xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'calcite'

Browse source
This commit is contained in:
xinyangli 2023-11-24 20:50:19 +08:00
commit 8b2120f9ec
11 changed files with 246 additions and 175 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

88
flake.lock
View file

@ -21,11 +21,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -74,11 +74,11 @@
]
},
"locked": {
"lastModified": 1689891262,
"narHash": "sha256-Pc4wDczbdgd6QXKJIXprgxe7L9AVDsoAkMnvm5vmpUU=",
"lastModified": 1700087144,
"narHash": "sha256-LJP1RW0hKNWmv2yRhnjkUptMXInKpn/rV6V6ofuZkHU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ee5673246de0254186e469935909e821b8f4ec15",
"rev": "ab1459a1fb646c40419c732d05ec0bf2416d4506",
"type": "github"
},
"original": {
@ -91,14 +91,16 @@
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1689903271,
"narHash": "sha256-t3CPQ3afi5fUbY/I4nldZgsUMO9/17UwIC9XPiD0ybs=",
"lastModified": 1700097605,
"narHash": "sha256-nVqtih7bV5zso/y8tCSYwqmkEdMDU6R5NBb8D7w5mEY=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "2064829219ef11822e539664ba975fdf443bbe7b",
"rev": "4192069cbb3f98b114e6f0bc0e7e4720c6c98c09",
"type": "github"
},
"original": {
@ -130,11 +132,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1689320556,
"narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=",
"lastModified": 1699997707,
"narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "d4ea64f2063820120c05f6ba93ee02e6d4671d6b",
"rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9",
"type": "github"
},
"original": {
@ -146,15 +148,15 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1684570954,
"narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
"owner": "NixOS",
"lastModified": 1699781429,
"narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3",
"rev": "e44462d6021bfe23dfb24b775cc7c390844f773d",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@ -162,11 +164,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1689885880,
"narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=",
"lastModified": 1699994397,
"narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0",
"rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8",
"type": "github"
},
"original": {
@ -178,11 +180,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1689473667,
"narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=",
"lastModified": 1699756042,
"narHash": "sha256-bHHjQQBsEPOxLL+klYU2lYshDnnWY12SewzQ7n5ab2M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6",
"rev": "9502d0245983bb233da8083b55d60d96fd3c29ff",
"type": "github"
},
"original": {
@ -194,27 +196,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1689940971,
"narHash": "sha256-397xShPnFqPC59Bmpo3lS+/Aw0yoDRMACGo1+h2VJMo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9ca785644d067445a4aa749902b29ccef61f7476",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1689413807,
"narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=",
"lastModified": 1699374756,
"narHash": "sha256-X21OIoVcJejN9JKoLuoZSx3ZZkMh/iSpJ+GGrSNQyGU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "46ed466081b9cad1125b11f11a2af5cc40b942c7",
"rev": "9b92dad3804b543a8b5db878aabf7132d601fa91",
"type": "github"
},
"original": {
@ -226,11 +212,11 @@
},
"nur": {
"locked": {
"lastModified": 1689986542,
"narHash": "sha256-nfAoJhHAeOM+G2E4qzE3E8vtt5VH14bq9u7a9wxTR1c=",
"lastModified": 1700127871,
"narHash": "sha256-Vc+CZ/Ev/MhzYdKGIX/qp8GGiKfztvfL6bJZSW2m6zE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "3d51c81356bd84bfa7b5b2ccb11c36b58b9f5cde",
"rev": "7cf29aef2e074a1ad6c12a196f3e4a140837f33f",
"type": "github"
},
"original": {
@ -246,7 +232,7 @@
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-cn": "nixos-cn",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur",
"sops-nix": "sops-nix"
@ -254,15 +240,15 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1689534977,
"narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=",
"lastModified": 1699951338,
"narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81",
"rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46",
"type": "github"
},
"original": {

18
flake.nix
View file

@ -9,20 +9,22 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nix-vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cn = {
url = "github:nixos-cn/flakes";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixos-cn = {
url = "github:nixos-cn/flakes";
# Use the same nixpkgs
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = "github:Mic92/sops-nix";
nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
flake-utils.url = "github:numtide/flake-utils";
};

10
home/xin/common/default.nix
View file

@ -6,18 +6,11 @@
./vim.nix
];
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
substituters = "https://cache.nixos.org https://mirrors.ustc.edu.cn/nix-channels/store https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://cache.nixos.org/ https://cuda-maintainers.cachix.org";
trusted-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=";
};
home.packages = with pkgs; [
dig
du-dust # du + rust
zoxide # autojumper
ripgrep
file
man-pages
unar
@ -28,7 +21,6 @@
tealdeer
neofetch
rclone
clash
inetutils
];

