docs: justfile

feat: adjust homepage config

.gitignore

@@ -3,3 +3,4 @@ result/
 .direnv/
 .DS_Store
 .pre-commit-config.yaml
+logs/

Justfile

@@ -1,57 +1,72 @@
 # just is a command runner, Justfile is very similar to Makefile, but simpler.
 
-# use nushell for shell commands
+# Use nushell for shell commands
+# To usage this justfile, you need to enter a shell with just & nushell installed:
+# 
+#   nix shell nixpkgs#just nixpkgs#nushell
 set shell := ["nu", "-c"]
 
+utils_nu := absolute_path("utils.nu")
+
 ############################################################################
 #
 #  Common commands(suitable for all machines)
 #
 ############################################################################
 
-# Remote deployment via colmena
-col tag:
-  colmena apply --on '@{{tag}}' --verbose --show-trace
-
-local name mode="default":
-  use utils.nu *; \
-  nixos-switch {{name}} {{mode}}
-
 # Run eval tests
+[group('nix')]
 test:
   nix eval .#evalTests --show-trace --print-build-logs --verbose
 
-# update all the flake inputs
+# Update all the flake inputs
+[group('nix')]
 up:
   nix flake update
 
 # Update specific input
 # Usage: just upp nixpkgs
+[group('nix')]
 upp input:
   nix flake update {{input}}
 
 # List all generations of the system profile
+[group('nix')]
 history:
   nix profile history --profile /nix/var/nix/profiles/system
 
 # Open a nix shell with the flake
+[group('nix')]
 repl:
   nix repl -f flake:nixpkgs
 
 # remove all generations older than 7 days
+[group('nix')]
 clean:
   sudo nix profile wipe-history --profile /nix/var/nix/profiles/system  --older-than 7d
 
 # Garbage collect all unused nix store entries
+[group('nix')]
 gc:
   # garbage collect all unused nix store entries
-  sudo nix store gc --debug
   sudo nix-collect-garbage --delete-old
 
-# Remove all reflog entries and prune unreachable objects
+# Enter a shell session which has all the necessary tools for this flake
-gitgc:
+[linux]
-  git reflog expire --expire-unreachable=now --all
+[group('nix')]
-  git gc --prune=now
+shell:
+  nix shell nixpkgs#git nixpkgs#neovim nixpkgs#colmena
+
+# Enter a shell session which has all the necessary tools for this flake
+[macos]
+[group('nix')]
+shell:
+  nix shell nixpkgs#git nixpkgs#neovim
+
+[group('nix')]
+fmt:
+  # format the nix files in this repo
+  nix fmt
 
 ############################################################################
 #
@@ -60,24 +75,32 @@ gitgc:
 ############################################################################
 
 [linux]
+[group('desktop')]
 i3 mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   nixos-switch ai-i3 {{mode}}
 
 [linux]
+[group('desktop')]
 hypr mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   nixos-switch ai-hyprland {{mode}}
 
 
 [linux]
+[group('desktop')]
 s-i3 mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   nixos-switch shoukei-i3 {{mode}}
 
 [linux]
+[group('desktop')]
 s-hypr mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   nixos-switch shoukei-hyprland {{mode}}
 
 ############################################################################
@@ -87,31 +110,39 @@ s-hypr mode="default":
 ############################################################################
 
 [macos]
+[group('desktop')]
 darwin-set-proxy:
   sudo python3 scripts/darwin_set_proxy.py
   sleep 1sec
 
 [macos]
+[group('desktop')]
 darwin-rollback:
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   darwin-rollback
 
 # Deploy to harmonica(macOS host)
 [macos]
+[group('desktop')]
 ha mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  darwin-build "harmonica" {{mode}}; \
+  use {{utils_nu}} *;
+  darwin-build "harmonica" {{mode}};
   darwin-switch "harmonica" {{mode}}
 
 # Depoly to fern(macOS host)
 [macos]
+[group('desktop')]
 fe mode="default": darwin-set-proxy
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  darwin-build "fern" {{mode}}; \
+  use {{utils_nu}} *;
+  darwin-build "fern" {{mode}};
   darwin-switch "fern" {{mode}}
 
 # Reload yabai and skhd(macOS)
 [macos]
+[group('desktop')]
 yabai-reload:
   launchctl kickstart -k "gui/502/org.nixos.yabai";
   launchctl kickstart -k "gui/502/org.nixos.skhd"; 
@@ -122,34 +153,67 @@ yabai-reload:
 #
 ############################################################################
 
+# Remote deployment via colmena
+[linux]
+[group('homelab')]
+col tag:
+  colmena apply --on '@{{tag}}' --verbose --show-trace
+
+[linux]
+[group('homelab')]
+local name mode="default":
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
+  nixos-switch {{name}} {{mode}}
+
 # Build and upload a vm image
+[linux]
+[group('homelab')]
 upload-vm name mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *;
   upload-vm {{name}} {{mode}}
 
 # Deploy all the KubeVirt nodes(Physical machines running KubeVirt)
+[linux]
+[group('homelab')]
 lab:
   colmena apply --on '@virt-*' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 shoryu:
   colmena apply --on '@kubevirt-shoryu' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 shoryu-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch kubevirt-shoryu {{mode}}
 
+[linux]
+[group('homelab')]
 shushou:
   colmena apply --on '@kubevirt-shushou' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 shushou-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch kubevirt-shushou {{mode}}
 
+[linux]
+[group('homelab')]
 youko:
   colmena apply --on '@kubevirt-youko' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 youko-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch kubevirt-youko {{mode}}
 
 ############################################################################
@@ -159,31 +223,49 @@ youko-local mode="default":
 ############################################################################
 
 # Build and upload a vm image
+[linux]
+[group('homelab')]
 upload-idols mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   upload-vm aquamarine {{mode}}
   upload-vm ruby {{mode}}
   upload-vm kana {{mode}}
 
+[linux]
+[group('homelab')]
 aqua:
   colmena apply --on '@aqua' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 aqua-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch aquamarine {{mode}}
 
+[linux]
+[group('homelab')]
 ruby:
   colmena apply --on '@ruby' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 ruby-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch ruby {{mode}}
 
+[linux]
+[group('homelab')]
 kana:
   colmena apply --on '@kana' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 kana-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch kana {{mode}}
 
 ############################################################################
@@ -193,30 +275,44 @@ kana-local mode="default":
 ############################################################################
 
