From 7727c5cf43200ada3f372adafb9afdff8fba8459 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Thu, 5 Dec 2024 20:02:48 +0800 Subject: [PATCH 1/7] massicot: drop ntfy --- machines/massicot/services.nix | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 748a4ed..a4f0d72 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -46,18 +46,6 @@ in }; }; - services.ntfy-sh = { - enable = true; - group = "caddy"; - settings = { - listen-unix = "/var/run/ntfy-sh/ntfy.sock"; - listen-unix-mode = 432; # octal 0660 - base-url = "https://ntfy.xinyang.life"; - }; - }; - - systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = "ntfy-sh"; - services.kanidm = { package = pkgs.kanidm.withSecretProvisioning; enableServer = true; @@ -98,15 +86,6 @@ in services.caddy = { enable = true; - virtualHosts."xinyang.life:443".extraConfig = '' - tls internal - encode zstd gzip - reverse_proxy /.well-known/matrix/* localhost:6167 - reverse_proxy * http://localhost:8080 { - flush_interval -1 - } - ''; - virtualHosts."http://auth.xinyang.life:80".extraConfig = '' reverse_proxy ${config.security.acme.certs."auth.xinyang.life".listenHTTP} ''; @@ -119,15 +98,5 @@ in } } ''; - - virtualHosts."https://ntfy.xinyang.life".extraConfig = '' - reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix} - @httpget { - protocol http - method GET - path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) - } - redir @httpget https://{host}{uri} - ''; }; } From 082e64b96004e68318a94269a0f1b246ea6d9b91 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Fri, 6 Dec 2024 23:24:49 +0800 Subject: [PATCH 2/7] modules/proxy: multi-user support --- machines/dolomite/common.nix | 15 +- machines/dolomite/secrets/secrets.yaml | 16 +- .../nixos/common-settings/proxy-server.nix | 265 +++++++++--------- 3 files changed, 159 insertions(+), 137 deletions(-) diff --git a/machines/dolomite/common.nix b/machines/dolomite/common.nix index c50c1a9..3840592 100644 --- a/machines/dolomite/common.nix +++ b/machines/dolomite/common.nix @@ -3,6 +3,7 @@ config = { sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ./secrets/secrets.yaml; secrets = { wg_private_key = { owner = "root"; @@ -12,14 +13,6 @@ owner = "root"; sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; }; - "sing-box/password" = { - owner = "root"; - sopsFile = ./secrets/secrets.yaml; - }; - "sing-box/uuid" = { - owner = "root"; - sopsFile = ./secrets/secrets.yaml; - }; }; }; swapDevices = [ @@ -32,6 +25,7 @@ custom.prometheus.exporters = { enable = true; node.enable = true; + blackbox.enable = true; }; custom.monitoring = { @@ -44,6 +38,11 @@ auth.enable = true; proxyServer = { enable = true; + users = [ + "wyj" + "yhb" + "xin" + ]; }; }; }; diff --git a/machines/dolomite/secrets/secrets.yaml b/machines/dolomite/secrets/secrets.yaml index 53a7131..e0df929 100644 --- a/machines/dolomite/secrets/secrets.yaml +++ b/machines/dolomite/secrets/secrets.yaml @@ -1,6 +1,14 @@ sing-box: - password: ENC[AES256_GCM,data:qCc1v8nAL0oYisRinMDXGrBQA+r6XNoa,iv:eTxtad4kEdE28XqnrZEek8BtXNY1rNgLvGLxlMzRtl4=,tag:s/shWAkYE4DSnScpTY8ulQ==,type:str] - uuid: ENC[AES256_GCM,data:lEpz15sLOVrGDzQwTJyS+tFJY0bMeO265bxocWAjB6qrvxYx,iv:lhk5jl/udUH3AZEuk5ffuvin/qhRUaOZ/3nk1Jaw+DI=,tag:4mKFIVKT+D47njfDsxe9iA==,type:str] + users: + wyj: + password: ENC[AES256_GCM,data:yp+T3eci9RiuZzdmRSq5nTjHaz8e/Rri,iv:hIPc+7YHUnaIdU9O8GGx3r7l3oBA6prQb+KBQV0G+8k=,tag:2GNiBP4PQy+KGHgLupKGSg==,type:str] + uuid: ENC[AES256_GCM,data:Qrgil6G7pjQAQzCCOlstDi27EqqmSuBMhs+RTl9++wrPrIgJ,iv:u+3Z17uX4I6li2qd9UP3y+WaKn7aKfbb3J6H1Pyc1QY=,tag:hSa4AB383/B58XMmZ8LIfQ==,type:str] + yhb: + password: ENC[AES256_GCM,data:TwRct68TePpcZcnpWIQpFaF23WGMre8=,iv:YU4mQNm0rt2u4ItJwQ8nZPEmJi0+lmEIPG2Kxh/nI58=,tag:ukZem38O/b42dEKM3CYa+w==,type:str] + uuid: ENC[AES256_GCM,data:6hVhEqWPLVrn8rCS4x/eapd+iL7JRaXtOGCj9uuPlkGjBTMK,iv:VZ27KWCY6/K5GoNwRNmaRWzqfV7+8iFjtias1vKeGfA=,tag:8mhmZPooxHaGNYdznuFhMQ==,type:str] + xin: + password: ENC[AES256_GCM,data:SRiPFO+Uwy/PT41SIg7eI68wk4AX6so=,iv:aXwP5wa1IrlnvFo/ZL+DYFFHDdWw2Z83de3ApHUTsXo=,tag:sxXoy1FnDxZBQCDeNxphzQ==,type:str] + uuid: ENC[AES256_GCM,data:7xK53SO4x0tOIEIYl6kmmAvnpdsR/tYQoG1t/ytsnO4QqWY3,iv:i694Fnu7g1OA3IGzSaoSGA5/eMPo+I/1TZbYuaQrgNA=,tag:4cUlioJn/IvsvZclgboOSA==,type:str] sops: kms: [] gcp_kms: [] @@ -43,8 +51,8 @@ sops: K1F1SzI2NFNIKzlreVBXSjAxaUxQd28KFaf1uu7OlqIe0TirJFgS3iPjhXPyfNDE m2XUjzdXp+chJCzVOFvpYStqz+e08ADEc+jp3YsTLcxyqvXhQdyL/Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-02T05:26:17Z" - mac: ENC[AES256_GCM,data:K94zFWPWGUisLCqDjSLs17QxHXPH4tPU/98Sb4lCnt7IRAIn14x/T+BnInY/DK+DOVLLtzSfuN0kgzzGjSzwJx5Vq1G3MkhngRQQRT9dvODTCMAw6lPt98Ofw1CEEsFQnpYo9zIUlCGKg2YPKFLqE7OjkPxqw7VYvgzr5dDw58s=,iv:3xcJfNX5v/e9HgZt3UrHs2/C5ivaBV1rXKIBs9hKKFg=,tag:RQPQQ1cmZiOpQjUwqnzZQA==,type:str] + lastmodified: "2024-12-06T04:35:52Z" + mac: ENC[AES256_GCM,data:DAg4UTwNv+rs6hye2z5UUtA1a4yZbFaAWjLoKAXf87tKgBCZzK8C1q6gLyTQOqp07ptYQd5Q951kfE1a/35SFJsubREzJmu6haxznRgq7pO5HDGqgtjYEHsngsWZh3bUSX/aG2dLISdD81VY68nLzTO0r4h/SL6DNG36RzJgL8E=,iv:V0WhENNt/Szi5VWVD2t5AsWP1tOZUGjFjMNYPDq59XI=,tag:ThRstdzVNtSs6E7qlvKPOw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/modules/nixos/common-settings/proxy-server.nix b/modules/nixos/common-settings/proxy-server.nix index b54774a..f82f91f 100644 --- a/modules/nixos/common-settings/proxy-server.nix +++ b/modules/nixos/common-settings/proxy-server.nix @@ -21,106 +21,100 @@ let config.security.acme.certs.${config.deployment.targetHost}.directory + "/cert.pem"; }; - mkSingConfig = - { uuid, password, ... }: - { - log = { - level = "warn"; - }; - inbounds = - [ - { - tag = "sg0"; - type = "trojan"; - listen = "::"; - listen_port = cfg.trojan.port; - tcp_multi_path = true; - tcp_fast_open = true; - users = [ - { - name = "proxy"; - password = { - _secret = password; - }; - } - ]; - tls = singTls; - } - ] - ++ lib.forEach (lib.range 6311 6314) (port: { - tag = "sg" + toString (port - 6310); - type = "tuic"; + mkSingConfig = users: { + log = { + level = "warn"; + }; + inbounds = + [ + { + tag = "sg0"; + type = "trojan"; listen = "::"; - listen_port = port; - congestion_control = "bbr"; - users = [ + listen_port = cfg.trojan.port; + tcp_multi_path = true; + tcp_fast_open = true; + users = map (user: { + name = user.name; + password = { + _secret = user.passwordFile; + }; + }) users; + tls = singTls; + } + ] + ++ lib.forEach (lib.range 6311 6314) (port: { + tag = "sg" + toString (port - 6310); + type = "tuic"; + listen = "::"; + listen_port = port; + congestion_control = "bbr"; + users = map (user: { + name = user.name; + uuid = { + _secret = user.uuidFile; + }; + password = { + _secret = user.passwordFile; + }; + }) users; + tls = singTls; + }); + outbounds = + # warp outbound goes first to make it default outbound + (lib.optionals (cfg.warp.onTuic or cfg.warp.onTrojan) [ + { + type = "wireguard"; + tag = "wg-out"; + private_key = { + _secret = config.sops.secrets.wg_private_key.path; + }; + local_address = [ + "172.16.0.2/32" + { _secret = config.sops.secrets.wg_ipv6_local_addr.path; } + ]; + peers = [ { - name = "proxy"; - uuid = { - _secret = uuid; - }; - password = { - _secret = password; - }; + public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="; + allowed_ips = [ + "0.0.0.0/0" + "::/0" + ]; + server = "162.159.192.1"; + server_port = 500; } ]; - tls = singTls; - }); - outbounds = - # warp outbound goes first to make it default outbound - (lib.optionals (cfg.warp.onTuic or cfg.warp.onTrojan) [ - { - type = "wireguard"; - tag = "wg-out"; - private_key = { - _secret = config.sops.secrets.wg_private_key.path; - }; - local_address = [ - "172.16.0.2/32" - { _secret = config.sops.secrets.wg_ipv6_local_addr.path; } - ]; - peers = [ - { - public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="; - allowed_ips = [ - "0.0.0.0/0" - "::/0" - ]; - server = "162.159.192.1"; - server_port = 500; - } - ]; - } - ]) - ++ [ + } + ]) + ++ [ + { + type = "direct"; + tag = "direct"; + } + ]; + route = { + rules = + [ { - type = "direct"; - tag = "direct"; + inbound = "sg4"; + outbound = "direct"; } - ]; - route = { - rules = - [ - { - inbound = "sg4"; - outbound = "direct"; - } - ] - ++ (lib.optionals (!cfg.warp.onTuic) ( - lib.forEach (lib.range 1 3) (i: { - inbound = "sg${toString i}"; - outbound = "direct"; - }) - )) - ++ (lib.optionals (!cfg.warp.onTrojan) [ - { - inbound = "sg0"; - outbound = "direct"; - } - ]); - }; + ] + ++ (lib.optionals (!cfg.warp.onTuic) ( + lib.forEach (lib.range 1 3) (i: { + inbound = "sg${toString i}"; + outbound = "direct"; + }) + )) + ++ (lib.optionals (!cfg.warp.onTrojan) [ + { + inbound = "sg0"; + outbound = "direct"; + } + ]); }; + }; in { options.commonSettings.proxyServer = { @@ -137,40 +131,61 @@ in onTrojan = mkEnableOption "forward to warp in trojan"; onTuic = mkEnableOption "forward to warp in first two port of tuic"; }; - }; - config = mkIf cfg.enable { - boot.kernel.sysctl = { - "net.core.default_qdisc" = "fq"; - "net.ipv4.tcp_congestion_control" = "bbr"; - }; - - networking.firewall.trustedInterfaces = [ "tun0" ]; - - security.acme = { - acceptTerms = true; - certs.