27
machines/calcite/configuration.nix
View file

@ -7,7 +7,6 @@
./hardware-configuration.nix
./network.nix
../sops.nix
../clash.nix
];
# Bootloader.
@ -17,6 +16,7 @@
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
boot.supportedFilesystems = [ "ntfs" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
networking.hostName = "calcite";
@ -104,9 +104,9 @@
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1u"
"openssl-1.1.1w"
# For wechat-uos
"electron-19.0.7"
"electron-19.1.9"
];
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -173,8 +173,6 @@
gnome.gnome-tweaks
gthumb
steam
# Multimedia
vlc
obs-studio
@ -188,11 +186,12 @@
config.nur.repos.xddxdd.wechat-uos
# Password manager
keepassxc
bitwarden
# Browser
firefox
chromium
brave
microsoft-edge
# Writting
@ -208,24 +207,23 @@
ghidra
];
programs.steam = {
enable = true;
};
system.stateVersion = "22.05";
# Use mirror for binary cache
nix.settings.substituters = [
"https://mirrors.bfsu.edu.cn/nix-channels/store"
"https://mirrors.ustc.edu.cn/nix-channels/store"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
];
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
nix.settings.trusted-users = [ "xin" "root" ];
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
trusted-users = [ "xin" "root" ];
};
nix.extraOptions = ''
!include "${config.sops.secrets.github_public_token.path}"
'';
@ -240,7 +238,7 @@
# Fonts
fonts = {
fonts = with pkgs; [
packages = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" ]; })
noto-fonts
noto-fonts-emoji
@ -274,7 +272,6 @@
};
docker = {
enable = true;
enableNvidia = true;
autoPrune.enable = true;
};
};

4
machines/calcite/hardware-configuration.nix
View file

@ -46,4 +46,8 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
driSupport32Bit = false;
};
}

33
machines/calcite/network.nix
View file

@ -1,32 +1,20 @@
{ pkgs, ...}:
{
imports = [
../sing-box.nix
];
# Enable networking
networking = {
networkmanager = {
enable = true;
dns = "systemd-resolved";
# dns = "none";
};
};
services.resolved = {
enable = true;
extraConfig = ''
[Resolve]
Domains=~.
DNS=114.114.114.114 1.1.1.1
DNSOverTLS=opportunistic
'';
};
# Configure network proxy if necessary
networking.proxy = {
allProxy = "socks5://127.0.0.1:7891/";
httpProxy = "http://127.0.0.1:7890/";
httpsProxy = "http://127.0.0.1:7890/";
noProxy = "127.0.0.1,localhost,internal.domain,.coho-tet.ts.net";
};
# Enable Tailscale
@ -34,15 +22,15 @@
# services.tailscale.useRoutingFeatures = "both";
# Open ports in the firewall.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ ];
networking.firewall.allowedUDPPorts = [ 41641 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.firewall.trustedInterfaces = [
"tun0"
"tailscale0"
];
programs.steam.remotePlay.openFirewall = true;
# Use nftables to manager firewall
networking.nftables.enable = true;
# Add gsconnect, open firewall
programs.kdeconnect = {
@ -54,9 +42,4 @@
enable = true;
package = pkgs.wireshark-qt;
};
# services.gnome.gnome-remote-desktop.enable = true;
# services.xrdp.enable = true;
# services.xrdp.openFirewall = true;
# services.xrdp.defaultWindowManager = icewm;
}

34
machines/clash.nix
View file

@ -1,34 +0,0 @@
{ config, lib, pkgs, ... }:
{
sops = {
secrets.clash_subscription_link = {
owner = "xin";
};
};
systemd.timers."clash-config-update" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnUnitActiveSec = "1d";
Unit = "clash-config-update.service";
};
};
systemd.services."clash-config-update" = {
script = ''
${pkgs.curl}/bin/curl $(${pkgs.coreutils}/bin/cat ${config.sops.secrets.clash_subscription_link.path}) > /tmp/config.yaml && mv /tmp/config.yaml /home/xin/.config/clash/
'';
serviceConfig = {
Type = "oneshot";
User= "xin";
};
};
systemd.services.clash = {
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.clash}/bin/clash -d /home/xin/.config/clash";
};
}

