youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

build a brandnew architecture for configurations.

Browse source
This commit is contained in:
Ulic-youthlic 2025-01-08 14:53:44 +08:00
parent 08aacf8c0d
commit 6dbbce42cf
43 changed files with 425 additions and 643 deletions
Download patch file Download diff file Expand all files Collapse all files

89
nixos/configurations/Tytonidae/dae/config.dae Normal file
View file

@ -0,0 +1,89 @@
include {
proxy.d/*.dae
}
global {
lan_interface: auto
wan_interface: auto
log_level: trace
allow_insecure: false
auto_config_kernel_parameter: true
dial_mode: domain
tcp_check_url: 'http://cp.cloudflare.com'
udp_check_dns: 'dns.google.com:53'
check_interval: 600s
check_tolerance: 50ms
tproxy_port: 12345
}
dns {
ipversion_prefer: 4
upstream {
googledns: 'tcp+udp://8.8.8.8:53'
alidns: 'udp://dns.alidns.com:53'
}
routing {
request {
qname(geosite: category-ads) -> reject
qname(geosite: category-ads-all) -> reject
qname(geosite: cn) -> alidns
fallback: googledns
}
response {
upstream(googledns) && ip(geoip: private) -> alidns
fallback: accept
}
}
}
group {
proxy {
filter: subtag(wget)
policy: min_moving_avg
}
us {
filter: subtag(wget) && name(keyword: "美国")
policy: min_moving_avg
}
hk {
filter: subtag(wget) && name(keyword: "香港")
policy: min_moving_avg
}
}
# 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md
routing {
pname(hickory-dns) && dport(53) -> must_direct
pname(mihomo) -> must_direct
pname(systemd-resolved) -> must_direct
domain(full: time.windows.com) -> must_direct
domain(regex: ".*wgetcloud.*v2ray.*") -> must_direct
domain(suffix: "hit.edu.cn") -> must_direct
domain(geosite: microsoft) -> proxy
# domain(geosite: onedrive) -> must_direct
domain(geosite: "category-ai-chat-!cn") -> us
domain(geosite: google) -> us
domain(geosite: google-play) -> proxy
domain(geosite: apple) -> us
domain(geosite: spotify) -> us
domain(geosite: tiktok) -> us
domain(geosite: cn) -> direct
dip(geoip:private) -> direct
dip(geoip:cn) -> direct
# dport(63434) && sip(192.168.31.170) -> hk
dip(223.5.5.5) -> direct
# ban qq dns over http
# dip(43.136.0.0/13) -> block
# dip(109.244.0.0/16) -> block
# dip(175.27.0.0/16) -> block
# dip('2409:8C1E:75B0:80::/64') -> block
fallback: proxy
}

110
nixos/configurations/Tytonidae/dae/default.nix Normal file
View file

@ -0,0 +1,110 @@
{ pkgs, config, ... }:
{
services.dae = {
enable = true;
openFirewall = {
enable = true;
port = 12345;
};
disableTxChecksumIpGeneric = false;
config = builtins.readFile ./config.dae;
};
environment.etc."dae/urls.txt".source = ./urls.txt;
systemd.services =
let
new_proxy = "/etc/dae/proxy.d.new";
head = "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36";
update = ''
num=0
check=1
urls="$(${pkgs.coreutils}/bin/cat /etc/dae/urls.txt)"
mkdir -p ${new_proxy}
for url in "''${urls}"; do
txt=${new_proxy}/''${num}.txt
config="${new_proxy}/''${num}.dae"
${pkgs.curl}/bin/curl -H "${head}" "''${url}" > "''${txt}"
${pkgs.coreutils}/bin/echo "" > ''${config}
${pkgs.coreutils}/bin/echo 'subscription {' >> ''${config}
${pkgs.coreutils}/bin/echo \ \ wget:\ \"file\://proxy.d/''${num}.txt\" >> ''${config}
${pkgs.coreutils}/bin/echo } >> ''${config}
if [[ ! -s ''${txt} ]]; then
check=0
fi
${pkgs.coreutils}/bin/chmod 0640 ''${txt}
${pkgs.coreutils}/bin/chmod 0640 ''${config}
link=$((link+1))
if [[ ''${check} -eq 0 ]]; then
exit -1
fi
done
${pkgs.coreutils}/bin/rm -r /etc/dae/proxy.d
${pkgs.coreutils}/bin/mv ${new_proxy} /etc/dae/proxy.d
'';
in
{
"update-dae-subscription-immediate" = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
before = [ "dae.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart =
let
script = pkgs.writeTextFile {
name = "update-dae-subscription-immediate";
executable = true;
destination = "/bin/script";
text = ''
${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
${pkgs.coreutils}/bin/echo "No subscription file found in /etc/dae/proxy.d. Update now..."
${update}
else
${pkgs.coreutils}/bin/echo "Found existing subscription files. Skipping immediate update."
fi
'';
};
in
[
"${pkgs.bash}/bin/bash ${script}/bin/script"
];
};
wantedBy = [ "multi-user.target" ];
};
# "update-dae-subscription-weekly" = {
# after = [ "network-online.target" ];
# wants = [ "network-online.target" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart =
# let
# script = pkgs.writeTextFile {
# name = "update-dae-subscription-weekly";
# executable = true;
# destination = "/bin/script";
# text = ''
# ${pkgs.coreutils}/bin/echo "Force subscription update..."
# ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
# ${update}
# '';
# };
# in
# [
# "${pkgs.bash}/bin/bash ${script}/bin/script"
# ];
# };
# };
};
# systemd.timers."dae-update" = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "weekly";
# Unit = "dae-update.service";
# Persistent = true;
# };
# };
}

