Commit a5ba6c8

HPCesia <me@hpcesia.com>
2025-10-07 09:51:46
refactor: migrate mihomo and delete unused configs
1 parent 16d1248
hosts/chaser-kevin/default.nix
@@ -1,9 +0,0 @@
-{
-  nixos-hardware,
-  myvars,
-  ...
-}: let
-  hostName = "kevin";
-in {
-  modules.currentHost = hostName;
-}
hosts/chaser-pardofelis/caddy.nix
@@ -1,42 +0,0 @@
-{
-  myvars,
-  config,
-  pkgs,
-  nur-hpcesia,
-  ...
-}: let
-  phanpy = nur-hpcesia.packages.${pkgs.system}.phanpy.overrideAttrs (oldAttrs: {
-    PHANPY_WEBSITE = "https://phanpy.trin.one";
-    PHANPY_DEFAULT_INSTANCE = "trin.one";
-    PHANPY_DISALLOW_ROBOTS = true;
-  });
-in {
-  services.caddy = {
-    virtualHosts = let
-      localAddress = {
-        authelia = "http://${
-          # Assuming address start with `tcp://`.
-          builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
-        }";
-      };
-    in {
-      "phanpy.trin.one".extraConfig = ''
-        encode zstd gzip
-        root * ${phanpy}/dist/
-        file_server
-
-        @needsAuth {
-          not path / /favicon.ico /404.html /robots.txt /manifest.webmanifest
-          not path_regexp \.(css|js|png|jpg|svg|ico)$
-        }
-
-        handle @needsAuth {
-            forward_auth ${localAddress.authelia} {
-            uri /api/authz/forward-auth
-            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-          }
-        }
-      '';
-    };
-  };
-}
hosts/chaser-pardofelis/default.nix
@@ -1,19 +0,0 @@
-{
-  mylib,
-  myvars,
-  disko,
-  ...
-}:
-#############################################################
-#
-#  Pardofelis - NixOS running on a 2C4G VPS
-#  My main server hosted by Yecaoyun.
-#
-#############################################################
-let
-  hostName = "pardofelis";
-in {
-  imports = mylib.scanModules ./.;
-
-  modules.currentHost = hostName;
-}
hosts/general.nix
@@ -1,26 +0,0 @@
-{myvars, ...}: {
-  modules.my-hosts = {
-    kevin.network = {
-      enable = "networkmanager";
-      iface = "wlp0s20f3";
-      useDHCP = true;
-      nameservers = myvars.defaultNameservers;
-    };
-
-    pardofelis = {
-      network = {
-        enable = "networkd";
-        iface = "eth0";
-        useDHCP = false;
-        nameservers = myvars.defaultNameservers;
-        search = ["local"];
-        ipv4 = {secretName = "pardofelis-ipv4";};
-        ipv6 = {secretName = "pardofelis-ipv6";};
-        defaultGateway = {secretName = "pardofelis-gateway";};
-        defaultGateway6 = {secretName = "pardofelis-gateway6";};
-      };
-      hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO56HKTdzGulisPLhpfUmLQNEgwDqwD9SBLRb5aETffV root@pardofelis";
-      sshPorts = [23930];
-    };
-  };
-}
hosts/README.md
lib/attrs.nix
@@ -1,46 +0,0 @@
-# https://github.com/NixOS/nixpkgs/blob/master/lib/attrsets.nix
-{lib, ...}: {
-  # Generate an attribute set from a list.
-  #
-  #   lib.genAttrs [ "foo" "bar" ] (name: "x_" + name)
-  #     => { foo = "x_foo"; bar = "x_bar"; }
-  listToAttrs = lib.genAttrs;
-
-  # Update only the values of the given attribute set.
-  #
-  #   mapAttrs
-  #   (name: value: ("bar-" + value))
-  #   { x = "a"; y = "b"; }
-  #     => { x = "bar-a"; y = "bar-b"; }
-  inherit (lib.attrsets) mapAttrs;
-
-  # Update both the names and values of the given attribute set.
-  #
-  #   mapAttrs'
-  #   (name: value: nameValuePair ("foo_" + name) ("bar-" + value))
-  #   { x = "a"; y = "b"; }
-  #     => { foo_x = "bar-a"; foo_y = "bar-b"; }
-  inherit (lib.attrsets) mapAttrs';
-
-  # Merge a list of attribute sets into one. smilar to the operator `a // b`, but for a list of attribute sets.
-  # NOTE: the later attribute set overrides the former one!
-  #
-  #   mergeAttrsList
-  #   [ { x = "a"; y = "b"; } { x = "c"; z = "d"; } { g = "e"; } ]
-  #   => { x = "c"; y = "b"; z = "d"; g = "e"; }
-  inherit (lib.attrsets) mergeAttrsList;
-
-  # Generate a string from an attribute set.
-  #
-  #   attrsets.foldlAttrs
-  #   (acc: name: value: acc + "\nexport ${name}=${value}")
-  #   "# A shell script"
-  #   { x = "a"; y = "b"; }
-  #     =>
-  #     ```
-  #     # A shell script
-  #     export x=a
-  #     export y=b
-  #    ````
-  inherit (lib.attrsets) foldlAttrs;
-}
lib/colmenaSystem.nix
@@ -1,40 +0,0 @@
-# colmena - Remote Deployment via SSH
-{
-  lib,
-  inputs,
-  nixos-modules,
-  home-modules ? [],
-  myvars,
-  system,
-  tags,
-  ssh-user,
-  genSpecialArgs,
-  specialArgs ? (genSpecialArgs system),
-  ...
-}: let
-  inherit (inputs) home-manager;
-in
-  {name, ...}: {
-    deployment = {
-      inherit tags;
-      targetUser = ssh-user;
-      targetHost = name; # hostName or IP address
-    };
-
-    imports =
-      nixos-modules
-      ++ (
-        lib.optionals ((lib.lists.length home-modules) > 0)
-        [
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.backupFileExtension = "home-manager.backup";
-
-            home-manager.extraSpecialArgs = specialArgs;
-            home-manager.users."${myvars.username}".imports = home-modules;
-          }
-        ]
-      );
-  }
lib/default.nix
@@ -1,17 +0,0 @@
-{lib, ...}: {
-  colmenaSystem = import ./colmenaSystem.nix;
-  nixosSystem = import ./nixosSystem.nix;
-
-  attrs = import ./attrs.nix {inherit lib;};
-
-  relativeToRoot = lib.path.append ../.;
-  scanModules = path:
-    builtins.map (f: (path + "/${f}")) (
-      builtins.attrNames (
-        lib.attrsets.filterAttrs (
-          path: _type:
-            (_type == "directory") || ((path != "default.nix") && (lib.strings.hasSuffix ".nix" path))
-        ) (builtins.readDir path)
-      )
-    );
-}
lib/nixosSystem.nix
@@ -1,35 +0,0 @@
-{
-  inputs,
-  lib,
-  system,
-  genSpecialArgs,
-  nixos-modules,
-  home-modules ? [],
-  specialArgs ? (genSpecialArgs system),
-  myvars,
-  ...
-}: let
-  inherit (inputs) nixpkgs home-manager nur;
-in
-  nixpkgs.lib.nixosSystem {
-    inherit system specialArgs;
-    modules =
-      nixos-modules
-      ++ [
-        nur.modules.nixos.default
-      ]
-      ++ (
-        lib.optionals ((lib.lists.length home-modules) > 0)
-        [
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
-            home-manager.backupFileExtension = "home-manager.backup";
-
-            home-manager.extraSpecialArgs = specialArgs;
-            home-manager.users."${myvars.username}".imports = home-modules;
-          }
-        ]
-      );
-  }
modules/hosts/chaser-kevin/default.nix
@@ -1,9 +1,4 @@
-{
-  lib,
-  config,
-  inputs,
-  ...
-}: {
+{config, ...}: {
   #############################################################
   #
   #  Kevin - NixOS running on ThinkBook 16P G5 IRX
@@ -44,32 +39,6 @@
               ++ [config.flake.modules.homeManager."hosts/kevin"];
           };
         }
-      ]
-      # TODO: remove below after migrated all config to Dendritic Pattern
-      ++ [
-        {
-          home-manager.extraSpecialArgs =
-            inputs
-            // {
-              mylib = import ../../../lib {inherit lib;};
-              myvars = import ../../../vars {inherit lib;};
-              pkgs-unstable = import inputs.nixpkgs-unstable {
-                inherit (config.flake.meta.host.hosts.kevin) system;
-                config.allowUnfree = true;
-              };
-              pkgs-stable = import inputs.nixpkgs-stable {
-                inherit (config.flake.meta.host.hosts.kevin) system;
-                config.allowUnfree = true;
-              };
-            };
-        }
-      ]
-      ++ (map (lib.path.append config.flake.meta.rootPath) [
-        "secrets/nixos.nix"
-        "os-modules/nixos/desktop.nix"
-        "options/nixos/default.nix"
-        "hosts/general.nix"
-        "hosts/chaser-kevin"
-      ]);
+      ];
   };
 }
modules/hosts/chaser-pardofelis/default.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  lib,
-  ...
-}: {
+{config, ...}: {
   flake.meta.host.hosts.pardofelis = {
     system = "x86_64-linux";
     hostPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuT/WkeA7btTeATmWJ2O9f/A6FI0Gl/1KjPGfHbWD5C root@pardofelis";
@@ -39,13 +35,6 @@
           "vaultwarden"
           "victoriametrics"
         ]
-      )
-      ++ (map (lib.path.append config.flake.meta.rootPath) [
-        "secrets/nixos.nix"
-        "os-modules/nixos/server/x86_64.nix"
-        "options/nixos/default.nix"
-        "hosts/general.nix"
-        "hosts/chaser-pardofelis"
-      ]);
+      );
   };
 }
modules/services/mihomo/config/core.nix
@@ -0,0 +1,20 @@
+{
+  flake.modules.nixos."services/mihomo" = _: {
+    services.mihomo.config = {
+      mixed-port = 7154;
+      allow-lan = true;
+      mode = "rule";
+      log-level = "warning";
+      ipv6 = false;
+      find-process-mode = "strict";
+      external-controller = "127.0.0.1:9090";
+      unified-delay = true;
+      tcp-concurrent = true;
+      global-client-fingerprint = "chrome";
+      profile = {
+        store-selected = true;
+        store-fake-ip = true;
+      };
+    };
+  };
+}
modules/services/mihomo/config/dns.nix
@@ -0,0 +1,42 @@
+{
+  flake.modules.nixos."services/mihomo" = _: {
+    services.mihomo.config.dns = {
+      enable = true;
+      prefer-h3 = true;
+      ipv6 = false;
+      enhanced-mode = "fake-ip";
+      fake-ip-range = "198.18.0.1/16";
+      fake-ip-filter = [
+        "+.+m2m"
+        "+.$injections.adguard.org"
+        "+.$local.adguard.org"
+        "+.+bogon"
+        "+.+lan"
+        "+.+local"
+        "+.+localdomain"
+        "+.home.arpa"
+        "dns.msftncsi.com"
+        "*.srv.nintendo.net"
+        "*.stun.playstation.net"
+        "xbox.*.microsoft.com"
+        "*.xboxlive.com"
+        "*.turn.twilio.com"
+        "*.stun.twilio.com"
+        "stun.syncthing.net"
+        "stun.*"
+        "*.sslip.io"
+        "*.nip.io"
+      ];
+      respect-rules = true;
+      nameserver = [
+        "system"
+        "https://223.5.5.5/dns-query"
+        "https://doh.pub/dns-query"
+      ];
+      proxy-server-nameserver = [
+        "https://223.5.5.5/dns-query"
+        "https://doh.pub/dns-query"
+      ];
+    };
+  };
+}
modules/services/mihomo/config/provider-mo_jie.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 7MneCZw/jQF9xFyfGe3eTukHAehyXoVEWaWb4k5MHEU
+JEvnlJY8eD9Xvkih1bqBsAkX6P69lYEV9Q3SvoPfzKo
+-> R2I}F/-grease 0t(n; $POnHf
+iOp5Z6rLbYcQhWWW51oVpiTrv+54L1jTDZj5QYE73/DRua63gfwgbyYbXxL1M3AI
+R7AwZPFuNVtwFwpu0/psSxgsJ92gg6Bw2ZSTzG0BN6Qeeykt+CNW3w
+--- NQyPsM9u1gzpz6Q1hKlbanJXxMrmqfkHD6xmI1G8XaE
+�N	����͈���U���Pi<�茎��%XBZ���EN�x��O��2!Ǧ�43\��1ֆ�[���e�
+[�RT]�VEb����y/�|P&U�T����ܮ�i��;�$<��5�9`Y�>s���D
+ӟ�
\ No newline at end of file
modules/services/mihomo/config/provider-yi_yuan.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 3V3LffKq+D+7fiI6v+PXOSvypjew3ZTIUzQ67y5s/Xk
+yKn0r8B2It8NDkcpllXZrbu6UA3eRT6ObXnDd9Cd6zo
+-> f-O};uW-grease
+ZEQ9xZE5mXYf+OYyIR/ANlb+5i43hSnDL7kd3zpKtp14Ap3T9HS7wSqrFaY0Q8Kv
+m2ntxFPlPzkf+PhjJ+oU2LvnfOtkkH85UoCHc4otYAyjEZyU/fno5ebIP0RkA8I
+--- ybChFblTJuekC6KK23qmetS7uaKDVlbtaWQ0cQu2Pn8
+�D�2U ν`QF����~����)Ws�`����?ʸ\O>�����r��e���A�sse��`�x0n����}�@a�;��:<[o�y�.��f��C��j��Ͼ���U�s����l?