28
machines/dnscrypt.nix
View file

@ -1,28 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = false;
require_dnssec = true;
sources = {
public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
server_names = [ "cloudflare" "tuna-doh-ipv4" ];
};
};
networking.networkmanager.dns = "none";
# dns
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}

8
machines/secrets.yaml
View file

@ -2,6 +2,8 @@ clash_subscription_link: ENC[AES256_GCM,data:Vwy0c8gOeR1XG/QNp8TGuBe/5kezD7SSStN
autofs-nas: ENC[AES256_GCM,data:wcrA2t8/i9PaxA1PQ3CDVJZUhVchGV4vCfa5j/ReNahKV3cfDf2owbpeB827sMpjYyyvSH6nri7mra/BLMAPcgySCpZNAgdR9DQZXAQ=,iv:QJzsS5a6vWeoBxkB13yXdVbyn0tt2QTvqj0LaHn6S2g=,tag:TtgubLgWBBzl67MVal5BvQ==,type:str]
autofs-nas-secret: ENC[AES256_GCM,data:OBh8h5CFv1Z4G6bMesna4zmXNASKhYdjFBvg47T9aKBCLDp/xVWnnQj8N7AFGg49wJ+0gYuqb33lIqpSnQ==,iv:UCaGeE8j4RqJzA0xhu3oB2xvzombzQD3fjLKCWd5fDg=,tag:+Oc78ddpLH7R2aT7gW3Ouw==,type:str]
github_public_token: ENC[AES256_GCM,data:SYj6F8jXhAvpYgPllyJca4cdekp52ayYPndCaGtg9GFLBAVt1Y+d2Q07l/zGFlcLXDTE4FI9kAHVzpXchZlfCWcjJGJ/gCHr306s0zoaa5zVfAsfQaLmkYNvYBuOu8WHifsL3RNvkQrx4xWiH5KlCbrKelAsUaoj,iv:/bYv5+PtVcqNKgrOy8ojY09GtS0+U1W8JI34CcBeoHE=,tag:Xsh6XOVrn06RQL6s1ze4PA==,type:str]
singbox_domain: ENC[AES256_GCM,data:D14hCWxVZG3EL/fIIYVs8G/bWGo=,iv:slK/UPnLtT2Uu4aXWLCOGSTGZ8U41ZhUexB9/Yy/AaE=,tag:NQ2PtV6jcT4jTZLgDzTfAg==,type:str]
singbox_password: ENC[AES256_GCM,data:yEDny7bjaUpCoo0fXInfi/6phc6na4tJFwJhsW1yprn+Xm/x,iv:I+lmPWGdCOhpxL5tzfBR4KtIR3Bl5ECrBD95gUkwL+Y=,tag:OPzAxS7K5QQ6xEYFQ5gy4A==,type:str]
sops:
kms: []
gcp_kms: []
@ -35,8 +37,8 @@ sops:
dWVDd2VSd213NmpYdDcvNUZXTHdzSDgKj68TLxSYYExtGg/hyuAiPqmdXPGIWzou
DnCdBitTPPswI+BVwYufnGmHdt8xz5nofBxACWg/bS3NUTGFcnIPWQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-22T02:00:48Z"
mac: ENC[AES256_GCM,data:DXQaCRuD4trEjIFvVAGF3/F/AiUcIOKGmqKKF/S7tJ51ZGXIh64g7vXZhZC22UxGs2pYU/gQOfA58cSxrHav0hmA0KbidLGA2ySRzVCSP3IH2jLx9KXdYv6SIS5I3MRMUqf7ZH+5rtdjTrrYBDWZrDzB9T7naMn1BujMqi+SwsU=,iv:QrFcEz7sxC0kbRtFr45cUaT4VosFq5ICtF3HOZ3If9I=,tag:Ste0v4xcONasn182R2ZyFw==,type:str]
lastmodified: "2023-11-11T19:16:18Z"
mac: ENC[AES256_GCM,data:iyqD4XJHw072IYKyRnWKJRVLex/GfnYn5QY4/YPkGK9cHjVML/97k1IWM76zXOpoJ9wSENvTqQirjMZz0TS92Ak2Ps/3fsyPj2f9BEFmF+q8r+VWEj9ZGEzHb52uMKyj3vYs5Mg9O5eeDmdAifdvC3RmRkoQ7WFoLDVCwcVFKoU=,iv:AuqLIPVMhX537MPaqnrYgOuHPH+P8Ili8tkg4p1jC1I=,tag:t2gQZzO1dIXnM3UqOnn/FA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.0

