From cb47adb6b37da946f0754434f744435cdeeaf103 Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Thu, 21 Aug 2025 15:32:50 +0800 Subject: [PATCH] feat: update docs via LLM (#216) --- certs/README.md | 20 +++++++- hardening/README.md | 55 +++++++++++++++++++--- home/README.md | 50 ++++++++++++++++++-- hosts/README.md | 108 +++++++++++++++++++++++++++++++++++-------- infra/README.md | 65 ++++++++++++++++++++++++-- lib/README.md | 49 ++++++++++++++++---- modules/README.md | 109 ++++++++++++++++++++++++++++++++++++++++++-- overlays/README.md | 47 +++++++++++++++++-- vars/README.md | 46 ++++++++++++++++++- 9 files changed, 496 insertions(+), 53 deletions(-) diff --git a/certs/README.md b/certs/README.md index eb3029f0..0de8666f 100644 --- a/certs/README.md +++ b/certs/README.md @@ -3,5 +3,21 @@ This is my private Private Key Infrastructure (PKI) / Certificate Authority (CA) for my personal use. It is used to issue certificates for my own servers and services. -All the private keys are ignored by git, and will be stored in my private secrets repo -[../secrets](../secrets/) +## Current Structure + +- **ecc-ca.crt** - ECC CA certificate file +- **ecc-ca.srl** - CA serial number file for certificate tracking +- **ecc-csr.conf** - OpenSSL configuration file for certificate signing requests +- **ecc-server.crt** - Server certificate signed by the ECC CA +- **gen-certs.sh** - Shell script to generate certificates automatically + +## Security Notes + +All private keys (`.key` files) are ignored by git and stored in a private secrets repository. The +public certificates and configuration files are committed to this repository for reference. + +## Usage + +Run `./gen-certs.sh` to generate new certificates using the ECC CA configuration. + +See [../secrets](../secrets/) for the corresponding private key management. diff --git a/hardening/README.md b/hardening/README.md index 9f2954b2..c46015a1 100644 --- a/hardening/README.md +++ b/hardening/README.md @@ -12,14 +12,55 @@ 1. Accessing the network when they don't need to. 1. Accessing hardware devices they don't need. -## Current Status +## Current Structure -1. **System Level**: - - [ ] AppArmor - - [ ] Kernel & System Hardening -1. **Per-App Level**: - - Nixpak (Bubblewrap, running at user-level) - - Firejail (a SUID program, meaning it's running as root) +### 1. **System Level** + +- **AppArmor** (`apparmor/`): AppArmor profiles and configuration +- **Kernel & System Hardening** (`profiles/`): System-wide hardening profiles + +### 2. **Per-App Level** + +- **Nixpak** (`nixpaks/`): Bubblewrap-based sandboxing for applications + - Firefox configuration + - QQ (Chinese messaging app) configuration + - Modular system with reusable components +- **Firejail** (legacy): SUID-based sandboxing (not used) +- **Bubblewrap** (`bwraps/`): Direct bubblewrap configurations + - WeChat sandboxing configuration + +## Current Implementation Status + +| Component | Status | Notes | +| ----------------- | --------- | ------------------------------ | +| AppArmor Profiles | ๐Ÿšง WIP | Basic structure in place | +| Nixpak Firefox | โœ… Active | Firefox sandboxing via nixpak | +| Nixpak QQ | โœ… Active | QQ application sandboxing | +| Bubblewrap WeChat | โœ… Active | WeChat specific sandboxing | +| System Profiles | ๐Ÿšง WIP | Hardened system configurations | + +## Directory Structure + +``` +hardening/ +โ”œโ”€โ”€ README.md +โ”œโ”€โ”€ apparmor/ # AppArmor security profiles +โ”‚ โ””โ”€โ”€ default.nix +โ”œโ”€โ”€ bwraps/ # Direct bubblewrap configurations +โ”‚ โ”œโ”€โ”€ default.nix +โ”‚ โ””โ”€โ”€ wechat.nix +โ”œโ”€โ”€ nixpaks/ # Nixpak application sandboxing +โ”‚ โ”œโ”€โ”€ default.nix +โ”‚ โ”œโ”€โ”€ firefox.nix +โ”‚ โ”œโ”€โ”€ firefox-desktop-item.nix +โ”‚ โ”œโ”€โ”€ qq.nix +โ”‚ โ”œโ”€โ”€ qq-desktop-item.nix +โ”‚ โ””โ”€โ”€ modules/ # Reusable nixpak modules +โ”‚ โ”œโ”€โ”€ gui-base.nix +โ”‚ โ””โ”€โ”€ network.nix +โ””โ”€โ”€ profiles/ # System hardening profiles + โ””โ”€โ”€ default.nix +``` ## Kernel Hardening diff --git a/home/README.md b/home/README.md index 096fe0bc..4a1eb83e 100644 --- a/home/README.md +++ b/home/README.md @@ -1,5 +1,49 @@ # Home Manager's Submodules -1. `base`: The base module that is suitable for both Linux and macOS. -2. `linux`: Linux-specific configuration. -3. `darwin`: macOS-specific configuration. +This directory contains all Home Manager configurations organized by platform and functionality. + +## Current Structure + +``` +home/ +โ”œโ”€โ”€ base/ # Cross-platform home manager configurations +โ”‚ โ”œโ”€โ”€ core/ # Essential applications and settings +โ”‚ โ”‚ โ”œโ”€โ”€ editors/ # Editor configurations (Neovim, Helix) +โ”‚ โ”‚ โ”œโ”€โ”€ shells/ # Shell configurations (Nushell, Zellij) +โ”‚ โ”‚ โ””โ”€โ”€ ... +โ”‚ โ”œโ”€โ”€ gui/ # GUI applications and desktop settings +โ”‚ โ”‚ โ”œโ”€โ”€ terminal/ # Terminal emulators (Kitty, Alacritty, etc.) +โ”‚ โ”‚ โ””โ”€โ”€ ... +โ”‚ โ”œโ”€โ”€ tui/ # Terminal/TUI applications +โ”‚ โ”‚ โ”œโ”€โ”€ editors/ # TUI editors and related tools +โ”‚ โ”‚ โ”œโ”€โ”€ encryption/ # GPG, password-store, etc. +โ”‚ โ”‚ โ””โ”€โ”€ ... +โ”‚ โ””โ”€โ”€ home.nix # Main home manager entry point +โ”œโ”€โ”€ linux/ # Linux-specific home manager configurations +โ”‚ โ”œโ”€โ”€ base/ # Linux base configurations +โ”‚ โ”œโ”€โ”€ gui/ # Linux GUI applications +โ”‚ โ”‚ โ”œโ”€โ”€ hyprland/ # Hyprland window manager +โ”‚ โ”‚ โ”œโ”€โ”€ niri/ # Niri window manager +โ”‚ โ”‚ โ””โ”€โ”€ ... +โ”‚ โ”œโ”€โ”€ editors/ # Linux-specific editors +โ”‚ โ””โ”€โ”€ ... +โ””โ”€โ”€ darwin/ # macOS-specific home manager configurations + โ”œโ”€โ”€ aerospace/ # macOS window manager + โ”œโ”€โ”€ proxy/ # Proxy configurations + โ””โ”€โ”€ ... +``` + +## Module Overview + +1. **base**: The base module suitable for both Linux and macOS + - Cross-platform applications and settings + - Shared configurations for editors, shells, and essential tools + +2. **linux**: Linux-specific configuration + - Desktop environments (Hyprland, Niri) + - Linux-specific GUI applications + - System integration tools + +3. **darwin**: macOS-specific configuration + - macOS applications and services + - Platform-specific integrations (Aerospace, Squirrel, etc.) diff --git a/hosts/README.md b/hosts/README.md index 9ab69a80..0f622a09 100644 --- a/hosts/README.md +++ b/hosts/README.md @@ -1,22 +1,81 @@ # Hosts -1. `idols` - 1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. - 2. `aquamarine`: Kubevirt Virtual Machine. - - Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser, - and other services. - 3. `ruby`: Not used now. - 4. `kana`: Not used now. -1. `k8s`: My Kubevirt & Kubernetes Clusters -1. `darwin`(macOS) - 1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for