 # Build and upload a vm image
+[linux]
+[group('homelab')]
 upload-k3s mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  upload-vm k3s-prod-1-master-1 {{mode}}; \
+  use {{utils_nu}} *; 
-  upload-vm k3s-prod-1-master-2 {{mode}}; \
+  upload-vm k3s-prod-1-master-1 {{mode}}; 
-  upload-vm k3s-prod-1-master-3 {{mode}}; \
+  upload-vm k3s-prod-1-master-2 {{mode}}; 
-  upload-vm k3s-prod-1-worker-1 {{mode}}; \
+  upload-vm k3s-prod-1-master-3 {{mode}}; 
-  upload-vm k3s-prod-1-worker-2 {{mode}}; \
+  upload-vm k3s-prod-1-worker-1 {{mode}}; 
+  upload-vm k3s-prod-1-worker-2 {{mode}}; 
   upload-vm k3s-prod-1-worker-3 {{mode}};
 
+[linux]
+[group('homelab')]
 upload-k3s-test mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
-  upload-vm k3s-test-1-master-1 {{mode}}; \
+  use {{utils_nu}} *; 
-  upload-vm k3s-test-1-master-2 {{mode}}; \
+  upload-vm k3s-test-1-master-1 {{mode}}; 
+  upload-vm k3s-test-1-master-2 {{mode}}; 
   upload-vm k3s-test-1-master-3 {{mode}};
 
+[linux]
+[group('homelab')]
 k3s:
   colmena apply --on '@k3s-*' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 master:
   colmena apply --on '@k3s-prod-1-master-*' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 worker:
   colmena apply --on '@k3s-prod-1-worker-*' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 k3s-test:
   colmena apply --on '@k3s-test-*' --verbose --show-trace
 
@@ -226,12 +322,18 @@ k3s-test:
 #
 ############################################################################
 
+[linux]
+[group('homelab')]
 riscv:
   colmena apply --on '@riscv' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 nozomi:
   colmena apply --on '@nozomi' --verbose --show-trace
 
+[linux]
+[group('homelab')]
 yukina:
   colmena apply --on '@yukina' --verbose --show-trace
 
@@ -241,42 +343,49 @@ yukina:
 #
 ############################################################################
 
+[linux]
+[group('homelab')]
 rakushun:
   colmena apply --on '@rakushun' --build-on-target --verbose --show-trace
 
+[linux]
+[group('homelab')]
 rakushun-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch rakushun {{mode}}
 
+[linux]
+[group('homelab')]
 suzu-set-proxy:
   ip route del default via 192.168.5.1
   ip route add default via 192.168.5.178
 
+[linux]
+[group('homelab')]
 suzu-unset-proxy:
   ip route del default via 192.168.5.178
   ip route add default via 192.168.5.1
 
+[linux]
+[group('homelab')]
 suzu-local mode="default":
-  use utils.nu *; \
+  #!/usr/bin/env nu
+  use {{utils_nu}} *; 
   nixos-switch suzu {{mode}}
 
 ############################################################################
 #
-#  Misc, other useful commands
+#  Neovim related commands
 #
 ############################################################################
 
-fmt:
+[group('neovim')]
-  # format the nix files in this repo
-  nix fmt
-
-path:
-   $env.PATH | split row ":"
-
 nvim-test:
   rm -rf $"($env.HOME)/.config/nvim"
   rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/neovim/nvim/ $"($env.HOME)/.config/nvim/"
 
+[group('neovim')]
 nvim-clean:
   rm -rf $"($env.HOME)/.config/nvim"
 
@@ -284,45 +393,68 @@ nvim-clean:
 # Emacs related commands
 # =================================================
 
-emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+[group('emacs')]
-
-reload-emacs-cmd := if os() == "macos" {
-    "launchctl unload " + emacs-plist-path
-    + "\n"
-    + "launchctl load " + emacs-plist-path
-    + "\n"
-    + "tail -f ~/Library/Logs/emacs-daemon.stderr.log"
-  } else {
-    "systemctl --user restart emacs.service"
-    + "\n"
-    + "systemctl --user status emacs.service"
-  }
-
 emacs-test:
   rm -rf $"($env.HOME)/.config/doom"
   rsync -avz --copy-links --chmod=D2755,F744 home/base/tui/editors/emacs/doom/ $"($env.HOME)/.config/doom/"
   doom clean
   doom sync
 
+[group('emacs')]
 emacs-clean:
   rm -rf $"($env.HOME)/.config/doom/"
 
+[group('emacs')]
 emacs-purge:
   doom purge
   doom clean
   doom sync
 
+[linux]
+[group('emacs')]
 emacs-reload:
   doom sync
-  {{reload-emacs-cmd}}
+  systemctl --user restart emacs.service
+  systemctl --user status emacs.service
 
 
+emacs-plist-path := "~/Library/LaunchAgents/org.nix-community.home.emacs.plist"
+
+[macos]
+[group('emacs')]
+emacs-reload:
+  doom sync
+  launchctl unload {{emacs-plist-path}}
+  launchctl load {{emacs-plist-path}}
+  tail -f ~/Library/Logs/emacs-daemon.stderr.log
+
 # =================================================
 #
-# Kubernetes related commands
+# Other useful commands
 #
 # =================================================
 
+[group('common')]
+path:
+   $env.PATH | split row ":"
 
+[linux]
+[group('common')]
+penvof pid:
+  sudo cat $"/proc/($pid)/environ" | tr '\0' '\n'
+
+# Remove all reflog entries and prune unreachable objects
+[group('git')]
+ggc:
+  git reflog expire --expire-unreachable=now --all
+  git gc --prune=now
+
+# Amend the last commit without changing the commit message
+[group('git')]
+game:
+  git commit --amend -a --no-edit
+
+# Delete all failed pods
+[group('k8s')]
 del-failed:
    kubectl delete pod --all-namespaces --field-selector="status.phase==Failed"

README.md

@@ -31,6 +31,9 @@ This repository is home to the nix code that builds my systems:
 
 See [./hosts](./hosts) for details of each host.
 
+See [./Virtual-Machine.md](./Virtual-Machine.md) for details of how to create & manage KubeVirt's
+Virtual Machine from this flake.
+
 ## Why NixOS & Flakes?
 
 Nix allows for easy-to-manage, collaborative, reproducible deployments. This means that once

Virtual-Machine.md

@@ -1,13 +1,17 @@
 ## How to create & managage KubeVirt's Virtual Machine from this flake?
 
-Use `aquamarine` as an example, we can create a virtual machine with the following command:
+Use `aquamarine` as an example, first build and upload the virtual machine's qcow2 image to the file
+server:
 
 ```shell
 just upload-vm aquamarine
 ```
 
 Then create the virtual machine by creating a yaml file at
-[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms)
+[ryan4yin/k8s-gitops](https://github.com/ryan4yin/k8s-gitops/tree/main/vms), set the
+`spec.dataVolumeTemplates[0].source.http.url` to the uploaded file's URL, and fluxcd will
+automatically apply the changes, then a virtual machine named `aquamarine` will be created in the
+KubeVirt cluster.
 
 Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following
 commands:

flake.lock

@@ -686,10 +686,10 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1712114794,
+        "lastModified": 1722412796,
-        "narHash": "sha256-qWSnhqYo7o9+ThiH5TV5yPOWSKXCKpwSP+7HjnjBZvY=",
+        "narHash": "sha256-bV+DbfqItujekh62XWpqC2ldkw6KqAo6LOpKLh9M7Sc=",
         "ref": "refs/heads/main",
-        "rev": "066524c12e11687110642005d5d51fec88306573",
+        "rev": "8e3cf78c9f6b016625681f668e154b3705851a0d",
         "shallow": true,
         "type": "git",
         "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"

home/base/core/core.nix

@@ -10,7 +10,7 @@
     gnupg
     gnumake
 
-    # Morden cli tools, replacement of grep/sed/...
+    # Modern cli tools, replacement of grep/sed/...
 
     # Interactively filter its input using fuzzy searching, not limit to filenames.
     fzf

home/base/core/yazi.nix

@@ -11,6 +11,12 @@
     # Changing working directory when exiting Yazi
     enableBashIntegration = true;
     enableNushellIntegration = true;
+    settings = {
+      manager = {
+        show_hidden = true;
+        sort_dir_first = true;
+      };
+    };
   };
 
   xdg.configFile."yazi/theme.toml".source = "${nur-ryan4yin.packages.${pkgs.system}.catppuccin-yazi}/mocha.toml";

home/base/tui/editors/Structured-Editing.md

@@ -5,7 +5,7 @@
 - paredit/[lispy](https://github.com/doomemacs/doomemacs/tree/master/modules/editor/lispy): too
   complex.
 - [evil-cleverparens](https://github.com/emacs-evil/evil-cleverparens): simple and useful.
-- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): morden, simple, elegant and
+- [parinfer(par-in-fer)](https://shaunlebron.github.io/parinfer/): modern, simple, elegant and
   useful, but works not well with some other completion plugins...
   - to make parinfer works, you should disable sexp & smartparens in any lisp mode.
 

home/base/tui/editors/helix/README.md

@@ -20,7 +20,7 @@ Use `:tutor` in helix to start the tutorial.
    1. Helix: delete 2 word: `2w` then `x`. You can always see what you're selecting before you apply
       the action.
    2. Neovim: delete 2 word: `d`. then `2w`. No visual feedback before you apply the action.
-1. Helix - Morden builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
+1. Helix - Modern builtin features: LSP, tree-sitter, fuzzy finder, multi cursors, surround and
    more.
    1. They're all available in Neovim too, but you need to find and use the right plugins manually,
       which takes time and effort.

home/base/tui/editors/neovim/README.md

@@ -94,8 +94,11 @@ plugin.
 
 ### Splitting and Buffers
 
-| | Action | Shortcut | | --------------------- | ------------- | | Horizontal Split | `\` | |
+| Action           | Shortcut      |
-Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
+| ---------------- | ------------- |
+| Horizontal Split | `\`           |
+| Vertical Split   | `\|`          |
+| Close Buffer     | `<Space> + c` |
 
 ### Editing and Formatting
 
@@ -109,7 +112,18 @@ Vertical Split | `\|` | | Close Buffer | `<Space> + c` |
 | Comment Line(support multiple lines)                  | `<Space> + /`  |
 | Open filepath/URL at cursor(neovim's builtin command) | `gx`           |
 | Find files by name (fzf)                              | `<Space> + ff` |
+| Find files by name (include hidden files)             | `<Space> + fF` |
 | Grep string in files (ripgrep)                        | `<Space> + fw` |
+| Grep string in files (include hidden files)           | `<Space> + fW` |
+
+### Git
+
+| Action                     | Shortcut        |
+| -------------------------- | --------------- |
+| Git Commits (repository)   | `:<Space> + gc` |
+| Git Commits (current file) | `:<Space> + gC` |
+| Git Branches               | `:<Space> + gb` |
+| Git Status                 | `:<Space> + gt` |
 
 ### Sessions
 
@@ -163,7 +177,7 @@ Provided by mini.surround plugin.
 | --------------------------------- | --------------- |
 | Show all Yank History             | `:<Space> + yh` |
 | Show undo history                 | `:<Space> + uh` |
-| Show the path of the current file | `:!echo $%`      |
+| Show the path of the current file | `:!echo $%`     |
 
 ## Additional Resources
 

home/base/tui/editors/neovim/default.nix

@@ -30,6 +30,27 @@ in {
       viAlias = true;
       vimAlias = true;
 
+      # These environment variables are needed to build and run binaries
+      # with external package managers like mason.nvim.
+      #
+      # LD_LIBRARY_PATH is also needed to run the non-FHS binaries downloaded by mason.nvim.
+      # it will be set by nix-ld, so we do not need to set it here again.
+      extraWrapperArgs = with pkgs; [
+        # LIBRARY_PATH is used by gcc before compilation to search directories
+        # containing static and shared libraries that need to be linked to your program.
+        "--suffix"
+        "LIBRARY_PATH"
+        ":"
+        "${lib.makeLibraryPath [stdenv.cc.cc zlib]}"
+
+        # PKG_CONFIG_PATH is used by pkg-config before compilation to search directories
+        # containing .pc files that describe the libraries that need to be linked to your program.
+        "--suffix"
+        "PKG_CONFIG_PATH"
+        ":"
+        "${lib.makeSearchPathOutput "dev" "lib/pkgconfig" [stdenv.cc.cc zlib]}"
+      ];
+
       # Currently we use lazy.nvim as neovim's package manager, so comment this one.
       #
       # NOTE: These plugins will not be used by astronvim by default!

home/base/tui/editors/neovim/nvim/lua/plugins/mason.lua

@@ -1,4 +1,7 @@
 -- Customize Mason plugins
+--
+-- NOTE: Issue - mason.nvim does not support NixOS:
+-- https://github.com/williamboman/mason.nvim/issues/428
 
 ---@type LazySpec
 return {

home/base/tui/encryption/README.md

@@ -16,7 +16,7 @@ using a Cloud provider for key management.
 Both age, Sops & GnuPG provide asymmetric encryption, which is useful for encrypting files for a
 specific user.
 
-For morden use, age is recommended, as it use [AEAD encryption function -
+For modern use, age is recommended, as it use [AEAD encryption function -
 ChaCha20-Poly1305][age Format v1], If you do not want to manage the keys by yourself, Sops is
 recommended, as it use KMS for key management.
 

home/base/tui/gpg/README.md

@@ -104,7 +104,7 @@ one keypair, or a keyring/keychain(which contains multiple sub key-pairs).
 