${config.deployment.targetHost} = { - email = "me@namely.icu"; - # Avoid port conflict - listenHTTP = if config.services.caddy.enable then ":30310" else ":80"; - }; - }; - services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = '' - reverse_proxy 127.0.0.1:30310 - ''; - - networking.firewall.allowedTCPPorts = [ - 80 - cfg.trojan.port - ]; - networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); - - services.sing-box = { - enable = true; - settings = mkSingConfig { - uuid = config.sops.secrets."sing-box/uuid".path; - password = config.sops.secrets."sing-box/password".path; - }; + users = mkOption { + type = lib.types.listOf lib.types.str; }; }; + + config = mkIf cfg.enable ( + { + boot.kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + }; + + networking.firewall.trustedInterfaces = [ "tun0" ]; + + security.acme = { + acceptTerms = true; + certs.${config.deployment.targetHost} = { + email = "me@namely.icu"; + # Avoid port conflict + listenHTTP = if config.services.caddy.enable then ":30310" else ":80"; + }; + }; + services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = '' + reverse_proxy 127.0.0.1:30310 + ''; + + networking.firewall.allowedTCPPorts = [ + 80 + cfg.trojan.port + ]; + networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); + + services.sing-box = { + enable = true; + settings = ( + mkSingConfig ( + map (n: { + name = n; + uuidFile = config.sops.secrets."sing-box/users/${n}/uuid".path; + passwordFile = config.sops.secrets."sing-box/users/${n}/password".path; + }) cfg.users + ) + ); + }; + } + // { + sops.secrets = ( + builtins.foldl' (a: b: a // b) { } ( + map (u: { + "sing-box/users/${u}/uuid" = { }; + "sing-box/users/${u}/password" = { }; + }) cfg.users + ) + ); + } + ); } From e4fd9e8b234d41f5f0a6508cb142ad84604bd006 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Fri, 6 Dec 2024 23:25:44 +0800 Subject: [PATCH 3/7] modules/monitoring: fix probes --- machines/biotite/default.nix | 1 + machines/thorite/monitoring.nix | 25 +++++++++++++++++++++++-- overlays/my-lib/prometheus.nix | 11 +++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/machines/biotite/default.nix b/machines/biotite/default.nix index 5a51ab0..741e281 100644 --- a/machines/biotite/default.nix +++ b/machines/biotite/default.nix @@ -44,6 +44,7 @@ custom.prometheus.exporters = { enable = true; + node.enable = true; }; services.tailscale.enable = true; diff --git a/machines/thorite/monitoring.nix b/machines/thorite/monitoring.nix index e9cbb3b..dd3b693 100644 --- a/machines/thorite/monitoring.nix +++ b/machines/thorite/monitoring.nix @@ -67,10 +67,18 @@ in let probeList = [ "la-00.video.namely.icu:8080" - "fre-00.video.namely.icu:8080" + "fra-00.video.namely.icu:8080" "hk-00.video.namely.icu:8080" "home.xinyang.life:8000" ]; + chinaTargets = [ + "bj-cu-v4.ip.zstaticcdn.com:80" + "bj-cm-v4.ip.zstaticcdn.com:80" + "bj-ct-v4.ip.zstaticcdn.com:80" + "sh-cu-v4.ip.zstaticcdn.com:80" + "sh-cm-v4.ip.zstaticcdn.com:80" + "sh-ct-v4.ip.zstaticcdn.com:80" + ]; passwordFile = config.sops.secrets."prometheus/metrics_password".path; in (mkScrapes [ @@ -123,6 +131,7 @@ in { address = "thorite.coho-tet.ts.net"; } { address = "massicot.coho-tet.ts.net"; } { address = "weilite.coho-tet.ts.net"; } + { address = "biotite.coho-tet.ts.net"; } { address = "hk-00.coho-tet.ts.net"; } { address = "la-00.coho-tet.ts.net"; } { address = "fra-00.coho-tet.ts.net"; } @@ -140,10 +149,22 @@ in hostAddress = "weilite.coho-tet.ts.net"; targetAddresses = [ "la-00.video.namely.icu:8080" - "fre-00.video.namely.icu:8080" + "fra-00.video.namely.icu:8080" "hk-00.video.namely.icu:8080" ]; } + { + hostAddress = "la-00.coho-tet.ts.net"; + targetAddresses = chinaTargets; + } + { + hostAddress = "hk-00.coho-tet.ts.net"; + targetAddresses = chinaTargets; + } + { + hostAddress = "fra-00.coho-tet.ts.net"; + targetAddresses = chinaTargets; + } ]); }; diff --git a/overlays/my-lib/prometheus.nix b/overlays/my-lib/prometheus.nix index b7607a1..3642d55 100644 --- a/overlays/my-lib/prometheus.nix +++ b/overlays/my-lib/prometheus.nix @@ -237,6 +237,17 @@ in { inherit name; rules = [ + { + alert = "ProbeError"; + expr = "probe_success != 1"; + for = "3m"; + labels = { + severity = "critical"; + }; + annotations = { + summary = "Probing {{ $labels.instance }} from {{ $labels.from }} failed"; + }; + } { alert = "HighProbeLatency"; expr = "probe_duration_seconds > 0.5"; From dacd22b7d2938f233890e965738e56e3012e934a Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 10 Dec 2024 12:04:54 +0800 Subject: [PATCH 4/7] modules/monitoring: add sing-box monitoring --- machines/dolomite/common.nix | 1 + machines/thorite/monitoring.nix | 5 ++++ .../nixos/common-settings/proxy-server.nix | 19 ++++++++++++ modules/nixos/monitor/default.nix | 7 +++++ modules/nixos/monitor/exporters.nix | 7 +++++ overlays/my-lib/prometheus.nix | 30 +++++++++++++++++++ 6 files changed, 69 insertions(+) diff --git a/machines/dolomite/common.nix b/machines/dolomite/common.nix index 3840592..65b10c7 100644 --- a/machines/dolomite/common.nix +++ b/machines/dolomite/common.nix @@ -26,6 +26,7 @@ enable = true; node.enable = true; blackbox.enable = true; + v2ray.enable = true; }; custom.monitoring = { diff --git a/machines/thorite/monitoring.nix b/machines/thorite/monitoring.nix index dd3b693..981fd14 100644 --- a/machines/thorite/monitoring.nix +++ b/machines/thorite/monitoring.nix @@ -165,6 +165,11 @@ in hostAddress = "fra-00.coho-tet.ts.net"; targetAddresses = chinaTargets; } + ]) + ++ (mkV2rayScrapes [ + { address = "la-00.coho-tet.ts.net"; } + { address = "hk-00.coho-tet.ts.net"; } + { address = "fra-00.coho-tet.ts.net"; } ]); }; diff --git a/modules/nixos/common-settings/proxy-server.nix b/modules/nixos/common-settings/proxy-server.nix index f82f91f..2384900 100644 --- a/modules/nixos/common-settings/proxy-server.nix +++ b/modules/nixos/common-settings/proxy-server.nix @@ -1,5 +1,6 @@ { config, + pkgs, lib, ... }: @@ -114,7 +115,24 @@ let } ]); }; + experimental = { + v2ray_api = { + listen = "127.0.0.1:15175"; + stats = { + users = map (u: u.name) users; + enabled = true; + inbounds = map (p: "sg" + toString p) (lib.range 0 4); + }; + }; + }; }; + sing-box = pkgs.sing-box.overrideAttrs ( + finalAttrs: previousAttrs: { + tags = previousAttrs.tags ++ [ + "with_v2ray_api" + ]; + } + ); in { options.commonSettings.proxyServer = { @@ -166,6 +184,7 @@ in services.sing-box = { enable = true; + package = sing-box; settings = ( mkSingConfig ( map (n: { diff --git a/modules/nixos/monitor/default.nix b/modules/nixos/monitor/default.nix index ae366d1..71ec05e 100644 --- a/modules/nixos/monitor/default.nix +++ b/modules/nixos/monitor/default.nix @@ -57,6 +57,13 @@ in default = "${config.networking.hostName}.coho-tet.ts.net"; }; }; + v2ray = { + enable = mkEnableOption "blackbox exporter"; + listenAddress = mkOption { + type = types.str; + default = "${config.networking.hostName}.coho-tet.ts.net"; + }; + }; }; }; }; diff --git a/modules/nixos/monitor/exporters.nix b/modules/nixos/monitor/exporters.nix index e3aa561..56750ef 100644 --- a/modules/nixos/monitor/exporters.nix +++ b/modules/nixos/monitor/exporters.nix @@ -47,6 +47,13 @@ in ); }; + services.prometheus.exporters.v2ray = mkIf cfg.v2ray.enable { + enable = true; + listenAddress = cfg.v2ray.listenAddress; + port = 9516; + v2rayEndpoint = config.services.sing-box.settings.experimental.v2ray_api.listen; + }; + # gotosocial sops.templates."gotosocial_metrics.env" = { content = '' diff --git a/overlays/my-lib/prometheus.nix b/overlays/my-lib/prometheus.nix index 3642d55..c79f131 100644 --- a/overlays/my-lib/prometheus.nix +++ b/overlays/my-lib/prometheus.nix @@ -28,6 +28,36 @@ in ) ); + mkV2rayScrapes = targets: [ + { + job_name = "v2ray-exporter"; + scheme = "http"; + static_configs = map ( + { + address, + port ? 9516, + }: + { + targets = [ "${address}${mkPort port}" ]; + } + ) targets; + } + { + job_name = "singbox_stat"; + scheme = "http"; + metrics_path = "/scrape"; + static_configs = map ( + { + address, + port ? 9516, + }: + { + targets = [ "${address}${mkPort port}" ]; + } + ) targets; + } + ]; + mkCaddyScrapes = targets: [ { job_name = "caddy"; From 2f31395fb3cf8bb4434db1da067355fd8155895d Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 10 Dec 2024 12:41:17 +0800 Subject: [PATCH 5/7] home/xin: add modern unix tools and alias --- home/xin/common/default.nix | 8 +++----- home/xin/common/modern-unix.nix | 17 +++++++++++++++++ modules/home-manager/fish.nix | 4 ++++ modules/home-manager/git.nix | 9 +++++++-- 4 files changed, 31 insertions(+), 7 deletions(-) create mode 100644 home/xin/common/modern-unix.nix diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index 8fbf3bb..728dd93 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -5,13 +5,12 @@ ... }: { - imports = [ ]; + imports = [ + ./modern-unix.nix + ]; home.packages = with pkgs; [ dig - du-dust # du + rust - zoxide # autojumper - ripgrep file man-pages unar @@ -19,7 +18,6 @@ wget tmux ffmpeg - tealdeer rclone wl-clipboard diff --git a/home/xin/common/modern-unix.nix b/home/xin/common/modern-unix.nix new file mode 100644 index 0000000..298fae2 --- /dev/null +++ b/home/xin/common/modern-unix.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + httpie + curlie + bat + htop + procs + rust-parallel + jq + fd + du-dust # du + rust + zoxide # autojumper + ripgrep + tealdeer + ]; +} diff --git a/modules/home-manager/fish.nix b/modules/home-manager/fish.nix index 4d265d5..1b9f626 100644 --- a/modules/home-manager/fish.nix +++ b/modules/home-manager/fish.nix @@ -91,6 +91,10 @@ in ${pkgs.comma}/bin/comma $argv end set -gx LS_COLORS (${lib.getExe pkgs.vivid} generate catppuccin-mocha) + alias ctlsp="systemctl stop" + alias ctlst="systemctl start" + alias ctlrt="systemctl restart" + alias ctls="systemctl status" '' else ""; diff --git a/modules/home-manager/git.nix b/modules/home-manager/git.nix index