personal use. - 1. `frieren`: MacBook Pro 2024 14-inch M4Pro 48G, mainly for work. -1. `12kingdoms`: - 1. `shoukei`: NixOS on MacBook Pro 2022 M2. -1. Other aarch64/riscv64 SBCs: - [ryan4yin/nixos-config-sbc](https://github.com/ryan4yin/nixos-config-sbc) +This directory contains all host-specific configurations for my NixOS and macOS systems. -## How to add a new host +## Current Host Inventory + +### Physical Machines + +#### `idols` - Main Workstations + +Named after characters from "Oshi no Ko": + +| Host | Platform | Hardware | Purpose | Status | +| ------------ | ----------- | --------------------- | --------------------- | ----------- | +| `ai` | NixOS | i5-13600KF + RTX 4090 | Gaming & Daily Use | โœ… Active | +| `aquamarine` | KubeVirt VM | Virtual | Monitoring & Services | โœ… Active | +| `kana` | NixOS | Virtual | Reserved | โšช Not Used | +| `ruby` | NixOS | Virtual | Reserved | โšช Not Used | + +#### `darwin` - macOS Systems + +Named after characters from "Frieren: Beyond Journey's End": + +| Host | Platform | Hardware | Purpose | Status | +| --------- | -------- | -------------------------- | ------------ | --------- | +| `fern` | macOS | MacBook Pro M2 13" 16GB | Personal Use | โœ… Active | +| `frieren` | macOS | MacBook Pro M4Pro 14" 48GB | Work Use | โœ… Active | + +#### `12kingdoms` - Homelab Servers & Apple Silicon Linux + +Named after "Twelve Kingdoms": + +| Host | Platform | Hardware | Purpose | Status | +| --------- | -------- | -------------------------------------- | -------------------------- | --------- | +| `shoukei` | NixOS | MacBook Pro M2 | NixOS on Apple Silicon | โœ… Active | +| `shoryu` | NixOS | MoreFine S500Plus (AMD Ryzen 9 5900HX) | KubeVirt Host & K3s Master | โœ… Active | +| `shushou` | NixOS | MinisForum UM560 (AMD Ryzen 5 5625U) | KubeVirt Host & K3s Master | โœ… Active | +| `youko` | NixOS | MinisForum HX99G (AMD Ryzen 9 6900HX) | KubeVirt Host & K3s Master | โœ… Active | + +### Virtual Machines & Clusters + +#### `k8s` - Kubernetes Infrastructure + +- **KubeVirt Cluster**: 3 physical mini PCs (shoryu, shushou, youko) running all VMs +- **K3s Production**: 3 masters + 3 workers for production workloads +- **K3s Testing**: 3 masters for testing and development + +#### KubeVirt Host Systems + +- **kubevirt-shoryu** - Physical mini PC running KubeVirt/K3s cluster +- **kubevirt-shushou** - Physical mini PC running KubeVirt/K3s cluster +- **kubevirt-youko** - Physical mini PC running KubeVirt/K3s cluster + +### External Systems + +- **SBCs**: aarch64/riscv64 single-board computers managed in + [ryan4yin/nixos-config-sbc](https://github.com/ryan4yin/nixos-config-sbc) + +## Naming Conventions + +- **idols**: Characters from "Oshi no Ko" anime/manga +- **12kingdoms**: Characters from "Twelve Kingdoms" anime/novel series +- **darwin**: Characters from "Frieren: Beyond Journey's End" anime/manga +- **k8s**: Kubernetes-related systems follow standard naming patterns + +## How to Add a New Host + +The easiest way to add a new host is to copy and adapt an existing similar configuration. All host +configurations follow similar patterns but are customized for specific hardware and use cases. + +### General Process + +1. **Identify a similar existing host** from the directory structure above +2. **Copy the entire directory** and rename it for your new host +3. **Adapt the configuration files** for your specific hardware and requirements +4. **Update references** in the flake outputs and networking configuration + +### Essential Steps 1. Under `hosts/` 1. Create a new folder under `hosts/` with the name of the new host. @@ -36,13 +95,22 @@ 1. Add the new host's static IP address. 