags interval - - elements = { fd00::/8, fe80::/10 } - } - set tcp_ports { - type inet_service - flags interval - - elements = { - http, - https, - 2222, - 25565 - } - } - - chain prerouting { - type filter hook prerouting priority mangle; policy accept; - - ip daddr @LANv4 accept - ip6 daddr @LANv6 accept - } - - chain output { - type filter hook output priority 100; policy accept; - - ip daddr @LANv4 accept - ip6 daddr @LANv6 accept - } - - chain input { - type filter hook input priority 0; policy drop; - iif lo accept - ct state invalid drop - ct state established,related accept - - ip protocol { icmp, igmp } accept - - ip saddr @LANv4 accept - ip6 saddr @LANv6 accept - - tcp dport 2222 ct state new limit rate 15/minute counter accept - - tcp dport @tcp_ports counter accept - } - - chain forward { - type filter hook forward priority 0; policy accept; - } - - chain nat { - type nat hook postrouting priority 0; policy accept; - ip saddr 192.168.3.0/24 masquerade - } - } - ''; - }; - }; - - services.openssh = { - enable = true; - settings = { - # PermitRootLogin = "yes"; - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = true; - }; - }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" - ]; - users.users.${username}.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" - ]; - - sops.secrets.dae-imxyy-nix-server = { - sopsFile = secrets.dae-imxyy-nix-server; - format = "binary"; - }; - services.dae = { - enable = true; - configFile = config.sops.secrets.dae-imxyy-nix-server.path; - }; - systemd.services.dae.after = [ "sops-nix.service" ]; - sops.secrets.mihomo = { - sopsFile = secrets.mihomo; - format = "yaml"; - key = ""; - }; - systemd.services.mihomo.after = [ "sops-nix.service" ]; - services.mihomo = { - enable = true; - configFile = config.sops.secrets.mihomo.path; - webui = pkgs.metacubexd; - }; - - sops.secrets.frp-env = { - sopsFile = secrets.frp; - format = "dotenv"; - }; - systemd.services.frp.serviceConfig.EnvironmentFile = [ - config.sops.secrets.frp-env.path - ]; - services.frp = { - enable = true; - role = "client"; - settings = { - serverAddr = "hk.vkvm.imxyy.top"; - serverPort = 7000; - auth.token = "{{ .Envs.FRP_AUTH_TOKEN }}"; - proxies = [ - { - name = "nextcloud-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "nextcloud.imxyy.top" ]; - } - { - name = "nextcloud-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "nextcloud.imxyy.top" ]; - } - - { - name = "oidc-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "oidc.imxyy.top" ]; - } - { - name = "oidc-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "oidc.imxyy.top" ]; - } - { - name = "headscale-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "headscale.imxyy.top" ]; - } - { - name = "headscale-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "headscale.imxyy.top" ]; - } - - { - name = "mail-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "mail.imxyy.top" ]; - } - { - name = "mail-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "mail.imxyy.top" ]; - } - - { - name = "gitea-ssh"; - type = "tcp"; - localIP = "127.0.0.1"; - localPort = 2222; - remotePort = 2222; - } - { - name = "gitea-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "git.imxyy.top" ]; - } - { - name = "gitea-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "git.imxyy.top" ]; - } - - { - name = "vault-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "vault.imxyy.top" ]; - } - { - name = "vault-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "vault.imxyy.top" ]; - } - - { - name = "home-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "home.imxyy.top" ]; - } - { - name = "home-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "home.imxyy.top" ]; - } - - { - name = "coder-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "coder.imxyy.top" ]; - } - { - name = "coder-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "coder.imxyy.top" ]; - } - - { - name = "music-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "music.imxyy.top" ]; - } - { - name = "music-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "music.imxyy.top" ]; - } - - { - name = "ai-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "ai.imxyy.top" ]; - } - { - name = "ai-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "ai.imxyy.top" ]; - } - - { - name = "grafana-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "grafana.imxyy.top" ]; - } - { - name = "grafana-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "grafana.imxyy.top" ]; - } - - { - name = "note-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "note.imxyy.top" ]; - } - { - name = "note-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "note.imxyy.top" ]; - } - - { - name = "siyuan-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "sy.imxyy.top" ]; - } - { - name = "siyuan-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "sy.imxyy.top" ]; - } - - { - name = "matrix-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "matrix.imxyy.top" ]; - } - { - name = "matrix-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "matrix.imxyy.top" ]; - } - - { - name = "immich-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "immich.imxyy.top" ]; - } - { - name = "immich-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "immich.imxyy.top" ]; - } - - { - name = "memo-http"; - type = "http"; - localIP = "127.0.0.1"; - localPort = 80; - customDomains = [ "memo.imxyy.top" ]; - } - { - name = "memo-https"; - type = "https"; - localIP = "127.0.0.1"; - localPort = 443; - customDomains = [ "memo.imxyy.top" ]; - } - - { - name = "minecraft"; - type = "tcp"; - localIP = "127.0.0.1"; - localPort = 25565; - remotePort = 25565; - } - ]; - }; - }; - - services.tailscale = { - enable = true; - useRoutingFeatures = "both"; - extraSetFlags = [ "--accept-dns=false" ]; - }; - services.headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - logtail.enabled = false; - server_url = "https://headscale.imxyy.top"; - dns.magic_dns = false; - dns.override_local_dns = false; - ip_prefixes = "100.64.0.0/10"; - - oidc = { - only_start_if_oidc_is_available = true; - issuer = "https://oidc.imxyy.top"; - client_id = "https://headscale.imxyy.top"; - allowed_domains = [ - "imxyy.top" - "*.imxyy.top" - ]; - client_secret = ""; - expiry = 0; - extra_params.domain_hint = "imxyy.top"; - }; - }; - }; - systemd.services."headscale" = { - after = [ - "podman-obligator.service" - ]; - requires = [ - "podman-obligator.service" - ]; - }; - - sops.secrets.et-imxyy-nix-server = { - sopsFile = secrets.et-imxyy-nix-server; - format = "binary"; - }; - environment.systemPackages = [ pkgs.easytier ]; - systemd.services."easytier" = { - enable = true; - script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server.path}"; - serviceConfig = { - Restart = "always"; - RestartSec = 30; - User = "root"; - }; - wantedBy = [ "multi-user.target" ]; - after = [ - "network.target" - "sops-nix.service" - ]; - }; - - virtualisation.oci-containers.containers.obligator = { - image = "anderspitman/obligator:latest"; - volumes = [ - "/var/lib/obligator:/data" - "/var/lib/obligator:/api" - ]; - ports = [ "8081:1616" ]; - cmd = [ - "-storage-dir" - "/data" - "-api-socket-dir" - "/api" - "-root-uri" - "https://oidc.imxyy.top" - "-port" - "1616" - ]; - }; - services.caddy.virtualHosts."headscale.imxyy.top" = { - extraConfig = '' - reverse_proxy :8080 { - header_up