1
nixos/configurations/Tytonidae/dae/urls.txt Normal file
View file

@ -0,0 +1 @@
https://bava8u2znaj6bdzzjnfb.wgetcloud.online/link/df057715-3fa5-38c8-b550-316aa84c22c1?target=v2rayn&list=1&simple=1

61
nixos/configurations/Tytonidae/default.nix
View file

@ -5,29 +5,53 @@
nixos-hardware.nixosModules.asus-fx506hm
])
++ [
./i18n.nix
./gui.nix
./users
./openssh.nix
./kvm.nix
./dae
./nh.nix
./steam.nix
./spotify.nix
# Include the hardware related config
./hardware-configuration.nix
./networking.nix
];
youthlic.home-manager = {
enable = true;
unixName = "david";
hostName = "Tytonidae";
};
networking.hostName = "Tytonidae";
time.timeZone = "Asia/Shanghai";
i18n = {
defaultLocale = "C.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "zh_CN.UTF-8";
LC_IDENTIFICATION = "zh_CN.UTF-8";
LC_MEASUREMENT = "zh_CN.UTF-8";
LC_MONETARY = "zh_CN.UTF-8";
LC_NAME = "zh_CN.UTF-8";
LC_NUMERIC = "zh_CN.UTF-8";
LC_PAPER = "zh_CN.UTF-8";
LC_TELEPHONE = "zh_CN.UTF-8";
LC_TIME = "zh_CN.UTF-8";
};
};
services.printing.enable = true;
environment.systemPackages = with pkgs; [
nix-output-monitor
wget
git
vim
helix
nixd
nixfmt-rfc-style
element-desktop
discord-ptb
asusctl
vlc
btop
handbrake
wechat-uos
nvtopPackages.full
];
environment.variables.EDITOR = "hx";
nixpkgs = {
config = {
@ -40,4 +64,13 @@
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}

69
nixos/configurations/Tytonidae/gui.nix Normal file
View file

@ -0,0 +1,69 @@
{ pkgs, ... }:
{
# Enable the X11 windowing system.
# You can disable this if you're only using the Wayland session.
services.xserver = {
display = 0;
enable = true;
};
# Enable the KDE Plasma Desktop Environment.
# services.displayManager.sddm.enable = true;
# services.desktopManager.plasma6.enable = true;
services.desktopManager.cosmic.enable = true;
services.displayManager.cosmic-greeter.enable = true;
programs.niri.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "cn";
variant = "";
};
environment.systemPackages = with pkgs; [
fontconfig
];
programs.firefox.enable = true;
programs.localsend.enable = true;
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
nerd-fonts.fira-code
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-emoji
lxgw-wenkai
];
fontconfig.defaultFonts = pkgs.lib.mkForce {
serif = [
"LXGW WenKai"
"Noto Serif CJK SC"
"Noto Serif"
];
sansSerif = [
"Noto Serif CJK SC"
"Noto Serif"
];
monospace = [
"FiraCode Nerd Font"
];
emoji = [ "Noto Color Emoji" ];
};
};
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
}