1. Skip this step if the new host is not in the local network or is a mobile device. -## idols - Oshi no Ko +### File Templates -These four servers are named after the four main characters of the mange/anime Oshi no Ko. +Use existing hosts as templates. The key files typically include: -## rolling girls +- `default.nix` - Main host configuration +- `hardware-configuration.nix` - Auto-generated hardware settings +- Platform-specific files (e.g., `nvidia.nix`, `apple-silicon.nix`, etc.) -My All RISCV64 hosts. +### Examples to Reference + +- **Desktop systems**: See `idols-ai/` for gaming/workstation setup +- **Server systems**: See `kubevirt-shoryu/` for K8s/KubeVirt hosts +- **macOS systems**: See `darwin-fern/` for macOS configurations +- **Apple Silicon**: See `12kingdoms-shoukei/` for ARM Linux setup + +All my riscv64 hosts: ![](/_img/nixos-riscv-cluster.webp) diff --git a/infra/README.md b/infra/README.md index 535988a4..74efad98 100644 --- a/infra/README.md +++ b/infra/README.md @@ -1,6 +1,65 @@ # Infrastructure as Code -Home for my infra-as-code - terraform configs. +This directory contains Infrastructure as Code (IaC) configurations using Terraform, primarily for +managing storage and backend services. -Kubernetes's yaml are stored in a separate repo: -[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops). +## Current Structure + +``` +infra/ +โ”œโ”€โ”€ README.md +โ””โ”€โ”€ minio/ # MinIO S3-compatible storage configurations + โ”œโ”€โ”€ loki/ # Loki log storage buckets + โ”‚ โ”œโ”€โ”€ README.md + โ”‚ โ”œโ”€โ”€ loki.tf # Loki-specific bucket configuration + โ”‚ โ”œโ”€โ”€ main.tf # Main Terraform configuration + โ”‚ โ””โ”€โ”€ run.sh # Deployment script + โ””โ”€โ”€ tf-s3-backend/ # Terraform S3 backend setup + โ”œโ”€โ”€ README.md + โ”œโ”€โ”€ main.tf # Main configuration + โ”œโ”€โ”€ run.sh # Deployment script + โ””โ”€โ”€ tf-s3-backend.tf # Backend bucket configuration +``` + +## Services Overview + +### MinIO Storage + +- **Loki Buckets**: Dedicated storage for Grafana Loki log aggregation +- **Terraform Backend**: Centralized state management for all Terraform configurations + +### External Resources + +- **Kubernetes YAML**: Managed in separate repository + [ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops) +- **Secrets Management**: Handled via agenix in [../secrets](../secrets/) + +## Usage + +Each subdirectory contains its own Terraform configuration: + +1. **Navigate to specific service**: + + ```bash + cd infra/minio/loki + ``` + +2. **Deploy configuration**: + + ```bash + ./run.sh + ``` + +3. **Manual deployment**: + ```bash + terraform init + terraform plan + terraform apply + ``` + +## Security Considerations + +- All storage buckets are configured with appropriate access policies +- State files are encrypted at rest +- Access credentials are managed through environment variables +- Network access is restricted to necessary hosts only diff --git a/lib/README.md b/lib/README.md index 53e9d025..2b968576 