X-Real-IP {remote_host} - } - ''; - }; - services.caddy.virtualHosts."oidc.imxyy.top" = { - extraConfig = '' - reverse_proxy :8081 { - header_up X-Real-IP {remote_host} - } - ''; - }; - - systemd.services.ddns-go = - let - ddns-go = pkgs.buildGoModule rec { - pname = "ddns-go"; - version = "6.6.7"; - src = pkgs.fetchFromGitHub { - owner = "jeessy2"; - repo = "ddns-go"; - rev = "v${version}"; - hash = "sha256-Ejoe6e9GFhHxQ9oIBDgDRQW9Xx1XZK+qSAXiRXLdn+c="; - }; - meta.mainProgram = "ddns-go"; - vendorHash = "sha256-XZii7gV3DmTunYyGYzt5xXhv/VpTPIoYKbW4LnmlAgs="; - doCheck = false; - }; - in - { - description = "Go Dynamic DNS"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${lib.getExe ddns-go} -l :9876 -f 10 -cacheTimes 180 -c /var/lib/ddns-go/config.yaml"; - Restart = "always"; - RestartSec = 120; - }; - path = [ - pkgs.bash - ]; - }; - - services.dnsmasq = - let - subDomains = [ - "home" - "nextcloud" - "mail" - "git" - "vault" - "coder" - "headscale" - "grafana" - "matrix" - "note" - "oidc" - "mc" - "music" - "ai" - "sy" - "minio" - "immich" - ]; - in - { - enable = true; - resolveLocalQueries = false; - settings = { - server = [ - "120.53.53.53" - "223.5.5.5" - ]; - address = map (sub: "/${sub}.imxyy.top/192.168.3.2") subDomains ++ [ - "/imxyy-nix-server/192.168.3.2" - "/imxyy-cloudwin/192.168.3.4" - "/printer.home/192.168.3.53" - ]; - cache-size = 0; - }; - }; -} diff --git a/config/hosts/imxyy-nix-server/nextcloud.nix b/config/hosts/imxyy-nix-server/nextcloud.nix deleted file mode 100644 index 42c6847..0000000 --- a/config/hosts/imxyy-nix-server/nextcloud.nix +++ /dev/null @@ -1,143 +0,0 @@ -{ - lib, - pkgs, - hostname, - ... -}: -let - nextcloud = "nextcloud.${imxyy}"; - imxyy = "imxyy.top"; -in -{ - environment.systemPackages = with pkgs; [ - exiftool - ffmpeg - rclone - ]; - - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; - extraApps = { - inherit (pkgs.nextcloud31.packages.apps) - bookmarks - previewgenerator - spreed - notes - registration - ; - }; - extraAppsEnable = true; - hostName = nextcloud; - home = "/mnt/nas/nextcloud"; - https = true; - nginx.recommendedHttpHeaders = true; - caching.redis = true; - configureRedis = true; - database.createLocally = true; - config = { - dbtype = "pgsql"; - adminpassFile = toString (pkgs.writeText "nextcloud-pass" "admin12345!"); - adminuser = "admin"; - }; - settings.trusted_domains = [ - hostname - "192.168.3.2" - "10.0.0.1" - ]; - phpExtraExtensions = - all: with all; [ - pdlib - ]; - maxUploadSize = "16G"; - phpOptions = { - "opcache.enable" = 1; - "opcache.enable_cli" = 1; - "opcache.interned_strings_buffer" = 8; - "opcache.max_accelerated_files" = 10000; - "opcache.memory_consumption" = 128; - "opcache.save_comments" = 1; - "opcache.revalidate_freq" = 1; - memory_limit = lib.mkForce "2G"; - }; - poolSettings = { - pm = "dynamic"; - "pm.max_children" = "12"; - "pm.min_spare_servers" = "6"; - "pm.max_spare_servers" = "12"; - }; - }; - services.nginx.virtualHosts."nextcloud.imxyy.top" = { - listen = [ - { - addr = "0.0.0.0"; - port = 8084; - } - ]; - }; - /* - services.caddy.virtualHosts.":80" = { - extraConfig = '' - redir https://{host}{uri} - ''; - }; - services.caddy.virtualHosts.":443" = { - extraConfig = - let - path = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/nextcloud.imxyy.top"; - in - '' - reverse_proxy :8084 - tls ${path}/nextcloud.imxyy.top.crt ${path}/nextcloud.imxyy.top.key - ''; - }; - */ - services.caddy.virtualHosts."nextcloud.imxyy.top" = { - extraConfig = '' - reverse_proxy :8084 { - header_up X-Real-IP {remote_host} - } - ''; - }; - - /* - systemd.timers."kopia" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - Unit = "kopia.service"; - }; - }; - */ - - systemd.services."kopia" = { - script = '' - ${pkgs.kopia}/bin/kopia snapshot create /mnt/nas/share - ${pkgs.kopia}/bin/kopia snapshot create /mnt/nas/nextcloud/data - ''; - serviceConfig = { - Type = "oneshot"; - User = "nextcloud"; - }; - }; - - systemd.timers."nextcloud-cronjobs" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - Unit = "nextcloud-cronjobs.service"; - }; - }; - - systemd.services."nextcloud-cronjobs" = { - script = '' - /run/current-system/sw/bin/nextcloud-occ preview:pre-generate - ''; - serviceConfig = { - Type = "oneshot"; - User = "nextcloud"; - }; - }; -} diff --git a/config/hosts/imxyy-nix-server/nginx.nix b/config/hosts/imxyy-nix-server/nginx.nix deleted file mode 100644 index e045e85..0000000 --- a/config/hosts/imxyy-nix-server/nginx.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - clientMaxBodySize = "0"; - }; - security.acme = { - acceptTerms = true; - defaults.email = "acme@imxyy.top"; - }; -} diff --git a/config/hosts/imxyy-nix-server/nixos.nix b/config/hosts/imxyy-nix-server/nixos.nix deleted file mode 100644 index ba14ba8..0000000 --- a/config/hosts/imxyy-nix-server/nixos.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - username, - secrets, - ... -}: -{ - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - grub.enable = false; - timeout = 0; - }; - - hardware.bluetooth.enable = true; - hardware.bluetooth.powerOnBoot = true; - - systemd.services.nix-daemon = { - environment.TMPDIR = "/var/cache/nix"; - serviceConfig.CacheDirectory = "nix"; - }; - environment.variables.NIX_REMOTE = "daemon"; - - sops.secrets.imxyy-nix-server-hashed-password = { - sopsFile = secrets.imxyy-nix-server-hashed-password; - format = "binary"; - neededForUsers = true; - }; - users.users.${username}.hashedPasswordFile = - lib.mkForce config.sops.secrets.imxyy-nix-server-hashed-password.path; - users.users.root.hashedPasswordFile = lib.mkForce config.sops.secrets.imxyy-nix-server-hashed-password.path; -} diff --git a/config/hosts/imxyy-nix-server/note.nix b/config/hosts/imxyy-nix-server/note.nix deleted file mode 100644 index 0aa3bfa..0000000 --- a/config/hosts/imxyy-nix-server/note.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ - config, - secrets, - ... -}: -{ - sops.secrets = { - flatnote-env = { - sopsFile = secrets.flatnote; - format = "dotenv"; - }; - siyuan-env = { - sopsFile = secrets.siyuan; - format = "dotenv"; - }; - }; - virtualisation.oci-containers.containers = { - flatnotes = { - image = "dullage/flatnotes:latest"; - volumes = [ - "/mnt/nas/flatnotes/data:/data" - ]; - environmentFiles = [ - "${config.sops.secrets.flatnote-env.path}" - ]; - ports = [ "8093:8080" ]; - }; - siyuan = { - image = "apkdv/siyuan-unlock:v3.1.30"; - volumes = [ - "/mnt/nas/siyuan/workspace:/workspace" - "/mnt/nas/siyuan:/home/siyuan" - ]; - cmd = [ - "--workspace=/workspace" - ]; - environment = { - PUID = "0"; - PGID = "0"; - }; - environmentFiles = [ - "${config.sops.secrets.siyuan-env.path}" - ]; - ports = [ "8095:6806" ]; - }; - memos = { - image = "neosmemo/memos:stable"; - volumes = [ - "/mnt/nas/memos:/var/opt/memos" - ]; - ports = [ "8097:5230" ]; - }; - }; - services.caddy.virtualHosts = { - "note.imxyy.top" = { - extraConfig = '' - reverse_proxy :8093 - ''; - }; - "sy.imxyy.top" = { - extraConfig = '' - reverse_proxy :8095 - ''; - }; - "memo.imxyy.top" = { - extraConfig = '' - reverse_proxy :8097 - ''; - }; - }; -} diff --git a/config/hosts/imxyy-nix-server/samba.nix b/config/hosts/imxyy-nix-server/samba.nix deleted file mode 100644 index b2b1903..0000000 --- a/config/hosts/imxyy-nix-server/samba.