 Let's generate a keypair interactively:
 
-> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is morden
+> Now in 2024, GnuPG 2.4.1 defaults to ECC algorithm (9) and Curve 25519 for ECC, which is modern
 > and safe, I would recommend to use these defaults directly.
 
 ```bash

home/linux/gui/base/gtk.nix

@@ -45,7 +45,7 @@
 
     theme = {
       # https://github.com/catppuccin/gtk
-      name = "Catppuccin-Macchiato-Compact-Pink-Dark";
+      name = "catppuccin-macchiato-pink-compact";
       package = pkgs.catppuccin-gtk.override {
         # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/data/themes/catppuccin-gtk/default.nix
         accents = ["pink"];

hosts/12kingdoms-rakushun/README.md

@@ -2,36 +2,12 @@
 
 LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus.
 
-Storage, operation and maintenance related services are running on this host:
+TODO
-
-1. Storage such as git server, file server/browser, torrent downloader,, etc.
-1. Backup or sync my personal data to cloud or NAS.
-   - For safety, those data should be encrypted before sending to the cloud or my NAS.
-1. Collect and monitor the metrics/logs of my homelab.
 
 ## Showcases
 
 ![](../../_img/2024-03-07_orangepi5plus_rakushun.webp)
 
-## Features
-
-Services:
-
-1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
-1. restic: Backup my personal data to cloud or NAS.
-1. synthing: Sync file between android/macbook/PC and NAS.
-1. gitea: Self-hosted git service.
-1. sftpgo: SFTP server.
-1. transmission & AriaNg: Torrent downloader and HTTP downloader
-1. alist/filebrower: File browser for local/SMB/Cloud
-
-All the services assumes a reverse proxy to be setup in the front, they are all listening on
-localhost, and a caddy service is listening on the local network interface and proxy the requests to
-the services.
-
-TODO: create a private PKI for caddy, to achieve end-to-end encryption between caddy and the
-services.
-
 ## Misc
 
 ```bash

hosts/12kingdoms-rakushun/homepage/README.md

@@ -1 +0,0 @@
-# Homepage for my Homelab

hosts/12kingdoms-rakushun/homepage/default.nix

@@ -1,25 +0,0 @@
-{pkgs, ...}: let
-  configDir = "/var/lib/homepage-dashboard";
-in {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/homepage-dashboard.nix
-  services.homepage-dashboard = {
-    enable = true;
-    listenPort = 4401;
-    openFirewall = false;
-  };
-  systemd.services.homepage-dashboard.environment = {
-    HOMEPAGE_CONFIG_DIR = configDir;
-
-    # 1. The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config
-    # HOMEPAGE_VAR_XXX_APIKEY = "myapikey";
-    # 2. The value of env var HOMEPAGE_FILE_XXX must be a file path,
-    # the contents of which will be used to replace {{HOMEPAGE_FILE_XXX}} in any config
-  };
-  # Install the homepage-dashboard configuration files
-  system.activationScripts.installHomepageDashboardConfig = ''
-    mkdir -p ${configDir}
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F600 ${./config}/ ${configDir}/
-
-    ${pkgs.systemdMinimal}/bin/systemctl restart homepage-dashboard
-  '';
-}

hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix

@@ -1,26 +0,0 @@
-{
-  # Replace dashy with gethomepage, because dashy is too slow to start/reload.
-
-  # # Install the dashy configuration file instead of symlink it
-  # system.activationScripts.installDashyConfig = ''
-  #   install -Dm 600 ${./dashy_conf.yml} /etc/dashy/dashy_conf.yml
-  # '';
-  #
-  # # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
-  # virtualisation.oci-containers.containers = {
-  #   # check its logs via `journalctl -u podman-dashy`
-  #   dashy = {
-  #     hostname = "dashy";
-  #     image = "lissy93/dashy:latest";
-  #     ports = ["127.0.0.1:4000:80"];
-  #     environment = {
-  #       "NODE_ENV" = "production";
-  #     };
-  #     volumes = [
-  #       "/etc/dashy/dashy_conf.yml:/app/public/conf.yml"
-  #     ];
-  #     autoStart = true;
-  #     # cmd = [];
-  #   };
-  # };
-}

hosts/12kingdoms-rakushun/uptime-kuma.nix

@@ -1,12 +0,0 @@
-{
-  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix
-  services.uptime-kuma = {
-    enable = true;
-    # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
-    settings = {
-      "UPTIME_KUMA_HOST" = "127.0.0.1";
-      "UPTIME_KUMA_PORT" = "3350";
-      "DATA_DIR" = "/var/lib/uptime-kuma/";
-    };
-  };
-}

hosts/README.md

@@ -4,19 +4,20 @@
    1. `shoukei`: NixOS on Macbook Pro 2020 Intel i5, 13.3-inch, 16G RAM + 512G SSD.
    1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM +
       256G SSD.
-      1. Network related services running via microvm.nix, such as router(transparent proxy - dae),
+      - Network related services running via microvm.nix, such as router(transparent proxy - dae),
-         tailscale subrouter, etc.
+        tailscale subrouter, etc.
    1. `rakushun`: Orange Pi 5 Plus, RK3588(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8),
       16G RAM + 2T SSD.
-      1. Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
+      - Not used now.
-         and other services.
 1. `darwin`(macOS)
    1. `fern`: MacBook Pro 2022 13-inch M2 16G, mainly for business.
    1. `harmonica`: MacBook Pro 2020 13-inch i5 16G, for personal use.
-1. `k8s`: My Kubernetes Clusters
+1. `k8s`: My Kubevirt & Kubernetes Clusters
 1. `idols`
    1. `ai`: My main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
-   2. `aquamarine`: Not used now.
+   2. `aquamarine`: Kubevirt Virtual Machine.
+      - Monitoring(prometheus, grafana, exporters), CI/CD(gitea, runner), homepage, file browser,
+        and other services.
    3. `ruby`: Not used now.
    4. `kana`: Not used now.
 1. `rolling_girls`: My RISCV64 hosts.

hosts/idols-aquamarine/README.md

@@ -1,3 +1,24 @@
 # Idols - Aquamarine
 
-TODO
+Storage, operation and maintenance related services are running on this host:
+
+1. Storage such as git server, file server/browser, torrent downloader,, etc.
+1. Backup or sync my personal data to cloud or NAS.
+   - For safety, those data should be encrypted before sending to the cloud or my NAS.
+1. Collect and monitor the metrics/logs of my homelab.
+
+## Features
+
+Services:
+
+1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
+1. restic: Backup my personal data to cloud or NAS.
+1. synthing: Sync file between android/macbook/PC and NAS.
+1. gitea: Self-hosted git service.
+1. sftpgo: SFTP server.
+1. transmission & AriaNg: Torrent downloader and HTTP downloader
+1. alist/filebrower: File browser for local/SMB/Cloud
+
+All the services assumes a reverse proxy to be setup in the front, they are all listening on
+localhost, and a caddy service is listening on the local network interface and proxy the requests to
+the services.