100644 --- a/lib/README.md +++ b/lib/README.md @@ -1,13 +1,42 @@ # Library -Some helper functions, used by `flake.nix` to reduce code duplication and make it easier to add new -machines: +This directory contains helper functions used by `flake.nix` to reduce code duplication and make it +easier to add new machines. -1. `attrs.nix`: A set of functions to manipulate attribute sets. -1. `macosSystem.nix`: A function to generate config(attribute set) for - macOS([nix-darwin](https://github.com/LnL7/nix-darwin)). -1. `nixosSystem.nix`: A function to generate config(attribute set) for NixOS. -1. `colmenaSystem.nix`: A function that generate config(another function) for remote deployment - using [colmena](https://github.com/zhaofengli/colmena). -1. `default.nix`: import all the above functions, and some custom useful functions, and export them - as a single attribute set. +## Current Functions + +### Core System Generators + +1. **`attrs.nix`** - Attribute set manipulation utilities +2. **`macosSystem.nix`** - macOS configuration generator for + [nix-darwin](https://github.com/LnL7/nix-darwin) +3. **`nixosSystem.nix`** - NixOS configuration generator +4. **`colmenaSystem.nix`** - Remote deployment configuration for + [colmena](https://github.com/zhaofengli/colmena) + +### Specialized Module Generators + +5. **`genK3sAgentModule.nix`** - K3s agent node configuration generator +6. **`genK3sServerModule.nix`** - K3s server node configuration generator +7. **`genKubeVirtGuestModule.nix`** - KubeVirt guest VM configuration generator +8. **`genKubeVirtHostModule.nix`** - KubeVirt host configuration generator + +### Entry Point + +9. **`default.nix`** - Main entry point that imports all functions and exports them as a single + attribute set + +## Usage + +These functions are designed to: + +- Generate consistent configurations across different architectures +- Provide type-safe configuration for complex systems +- Enable easy scaling of the infrastructure +- Support both local development and production deployments + +## Architecture Support + +- **x86_64-linux**: Primary desktop systems +- **aarch64-linux**: ARM64 Linux systems (Apple Silicon, SBCs) +- **aarch64-darwin**: Apple Silicon macOS systems diff --git a/modules/README.md b/modules/README.md index 7800edbb..76f5c027 100644 --- a/modules/README.md +++ b/modules/README.md @@ -1,5 +1,108 @@ # NixOS / Nix-Darwin's Submodules -1. `darwin`: macOS-specific configuration. -2. `nixos`: NixOS-specific configuration. -3. `base`: Common configuration for both NixOS and Nix-Darwin. +This directory contains modular NixOS and Nix-Darwin configurations organized by platform and +functionality. + +## Current Structure + +``` +modules/ +โ”œโ”€โ”€ README.md +โ”œโ”€โ”€ base/ # Common configuration for all platforms +โ”‚ โ”œโ”€โ”€ default.nix +โ”‚ โ”œโ”€โ”€ fonts.nix # System font configuration +โ”‚ โ”œโ”€โ”€ nix.nix # Nix package manager settings +โ”‚ โ”œโ”€โ”€ overlays.nix # Package overlays +โ”‚ โ”œโ”€โ”€ security.nix # Basic security settings +โ”‚ โ”œโ”€โ”€ system-packages.nix # Essential system packages +โ”‚ โ””โ”€โ”€ users.nix # User management +โ”œโ”€โ”€ darwin/ # macOS-specific modules +โ”‚ โ”œโ”€โ”€ README.md +โ”‚ โ”œโ”€โ”€ apps.nix # macOS applications +โ”‚ โ”œโ”€โ”€ broken-packages.nix # Package compatibility fixes +โ”‚ โ”œโ”€โ”€ default.nix +โ”‚ โ”œโ”€โ”€ nix-core.nix # Core Nix configuration +โ”‚ โ”œโ”€โ”€ security.nix # macOS security settings +โ”‚ โ”œโ”€โ”€ ssh.nix # SSH configuration +โ”‚ โ”œโ”€โ”€ system.nix # System-level settings +โ”‚ โ””โ”€โ”€ users.nix # macOS user management +โ””โ”€โ”€ nixos/ # NixOS-specific modules + โ”œโ”€โ”€ base/ # Base NixOS configuration + โ”‚ โ”œโ”€โ”€ btrbk.nix # Backup configuration + โ”‚ โ”œโ”€โ”€ core.nix # Core system settings + โ”‚ โ”œโ”€โ”€ default.nix + โ”‚ โ”œโ”€โ”€ i18n.nix # Internationalization + โ”‚ โ”œโ”€โ”€ monitoring.nix # System monitoring + โ”‚ โ”œโ”€โ”€ networking.nix # Network configuration + โ”‚ โ”œโ”€โ”€ nix.nix # Nix settings + โ”‚ โ”œโ”€โ”€ packages.nix # System packages + โ”‚ โ”œโ”€โ”€ remote-building.nix # Remote build setup + โ”‚ โ”œโ”€โ”€ ssh.nix # SSH daemon configuration + โ”‚ โ”œโ”€โ”€ user-group.nix # User and group management + โ”‚ โ””โ”€โ”€ zram.nix # ZRAM swap configuration + โ”œโ”€โ”€ desktop.nix # Desktop environment configuration + โ”œโ”€โ”€ desktop/ # Desktop-specific modules + โ”‚ โ”œโ”€โ”€ default.nix + โ”‚ โ”œโ”€โ”€ fhs.nix # FHS environment + โ”‚ โ”œโ”€โ”€ fonts.nix # Desktop fonts + โ”‚ โ”œโ”€โ”€ guix.nix # GNU Guix integration + โ”‚ โ”œโ”€โ”€ misc.nix # Miscellaneous desktop settings + โ”‚ โ”œโ”€โ”€ networking/ # Network-related desktop configs + โ”‚ โ”‚ โ”œโ”€โ”€ clash-verge.nix + โ”‚ โ”‚ โ”œโ”€โ”€ default.nix + โ”‚ โ”‚ โ”œโ”€โ”€ remote-desktop.nix + โ”‚ โ”‚ โ””โ”€โ”€ tailscale.nix + โ”‚ โ”œโ”€โ”€ peripherals.nix # Peripheral device configuration + โ”‚ โ”œโ”€โ”€ security.nix # Desktop security settings + โ”‚ โ”œโ”€โ”€ virtualisation.nix # Virtualization support + โ”‚ โ””โ”€โ”€ xdg.nix # XDG base directory settings + โ””โ”€โ”€ server/ # Server-specific modules + โ”œโ”€โ”€ kubevirt-hardware-configuration.nix + โ”œโ”€โ”€ server-aarch64.nix + โ”œโ”€โ”€ server-riscv64.nix + โ””โ”€โ”€ server.nix +``` + +## Module Categories + +### 1. **Base Modules** (`base/`) + +Common configuration shared between NixOS and macOS: + +- System fonts and localization +- Essential packages and tools +- Basic security settings +- User management +- Package overlays + +### 2. **macOS Modules** (`darwin/`) + +macOS-specific configuration: + +- macOS applications and system settings +- Security configurations tailored for macOS +- SSH and system-level settings +- Package compatibility fixes + +### 3. **NixOS Modules** (`nixos/`) + +Platform-specific NixOS configuration: + +- **Base**: Core system settings and services +- **Desktop**: Desktop environment and GUI applications +- **Server**: Server-specific optimizations and services + +## Usage + +Modules are imported based on platform detection: + +- **NixOS Systems**: Import `nixos/` modules +- **macOS Systems**: Import `darwin/` modules +- **All Systems**: Import `base/` modules for shared configuration + +## Architecture Support + +- **x86_64-linux**: Desktop and server configurations +- **aarch64-linux**: ARM64 Linux systems +- **aarch64-darwin**: Apple Silicon macOS systems +- **server-riscv64**: RISC-V server configurations diff --git a/overlays/README.md b/overlays/README.md index 303f5150..68071420 100644 --- a/overlays/README.md +++ b/overlays/README.md @@ -5,7 +5,46 @@ Overlays for both NixOS and Nix-Darwin. If you don't know much about overlays, it is recommended to learn the