From 2ce1e1a65e214996732046bfe3f37d4a32e722c3 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 11 Jun 2024 18:18:07 +0800 Subject: [PATCH] calcite: switch to btrfs root --- machines/calcite/configuration.nix | 39 ++++++++------------- machines/calcite/hardware-configuration.nix | 8 +++-- machines/calcite/network.nix | 5 ++- machines/calcite/secrets.yaml | 6 ++-- 4 files changed, 28 insertions(+), 30 deletions(-) diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index c31ce3e..d53496a 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -66,11 +66,6 @@ LC_TIME = "en_US.utf8"; }; - i18n.inputMethod = { - enabled = "fcitx5"; - fcitx5.addons = with pkgs; [ fcitx5-rime ]; - }; - # Enable the X11 windowing system. services.xserver.enable = true; @@ -78,6 +73,7 @@ services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; + # Configure keymap in X11 services.xserver = { xkb.layout = "us"; @@ -132,8 +128,8 @@ }; # Enable automatic login for the user. - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "xin"; + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "xin"; # Smart services services.smartd.enable = true; @@ -145,10 +141,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1w" - # For wechat-uos - "electron-19.1.9" - "electron-25.9.0" ]; # List packages installed in system profile. To search, run: # $ nix search wget @@ -157,10 +149,6 @@ owncloud-client nfs-utils - winetricks - wineWowPackages.waylandFull - faudio - # tesseract5 # ocr ocrmypdf # pdfocr @@ -174,6 +162,7 @@ requests numpy pyyaml + setuptools ]; python-with-my-packages = python3.withPackages my-python-packages; in @@ -185,9 +174,11 @@ # Gnome tweaks gnomeExtensions.paperwm gnomeExtensions.search-light - gnomeExtensions.tray-icons-reloaded + gnomeExtensions.appindicator gnome.gnome-tweaks gnome.gnome-themes-extra + gnome.gnome-remote-desktop + bibata-cursors gthumb oculante @@ -195,29 +186,29 @@ vlc obs-studio spotify - - rawtherapee - digikam - # IM element-desktop tdesktop qq - wechat-uos # Password manager bitwarden # Browser firefox - chromium + (chromium.override { + commandLineArgs = [ + "--ozone-platform-hint=auto" + "--enable-wayland-ime" + ]; + }) brave # Writting - obsidian zotero - onlyoffice-bin + # onlyoffice-bin wpsoffice + zed-editor config.nur.repos.linyinfeng.wemeet diff --git a/machines/calcite/hardware-configuration.nix b/machines/calcite/hardware-configuration.nix index 9ebd38d..94415af 100644 --- a/machines/calcite/hardware-configuration.nix +++ b/machines/calcite/hardware-configuration.nix @@ -10,12 +10,16 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" ]; boot.initrd.kernelModules = [ ]; + boot.initrd.luks.devices.cryptroot = { + device = "/dev/disk/by-uuid/5a51f623-6fbd-4843-9f83-c895067e8e7d"; + }; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "ext4"; + { # device = "/dev/disk/by-label/NIXROOT"; + device = "/dev/mapper/cryptroot"; + fsType = "btrfs"; }; fileSystems."