d28eb50..56bc382 100644 --- a/modules/home-manager/git.nix +++ b/modules/home-manager/git.nix @@ -25,8 +25,9 @@ in }; }; }; - config = { - programs.git = mkIf cfg.enable { + config = mkIf cfg.enable { + home.packages = [ pkgs.git-absorb ]; + programs.git = { enable = true; delta.enable = true; userName = "Xinyang Li"; @@ -42,6 +43,10 @@ in signByDefault = true; key = cfg.signing.keyFile; }; + extraConfig.absorb = { + oneFixupPerCommit = true; + maxStack = 20; + }; extraConfig.user = mkIf cfg.signing.enable { signingkey = cfg.signing.keyFile; }; extraConfig.gpg = mkIf cfg.signing.enable { format = "ssh"; }; }; From 6c04a968e8dd941e20858e089e271495f0aa3ab4 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 10 Dec 2024 12:42:12 +0800 Subject: [PATCH 6/7] calcite: revert seperate home-manager --- flake.nix | 2 +- machines/calcite/configuration.nix | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index c3c5982..4586658 100644 --- a/flake.nix +++ b/flake.nix @@ -114,7 +114,7 @@ nur.nixosModules.nur catppuccin.nixosModules.catppuccin machines/calcite/configuration.nix - # (mkHome "xin" "calcite") + (mkHome "xin" "calcite") ]; hk-00 = [ ./machines/dolomite/claw.nix diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 2e99cbd..4808a1f 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -16,7 +16,7 @@ in ]; commonSettings = { - auth.enable = true; + # auth.enable = true; nix = { signing.enable = true; }; @@ -304,8 +304,13 @@ in config.nur.repos.linyinfeng.wemeet virt-manager + wineWowPackages.waylandFull + winetricks ]; + services.esphome.enable = true; + users.groups.dialout.members = [ "xin" ]; + system.stateVersion = "22.05"; system.switch.enable = false; From 273c0932b170eb5786c72ce0b2575082b82ba606 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 10 Dec 2024 14:13:44 +0800 Subject: [PATCH 7/7] bump version --- flake.lock | 117 ++++++++++++++++++++++------- flake.nix | 1 - machines/calcite/configuration.nix | 2 +- 3 files changed, 91 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index e45132d..f46f16e 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ ] }, "locked": { - "lastModified": 1732988076, - "narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -167,6 +167,27 @@ "type": "github" } }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -281,11 +302,11 @@ ] }, "locked": { - "lastModified": 1733085484, - "narHash": "sha256-dVmNuUajnU18oHzBQWZm1BQtANCHaqNuxTHZQ+GN0r8=", + "lastModified": 1733754861, + "narHash": "sha256-3JKzIou54yjiMVmvgdJwopekEvZxX3JDT8DpKZs4oXY=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1fee8d4a60b89cae12b288ba9dbc608ff298163", + "rev": "9ebaa80a227eaca9c87c53ed515ade013bc2bca9", "type": "github" }, "original": { @@ -418,11 +439,11 @@ ] }, "locked": { - "lastModified": 1733024876, - "narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=", + "lastModified": 1733629314, + "narHash": "sha256-U0vivjQFAwjNDYt49Krevs1murX9hKBFe2Ye0cHpgbU=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "6e0b7f81367069589a480b91603a10bcf71f3103", + "rev": "f1e477a7dd11e27e7f98b646349cd66bbabf2fb8", "type": "github" }, "original": { @@ -442,11 +463,11 @@ ] }, "locked": { - "lastModified": 