\ No newline at end of file
modules/services/mihomo/config/proxy-groups.nix
@@ -0,0 +1,212 @@
+{
+  flake.modules.nixos."services/mihomo" = _: let
+    FilterHK = "^(?=.*((?i)🇭🇰|香港|\\b(HK|Hong)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterTW = "^(?=.*((?i)🇹🇼|台湾|\\b(TW|Tai|Taiwan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterJP = "^(?=.*((?i)🇯🇵|日本|川日|东京|大阪|泉日|埼玉|\\b(JP|Japan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterKR = "^(?=.*((?i)🇰🇷|韩国|韓|首尔|\\b(KR|Korea)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterSG = "^(?=.*((?i)🇸🇬|新加坡|狮|\\b(SG|Singapore)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterUS = "^(?=.*((?i)🇺🇸|美国|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|\\b(US|United States)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterUK = "^(?=.*((?i)🇬🇧|英国|伦敦|\\b(UK|United Kingdom)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterFR = "^(?=.*((?i)🇫🇷|法国|\\b(FR|France)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterDE = "^(?=.*((?i)🇩🇪|德国|\\b(DE|Germany)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
+    FilterOthers = "^(?!.*(🇭🇰|HK|Hong|香港|🇹🇼|TW|Taiwan|Wan|🇯🇵|JP|Japan|日本|🇸🇬|SG|Singapore|狮城|🇺🇸|US|United States|America|美国|🇩🇪|DE|Germany|德国|🇬🇧|UK|United Kingdom|英国|🇰🇷|KR|Korea|韩国|韓|🇫🇷|FR|France|法国)).*$";
+    FilterAll = "^(?=.*(.))(?!.*((?i)群|邀请|返利|循环|官网|客服|网站|网址|获取|订阅|流量|到期|机场|下次|版本|官址|备用|过期|已用|联系|邮箱|工单|贩卖|通知|倒卖|防止|国内|地址|频道|无法|说明|使用|提示|特别|访问|支持|教程|关注|更新|作者|加入|(\\b(USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author)\\b|(\\d{4}-\\d{2}-\\d{2}|\\d+G)))).*$";
+
+    Select = {
+      type = "select";
+      url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+      disable-udp = false;
+      hidden = false;
+      include-all = true;
+    };
+    Auto = {
+      type = "url-test";
+      url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+      interval = 300;
+      tolerance = 50;
+      disable-udp = false;
+      hidden = true;
+      include-all = true;
+    };
+  in {
+    services.mihomo.config.proxy-groups =
+      [
+        # 主选择组
+        {
+          name = "🎯 节点选择";
+          type = "select";
+          proxies = ["自动选择" "手动选择" "DIRECT"];
+          url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Static.png";
+        }
+        # 手动/自动
+        {
+          name = "手动选择";
+          type = "select";
+          proxies = [
+            "🇭🇰 - 手动选择"
+            "🇯🇵 - 手动选择"
+            "🇰🇷 - 手动选择"
+            "🇸🇬 - 手动选择"
+            "🇺🇸 - 手动选择"
+            "🇬🇧 - 手动选择"
+            "🇫🇷 - 手动选择"
+            "🇩🇪 - 手动选择"
+            "🇹🇼 - 手动选择"
+            "Others - 手动选择"
+          ];
+          url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Cylink.png";
+        }
+        {
+          name = "自动选择";
+          type = "select";
+          proxies = [
+            "🇭🇰 - 自动选择"
+            "🇯🇵 - 自动选择"
+            "🇰🇷 - 自动选择"
+            "🇸🇬 - 自动选择"
+            "🇺🇸 - 自动选择"
+            "🇬🇧 - 自动选择"
+            "🇫🇷 - 自动选择"
+            "🇩🇪 - 自动选择"
+            "🇹🇼 - 自动选择"
+          ];
+          url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Urltest.png";
+        }
+        # 应用分组
+        {
+          name = "✈️ 电报信息";
+          type = "select";
+          proxies = [
+            "🎯 节点选择"
+            "🇭🇰 - 自动选择"
+            "🇯🇵 - 自动选择"
+            "🇸🇬 - 自动选择"
+            "🇺🇸 - 自动选择"
+          ];
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Telegram.png";
+        }
+        {
+          name = "🤖 AIGC";
+          type = "select";
+          proxies = [
+            "🇺🇸 - 自动选择"
+            "🎯 节点选择"
+            "🇭🇰 - 自动选择"
+            "🇯🇵 - 自动选择"
+            "🇸🇬 - 自动选择"
+          ];
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/OpenAI.png";
+        }
+        {
+          name = "🍎 苹果服务";
+          type = "select";
+          proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Apple.png";
+        }
+        {
+          name = "Ⓜ️ 微软服务";
+          type = "select";
+          proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
+          icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Microsoft.png";
+        }
+      ]
+      ++ (map (x: Auto // x) [
+        # 自动选择 - 按地区
+        {
+          name = "🇭🇰 - 自动选择";
+          filter = FilterHK;
+        }
+        {
+          name = "🇯🇵 - 自动选择";
+          filter = FilterJP;
+        }
+        {
+          name = "🇰🇷 - 自动选择";
+          filter = FilterKR;
+        }
+        {
+          name = "🇸🇬 - 自动选择";
+          filter = FilterSG;
+        }
+        {
+          name = "🇺🇸 - 自动选择";
+          filter = FilterUS;
+        }
+        {
+          name = "🇬🇧 - 自动选择";
+          filter = FilterUK;
+        }
+        {
+          name = "🇫🇷 - 自动选择";
+          filter = FilterFR;
+        }
+        {
+          name = "🇩🇪 - 自动选择";
+          filter = FilterDE;
+        }
+        {
+          name = "🇹🇼 - 自动选择";
+          filter = FilterTW;
+        }
+      ])
+      ++ (map (x: Select // x) [
+        # 手动选择 - 按地区
+        {
+          name = "🇭🇰 - 手动选择";
+          filter = FilterHK;
+        }
+        {
+          name = "🇯🇵 - 手动选择";
+          filter = FilterJP;
+        }
+        {
+          name = "🇰🇷 - 手动选择";
+          filter = FilterKR;
+        }
+        {
+          name = "🇸🇬 - 手动选择";
+          filter = FilterSG;
+        }
+        {
+          name = "🇺🇸 - 手动选择";
+          filter = FilterUS;
+        }
+        {
+          name = "🇬🇧 - 手动选择";
+          filter = FilterUK;
+        }
+        {
+          name = "🇫🇷 - 手动选择";
+          filter = FilterFR;
+        }
+        {
+          name = "🇩🇪 - 手动选择";
+          filter = FilterDE;
+        }
+        {
+          name = "🇹🇼 - 手动选择";
+          filter = FilterTW;
+        }
+        {
+          name = "Others - 手动选择";
+          filter = FilterOthers;
+        }
+      ])
+      ++ [
+        # 全部节点
+        (Select
+          // {
+            name = "AllIn - 手动选择";
+            filter = FilterAll;
+          })
+        (Auto
+          // {
+            name = "AllIn - 自动选择";
+            filter = FilterAll;
+          })
+      ];
+  };
+}
modules/services/mihomo/config/proxy-providers.nix
@@ -0,0 +1,33 @@
+{lib, ...}: {
+  flake.modules.nixos."services/mihomo" = {config, ...}: let
+    NodeParam = {
+      type = "http";
+      interval = 86400;
+      health-check = {
+        enable = true;
+        url = "http://cp.cloudflare.com";
+        interval = 300;
+      };
+    };
+  in {
+    services.mihomo.config.proxy-providers = lib.mkIf config.services.mihomo.enable {
+      "Node-YiYuan" =
+        NodeParam
+        // {
+          url = config.vaultix.placeholder.mihomo-providers-yi_yuan;
+          path = "./proxy_provider/providers-yi_yuan.yaml";
+          override.additional-prefix = "[YY]";
+        };
+      "Node-MoJie" =
+        NodeParam
+        // {
+          url = config.vaultix.placeholder.mihomo-providers-mo_jie;
+          path = "./proxy_provider/providers-mo_jie.yaml";
+          override.additional-prefix = "[MJ]";
+        };
+    };
+
+    vaultix.secrets.mihomo-providers-yi_yuan.file = ./provider-yi_yuan.age;
+    vaultix.secrets.mihomo-providers-mo_jie.file = ./provider-mo_jie.age;
+  };
+}
modules/services/mihomo/config/rules.nix
@@ -0,0 +1,229 @@
+{
+  flake.modules.nixos."services/mihomo" = {config, ...}: let
+    RuleSet_classical = {
+      type = "http";
+      behavior = "classical";
+      interval = 43200;
+      format = "text";
+      proxy = "🎯 节点选择";
+    };
+    RuleSet_domain = {
+      type = "http";
+      behavior = "domain";
+      interval = 43200;
+      format = "text";
+      proxy = "🎯 节点选择";
+    };
+    RuleSet_ipcidr = {
+      type = "http";
+      behavior = "ipcidr";
+      interval = 43200;
+      format = "text";
+      proxy = "🎯 节点选择";
+    };
+  in {
+    services.mihomo.config = {
+      rules = [
+        # 自订类规则
+        "AND,((DOMAIN-SUFFIX,glacier.mxrouting.net),(DST-PORT,465/993)),DIRECT" # My Domain Email
+        "AND,((RULE-SET,my_hosts),(NOT,((DST-PORT,80/443)))),DIRECT" # My VPS
+
+        # 非 IP 类规则
+        "RULE-SET,reject_non_ip,REJECT"
+        "RULE-SET,reject_domainset,REJECT"
+        "RULE-SET,reject_non_ip_drop,REJECT-DROP"
+        "RULE-SET,reject_non_ip_no_drop,REJECT"
+        "RULE-SET,cdn_domainset,🎯 节点选择"
+        "RULE-SET,cdn_non_ip,🎯 节点选择"
+        "RULE-SET,stream_non_ip,🇺🇸 - 自动选择"
+        "RULE-SET,telegram_non_ip,✈️ 电报信息"
+        "RULE-SET,apple_cdn,DIRECT"
+        "RULE-SET,download_domainset,🎯 节点选择"
+        "RULE-SET,download_non_ip,🎯 节点选择"
+        "RULE-SET,microsoft_cdn_non_ip,DIRECT"
+        "RULE-SET,apple_cn_non_ip,DIRECT"
+        "RULE-SET,apple_services,🍎 苹果服务"
+        "RULE-SET,microsoft_non_ip,Ⓜ️ 微软服务"
+        "RULE-SET,ai_non_ip,🤖 AIGC"
+        "RULE-SET,global_non_ip,🎯 节点选择"
+        "RULE-SET,domestic_non_ip,DIRECT"
+        "RULE-SET,direct_non_ip,DIRECT"
+        "RULE-SET,lan_non_ip,DIRECT"
+
+        # IP 类规则
+        "RULE-SET,reject_ip,REJECT"
+        "RULE-SET,telegram_ip,✈️ 电报信息"
+        "RULE-SET,stream_ip,🇺🇸 - 自动选择"
+        "RULE-SET,lan_ip,DIRECT"
+        "RULE-SET,domestic_ip,DIRECT"
+        "RULE-SET,china_ip,DIRECT"
+        "MATCH,🎯 节点选择"
+      ];
+      rule-providers = {
+        reject_non_ip_no_drop =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt";
+            path = "./rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt";
+          };
+        reject_non_ip_drop =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt";
+            path = "./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt";
+          };
+        reject_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/reject.txt";
+            path = "./rule_set/sukkaw_ruleset/reject_non_ip.txt";
+          };
+        reject_domainset =
+          RuleSet_domain
+          // {
+            url = "https://ruleset.skk.moe/Clash/domainset/reject.txt";
+            path = "./rule_set/sukkaw_ruleset/reject_domainset.txt";
+          };
+        reject_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/ip/reject.txt";
+            path = "./rule_set/sukkaw_ruleset/reject_ip.txt";
+          };
+        cdn_domainset =
+          RuleSet_domain
+          // {
+            url = "https://ruleset.skk.moe/Clash/domainset/cdn.txt";
+            path = "./rule_set/sukkaw_ruleset/cdn_domainset.txt";
+          };
+        cdn_non_ip =
+          RuleSet_domain
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/cdn.txt";
+            path = "./rule_set/sukkaw_ruleset/cdn_non_ip.txt";
+          };
+        stream_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/stream.txt";
+            path = "./rule_set/sukkaw_ruleset/stream_non_ip.txt";
+          };
+        stream_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/ip/stream.txt";
+            path = "./rule_set/sukkaw_ruleset/stream_ip.txt";
+          };
+        ai_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/ai.txt";
+            path = "./rule_set/sukkaw_ruleset/ai_non_ip.txt";
+          };
+        telegram_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/telegram.txt";
+            path = "./rule_set/sukkaw_ruleset/telegram_non_ip.txt";
+          };
+        telegram_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/ip/telegram.txt";
+            path = "./rule_set/sukkaw_ruleset/telegram_ip.txt";
+          };
+        apple_cdn =
+          RuleSet_domain
+          // {
+            url = "https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt";
+            path = "./rule_set/sukkaw_ruleset/apple_cdn.txt";
+          };
+        apple_services =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/apple_services.txt";
+            path = "./rule_set/sukkaw_ruleset/apple_services.txt";
+          };
+        apple_cn_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt";
+            path = "./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt";
+          };
+        microsoft_cdn_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt";
+            path = "./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt";
+          };
+        microsoft_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/microsoft.txt";
+            path = "./rule_set/sukkaw_ruleset/microsoft_non_ip.txt";
+          };
+        download_domainset =
+          RuleSet_domain
+          // {
+            url = "https://ruleset.skk.moe/Clash/domainset/download.txt";
+            path = "./rule_set/sukkaw_ruleset/download_domainset.txt";
+          };
+        download_non_ip =
+          RuleSet_domain
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/download.txt";
+            path = "./rule_set/sukkaw_ruleset/download_non_ip.txt";
+          };
+        lan_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/lan.txt";
+            path = "./rule_set/sukkaw_ruleset/lan_non_ip.txt";
+          };
+        lan_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/ip/lan.txt";
+            path = "./rule_set/sukkaw_ruleset/lan_ip.txt";
+          };
+        domestic_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/domestic.txt";
+            path = "./rule_set/sukkaw_ruleset/domestic_non_ip.txt";
+          };
+        direct_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/direct.txt";
+            path = "./rule_set/sukkaw_ruleset/direct_non_ip.txt";
+          };
+        global_non_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/non_ip/global.txt";
+            path = "./rule_set/sukkaw_ruleset/global_non_ip.txt";
+          };
+        domestic_ip =
+          RuleSet_classical
+          // {
+            url = "https://ruleset.skk.moe/Clash/ip/domestic.txt";
+            path = "./rule_set/sukkaw_ruleset/domestic_ip.txt";
+          };
+        china_ip =
+          RuleSet_ipcidr
+          // {
+            url = "https://ruleset.skk.moe/Clash/ip/china_ip.txt";
+            path = "./rule_set/sukkaw_ruleset/china_ip.txt";
+          };
+        my_hosts = {
+          type = "inline";
+          behavior = "classical";
+          payload = [
+            "IP-CIDR,${config.vaultix.placeholder.hosts-pardofelis-ipv4}/32"
+          ];
+        };
+      };
+    };
+  };
+}
modules/services/mihomo/config/sniffer.nix
@@ -0,0 +1,23 @@
+{
+  flake.modules.nixos."services/mihomo" = _: {
+    services.mihomo.config.sniffer = {
+      enable = true;
+      sniff = {
+        HTTP = {
+          ports = [80 "8080-8880"];
+          override-destination = true;
+        };
+        TLS = {
+          ports = [443 8443];
+        };
+        QUIC = {
+          ports = [443 8443];
+        };
+      };
+      skip-domain = [
+        "Mijia Cloud"
+        "+.push.apple.com"
+      ];
+    };
+  };
+}
modules/services/mihomo/config/tun.nix
@@ -0,0 +1,19 @@
+{
+  flake.modules.nixos."services/mihomo" = _: {
+    services.mihomo.tunMode = true;
+
+    services.mihomo.config.tun = {
+      enable = true;
+      stack = "mixed";
+      device = "ElysianRealm";
+      auto-route = true;
+      auto-detect-interface = true;
+      dns-hijack = [
+        "any:53"
+        "tcp://any:53"
+      ];
+      strict-route = true;
+      mtu = 1500;
+    };
+  };
+}
modules/services/mihomo/default.nix
@@ -1,5 +1,8 @@
 {
-  flake.modules.nixos."services/mihomo" = _: {
-    services.mihomo.enable = true;
+  flake.modules.nixos."services/mihomo" = {pkgs, ...}: {
+    services.mihomo = {
+      enable = true;
+      webui = pkgs.metacubexd;
+    };
   };
 }
modules/services/mihomo/options.nix
@@ -0,0 +1,36 @@
+{lib, ...}: {
+  flake.modules.nixos."services/mihomo" = {
+    config,
+    pkgs,
+    ...