hosts/idols-aquamarine/caddy.nix

@@ -17,7 +17,7 @@ in {
     # Reload Caddy instead of restarting it when configuration file changes.
     enableReload = true;
     user = "caddy"; # User account under which caddy runs.
-    dataDir = "/var/lib/caddy";
+    dataDir = "/data/apps/caddy";
     logDir = "/var/log/caddy";
 
     # Additional lines of configuration appended to the global config section of the Caddyfile.
@@ -31,12 +31,12 @@ in {
     # Dashboard
     virtualHosts."home.writefor.fun".extraConfig = ''
       ${hostCommonConfig}
-      reverse_proxy http://localhost:4401
+      reverse_proxy http://localhost:54401
     '';
 
     # https://caddyserver.com/docs/caddyfile/directives/file_server
     virtualHosts."file.writefor.fun".extraConfig = ''
-      root * /var/lib/caddy/fileserver/
+      root * /data/apps/caddy/fileserver/
       ${hostCommonConfig}
       file_server browse {
         hide .git
@@ -64,7 +64,7 @@ in {
     # Monitoring
     virtualHosts."uptime-kuma.writefor.fun".extraConfig = ''
       encode zstd gzip
-      reverse_proxy http://localhost:3350
+      reverse_proxy http://localhost:53350
     '';
     virtualHosts."grafana.writefor.fun".extraConfig = ''
       encode zstd gzip
@@ -83,15 +83,15 @@ in {
 
   # Create Directories
   systemd.tmpfiles.rules = [
-    "d /var/lib/caddy/fileserver/ 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/ 0755 caddy caddy"
     # directory for virtual machine's images
-    "d /var/lib/caddy/fileserver/vms 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/vms 0755 caddy caddy"
   ];
 
-  # Add all my wallpapers into /var/lib/caddy/fileserver/wallpapers
+  # Add all my wallpapers into /data/apps/caddy/fileserver/wallpapers
   # Install the homepage-dashboard configuration files
   system.activationScripts.installCaddyWallpapers = ''
-    mkdir -p /var/lib/caddy/fileserver/wallpapers
+    mkdir -p /data/apps/caddy/fileserver/wallpapers
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /var/lib/caddy/fileserver/wallpapers/
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /data/apps/caddy/fileserver/wallpapers/
   '';
 }

hosts/idols-aquamarine/default.nix

@@ -1,4 +1,10 @@
-{myvars, ...}:
+{
+  mylib,
+  myvars,
+  pkgs,
+  disko,
+  ...
+}:
 #############################################################
 #
 #  Aquamarine - A NixOS VM running on Proxmox/KubeVirt
@@ -7,25 +13,33 @@
 let
   hostName = "aquamarine"; # Define your hostname.
 in {
-  imports = [
+  imports =
-  ];
+    (mylib.scanPaths ./.)
+    ++ [
+      disko.nixosModules.default
+    ];
 
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [
     "ext4"
     "btrfs"
     "xfs"
+    #"zfs"
+    "ntfs"
     "fat"
     "vfat"
     "exfat"
   ];
 
-  # boot.kernelModules = ["kvm-amd"];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
-  # boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
 
   networking = {
     inherit hostName;
-    inherit (myvars.networking) nameservers;
+    inherit (myvars.networking) defaultGateway nameservers;
+    inherit (myvars.networking.hostsInterface.${hostName}) interfaces;
+    networkmanager.enable = false;
   };
 
   # This value determines the NixOS release from which the default

hosts/idols-aquamarine/disko-fs.nix

@@ -0,0 +1,62 @@
+# auto disk partitioning:
+#   nix run github:nix-community/disko -- --mode disko ./disko-fs.nix
+{
+  disko.devices = {
+    disk.data-apps = {
+      type = "disk";
+      device = "/dev/disk/by-id/ata-WDC_WD40EJRX-89T1XY0_WD-WCC7K0XDCZE6";
+      content = {
+        type = "gpt";
+        partitions.data-apps = {
+          size = "100%";
+          content = {
+            type = "btrfs";
+            # extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              "@persistent" = {
+                mountpoint = "/data/apps";
+                mountOptions = [
+                  "compress-force=zstd:1"
+                  # https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html
+                  "nofail"
+                ];
+              };
+              "@backups" = {
+                mountpoint = "/data/backups";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+              "@snapshots" = {
+                mountpoint = "/data/apps-snapshots";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+            };
+          };
+        };
+      };
+    };
+    disk.data-fileshare = {
+      type = "disk";
+      device = "/dev/disk/by-id/ata-WDC_WD40EZRZ-22GXCB0_WD-WCC7K7VV9613";
+      content = {
+        type = "gpt";
+        partitions.data-fileshare = {
+          size = "100%";
+          content = {
+            type = "btrfs";
+            # extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              "@persistent" = {
+                mountpoint = "/data/fileshare";
+                mountOptions = ["compress-force=zstd:1" "nofail"];
+              };
+              "@snapshots" = {
+                mountpoint = "/data/fileshare-snapshots";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/idols-aquamarine/gitea.nix

@@ -5,7 +5,7 @@ in {
     enable = true;
     user = "gitea";
     group = "gitea";
-    stateDir = "/var/lib/gitea";
+    stateDir = "/data/apps/gitea";
     appName = "Ryan Yin's Gitea Service";
     lfs.enable = true;
     # Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
@@ -27,7 +27,10 @@ in {
       };
       # one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
       log.LEVEL = "Info";
-      session.COOKIE_SECURE = false;
+      # Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS.
+      session.COOKIE_SECURE = true;
+      # NOTE: The first registered user will be the administrator,
+      # so this parameter should NOT be set before the first user registers!
       service.DISABLE_REGISTRATION = true;
 
       # "cron.sync_external_users" = {

hosts/idols-aquamarine/grafana/default.nix

@@ -5,7 +5,7 @@
 }: {
   services.grafana = {
     enable = true;
-    dataDir = "/var/lib/grafana";
+    dataDir = "/data/apps/grafana";
     # DeclarativePlugins = with pkgs.grafanaPlugins; [ grafana-piechart-panel ];
     settings = {
       server = {

hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml

@@ -1,56 +1,62 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/latest/configs/services
+#
+# Icons:
+#   1. .png/.svg: will be referenced from https://github.com/walkxcode/dashboard-icons
+#   2. mdi-XXX:   https://pictogrammers.com/library/mdi/
+#   3. si-XXX:    https://simpleicons.org/
 
