From df20c486e746d6c0c5fdc7ca99c84dadf8b4fd16 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Sat, 23 Sep 2023 01:12:38 +0800 Subject: [PATCH 1/6] calcite: bump version, drop steam, drop opengl32 --- flake.lock | 60 ++++++++++----------- flake.nix | 4 +- home/xin/common/default.nix | 3 +- machines/calcite/configuration.nix | 14 ++--- machines/calcite/hardware-configuration.nix | 4 ++ machines/calcite/network.nix | 7 ++- machines/clash.nix | 5 -- machines/sops.nix | 8 ++- 8 files changed, 49 insertions(+), 56 deletions(-) diff --git a/flake.lock b/flake.lock index 62d175d..81619de 100644 --- a/flake.lock +++ b/flake.lock @@ -21,11 +21,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1689891262, - "narHash": "sha256-Pc4wDczbdgd6QXKJIXprgxe7L9AVDsoAkMnvm5vmpUU=", + "lastModified": 1695224363, + "narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=", "owner": "nix-community", "repo": "home-manager", - "rev": "ee5673246de0254186e469935909e821b8f4ec15", + "rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00", "type": "github" }, "original": { @@ -94,11 +94,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1689903271, - "narHash": "sha256-t3CPQ3afi5fUbY/I4nldZgsUMO9/17UwIC9XPiD0ybs=", + "lastModified": 1695345913, + "narHash": "sha256-TkCmI8cLQ02HW9jW2HEquQZ1u1ljeOlEFMU+9PS2tLg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2064829219ef11822e539664ba975fdf443bbe7b", + "rev": "8f30a4bcd475bff9f23097e4450754ec068523b2", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1689320556, - "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", + "lastModified": 1695109627, + "narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d4ea64f2063820120c05f6ba93ee02e6d4671d6b", + "rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a", "type": "github" }, "original": { @@ -162,11 +162,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1689885880, - "narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=", + "lastModified": 1695272228, + "narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0", + "rev": "55ac2a9d2024f15c56adf20da505b29659911da8", "type": "github" }, "original": { @@ -178,11 +178,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1689473667, - "narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=", + "lastModified": 1694908564, + "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6", + "rev": "596611941a74be176b98aeba9328aa9d01b8b322", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1689940971, - "narHash": "sha256-397xShPnFqPC59Bmpo3lS+/Aw0yoDRMACGo1+h2VJMo=", + "lastModified": 1695145219, + "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9ca785644d067445a4aa749902b29ccef61f7476", + "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1689413807, - "narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=", + "lastModified": 1694760568, + "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46ed466081b9cad1125b11f11a2af5cc40b942c7", + "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nur": { "locked": { - "lastModified": 1689986542, - "narHash": "sha256-nfAoJhHAeOM+G2E4qzE3E8vtt5VH14bq9u7a9wxTR1c=", + "lastModified": 1695395799, + "narHash": "sha256-D/SfJk+w2AknDWfR4KX5lEs/1zYtpq814oQfwEpmXC0=", "owner": "nix-community", "repo": "NUR", - "rev": "3d51c81356bd84bfa7b5b2ccb11c36b58b9f5cde", + "rev": "e256049bbaab62633de72dd14be51a8f592d6631", "type": "github" }, "original": { @@ -258,11 +258,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1689534977, - "narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=", + "lastModified": 1695284550, + "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81", + "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 02117ee..4ca0638 100644 --- a/flake.nix +++ b/flake.nix @@ -68,8 +68,8 @@ modules = [ machines/massicot (mkHome "xin" "gold") - ] - } + ]; + }; nixosConfigurations.raspite = mkNixos { system = "aarch64-linux"; diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index da76694..6681fb7 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -9,8 +9,7 @@ nix.settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; - substituters = "https://cache.nixos.org https://mirrors.ustc.edu.cn/nix-channels/store