youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move some config to modules

Browse source 
update dae config

move dae config to module

move openssh config to module

change david config location

move nh.nix to module

move i18n config to module

move steam config to module

remove kvm config
This commit is contained in:
ulic-youthlic 2025-01-13 16:49:40 +08:00
parent 47dac088a4
commit 85c42efac0
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
17 changed files with 285 additions and 261 deletions
Download patch file Download diff file Expand all files Collapse all files

119
nixos/configurations/Tytonidae/dae/default.nix
View file

@ -1,119 +0,0 @@
{
pkgs,
config,
rootPath,
...
}:
{
services.dae = {
enable = true;
openFirewall = {
enable = true;
port = 12345;
};
disableTxChecksumIpGeneric = false;
config = builtins.readFile ./config.dae;
};
sops.secrets.url = {
mode = "0444";
sopsFile = rootPath + "/secrets/general.yaml";
};
systemd.services =
let
new_proxy = "/etc/dae/proxy.d.new";
head = "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36";
update = ''
num=0
check=1
urls="$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.url.path})"
mkdir -p ${new_proxy}
for url in "''${urls}"; do
txt=${new_proxy}/''${num}.txt
config="${new_proxy}/''${num}.dae"
${pkgs.curl}/bin/curl -H "${head}" "''${url}" > "''${txt}"
${pkgs.coreutils}/bin/echo "" > ''${config}
${pkgs.coreutils}/bin/echo 'subscription {' >> ''${config}
${pkgs.coreutils}/bin/echo \ \ wget:\ \"file\://proxy.d/''${num}.txt\" >> ''${config}
${pkgs.coreutils}/bin/echo } >> ''${config}
if [[ ! -s ''${txt} ]]; then
check=0
fi
${pkgs.coreutils}/bin/chmod 0640 ''${txt}
${pkgs.coreutils}/bin/chmod 0640 ''${config}
link=$((link+1))
if [[ ''${check} -eq 0 ]]; then
exit -1
fi
done
${pkgs.coreutils}/bin/rm -r /etc/dae/proxy.d
${pkgs.coreutils}/bin/mv ${new_proxy} /etc/dae/proxy.d
'';
in
{
"update-dae-subscription-immediate" = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
before = [ "dae.service" ];
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart =
let
script = pkgs.writeTextFile {
name = "update-dae-subscription-immediate";
executable = true;
destination = "/bin/script";
text = ''
${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
${pkgs.coreutils}/bin/echo "No subscription file found in /etc/dae/proxy.d. Update now..."
${update}
else
${pkgs.coreutils}/bin/echo "Found existing subscription files. Skipping immediate update."
fi
'';
};
in
[
"${pkgs.bash}/bin/bash ${script}/bin/script"
];
};
wantedBy = [ "multi-user.target" ];
};
# "update-dae-subscription-weekly" = {
# after = [ "network-online.target" ];
# wants = [ "network-online.target" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart =
# let
# script = pkgs.writeTextFile {
# name = "update-dae-subscription-weekly";
# executable = true;
# destination = "/bin/script";
# text = ''
# ${pkgs.coreutils}/bin/echo "Force subscription update..."
# ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
# ${update}
# '';
# };
# in
# [
# "${pkgs.bash}/bin/bash ${script}/bin/script"
# ];
# };
# };
};
# systemd.timers."dae-update" = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "weekly";
# Unit = "dae-update.service";
# Persistent = true;
# };
# };
}

28
nixos/configurations/Tytonidae/default.nix
View file

@ -5,13 +5,8 @@
nixos-hardware.nixosModules.asus-fx506hm nixos-hardware.nixosModules.asus-fx506hm
]) ])
++ [ ++ [
./i18n.nix
./gui.nix ./gui.nix
./users ./users
./openssh.nix
./kvm.nix
./dae
./nh.nix
./steam.nix ./steam.nix
# Include the hardware related config # Include the hardware related config
@ -19,10 +14,18 @@
./networking.nix ./networking.nix
]; ];
youthlic.home-manager = { youthlic = {
enable = true; home-manager = {
unixName = "david"; enable = true;
hostName = "Tytonidae"; unixName = "david";
hostName = "Tytonidae";
};
i18n.enable = true;
programs = {
dae.enable = true;
openssh.enable = true;
steam.enable = true;
};
}; };
programs.gnupg.agent = { programs.gnupg.agent = {
@ -46,7 +49,6 @@
element-desktop element-desktop
discord-ptb discord-ptb
asusctl
vlc vlc
btop btop
handbrake handbrake
@ -57,12 +59,6 @@
environment.variables.EDITOR = "hx"; environment.variables.EDITOR = "hx";
nixpkgs = {
config = {
allowUnfree = true;
};
};
boot = { boot = {
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;