1733104664, - "narHash": "sha256-UhlyYYO84s36aSj0/xZdclY6CgwJSWPYtTHTOBuHodM=", + "lastModified": 1733795858, + "narHash": "sha256-K595Q2PrZv2iiumdBkwM2G456T2lKsLD71bn/fbJiQ0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e3a9b717e8327886d4ab6115f6989f4d1ef44e51", + "rev": "66ced222ef9235f90dbdd754ede3d6476722aaa9", "type": "github" }, "original": { @@ -457,11 +478,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733066523, - "narHash": "sha256-aQorWITXZu7b095UwnpUvcGt9dNJie/GO9r4hZfe2sU=", + "lastModified": 1733481457, + "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fe01780d356d70fd119a19277bff71d3e78dad00", + "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", "type": "github" }, "original": { @@ -501,11 +522,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1733016324, - "narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=", + "lastModified": 1733730953, + "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6", + "rev": "7109b680d161993918b0a126f38bc39763e5a709", "type": "github" }, "original": { @@ -517,11 +538,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1733128666, - "narHash": "sha256-JOIhbU0EPRXwFv1wCXGTkUZ9KnIcLxChvCqeV9hh63U=", + "lastModified": 1733805440, + "narHash": "sha256-AQdCeGt3dMV9/cchlWGMcP0Z8qM47V+B0p7cSRr+HhA=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "6273ca0a0fd51ac708a71e380c0cda97a72bbb07", + "rev": "61b1078fca3a097ce06ada68a6f2766347eed02c", "type": "github" }, "original": { @@ -531,6 +552,22 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1733581040, + "narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", @@ -558,12 +595,17 @@ } }, "nur": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_3", + "treefmt-nix": "treefmt-nix_2" + }, "locked": { - "lastModified": 1733125101, - "narHash": "sha256-C8f6ekiZ4kP84JWLDrMigvnSK6RXQoxLEDoteXMx1yc=", + "lastModified": 1733805328, + "narHash": "sha256-5F49/mOzFb40uUZh71uNr7kBXjDCw5ZfHMbpZjjUVBQ=", "owner": "nix-community", "repo": "NUR", - "rev": "1844924bf1e7e5a98198eca17b6c27cc9a363b05", + "rev": "b54fa3d8c020e077d88be036a12a711b84fe2031", "type": "github" }, "original": { @@ -620,11 +662,11 @@ ] }, "locked": { - "lastModified": 1733128155, - "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", + "lastModified": 1733785344, + "narHash": "sha256-pm4cfEcPXripE36PYCl0A2Tu5ruwHEvTee+HzNk+SQE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", + "rev": "a80af8929781b5fe92ddb8ae52e9027fae780d2a", "type": "github" }, "original": { @@ -700,6 +742,27 @@ "repo": "treefmt-nix", "type": "github" } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4586658..d01cdba 100644 --- a/flake.nix +++ b/flake.nix @@ -111,7 +111,6 @@ nodeNixosModules = { calcite = [ nixos-hardware.nixosModules.asus-zephyrus-ga401 - nur.nixosModules.nur catppuccin.nixosModules.catppuccin machines/calcite/configuration.nix (mkHome "xin" "calcite") diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 4808a1f..c5afb73 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -301,7 +301,7 @@ in zotero # onlyoffice-bin - config.nur.repos.linyinfeng.wemeet + wemeet virt-manager wineWowPackages.waylandFull