https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://cache.nixos.org/ https://cuda-maintainers.cachix.org"; - trusted-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="; + substituters = "https://mirrors.ustc.edu.cn/nix-channels/store https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"; }; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index a5d45f8..1b1abd4 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -104,9 +104,9 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1u" + "openssl-1.1.1w" # For wechat-uos - "electron-19.0.7" + "electron-19.1.9" ]; # List packages installed in system profile. To search, run: # $ nix search wget @@ -173,8 +173,6 @@ gnome.gnome-tweaks gthumb - steam - # Multimedia vlc obs-studio @@ -208,11 +206,6 @@ ghidra ]; - programs.steam = { - enable = true; - }; - - system.stateVersion = "22.05"; # Use mirror for binary cache @@ -240,7 +233,7 @@ # Fonts fonts = { - fonts = with pkgs; [ + packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" ]; }) noto-fonts noto-fonts-emoji @@ -274,7 +267,6 @@ }; docker = { enable = true; - enableNvidia = true; autoPrune.enable = true; }; }; diff --git a/machines/calcite/hardware-configuration.nix b/machines/calcite/hardware-configuration.nix index 4baf3c7..0bd2426 100644 --- a/machines/calcite/hardware-configuration.nix +++ b/machines/calcite/hardware-configuration.nix @@ -46,4 +46,8 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.opengl = { + enable = true; + driSupport32Bit = false; + }; } diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index 16a1c94..1d9fb88 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -6,8 +6,7 @@ networkmanager = { enable = true; dns = "systemd-resolved"; - # dns = "none"; - + # dns = "resolvconf"; }; }; @@ -16,9 +15,9 @@ extraConfig = '' [Resolve] Domains=~. - DNS=114.114.114.114 1.1.1.1 - DNSOverTLS=opportunistic + DNS=127.0.0.1 ''; + # DNSOverTLS=opportunistic }; # Configure network proxy if necessary diff --git a/machines/clash.nix b/machines/clash.nix index e6c76ca..fc90056 100644 --- a/machines/clash.nix +++ b/machines/clash.nix @@ -1,10 +1,5 @@ { config, lib, pkgs, ... }: { - sops = { - secrets.clash_subscription_link = { - owner = "xin"; - }; - }; systemd.timers."clash-config-update" = { wantedBy = [ "timers.target" ]; diff --git a/machines/sops.nix b/machines/sops.nix index 5c6a079..d3f04f8 100644 --- a/machines/sops.nix +++ b/machines/sops.nix @@ -2,8 +2,12 @@ { sops = { defaultSopsFile = ./secrets.yaml; + # TODO: How to generate this key when bootstrap? age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # age.keyFile = "/var/lib/sops-nix/keys.txt"; - # age.generateKey = true; + secrets = { + clash_subscription_link = { + owner = "xin"; + }; + }; }; } \ No newline at end of file From 356f4e32f117f7a380def25502bd0b0831f327c1 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Tue, 26 Sep 2023 23:32:52 +0800 Subject: [PATCH 2/6] calcite: replace clash with sing-box --- machines/calcite/configuration.nix | 2 +- machines/calcite/network.nix | 32 ++---- machines/clash.nix | 29 ------ machines/dnscrypt.nix | 28 ----- machines/secrets.yaml | 8 +- machines/sing-box.nix | 157 +++++++++++++++++++++++++++++ machines/sops.nix | 6 ++ 7 files changed, 177 insertions(+), 85 deletions(-) delete mode 100644 machines/clash.nix delete mode 100644 machines/dnscrypt.nix create mode 100644 machines/sing-box.nix diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 1b1abd4..b9f6809 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -7,7 +7,6 @@ ./hardware-configuration.nix ./network.nix ../sops.nix - ../clash.nix ]; # Bootloader. @@ -191,6 +190,7 @@ # Browser firefox chromium + brave microsoft-edge # Writting diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index 1d9fb88..3689211 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -1,31 +1,20 @@ { pkgs, ...