commit 423441f22a3928b5af301efdfbcbeed1443348bc parent c84dca167320d6569dbe462aa8359bf002f5a889 Author: Toni Brown <me@tb148.net> Date: Sun, 26 Apr 2026 14:11:15 +0800 modularize config Diffstat:
42 files changed, 389 insertions(+), 632 deletions(-)
diff --git a/.sops.yaml b/.sops.yaml @@ -1,10 +0,0 @@ -keys: - - &admin_tb148 19FE8C3696B760FE647D7FF84E512749E5D2792E - - &server_nixosion age17ag74r0avel6vfxd55r5n3tmj6ugtxegvlshv49uzdcd2carcp4shwtce8 -creation_rules: - - path_regex: secrets.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *admin_tb148 - age: - - *server_nixosion diff --git a/configuration.nix b/configuration.nix @@ -1,244 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ - config, - pkgs, - inputs, - ... -}: { - imports = [ - ./hardware-configuration.nix - ./mihomo.nix - ]; - - fileSystems."/".options = [ - "compress=zstd" - ]; - fileSystems."/home".options = [ - "compress=zstd" - ]; - fileSystems."/nix".options = [ - "compress=zstd" - "noatime" - ]; - fileSystems."/swap".options = [ - "noatime" - ]; - swapDevices = [ - { - device = "/swap/swapfile"; - size = 48 * 1024; - } - ]; - - boot.loader.limine = { - enable = true; - efiSupport = true; - style = { - graphicalTerminal = { - background = "ffffffff"; - brightBackground = "585b70"; - foreground = "cdd6f4"; - brightForeground = "cdd6f4"; - palette = "1e1e2e;f38ba8;a6e3a1;f9e2af;89b4fa;f5c2e7;94e2d5;cdd6f4"; - brightPalette = "585b70;f38ba8;a6e3a1;f9e2af;89b4fa;f5c2e7;94e2d5;cdd6f4"; - }; - wallpapers = [pkgs.nixos-artwork.wallpapers.nineish-catppuccin-mocha-alt.kdeFilePath]; - }; - }; - catppuccin.limine.enable = false; - boot.loader.efi.canTouchEfiVariables = true; - boot.plymouth.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - - hardware.bluetooth.enable = true; - - hardware.graphics.enable = true; - services.xserver.videoDrivers = ["modesetting" "nvidia"]; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.open = true; - hardware.nvidia.powerManagement.enable = true; - hardware.nvidia.prime = { - offload.enable = true; - intelBusId = "PCI:0@0:2:0"; - nvidiaBusId = "PCI:1@0:0:0"; - }; - - powerManagement.enable = true; - - networking.hostName = "nixosion"; - networking.networkmanager.enable = true; - networking.nftables.enable = true; - networking.firewall.enable = false; - - services.openssh.enable = true; - - services.mihomo = { - enable = true; - tunMode = true; - webui = pkgs.metacubexd; - configFile = "${config.sops.templates."mihomo.yaml".path}"; - }; - systemd.services.mihomo.environment.SKIP_SYSTEM_IPV6_CHECK = "true"; - - time.timeZone = "Asia/Shanghai"; - services.timesyncd = { - enable = true; - servers = ["ntp.ntsc.ac.cn"]; - }; - - i18n.defaultLocale = "zh_CN.UTF-8"; - services.xserver.xkb.layout = "cn(altgr-pinyin)"; - - security.sudo.enable = false; - security.polkit.extraConfig = builtins.readFile ./polkit.js; - - catppuccin.enable = true; - catppuccin.flavor = "mocha"; - catppuccin.accent = "mauve"; - xdg.icons.fallbackCursorThemes = ["catppuccin-mocha-mauve-cursors"]; - - programs.nix-ld = { - enable = true; - libraries = [ - ## Put here any library that is required when running a package - ## ... - ## Uncomment if you want to use the libraries provided by