+  }: let
+    inherit (lib) mkOption types;
+    format = pkgs.formats.yaml {};
+    cfg = config.services.mihomo.config;
+  in {
+    options.services.mihomo.config = mkOption {
+      default = {};
+      type = types.submodule {
+        freeformType = format.type;
+        options = {
+          tun = {
+            enable = mkOption {
+              default = config.options.services.mihomo.tunMode;
+              type = types.bool;
+            };
+            device = mkOption {
+              default = "utun0";
+              type = types.str;
+            };
+          };
+        };
+      };
+    };
+
+    config = {
+      networking.firewall.trustedInterfaces = lib.mkIf config.services.mihomo.tunMode [cfg.tun.device];
+      vaultix.templates."mihomo-config.yaml".content = builtins.toJSON cfg;
+      services.mihomo.configFile = config.vaultix.templates."mihomo-config.yaml".path;
+    };
+  };
+}
options/home/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-}
options/home/helixSteelEventSystem.nix
@@ -1,44 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  helix-steel,
-  ...
-}: let
-  inherit (lib) mkOption types;
-
-  cfg = config.programs.helix.steelEventSystem;
-in {
-  options.programs.helix.steelEventSystem = {
-    enable = lib.mkEnableOption "Enable Helix Steel event system.";
-    steelPackage = lib.mkPackageOption pkgs "steel" {};
-    initScm = mkOption {
-      type = types.either types.lines types.path;
-      default = "";
-    };
-    helixScm = mkOption {
-      type = types.either types.lines types.path;
-      default = "";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    home.packages = [cfg.steelPackage];
-    programs.helix.package = lib.mkDefault helix-steel.packages.${pkgs.system}.default;
-
-    xdg.configFile."helix/init.scm" = let
-      scm = cfg.initScm;
-    in
-      lib.mkIf (lib.stringLength scm != 0) {
-        source = lib.mkIf (lib.isPath scm) scm;
-        text = lib.mkIf (!(lib.isPath scm)) scm;
-      };
-    xdg.configFile."helix/helix.scm" = let
-      scm = cfg.helixScm;
-    in
-      lib.mkIf (lib.stringLength scm != 0) {
-        source = lib.mkIf (lib.isPath scm) scm;
-        text = lib.mkIf (!(lib.isPath scm)) scm;
-      };
-  };
-}
options/nixos/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-}
options/nixos/hosts.nix
@@ -1,87 +0,0 @@
-{lib, ...}:
-with lib; let
-  secretType = types.submodule {
-    options = {
-      secretName = mkOption {
-        type = types.str;
-      };
-    };
-  };
-  optSecretType = types.nullOr (types.either types.str secretType);
-
-  hostModule = types.submodule {
-    options = {
-      network = mkOption {
-        type = networkModule;
-        default = {};
-        description = "Network configurations of the host.";
-      };
-      hostPublicKey = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-      };
-      sshPorts = mkOption {
-        type = types.listOf types.port;
-        default = [22];
-      };
-    };
-  };
-
-  networkModule = types.submodule {
-    options = {
-      enable = mkOption {
-        type = types.nullOr (types.enum ["networkmanager" "networkd"]);
-        default = null;
-        description = "Which network manager to use.";
-      };
-      iface = mkOption {
-        type = types.str;
-      };
-      useDHCP = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      nameservers = mkOption {
-        type = types.listOf types.str;
-        default = [];
-      };
-      search = mkOption {
-        type = types.listOf types.str;
-        default = [];
-      };
-      ipv4 = mkOption {
-        type = optSecretType;
-        default = null;
-      };
-      ipv6 = mkOption {
-        type = optSecretType;
-        default = null;
-      };
-      prefixLength4 = mkOption {
-        type = types.int;
-        default = 24;
-      };
-      prefixLength6 = mkOption {
-        type = types.int;
-        default = 64;
-      };
-      defaultGateway = mkOption {
-        type = optSecretType;
-        default = null;
-      };
-      defaultGateway6 = mkOption {
-        type = optSecretType;
-        default = null;
-      };
-    };
-  };
-in {
-  options.modules.my-hosts = mkOption {
-    type = types.attrsOf hostModule;
-    description = "My nix hosts general configuration";
-    default = {};
-  };
-  options.modules.currentHost = mkOption {
-    type = types.str;
-  };
-}
options/nixos/mihomo.nix
@@ -1,35 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: let
-  inherit (lib) mkOption types;
-  format = pkgs.formats.yaml {};
-  cfg = config.services.mihomo.config;
-in {
-  options.services.mihomo.config = mkOption {
-    default = {};
-    type = types.submodule {
-      freeformType = format.type;
-      options = {
-        tun = {
-          enable = mkOption {
-            default = config.options.services.mihomo.tunMode;
-            type = types.bool;
-          };
-          device = mkOption {
-            default = "utun0";
-            type = types.str;
-          };
-        };
-      };
-    };
-  };
-
-  config = {
-    networking.firewall.trustedInterfaces = lib.mkIf config.services.mihomo.tunMode [cfg.tun.device];
-    sops.templates."mihomo-config.yaml".content = builtins.toJSON cfg;
-    services.mihomo.configFile = config.sops.templates."mihomo-config.yaml".path;
-  };
-}
os-modules/base/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-}
os-modules/nixos/base/mihomo/config/default.nix
@@ -1,21 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-
-  # See /options/nixos/mihomo.nix
-  services.mihomo.config = {
-    mixed-port = 7154;
-    allow-lan = true;
-    mode = "rule";
-    log-level = "warning";
-    ipv6 = false;
-    find-process-mode = "strict";
-    external-controller = "127.0.0.1:9090";
-    unified-delay = true;
-    tcp-concurrent = true;
-    global-client-fingerprint = "chrome";
-    profile = {
-      store-selected = true;
-      store-fake-ip = true;
-    };
-  };
-}
os-modules/nixos/base/mihomo/config/dns.nix
@@ -1,40 +0,0 @@
-{...}: {
-  services.mihomo.config.dns = {
-    enable = true;
-    prefer-h3 = true;
-    ipv6 = false;
-    enhanced-mode = "fake-ip";
-    fake-ip-range = "198.18.0.1/16";
-    fake-ip-filter = [
-      "+.+m2m"
-      "+.$injections.adguard.org"
-      "+.$local.adguard.org"
-      "+.+bogon"
-      "+.+lan"
-      "+.+local"
-      "+.+localdomain"
-      "+.home.arpa"
-      "dns.msftncsi.com"
-      "*.srv.nintendo.net"
-      "*.stun.playstation.net"
-      "xbox.*.microsoft.com"
-      "*.xboxlive.com"
-      "*.turn.twilio.com"
-      "*.stun.twilio.com"
-      "stun.syncthing.net"
-      "stun.*"
-      "*.sslip.io"
-      "*.nip.io"
-    ];
-    respect-rules = true;
-    nameserver = [
-      "system"
-      "https://223.5.5.5/dns-query"
-      "https://doh.pub/dns-query"
-    ];
-    proxy-server-nameserver = [
-      "https://223.5.5.5/dns-query"
-      "https://doh.pub/dns-query"
-    ];
-  };
-}
os-modules/nixos/base/mihomo/config/proxy-groups.nix
@@ -1,210 +0,0 @@
-{...}: let
-  FilterHK = "^(?=.*((?i)🇭🇰|香港|\\b(HK|Hong)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterTW = "^(?=.*((?i)🇹🇼|台湾|\\b(TW|Tai|Taiwan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterJP = "^(?=.*((?i)🇯🇵|日本|川日|东京|大阪|泉日|埼玉|\\b(JP|Japan)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterKR = "^(?=.*((?i)🇰🇷|韩国|韓|首尔|\\b(KR|Korea)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterSG = "^(?=.*((?i)🇸🇬|新加坡|狮|\\b(SG|Singapore)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterUS = "^(?=.*((?i)🇺🇸|美国|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|\\b(US|United States)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterUK = "^(?=.*((?i)🇬🇧|英国|伦敦|\\b(UK|United Kingdom)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterFR = "^(?=.*((?i)🇫🇷|法国|\\b(FR|France)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterDE = "^(?=.*((?i)🇩🇪|德国|\\b(DE|Germany)(\\d+)?\\b))(?!.*((?i)回国|校园|网站|地址|剩余|过期|时间|有效|网址|禁止|邮箱|发布|客服|订阅|节点)).*$";
-  FilterOthers = "^(?!.*(🇭🇰|HK|Hong|香港|🇹🇼|TW|Taiwan|Wan|🇯🇵|JP|Japan|日本|🇸🇬|SG|Singapore|狮城|🇺🇸|US|United States|America|美国|🇩🇪|DE|Germany|德国|🇬🇧|UK|United Kingdom|英国|🇰🇷|KR|Korea|韩国|韓|🇫🇷|FR|France|法国)).*$";
-  FilterAll = "^(?=.*(.))(?!.*((?i)群|邀请|返利|循环|官网|客服|网站|网址|获取|订阅|流量|到期|机场|下次|版本|官址|备用|过期|已用|联系|邮箱|工单|贩卖|通知|倒卖|防止|国内|地址|频道|无法|说明|使用|提示|特别|访问|支持|教程|关注|更新|作者|加入|(\\b(USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author)\\b|(\\d{4}-\\d{2}-\\d{2}|\\d+G)))).*$";
-
-  Select = {
-    type = "select";
-    url = "http://connectivitycheck.platform.hicloud.com/generate_204";
-    disable-udp = false;
-    hidden = false;
-    include-all = true;
-  };
-  Auto = {
-    type = "url-test";
-    url = "http://connectivitycheck.platform.hicloud.com/generate_204";
-    interval = 300;
-    tolerance = 50;
-    disable-udp = false;
-    hidden = true;
-    include-all = true;
-  };
-in {
-  services.mihomo.config.proxy-groups =
-    [
-      # 主选择组
-      {
-        name = "🎯 节点选择";
-        type = "select";
-        proxies = ["自动选择" "手动选择" "DIRECT"];
-        url = "http://connectivitycheck.platform.hicloud.com/generate_204";
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Static.png";
-      }
-      # 手动/自动
-      {
-        name = "手动选择";
-        type = "select";
-        proxies = [
-          "🇭🇰 - 手动选择"
-          "🇯🇵 - 手动选择"
-          "🇰🇷 - 手动选择"
-          "🇸🇬 - 手动选择"
-          "🇺🇸 - 手动选择"
-          "🇬🇧 - 手动选择"
-          "🇫🇷 - 手动选择"
-          "🇩🇪 - 手动选择"
-          "🇹🇼 - 手动选择"
-          "Others - 手动选择"
-        ];
-        url = "http://connectivitycheck.platform.hicloud.com/generate_204";
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Cylink.png";
-      }
-      {
-        name = "自动选择";
-        type = "select";
-        proxies = [
-          "🇭🇰 - 自动选择"
-          "🇯🇵 - 自动选择"
-          "🇰🇷 - 自动选择"
-          "🇸🇬 - 自动选择"
-          "🇺🇸 - 自动选择"
-          "🇬🇧 - 自动选择"
-          "🇫🇷 - 自动选择"
-          "🇩🇪 - 自动选择"
-          "🇹🇼 - 自动选择"
-        ];
-        url = "http://connectivitycheck.platform.hicloud.com/generate_204";
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Urltest.png";
-      }
-      # 应用分组
-      {
-        name = "✈️ 电报信息";
-        type = "select";
-        proxies = [
-          "🎯 节点选择"
-          "🇭🇰 - 自动选择"
-          "🇯🇵 - 自动选择"
-          "🇸🇬 - 自动选择"
-          "🇺🇸 - 自动选择"
-        ];
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Telegram.png";
-      }
-      {
-        name = "🤖 AIGC";
-        type = "select";
-        proxies = [
-          "🇺🇸 - 自动选择"
-          "🎯 节点选择"
-          "🇭🇰 - 自动选择"
-          "🇯🇵 - 自动选择"
-          "🇸🇬 - 自动选择"
-        ];
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/OpenAI.png";
-      }
-      {
-        name = "🍎 苹果服务";
-        type = "select";
-        proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Apple.png";
-      }
-      {
-        name = "Ⓜ️ 微软服务";
-        type = "select";
-        proxies = ["DIRECT" "🎯 节点选择" "🇭🇰 - 自动选择" "🇺🇸 - 自动选择"];
-        icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Microsoft.png";
-      }
-    ]
-    ++ (map (x: Auto // x) [
-      # 自动选择 - 按地区
-      {
-        name = "🇭🇰 - 自动选择";
-        filter = FilterHK;
-      }
-      {
-        name = "🇯🇵 - 自动选择";
-        filter = FilterJP;
-      }
-      {
-        name = "🇰🇷 - 自动选择";
-        filter = FilterKR;
-      }
-      {
-        name = "🇸🇬 - 自动选择";
-        filter = FilterSG;
-      }
-      {
-        name = "🇺🇸 - 自动选择";
-        filter = FilterUS;
-      }
-      {
-        name = "🇬🇧 - 自动选择";
-        filter = FilterUK;
-      }
-      {
-        name = "🇫🇷 - 自动选择";
-        filter = FilterFR;
-      }
-      {
-        name = "🇩🇪 - 自动选择";
-        filter = FilterDE;
-      }
-      {
-        name = "🇹🇼 - 自动选择";
-        filter = FilterTW;
-      }
-    ])
-    ++ (map (x: Select // x) [
-      # 手动选择 - 按地区
-      {
-        name = "🇭🇰 - 手动选择";
-        filter = FilterHK;
-      }
-      {
-        name = "🇯🇵 - 手动选择";
-        filter = FilterJP;
-      }
-      {
-        name = "🇰🇷 - 手动选择";
-        filter = FilterKR;
-      }
-      {
-        name = "🇸🇬 - 手动选择";
-        filter = FilterSG;