}: { + imports = [ + ../sing-box.nix + ]; + # Enable networking networking = { networkmanager = { enable = true; dns = "systemd-resolved"; - # dns = "resolvconf"; }; }; services.resolved = { enable = true; - extraConfig = '' - [Resolve] - Domains=~. - DNS=127.0.0.1 - ''; - # DNSOverTLS=opportunistic - }; - - # Configure network proxy if necessary - networking.proxy = { - allProxy = "socks5://127.0.0.1:7891/"; - httpProxy = "http://127.0.0.1:7890/"; - httpsProxy = "http://127.0.0.1:7890/"; - noProxy = "127.0.0.1,localhost,internal.domain,.coho-tet.ts.net"; }; # Enable Tailscale @@ -33,15 +22,15 @@ # services.tailscale.useRoutingFeatures = "both"; # Open ports in the firewall. + networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ ]; networking.firewall.allowedUDPPorts = [ 41641 ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; networking.firewall.trustedInterfaces = [ + "tun0" "tailscale0" ]; - - programs.steam.remotePlay.openFirewall = true; + # Use nftables to manager firewall + networking.nftables.enable = true; # Add gsconnect, open firewall programs.kdeconnect = { @@ -53,9 +42,4 @@ enable = true; package = pkgs.wireshark-qt; }; - - # services.gnome.gnome-remote-desktop.enable = true; - # services.xrdp.enable = true; - # services.xrdp.openFirewall = true; - # services.xrdp.defaultWindowManager = icewm; } diff --git a/machines/clash.nix b/machines/clash.nix deleted file mode 100644 index fc90056..0000000 --- a/machines/clash.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - systemd.timers."clash-config-update" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnUnitActiveSec = "1d"; - Unit = "clash-config-update.service"; - }; - }; - - systemd.services."clash-config-update" = { - script = '' - ${pkgs.curl}/bin/curl $(${pkgs.coreutils}/bin/cat ${config.sops.secrets.clash_subscription_link.path}) > /tmp/config.yaml && mv /tmp/config.yaml /home/xin/.config/clash/ - ''; - serviceConfig = { - Type = "oneshot"; - User= "xin"; - }; - }; - - systemd.services.clash = { - enable = true; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.clash}/bin/clash -d /home/xin/.config/clash"; - }; - -} diff --git a/machines/dnscrypt.nix b/machines/dnscrypt.nix deleted file mode 100644 index 3ecdcb8..0000000 --- a/machines/dnscrypt.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.dnscrypt-proxy2 = { - enable = true; - settings = { - ipv6_servers = false; - require_dnssec = true; - sources = { - public-resolvers = { - urls = [ - "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" - "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" - ]; - cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; - minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; - }; - }; - server_names = [ "cloudflare" "tuna-doh-ipv4" ]; - }; - }; - - networking.networkmanager.dns = "none"; - - # dns - systemd.services.dnscrypt-proxy2.serviceConfig = { - StateDirectory = "dnscrypt-proxy"; - }; -} diff --git a/machines/secrets.yaml b/machines/secrets.yaml index 97a4df9..9006057 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -2,6 +2,8 @@ clash_subscription_link: ENC[AES256_GCM,data:Vwy0c8gOeR1XG/QNp8TGuBe/5kezD7SSStN autofs-nas: ENC[AES256_GCM,data:wcrA2t8/i9PaxA1PQ3CDVJZUhVchGV4vCfa5j/ReNahKV3cfDf2owbpeB827sMpjYyyvSH6nri7mra/BLMAPcgySCpZNAgdR9DQZXAQ=,iv:QJzsS5a6vWeoBxkB13yXdVbyn0tt2QTvqj0LaHn6S2g=,tag:TtgubLgWBBzl67MVal5BvQ==,type:str] autofs-nas-secret: ENC[AES256_GCM,data:OBh8h5CFv1Z4G6bMesna4zmXNASKhYdjFBvg47T9aKBCLDp/xVWnnQj8N7AFGg49wJ+0gYuqb33lIqpSnQ==,iv:UCaGeE8j4RqJzA0xhu3oB2xvzombzQD3fjLKCWd5fDg=,tag:+Oc78ddpLH7R2aT7gW3Ouw==,type:str] github_public_token: ENC[AES256_GCM,data:SYj6F8jXhAvpYgPllyJca4cdekp52ayYPndCaGtg9GFLBAVt1Y+d2Q07l/zGFlcLXDTE4FI9kAHVzpXchZlfCWcjJGJ/gCHr306s0zoaa5zVfAsfQaLmkYNvYBuOu8WHifsL3RNvkQrx4xWiH5KlCbrKelAsUaoj,iv:/bYv5+PtVcqNKgrOy8ojY09GtS0+U1W8JI34CcBeoHE=,tag:Xsh6XOVrn06RQL6s1ze4PA==,type:str] +singbox_domain: ENC[AES256_GCM,data:26WBV6F6JsdR81BzFbeFA0c8,iv:SRkEJdAxH/0in5oq7kCz6sBeMQzjDcV9242SqwFwMis=,tag:u6sn2Xs3Pwsmo8xwAfObCA==,type:str] +singbox_password: ENC[AES256_GCM,data:yEDny7bjaUpCoo0fXInfi/6phc6na4tJFwJhsW1yprn+Xm/x,iv:I+lmPWGdCOhpxL5tzfBR4KtIR3Bl5ECrBD95gUkwL+Y=,tag:OPzAxS7K5QQ6xEYFQ5gy4A==,type:str] sops: kms: [] gcp_kms: [] @@ -35,8 +37,8 @@ sops: dWVDd2VSd213NmpYdDcvNUZXTHdzSDgKj68TLxSYYExtGg/hyuAiPqmdXPGIWzou DnCdBitTPPswI+BVwYufnGmHdt8xz5nofBxACWg/bS3NUTGFcnIPWQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-22T02:00:48Z" - mac: ENC[AES256_GCM,data:DXQaCRuD4trEjIFvVAGF3/F/AiUcIOKGmqKKF/S7tJ51ZGXIh64g7vXZhZC22UxGs2pYU/gQOfA58cSxrHav0hmA0KbidLGA2ySRzVCSP3IH2jLx9KXdYv6SIS5I3MRMUqf7ZH+5rtdjTrrYBDWZrDzB9T7naMn1BujMqi+SwsU=,iv:QrFcEz7sxC0kbRtFr45cUaT4VosFq5ICtF3HOZ3If9I=,tag:Ste0v4xcONasn182R2ZyFw==,type:str] + lastmodified: "2023-09-26T15:10:12Z" + mac: ENC[AES256_GCM,data:R1y2LCVbIcJ4hHLrgRT+H45jdSPUIE8uuW1EoJattnciLExlpZzNtuUxV6yVUKoUxh/Bdl4gUwRP6YINegMflUJIlby9vUyDTVAwzFpk5p4Ev0YF/X8ZgXcerwOZjEkHqekqEtDjEsnOt2U41XsXOzQsFXkmWl/aBRlxGYiTHcU=,iv:jFM3EKnTIJbBP1FHw3t7Q1+NvGIQYWtVCV+4Z9snPIQ=,tag:NkdeGL6IFA0iQoUqWmPZgw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/machines/sing-box.nix b/machines/sing-box.nix new file mode 100644 index 0000000..c77aefc --- /dev/null +++ b/machines/sing-box.nix @@ -0,0 +1,157 @@ +{ config, lib, pkgs, ... }: +let + server = { + _secret = config.sops.secrets.singbox_domain.path; + }; + password = { + _secret = config.sops.secrets.singbox_password.path; + }; + uuid = { + _secret = config.sops.secrets.singbox_password.path; + }; +in +{ + services.sing-box = { + enable = true; + settings = { + log = { level = "warning"; }; + experimental = { + clash_api = { + external_controller = "127.0.0.1:9090"; + store_selected = true; + external_ui = "${config.nur.repos.linyinfeng.yacd}"; + }; + }; + dns = { + rules = [ + { + disable_cache = true; + geosite = "category-ads-all"; + server = "_dns_block"; + } + { + geosite = "cn"; + server = "_dns_doh_mainland"; + } + { + domain_suffix = "tiktokuu.xyz"; + server = "_dns_doh_mainland"; + } + ]; + servers = [ + { + address = "https://cloudflare-dns.com/dns-query"; + address_strategy = "prefer_ipv4"; + address_resolver = "_dns_doh_mainland"; + detour = "_proxy_select"; + tag = "_dns_global"; + } + { + address = "119.29.29.29"; + detour = "direct"; + tag = "_dns_udp_mainland"; + } + { + address = "https://doh.pub/dns-query"; + address_resolver = "_dns_udp_mainland"; + detour = "direct"; + tag = "_dns_doh_mainland"; + } + { + address = "rcode://success"; + tag = "_dns_block"; + } + ]; + strategy = "prefer_ipv4"; + final = "_dns_global"; + disable_cache = false; + }; + inbounds = [ + { + type = "mixed"; + tag = "mixed-in"; + listen = "127.0.0.1"; + listen_port = 7891; + } + { + type = "tun"; + tag = "tun-in"; + auto_route = true; + strict_route = false; + inet4_address = "172.19.0.1/30"; + sniff = true; + } + ]; + route = { + auto_detect_interface = true; + final = "_proxy_select"; + rules = [ + { outbound = "dns-out"; protocol = "dns"; } + { + geoip = "cn"; + geosite = "cn"; + outbound = "direct"; + } + { geoip = "private"; outbound = "direct"; } + { + geosite = "cn"; + geoip = "cn"; + invert = true; + outbound = "_proxy_select"; + } + ]; + }; + outbounds = [ + { default = "auto"; outbounds = [ "auto" "direct" "block"]; tag = "_proxy_select"; type = "selector"; } + { interval = "1m0s"; outbounds = [ "香港SS-01" "香港SS-02" "香港SS-03" "香港SS-04" "日本SS-01" "日本SS-02" "日本SS-03" "美国SS-01" "美国SS-02" "美国SS-03" "台湾SS-01" "台湾SS-02" "台湾SS-03" "台湾SS-04" "香港中继1" "香港中继2" "香港中继3" "香港中继4" "香港中继5" "香港中继6" "香港中继7" "香港中继8" "日本中继1" "日本中继2" "日本中继3" "日本中继4" "美国中继1" "美国中继2" "美国中继3" "美国中继4" "美国中继5" "美国中继6" "美国中继7" "美国中继8" "新加坡中继1" "新加坡中继2" "台湾中继1" "台湾中继2" "台湾中继3" "台湾中继4" "台湾中继5" "台湾中继6" "韩国中继1" "韩国中继2" ]; tag = "auto"; tolerance = 300; type = "urltest"; url = "http://www.gstatic.com/generate_204"; } + { tag = "direct"; type = "direct"; } + { tag = "block"; type = "block"; } + { tag = "dns-out"; type = "dns"; } + { inherit server password; method = "aes-128-gcm"; server_port = 12001; tag = "香港SS-01"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12002; tag = "香港SS-02"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12003; tag = "香港SS-03"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12004; tag = "香港SS-04"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12011; tag = "日本SS-01"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12012; tag = "日本SS-02"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12013; tag = "日本SS-03"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12021; tag = "美国SS-01"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12022; tag = "美国SS-02"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12023; tag = "美国SS-03"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12031; tag = "台湾SS-01"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12032; tag = "台湾SS-02"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12033; tag = "台湾SS-03"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server password; method = "aes-128-gcm"; server_port = 12034; tag = "台湾SS-04"; type = "shadowsocks"; udp_over_tcp = false; } + { inherit server uuid; security = "auto"; server_port = 1201; tag = "香港中继1"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1202; tag = "香港中继2"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1203; tag = "香港中继3"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1204; tag = "香港中继4"; transport = { path = "/"; type = "ws"; }; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1205; tag = "香港中继5"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1206; tag = "香港中继6"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1207; tag = "香港中继7"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1208; tag = "香港中继8"; transport = { path = "/"; type = "ws"; }; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1211; tag = "日本中继1"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1212; tag = "日本中继2"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1213; tag = "日本中继3"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1214; tag = "日本中继4"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1231; tag = "美国中继1"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1232; tag = "美国中继2"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1233; tag = "美国中继3"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1234; tag = "美国中继4"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1235; tag = "美国中继5"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1236; tag = "美国中继6"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1237; tag = "美国中继7"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1238; tag = "美国中继8"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1241; tag = "新加坡中继1"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1242; tag = "新加坡中继2"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1261; tag = "台湾中继1"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1262; tag = "台湾中继2"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1263; tag = "台湾中继3"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1264; tag = "台湾中继4"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1265; tag = "台湾中继5"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1266; tag = "台湾中继6"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1251; tag = "韩国中继1"; type = "vmess"; } + { inherit server uuid; security = "auto"; server_port = 1252; tag = "韩国中继2"; type = "vmess"; } + ]; + }; + }; +} diff --git a/machines/sops.nix b/machines/sops.nix index d3f04f8..f2b93f3 100644 --- a/machines/sops.nix +++ b/machines/sops.nix @@ -8,6 +8,12 @@ clash_subscription_link = { owner = "xin"; }; + singbox_password = { + owner = "xin"; + }; + singbox_domain = { + owner = "xin"; + }; }; }; } \ No newline at end of file From 7c447b4872be05cbf887c1e3d829ebb0d820e328 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Wed, 27 Sep 2023 02:32:27 +0800 Subject: [PATCH 3/6] calcite: add microsoft intune service --- flake.lock | 64 ++++++++++++------------------ flake.nix | 20 +++++----- machines/calcite/configuration.nix | 2 + 3 files changed, 38 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 81619de..a242d44 100644 --- a/flake.lock +++ b/flake.lock @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1695224363, - "narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=", + "lastModified": 1695738267, + "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=", "owner": "nix-community", "repo": "home-manager", - "rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00", + "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486", "type": "github" }, "original": { @@ -91,14 +91,16 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1695345913, - "narHash": "sha256-TkCmI8cLQ02HW9jW2HEquQZ1u1ljeOlEFMU+9PS2tLg=", + "lastModified": 1695691129, + "narHash": "sha256-tUbgZOgmR/9vh4yvW3Bw6Xd+1f4DDcEI/EoqbO0SOuI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "8f30a4bcd475bff9f23097e4450754ec068523b2", + "rev": "bd2d4d8c383ca5236a174742ef2d8d42307de40f", "type": "github" }, "original": { @@ -130,11 +132,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1695109627, - "narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=", + "lastModified": 1695541019, + "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a", + "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", "type": "github" }, "original": { @@ -146,15 +148,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1684570954, - "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", - "owner": "NixOS", + "lastModified": 1695750249, + "narHash": "sha256-uE7t9hJwa6ngwWvOiQxVpWRX8iOWgiU7+STXbTFttMI=", + "owner": "xinyangli", "repo": "nixpkgs", - "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", + "rev": "0e6469c77887662764a5e65808641b1ecf6d106c", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "xinyangli", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -162,11 +164,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1695272228, - "narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=", + "lastModified": 1695559356, + "narHash": "sha256-kXZ1pUoImD9OEbPCwpTz4tHsNTr4CIyIfXb3ocuR8sI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "55ac2a9d2024f15c56adf20da505b29659911da8", + "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0", "type": "github" }, "original": { @@ -193,22 +195,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1695145219, - "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1694760568, "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", @@ -226,11 +212,11 @@ }, "nur": { "locked": { - "lastModified": 1695395799, - "narHash": "sha256-D/SfJk+w2AknDWfR4KX5lEs/1zYtpq814oQfwEpmXC0=", + "lastModified": 1695750428, + "narHash": "sha256-IAT2N9tmdV6Rp2UYQsF/dv7d6iUsgmW9OtPa8D6TzAQ=", "owner": "nix-community", "repo": "NUR", - "rev": "e256049bbaab62633de72dd14be51a8f592d6631", + "rev": "e0da1a7ac4f93eec44939d6f75eaa5b7242a179f", "type": "github" }, "original": { @@ -246,7 +232,7 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-cn": "nixos-cn", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", "sops-nix": "sops-nix" @@ -254,7 +240,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { diff --git a/flake.nix b/flake.nix index 4ca0638..7153504 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { inputs = { # Pin nixpkgs to a specific commit - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:xinyangli/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.05"; home-manager = { @@ -9,20 +9,22 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixos-cn = { + url = "github:nixos-cn/flakes"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nur.url = "github:nix-community/NUR"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - nixos-cn = { - url = "github:nixos-cn/flakes"; - # Use the same nixpkgs - inputs.nixpkgs.follows = "nixpkgs"; - }; - sops-nix.url = "github:Mic92/sops-nix"; - nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; - flake-utils.url = "github:numtide/flake-utils"; }; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index b9f6809..4977976 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -100,6 +100,8 @@ systemd.services."getty@tty1".enable = false; systemd.services."autovt@tty1".enable = false; + services.intune.enable = true; + # Allow unfree packages nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ From 4a8df3675e40107689dbca91522b39c466f14a00 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Thu, 28 Sep 2023 19:16:45 +0800 Subject: [PATCH 4/6] calcite: add emulatex aarch64 support --- home/xin/common/default.nix | 1 + machines/calcite/configuration.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index 6681fb7..a4ee121 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -17,6 +17,7 @@ dig du-dust # du + rust zoxide # autojumper + ripgrep file man-pages unar diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 4977976..7fdab31 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -16,6 +16,7 @@ # boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ]; boot.supportedFilesystems = [ "ntfs" ]; + boot.binfmt.emulatedSystems = ["aarch64-linux"]; networking.hostName = "calcite"; From c804a493c29dbf45704de1e3e203c638a22f7f34 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Sat, 