default in the steam distribution - ## but this is quite far from being exhaustive - ## https://github.com/NixOS/nixpkgs/issues/354513 - (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib") - ]; - }; - - programs.steam.enable = true; - - programs.zsh.enable = true; - - services.btrbk.instances.btrbk = { - settings = { - ssh_identity = "/etc/btrbk/id_ed25519"; - ssh_user = "btrbk"; - backend = "btrfs-progs-sudo"; - backend_remote = "btrfs-progs-sudo"; - stream_compress = "zstd"; - - subvolume."[2a01:4f8:1c19:8cba::1]:/var/lib" = { - snapshot_name = "hetznerion"; - - snapshot_dir = "/var/lib/btrbk/snapshots"; - snapshot_preserve_min = "latest"; - - target = "/var/lib/btrbk/backups"; - target_preserve_min = "latest"; - target_preserve = "7d *w"; - }; - }; - }; - systemd.tmpfiles.rules = [ - "d /var/lib/btrbk/backups 0750 btrbk btrbk" - ]; - - services.boinc.enable = true; - services.boinc.extraEnvPackages = [pkgs.gmp pkgs.ocl-icd config.hardware.nvidia.package]; - - services.desktopManager.plasma6.enable = true; - services.displayManager.sddm = { - enable = true; - wayland.enable = true; - }; - - services.pipewire = { - enable = true; - pulse.enable = true; - }; - - services.printing.enable = true; - - services.searx = { - enable = true; - environmentFile = "${config.users.users.tb148.home}/.searxng.env"; - }; - - services.syncthing.enable = true; - - virtualisation.docker.enable = true; - virtualisation.docker.storageDriver = "btrfs"; - services.k3s.enable = true; - - virtualisation.waydroid.enable = true; - - services.userborn.enable = true; - users.users.tb148 = { - isNormalUser = true; - home = "/home/tb148"; - shell = pkgs.zsh; - description = "Toni Brown"; - extraGroups = ["wheel" "boinc" "docker"]; - }; - - sops.defaultSopsFile = ./secrets.yaml; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - sops.secrets.doggygo = {}; - - environment.systemPackages = with pkgs; [ - git - helix - inputs.run0-sudo-shim.packages.x86_64-linux.default - wget - ]; - - fonts.packages = with pkgs; [ - inter - iosevka - nerd-fonts.iosevka - sarasa-gothic - ]; - - catppuccin.cursors.enable = true; - catppuccin.sddm = { - font = "等距更纱黑体 SC"; - fontSize = "12"; - }; - - nixpkgs.config.allowUnfree = true; - nix.settings = { - auto-optimise-store = true; - experimental-features = [ - "nix-command" - "flakes" - ]; - substituters = [ - "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store?priority=30" - "https://cache.nixos-cuda.org" - ]; - trusted-public-keys = [ - "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" - ]; - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? -} diff --git a/flake.lock b/flake.lock @@ -257,8 +257,7 @@ "lix-module": "lix-module", "nixpkgs": "nixpkgs", "nur": "nur", - "run0-sudo-shim": "run0-sudo-shim", - "sops-nix": "sops-nix" + "run0-sudo-shim": "run0-sudo-shim" } }, "run0-sudo-shim": { @@ -283,26 +282,6 @@ "type": "github" } }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776771786, - "narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix @@ -32,10 +32,6 @@ url = "github:lordgrimmauld/run0-sudo-shim"; inputs.nixpkgs.follows = "nixpkgs"; }; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { @@ -48,7 +44,6 @@ catppuccin, home-manager, run0-sudo-shim, - sops-nix, ... } @ inputs: { nixosConfigurations.nixosion = @@ -56,13 +51,12 @@ system = "x86_64-linux"; specialArgs = {inherit inputs;}; modules = [ - ./configuration.nix + ./local/. nur.modules.nixos.default lix-module.nixosModules.default catppuccin.nixosModules.catppuccin home-manager.nixosModules.home-manager run0-sudo-shim.nixosModules.default - sops-nix.nixosModules.sops { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/home/catppuccin/default.nix b/home/catppuccin/default.nix @@ -1,11 +1,25 @@ -{...}: { +{ + config, + pkgs, + ... +}: { catppuccin = { enable = true; flavor = "mocha"; accent = "mauve"; }; catppuccin.cursors.enable = true; - catppuccin.fcitx5.enableRounded = true; + home.packages = with pkgs; [ + (catppuccin-kde.override { + flavour = [config.catppuccin.flavor]; + accents = [config.catppuccin.accent]; + winDecStyles = ["classic"]; + }) + (catppuccin-papirus-folders.override { + flavor = config.catppuccin.flavor; + accent = config.catppuccin.accent; + }) + ]; qt = { enable = true; style.name = "kvantum"; diff --git a/home/default.nix b/home/default.nix @@ -1,17 +1,58 @@ -{...}: { +{ + config, + pkgs, + ... +}: { imports = [ ./alacritty/. ./catppuccin/. ./directory/. + ./fcitx5/. ./firefox/. ./gpg/. - ./ime/. ./jujutsu/. ./nushell/. + ./protonmail-bridge/. + ./thunderbird/. ./zed-editor/. - ./programs.nix ]; + home.packages = with pkgs; [ + ffmpeg + fontforge-gtk + inkscape + jetbrains.idea + krita + libreoffice-qt-fresh + (python314.withPackages (python-pkgs: + with python-pkgs; [ + ipython + virtualenv + ])) + onlyoffice-desktopeditors + osu-lazer-bin + ponysay + qalculate-qt + sequoia-sq + ungoogled-chromium + unrar + vlc + ]; + + programs.bat.enable = true; + programs.carapace.enable = true; + programs.direnv.enable = true; + programs.fastfetch.enable = true; + programs.fd.enable = true; + programs.helix.enable = true; + programs.hyfetch.enable = true; + programs.nix-index.enable = true; + programs.opencode.enable = true; + programs.pay-respects.enable = true; + programs.starship.enable = true; + programs.uv.enable = true; + programs.zoxide.enable = true; + # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards diff --git a/home/directory/default.nix b/home/directory/default.nix @@ -12,7 +12,7 @@ download = "${config.home.homeDirectory}/download"; music = "${config.home.homeDirectory}/music"; pictures = "${config.home.homeDirectory}/picture"; - projects = "${config.home.homeDirectory}/projects"; + projects = "${config.home.homeDirectory}/project"; publicShare = "${config.home.homeDirectory}/public"; templates = "${config.home.homeDirectory}/template"; videos = "${config.home.homeDirectory}/video"; diff --git a/home/fcitx5/default.nix b/home/fcitx5/default.nix @@ -0,0 +1,20 @@ +{pkgs, ...}: { + i18n.inputMethod = { + enable = true; + type = "fcitx5"; + fcitx5 = { + fcitx5-with-addons = pkgs.kdePackages.fcitx5-with-addons; + addons = with pkgs; [ + (fcitx5-rime.override { + rimeDataPkgs = [ + pkgs.rime-ice + ]; + }) + ]; + settings.addons.classicui.globalSection.Font = "等距更纱黑体 SC 10"; + waylandFrontend = true; + }; + }; + xdg.dataFile."fcitx5/rime/default.custom.yaml".source = ./rime.yaml; + catppuccin.fcitx5.enableRounded = true; +} diff --git a/home/ime/rime.yaml b/home/fcitx5/rime.yaml diff --git a/home/ime/default.nix b/home/ime/default.nix @@ -1,19 +0,0 @@ -{pkgs, ...