cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:00a8ac69cf0ca6d9e09e9603202a051cd0e1deee
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:16788bc7b2228ea50e86f00df560edc3ed3f1e29
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

No commits in common. "00a8ac69cf0ca6d9e09e9603202a051cd0e1deee" and "16788bc7b2228ea50e86f00df560edc3ed3f1e29" have entirely different histories.
00a8ac69cf ... 16788bc7b2

14 changed files with 105 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -13,6 +13,7 @@ env:
extra-experimental-features = nix-command flakes extra-experimental-features = nix-command flakes
accept-flake-config = true accept-flake-config = true
TERM: ansi TERM: ansi
jobs: jobs:
build-machines: build-machines:
strategy: strategy:
@ -36,12 +37,15 @@ jobs:
remove-codeql: 'true' remove-codeql: 'true'
remove-docker-images: 'true' remove-docker-images: 'true'
build-mount-path: /nix build-mount-path: /nix
- name: Install Nix - name: Install Nix
uses: nixbuild/nix-quick-install-action@master uses: nixbuild/nix-quick-install-action@master
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: Restore and cache Nix store - name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0 uses: nix-community/cache-nix-action@v5.1.0
with: with:
@ -59,10 +63,12 @@ jobs:
purge-primary-key: never purge-primary-key: never
# always save the cache # always save the cache
save-always: true save-always: true
- name: setup attic - name: setup attic
run: | run: |
nix profile install github:zhaofengli/attic nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build and cache - name: build and cache
run: | run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
@ -70,6 +76,7 @@ jobs:
derivation="$(nix path-info --derivation "$package")" derivation="$(nix path-info --derivation "$package")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")" cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache" attic push main --stdin <<< "$cache"
build-homes: build-homes:
strategy: strategy:
matrix: matrix:
@ -92,11 +99,14 @@ jobs:
remove-codeql: 'true' remove-codeql: 'true'
remove-docker-images: 'true' remove-docker-images: 'true'
build-mount-path: /nix build-mount-path: /nix
- uses: nixbuild/nix-quick-install-action@master - uses: nixbuild/nix-quick-install-action@master
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: Restore and cache Nix store - name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0 uses: nix-community/cache-nix-action@v5.1.0
with: with:
@ -114,10 +124,12 @@ jobs:
purge-primary-key: never purge-primary-key: never
# always save the cache # always save the cache
save-always: true save-always: true
- name: setup attic - name: setup attic
run: | run: |
nix profile install github:zhaofengli/attic nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build and cache - name: build and cache
run: | run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage" package=".#homeConfigurations."${{ matrix.home }}".activationPackage"

8
.github/workflows/build-packages.yml vendored
View file

@ -16,6 +16,7 @@ env:
extra-experimental-features = nix-command flakes extra-experimental-features = nix-command flakes
accept-flake-config = true accept-flake-config = true
TERM: ansi TERM: ansi
jobs: jobs:
build-packages: build-packages:
strategy: strategy:
@ -28,26 +29,33 @@ jobs:
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-latest - macos-latest
- macos-13 - macos-13
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: setup attic - name: setup attic
run: | run: |
nix profile install github:zhaofengli/attic nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- run: nix build -L ${{ matrix.package }} - run: nix build -L ${{ matrix.package }}
- name: cache result - name: cache result
run: | run: |
derivation="$(nix path-info --derivation "${{ matrix.package }}")" derivation="$(nix path-info --derivation "${{ matrix.package }}")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")" cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache" attic push main --stdin <<< "$cache"
- name: prepare tarball to upload - name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
- name: upload result - name: upload result
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:

3
.sops.yaml
View file

@ -118,8 +118,9 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/services/searx.yaml - path_regex: secrets/services/searx.yaml
key_groups: key_groups:
- age: - age:
- *chunk - *chunk
- *cy - *cy

3
home/codium.nix
View file

@ -10,7 +10,8 @@
extensions = extensions =
# if unfree # if unfree
# with pkgs.vscode-marketplace; # with pkgs.vscode-marketplace;
with pkgs.open-vsx; [ with pkgs.open-vsx;
[
vscodevim.vim vscodevim.vim
jnoortheen.nix-ide jnoortheen.nix-ide
github.github-vscode-theme github.github-vscode-theme

12
hosts/chunk/garage.nix
View file

@ -10,13 +10,15 @@
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";
root_domain = "s3.cy7.sh"; root_domain = "s3.cy7.sh";
}; };
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.s3.cy7.sh";
index = "index.html";
};
admin.api_bind_addr = "[::]:3903"; admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
replication_factor = 1; replication_factor = 1;
db_engine = "lmdb"; db_engine = "lmdb";
disable_scrub = true;
block_size = "10M";
compression_level = 3;
}; };
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
}; };
@ -29,6 +31,10 @@
reverse_proxy localhost:3900 reverse_proxy localhost:3900
''; '';
}; };
"*.web.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3902
'';
"admin.s3.cy7.sh".extraConfig = '' "admin.s3.cy7.sh".extraConfig = ''
import common import common
reverse_proxy localhost:3903 reverse_proxy localhost:3903