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - services.samba = { - enable = true; - nsswins = true; - settings = { - global = { - security = "user"; - "netbios name" = "NAS"; - }; - share = { - path = "/mnt/nas/share"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0664"; - "directory mask" = "0775"; - "force user" = "nextcloud"; - "force group" = "nextcloud"; - }; - }; - }; - services.samba-wsdd.enable = true; - # ensure dir exists - systemd.tmpfiles.rules = [ - "d /mnt/nas/share 0775 nextcloud nextcloud - -" - ]; - users = { - users.nas = { - isSystemUser = true; - description = "NAS user"; - group = "nextcloud"; - }; - }; -} diff --git a/config/hosts/imxyy-nix-server/vault.nix b/config/hosts/imxyy-nix-server/vault.nix deleted file mode 100644 index 4be7a58..0000000 --- a/config/hosts/imxyy-nix-server/vault.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, secrets, ... }: -{ - sops.secrets.vaultwarden-env = { - sopsFile = secrets.vaultwarden; - format = "dotenv"; - }; - services.postgresql.ensureUsers = [ - { - name = "vaultwarden"; - ensureDBOwnership = true; - } - ]; - services.postgresql.ensureDatabases = [ "vaultwarden" ]; - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - config = { - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8083; - DOMAIN = "https://vault.imxyy.top"; - }; - environmentFile = "${config.sops.secrets.vaultwarden-env.path}"; - }; - services.caddy.virtualHosts."vault.imxyy.top" = { - extraConfig = '' - reverse_proxy :8083 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-server/virt.nix b/config/hosts/imxyy-nix-server/virt.nix deleted file mode 100644 index f8bee80..0000000 --- a/config/hosts/imxyy-nix-server/virt.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, ... }: -let - # T400 - gpuIDs = [ - "8086:56a0" # A770 - "8086:4f90" - - "10de:1f82" # 1650 - "10de:10fa" - - "10de:1fb2" # T400 - ]; -in -{ - boot = { - initrd.kernelModules = [ - "vfio_pci" - "vfio" - "vfio_iommu_type1" - ]; - kernelParams = [ - "pcie_acs_override=downstream,multifunction" - "amd_iommu=on" - "vfio-pci.ids=${lib.concatStringsSep "," gpuIDs}" - ]; - extraModprobeConfig = '' - options kvm ignore_msrs=Y - options kvm report_ignored_msrs=N - ''; - }; - virtualisation.spiceUSBRedirection.enable = true; - my.virt.enable = true; -} diff --git a/config/hosts/imxyy-nix-server/yesplaymusic.nix b/config/hosts/imxyy-nix-server/yesplaymusic.nix deleted file mode 100644 index 1f9fa34..0000000 --- a/config/hosts/imxyy-nix-server/yesplaymusic.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - virtualisation.oci-containers.containers."YesPlayMusic" = { - image = "git.imxyy.top/imxyy1soope1/yesplaymusic:latest"; - environment = { - "NODE_TLS_REJECT_UNAUTHORIZED" = "0"; - }; - volumes = [ - "/etc/localtime:/etc/localtime:ro" - ]; - ports = [ - "8088:80/tcp" - ]; - log-driver = "journald"; - }; - - services.caddy.virtualHosts."music.imxyy.top" = { - extraConfig = '' - reverse_proxy :8088 { - header_up X-Real-IP {remote_host} - } - ''; - }; -} diff --git a/config/hosts/imxyy-nix-wsl/default.nix b/config/hosts/imxyy-nix-wsl/default.nix deleted file mode 100644 index 2818467..0000000 --- a/config/hosts/imxyy-nix-wsl/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./nixos.nix - ./home.nix - ]; -} diff --git a/config/hosts/imxyy-nix-wsl/home.nix b/config/hosts/imxyy-nix-wsl/home.nix deleted file mode 100644 index dbcee5b..0000000 --- a/config/hosts/imxyy-nix-wsl/home.