-      }
-      {
-        name = "🇺🇸 - 手动选择";
-        filter = FilterUS;
-      }
-      {
-        name = "🇬🇧 - 手动选择";
-        filter = FilterUK;
-      }
-      {
-        name = "🇫🇷 - 手动选择";
-        filter = FilterFR;
-      }
-      {
-        name = "🇩🇪 - 手动选择";
-        filter = FilterDE;
-      }
-      {
-        name = "🇹🇼 - 手动选择";
-        filter = FilterTW;
-      }
-      {
-        name = "Others - 手动选择";
-        filter = FilterOthers;
-      }
-    ])
-    ++ [
-      # 全部节点
-      (Select
-        // {
-          name = "AllIn - 手动选择";
-          filter = FilterAll;
-        })
-      (Auto
-        // {
-          name = "AllIn - 自动选择";
-          filter = FilterAll;
-        })
-    ];
-}
os-modules/nixos/base/mihomo/config/proxy-providers.nix
@@ -1,32 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  NodeParam = {
-    type = "http";
-    interval = 86400;
-    health-check = {
-      enable = true;
-      url = "http://cp.cloudflare.com";
-      interval = 300;
-    };
-  };
-in {
-  services.mihomo.config.proxy-providers = lib.mkIf config.services.mihomo.enable {
-    "Node-YiYuan" =
-      NodeParam
-      // {
-        url = config.sops.placeholder."mihomo/providers/yi_yuan";
-        path = "./proxy_provider/providers-yi_yuan.yaml";
-        override.additional-prefix = "[YY]";
-      };
-    "Node-MoJie" =
-      NodeParam
-      // {
-        url = config.sops.placeholder."mihomo/providers/mo_jie";
-        path = "./proxy_provider/providers-mo_jie.yaml";
-        override.additional-prefix = "[MJ]";
-      };
-  };
-}
os-modules/nixos/base/mihomo/config/rules.nix
@@ -1,227 +0,0 @@
-{config, ...}: let
-  RuleSet_classical = {
-    type = "http";
-    behavior = "classical";
-    interval = 43200;
-    format = "text";
-    proxy = "🎯 节点选择";
-  };
-  RuleSet_domain = {
-    type = "http";
-    behavior = "domain";
-    interval = 43200;
-    format = "text";
-    proxy = "🎯 节点选择";
-  };
-  RuleSet_ipcidr = {
-    type = "http";
-    behavior = "ipcidr";
-    interval = 43200;
-    format = "text";
-    proxy = "🎯 节点选择";
-  };
-in {
-  services.mihomo.config = {
-    rules = [
-      # 自订类规则
-      "AND,((DOMAIN-SUFFIX,glacier.mxrouting.net),(DST-PORT,465/993)),DIRECT" # My Domain Email
-      "AND,((RULE-SET,my_hosts),(NOT,((DST-PORT,80/443)))),DIRECT" # My VPS
-
-      # 非 IP 类规则
-      "RULE-SET,reject_non_ip,REJECT"
-      "RULE-SET,reject_domainset,REJECT"
-      "RULE-SET,reject_non_ip_drop,REJECT-DROP"
-      "RULE-SET,reject_non_ip_no_drop,REJECT"
-      "RULE-SET,cdn_domainset,🎯 节点选择"
-      "RULE-SET,cdn_non_ip,🎯 节点选择"
-      "RULE-SET,stream_non_ip,🇺🇸 - 自动选择"
-      "RULE-SET,telegram_non_ip,✈️ 电报信息"
-      "RULE-SET,apple_cdn,DIRECT"
-      "RULE-SET,download_domainset,🎯 节点选择"
-      "RULE-SET,download_non_ip,🎯 节点选择"
-      "RULE-SET,microsoft_cdn_non_ip,DIRECT"
-      "RULE-SET,apple_cn_non_ip,DIRECT"
-      "RULE-SET,apple_services,🍎 苹果服务"
-      "RULE-SET,microsoft_non_ip,Ⓜ️ 微软服务"
-      "RULE-SET,ai_non_ip,🤖 AIGC"
-      "RULE-SET,global_non_ip,🎯 节点选择"
-      "RULE-SET,domestic_non_ip,DIRECT"
-      "RULE-SET,direct_non_ip,DIRECT"
-      "RULE-SET,lan_non_ip,DIRECT"
-
-      # IP 类规则
-      "RULE-SET,reject_ip,REJECT"
-      "RULE-SET,telegram_ip,✈️ 电报信息"
-      "RULE-SET,stream_ip,🇺🇸 - 自动选择"
-      "RULE-SET,lan_ip,DIRECT"
-      "RULE-SET,domestic_ip,DIRECT"
-      "RULE-SET,china_ip,DIRECT"
-      "MATCH,🎯 节点选择"
-    ];
-    rule-providers = {
-      reject_non_ip_no_drop =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt";
-          path = "./rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt";
-        };
-      reject_non_ip_drop =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt";
-          path = "./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt";
-        };
-      reject_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/reject.txt";
-          path = "./rule_set/sukkaw_ruleset/reject_non_ip.txt";
-        };
-      reject_domainset =
-        RuleSet_domain
-        // {
-          url = "https://ruleset.skk.moe/Clash/domainset/reject.txt";
-          path = "./rule_set/sukkaw_ruleset/reject_domainset.txt";
-        };
-      reject_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/ip/reject.txt";
-          path = "./rule_set/sukkaw_ruleset/reject_ip.txt";
-        };
-      cdn_domainset =
-        RuleSet_domain
-        // {
-          url = "https://ruleset.skk.moe/Clash/domainset/cdn.txt";
-          path = "./rule_set/sukkaw_ruleset/cdn_domainset.txt";
-        };
-      cdn_non_ip =
-        RuleSet_domain
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/cdn.txt";
-          path = "./rule_set/sukkaw_ruleset/cdn_non_ip.txt";
-        };
-      stream_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/stream.txt";
-          path = "./rule_set/sukkaw_ruleset/stream_non_ip.txt";
-        };
-      stream_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/ip/stream.txt";
-          path = "./rule_set/sukkaw_ruleset/stream_ip.txt";
-        };
-      ai_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/ai.txt";
-          path = "./rule_set/sukkaw_ruleset/ai_non_ip.txt";
-        };
-      telegram_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/telegram.txt";
-          path = "./rule_set/sukkaw_ruleset/telegram_non_ip.txt";
-        };
-      telegram_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/ip/telegram.txt";
-          path = "./rule_set/sukkaw_ruleset/telegram_ip.txt";
-        };
-      apple_cdn =
-        RuleSet_domain
-        // {
-          url = "https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt";
-          path = "./rule_set/sukkaw_ruleset/apple_cdn.txt";
-        };
-      apple_services =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/apple_services.txt";
-          path = "./rule_set/sukkaw_ruleset/apple_services.txt";
-        };
-      apple_cn_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt";
-          path = "./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt";
-        };
-      microsoft_cdn_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt";
-          path = "./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt";
-        };
-      microsoft_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/microsoft.txt";
-          path = "./rule_set/sukkaw_ruleset/microsoft_non_ip.txt";
-        };
-      download_domainset =
-        RuleSet_domain
-        // {
-          url = "https://ruleset.skk.moe/Clash/domainset/download.txt";
-          path = "./rule_set/sukkaw_ruleset/download_domainset.txt";
-        };
-      download_non_ip =
-        RuleSet_domain
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/download.txt";
-          path = "./rule_set/sukkaw_ruleset/download_non_ip.txt";
-        };
-      lan_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/lan.txt";
-          path = "./rule_set/sukkaw_ruleset/lan_non_ip.txt";
-        };
-      lan_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/ip/lan.txt";
-          path = "./rule_set/sukkaw_ruleset/lan_ip.txt";
-        };
-      domestic_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/domestic.txt";
-          path = "./rule_set/sukkaw_ruleset/domestic_non_ip.txt";
-        };
-      direct_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/direct.txt";
-          path = "./rule_set/sukkaw_ruleset/direct_non_ip.txt";
-        };
-      global_non_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/non_ip/global.txt";
-          path = "./rule_set/sukkaw_ruleset/global_non_ip.txt";
-        };
-      domestic_ip =
-        RuleSet_classical
-        // {
-          url = "https://ruleset.skk.moe/Clash/ip/domestic.txt";
-          path = "./rule_set/sukkaw_ruleset/domestic_ip.txt";
-        };
-      china_ip =
-        RuleSet_ipcidr
-        // {
-          url = "https://ruleset.skk.moe/Clash/ip/china_ip.txt";
-          path = "./rule_set/sukkaw_ruleset/china_ip.txt";
-        };
-      my_hosts = {
-        type = "inline";
-        behavior = "classical";
-        payload = [
-          "IP-CIDR,${config.sops.placeholder.pardofelis-ipv4}/32"
-        ];
-      };
-    };
-  };
-}
os-modules/nixos/base/mihomo/config/sniffer.nix
@@ -1,21 +0,0 @@
-{...}: {
-  services.mihomo.config.sniffer = {
-    enable = true;
-    sniff = {
-      HTTP = {
-        ports = [80 "8080-8880"];
-        override-destination = true;
-      };
-      TLS = {
-        ports = [443 8443];
-      };
-      QUIC = {
-        ports = [443 8443];
-      };
-    };
-    skip-domain = [
-      "Mijia Cloud"
-      "+.push.apple.com"
-    ];
-  };
-}
os-modules/nixos/base/mihomo/config/tun.nix
@@ -1,15 +0,0 @@
-{...}: {
-  services.mihomo.config.tun = {
-    enable = true;
-    stack = "mixed";
-    device = "ElysianRealm";
-    auto-route = true;
-    auto-detect-interface = true;
-    dns-hijack = [
-      "any:53"
-      "tcp://any:53"
-    ];
-    strict-route = true;
-    mtu = 1500;
-  };
-}
os-modules/nixos/base/mihomo/default.nix
@@ -1,14 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [./config];
-  config = lib.mkIf config.services.mihomo.enable {
-    services.mihomo = {
-      tunMode = true;
-      webui = pkgs.metacubexd;
-    };
-  };
-}
os-modules/nixos/base/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-}
os-modules/nixos/desktop/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-}
os-modules/nixos/desktop/misc.nix
@@ -1,8 +0,0 @@
-{myvars, ...}: {
-  services.sunshine = {
-    enable = true;
-    autoStart = false;
-    openFirewall = true;
-    capSysAdmin = true;
-  };
-}
os-modules/nixos/server/x86_64.nix
@@ -1,6 +0,0 @@
-{lib, ...}: {
-  imports = [
-    ../base
-    ../../base
-  ];
-}
os-modules/nixos/desktop.nix
@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./base
-    ../base
-    ./desktop
-  ];
-}
outputs/x86_64-linux/src/kevin.nix
@@ -1,35 +0,0 @@
-{
-  # NOTE: the args not used in this file CAN NOT be removed!
-  # because haumea pass argument lazily,
-  # and these arguments are used in the functions `mylib.nixosSystem`.
-  inputs,
-  lib,
-  myvars,
-  mylib,
-  system,
-  genSpecialArgs,
-  ...
-} @ args: let
-  # Kevin - Codename "Deliverance", 1st of Flame-Chasers
-  name = "kevin";
-  base-modules = {
-    nixos-modules = map mylib.relativeToRoot [
-      # common
-      "secrets/nixos.nix"
-      "os-modules/nixos/desktop.nix"
-      "options/nixos/default.nix"
-      "hosts/general.nix"
-      # host specific
-      "hosts/chaser-${name}"
-    ];
-    home-modules = map mylib.relativeToRoot [
-      # common
-      "home/linux/gui.nix"
-      "options/home/default.nix"
-    ];
-  };
-in {
-  nixosConfigurations = {
-    "${name}" = mylib.nixosSystem (base-modules // args);
-  };
-}
outputs/x86_64-linux/src/pardofelis.nix
@@ -1,40 +0,0 @@
-{
-  # NOTE: the args not used in this file CAN NOT be removed!
-  # because haumea pass argument lazily,
-  # and these arguments are used in the functions like `mylib.nixosSystem`, `mylib.colmenaSystem`, etc.
-  inputs,
-  lib,
-  myvars,
-  mylib,
-  system,
-  genSpecialArgs,
-  ...
-} @ args: let
-  # Pardofelis - Codename "Reverie", 13th of Flame-Chasers
-  name = "pardofelis";
-  tags = ["pardo" "vps"];
-  ssh-user = "root";
-
-  modules = {
-    nixos-modules = map mylib.relativeToRoot [
-      # common
-      "secrets/nixos.nix"
-      "os-modules/nixos/server/x86_64.nix"
-      "options/nixos/default.nix"
-      "hosts/general.nix"
-      # host specific
-      "hosts/chaser-${name}"
-    ];
-    home-modules = map mylib.relativeToRoot [
-      "home/linux/core.nix"
-      "options/home/default.nix"
-    ];
-  };
-
-  systemArgs = modules // args;
-in {
-  nixosConfigurations.${name} = mylib.nixosSystem systemArgs;
-
-  colmena.${name} =
-    mylib.colmenaSystem (systemArgs // {inherit tags ssh-user;});
-}
outputs/x86_64-linux/default.nix
@@ -1,32 +0,0 @@
-{
-  lib,
-  inputs,
-  ...
-} @ args: let
-  inherit (inputs) haumea;
-
-  # Contains all the flake outputs of this system architecture.
-  data = haumea.lib.load {
-    src = ./src;
-    inputs = args;
-  };
-  # nix file names is redundant, so we remove it.