42
nixos/configurations/Tytonidae/i18n.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, inputs, ... }:
{
i18n = {
defaultLocale = "C.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "zh_CN.UTF-8";
LC_IDENTIFICATION = "zh_CN.UTF-8";
LC_MEASUREMENT = "zh_CN.UTF-8";
LC_MONETARY = "zh_CN.UTF-8";
LC_NAME = "zh_CN.UTF-8";
LC_NUMERIC = "zh_CN.UTF-8";
LC_PAPER = "zh_CN.UTF-8";
LC_TELEPHONE = "zh_CN.UTF-8";
LC_TIME = "zh_CN.UTF-8";
};
inputMethod = {
enable = true;
type = "fcitx5";
fcitx5 = {
addons = with pkgs; [
libsForQt5.fcitx5-qt
fcitx5-gtk
fcitx5-configtool
fcitx5-chinese-addons
(fcitx5-rime.override {
rimeDataPkgs =
[
rime-data
]
++ (with (pkgs.callPackage inputs.nur-xddxdd { }); [
rime-ice
rime-zhwiki
rime-moegirl
]);
})
];
waylandFrontend = true;
};
};
};
}

9
nixos/configurations/Tytonidae/kvm.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
programs.virt-manager.enable = true;
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
}

11
nixos/configurations/Tytonidae/nh.nix Normal file
View file

@ -0,0 +1,11 @@
{
...
}:
{
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = ./..;
};
}

37
nixos/configurations/Tytonidae/openssh.nix Normal file
View file

@ -0,0 +1,37 @@
{ ... }:
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
X11Forwarding = true;
PermitRootLogin = "no";
LogLevel = "VERBOSE";
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"ecdh-sha2-nistp521"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp256"
"diffie-hellman-group-exchange-sha256"
];
};
ports = [ 3022 ];
};
}

6
nixos/configurations/Tytonidae/spotify.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
spotify
];
}

12
nixos/configurations/Tytonidae/steam.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
config = {
hardware.graphics.enable32Bit = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
};
}

18
nixos/configurations/Tytonidae/users/david.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs, ... }:
{
users.users.david = {
isNormalUser = true;
description = "david";
extraGroups = [
"networkmanager"
"libvirtd"
"wheel"
];
};
programs.fish.enable = true;
users.users.david.shell = pkgs.fish;
users.users.david.openssh.authorizedKeys.keyFiles = [
./tytonidae.pub
];
}

6
nixos/configurations/Tytonidae/users/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./david.nix
];
}

8
nixos/configurations/Tytonidae/users/tytonidae Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC2sRS60d
BXX14enHHCynC9AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIETMs9b4xfFRsgPZ
UzrVce3J27p0LBKLfZwhNMen0Da9AAAAkC3NVadOCQU0sd6qujTsqGPSbuO6iNaEBOj6hl
GVPf/VwoGxadvzyQh7sdcOzr/nybcaNgOya7sjAWN0uClekHp/8ZUewU28xlmv2yXxpOXM
UrDFaUcpWIRegALW8CpJf2ndykI1Y8eY2uwGJSWgWreBoCD81P1V68DSw8i4XVtW2Pad9y
yYvR8TpNxCvyta2w==
-----END OPENSSH PRIVATE KEY-----

1
nixos/configurations/Tytonidae/users/tytonidae.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETMs9b4xfFRsgPZUzrVce3J27p0LBKLfZwhNMen0Da9 david@nixos

1
nixos/modules/default.nix
View file

@ -14,6 +14,7 @@
])
++ [
./nix.nix
./home.nix
];
config = {

64
nixos/modules/home.nix Normal file
View file

@ -0,0 +1,64 @@
{
inputs,
outputs,
lib,
config,
pkgs,
rootPath,
...
}:
{
options.youthlic.home-manager = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = ''
whether enable home-manager or not
'';
};
unixName = lib.mkOption {
type = lib.types.str;
default = "david";
example = "youthlic";
description = ''
unix name of home-manager user
'';
};
hostName = lib.mkOption {
type = lib.types.str;
example = "Tytonidae";
description = ''
host name of home-manager user
'';
};
};
config =
let
cfg = config.youthlic.home-manager;
unixName = cfg.unixName;
hostName = cfg.hostName;
in
lib.mkIf cfg.enable {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."${cfg.unixName}" = (
{ ... }:
{
imports = [
(rootPath + "/home/${unixName}/modules")
(rootPath + "/home/${unixName}/configurations/${hostName}")
];
}
);
extraSpecialArgs = {
inherit outputs inputs;
inherit (cfg) unixName hostName;
inherit (pkgs) system;
};
backupFileExtension = "backup";
sharedModules = [ outputs.homeManagerModules.default ];
};
};
}