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, username, ... }: -{ - my.home.programs.zsh.shellAliases = { - localproxy_on = "export http_proxy=http://192.168.128.1:7890 https_proxy=http://192.168.128.1:7890 all_proxy=socks://192.168.128.1:7890"; - }; - my = { - sops.sshKeyPath = "/home/${username}/.ssh/id_ed25519"; - coding.all.enable = true; - coding.editor.vscode.enable = lib.mkForce false; - cli.misc.enable = true; - xdg.enable = true; - cli.media.all.enable = true; - }; -} diff --git a/config/hosts/imxyy-nix-wsl/nixos.nix b/config/hosts/imxyy-nix-wsl/nixos.nix deleted file mode 100644 index 259c268..0000000 --- a/config/hosts/imxyy-nix-wsl/nixos.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - username, - inputs, - ... -}: -{ - imports = [ - inputs.nixos-wsl.nixosModules.wsl - ]; - wsl.enable = true; - wsl.defaultUser = username; - - services.openssh = { - enable = true; - settings = { - # Forbid root login through SSH. - PermitRootLogin = "no"; - PasswordAuthentication = true; - }; - }; - - # fix vscode remote - programs.nix-ld.enable = true; - - nixpkgs.hostPlatform = lib.mkForce "x86_64-linux"; -} diff --git a/config/hosts/imxyy-nix-x16/default.nix b/config/hosts/imxyy-nix-x16/default.nix deleted file mode 100644 index 46b9598..0000000 --- a/config/hosts/imxyy-nix-x16/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./nixos.nix - ./hardware.nix - ./home.nix - ./net.nix - ]; -} diff --git a/config/hosts/imxyy-nix-x16/hardware.nix b/config/hosts/imxyy-nix-x16/hardware.nix deleted file mode 100644 index d26ae2f..0000000 --- a/config/hosts/imxyy-nix-x16/hardware.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ - config, - lib, - pkgs, - username, - ... -}: -let - btrfs = "/dev/disk/by-uuid/69ab72d4-6ced-4f70-8b5e-aa2daa8c0b6b"; -in -{ - boot = { - initrd = { - kernelModules = [ "amdgpu" ]; - availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "uas" - "sd_mod" - ]; - verbose = false; - }; - - kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; - kernelModules = [ "kvm-amd" ]; - - tmp.useTmpfs = true; - kernel.sysctl = { - "fs.file-max" = 9223372036854775807; - }; - }; - services.scx.enable = true; - - fileSystems."/" = { - device = btrfs; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=root" - ]; - }; - - fileSystems."/nix" = { - device = btrfs; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=nix" - ]; - }; - - my.persist.location = "/nix/persist"; - fileSystems."/nix/persist" = { - device = btrfs; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=persist" - ]; - neededForBoot = true; - }; - - boot.initrd.postDeviceCommands = lib.mkAfter '' - mkdir /btrfs_tmp - mount ${btrfs} /btrfs_tmp - mkdir -p /btrfs_tmp/old_roots - if [[ -e /btrfs_tmp/root ]]; then - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - ''; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/96D3-93B0"; - fsType = "vfat"; - options = [ - "uid=0" - "gid=0" - "fmask=0077" - "dmask=0077" - ]; - }; - - networking.useDHCP = lib.mkDefault false; - - hardware.enableRedistributableFirmware = lib.mkDefault true; - hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; - - nixpkgs.hostPlatform = lib.mkForce "x86_64-linux"; -} diff --git a/config/hosts/imxyy-nix-x16/home.nix b/config/hosts/imxyy-nix-x16/home.nix deleted file mode 100644 index 2d34c9e..0000000 --- a/config/hosts/imxyy-nix-x16/home.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - lib, - pkgs, - username, - ... -}: -{ - my.home = { - home.packages = with pkgs; [ - localsend - - rclone - - wpsoffice-cn - wps-office-fonts - ttf-wps-fonts - evince - - anki - - ayugram-desktop - telegram-desktop - signal-desktop - discord - qq - wechat - - gnome-clocks - - wineWowPackages.waylandFull - - pavucontrol - pamixer - ]; - programs.zsh = { - sessionVariables = { - PATH = "/home/${username}/bin:$PATH"; - }; - }; - - programs.niri.settings = { - environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.25"; - outputs = { - eDP-1 = { - enable = true; - mode = { - width = 1920; - height = 1200; - refresh = 60.002; - }; - scale = 1.25; - }; - }; - }; - }; - - my = { - gpg.enable = true; - cli.all.enable = true; - coding.all.enable = true; - desktop.all.enable = true; - virt.moonlight.enable = true; - - desktop.browser.librewolf.enable = lib.mkForce false; - - i18n.fcitx5.enable = true; - - xdg = { - enable = true; - defaultApplications = - let - browser = [ "zen-beta.desktop" ]; - editor = [ "codium.desktop" ]; - imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ]; - in - { - "inode/directory" = [ "nemo.desktop" ]; - - "application/pdf" = [ "org.gnome.Evince.desktop" ]; - - "text/*" = editor; - "application/json" = editor; - "text/html" = editor; - "text/xml" = editor; - "application/xml" = editor; - "application/xhtml+xml" = editor; - "application/xhtml_xml" = editor; - "application/rdf+xml" = editor; - "application/rss+xml" = editor; - "application/x-extension-htm" = editor; - "application/x-extension-html" = editor; - "application/x-extension-shtml" = editor; - "application/x-extension-xht" = editor; - "application/x-extension-xhtml" = editor; - - "x-scheme-handler/about" = browser; - "x-scheme-handler/ftp" = browser; - "x-scheme-handler/http" = browser; - "x-scheme-handler/https" = browser; - "x-scheme-handler/unknown" = browser; - - "audio/*" = imageviewer; - "video/*" = imageviewer; - "image/*" = imageviewer; - "image/gif" = imageviewer; - "image/jpeg" = imageviewer; - "image/png" = imageviewer; - "image/webp" = imageviewer; - }; - }; - persist = { - enable = true; - homeDirs = [ - "Documents" - "Downloads" - "Videos" - "Music" - "Pictures" - - "bin" - "workspace" - - ".cache" - ".local/state" - ".local/share/Anki2" - ".local/share/shotwell" - ".local/share/cheat.sh" - ".local/share/Kingsoft" - - ".local/share/AyuGramDesktop" - ".local/share/TelegramDesktop" - ".config/Signal" - ".config/discord" - ".config/QQ" - ".xwechat" - - ".config/Kingsoft" - ".config/dconf" - ".config/gh" - ".config/pulse" - ".config/pip" - ".config/libreoffice" - ".config/sunshine" - ]; - }; - }; -} diff --git a/config/hosts/imxyy-nix-x16/net.nix b/config/hosts/imxyy-nix-x16/net.nix deleted file mode 100644 index 5bc6d17..0000000 --- a/config/hosts/imxyy-nix-x16/net.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ - config, - pkgs, - secrets, - ... -}: -{ - boot.kernelParams = [ - "biosdevname=0" - "net.ifnames=0" - ]; - networking = { - networkmanager.enable = true; - firewall.enable = false; - nftables = { - enable = true; - flushRuleset = true; - ruleset = '' - table inet firewall { - set LANv4 { - type ipv4_addr - flags interval - - elements = { 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 } - } - set LANv6 { - type ipv6_addr - flags interval - - elements = { fd00::/8, fe80::/10 } - } - - chain output { - type filter hook output priority 100; policy accept; - } - - chain input { - type filter hook input priority 0; policy drop; - iif lo accept - ct state invalid drop - ct state established,related accept - - ip saddr @LANv4 accept - ip6 saddr @LANv6 accept - } - - chain forward { - type filter hook forward priority 0; policy drop; - } - } - ''; - }; - }; - - sops.secrets.dae-imxyy-nix-x16 = { - sopsFile = secrets.dae-imxyy-nix-x16; - format = "binary"; - }; - services.dae = { - enable = true; - configFile = config.sops.secrets.dae-imxyy-nix-x16.path; - }; - systemd.services.dae.after = [ "sops-nix.service" ]; - sops.secrets.mihomo = { - sopsFile = secrets.mihomo; - format = "yaml"; - key = ""; - }; - systemd.services.mihomo.after = [ "sops-nix.service" ]; - services.mihomo = { - enable = true; - configFile = config.sops.secrets.mihomo.path; - webui = pkgs.metacubexd; - }; - - sops.secrets.et-imxyy-nix-x16 = { - sopsFile = secrets.et-imxyy-nix-x16; - format = "binary"; - }; - environment.systemPackages = with pkgs; [ - easytier - ]; - systemd.services."easytier" = { - enable = true; - script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-x16.path}"; - serviceConfig = { - Restart = "always"; - RestartSec = 30; - User = "root"; - }; - wantedBy = [ "multi-user.target" ]; - after = [ - "network.target" - "sops-nix.service" - ]; - }; -} diff --git a/config/hosts/imxyy-nix-x16/nixos.nix b/config/hosts/imxyy-nix-x16/nixos.nix deleted file mode 100644 index 8ebcea6..0000000 --- a/config/hosts/imxyy-nix-x16/nixos.nix +++ /dev/null @@ -1,159 +0,0 @@ -{ - pkgs, - config, - username, - secrets, - ... -}: -{ - security.pam.loginLimits = [ - { - domain = "*"; - type = "soft"; - item = "nofile"; - value = "524288"; - } - ]; - - boot.kernelParams = [ - "usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter) - ]; - - boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - grub.enable = false; - timeout = 0; - }; - - hardware.graphics.enable = true; - hardware.graphics.enable32Bit = true; - - systemd.services.nix-daemon = { - environment.TMPDIR = "/var/cache/nix"; - serviceConfig.CacheDirectory = "nix"; - }; - environment.variables.NIX_REMOTE = "daemon"; - - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = false; - alsa.support32Bit = false; - pulse.enable = false; - audio.enable = false; - }; - services.pulseaudio = { - enable = true; - support32Bit = true; - package = pkgs.pulseaudioFull; - extraConfig = '' - load-module module-switch-on-connect - unload-module module-suspend-on-idle - ''; - }; - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - Disable = "HeadSet"; - MultiProfile = "multiple"; - }; - }; - }; - users.extraUsers.${username}.extraGroups = [ "audio" ]; - - fonts = { - enableDefaultPackages = false; - fontDir.enable = true; - - packages = with pkgs; [ - noto-fonts - noto-fonts-cjk-sans - noto-fonts-emoji - - jetbrains-mono - - nerd-fonts.symbols-only - ]; - - fontconfig.defaultFonts = { - serif = [ - "Noto Serif CJK SC" - "Noto Serif" - "Symbols Nerd Font" - ]; - sansSerif = [ - "Noto Sans CJK SC" - "Noto Sans" - "Symbols Nerd Font" - ]; - monospace = [ - "JetBrains Mono" - "Noto Sans Mono CJK SC" - "Symbols Nerd Font Mono" - ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - - services.printing.enable = true; - - services.keyd = { - enable = true; - keyboards.default.settings = { - main = { - capslock = "overload(control, esc)"; - home = "end"; - }; - shift = { - home = "home"; - }; - control = { - delete = "print"; - }; - }; - }; - - services.gvfs.enable = true; - - services.openssh = { - enable = true; - settings = { - # Forbid root login through SSH. - PermitRootLogin = null; - PasswordAuthentication = true; - }; - }; - - environment.systemPackages = [ - pkgs.rclone - ]; - - sops.secrets.imxyy-nix-rclone = { - sopsFile = secrets.imxyy-nix-rclone; - format = "binary"; - }; - fileSystems = { - "/home/${username}/Nextcloud" = { - device = "Nextcloud:"; - fsType = "rclone"; - options = [ - "nodev" - "nofail" - "allow_other" - "args2env" - "config=${config.sops.secrets.imxyy-nix-rclone.path}" - "uid=1000" - "gid=100" - "rw" - "no-check-certificate" - "vfs-cache-mode=full" - ]; - }; - }; - - my.persist.nixosDirs = [ "/etc/NetworkManager/system-connections" ]; -} diff --git a/vars.nix b/vars.nix index 8f805ca..fc76e29 100644 --- a/vars.nix +++ b/vars.nix @@ -1,6 +1,6 @@ rec { - username = "imxyy"; - userfullname = "imxyy_soope_"; + username = "ccl"; + userfullname = "Allen Cai"; userdesc = userfullname; - useremail = "imxyy1soope1@gmail.com"; + useremail = "3420934991@qq.com"; }