8
hosts/chunk/grafana.nix
View file

@ -29,14 +29,6 @@
} }
]; ];
} }
{
job_name = "garage";
static_configs = [
{
targets = [ "127.0.0.1:3903" ];
}
];
}
]; ];
}; };

14
hosts/chunk/rclone.nix
View file

@ -32,17 +32,9 @@
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
ExecStart = '' ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
${lib.getExe pkgs.rclone} mount \ config.sops.secrets."rclone/config".path
--config ${config.sops.secrets."rclone/config".path} \ } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
--allow-other \
--cache-dir /var/cache/rclone \
--transfers=32 --checkers=32 \
--vfs-cache-mode writes \
--vfs-cache-max-size 5G \
--dir-cache-time 30d \
rsyncnet:garage /mnt/garage
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
}; };
}; };

32
hosts/ytnix/containers.nix
View file

@ -1,4 +1,4 @@
{ {
config, config,
pkgs, pkgs,
lib, lib,
@ -6,22 +6,20 @@
}: }:
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
immich-ml = immich-ml = let
let modelCache = "/opt/immich-ml";
modelCache = "/opt/immich-ml"; in {
in image = "ghcr.io/immich-app/immich-machine-learning:release";
{ autoStart = true;
image = "ghcr.io/immich-app/immich-machine-learning:release"; pull = "newer";
autoStart = true; ports = [ "3003:3003" ];
pull = "newer"; environment = {
ports = [ "3003:3003" ]; REDIS_HOSTNAME = "immich-redis";
environment = { DB_HOSTNAME = "immich-db";
REDIS_HOSTNAME = "immich-redis";
DB_HOSTNAME = "immich-db";
};
volumes = [ "${modelCache}:/cache" ];
networks = [ "immich-net" ];
}; };
volumes = [ "${modelCache}:/cache" ];
networks = [ "immich-net" ];
};
}; };
systemd.services.create-immich-net = rec { systemd.services.create-immich-net = rec {
@ -35,4 +33,4 @@
${lib.getExe pkgs.podman} network create immich-net ${lib.getExe pkgs.podman} network create immich-net
''; '';
}; };
} }

84
hosts/ytnix/default.nix
View file

@ -147,49 +147,47 @@
"podman" "podman"
]; ];
environment.systemPackages = environment.systemPackages = with pkgs; lib.flatten [
with pkgs; tmux
lib.flatten [ vim
tmux wget
vim tree
wget kitty
tree borgbackup
kitty htop
borgbackup file
htop dnsutils
file q
dnsutils age
q compsize
age wireguard-tools
compsize traceroute
wireguard-tools sops
traceroute sbctl # secure boot
sops lm_sensors
sbctl # secure boot sshfs
lm_sensors openssl
sshfs just
openssl killall
just lshw
killall bubblewrap
lshw fuse-overlayfs
bubblewrap dwarfs
fuse-overlayfs wineWowPackages.stagingFull
dwarfs (with gst_all_1; [
wineWowPackages.stagingFull gst-plugins-good
(with gst_all_1; [ gst-plugins-bad
gst-plugins-good gst-plugins-ugly
gst-plugins-bad gst-plugins-base
gst-plugins-ugly ])
gst-plugins-base vulkan-loader
]) (heroic.override {
vulkan-loader extraPkgs = pkgs: [
(heroic.override { pkgs.gamescope
extraPkgs = pkgs: [ pkgs.gamemode
pkgs.gamescope ];
pkgs.gamemode })
]; ];
})
];
environment.sessionVariables = { environment.sessionVariables = {
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";

2
modules/attic.nix
View file

@ -44,4 +44,4 @@ in
reverse_proxy localhost:8091 reverse_proxy localhost:8091
''; '';
}; };
} }

2
modules/searx.nix
View file

@ -44,4 +44,4 @@ in
reverse_proxy 127.0.0.1:8090 reverse_proxy 127.0.0.1:8090
''; '';
}; };
} }

2
modules/vaultwarden.nix
View file

@ -29,4 +29,4 @@ in
}; };
}; };
}; };
} }

14
overlay/bitwarden/default.nix
View file

@ -1,9 +1,7 @@
final: prev: { final: prev: {
bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (finalAttrs: prevAttrs: {
finalAttrs: prevAttrs: { patches = prevAttrs.patches ++ [
patches = prevAttrs.patches ++ [ ./ssh-agent-no-confirm.patch
./ssh-agent-no-confirm.patch ];
]; });
} }
);
}

9
overlay/default.nix
View file

@ -14,15 +14,14 @@ in
pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg};
in in
{ {
conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; conduwuit =
pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised";
pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher";
attic-server = pkgFrom inputs.attic "attic-server"; attic-server = pkgFrom inputs.attic "attic-server";
attic = pkgFrom inputs.attic "attic"; attic = pkgFrom inputs.attic "attic";
garage = ( garage = ((pkgFrom inputs.garage "default").overrideAttrs {
(pkgFrom inputs.garage "default").overrideAttrs {
meta.mainProgram = "garage"; meta.mainProgram = "garage";
} });
);
} }
) )
] ]