-  dataWithoutPaths = builtins.attrValues data;
-
-  # Merge all the machine's data into a single attribute set.
-  outputs = {
-    nixosConfigurations = lib.attrsets.mergeAttrsList (map (it: it.nixosConfigurations or {}) dataWithoutPaths);
-    packages = lib.attrsets.mergeAttrsList (map (it: it.packages or {}) dataWithoutPaths);
-
-    colmenaMeta = {
-      nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) dataWithoutPaths);
-      nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) dataWithoutPaths);
-    };
-
-    colmena = lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) dataWithoutPaths);
-  };
-in
-  outputs
-  // {
-    inherit data;
-  }
outputs/default.nix
@@ -1,98 +0,0 @@
-{
-  self,
-  colmena,
-  nixpkgs,
-  ...
-} @ inputs: let
-  inherit (inputs.nixpkgs) lib;
-  mylib = import ../lib {inherit lib;};
-  myvars = import ../vars {inherit lib;};
-
-  # Add my custom lib, vars, nixpkgs instance, and all the inputs to specialArgs,
-  # so that I can use them in all my nixos/home-manager modules.
-  genSpecialArgs = system:
-    inputs
-    // {
-      inherit mylib myvars;
-
-      # use unstable branch for some packages to get the latest updates
-      pkgs-unstable = import inputs.nixpkgs-unstable {
-        inherit system; # refer the `system` parameter form outer scope recursively
-        config.allowUnfree = true;
-      };
-      pkgs-stable = import inputs.nixpkgs-stable {
-        inherit system;
-        config.allowUnfree = true;
-      };
-    };
-
-  # This is the args for all the haumea modules in this folder.
-  args = {
-    inherit
-      inputs
-      lib
-      mylib
-      myvars
-      genSpecialArgs
-      ;
-  };
-
-  nixosSystems = {
-    x86_64-linux = import ./x86_64-linux (args // {system = "x86_64-linux";});
-  };
-
-  darwinSystems = {};
-  allSystems = nixosSystems // darwinSystems;
-  allSystemNames = builtins.attrNames allSystems;
-  nixosSystemValues = builtins.attrValues nixosSystems;
-  darwinSystemValues = builtins.attrValues darwinSystems;
-  allSystemValues = nixosSystemValues ++ darwinSystemValues;
-
-  # Helper function to generate a set of attributes for each system
-  forAllSystems = func: (nixpkgs.lib.genAttrs allSystemNames func);
-in {
-  # Add attribute sets into outputs, for debugging
-  debugAttrs = {
-    inherit
-      nixosSystems
-      darwinSystems
-      allSystems
-      allSystemNames
-      ;
-  };
-
-  # NixOS Hosts
-  nixosConfigurations = lib.attrsets.mergeAttrsList (
-    map (it: it.nixosConfigurations or {}) nixosSystemValues
-  );
-
-  # Colmena - remote deployment via SSH
-  colmenaHive = colmena.lib.makeHive self.outputs.colmena;
-  colmena =
-    {
-      meta =
-        (
-          let
-            system = "x86_64-linux";
-          in {
-            # colmena's default nixpkgs & specialArgs
-            nixpkgs = import nixpkgs {inherit system;};
-            specialArgs = genSpecialArgs system;
-          }
-        )
-        // {
-          # per-node nixpkgs & specialArgs
-          nodeNixpkgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeNixpkgs or {}) nixosSystemValues);
-          nodeSpecialArgs = lib.attrsets.mergeAttrsList (map (it: it.colmenaMeta.nodeSpecialArgs or {}) nixosSystemValues);
-        };
-    }
-    // lib.attrsets.mergeAttrsList (map (it: it.colmena or {}) nixosSystemValues);
-
-  # macOS Hosts
-  darwinConfigurations = lib.attrsets.mergeAttrsList (
-    map (it: it.darwinConfigurations or {}) darwinSystemValues
-  );
-
-  # Packages
-  packages = forAllSystems (system: allSystems.${system}.packages or {});
-}
secrets/cache/kevin/1574a7d801448f0b4ab98eee874b12bf3949b44cea1acf989495127bcb96a572
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ EJ8ro4r4KYlTuz3wgswWmiwic2g9BPjFxcMtVsV5DAc
+P3Nr0ZV7npDUIuU4GHAFCahbJwcEl0Z8spwDJHM4EJM
+-> J<u-grease 8wE*z@ ?I&Q.^ eDj&j
+eRd8LgkJ/MqimUZken7s
+--- PkpYVAmXz62mT+q5bdsOKOIIpnPhKULH+IVoa16lrLY
+WX:=v��7�����9L�p���Hy������Vm��__�"��j�
��e���J�Fhe����S�
+s��x����X�<�(�����1ڶ�l�i�pG)�#�8��`��D�[�ϟn�[4L;�Zx&8<�
\ No newline at end of file
secrets/cache/kevin/bc7466e6398c92cd6e860b3d4878576f19f36861e6f740efcaab245e92d8d60c
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ SvZqyNkDqKMdkNCFH1/yhthC1tPieZQlIsnI15wHg28
+93AlOpQ+RtzBJV/dz4FGslcSJPbbyo0PxuIO46fvmI0
+-> 8Sv7=&-grease )D R(| lNJ0R|$ D8?w
+XDj5bs3GHg
+--- 5OGHXkcOznFvw8dsfsKjNGlfYA1dkeYXZ+/t1g+fG0g
+�=?;�YO;ɨ6)RG�����wT������
�a�,�+T���vtc�%�&�F
��I�}�z�
+v��O��3���3�����(a�4hs��%���5x-�������sA��'��8-٨���P÷<״>�
\ No newline at end of file
secrets/hosts/pardofelis/default.nix
@@ -1,216 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  secretFileConf = {
-    format = "yaml";
-    sopsFile = ./secrets.yaml;
-  };
-in
-  lib.mkMerge (
-    [
-      {
-        sops.secrets = builtins.listToAttrs (builtins.map (x: {
-          name = "pardofelis-${x}";
-          value =
-            {
-              key = x;
-            }
-            // secretFileConf;
-        }) ["ipv4" "ipv6" "gateway" "gateway6"]);
-      }
-    ]
-    ++ lib.map (nvp: {
-      sops.secrets.${nvp.name} =
-        lib.mkIf
-        (config.modules.currentHost == "pardofelis")
-        nvp.value;
-    }) (
-      let
-        artalkConf = {
-          owner = "root";
-          group = "artalk";
-          mode = "0440";
-        };
-        autheliaMainConf = {
-          owner = "root";
-          group = "authelia-main";
-          mode = "0440";
-        };
-      in [
-        {
-          name = "freshrss-admin-password";
-          value =
-            {
-              key = "services/freshrss/defaultUserPassword";
-              owner = "root";
-              group = "freshrss";
-              mode = "0440";
-            }
-            // secretFileConf;
-        }
-        {
-          name = "grafana-admin-password";
-          value =
-            {
-              key = "services/grafana/adminPassword";
-              owner = "root";
-              group = "grafana";
-              mode = "0440";
-            }
-            // secretFileConf;
-        }
-        {
-          name = "forgejo-mailer-password";
-          value =
-            {
-              key = "services/forgejo/mailerPassword";
-              owner = "root";
-              group = "forgejo";
-              mode = "0440";
-            }
-            // secretFileConf;
-        }
-        {
-          name = "restic-backup-password";
-          value = {key = "services/restic/password";} // secretFileConf;
-        }
-        {
-          name = "forgejo-runner-token";
-          value = {key = "services/forgejo-runner/token";} // secretFileConf;
-        }
-        # === GoToSocial === #
-        {
-          name = "gotosocial-s3-endpoint";
-          value = {key = "services/gotosocial/s3Endpoint";} // secretFileConf;
-        }
-        {
-          name = "gotosocial-s3-access-key";
-          value = {key = "services/gotosocial/s3AccessKey";} // secretFileConf;
-        }
-        {
-          name = "gotosocial-s3-secret-key";
-          value = {key = "services/gotosocial/s3SecretKey";} // secretFileConf;
-        }
-        {
-          name = "gotosocial-oidc-secret";
-          value = {key = "services/gotosocial/oidcSecret";} // secretFileConf;
-        }
-        {
-          name = "gotosocial-smtp-password";
-          value = {key = "services/gotosocial/smtpPassword";} // secretFileConf;
-        }
-        {
-          name = "gotosocial-metrics-password";
-          value = {key = "services/gotosocial/metricsPassword";} // secretFileConf;
-        }
-        # === Authelia === #
-        {
-          name = "authelia-main-oidc-hmac-secret";
-          value =
-            {key = "services/authelia/main/oidcHmacSecret";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-oidc-issuer-private-key";
-          value =
-            {key = "services/authelia/main/oidcIssuerPrivateKey";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-session-secret";
-          value =
-            {key = "services/authelia/main/sessionSecret";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-jwt-secret";
-          value =
-            {key = "services/authelia/main/jwtSecret";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-storage-encryption-key";
-          value =
-            {key = "services/authelia/main/storageEncryptionKey";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-client-secrets-forgejo";
-          value =
-            {key = "services/authelia/main/clientSecrets/forgejo";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-client-secrets-gokapi";
-          value =
-            {key = "services/authelia/main/clientSecrets/gokapi";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        {
-          name = "authelia-main-client-secrets-gts-trinnon";
-          value =
-            {key = "services/authelia/main/clientSecrets/gts-trinnon";}
-            // autheliaMainConf
-            // secretFileConf;
-        }
-        # === Artalk === #
-        {
-          name = "artalk-akismet-key";
-          value =
-            {key = "services/artalk/akismetKey";}
-            // artalkConf
-            // secretFileConf;
-        }
-        {
-          name = "artalk-app-key";
-          value =
-            {key = "services/artalk/appKey";}
-            // artalkConf
-            // secretFileConf;
-        }
-        {
-          name = "artalk-email-password";
-          value =
-            {key = "services/artalk/emailPassword";}
-            // artalkConf
-            // secretFileConf;
-        }
-        {
-          name = "artalk-github-client-id";
-          value =
-            {key = "services/artalk/githubClientId";}
-            // artalkConf
-            // secretFileConf;
-        }
-        {
-          name = "artalk-github-client-secret";
-          value =
-            {key = "services/artalk/githubClientSecret";}
-            // artalkConf
-            // secretFileConf;
-        }
-        # === Gokapi === #
-        {
-          name = "gokapi-salt-admin";
-          value = {key = "services/gokapi/saltAdmin";} // secretFileConf;
-        }
-        {
-          name = "gokapi-salt-files";
-          value = {key = "services/gokapi/saltFiles";} // secretFileConf;
-        }
-        {
-          name = "gokapi-oauth-secret";