18 Nov 2023 22:13:22 +0800 Subject: [PATCH 5/6] calcite: bump version --- flake.lock | 58 ++++++++++++++++++------------------- flake.nix | 2 +- home/xin/common/default.nix | 1 - machines/secrets.yaml | 6 ++-- machines/sing-box.nix | 2 +- 5 files changed, 34 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index a242d44..a84647f 100644 --- a/flake.lock +++ b/flake.lock @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1695738267, - "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=", + "lastModified": 1700087144, + "narHash": "sha256-LJP1RW0hKNWmv2yRhnjkUptMXInKpn/rV6V6ofuZkHU=", "owner": "nix-community", "repo": "home-manager", - "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486", + "rev": "ab1459a1fb646c40419c732d05ec0bf2416d4506", "type": "github" }, "original": { @@ -96,11 +96,11 @@ ] }, "locked": { - "lastModified": 1695691129, - "narHash": "sha256-tUbgZOgmR/9vh4yvW3Bw6Xd+1f4DDcEI/EoqbO0SOuI=", + "lastModified": 1700097605, + "narHash": "sha256-nVqtih7bV5zso/y8tCSYwqmkEdMDU6R5NBb8D7w5mEY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "bd2d4d8c383ca5236a174742ef2d8d42307de40f", + "rev": "4192069cbb3f98b114e6f0bc0e7e4720c6c98c09", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1695541019, - "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", + "lastModified": 1699997707, + "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", + "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9", "type": "github" }, "original": { @@ -148,15 +148,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695750249, - "narHash": "sha256-uE7t9hJwa6ngwWvOiQxVpWRX8iOWgiU7+STXbTFttMI=", - "owner": "xinyangli", + "lastModified": 1699781429, + "narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "0e6469c77887662764a5e65808641b1ecf6d106c", + "rev": "e44462d6021bfe23dfb24b775cc7c390844f773d", "type": "github" }, "original": { - "owner": "xinyangli", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -164,11 +164,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1695559356, - "narHash": "sha256-kXZ1pUoImD9OEbPCwpTz4tHsNTr4CIyIfXb3ocuR8sI=", + "lastModified": 1699994397, + "narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0", + "rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1694908564, - "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=", + "lastModified": 1699756042, + "narHash": "sha256-bHHjQQBsEPOxLL+klYU2lYshDnnWY12SewzQ7n5ab2M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "596611941a74be176b98aeba9328aa9d01b8b322", + "rev": "9502d0245983bb233da8083b55d60d96fd3c29ff", "type": "github" }, "original": { @@ -196,11 +196,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1694760568, - "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", + "lastModified": 1699374756, + "narHash": "sha256-X21OIoVcJejN9JKoLuoZSx3ZZkMh/iSpJ+GGrSNQyGU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", + "rev": "9b92dad3804b543a8b5db878aabf7132d601fa91", "type": "github" }, "original": { @@ -212,11 +212,11 @@ }, "nur": { "locked": { - "lastModified": 1695750428, - "narHash": "sha256-IAT2N9tmdV6Rp2UYQsF/dv7d6iUsgmW9OtPa8D6TzAQ=", + "lastModified": 1700127871, + "narHash": "sha256-Vc+CZ/Ev/MhzYdKGIX/qp8GGiKfztvfL6bJZSW2m6zE=", "owner": "nix-community", "repo": "NUR", - "rev": "e0da1a7ac4f93eec44939d6f75eaa5b7242a179f", + "rev": "7cf29aef2e074a1ad6c12a196f3e4a140837f33f", "type": "github" }, "original": { @@ -244,11 +244,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1695284550, - "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", + "lastModified": 1699951338, + "narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", + "rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7153504..3865656 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { inputs = { # Pin nixpkgs to a specific commit - nixpkgs.url = "github:xinyangli/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.05"; home-manager = { diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index a4ee121..e461b9c 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -28,7 +28,6 @@ tealdeer neofetch rclone - clash inetutils ]; diff --git a/machines/secrets.yaml b/machines/secrets.yaml index 9006057..a6c2d77 