 - KubeVirt 虚拟化集群:
     - KubeVirt-Shoryu:
-        icon: si-kubevirt
+        icon: mdi-server
         description: "CPU: R7-5825U / MEM: 64G / DISK: 1T"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100
     - KubeVirt-Shushou:
-        icon: si-kubevirt
+        icon: mdi-server
         description: "CPU: R9-5900HX / MEM: 64G / DISK: 1T"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100
     - KubeVirt-Youko:
-        icon: si-kubevirt
+        icon: mdi-server
         description: "CPU: R5-5625U / MEM: 32G / DISK: 512G+4T*2"
-        href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
+        href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
-        siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
+        siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100
     - LongHorn-Storage:
-        icon: si-longhorn
+        icon: longhorn.svg
         href: http://longhorn.writefor.fun/
     - Victoria-Metrics:
         icon: si-victoriametrics
         href: http://vm.writefor.fun/
     - KubeVirt-Grafana:
-        icon: si-grafana
+        icon: grafana.svg
         href: http://k8s-grafana.writefor.fun/
 
 - Homelab Monitoring:
     - Grafana:
-        icon: si-grafana
+        icon: grafana.svg
-        href: http://grafana.writefor.fun
+        href: https://grafana.writefor.fun
         description: Data visualised on dashboards
-        siteMonitor: http://grafana.writefor.fun
+        siteMonitor: https://grafana.writefor.fun
     - Prometheus Dashboard:
-        icon: si-prometheus
+        icon: prometheus.svg
-        href: http://prometheus.writefor.fun
+        href: https://prometheus.writefor.fun
         description: Monitoring - Prometheus
-        siteMonitor: http://prometheus.writefor.fun
+        siteMonitor: https://prometheus.writefor.fun
     - Uptime Kuma:
-        icon: si-uptimekuma
+        icon: uptime-kuma.svg
-        href: http://uptime-kuma.writefor.fun
+        href: https://uptime-kuma.writefor.fun
         description: Uptime Checking
-        siteMonitor: http://uptime-kuma.writefor.fun
+        siteMonitor: https://uptime-kuma.writefor.fun
 
 - Homelab Applications:
     - SFTPGO:
-      icon: sftpgo.png
+        icon: sftpgo.png
-      href: "http://sftpgo.writefor.fun/web/admin/folders"
+        href: "https://sftpgo.writefor.fun/web/admin/folders"
-      description: WebDAV & SFTP server
+        description: WebDAV & SFTP server
-      siteMonitor: http://sftpgo.writefor.fun/
+        siteMonitor: https://sftpgo.writefor.fun/
+#
 # - Kubernetes Monitoring:
 #     # TODO: Update this
 #     - Emby:

hosts/idols-aquamarine/oci-containers/homepage/config/settings.yaml

@@ -21,10 +21,10 @@ providers:
 
 background:
   image: https://file.writefor.fun/wallpapers/rolling-girls.png
-  blur: sm # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
+  blur: sm # 模糊 - sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
-  saturate: 90 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
+  saturate: 90 # 色彩饱和度 - 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
   brightness: 90 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
-  opacity: 85 # 0-100
+  opacity: 25 # 透明度 - 0-100
 
 theme: dark # or light
 
@@ -32,7 +32,7 @@ theme: dark # or light
 # slate, gray, zinc, neutral, stone, amber,
 # yellow, lime, green, emerald, teal, cyan,
 # sky, blue, indigo, violet, purple, fuchsia, pink, rose, red, white
-color: indigo
+color: slate
 
 # make all cards in a row the same height.
 useEqualHeights: true
@@ -40,31 +40,20 @@ useEqualHeights: true
 # Groups and its layout
 # Groups Name should match the name defined in your services.yaml or widgets.yaml
 layout:
+  Homelab Monitoring:
+    icon: mdi-monitor-dashboard
+    initiallyCollapsed: false # collapsed by default
+    tab: Main
+    style: row
+    columns: 3
+
+  Homelab Applications:
+    icon: si-homepage
+    tab: Main
+
   KubeVirt 虚拟化集群:
-    icon: si-kubevirt
+    icon: si-kubernetes
-    tab: First
+    tab: KubeVirt
-
-  Group A:
-    initiallyCollapsed: true # collapsed by default
-    tab: First
-    style: row
-    columns: 4
-
-  Second Service Group:
-    useEqualHeights: true # overrides global setting
-    tab: Second
-    columns: 4
-
-  Third Service Group:
-    tab: Third
-    style: row
-
-  Bookmark Group on Fourth Tab:
-    tab: Fourth
-
-  Service Group on every Tab:
-    style: row
-    columns: 4
 
 # https://gethomepage.dev/latest/configs/services/#icons
 # iconStyle: theme # optional, defaults to gradient

hosts/idols-aquamarine/oci-containers/homepage/default.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  user = "homepage";
+  configDir = "/data/apps/homepage-dashboard";
+in {
+  users.groups.${user} = {};
+  users.users.${user} = {
+    group = user;
+    home = configDir;
+    isSystemUser = true;
+  };
+
+  # Install the homepage-dashboard configuration files
+  system.activationScripts.installHomepageDashboardConfig = ''
+    mkdir -p ${configDir}
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${./config}/ ${configDir}/
+    chown -R ${user}:${user} ${configDir}
+  '';
+
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
+  virtualisation.oci-containers.containers = {
+    # check its logs via `journalctl -u podman-homepage`
+    homepage = {
+      hostname = "homepage";
+      image = "ghcr.io/gethomepage/homepage:latest";
+      ports = ["127.0.0.1:54401:3000"];
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      environment = {
+        # "PUID" = config.users.users.${user}.uid;
+        # "PGID" = config.users.groups.${user}.gid;
+      };
+      volumes = [
+        "${configDir}:/app/config"
+      ];
+      autoStart = true;
+    };
+  };
+}

hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix

@@ -0,0 +1,35 @@
+{config, ...}: let
+  user = "kuma";
+  dataDir = "/data/apps/uptime-kuma";
+in {
+  users.groups.${user} = {};
+  users.users.${user} = {
+    group = user;
+    home = dataDir;
+    isSystemUser = true;
+  };
+
+  # Create Directories
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${user} ${user}"
+  ];
+
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
+  virtualisation.oci-containers.containers = {
+    # check its logs via `journalctl -u podman-homepage`
+    uptime-kuma = {
+      hostname = "uptime-kuma";
+      image = "louislam/uptime-kuma:1";
+      ports = ["127.0.0.1:53350:3001"];
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      environment = {
+        # "PUID" = config.users.users.${user}.uid;
+        # "PGID" = config.users.groups.${user}.gid;
+      };
+      volumes = [
+        "${dataDir}:/app/data"
+      ];
+      autoStart = true;
+    };
+  };
+}