}: { - i18n.inputMethod = { - enable = true; - type = "fcitx5"; - fcitx5 = { - fcitx5-with-addons = pkgs.kdePackages.fcitx5-with-addons; - addons = with pkgs; [ - (fcitx5-rime.override { - rimeDataPkgs = [ - pkgs.rime-ice - ]; - }) - ]; - settings.addons.classicui.globalSection.Font = "等距更纱黑体 SC 10"; - waylandFrontend = true; - }; - }; - xdg.dataFile."fcitx5/rime/default.custom.yaml".source = ./rime.yaml; -} diff --git a/home/programs.nix b/home/programs.nix @@ -1,50 +0,0 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - (catppuccin-kde.override { - flavour = ["mocha"]; - accents = ["mauve"]; - winDecStyles = ["classic"]; - }) - (catppuccin-papirus-folders.override { - flavor = "mocha"; - accent = "mauve"; - }) - ffmpeg - fontforge-gtk - inkscape - jetbrains.idea - krita - libreoffice-qt-fresh - (python314.withPackages (python-pkgs: - with python-pkgs; [ - ipython - virtualenv - ])) - onlyoffice-desktopeditors - osu-lazer-bin - ponysay - qalculate-qt - sequoia-sq - ungoogled-chromium - unrar - vlc - ]; - - programs.bat.enable = true; - programs.carapace.enable = true; - programs.direnv.enable = true; - programs.fastfetch.enable = true; - programs.fd.enable = true; - programs.helix.enable = true; - programs.hyfetch.enable = true; - programs.nix-index.enable = true; - programs.opencode.enable = true; - programs.pay-respects.enable = true; - programs.starship.enable = true; - programs.thunderbird.enable = true; - programs.thunderbird.profiles.default.isDefault = true; - programs.uv.enable = true; - programs.zoxide.enable = true; - services.protonmail-bridge.enable = true; - services.protonmail-bridge.extraPackages = [pkgs.kdePackages.kwallet]; -} diff --git a/home/protonmail-bridge/default.nix b/home/protonmail-bridge/default.nix @@ -0,0 +1,4 @@ +{pkgs, ...}: { + services.protonmail-bridge.enable = true; + services.protonmail-bridge.extraPackages = [pkgs.kdePackages.kwallet]; +} diff --git a/home/thunderbird/default.nix b/home/thunderbird/default.nix @@ -0,0 +1,4 @@ +{...}: { + programs.thunderbird.enable = true; + programs.thunderbird.profiles.default.isDefault = true; +} diff --git a/home/zed-editor/default.nix b/home/zed-editor/default.nix @@ -21,7 +21,7 @@ edit_predictions.provider = "none"; languages.Nix.language_servers = [ "nil" - "nixd" + "!nixd" ]; lsp.nil.initialization_options = { formatting.command = [ diff --git a/local/boot/default.nix b/local/boot/default.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + imports = [ + ./limine/. + ]; + + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; +} diff --git a/local/boot/limine/default.nix b/local/boot/limine/default.nix @@ -0,0 +1,22 @@ +{ + config, + pkgs, + ... +}: { + boot.loader.limine = { + enable = true; + efiSupport = true; + style = { + graphicalTerminal = { + background = "ffffffff"; + brightBackground = "585b70"; + foreground = "cdd6f4"; + brightForeground = "cdd6f4"; + palette = "1e1e2e;f38ba8;a6e3a1;f9e2af;89b4fa;f5c2e7;94e2d5;cdd6f4"; + brightPalette = "585b70;f38ba8;a6e3a1;f9e2af;89b4fa;f5c2e7;94e2d5;cdd6f4"; + }; + wallpapers = [pkgs.nixos-artwork.wallpapers."nineish-catppuccin-${config.catppuccin.flavor}-alt".kdeFilePath]; + }; + }; + catppuccin.limine.enable = false; +} diff --git a/local/catppuccin/default.nix b/local/catppuccin/default.nix @@ -0,0 +1,13 @@ +{config, ...