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -2,7 +2,7 @@ clash_subscription_link: ENC[AES256_GCM,data:Vwy0c8gOeR1XG/QNp8TGuBe/5kezD7SSStN autofs-nas: ENC[AES256_GCM,data:wcrA2t8/i9PaxA1PQ3CDVJZUhVchGV4vCfa5j/ReNahKV3cfDf2owbpeB827sMpjYyyvSH6nri7mra/BLMAPcgySCpZNAgdR9DQZXAQ=,iv:QJzsS5a6vWeoBxkB13yXdVbyn0tt2QTvqj0LaHn6S2g=,tag:TtgubLgWBBzl67MVal5BvQ==,type:str] autofs-nas-secret: ENC[AES256_GCM,data:OBh8h5CFv1Z4G6bMesna4zmXNASKhYdjFBvg47T9aKBCLDp/xVWnnQj8N7AFGg49wJ+0gYuqb33lIqpSnQ==,iv:UCaGeE8j4RqJzA0xhu3oB2xvzombzQD3fjLKCWd5fDg=,tag:+Oc78ddpLH7R2aT7gW3Ouw==,type:str] github_public_token: ENC[AES256_GCM,data:SYj6F8jXhAvpYgPllyJca4cdekp52ayYPndCaGtg9GFLBAVt1Y+d2Q07l/zGFlcLXDTE4FI9kAHVzpXchZlfCWcjJGJ/gCHr306s0zoaa5zVfAsfQaLmkYNvYBuOu8WHifsL3RNvkQrx4xWiH5KlCbrKelAsUaoj,iv:/bYv5+PtVcqNKgrOy8ojY09GtS0+U1W8JI34CcBeoHE=,tag:Xsh6XOVrn06RQL6s1ze4PA==,type:str] -singbox_domain: ENC[AES256_GCM,data:26WBV6F6JsdR81BzFbeFA0c8,iv:SRkEJdAxH/0in5oq7kCz6sBeMQzjDcV9242SqwFwMis=,tag:u6sn2Xs3Pwsmo8xwAfObCA==,type:str] +singbox_domain: ENC[AES256_GCM,data:D14hCWxVZG3EL/fIIYVs8G/bWGo=,iv:slK/UPnLtT2Uu4aXWLCOGSTGZ8U41ZhUexB9/Yy/AaE=,tag:NQ2PtV6jcT4jTZLgDzTfAg==,type:str] singbox_password: ENC[AES256_GCM,data:yEDny7bjaUpCoo0fXInfi/6phc6na4tJFwJhsW1yprn+Xm/x,iv:I+lmPWGdCOhpxL5tzfBR4KtIR3Bl5ECrBD95gUkwL+Y=,tag:OPzAxS7K5QQ6xEYFQ5gy4A==,type:str] sops: kms: [] @@ -37,8 +37,8 @@ sops: dWVDd2VSd213NmpYdDcvNUZXTHdzSDgKj68TLxSYYExtGg/hyuAiPqmdXPGIWzou DnCdBitTPPswI+BVwYufnGmHdt8xz5nofBxACWg/bS3NUTGFcnIPWQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-26T15:10:12Z" - mac: ENC[AES256_GCM,data:R1y2LCVbIcJ4hHLrgRT+H45jdSPUIE8uuW1EoJattnciLExlpZzNtuUxV6yVUKoUxh/Bdl4gUwRP6YINegMflUJIlby9vUyDTVAwzFpk5p4Ev0YF/X8ZgXcerwOZjEkHqekqEtDjEsnOt2U41XsXOzQsFXkmWl/aBRlxGYiTHcU=,iv:jFM3EKnTIJbBP1FHw3t7Q1+NvGIQYWtVCV+4Z9snPIQ=,tag:NkdeGL6IFA0iQoUqWmPZgw==,type:str] + lastmodified: "2023-11-11T19:16:18Z" + mac: ENC[AES256_GCM,data:iyqD4XJHw072IYKyRnWKJRVLex/GfnYn5QY4/YPkGK9cHjVML/97k1IWM76zXOpoJ9wSENvTqQirjMZz0TS92Ak2Ps/3fsyPj2f9BEFmF+q8r+VWEj9ZGEzHb52uMKyj3vYs5Mg9O5eeDmdAifdvC3RmRkoQ7WFoLDVCwcVFKoU=,iv:AuqLIPVMhX537MPaqnrYgOuHPH+P8Ili8tkg4p1jC1I=,tag:t2gQZzO1dIXnM3UqOnn/FA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.0 diff --git a/machines/sing-box.nix b/machines/sing-box.nix index c77aefc..050267f 100644 --- a/machines/sing-box.nix +++ b/machines/sing-box.nix @@ -34,7 +34,7 @@ in server = "_dns_doh_mainland"; } { - domain_suffix = "tiktokuu.xyz"; + domain_suffix = server; server = "_dns_doh_mainland"; } ]; From cb5a5794bd36ebb41ad8791510600d1d63c7081d Mon Sep 17 00:00:00 2001 From: xinyangli Date: Fri, 24 Nov 2023 20:49:18 +0800 Subject: [PATCH 6/6] home: move nix substituter to machine level nix conf --- home/xin/common/default.nix | 7 ------- machines/calcite/configuration.nix | 12 +++++++----- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index e461b9c..c76d3e8 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -6,13 +6,6 @@ ./vim.nix ]; - nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; - auto-optimise-store = true; - substituters = "https://mirrors.ustc.edu.cn/nix-channels/store https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"; - }; - - home.packages = with pkgs; [ dig du-dust # du + rust diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 7fdab31..c89aa84 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -101,8 +101,6 @@ systemd.services."getty@tty1".enable = false; systemd.services."autovt@tty1".enable = false; - services.intune.enable = true; - # Allow unfree packages nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ @@ -188,7 +186,7 @@ config.nur.repos.xddxdd.wechat-uos # Password manager - keepassxc + bitwarden # Browser firefox @@ -213,15 +211,19 @@ # Use mirror for binary cache nix.settings.substituters = [ + "https://mirrors.bfsu.edu.cn/nix-channels/store" "https://mirrors.ustc.edu.cn/nix-channels/store" - "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" ]; nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; - nix.settings.trusted-users = [ "xin" "root" ]; + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + trusted-users = [ "xin" "root" ]; + }; nix.extraOptions = '' !include "${config.sops.secrets.github_public_token.path}" '';