hosts/idols-aquamarine/prometheus/default.nix

@@ -1,4 +1,5 @@
 {
+  lib,
   config,
   myvars,
   ...
@@ -45,64 +46,75 @@
 
     # specifies a set of targets and parameters describing how to scrape metrics from them.
     # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
-    scrapeConfigs = [
+    scrapeConfigs =
+      [
+        # --- Homelab Applications --- #
+
+        {
+          job_name = "dnsmasq-exporter";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"];
+              labels.type = "app";
+              labels.app = "dnsmasq";
+              labels.host = "suzi";
+            }
+          ];
+        }
+
+        {
+          job_name = "v2ray-exporter";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:9153"];
+              labels.type = "app";
+              labels.app = "v2ray";
+              labels.host = "aquamarine";
+            }
+          ];
+        }
+
+        {
+          job_name = "sftpgo-embedded-exporter";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:10000"];
+              labels.type = "app";
+              labels.app = "sftpgo";
+              labels.host = "aquamarine";
+            }
+          ];
+        }
+      ]
       # --- Hosts --- #
-      {
+      ++ (
-        job_name = "node-exporter";
+        lib.attrsets.foldlAttrs
-        scrape_interval = "30s";
+        (acc: hostname: addr:
-        metrics_path = "/metrics";
+          acc
-        static_configs = [
+          ++ [
-          {
+            {
-            # All my NixOS hosts.
+              job_name = "node-exporter-${hostname}";
-            targets =
+              scrape_interval = "30s";
-              map (addr: "${addr.ipv4}:9100")
+              metrics_path = "/metrics";
-              (builtins.attrValues myvars.networking.hostsAddr);
+              static_configs = [
-            labels.type = "node";
+                {
-          }
+                  # All my NixOS hosts.
-        ];
+                  targets = ["${addr.ipv4}:9100"];
-      }
+                  labels.type = "node";
-
+                  labels.host = hostname;
-      # --- Homelab Applications --- #
+                }
-
+              ];
-      {
+            }
-        job_name = "dnsmasq-exporter";
+          ])
-        scrape_interval = "30s";
+        []
-        metrics_path = "/metrics";
+        myvars.networking.hostsAddr
-        static_configs = [
+      );
-          {
-            targets = ["${myvars.networking.hostsAddr.suzi.ipv4}:9153"];
-            labels.type = "app";
-            labels.app = "dnsmasq";
-          }
-        ];
-      }
-
-      {
-        job_name = "v2ray-exporter";
-        scrape_interval = "30s";
-        metrics_path = "/metrics";
-        static_configs = [
-          {
-            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:9153"];
-            labels.type = "app";
-            labels.app = "v2ray";
-          }
-        ];
-      }
-
-      {
-        job_name = "sftpgo-embedded-exporter";
-        scrape_interval = "30s";
-        metrics_path = "/metrics";
-        static_configs = [
-          {
-            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:10000"];
-            labels.type = "app";
-            labels.app = "v2ray";
-          }
-        ];
-      }
-    ];
 
     # specifies Alertmanager instances the Prometheus server sends alerts to
     # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config

hosts/idols-aquamarine/sftpgo.nix

@@ -1,11 +1,18 @@
-{config, ...}: {
+{config, ...}: let
+  user = "sftpgo";
+  dataDir = "/data/apps/sftpgo";
+in {
   # Read SFTPGO_DEFAULT_ADMIN_USERNAME and SFTPGO_DEFAULT_ADMIN_PASSWORD from a file
   systemd.services.sftpgo.serviceConfig.EnvironmentFile = config.age.secrets."sftpgo.env".path;
 
+  # Create Directories
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${user} ${user}"
+  ];
+
   services.sftpgo = {
     enable = true;
-    user = "sftpgo";
+    inherit user dataDir;
-    dataDir = "/var/lib/sftpgo";
     extraArgs = [
       "--log-level"
       "info"

hosts/idols-aquamarine/transmission.nix

@@ -3,7 +3,7 @@
   myvars,
   ...
 }: let
-  dataDir = "/var/lib/transmission";
+  dataDir = "/data/apps/transmission";
   name = "transmission";
 in {
   # the headless Transmission BitTorrent daemon

hosts/k8s/k3s-test-1-master-1/default.nix

@@ -14,7 +14,7 @@
   k3sModule = mylib.genK3sServerModule {
     inherit pkgs;
     kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
     # the first node in the cluster should be the one to initialize the cluster
     clusterInit = true;
     # use my own domain & kube-vip's virtual IP for the API server

hosts/k8s/k3s-test-1-master-2/default.nix

@@ -14,7 +14,7 @@
   k3sModule = mylib.genK3sServerModule {
     inherit pkgs;
     kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "test-cluster-1.writefor.fun";

hosts/k8s/k3s-test-1-master-3/default.nix

@@ -14,7 +14,7 @@
   k3sModule = mylib.genK3sServerModule {
     inherit pkgs;
     kubeconfigFile = "/home/${myvars.username}/.kube/config";
-    tokenFile = config.age.secrets."k3s-prod-1-token".path;
+    tokenFile = config.age.secrets."k3s-test-1-token".path;
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "test-cluster-1.writefor.fun";

hosts/k8s/kubevirt-shoryu/default.nix

@@ -49,4 +49,17 @@ in {
       coreModule
       k3sModule
     ];
+
+  boot.kernelParams = [
+    # disable transparent hugepage(allocate hugepages dynamically)
+    "transparent_hugepage=never"
+
+    # https://kubevirt.io/user-guide/compute/hugepages/
+    #
+    # pre-allocate hugepages manually(for kubevirt guest vms)
+    # NOTE: the hugepages allocated here can not be used for other purposes!
+    # so we should left some memory for the host OS
+    "hugepagesz=1G"
+    "hugepages=54"
+  ];
 }

hosts/k8s/kubevirt-shushou/default.nix

@@ -43,4 +43,17 @@ in {
       coreModule
       k3sModule
     ];
+
+  boot.kernelParams = [
+    # disable transparent hugepage(allocate hugepages dynamically)
+    "transparent_hugepage=never"
+
+    # https://kubevirt.io/user-guide/compute/hugepages/
+    #
+    # pre-allocate hugepages manually(for kubevirt guest vms)
+    # NOTE: the hugepages allocated here can not be used for other purposes!
+    # so we should left some memory for the host OS
+    "hugepagesz=1G"
+    "hugepages=55"
+  ];
 }

hosts/k8s/kubevirt-youko/default.nix

@@ -43,4 +43,24 @@ in {
       coreModule
       k3sModule
     ];
+
+  boot.kernelParams = [
+    # disable transparent hugepage(allocate hugepages dynamically)
+    "transparent_hugepage=never"
+
+    # https://kubevirt.io/user-guide/compute/hugepages/
+    #
+    # pre-allocate hugepages manually(for kubevirt guest vms)
+    # NOTE: the hugepages allocated here can not be used for other purposes!
+    # so we should left some memory for the host OS
+    "hugepagesz=1G"
+    "hugepages=16"
+
+    # https://kubevirt.io/user-guide/compute/host-devices/
+    #
+    # PCI passthrough
+    # "amd_iommu=on" # enable IOMMU
+    # "iommu=pt" # use passthrough mode
+    # "pcie_acs_override=downstream" # enable ACS override
+  ];
 }