/boot/efi" = diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index e439899..94a7e71 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -19,8 +19,11 @@ services.tailscale.enable = true; # services.tailscale.useRoutingFeatures = "both"; + services.dae.enable = true; + services.dae.configFile = "/var/lib/dae/config.dae"; + custom.sing-box = { - enable = true; + enable = false; configFile = { urlFile = config.sops.secrets.sing_box_url.path; hash = "6ca5bc8a16f8c413227690aceeee2c12c02cab09473c216b849af1e854b98588"; diff --git a/machines/calcite/secrets.yaml b/machines/calcite/secrets.yaml index 80381ef..780f6cb 100644 --- a/machines/calcite/secrets.yaml +++ b/machines/calcite/secrets.yaml @@ -1,7 +1,7 @@ restic_repo_calcite_password: ENC[AES256_GCM,data:9ALTQULAMyLY4FIxuVztf9r3,iv:fObBBeqpHAVYl8YUopz9fZd3YWB+0sc8l+sR12rmxb4=,tag:l3xDc2/cpQr38X/cd7qMXA==,type:str] restic_repo_calcite: ENC[AES256_GCM,data:+m9cjMXrZoCPg/S+/wV4WFBmg6pbFpqJ7JOdwOX0Z37bgoQXh4wcVPKK3CLd7G/iQjpO8SXaqJ1/d8r4Ydk21Gp1WqkB8g==,iv:DweDUujXp6i5XwwxeFjUsLDOJQJlRIT6GKPPxABNWiY=,tag:hdBHIjAcDQ1Ky/8hIv3+Ow==,type:str] sing_box_url: ENC[AES256_GCM,data:2z2bDKdn51o1eaqhgE0pTg4FWcO8wcLNlnBZ69Q3Jm5GCxkXxsxN7DgqQvRVeakOHvaenQotF+nc6tlhKPsyzdQeG0yl3YYhGb9o3DkmpUjC6lalMSoiw1rSMVyBg4KYCWxmhR9iRurun62+5INGZwwHVqAjgWJhy/9+pdIFtgKyd/t0JhSU,iv:gIGbvRd88vZu3cVW7e4emZmmNO8QcubLrxS1sCwi4Co=,tag:AzLLtcA9jAbeuo6eWU6ilw==,type:str] -gitea_env: ENC[AES256_GCM,data:hENSYBo2Zp9s+dVv9CHkf1kDqa+AU5XQFUWfww/rwGqFeZW0aouHMSxdW7ORU2o=,iv:KmqU1VnZ6LeIflBJ2hyTvLDPN/CSdqyBd2600xIVSNQ=,tag:DkwVTLuYJG6kEzl5dyV8pw==,type:str] +gitea_env: ENC[AES256_GCM,data:ShKKQWSiIkQ4uaWBhN5uB3xSu/8u8LkDjZeFi3G5BZUj7Vy4hoMweyUXyMf7w9A=,iv:JK6NgIJlU8G7G/LrZtNyGC4K9jblImFXnzhUMdkFbUw=,tag:PYeafqgXaSpDNJ0oIENW4A==,type:str] sops: kms: [] gcp_kms: [] @@ -26,8 +26,8 @@ sops: WGlLdXVoZlp3bEFXZjlMdG1VOUZDNUkKQ2NNTE3OsNUr2pOI7qeNFSCVkUIVRS+g FG5FbJJcFihXqr+Qo0nZkq+xq07vIia7mKoqyoIfkKwweiVzDKyrkQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-25T13:44:27Z" - mac: ENC[AES256_GCM,data:RPm7Y6R19Ygs2tptgQNap4AMZ2PgRwigGXVMpNcBT94L1YJoSGaJUDwukqHuzHGPvOqMZaEMIlorWQ5Ou7MSVhWZE2V8IsRCC5IWqcFI1FQjKc9WcImuIXPILKwCX+ScWrzbSmV0iYWxbeXTPU77pW4kAB7n4w/9CZfMP8BJcOw=,iv:sS0ttKYmaulWAY99awyBGCNpGxg8F0QCxeVmI2LbvP8=,tag:Av8VRPEmyeVV31S59sfPYA==,type:str] + lastmodified: "2024-04-05T04:32:32Z" + mac: ENC[AES256_GCM,data:esdTvjxnVP5t721ROLvMCvHMAkcpEFgTzHIQNyEkEaL1DKYDOJKFjufPPXDiEBX8+ni9RGYL4QHuDxlh89p0HAFHb3XCkE639NyHr6MD/DzFHbenaMJXEcWy/RSoWqroyHJA8XL7ymBGeDH7ERqyQaxc3oG653V/Uq5+/a++HQI=,iv:QvSee/Wes5RygpoCOJpVuatj+xij8EPUBayE1yUWM3g=,tag:8Un2qrflqAFB0iWz2Evi5Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1