}: { + catppuccin.enable = true; + catppuccin.flavor = "mocha"; + catppuccin.accent = "mauve"; + + catppuccin.cursors.enable = true; + xdg.icons.fallbackCursorThemes = ["catppuccin-${config.catppuccin.flavor}-${config.catppuccin.accent}-cursors"]; + + catppuccin.sddm = { + font = "等距更纱黑体 SC"; + fontSize = "12"; + }; +} diff --git a/local/default.nix b/local/default.nix @@ -0,0 +1,50 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ + config, + pkgs, + inputs, + ... +}: { + imports = [ + ./boot/. + ./catppuccin/. + ./desktop/. + ./filesystem/. + ./font/. + ./hardware/. + ./localization/. + ./networking/. + ./nix/. + ./program/. + ./security/. + ./service/. + ./user/. + ./hardware-configuration.nix + ]; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/local/desktop/default.nix b/local/desktop/default.nix @@ -0,0 +1,7 @@ +{...}: { + services.desktopManager.plasma6.enable = true; + services.displayManager.sddm = { + enable = true; + wayland.enable = true; + }; +} diff --git a/local/filesystem/default.nix b/local/filesystem/default.nix @@ -0,0 +1,21 @@ +{...}: { + fileSystems."/".options = [ + "compress=zstd" + ]; + fileSystems."/home".options = [ + "compress=zstd" + ]; + fileSystems."/nix".options = [ + "compress=zstd" + "noatime" + ]; + fileSystems."/swap".options = [ + "noatime" + ]; + swapDevices = [ + { + device = "/swap/swapfile"; + size = 48 * 1024; + } + ]; +} diff --git a/local/font/default.nix b/local/font/default.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + fonts.packages = with pkgs; [ + inter + iosevka + nerd-fonts.iosevka + sarasa-gothic + ]; +} diff --git a/hardware-configuration.nix b/local/hardware-configuration.nix diff --git a/local/hardware/default.nix b/local/hardware/default.nix @@ -0,0 +1,7 @@ +{...}: { + imports = [ + ./nvidia/. + ]; + + hardware.bluetooth.enable = true; +} diff --git a/local/hardware/nvidia/default.nix b/local/hardware/nvidia/default.nix @@ -0,0 +1,13 @@ +{config, ...}: { + hardware.graphics.enable = true; + services.xserver.videoDrivers = ["modesetting" "nvidia"]; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta; + hardware.nvidia.modesetting.enable = true; + hardware.nvidia.open = true; + hardware.nvidia.powerManagement.enable = true; + hardware.nvidia.prime = { + offload.enable = true; + intelBusId = "PCI:0@0:2:0"; + nvidiaBusId = "PCI:1@0:0:0"; + }; +} diff --git a/local/localization/default.nix b/local/localization/default.nix @@ -0,0 +1,4 @@ +{...}: { + i18n.defaultLocale = "zh_CN.UTF-8"; + services.xserver.xkb.layout = "cn(altgr-pinyin)"; +} diff --git a/local/networking/default.nix b/local/networking/default.nix @@ -0,0 +1,10 @@ +{...