lib/genKubeVirtGuestModule.nix

@@ -4,7 +4,7 @@
   networking,
   ...
 }: let
-  inherit (networking) mainGateway nameservers;
+  inherit (networking) defaultGateway nameservers;
   inherit (networking.hostsAddr.${hostName}) iface ipv4;
   ipv4WithMask = "${ipv4}/24";
 in {
@@ -27,7 +27,7 @@ in {
     matchConfig.Name = [iface];
     networkConfig = {
       Address = [ipv4WithMask];
-      Gateway = mainGateway;
+      Gateway = defaultGateway;
       DNS = nameservers;
       IPv6AcceptRA = true;
     };

modules/base.nix

@@ -2,6 +2,8 @@
   pkgs,
   myvars,
   nuenv,
+  nixpkgs,
+  lib,
   ...
 } @ args: {
   nixpkgs.overlays =
@@ -111,4 +113,14 @@
     ];
     builders-use-substitutes = true;
   };
+
+  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
+  nix.registry.nixpkgs.flake = nixpkgs;
+
+  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
+  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
+  # discard all the default paths, and only use the one from this flake.
+  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
+  # https://github.com/NixOS/nix/issues/9574
+  nix.settings.nix-path = lib.mkForce "nixpkgs=/etc/nix/inputs/nixpkgs";
 }

modules/darwin/nix-core.nix

@@ -1,8 +1,4 @@
 {
-  lib,
-  nixpkgs,
-  ...
-}: {
   ###################################################################################
   #
   #  Core configuration for nix-darwin
@@ -28,12 +24,4 @@
   nix.settings.auto-optimise-store = false;
 
   nix.gc.automatic = false;
-
-  # make `nix run nixpkgs#nixpkgs` use the same nixpkgs as the one used by this flake.
-  nix.registry.nixpkgs.flake = nixpkgs;
-
-  environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
-  # make `nix repl '<nixpkgs>'` use the same nixpkgs as the one used by this flake.
-  # discard all the default paths, and only use the one from this flake.
-  nix.nixPath = lib.mkForce ["/etc/nix/inputs"];
 }

modules/nixos/base/btrbk.nix

@@ -18,7 +18,7 @@
 
   services.btrbk.instances.btrbk = {
     # How often this btrbk instance is started. See systemd.time(7) for more information about the format.
-    onCalendar = "Tue,Fri,Sat,Sun *-*-* 3:45:20"; # daily at 3:45, except on Monday, Wednesday, and Thursday
+    onCalendar = "Tue,Thu,Sat *-*-* 3:45:20";
     settings = {
       # how to prune local snapshots:
       # 1. keep daily snapshots for xx days

modules/nixos/desktop/fhs.nix

@@ -16,4 +16,30 @@
           })
     )
   ];
+
+  # https://github.com/Mic92/nix-ld
+  #
+  # nix-ld will install itself at `/lib64/ld-linux-x86-64.so.2` so that
+  # it can be used as the dynamic linker for non-NixOS binaries.
+  #
+  # nix-ld works like a middleware between the actual link loader located at `/nix/store/.../ld-linux-x86-64.so.2`
+  # and the non-NixOS binaries. It will:
+  #
+  #   1. read the `NIX_LD` environment variable and use it to find the actual link loader.
+  #   2. read the `NIX_LD_LIBRARY_PATH` environment variable and use it to set the `LD_LIBRARY_PATH` environment variable
+  #      for the actual link loader.
+  #
+  # nix-ld's nixos module will set default values for `NIX_LD` and `NIX_LD_LIBRARY_PATH` environment variables, so
+  # it can work out of the box:
+  #
+  #  - https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/programs/nix-ld.nix#L37-L40
+  #
+  # You can overwrite `NIX_LD_LIBRARY_PATH` in the environment where you run the non-NixOS binaries to customize the
+  # search path for shared libraries.
+  programs.nix-ld = {
+    enable = true;
+    libraries = with pkgs; [
+      stdenv.cc.cc
+    ];
+  };
 }

modules/nixos/server/kubevirt-hardware-configuration.nix

@@ -19,6 +19,9 @@
   ];
 
   config = {
+    # disable backups in the VM
+    services.btrbk.instances = lib.mkForce {};
+
     fileSystems."/" = {
       device = "/dev/disk/by-label/nixos";
       fsType = "ext4";

outputs/aarch64-linux/src/12kingdoms-rakushun.nix

@@ -24,13 +24,10 @@
         "hosts/12kingdoms-${name}"
       ])
       ++ [
-        {modules.secrets.server.application.enable = true;}
-        {modules.secrets.server.operation.enable = true;}
-        {modules.secrets.server.webserver.enable = true;}
       ];
-    home-modules = map mylib.relativeToRoot [
+    home-modules =
-      "home/linux/tui.nix"
+      map mylib.relativeToRoot [
-    ];
+      ];
   };
 
   inherit (inputs) nixos-rk3588;

outputs/x86_64-linux/src/idols-aquamarine.nix

@@ -26,7 +26,13 @@
         "hosts/idols-${name}"
       ])
       ++ [
+        {modules.secrets.server.application.enable = true;}
+        {modules.secrets.server.operation.enable = true;}
+        {modules.secrets.server.webserver.enable = true;}
       ];
+    home-modules = map mylib.relativeToRoot [
+      "home/linux/tui.nix"
+    ];
   };
 
   systemArgs = modules // args;

utils.nu

@@ -68,7 +68,7 @@ export def upload-vm [
         nix build $target
     }
 
-    let remote = $"root@rakushun:/var/lib/caddy/fileserver/vms/kubevirt-($name).qcow2"
+    let remote = $"ryan@rakushun:/data/caddy/fileserver/vms/kubevirt-($name).qcow2"
-    rsync -avz --progress --copy-links result $remote
+    rsync -avz --progress --copy-links --checksum result $remote
 }
 

vars/networking.nix

@@ -193,9 +193,9 @@
         publicKey = value.publicKey;
       })
       {
-        aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJrHY3BZRTu0hrlsKxqS+O4GDp4cbumF8aNnbPCGKji root@aquamarine";
+        aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbIecyrmrBpjD497lA2adJeTpsubZ3dozEraLGCcgVi root@aquamarine";
-        ruby.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAMmGni8imcaS40cXgLbVQqPYnDYKs8MSbyWL91RV98 root@ruby";
+        # ruby.publicKey = "";
-        kana.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcINkxU3KxPsCpWltfEBjDYtKEeCmgrDxyUadl1iZ1D root@kana";
+        # kana.publicKey = "";
       };
   };
 }