43
nixos/configurations/Tytonidae/i18n.nix
View file

@ -1,43 +0,0 @@
{
pkgs,
outputs,
...
}:
{
i18n = {
defaultLocale = "C.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "zh_CN.UTF-8";
LC_IDENTIFICATION = "zh_CN.UTF-8";
LC_MEASUREMENT = "zh_CN.UTF-8";
LC_MONETARY = "zh_CN.UTF-8";
LC_NAME = "zh_CN.UTF-8";
LC_NUMERIC = "zh_CN.UTF-8";
LC_PAPER = "zh_CN.UTF-8";
LC_TELEPHONE = "zh_CN.UTF-8";
LC_TIME = "zh_CN.UTF-8";
};
inputMethod = {
enable = true;
type = "fcitx5";
fcitx5 = {
addons = with pkgs; [
libsForQt5.fcitx5-qt
fcitx5-gtk
fcitx5-configtool
fcitx5-chinese-addons
(fcitx5-rime.override {
rimeDataPkgs = (
with (outputs.packages."${pkgs.system}");
[
rime-ice
]
);
})
];
waylandFrontend = true;
};
};
};
}

9
nixos/configurations/Tytonidae/kvm.nix
View file

@ -1,9 +0,0 @@
{ ... }:
{
programs.virt-manager.enable = true;
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
}

11
nixos/configurations/Tytonidae/nh.nix
View file

@ -1,11 +0,0 @@
{
...
}:
{
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = ./..;
};
}

37
nixos/configurations/Tytonidae/openssh.nix
View file

@ -1,37 +0,0 @@
{ ... }:
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
X11Forwarding = true;
PermitRootLogin = "no";
LogLevel = "VERBOSE";
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"ecdh-sha2-nistp521"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp256"
"diffie-hellman-group-exchange-sha256"
];
};
ports = [ 3022 ];
};
}

18
nixos/configurations/Tytonidae/users/david.nix
View file

@ -1,18 +0,0 @@
{ pkgs, ... }:
{
users.users.david = {
isNormalUser = true;
description = "david";
extraGroups = [
"networkmanager"
"libvirtd"
"wheel"
];
};
programs.fish.enable = true;
users.users.david.shell = pkgs.fish;
users.users.david.openssh.authorizedKeys.keyFiles = [
./tytonidae.pub
];
}

17
nixos/configurations/Tytonidae/users/default.nix
View file

@ -1,6 +1,17 @@
{ ... }: { pkgs, ... }:
{ {
imports = [ users.users.david = {
./david.nix isNormalUser = true;
description = "david";
extraGroups = [
"networkmanager"
"libvirtd"
"wheel"
];
};
programs.fish.enable = true;
users.users.david.shell = pkgs.fish;
users.users.david.openssh.authorizedKeys.keyFiles = [
./tytonidae.pub
]; ];
} }

0
nixos/configurations/Tytonidae/dae/config.dae → nixos/modules/dae/config.dae
View file