}: { + imports = [ + ./mihomo/. + ]; + + networking.hostName = "nixosion"; + networking.networkmanager.enable = true; + networking.nftables.enable = true; + networking.firewall.enable = false; +} diff --git a/local/networking/mihomo/default.nix b/local/networking/mihomo/default.nix @@ -0,0 +1,13 @@ +{ + config, + pkgs, + ... +}: { + services.mihomo = { + enable = true; + tunMode = true; + webui = pkgs.metacubexd; + configFile = "${config.users.users.tb148.home}/mihomo.yaml"; + }; + systemd.services.mihomo.environment.SKIP_SYSTEM_IPV6_CHECK = "true"; +} diff --git a/local/nix/default.nix b/local/nix/default.nix @@ -0,0 +1,17 @@ +{...}: { + nixpkgs.config.allowUnfree = true; + nix.settings = { + auto-optimise-store = true; + experimental-features = [ + "nix-command" + "flakes" + ]; + substituters = [ + "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store?priority=30" + "https://cache.nixos-cuda.org" + ]; + trusted-public-keys = [ + "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" + ]; + }; +} diff --git a/local/program/default.nix b/local/program/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [./nix-ld/.]; + + programs.git.enable = true; + programs.steam.enable = true; +} diff --git a/local/program/nix-ld/default.nix b/local/program/nix-ld/default.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + programs.nix-ld = { + enable = true; + libraries = [ + (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib") + ]; + }; +} diff --git a/local/security/default.nix b/local/security/default.nix @@ -0,0 +1,5 @@ +{inputs, ...}: { + environment.systemPackages = [inputs.run0-sudo-shim.packages.x86_64-linux.default]; + security.sudo.enable = false; + security.polkit.extraConfig = builtins.readFile ./polkit.js; +} diff --git a/polkit.js b/local/security/polkit.js diff --git a/local/service/boinc/default.nix b/local/service/boinc/default.nix @@ -0,0 +1,12 @@ +{ + config, + pkgs, + ... +}: { + services.boinc.enable = true; + services.boinc.extraEnvPackages = [ + pkgs.gmp + pkgs.ocl-icd + config.hardware.nvidia.package + ]; +} diff --git a/local/service/btrbk/default.nix b/local/service/btrbk/default.nix @@ -0,0 +1,25 @@ +{...}: { + services.btrbk.instances.btrbk = { + settings = { + ssh_identity = "/etc/btrbk/id_ed25519"; + ssh_user = "btrbk"; + backend = "btrfs-progs-sudo"; + backend_remote = "btrfs-progs-sudo"; + stream_compress = "zstd"; + + subvolume."[2a01:4f8:1c19:8cba::1]:/var/lib" = { + snapshot_name = "hetznerion"; + + snapshot_dir = "/var/lib/btrbk/snapshots"; + snapshot_preserve_min = "latest"; + + target = "/var/lib/btrbk/backups"; + target_preserve_min = "latest"; + target_preserve = "7d *w"; + }; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/lib/btrbk/backups 0750 btrbk btrbk" + ]; +} diff --git a/local/service/default.nix b/local/service/default.nix @@ -0,0 +1,13 @@ +{...}: { + imports = [ + ./boinc/. + ./btrbk/. + ./docker/. + ./pipewire/. + ./searx/. + ./timesyncd/. + ]; + + services.printing.enable = true; + virtualisation.waydroid.enable = true; +} diff --git a/local/service/docker/default.nix b/local/service/docker/default.nix @@ -0,0 +1,5 @@ +{...}: { + virtualisation.docker.enable = true; + virtualisation.docker.storageDriver = "btrfs"; + services.k3s.enable = true; +} diff --git a/local/service/pipewire/default.nix b/local/service/pipewire/default.nix @@ -0,0 +1,6 @@ +{...}: { + services.pipewire = { + enable = true; + pulse.enable = true; + }; +} diff --git a/local/service/searx/default.nix b/local/service/searx/default.nix @@ -0,0 +1,6 @@ +{config, ...