-          value = {key = "services/gokapi/oauthSecret";} // secretFileConf;
-        }
-      ]
-    )
-  )
secrets/hosts/pardofelis/secrets.yaml
@@ -1,79 +0,0 @@
-ipv4: ENC[AES256_GCM,data:EOyIUXJxIKZIjLjh,iv:fS6HCVpATCrOCleA+2ZqiJpQD/CqkOeFhRcgkVLx45I=,tag:7IqJE9v65SxJMcOW3juBIg==,type:str]
-ipv6: ENC[AES256_GCM,data:0tuG+y2elv10AmyLdTh6o1wggdSm9A==,iv:BzGoHn8JLlGpk/Ifn5Qtf7qHSMUzM3lXl2UOF7Eilts=,tag:mSnjqis1Z39j9+WWPQvB6g==,type:str]
-gateway: ENC[AES256_GCM,data:ScDchbNjK1DPkc4Zvw==,iv:AyMa6YkTyEJclJKOqIbWCc4bfr9IXyTrRNJ0cCv0LiE=,tag:bPwlivyWgcpKBd70Pp+z5A==,type:str]
-gateway6: ENC[AES256_GCM,data:0kNmpzpfa1Px+b8thcPU524SZWM=,iv:Rw9+fe1DvG/eE369zEiivy82aiWXRGvzTLBXEdd3BVY=,tag:nS1v2h/b169Q/7E7ywvu0A==,type:str]
-services:
-    freshrss:
-        defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
-    grafana:
-        adminPassword: ENC[AES256_GCM,data:GSD4lXMBxnzbmWluPp0J4Y7EDOnutCZq,iv:MqyKSHZk2RkPEo07SQxYYYZir+DPwWSjwwWVfeP8kqQ=,tag:VVJFT5HQquF6fOp7aOINSA==,type:str]
-    forgejo:
-        mailerPassword: ENC[AES256_GCM,data:R9zhwWLjxAuZe3+pXXh12GsO01kpseOv,iv:Z+VH4XHj7HHEr+PdWtpa2kL/vXOaaVZl+aqrFm/htoQ=,tag:sEvfPKWxWjTJzVAeND9/kA==,type:str]
-    forgejo-runner:
-        token: ENC[AES256_GCM,data:gm23RUL8LVnq6prQFjX+mk2NlcURJuRdlOOzDjM6brjPOi4Rxy4dZw==,iv:OsRpBP5SEdHSHiCAVS7FJhAlnuBODc66Ap+Fty9fhZo=,tag:7Ez+qNe/w18DGJT+neZSHA==,type:str]
-    gotosocial:
-        s3Endpoint: ENC[AES256_GCM,data:zUe0nDSW1T9i3YOq2Cao87nM4I05yquKMLsD7gMKYJ/M8bj9usBiFr3aAOW5mEiATzSy4VtupTDT,iv:UluVNVCcF1LUWYJWlCVS4y197TSuD34MNuUC7Mr+Tjg=,tag:AyLcTDPZoleKSMDX39ApBg==,type:str]
-        s3AccessKey: ENC[AES256_GCM,data:2hOwCwYROPZ/ZBs+QHjuaHZR8DZdBoz96Dh0g6ohFpg=,iv:6FGLKG+Y9/8tFqLsC+h7oBbT2HkMBDF1zobv61/a6j0=,tag:0OZ5KpK3P47ZqyEWdUEGRQ==,type:str]
-        s3SecretKey: ENC[AES256_GCM,data:zg0JEJvuGDLuEgm1clp7CI4tF47CtLsyR9kn9vr8YJvyDxPL9cSWgGMVffrGFf/AY9q4k7SSrNS047k5SB1nHQ==,iv:0LAatRgKfCrkdvQLfrCLl/BvdwkzH0SSRp17/6ssClA=,tag:U520Cp1+XZMjdW9RpwX2YQ==,type:str]
-        oidcSecret: ENC[AES256_GCM,data:SlFx334faSnViGXGHE8P+s/q49PDnTxJpCYdaIZd3KfhfzSvDV6XfodY10wgxs881+Ddcqs3063Z3aVE7CXn9kjFAudhqYt+,iv:AbtfLUpQrLj+0C7mRaKDjCyd9j8/3jyzJ43jaE4GZMw=,tag:PZjhijH3SG6Iiv8wkW5fPg==,type:str]
-        smtpPassword: ENC[AES256_GCM,data:77N68yKGZYmwlkNXMFtYSagJVpoy1BvlXYuj7msYVhM=,iv:i+cEF54rNUyADJKgFvDivAm2p5WoIjhpUB9GTTvL400=,tag:gYL1piOzxllAPuWqXNYWcQ==,type:str]
-        metricsPassword: ENC[AES256_GCM,data:z2allx8tfOAUtZL1Z0vQaa6wd3ASmTZRhdp2rg4wKaA=,iv:4YFl4D72VIeLdL9toxZeRYNvWyUi8n9P/EXeZ6yqdBM=,tag:k8sIThhEzBFDMiO3TA845Q==,type:str]
-    restic:
-        password: ENC[AES256_GCM,data:KrT+kv+1hbWnkZUOw+8m5c0bg2JacV/frOUi6zq6wIA=,iv:n5mIZ8FYcpCC3+RsYInfrYfs1WVBkguFmKT3juYzlMI=,tag:w6mN5hNNbdCK/qdW5U/a7w==,type:str]
-    artalk:
-        appKey: ENC[AES256_GCM,data:YWPX3IMm7tBBELRasgAreQ==,iv:R6XyPY3nbH+N80ye0MVX5QsV1kNQZbPRV8SwCcRhWDY=,tag:PbgpWMY6UobmXPuAQDE6WQ==,type:str]
-        akismetKey: ENC[AES256_GCM,data:HU2a/f8lC/s76uLx,iv:8Y8N2wy43rtAlk5ptp9SeIvqhhMzWIjuHspyc3cLOrg=,tag:IrIk0vOs7ovzb6tBMxV+bg==,type:str]
-        emailPassword: ENC[AES256_GCM,data:Qx2FxbIEm6Jjmv4ZV1JnMyZRUvHFRXM6,iv:tzNAQkmeMNAvNClnooVOssKNLVkKxczd7T3L/Gb0s4M=,tag:sGSJN6Msr+uMkiz7rBYL1g==,type:str]
-        githubClientId: ENC[AES256_GCM,data:ju1RHdc5cx99s+NQXfhk/b80jLI=,iv:84ly8arMzezgoxo61Barey/NaEYWF7c9HY5DS7fl2Gg=,tag:r7pf4jKkhsW+GAiGf2CG9A==,type:str]
-        githubClientSecret: ENC[AES256_GCM,data:pyt5ddWBtBA2A8MQDkT4toLgwVwa5VnlWGOwEFldMerYCtw4F9X7Ow==,iv:H2YbbmBTGskZ+1yLTZTICO0bzR9LADN+4Bl+/P1s1TE=,tag:DF9WXdE/isxZUNblpRUv5g==,type:str]
-    gokapi:
-        saltAdmin: ENC[AES256_GCM,data:oSOq+fA75Iv4GjFqUlcyA7vB1RHE9hUgVtQp0iw9,iv:h0VB/szqUN2KKmd5T7I6diinygw/d7uRfR4bIpado4w=,tag:CAVs81P23jqhiRy8fJEgcA==,type:str]
-        saltFiles: ENC[AES256_GCM,data:4OYUZFZr4Z89ufEpT7TCOi87Yk0JAIOPpuBFuGXI,iv:gldYRfNAWhdM0EivqgJ8mGtjbq0omBrgI/j5UBw/0bE=,tag:dAmms78ooZUX8OeEzV9E2Q==,type:str]
-        oauthSecret: ENC[AES256_GCM,data:K1rtzHjeJGCKgB0D3kOX3KmrsAkI7nW/EEMjpFEc4tkvY/Fw68VzqvKBPhRnSbiwETEiIvgUm081U+IHFzuI6FEA+okU2jCZ,iv:agXGqOsFvpZF95Zo8YxXcGeet2nIaKWJopxO3ZIGvBo=,tag:BKhcJm5SixS7oYZ+DDYD8w==,type:str]
-    authelia:
-        main:
-            clientSecrets:
-                forgejo: ENC[AES256_GCM,data:UvHmLsPzcpibjh9fJL5TawicsgGfhCi7kNO5LexWwWU3je8qTZmt9uWPUSW+MkJoN7Mx4EWG7T3ZqReK1t6/rMeE8zmNHw+ea6AfIpOhNejxTMd0j1CnMrIKnCvSWnXNgTueo0mYQxT7qnsh8Q+VurrOr1TudvNpIjoXISLIQ5yxABo=,iv:WZm/Z4VwcEZ8Ipd3Bw98PkjZdcWYXFt1Uhgq/+wgUSA=,tag:s/nx+8pWAVkTmRyuP07auQ==,type:str]
-                gokapi: ENC[AES256_GCM,data:kbICBV5SUIHCCL8RU2/0dHQEugrHvl3YP7r/k1tOlKC0mRh6m3XTgcYKpttEgm+Y3PgK3X6/0wQL7k2jWAQq6pMn5kQ4gH7L6BCdjUiE2TxI1wjOFd4LR2koM9x7LTkgb0md23IoCIG+QbpF/a+tRonmqg+FJh2gH0iwpqt9k3cmP8E=,iv:mKJ2AXJ1o/dcRnWiGMVwamWywjk6SwWxhyDXmQaoopE=,tag:/RXJCkpI85aeoUCCbfejDw==,type:str]
-                gts-trinnon: ENC[AES256_GCM,data:2OyqEjl2MrrWbQ4JjwAYVcRvJ0eFJS5JMfAQdQtSkzanQVrlxayT7eQkGOwz0CVOIYH3F1ngeZskAzwvm2id6z0wvmsUTDbaqOMqPqYjB8q39BK/2Dv7NPmP5p6z7hSzZ4hqEHsXu3HGte4vA9nEfyYlJHJb5i886Bvf9fiMUUM4PaA=,iv:/3H4UEP7RcK40Yz+C906tUr5Cv9eiNVLkLpDNz8qNZc=,tag:mRa3rPF7pXw9XF2tuKcokA==,type:str]
-            jwtSecret: ENC[AES256_GCM,data:czKoD+m8bu0ioTjXYmGv8ZhQphTgsv3GEAvgY4JsxbhAEDgzR1U/Pm7n3FuoIbCCPI6TQcRN2cB4NrvNNUoqZg==,iv:MZbgnw3GkgkQQNk2i4wNFkqcrsyIqdB1GbfeN+NTlwQ=,tag:MN7dV2BDjXxI3AxOYNie1Q==,type:str]
-            oidcHmacSecret: ENC[AES256_GCM,data:BOB1jTSl/yi/rPll1Frd2eFJQdZ+vI2c291Aot50eKZcaLzqA9OwUKY3MlXhyk68RF0p/krFNwRq1c4vhOTrDg==,iv:l5AS24F/Zv2iLf4TYpqR9AOFAzloYEoOVq/SHl2+OuQ=,tag:8nMMAI8TghiMSfDJ+qOYLQ==,type:str]
-            sessionSecret: ENC[AES256_GCM,data:kztWuKe/1zcnOypdbKh2SQ5LzS96XdjOngkJGDmtc8JdyJNbDbbAztLvN5FdUtJgo+Ltq6xFMsK5vQfIhmzttg==,iv://+sTH+dyZ18OUP9yJ67xEUhlR7gTLaL6Pich5VT4Qw=,tag:2JEAqUfmIwzSmKEaxBhkAQ==,type:str]
-            storageEncryptionKey: ENC[AES256_GCM,data:Izqst2AzXvOG4qi3BYIp4BY2nGfuVEUro3mjrHRtMfY=,iv:CYqOylrTvPGvCTJ8ObCg9um4hWLY4cqRqMBruzCeAko=,tag:IQ9CAr9sGKaZKVbAOeFXVA==,type:str]
-            oidcIssuerPrivateKey: ENC[AES256_GCM,data:TRui0p/mI93Rfi6SZuZFuanMTIpQx0ODvkMlgJ8aNsI2SNScAMy+nXcojUE1Fa/TYkKXdUmgol62PIsjXTWGl+onUiyvYC+gMcJUVcNNDbUGruELeUYLFKLCciF8iAO5iuef6rJJIrrb6AHCqoNGuNxy7PL9F4T7LiKNCAv/vn4MxRfS3OEO3svdrDFSNwTieRBvL5RW43LkKwiV4fRSPMDKng6/N5oIU10fslP2tnGa0S14M2EHE4GMbfm0FUlvudCQjVcWoWp9H2h7XGB5ykqUWli5oAJA8JV5wJdRp+ADtWJA2zyPEMTjwis0M1UBdvDZ1h13Kf5Rv07I0V+gKIWFaBgMLQ+Gm8HjHirmibLp1k/LSGy6gDtvNtU8Ps9hiEAAVIyX65O4t74HhtOaDuJl6twi4Olro+8P56oyV6JTTQ2MtwKpJh92rIhClb3vg7pN2Zgug6IwEImwc800iQaxNMBZIMOVEy3u1+TP6HWGHE5wDtqSSZfS7rM/bl5lIhCaeOixvjfj5nOZ7/VousIHpANDR8xi3HZn8AYLI9jx8YGgyjqTucqC9s/6V5LsGLw4hwUR6F+4RqSO1taswzVZv6D9rGDZciMnavvdrECePEz5iR8LnZ3gBvBl3g7rtO832R2aSNlEZZJU9uhi4nAZUUNW5/gDcmLjCJzaBLamwg4UW3IssNlXigoOLNUAkfinZBYetHs8WCx3g0WIxVpxhpPxkR3H80lTP4EP2tMmBh3XfXIdvGrc0UG6oN05D/lTurq3Yvso1r/DBzVkH/JKHENvNvxnKZ6HhDBDjZygYVCcUAWdge5LVq7y+4HpJC9nMjLFQnx0IzfdTcF1j4BDxjyx3m1MgjMUHjT9CnzpSvtyQ+OfDuSWM2s9XWQcxhqP/uzvviXBk5PChLVAQ+CeLXz5LvgbJ3S/AqkZLYsVmQHR90fkp82oRnbTRv8z/VHjazfc8AVXXF06hFTQ3y5F3XSU7ZsgLtk6cZwdOPITg8HGLjRXzciTh3eW/tAp5LcvEAbb9Gbz3tZNHw2ZtDKFmmHH2GYpAgaq/ZoEDYBjySpGddAb/xxWE9YdlPLRYIswYQkyLzCnpNTeCtu3CxYis7gk2p2cL90vWbdEO+XKi55j7oKB1OX8ARKyi6aY5U2lFrE1h4JGUlbF3hI9sY1KZRjkn5uQkuBItbYofOzEu7u3KjGZWdi9ZRnoSYyVpM3zJEr8GWEz6SvtdQCeND0stj7LkGXgmwK8/LG4aVX7qqGjMxe0Tv5B6FXIm9dwjcLVdr+49Eo7NgWxd+4YICk+iclF57xOCtsNAJpAEpyjxnANvRDII0b014g6EJiOR4OlQsGpWod0m3VM8dkCxiQOscONPFzv+P8sIYtCxSjROaFGxYbH1cfLnx6vdOK91A2scDkvUqBFThZK1r9FB2umKKjD9uXYsVy1y/sktPvVHleF/iYRnx2GzT1ZLePC3P9DlPXarqHm+ei3YTDVVeQTkeNMkGjKqH932hdWlWwCmlJAaZKaXzeeFunDAMVzDNUMaE/5QMff6sZwajhz44HJWgLjsYleeNrqsOIKtF5FqNA0/8MXkrZLqmBrctmAaE3VtWFBrtBkhcy4bKv9Nf120+jRsE35T4yKptuF18x+etdzVsJmmo8cDF0YhxV5fgQf9Xixs880DBTp/hXDt2NhvFzA9jaWKJPRXV5DErOYyfZRg99v7qos/dGaNS9U8XWkjpynd7U6iA5sKy8aqLaUsE3cjKpb/cTpL4JY+f+QA/SWf6/oeA+nyUnipIG5UQE1DdY9I9LP4l+3dQSGkTEs3ZQVF778vmDld2X1w3FdeQpmRqjkPkmZw874Iwv7u3b+yhzaYN/6p2Z0W1RHmUTMiuCqgFDNLQgZfXFu7P8kNohkBL2LuVJJcQ2S0xgtQMn4xnc5lBRVLUsTL1RR2pMQJJrmNxPJDUfogofV8DzYthtHMNjvDeK41oD7pk5QsKvtjbN/PuQEpbMBUzUnnDAEQ7QtobOKO/p5dv5JnTDd3tnxqkOYvEYJ90Z58zO7RMQYmeyVfWL3o2hEKTa8rUc62/6FFBw3/sSQSRXCnLKfF/wswP1hS6MdLDHLl30H6I1+pZU+tvU9D/r8VftvTg3wy80dPy9IrRfyYRQkST5EQ3JVD1tCeYkQ8laZ1fEFdWFM1keB3jfWHlEwUSsyLHiDD6ps4IkOqWAlXeO7RnWO2qk4YmU5jrEEtXwmyWXiAPlK1JxwO8YIFWut43t4OVM5XBVCTE4U,iv:SXeiK4/QCqmQpdoOuFZR2cFjoox44YPvw+eKkL9wT+I=,tag:KkdOkpIojnGmTZ0uJEvwcw==,type:str]
-sops:
-    age:
-        - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dWpTdEpzMERtZS9xNklU
-            OC9UdkJQUXptc25jYURWeXQ5bzdNTlNVUHhBClpDRTNTY0JpMG95L2h2VzZva001
-            aTRlSVNDZFJDUVZaVGo5QlYrejRjZ2cKLS0tICtjYVNQRnh5VVZsNkxPT0hpaE1V
-            VmVwbXJ5Sm9Ld21iSy9xekVrMmFiS0kK7eEjMN2aAvYHw4bAEKjTEYVbvROAJ2Ln
-            oX0q27r7A9l3hfES9DXvXkuxpHOXqJ9JSAhjWdpi/CkkfVt/Wh7hvg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aDd4NTNoL0grSmIzV3pZ
-            RUw5cTdaSm8yeVhMa0kvTGxZditsQ0h3L2lBCmZsN3FnNnQvc0UzLzVNUkZwcWRO
-            RFljRHFnMmtkMkVQOVlDVTR5YUUvOGMKLS0tIHhYWVZkN2VZVXlOVmxjMCt6a1pk
-            SENxSmtOQUlWaFg4Tys2MU91UklURW8K8VUSmBV87SBHVtTfJJrEbX3KtxtPT+nd
-            a0lbIgNit5pZu5uQVwiuENuPA3K+/3Uo0AIVRxkHJC8ZVqrjXeHhvw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-28T08:47:14Z"
-    mac: ENC[AES256_GCM,data:jg19MkOkEoER9V4gCrvofJzOqYAiABrtZTFCOMoUqY8frxzFYvh3C/AFlBB3WCpB4u86Lo6ZQvt/jA51O56uQx9Y3H8HM2o5A+6OFW21z0K38bVlqk75DnExHXXmYq/GOmVIEGHvi8qceq3p/AbzBOUbncvwpfldrM7elc2hsOI=,iv:5f0eL4k++gD1AeN8b/7CYaoKx+g5JgkCy81j2N7h0aM=,tag:oLV8pojH0TvXAG2TqiBvhA==,type:str]
-    pgp:
-        - created_at: "2025-08-06T11:08:38Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4D5u6p5vhM0pQSAQdA/JmCGvWQVDtiM0EOau3YCOyCLrLoguefSla90DfbDGww
-            bXZ7xKfCJk3DGNbfjfSGApFDuv5GpkIrsOqYdvvLq4alCNmyH3e5wIe4aUOitRtI
-            0l4BpLXQ86H2vj0yvGLq2xHmqtAstOqPhhu8/jEoqY5jG4pMDuuIlYM05U9F46Aw
-            3w59GTZjh0tdB4miiX3ceMOt5XihzUQElITcIdbbTJQdDH3dOx3S5RBvziOL7T1C
-            =bAzt
-            -----END PGP MESSAGE-----
-          fp: E2D9FA1509BBC65A130929A9E6EEA9E6F84CD294
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2
secrets/hosts/default.nix
@@ -1,3 +0,0 @@
-{mylib, ...}: {
-  imports = mylib.scanModules ./.;
-}
secrets/hosts/README.md
@@ -1,7 +0,0 @@
-# Host secrets
-
-This folder contains host-specific settings, typically the IP address of a VPS.