127
nixos/modules/dae/default.nix Normal file
View file

@ -0,0 +1,127 @@
{
config,
rootPath,
pkgs,
lib,
...
}:
let
cfg = config.youthlic.programs.dae;
in
{
options = {
youthlic.programs.dae = {
enable = lib.mkEnableOption "dae";
};
};
config = lib.mkIf cfg.enable {
services.dae = {
enable = true;
openFirewall = {
enable = true;
port = 12345;
};
disableTxChecksumIpGeneric = false;
config = builtins.readFile ./config.dae;
};
sops.secrets.url = {
mode = "0444";
sopsFile = rootPath + "/secrets/general.yaml";
};
systemd.services =
let
update = ''
head="user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
new_proxy=/etc/dae/proxy.d.new
num=0
check=1
urls="$(cat ${config.sops.secrets.url.path})"
mkdir -p ''${new_proxy}
for url in ''${urls}; do
txt=''${new_proxy}/''${num}.txt
config="''${new_proxy}/''${num}.dae"
echo \'curl -LH \""''${head}"\" \""''${url}"\" -o \""''${txt}"\"\'
curl -LH "''${head}" "''${url}" -o "''${txt}"
echo End curl
echo "" > ''${config}
{
echo 'subscription {'
echo \ \ wget:\ \"file://proxy.d/''${num}.txt\"
echo "}"
} >> ''${config}
if [[ ! -s ''${txt} ]]; then
check=0
fi
chmod 0640 ''${txt}
chmod 0640 ''${config}
num=$((num+1))
if [[ ''${check} -eq 0 ]]; then
echo "''${txt}" is empty
exit 103
fi
done
if [[ -d /etc/dae/proxy.d ]]; then
mv /etc/dae/proxy.d /etc/dae/proxy.d.old
fi
mv ''${new_proxy} /etc/dae/proxy.d
'';
updateScript = pkgs.writeShellApplication {
name = "update.sh";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
mkdir -p /etc/proxy.d
if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
echo "No subscription file found in /etc/dae/proxy.d. Update now..."
${update}
else
echo "Found existing subscription files. Skipping immediate update."
fi
'';
};
updateForceScript = pkgs.writeShellApplication {
name = "update-force.sh";
runtimeInputs = with pkgs; [
coreutils
curl
];
text = ''
${update}
'';
};
in
{
"update-dae-subscription-immediate" = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
before = [ "dae.service" ];
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = [
"${updateScript}/bin/update.sh"
];
};
wantedBy = [ "multi-user.target" ];
};
"update-dae-subscription-force" = {
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStartPre = [
"-${pkgs.systemd}/bin/systemctl stop dae.service"
];
ExecStartPost = [
"-${pkgs.systemd}/bin/systemctl start dae.service"
];
ExecStart = [
"${updateForceScript}/bin/update-force.sh"
];
};
};
};
};
}

3
nixos/modules/default.nix
View file

@ -17,6 +17,9 @@
./nix.nix ./nix.nix
./home.nix ./home.nix
./sops.nix ./sops.nix
./dae
./openssh.nix
./nh.nix
]; ];
config = { config = {

54
nixos/modules/i18n.nix Normal file
View file

@ -0,0 +1,54 @@
{
pkgs,
outputs,
lib,
config,
...
}:
let
cfg = config.youthlic.i18n;
in
{
options = {
youthlic.i18n = {
enable = lib.mkEnableOption "zh env";
};
};
config = lib.mkIf cfg.enable {
i18n = {
defaultLocale = "C.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "zh_CN.UTF-8";
LC_IDENTIFICATION = "zh_CN.UTF-8";
LC_MEASUREMENT = "zh_CN.UTF-8";
LC_MONETARY = "zh_CN.UTF-8";
LC_NAME = "zh_CN.UTF-8";
LC_NUMERIC = "zh_CN.UTF-8";
LC_PAPER = "zh_CN.UTF-8";
LC_TELEPHONE = "zh_CN.UTF-8";
LC_TIME = "zh_CN.UTF-8";
};
inputMethod = {
enable = true;
type = "fcitx5";
fcitx5 = {
addons = with pkgs; [
libsForQt5.fcitx5-qt
fcitx5-gtk
fcitx5-configtool
fcitx5-chinese-addons
(fcitx5-rime.override {
rimeDataPkgs = (
with (outputs.packages."${pkgs.system}");
[
rime-ice
]
);
})
];
waylandFrontend = true;
};
};
};
};
}

10
nixos/modules/nh.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
config = {
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
};
};
}

5
nixos/modules/nix.nix
View file

@ -7,6 +7,11 @@
}: }:
{ {
config = { config = {
nixpkgs = {
config = {
allowUnfree = true;
};
};
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = { settings = {