}: { + services.searx = { + enable = true; + environmentFile = "${config.users.users.tb148.home}/.searxng.env"; + }; +} diff --git a/local/service/timesyncd/default.nix b/local/service/timesyncd/default.nix @@ -0,0 +1,7 @@ +{...}: { + time.timeZone = "Asia/Shanghai"; + services.timesyncd = { + enable = true; + servers = ["ntp.ntsc.ac.cn"]; + }; +} diff --git a/local/user/default.nix b/local/user/default.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + services.userborn.enable = true; + users.users.tb148 = { + isNormalUser = true; + home = "/home/tb148"; + shell = pkgs.zsh; + description = "Toni Brown"; + extraGroups = ["wheel" "boinc" "docker"]; + }; + programs.zsh.enable = true; +} diff --git a/mihomo.nix b/mihomo.nix @@ -1,245 +0,0 @@ -{config, ...}: { - sops.templates."mihomo.yaml".content = - builtins.toJSON { - allow-lan = false; - dns = { - default-nameserver = [ - "tls://223.5.5.5" - "tls://223.6.6.6" - ]; - enable = true; - enhanced-mode = "fake-ip"; - fake-ip-filter = [ - "*" - "+.lan" - "+.local" - ]; - ipv6 = true; - nameserver = [ - "https://doh.pub/dns-query" - "https://dns.alidns.com/dns-query" - ]; - }; - external-controller = "127.0.0.1:32805"; - external-controller-cors = { - allow-origins = ["*"]; - allow-private-network = true; - }; - find-process-mode = "strict"; - geodata-mode = true; - geox-url = { - geoip = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"; - geosite = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"; - }; - global-client-fingerprint = "random"; - ipv6 = true; - log-level = "info"; - mixed-port = 7776; - profile = { - store-fake-ip = true; - store-selected = true; - }; - proxies = [ - { - name = "直连"; - type = "direct"; - udp = true; - } - { - name = "拒绝"; - type = "reject"; - udp = true; - } - ]; - proxy-groups = [ - { - name = "代理"; - proxies = [ - "直连" - "拒绝" - "手动选择" - "自动选择" - "故障转移" - "负载均衡" - ]; - type = "select"; - } - { - name = "国外"; - proxies = [ - "默认" - "代理" - "手动选择" - "自动选择" - "故障转移" - "负载均衡" - ]; - type = "select"; - } - { - name = "默认"; - proxies = [ - "直连" - "代理" - "手动选择" - "自动选择" - "故障转移" - "负载均衡" - ]; - type = "select"; - } - { - name = "国内"; - proxies = [ - "直连" - "默认" - "手动选择" - "自动选择" - "故障转移" - "负载均衡" - ]; - type = "select"; - } - { - name = "手动选择"; - type = "select"; - use = ["doggygo"]; - } - { - interval = 300; - name = "自动选择"; - type = "url-test"; - url = "https://www.google.com"; - use = ["doggygo"]; - } - { - interval = 300; - name = "故障转移"; - type = "fallback"; - url = "https://www.google.com"; - use = ["doggygo"]; - } - { - interval = 300; - name = "负载均衡"; - type = "load-balance"; - url = "https://www.google.com"; - use = ["doggygo"]; - } - { - hidden = true; - name = "GLOBAL"; - proxies = [ - "代理" - "国外" - "默认" - "国内" - "手动选择" - "自动选择" - "故障转移" - "负载均衡" - ]; - type = "select"; - } - ]; - proxy-providers = { - doggygo = { - interval = 86400; - type = "http"; - url = "${config.sops.placeholder.doggygo}"; - }; - }; - rule-providers = { - cn_domain = { - behavior = "domain"; - format = "mrs"; - interval = 86400; - type = "http"; - url = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@meta/geo/geosite/cn.mrs"; - }; - cn_ip = { - behavior = "ipcidr"; - format = "mrs"; - interval = 86400; - type = "http"; - url = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@meta/geo/geoip/cn.mrs"; - }; - "geolocation-!cn" = { - behavior = "domain"; - format = "mrs"; - interval = 86400; - type = "http"; - url = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@meta/geo/geosite/geolocation-!cn.mrs"; - }; - gfw = { - behavior = "domain"; - format = "mrs"; - interval = 86400; - type = "http"; - url = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@meta/geo/geosite/gfw.mrs"; - }; - private_domain = { - behavior = "domain"; - format = "mrs"; - interval = 86400; - type = "http"; - url = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@meta/geo/geosite/private.mrs"; - }; - private_ip = { - behavior = "ipcidr"; - format = "mrs"; - interval = 86400; - type = "http"; - url = "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@meta/geo/geoip/private.mrs"; - }; - }; - rules = [ - "RULE-SET,private_domain,直连,no-resolve" - "RULE-SET,private_ip,直连,no-resolve" - # "DST-PORT,22,直连" - "RULE-SET,cn_domain,国内" - "RULE-SET,cn_ip,国内" - "RULE-SET,gfw,代理" - "RULE-SET,geolocation-!cn,国外" - "MATCH,默认" - ]; - secret = "Cosmic-Top-Secret"; - sniffer = { - enable = true; - sniff = { - HTTP = { - override-destination = true; - ports = [ - 80 - "8080-8880" - ]; - }; - QUIC = { - ports = [ - 443 - 8443 - ]; - }; - TLS = { - ports = [ - 443 - 8443 - ]; - }; - }; - }; - tcp-concurrent = true; - tun = { - auto-detect-interface = true; - auto-redirect = true; - auto-route = true; - dns-hijack = [ - "any:53" - "tcp://any:53" - ]; - enable = true; - stack = "mixed"; - }; - unified-delay = true; - }; -} diff --git a/secrets.yaml b/secrets.yaml @@ -1,28 +0,0 @@ -doggygo: ENC[AES256_GCM,data:+Aqq7vlT4dbVCYBImZ/kU/JaW7QfqukCak6BM4EBcvpcUbLqnwfq0kvPCCxgU6s2PAQzch3OBlgua+CVjrUMzxmaoWKh4zgBBmBNm/d1CODEtFNh,iv:HiZQFp2mQquozNzm3YxnXKQXtmclbAR44GbUG4ut0Yo=,tag:6IMMRTRL9X99ol2bxluwRQ==,type:str] -sops: - age: - - recipient: age17ag74r0avel6vfxd55r5n3tmj6ugtxegvlshv49uzdcd2carcp4shwtce8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4QXJYWTIxekxvTmVRdWdS - b3lRTzBFbUZ4TGJyT29RdzdheTZrWlRPSkhVCk1HSVJ4VjZDL1YvaDRPeERWZFdl - TU1QSldVQUtjQXR0OGt3WEd1bmxOZnMKLS0tIEYrclY1TU9GaHlKcmVNOHk5RU1J - Y0FXNjI1YkRBc3IyWTc5enZ3c25lZW8Kx7k8+VpKHXtQqAXJU1Sz7QKOm0csecMg - S4QclisKM4XU1zAkFDFLJVvJ3a8qg0rXb2Q5W19CZW+X27YXKhXU0g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-28T21:02:45Z" - mac: ENC[AES256_GCM,data:Xi2R2gAGlidGGe7KD6mXTVYpHaFOwTg53SVAbv7Ntx1Emu9I46YdG7tn2zSqpnu7Cr1y6/GVZOsVaANTK5JH66KBqAoMCp6WInTeJIz92LYpEWMDLQEPbuvyw64NV2tnv9frTDyfLagbiIRu9SqMtOciMC+F3DN8EdvyZlaTlw8=,iv:ag1XM3KOZhClHbkLpDFg1QFxT7gky8TnSrV2Q6oN/2E=,tag:+RBrF5hhzO3d48bbrHBsgA==,type:str] - pgp: - - created_at: "2026-01-28T20:51:25Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wV4DoAJ7X5x4kXQSAQdA35MhWxd/S6FjdG1RNkOWPBqKdRhj17M7TK/sp+rsA3Mw - GkhSHk19hi+9lylnXoJmuRBPeQ4H1nFB+eLNJYQ5w1Mu6SEETgiJharj2LwlBNBy - 0lEBmE+jKRHj8+GP6qUd2xdElwhJ7sDP+z9jww5VEpwqFByp0zCVWJCKyjbrtkCl - s1DYuj+LTAUCCpJ57LAzsZ7Imzec8zPEIHZv9mMieagRJog= - =aRrp - -----END PGP MESSAGE----- - fp: 19FE8C3696B760FE647D7FF84E512749E5D2792E - unencrypted_suffix: _unencrypted - version: 3.11.0