157
machines/sing-box.nix Normal file
View file

@ -0,0 +1,157 @@
{ config, lib, pkgs, ... }:
let
server = {
_secret = config.sops.secrets.singbox_domain.path;
};
password = {
_secret = config.sops.secrets.singbox_password.path;
};
uuid = {
_secret = config.sops.secrets.singbox_password.path;
};
in
{
services.sing-box = {
enable = true;
settings = {
log = { level = "warning"; };
experimental = {
clash_api = {
external_controller = "127.0.0.1:9090";
store_selected = true;
external_ui = "${config.nur.repos.linyinfeng.yacd}";
};
};
dns = {
rules = [
{
disable_cache = true;
geosite = "category-ads-all";
server = "_dns_block";
}
{
geosite = "cn";
server = "_dns_doh_mainland";
}
{
domain_suffix = server;
server = "_dns_doh_mainland";
}
];
servers = [
{
address = "https://cloudflare-dns.com/dns-query";
address_strategy = "prefer_ipv4";
address_resolver = "_dns_doh_mainland";
detour = "_proxy_select";
tag = "_dns_global";
}
{
address = "119.29.29.29";
detour = "direct";
tag = "_dns_udp_mainland";
}
{
address = "https://doh.pub/dns-query";
address_resolver = "_dns_udp_mainland";
detour = "direct";
tag = "_dns_doh_mainland";
}
{
address = "rcode://success";
tag = "_dns_block";
}
];
strategy = "prefer_ipv4";
final = "_dns_global";
disable_cache = false;
};
inbounds = [
{
type = "mixed";
tag = "mixed-in";
listen = "127.0.0.1";
listen_port = 7891;
}
{
type = "tun";
tag = "tun-in";
auto_route = true;
strict_route = false;
inet4_address = "172.19.0.1/30";
sniff = true;
}
];
route = {
auto_detect_interface = true;
final = "_proxy_select";
rules = [
{ outbound = "dns-out"; protocol = "dns"; }
{
geoip = "cn";
geosite = "cn";
outbound = "direct";
}
{ geoip = "private"; outbound = "direct"; }
{
geosite = "cn";
geoip = "cn";
invert = true;
outbound = "_proxy_select";
}
];
};
outbounds = [
{ default = "auto"; outbounds = [ "auto" "direct" "block"]; tag = "_proxy_select"; type = "selector"; }
{ interval = "1m0s"; outbounds = [ "SS-01" "SS-02" "SS-03" "SS-04" "SS-01" "SS-02" "SS-03" "SS-01" "SS-02" "SS-03" "SS-01" "SS-02" "SS-03" "SS-04" "1" "2" "3" "4" "5" "6" "7" "8" "1" "2" "3" "4" "1" "2" "3" "4" "5" "6" "7" "8" "1" "2" "1" "2" "3" "4" "5" "6" "1" "2" ]; tag = "auto"; tolerance = 300; type = "urltest"; url = "http://www.gstatic.com/generate_204"; }
{ tag = "direct"; type = "direct"; }
{ tag = "block"; type = "block"; }
{ tag = "dns-out"; type = "dns"; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12001; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12002; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12003; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12004; tag = "SS-04"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12011; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12012; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12013; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12021; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12022; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12023; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12031; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12032; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12033; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12034; tag = "SS-04"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server uuid; security = "auto"; server_port = 1201; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1202; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1203; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1204; tag = "4"; transport = { path = "/"; type = "ws"; }; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1205; tag = "5"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1206; tag = "6"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1207; tag = "7"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1208; tag = "8"; transport = { path = "/"; type = "ws"; }; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1211; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1212; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1213; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1214; tag = "4"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1231; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1232; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1233; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1234; tag = "4"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1235; tag = "5"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1236; tag = "6"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1237; tag = "7"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1238; tag = "8"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1241; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1242; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1261; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1262; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1263; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1264; tag = "4"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1265; tag = "5"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1266; tag = "6"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1251; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1252; tag = "2"; type = "vmess"; }
];
};
};
}

14
machines/sops.nix
View file

@ -2,8 +2,18 @@
{
sops = {
defaultSopsFile = ./secrets.yaml;
# TODO: How to generate this key when bootstrap?
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# age.keyFile = "/var/lib/sops-nix/keys.txt";
# age.generateKey = true;
secrets = {
clash_subscription_link = {
owner = "xin";
};
singbox_password = {
owner = "xin";
};
singbox_domain = {
owner = "xin";
};
};
};
}