function and usage of overlays through [Overlays - NixOS & Flakes Book](https://nixos-and-flakes.thiscute.world/nixpkgs/overlays). -1. `default.nix`: the entrypoint of overlays, it execute and import all overlay files in the current - directory with the given args. -2. `fcitx5`: fcitx5's overlay, add my customized Chinese input method - - [ๅฐ้นค้Ÿณๅฝข่พ“ๅ…ฅๆณ•](https://flypy.com/) +## Current Structure + +``` +overlays/ +โ”œโ”€โ”€ README.md +โ”œโ”€โ”€ default.nix # Entrypoint for all overlays +โ””โ”€โ”€ fcitx5/ # Chinese input method configuration + โ”œโ”€โ”€ README.md + โ”œโ”€โ”€ default.nix # fcitx5 overlay definition + โ””โ”€โ”€ rime-data-flypy/ # Custom rime data for ๅฐ้นค้Ÿณๅฝข่พ“ๅ…ฅๆณ• + โ””โ”€โ”€ share/ + โ””โ”€โ”€ rime-data/ + โ”œโ”€โ”€ build/ + โ”œโ”€โ”€ default.custom.yaml + โ”œโ”€โ”€ default.yaml + โ”œโ”€โ”€ flypy.schema.yaml + โ”œโ”€โ”€ flypy_fullๅ…จ็ ๅญ—.txt + โ”œโ”€โ”€ flypy_sys.txt + โ”œโ”€โ”€ flypy_top.txt + โ”œโ”€โ”€ flypy_user.txt + โ”œโ”€โ”€ lua/ + โ”‚ โ””โ”€โ”€ calculator_translator.lua + โ”œโ”€โ”€ rime.lua + โ”œโ”€โ”€ squirrel.custom.yaml + โ””โ”€โ”€ squirrel.yaml +``` + +## Components + +### 1. `default.nix` + +The entrypoint of overlays, it execute and import all overlay files in the current directory with +the given args. + +### 2. `fcitx5` + +fcitx5's overlay, add my customized Chinese input method - [ๅฐ้นค้Ÿณๅฝข่พ“ๅ…ฅๆณ•](https://flypy.com/) + +This overlay provides: + +- Custom rime data for ๅฐ้นค้Ÿณๅฝข่พ“ๅ…ฅๆณ• (Flypy input method) +- Cross-platform support for both Linux (fcitx5-rime) and macOS (squirrel) +- Pre-configured input method settings diff --git a/vars/README.md b/vars/README.md index 96ef3d92..8c6500bb 100644 --- a/vars/README.md +++ b/vars/README.md @@ -1,3 +1,47 @@ # Variables -Some common variables that I use in my NixOS configuration. +Common variables and configuration used across my NixOS and nix-darwin configurations. + +## Current Structure + +``` +vars/ +โ”œโ”€โ”€ README.md +โ”œโ”€โ”€ default.nix # Main variables entry point +โ””โ”€โ”€ networking.nix # Network configuration and host definitions +``` + +## Components + +### 1. `default.nix` + +Contains user information, SSH keys, and password configuration: + +- User credentials (username, full name, email) +- Initial hashed password for new installations +- SSH authorized keys (main and backup sets) +- Public key references for system access + +### 2. `networking.nix` + +Comprehensive network configuration including: + +- **Gateway settings**: Main router and proxy gateway configurations +- **DNS servers**: IPv4 and IPv6 name servers +- **Host inventory**: Complete mapping of all hosts with their network interfaces and IP addresses +- **SSH configuration**: Remote builder aliases and known hosts configuration +- **Network topology**: Physical machines, VMs, Kubernetes clusters, and SBCs + +## Host Categories + +The networking configuration covers: + +- **Physical machines**: Desktop PCs, Apple Silicon systems, SBCs +- **Virtual machines**: KubeVirt guests, K3s nodes +- **Kubernetes clusters**: Production and testing environments +- **Network infrastructure**: Routers, gateways, and DNS configuration + +## Usage + +These variables are imported and used throughout the configuration to ensure consistency across all +hosts and maintain centralized network and security settings.