47
nixos/modules/openssh.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.openssh;
in
{
options = {
youthlic.programs.openssh = {
enable = lib.mkEnableOption "openssh";
};
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
X11Forwarding = true;
PermitRootLogin = "no";
LogLevel = "VERBOSE";
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"ecdh-sha2-nistp521"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp256"
"diffie-hellman-group-exchange-sha256"
];
};
ports = [ 3022 ];
};
};
}

12
nixos/configurations/Tytonidae/steam.nix → nixos/modules/steam.nix
View file

@ -1,6 +1,14 @@
{ ... }: { lib, config, ... }:
let
cfg = config.youthlic.programs.steam;
in
{ {
config = { options = {
youthlic.programs.steam = {
enable = lib.mkEnableOption "steam";
};
};
config = lib.mkIf cfg.enable {
hardware.graphics.enable32Bit = true; hardware.graphics.enable32Bit = true;
programs.steam = { programs.steam = {
enable = true; enable = true;

6
secrets/general.yaml
View file

@ -1,6 +1,6 @@
ssh-private-key: ENC[AES256_GCM,data:hT2/OaZBAXK8eQe0qAxHw8nO6Z9ErzUdGWUgN/0c04NKUz6dyynKXsSEE7sC/P/WfUCOTXVgf7u/SY2/hMBG2tpceEwx2FDVJnUDF6Wi/2U8C1z3TjBitjYY1apku3lMTNYF7GwflUA+lB3xcKJ9dKnJlU/5moPqCf58G5w9DFXM1YJcUfVQ1Cl5MKguJkxpSw4MMm7QxGhruX5C/a84TYIZC/IHll3f1e6qvM+5TEibXIa9LBMcT7pxw4SQ/vhPmAJO54/GHbktTHxkjPbo2keGr3J1Im+TlX9OB81cbNZMxIn++Igw9iffF0LZmudmndLhWFPUK0itpkP8pjMY3rIrI6KsPG/7w4zQMO0p6rNfeGjkLvKp3mj5mYRlBdMaqtiqngAxzelsKaVhXlO+JXR+qdpONico8mRP+f3KSJU6gmGCIw0RNFcBlV/NN2VNUTxBS7/cwYGKF1kkb4Or9h5l5N7Ta1U5m2PEYclrneuclx6fdKXfChLG65E0l86EgpMyC6hHSL1x51e8QJSnHBkbjAMI59Kj9sy4QE8J4/a3q1D/sr/bn2t2Y7W0CckK7iPqyeiA0RSXiIVZ,iv:QVQCQJyc2ZgSzBpJ2MIrjgxBKghpr48k9yGzBUIoffg=,tag:3zo3vzwqWhQkAWB4N4R0NQ==,type:str] ssh-private-key: ENC[AES256_GCM,data:hT2/OaZBAXK8eQe0qAxHw8nO6Z9ErzUdGWUgN/0c04NKUz6dyynKXsSEE7sC/P/WfUCOTXVgf7u/SY2/hMBG2tpceEwx2FDVJnUDF6Wi/2U8C1z3TjBitjYY1apku3lMTNYF7GwflUA+lB3xcKJ9dKnJlU/5moPqCf58G5w9DFXM1YJcUfVQ1Cl5MKguJkxpSw4MMm7QxGhruX5C/a84TYIZC/IHll3f1e6qvM+5TEibXIa9LBMcT7pxw4SQ/vhPmAJO54/GHbktTHxkjPbo2keGr3J1Im+TlX9OB81cbNZMxIn++Igw9iffF0LZmudmndLhWFPUK0itpkP8pjMY3rIrI6KsPG/7w4zQMO0p6rNfeGjkLvKp3mj5mYRlBdMaqtiqngAxzelsKaVhXlO+JXR+qdpONico8mRP+f3KSJU6gmGCIw0RNFcBlV/NN2VNUTxBS7/cwYGKF1kkb4Or9h5l5N7Ta1U5m2PEYclrneuclx6fdKXfChLG65E0l86EgpMyC6hHSL1x51e8QJSnHBkbjAMI59Kj9sy4QE8J4/a3q1D/sr/bn2t2Y7W0CckK7iPqyeiA0RSXiIVZ,iv:QVQCQJyc2ZgSzBpJ2MIrjgxBKghpr48k9yGzBUIoffg=,tag:3zo3vzwqWhQkAWB4N4R0NQ==,type:str]