-
-## IP Secret Management
-
-Define some common host configuration options in `/os-modules/base/hosts.nix` and declare them centrally in `/hosts/general.nix`. In `/os-modules/base/users.nix`, store IP-related secrets in files and import them into `knownHosts`; in `/os-modules/nixos/base/networking.nix`, store IP-related secrets in systemd's drop-in.
\ No newline at end of file
secrets/hosts/README.zh-CN.md
@@ -1,7 +0,0 @@
-# Host secrets
-
-此文件夹下存放主机特定的设置,一般而言是 VPS 的 IP 地址。
-
-## IP 机密管理
-
-通过 `/os-modules/base/hosts.nix` 定义主机的部分通用设置选项,并在 `/hosts/general.nix` 中集中声明。在 `/os-modules/base/users.nix` 中将 IP 相关机密存入文件并引入 `knownHosts` 中;在 `/os-modules/nixos/base/networking.nix` 中将 IP 相关机密存入 systemd 的 drop-in 中。
\ No newline at end of file
secrets/base.nix
@@ -1,31 +0,0 @@
-{
-  lib,
-  config,
-  myvars,
-  sops-nix,
-  ...
-}: {
-  imports =
-    [
-      sops-nix.nixosModules.sops
-      ./hosts
-    ]
-    ++ (
-      builtins.map (k: {
-        sops.secrets."rclone-${k}" =
-          lib.mkIf
-          (config.home-manager.users.${myvars.username}.programs.rclone.enable or true)
-          {
-            key = "rclone/${k}";
-            owner = myvars.username;
-          };
-      }) ["onedrive-token" "restic-backup-token"]
-    );
-
-  sops.age = {
-    sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-    generateKey = true;
-  };
-
-  sops.defaultSopsFile = ./secrets.yaml;
-}
secrets/nixos.nix
@@ -1,24 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: {
-  imports = [./base.nix];
-
-  config = lib.mkMerge [
-    {
-      sops.secrets = {
-        "aria2-rpc-secret" = {
-          restartUnits = ["aria2.service"];
-        };
-      };
-    }
-
-    (lib.mkIf config.services.mihomo.enable {
-      sops.secrets = lib.genAttrs [
-        "mihomo/providers/yi_yuan"
-        "mihomo/providers/mo_jie"
-      ] (name: {restartUnits = ["mihomo.service"];});
-    })
-  ];
-}
secrets/README.md
@@ -1,61 +0,0 @@
-# Secret Management
-
-> [!NOTE]
-> This folder is **not** a module for password management. I use self-hosted [VaultWarden][vaultwarden] for password management.
-
-All my secrets are managed using [sops][sops] and stored under this folder. Secrets can be decrypted using either my PGP key or the host's SSH key (i.e., `/etc/ssh/ssh_host_ed25519_key`) and are stored in the `/run/secrets` directory on the machine.
-
-## Adding a New Host
-
-Get the host's host key, here using the local machine's `/etc/ssh/ssh_host_ed25519_key.pub` as an example. Run `ssh-to-age` to obtain the age key.
-
-```sh
-nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
-```
-
-Add the generated age key under the top-level `keys` field in `.sops.yaml`, and reference it under the `key_groups` field in the required items under `creation_rules`. Then use `sops` to update all related secret files.
-
-## Creating Secrets
-
-Open the secret file in the terminal using sops:
-
-```sh
-sops secrets/secrets.yaml
-```
-
-Then edit and add new secret fields:
-
-```yaml
-this: "is a secret"
-and: { a: { nest: secret } }
-```
-
-Next, edit and add the field in `/secrets/base.nix`:
-
-```nix
-let
-  mapSecrets = keys:
-    builtins.listToAttrs (builtins.map (k: {
-        name = k;
-        value = {
-          format = "yaml";
-          sopsFile = ./secrets.yaml;
-        };
-      })
-      keys);
-in {
-  sops.secrets = mapSecrets [
-    "this"
-    "and/a/nest"
-  ];
-}
-```
-
-You can then access the secrets elsewhere using `config.sops.secrets.<name>` or `config.sops.placeholder.<name>`.
-
-## Creating a New Secret Type
-
-Add a new regex matching group in the `creation_rules` field of `.sops.yaml`.
-
-[sops]: https://github.com/getsops/sops
-[vaultwarden]: https://github.com/dani-garcia/vaultwarden
\ No newline at end of file
secrets/README.zh-CN.md
@@ -1,61 +0,0 @@
-# 机密管理
-
-> [!NOTE]
-> 此文件夹**不是**关于密码管理的模块,我使用自托管的 [VaultWarden][vaultwarden] 进行密码管理。
-
-我的所有机密都使用 [sops][sops] 进行管理,存储在这一文件夹下。机密可以通过我的 PGP 密钥或主机的 ssh 密钥(也就是 `/etc/ssh/ssh_host_ed25519_key`)进行解密,并存储在机器的 `/run/secrets` 目录下。
-
-## 添加新主机
-
-获取主机的 host key,此处以本机的 `/etc/ssh/ssh_host_ed25519_key.pub` 为例。运行 `ssh-to-age` 获得 age 密钥。
-
-```sh
-nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
-```
-
-在 `.sops.yaml` 的顶层 `keys` 字段下添加生成的 age 密钥,并在 `creation_rules` 下需要的项目中的 `key_groups` 字段下引用即可。随后需要使用 `sops` 更新所有相关机密文件。
-
-## 创建机密
-
-在终端中使用 sops 打开机密所在的文件:
-
-```sh
-sops secrets/secrets.yaml
-```
-
-并编辑添加新的机密字段:
-
-```yaml
-this: "is a secret"
-and: { a: { nest: secret } }
-```
-
-随后在 `/secrets/base.nix` 中编辑添加该字段
-
-```nix
-let
-  mapSecrets = keys:
-    builtins.listToAttrs (builtins.map (k: {
-        name = k;
-        value = {
-          format = "yaml";
-          sopsFile = ./secrets.yaml;
-        };
-      })
-      keys);
-in {
-  sops.secrets = mapSecrets [
-    "this"
-    "and/a/nest"
-  ];
-}
-```
-
-即可在其他地方通过 `config.sops.secrets.<name>` 或 `config.sops.placeholder.<name>` 来调用机密。
-
-## 创建新机密类型
-
-在 `.sops.yaml` 中的 `creation_rules` 字段添加一个新的正则匹配组即可。
-
-[sops]: https://github.com/getsops/sops
-[vaultwarden]: https://github.com/dani-garcia/vaultwarden
secrets/secrets.yaml
@@ -1,54 +0,0 @@
-github-access-token: ENC[AES256_GCM,data:Ca/NER89MA1sF+bGc6Tcz/OVr7vlu7fh6p0eZWEONQ9HvkNeXN1aB3duWLTCWUTv+qvTYXrNicOTVFpLdlpaq3oJhZno+l6jbDu00DIOFUFyg8VfOXXZYPxlCx/K,iv:e+nTOBn4GAARFDXdWOEGZYMvzgjFUwxfk2BmY/Xm/A4=,tag:UuvOUtZ5LbFyy3JAEux40Q==,type:str]
-mihomo:
-    providers:
-        yi_yuan: ENC[AES256_GCM,data:rMKpS+O0w8AbdAQQHmt1bB3vQZlmR5xktRkww6NfgIBGIU0d2E8gJJvgcwfRQ4OGeRXTqkfvLHOyoG5xrpguyIWJHkVMPGsLjdoXSU/ZQptt51CL0cD3MJttxiVo8as=,iv:UkBQ5hyF/DLbMeK7wRXArhutUtRV0hl3+bse5y0p6VM=,tag:SlWeeH81+NpkIP6CS3Z9vw==,type:str]
-        mo_jie: ENC[AES256_GCM,data:+rFloREiJa9gbnJYsTY2xFlI3b4RXaq+xARo3yq96r0eygIZix2l+NrVhCZnm7W97fLUYEahXdm47wnDKUx/mBhpXxO3io4dzHTBqwDmHcV5gA==,iv:UyC0ULdEUBAan9Fvas2+tj5Ad/QtjdW3wSVO7No1+yo=,tag:vqe5Vn3kkk9WCXcMkf7xKg==,type:str]
-aria2-rpc-secret: ENC[AES256_GCM,data:I6FYN/TRRP2ceQ==,iv:18dOBc/3WTden6Za2IaSoUOX5aY6M0jAwt94il0f5OI=,tag:WZf3xu7EC7cVlZU5urNWzQ==,type:str]
-rclone:
-    onedrive-token: ENC[AES256_GCM,data:0y0eThYoeJtJ7I5Y9ZE2N4N8TH01yU7xRXHUhYRcj8uHn185VxHvXIhlKMgmZJCfc6qPAYroWkZtxID64/kXxwbhdfd0kLUwiH0Gnv41tb3KA7cxS3r4yvIStLdaax7Ui7ntwYREgLABdL/UdIzeEO2XNs7PaLYI5mQi06A4pmNIZolHP8xgBXiMeSF4cKR/WXGu0m9Y2bv1ci67BJ/BfNjA+ah3HV8vbk93xW7oc+x+7Vh3tiySy+82iNuuDOPzD9/+ImgY9X3kKZeZCG78QYIlRMmwo44WSh+1Or1DyAw/4Y2rE+qNxi6zGWFjC4c80JLAJh8bOb6Yari9oSBZB9MHNxwY0Xrd4K3g2ipsts22N0iqfH+SOfAgMWuRpZkx7j6kPaLA+fDJJTXQ2GK/LKcHaxYin3RMfVq5RD8nTPLJ/tlMNQUxIS+fkE9HIa3uGerdpGRcdUWGX8q+FqbAw+Hg+b+TEwDBLAE0PLm1NjsMDs/0y7Oe3JduoeKWvsDjkdNvoRemXF/tPtBZp4CXZ5fnqRIxOcD3SXJ3MxXtWJ6o0G536jb/AxcpVxX71774vcAcP5uS6HIq80yZAGeD6MKkpZUAtgKWee5y2FnWoDks0NMLgb4TYbqbTHFBKEBAjXPADeKismt2tGF031E524EizfLF6IbfVYOAK6CMOVerjMsKEaTOmuq0VDOTxZ7udIfLQaKhW/xVAXnmi9m4JdrMLkajcfQNIRGoKOsZF1jALp2h6TznjgVWatJZPPzHfLnRckEhDQ+IxsXtrn1VPaADBvGxiWQdfV2994v0xcjwAbx/BO8B3vqbVscXOLqdAQk0hU+Tn7/28+2jfNn8+3U1qGVUxIJxTIyYvewT+Ef85N6aMcxrkfgY+czqg3BZmnZib4dELBwOT+OdCPxd98fDmTPd4bAeLLpt/9XOYpUQlaT2HH61XoI0OuThHL+5lfzsSEwtbOCegBiVLbuv68bLmV9L9F8GhYCZZCv+fCs72FXI7ZF6FyBbElDlrCnh3wCRbXE24eGROKLOlHuAPXi7oFkfKJQy5k9S0JqpNFBaMis6V0C0Xw2oA7lL4IswSj/dcePwWUkAr6fCF7XEEmVXhWRjucMsrDCT+L0wxbwq0cif7Eo3cMeoAk2/Jidj0BcZgoRChfOeeVU6E1MXqhqFxoqALUf1KEJZ8/puZMxjhIKMd+Pe7T18P+tUQtcrTC41R2U+uF2eUnhpTfY25rwXl67G/PLg/GxJ0h0FBIfWCofxqRWMvTm/g50hbw+ERNn6d/GhHJLc3D7QsGTKv6SwZ2FukpP2hxfDBH1hL+8GVrVmMYDjLh9dlmGAvsymUYsqRGUpTZ85/hBV+ZzedJKrkoOlZWrm5/e9QGSIgpTX4xWy8/vsAYrufIxhehrbU7DZoq2WMxEF0ozC1iJeEl8h7EYFcCNZPaRAhq+7JeNfAQKzLx77JqnoGpY6FlnqDbRUP5ZR+Zz09uH9pt+cwJ1BLj3pNwtrnwknlZtQyRy1XTVv5KIp2q4R10PpiEuIUlO5FswWTyCZot9diV1ff/e5WMxngExRxBUEBsTAbrD8q0BBLspixYuswjyn0BU2dwdxfHnbk9O9JSAAZFPwpRYOXv3kYlRHd8EIW6UC+m6i8UpHofVaAaifiIUSRajqQJT6/EZw3GgEw/azWUtz+8SFyFV1Gx5J2enxuCGJ3UV7+osbmSuHcfo4tSF2zna4OUQ6KEveCSzOdWqSx4gYf7WNnbIcgCEmDPnssCsJmPO1GcSdoGGVHBPFwewZjmen6zWUusNHPbtixVB6HtKL8A71IWTAo1BdBSjclOw0czj9DOPLHQOBjx+GrWNTPyxxflJ5Jbxnm83n4aZk5ldTccef9ayD1ud+kMVWhRRIXn7N9YUQkhv/YMUatqcgAcgwnUmIJ+TmIZq8/0FLH9z+ltDeB0zNMTilyeKPp2Yz6uOtjvVW51gU6lJiRVNYbok9dn7RxcPY0BxUOWPrO993h8D9YxPdiIsSnVlM1fgL2kE1Ir39PXjHuLyGTMWWbhojb9kbMF9xhtjpgRrNmM6InYBB7XJB6tSu4OCcBbrc/BEGWzy6hH1jH7iNTqG0r2Nx6AANhBOXN9KNC9qqs1O3MmxBswOF6dPu0g0nLpfT4TxUNyLpYz0+v/pbokjcBaBjFjVXIKTDRf6/DayUPhKtZn7V1wbOq9169253KnYZhzsfsYKEUCqt/oZkyFZZDAG76tFizieks4ZHx00NV9uOR5kkSem72WDap3p0uqQcZHe7hKs8ppuEs/SMShO3xpV06WQ2prP/Hu2xl20StRuiLqAxDmd5r22BSaHllr2rKCZjUb0V/3TqnEt5CqFF7idD5tpNXWfW3x0271NXokYTZ5ipgSHiueQzhE4XOFUttxCSfD+QZI+83n81i8uZfPSwzWw6LzVKoUZT+0O5wrT61tGtlamYhEKNCoNdbw4ksxLQNEqRVAbJwIe7e0L7sFThlbPaReYWgcBedIVjChM2pWSAxTp14ZxIjGO7lWJKibKo2ySAdSCUfTduULTMzQrVqyWFs6PzHNyiJao6gSpM2XCwegjILitP1CzYgco5B5OTOJLqvCrXyMdgdNb8CU0LZ+Jvz5TmH3g8BMKn0/SCkRNVkEC00xGsG63m,iv:oP3gNO0t97BgN30SQRVcVztW9m364ii7mVwFzcBYLg8=,tag:bN9X8GIy+3DfvxX2uDHqdw==,type:str]
-    restic-backup-token: ENC[AES256_GCM,data:PmrgiXfALlCfkq7VCF7MgX5s53s9RiS6ynVjH9fn+rsUpufXnBuf+7o+bV/IsWHFWMrASgPHQvvrqs949aQ0Y+4FCLQFJc0BOKZ7kudF52Xgc9r4ipqGitQp6Gxea9TIjsUdRTPvH77QFsOanDeIiNcc5zuv+HT5NSkuZAbJtMpkAugWqFkEK3Gr/C0cMX+Q8Nj7ZHwn39z50BaC9FWXWfz41G9MkeqQXwA0CZruCvr2FufN10p4/2gPrsUBGB1uXHozl2NKrBL2mmZwGbaQDLcDKM1AoA8CpP4P0qmS9OC2iZZN8Se62oMi/asFGScqHlTnMlvfwr+ig274B3jl8TXmn1pe/9SR+I2ze7/AV9nKHmVBOB0zqYsW7hW3zpuPcdh+f509BFxbmxi6enZPaffSJcjNn6XLXjSPyqYou+sClwQUImmcXSpDfrGhZxs25cltSzQibMubNUY5mVR7FrBA1mFE+w3yEcw33AyQUkqHnaipJllp0NHPFBEaqYiBrg7tULjAcvPim2fHxwj6XXmh+HkXFs+21jwjokMgGQ3mJwmHXQgM+zMkwipzrRBjtbaYTVrMJcCws3LM5gYgp5hyEcq+pxGOgQwh1RBb1UfOfI3hdqSyXrYiyg8RA6qaC1rIpMFWX3x/EAZv+5bsTSRXtDV8bUh1bEgsbLVZFNHk4b+9owgt1NxnUPRiOSBQtdONgPCPWI5qVNH5d30v/yus+EBI9t8Qnyd9pyM1rV9zMt9FOXkNb0O5m/AFdgcyz6lW+uJQdVgewF89Pr+azLb2x2rEbM+ny7oAafM1uK2/x+TlgiseZXAyAtIoDXvtVnTqNDbDLAvc6kqlpfPYKzZayPAaEJGlxNo2QskoO7juvkGswdXygfi01o6pbkpcZfA4yyMGv7slquKWd+0QpXHg318amyhbfzPCS50iosBXPd4qDNlKD4Nj4yljIj3H9qHw1PKPgUu5kM6/afM6p6jCeASD2h5R5dMXYtWyF+Wk+7Zrh3CXr5Js8HO5qmE2DVlULkDjt3vQQLBm6AT55pjL4ufpUhiF8PPuVIIxPLQXC2mppm65fS35XuF2ReWjAoB3Yk3EwFe/eSEmzCvUaPS313DzEUNpAFTMoTK3nk7uecCXXCju1jKwbttA7/ZBB66520UoAYxAy7I080p2CECNKKldu0aD2p1nUzNk5m7Q7e0aF4NQn+aqpPozy5kNtYvcse3JCpZoHSGQ3eHOyzzT6xaTKqHRYtvDuyb3Arwy9gPcLF2ZaMF0JA2ul6J+zZkNaUlsvSMQ2xn5BkWaSJfHigCRY5S1kAwYA7cU2hM6IWUYq5r5N7Ff5v+0+jeMyr75g9luVgkuIjqSGatIsywt2JASTaRrmsC+4FYT0BqFCN6/YAP17BHTrmQyBxyOeJTdLIInZOQ5mREWCEE9LrPuWGijRrIid+4/U9qa2q3e6dYZettg2WERendEE7Ci3eY3e3Rw3xsuTrXlPaqPj7jpO28y6lzCh6Y+K/rFd6h8FZYxXNaw1MDspaxq75QN8LqQvOvu0rm6013ZMzB1nLWsV3kvjJ8o7iSWCPavJ/kQrLrVEEAxNe5WA39SCT3dJZcRg+ONHVuG2ypr0DQz0w8S3LfIBzMoDd2hFw3KWv7Bt9D4nq5gSo3rnROs/zhRquNyz/4C844M+PHBZHPD06BJapLZnbIuAh3fmW4T0+hE2YT9yaLCId3q+XsUiGKuxqch1LBrxmjWjHAGZmky6c2Z2HrFkOTO8306hZ6KVbie0FqRdz6l3iBAvuPp43XWC/TgyXtJcKbuDxNz5swvB9TaWBChitd13xhhpEDYuHmU1YcOPfchcRlS7ezcqkaKpuSM6tIKMfyFr9z6SHmRECr+YGBiWS0/0MHPGL6vviZ2/oL74r8+Z6Q3Rwnku4/DaZFwKtPL2x68bXuYHJZYS09grIaSsQsFkJ+mISg2q3tObhppT5lNFBHIHsO5lZO8m0aw4M630bAqr94wRAcNNfQ9o3cmSCzbNiQHRDZvWxp4E9AGyEu9N1/+IzidPDkfc3CDNxX1wV9WXoS/kmmbXeoXxSDPIkGlz3SkmL/Nv1GrYDtVMT/8mjzqsYQhUDPQTY41LzZlfMaTgsiKVwJ+RFIgw2URabl8xejpAo6t9SJ5QXhFYPHbY6i9oV+hhmbfhtkF2Z5+ZQ9i7p+PO3XDhvJuA1y/b8oTt6IQ0l/xcVgBNlE9xyXoJ6u4bI/6c5bjIydLtY1VaHgWVdAIDTe0G+gk3BwgnJmpNsWatf+zpCn2KCN4obmaBlU5ypm73vPrJr/uArC1+MlU+SyzcABQv+1fk+gRc//DI4OcjYndqoBn5BKU2V74cZ08GgWwqdYRDLXAia2dx2Zxhl2yhLnpB9P6ttMZtZ0uib1jtjO+Vkm9nsjvMQeXVuqBG1FwRa8hhzc0+1xLuR4nZ3AdnvV2rYOya1UAXa+S19mbhzIc03b0zzd8oyA0SgPiJb7zoWxvBSBilvKwcZnO6B87He/8fpLdrxhzGlhQUeDj1TkfRnIPEeXtVvrrF473mqnMAUGs0UCAjObpN407lLp1zkpU3CFTwXPPFhv+FTq5WLackw==,iv:MTbA3m44lzQtRGq6gBDV1DlUzud370jTz2uiI0y5LSw=,tag:nlofOjYpJ1+HV+Dzy1+dsg==,type:str]
-sops:
-    age:
-        - recipient: age18778pjmwglmame3rjpq355chxue2vr97ysj70fdyygc24prwxqrsttf84g
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRDN2OTFFTXgyenZLYU5t
-            NExvdEFxLzg3MEtYNys3THNJd1lmbmNVVWlzCmQvaHAwVDBOdUdGNnl5V1NvNkw2
-            em1CRTVHTmdndzNtdE0rbUIyeS9xMWMKLS0tIDR0eU9HWDVFQ29hMnVHZGkyV09G
-            Nk8yQXQ0S3VmQjdRenBHVkwwUncvZDgK5Sc7RFpQUYDmCLInxbZ0OMbzczXVhdqb
-            u4gKAHvtbkbmN9CldeaSTDvSyl0J8p7o3TXG45Nams7/TWip0PPtaA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalNENjQxR3VPNlBwVjN5
-            eGVlU2wyT1hQRStPbVlRMUlJRjE1MVRCb0JrCnRPLzgwY0xxYk9tV0tEeDRkeXZZ
-            OUNRdTN3bFpsMFpJSElhNWZHNVovWVEKLS0tIE9tMzNMKzExRVN1R1RZY25KQU9x
-            cSszNHovc0RQekdFQmN2ZW5xNGNDTGMKKOugb9oY37a8qEHp+fWRxkXEkmWclDvf
-            AHZkqiZjutnbWHYN4StFiS+MQHcQ7Q4t13BhtzulhpciatfFC0zEKw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsS3AvZXJmZml3MWhuYVFh
-            NTBuVFhXUjFlQm10aTJjM2tzVTBTQytzZXgwClJUcHNoN0tONllaZXI3M0xlZVQ5
-            elp0L0tyOUdrVzZVanJweVRaWkFGUm8KLS0tIGFad2gvVVN3MkpjWWgvRzZoU0Js
-            QkhOcmpyejRoRWQybG51V2pORTAxVm8KRfPHwPOiMdTgFF37EMWOLukj3PB/PhKK
-            Sx3ytiR8kENbpyNDGyf+yrqlY6gVVbDQDwu0AGX8yCPLHi+YocOyzQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-31T14:21:09Z"
-    mac: ENC[AES256_GCM,data:xDMCEakkIANLKmhUKoshCzG5vaRMCXboF3FVCrDhhHdhO4jlGBjjW2yJv7WXMBQc8nFwNzpkWa9UnIhDqS08vbQUG+dDUVH5+bbkHpxUgml/yS1bDGzPtUBshBAwqfYUnL7AQfGl/LF0+ZrZoSuTIpQx1B/YlJ8EW1DTdNZjE4o=,iv:xb4dPoBltNEGAWz/ijq+cswKbrNLVqjGvFvnjmF/9Ec=,tag:z3BuH60oMFhSpTtPVR8y3Q==,type:str]
-    pgp:
-        - created_at: "2025-08-06T11:08:33Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4D5u6p5vhM0pQSAQdA8DtQ/L8251McKCX0MegXZs/H1vSfhiA97TghnKlUKzow
-            mjJ4uEOnoE5W1x5KLpI1Rz79JSD5mW16RFBHPwQdgQrydpnIO2uOVsPlO1Fu2D1e
-            0l4B3bpu5N8b30VF4cpUVayGZ+faJPD2yPZnY//f5JFNx88/LpgESQpXdxKSAAG5
-            LzYX5ai0hMOQgRHDpMtoiuuwQ0DEk063WKortUcwNH4zfJS+GjwRowNJDFNur9Kr
-            =wSqB
-            -----END PGP MESSAGE-----
-          fp: E2D9FA1509BBC65A130929A9E6EEA9E6F84CD294
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2
vars/default.nix
@@ -1,14 +0,0 @@
-{lib}: {
-  username = "hpcesia";
-  userfullname = "HPCesia";
-  useremail = "me@hpcesia.com";
-  defaultNameservers = [
-  ];
-  # generated by `mkpasswd -m scrypt`
-  initialHashedPassword = "$7$CU..../....xQnray7Ah6GYybfmtsxmF.$k0F/eaOC2.9gXwXp0jgMrFM.fnMtFqYi3GZFaaJGsl3";
-  # Public Keys that can be used to login to all my PC and servers.
-  sshAuthorizedKeys = [
-    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEHQxm2Gym1C94eof7jPj56XR9a+aqCWzwri59njPFbWAAAABHNzaDo= me@hpcesia.com with PicoKey"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyxd+nyK9cnULmzXIMhE1/rIB3VMsJ6SuWV4Ha8oE0F hpcesia@kevin"
-  ];
-}
.gitattributes
@@ -1,1 +0,0 @@
-/secrets/**/secrets.yaml diff=sopsdiffer
\ No newline at end of file
.sops.yaml
@@ -1,21 +0,0 @@
-keys:
-  - &admin_hpcesia E2D9FA1509BBC65A130929A9E6EEA9E6F84CD294
-  - &user_hpcesia age18778pjmwglmame3rjpq355chxue2vr97ysj70fdyygc24prwxqrsttf84g
-  - &chaser_kevin age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
-  - &chaser_pardofelis age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
-creation_rules:
-  - path_regex: ^secrets/secrets\.yaml$
-    key_groups:
-      - pgp:
-          - *admin_hpcesia
-        age:
-          - *user_hpcesia
-          - *chaser_kevin
-          - *chaser_pardofelis
-  - path_regex: ^secrets/hosts/pardofelis/secrets\.yaml$
-    key_groups:
-      - pgp:
-          - *admin_hpcesia
-        age:
-          - *chaser_kevin
-          - *chaser_pardofelis