git-credential: ENC[AES256_GCM,data:Rt6ccMJ+D/Jv1U7Ex51j4zIKp5KIyPFJdWZwJyW6liU5CHxBfrFWeNOJobhT5tFPrhzHRUI=,iv:f2SYFKpAcHoKG3dMsniKRi02EFDzwgzzli5Qzw8CWqo=,tag:hUi0FAZ7+2+mcqUsz5HtbQ==,type:str] git-credential: ENC[AES256_GCM,data:Rt6ccMJ+D/Jv1U7Ex51j4zIKp5KIyPFJdWZwJyW6liU5CHxBfrFWeNOJobhT5tFPrhzHRUI=,iv:f2SYFKpAcHoKG3dMsniKRi02EFDzwgzzli5Qzw8CWqo=,tag:hUi0FAZ7+2+mcqUsz5HtbQ==,type:str]
url: ENC[AES256_GCM,data:n152X334cpUJXgm/0D+mbF2xDOSq/xT4xO3rBLjxEkcAexkn7lIm2mHKLaumBO0M7YC6gP/AVZlhOrpC7EtwwyzvxFgZIYBT0u3pKRpp2ifedMXd/7iKq45vu3xltX8blFF5TcMslO4UsXJEc+NxnCMS/PvO,iv:RWFUzHi2t06CqY1fHPTFUJevyW0bXc1xuhsjfZd3UAw=,tag:BWGxxAtfoJ8tbbbKbkzQRw==,type:str] url: ENC[AES256_GCM,data:ouWl1losoEBxgUYkZLGhcA7bmqJG0ivx8wNoYx64+lvOVNzg0Q0wp8GFK1ikRQAq2gljiYoLlbGAehePpadAIgePQKP03LC65EzME/gynjZpq2FC9shm75SnymH7imhYcvEVidpoDR/FDBmsTLqAvbV2nmF+,iv:KKr2S1faSHAuiLvGiKdgiJXXrBoXY7qDGfvPuHEi1C8=,tag:srSWuFwGVkLE2GB9yhzTXw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -16,8 +16,8 @@ sops:
dTkwcThVQTNYZ0RKWnIwMEgzQ2lYMVEKWs0OsGlPCRfsjZwntyVa6RGhZLye35kX dTkwcThVQTNYZ0RKWnIwMEgzQ2lYMVEKWs0OsGlPCRfsjZwntyVa6RGhZLye35kX
3PDxZ66jP63OGi5Hai17fp5IvT3/mIRWh6UMq44TFz9OQoUWCymakg== 3PDxZ66jP63OGi5Hai17fp5IvT3/mIRWh6UMq44TFz9OQoUWCymakg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-12T08:58:47Z" lastmodified: "2025-01-13T08:37:59Z"
mac: ENC[AES256_GCM,data:XXdGGA/S6tg3xlsLwEtRjLHIVRRQHR2MBIeZv+9VtGYG1cBJD64RGZBCAJ5Jaw7WctcqZqj0Q1C9rIgNyv8ZYJTum3ok469WNFfcoDkPCr12nAO7vujvZp5xA5KfOdiP3wrHmorD4hl8qfv2oURm2RDcfzMIL2LWgNiwWndXs+I=,iv:RVHpsunJlOzN3QxxPfQdkUiC+Tf71j4L7SGEeTfDzYM=,tag:BgMqfCz1RG5Kl5PCIf/HdQ==,type:str] mac: ENC[AES256_GCM,data:7Y1fHRBvU1HqNeX8R0s/zduiH96z2xLR4Mf4X4v1UYG/uhMk2MJ42Q8dHyK6HCeR0m81WiPal5zZRSWQzwxCSC9GDZiUTJhacsTazqXbqZHGyKm3IW5lFP21dqNqZQ//cIM+VVg/KpqFRHOOqA0gSIjMJxgef7nC7jm8vWTbr9k=,iv:dJ31SWiGYdnoRaJwrex6UlarTofdr02zosMF63GDJQI=,tag:mdIqQqiUyPXbK5JCKZsXuw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2