From 904cecde7667c6d924101a525904432dc81047cd Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 14 Apr 2025 10:32:02 -0400 Subject: [PATCH 01/58] codium: format on save --- home/codium.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/codium.nix b/home/codium.nix index 1eb02a4..ba4e324 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -73,6 +73,7 @@ "telemetry.enableTelemetry" = false; "telemetry.telemetryLevel" = "off"; "window.titleBarStyle" = "custom"; + "editor.formatOnSave" = true; # terminal stuff "terminal.integrated.cursorBlinking" = true; From 68d6fcc45e6da99c691607e825df04b0d0880aac Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 14 Apr 2025 10:54:24 -0400 Subject: [PATCH 02/58] just don't use matrix anymore --- flake.lock | 696 ++------------------------------------ flake.nix | 2 - hosts/chunk/conduwuit.nix | 33 -- hosts/chunk/default.nix | 1 - overlay/default.nix | 3 - 5 files changed, 25 insertions(+), 710 deletions(-) delete mode 100644 hosts/chunk/conduwuit.nix diff --git a/flake.lock b/flake.lock index ba20fb3..435ec8d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,171 +1,6 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1738524606, - "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "main", - "repo": "attic", - "type": "github" - } - }, - "cachix": { - "inputs": { - "devenv": "devenv", - "flake-compat": "flake-compat_2", - "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1737621947, - "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", - "owner": "cachix", - "repo": "cachix", - "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "cachix", - "type": "github" - } - }, - "cachix_2": { - "inputs": { - "devenv": [ - "conduwuit", - "cachix", - "devenv" - ], - "flake-compat": [ - "conduwuit", - "cachix", - "devenv" - ], - "git-hooks": [ - "conduwuit", - "cachix", - "devenv" - ], - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1728672398, - "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", - "owner": "cachix", - "repo": "cachix", - "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "latest", - "repo": "cachix", - "type": "github" - } - }, - "complement": { - "flake": false, - "locked": { - "lastModified": 1741891349, - "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", - "owner": "girlbossceo", - "repo": "complement", - "rev": "e587b3df569cba411aeac7c20b6366d03c143745", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "main", - "repo": "complement", - "type": "github" - } - }, - "conduwuit": { - "inputs": { - "attic": "attic", - "cachix": "cachix", - "complement": "complement", - "crane": "crane_2", - "fenix": "fenix", - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils", - "liburing": "liburing", - "nix-filter": "nix-filter", - "nixpkgs": [ - "nixpkgs" - ], - "rocksdb": "rocksdb" - }, - "locked": { - "lastModified": 1743780871, - "narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=", - "owner": "girlbossceo", - "repo": "conduwuit", - "rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "repo": "conduwuit", - "type": "github" - } - }, "crane": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "ref": "master", - "repo": "crane", - "type": "github" - } - }, - "crane_3": { "locked": { "lastModified": 1737689766, "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", @@ -180,7 +15,7 @@ "type": "github" } }, - "crane_4": { + "crane_2": { "locked": { "lastModified": 1741148495, "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", @@ -195,75 +30,17 @@ "type": "github" } }, - "devenv": { - "inputs": { - "cachix": "cachix_2", - "flake-compat": [ - "conduwuit", - "cachix", - "flake-compat" - ], - "git-hooks": [ - "conduwuit", - "cachix", - "git-hooks" - ], - "nix": "nix", - "nixpkgs": [ - "conduwuit", - "cachix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733323168, - "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", - "owner": "cachix", - "repo": "devenv", - "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "fenix": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1740724364, - "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", - "owner": "nix-community", - "repo": "fenix", - "rev": "edf7d9e431cda8782e729253835f178a356d3aab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "main", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { - "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "nix-community", "repo": "flake-compat", "type": "github" } @@ -284,101 +61,7 @@ "type": "github" } }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "ref": "master", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { - "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "cachix", - "devenv", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -413,7 +96,6 @@ }, "original": { "owner": "numtide", - "ref": "main", "repo": "flake-utils", "type": "github" } @@ -472,24 +154,6 @@ "type": "github" } }, - "flake-utils_5": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -507,9 +171,9 @@ }, "garage": { "inputs": { - "crane": "crane_3", - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_2", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], @@ -529,59 +193,7 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "conduwuit", - "cachix", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "conduwuit", - "cachix", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "cachix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -625,9 +237,9 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_4", - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_3", + "crane": "crane_2", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ], @@ -649,39 +261,6 @@ "type": "github" } }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" - } - }, - "liburing": { - "flake": false, - "locked": { - "lastModified": 1740613216, - "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", - "owner": "axboe", - "repo": "liburing", - "rev": "e1003e496e66f9b0ae06674869795edf772d5500", - "type": "github" - }, - "original": { - "owner": "axboe", - "ref": "master", - "repo": "liburing", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -698,10 +277,10 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1742943028, @@ -720,7 +299,7 @@ }, "nil": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], @@ -740,85 +319,6 @@ "type": "github" } }, - "nix": { - "inputs": { - "flake-compat": [ - "conduwuit", - "cachix", - "devenv" - ], - "flake-parts": "flake-parts_2", - "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", - "nixpkgs-23-11": [ - "conduwuit", - "cachix", - "devenv" - ], - "nixpkgs-regression": [ - "conduwuit", - "cachix", - "devenv" - ], - "pre-commit-hooks": [ - "conduwuit", - "cachix", - "devenv" - ] - }, - "locked": { - "lastModified": 1727438425, - "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", - "owner": "domenkozar", - "repo": "nix", - "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "devenv-2.24", - "repo": "nix", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1731533336, - "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", - "type": "github" - }, - "original": { - "owner": "numtide", - "ref": "main", - "repo": "nix-filter", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -861,53 +361,21 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", - "owner": "NixOS", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { "locked": { "lastModified": 1743813633, "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", @@ -924,70 +392,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1717432640, - "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1743862455, "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", @@ -1009,7 +413,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -1029,26 +433,8 @@ "type": "github" } }, - "rocksdb": { - "flake": false, - "locked": { - "lastModified": 1741308171, - "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", - "owner": "girlbossceo", - "repo": "rocksdb", - "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "v9.11.1", - "repo": "rocksdb", - "type": "github" - } - }, "root": { "inputs": { - "conduwuit": "conduwuit", "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -1056,30 +442,13 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1740691488, - "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -1244,24 +613,9 @@ "type": "github" } }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 37215e0..92d6363 100644 --- a/flake.nix +++ b/flake.nix @@ -12,8 +12,6 @@ lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - conduwuit.url = "github:girlbossceo/conduwuit"; - conduwuit.inputs.nixpkgs.follows = "nixpkgs"; lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix deleted file mode 100644 index 3a6638f..0000000 --- a/hosts/chunk/conduwuit.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: -{ - services.conduwuit = { - enable = true; - settings.global = { - port = [ 8448 ]; - server_name = "cything.io"; - allow_check_for_updates = true; - }; - }; - - services.caddy.virtualHosts."chat.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8448 - ''; - - services.caddy.virtualHosts."cything.io" = { - serverAliases = [ "www.cything.io" ]; - extraConfig = '' - import common - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD - header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - route { - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} - redir https://cy7.sh/posts{uri} permanent - } - ''; - }; -} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 0509b8d..5dcbf56 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -16,7 +16,6 @@ ./redlib.nix ./vaultwarden.nix ./grafana.nix - ./conduwuit.nix ./immich.nix ./forgejo.nix ./garage.nix diff --git a/overlay/default.nix b/overlay/default.nix index 9e6336c..3599338 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -7,9 +7,6 @@ pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "default"; - attic-server = pkgFrom inputs.attic "attic-server"; - attic = pkgFrom inputs.attic "attic"; garage = ( (pkgFrom inputs.garage "default").overrideAttrs { meta.mainProgram = "garage"; From 40d0a1512d5153b5afac5cb3c8bbbebff43f6103 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 14 Apr 2025 16:26:26 -0400 Subject: [PATCH 03/58] disable karakeep --- hosts/chunk/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 5dcbf56..2e4c960 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -184,7 +184,7 @@ my.containerization.enable = true; my.authelia.enable = true; my.karakeep = { - enable = true; + enable = false; dataDir = "/opt/karakeep"; }; } From 21399aaf47a14b57ce6f5b41789bdc22fd524ffc Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 18:22:18 -0400 Subject: [PATCH 04/58] update readme --- README | 1 + README.md | 40 ---------------------------------------- 2 files changed, 1 insertion(+), 40 deletions(-) create mode 100644 README delete mode 100644 README.md diff --git a/README b/README new file mode 100644 index 0000000..1a59725 --- /dev/null +++ b/README @@ -0,0 +1 @@ +this is only open source for free ci diff --git a/README.md b/README.md deleted file mode 100644 index eb52498..0000000 --- a/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# infra -## ./home -- [home-manager](https://github.com/nix-community/home-manager) configuration files -- foot, tmux, and zsh are configured in Nix -- nvim, rofi, sway, waybar are configured in their own literature and symlinked to $XDG_CONFIG_HOME with home-manager - -## ./hosts -- [`hosts/common.nix`](hosts/common.nix): configuration that makes sense on all computers -- [`hosts/zsh.nix`](hosts/zsh.nix): for computers that have the power to run zsh -### ./hosts/ytnix -- personal laptop -- a single [`default.nix`](hosts/ytnix/default.nix) that could be modularized but works for now - -### ./hosts/chunk -- the overworked server with 5% SLA -- very short and concise [`default.nix`](hosts/chunk/default.nix) -- services organized in their modules -- some services run through `virtualisation.oci-containers`: - - [immich](hosts/chunk/immich.nix) - - [conduwuit](hosts/chunk/conduwuit.nix) - -### ./hosts/titan -- got this cause chunk would go down way too often :( -- hosted on azure for "reliability" -- runs: - - [ghost](hosts/titan/ghost.nix) (through `virtualisation.oci-containers`) - - [uptime-kuma](hosts/titan/uptime-kuma.nix) - - [ntfy-sh](hosts/titan/ntfy.nix) - -## ./secrets -- secrets -- see [`.sops.yaml`](.sops.yaml) for who privy to what - -## backups -- hourly borgbackup to [rsync.net](https://rsync.net) -- see [modules/backup](modules/backup.nix) - -## monitoring -- [status.cything.io](https://status.cything.io/): uptime kuma (reliable) -- [grafana.cything.io](https://grafana.cything.io/): some real-time metrics here; unlike the status page this will go kaput often From c806ffb3bb83be59b24b7efc10ee4896c1cf025a Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 18:23:23 -0400 Subject: [PATCH 05/58] rm garnix.yaml --- garnix.yaml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 garnix.yaml diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index c189664..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,6 +0,0 @@ -builds: - include: - - 'nixosConfigurations.*' - - 'homeConfigurations.*' - - '*.aarch64-linux.*' - - '*.x86_64-linux.*' From e2df47ab99d06e1d062902a219fc5de8814ce7f5 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 19:25:57 -0400 Subject: [PATCH 06/58] 2025 04 14 (#45) * use lix from nixpkgs * install nil * just don't use matrix anymore * try not using lix * use nixpkgs unstable * dogfood nixcp * workflow: use runner.temp variable * workflow: try hex encoded secret * workflow: use envars for s3 region and endpoint * rm matrix * workflow: trace nixcp * workflow: no lix and no checkout in build packages * Revert "workflow: trace nixcp" This reverts commit 16d0827bcb90bff73a072920eb83f97aa84394ce. --- .../workflows/build-machines-and-homes.yml | 46 +++--- .github/workflows/build-packages.yml | 33 ++--- flake.lock | 131 +----------------- flake.nix | 6 +- home/yt/ytnix.nix | 1 + hosts/common.nix | 2 +- overlay/default.nix | 1 + 7 files changed, 41 insertions(+), 179 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 290761f..ba6ec24 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -8,6 +8,8 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-machines: @@ -35,7 +37,7 @@ jobs: build-mount-path: /nix - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -46,16 +48,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 @@ -73,10 +68,11 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ $package build-homes: @@ -105,7 +101,7 @@ jobs: build-mount-path: /nix - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -116,16 +112,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 @@ -142,8 +131,9 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4f76a1d..2688fb3 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -11,6 +11,8 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-packages: @@ -22,13 +24,13 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - # - macos-latest - # - macos-13 + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -39,21 +41,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - run: nix build -L ${{ matrix.package }} @@ -61,10 +51,11 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" - name: prepare tarball to upload diff --git a/flake.lock b/flake.lock index 435ec8d..9feaf1e 100644 --- a/flake.lock +++ b/flake.lock @@ -136,39 +136,6 @@ "type": "github" } }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "garage": { "inputs": { "crane": "crane", @@ -261,45 +228,9 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1742943028, - "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", - "ref": "release-2.92", - "rev": "3fae818597ca2f1474de62022f850c23be50528d", - "revCount": 134, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "release-2.92", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nil": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -361,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -375,38 +306,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1743862455, - "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "06f3516b0397bd241bde2daefc8538fc886c5467", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -438,12 +337,10 @@ "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" @@ -598,24 +495,10 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", + "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 92d6363..0aea8eb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,7 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; @@ -12,7 +11,6 @@ lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nil.url = "github:oxalica/nil"; @@ -69,7 +67,6 @@ ./modules inputs.sops-nix.nixosModules.sops inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default inputs.nix-ld.nixosModules.nix-ld ]; }; @@ -82,7 +79,6 @@ ./hosts/chunk ./modules inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default ]; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 686a8a3..3ed40e6 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -103,6 +103,7 @@ gopls rust-analyzer minio-client + nil ]; home.sessionVariables = { diff --git a/hosts/common.nix b/hosts/common.nix index 77e0edb..b5a71a0 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ inputs, config, ... }: +{ inputs, config, pkgs, ... }: { nix = { settings = { diff --git a/overlay/default.nix b/overlay/default.nix index 3599338..67d855e 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -12,6 +12,7 @@ meta.mainProgram = "garage"; } ); + nil = pkgFrom inputs.nil "default"; } ) ] From 71657e0ccb7b6ef81939b4b044ef1d3c02c72fec Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 20:19:08 -0400 Subject: [PATCH 07/58] use nixcp main --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index ba6ec24..6a14b19 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -68,7 +68,7 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run github:cything/nixcp/2025-04-12 -- \ + nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ @@ -131,7 +131,7 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run github:cything/nixcp/2025-04-12 -- \ + nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 2688fb3..423c88a 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -51,7 +51,7 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run github:cything/nixcp/2025-04-12 -- \ + nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ From 61a4f97684f05ea23003f1ba84b887c4a1448283 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 16 Apr 2025 21:37:51 -0400 Subject: [PATCH 08/58] use lix from nixpkgs --- hosts/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/common.nix b/hosts/common.nix index b5a71a0..b1989b1 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,6 +1,7 @@ { inputs, config, pkgs, ... }: { nix = { + package = pkgs.lix; settings = { experimental-features = "nix-command flakes"; auto-optimise-store = true; From b3f1d10575ab32fd94e7f2adffef6126c3f5e632 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 16 Apr 2025 21:37:57 -0400 Subject: [PATCH 09/58] install keepassxc --- home/yt/ytnix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 3ed40e6..4ba3f66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -104,6 +104,7 @@ rust-analyzer minio-client nil + keepassxc ]; home.sessionVariables = { From f5af830c30c16d065674b36051a72292292f4dd3 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 16 Apr 2025 21:38:04 -0400 Subject: [PATCH 10/58] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7' (2025-04-06) → 'github:nix-community/home-manager/c6b75d69b6994ba68ec281bd36faebcc56097800' (2025-04-16) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/a36f6a7148aec2c77d78e4466215cceb2f5f4bfb' (2025-04-06) → 'github:nix-community/nix-index-database/4fc9ea78c962904f4ea11046f3db37c62e8a02fd' (2025-04-13) • Updated input 'nix-ld': 'github:nix-community/nix-ld/140451db1cadeef1e7e9e054332b67b7be808916' (2025-03-31) → 'github:nix-community/nix-ld/9a3812797e25def1d4aed62b517606b7b93989dc' (2025-04-14) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/9d00c6b69408dd40d067603012938d9fbe95cfcd' (2025-04-06) → 'github:oxalica/rust-overlay/c564fb830c7d5b3e4fde5ea829a62f0e41e43a20' (2025-04-16) • Updated input 'sops-nix': 'github:Mic92/sops-nix/523f58a4faff6c67f5f685bed33a7721e984c304' (2025-04-06) → 'github:Mic92/sops-nix/61154300d945f0b147b30d24ddcafa159148026a' (2025-04-14) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/da51d4cab526bef885e8c95ab2b9455bfe0940d4' (2025-04-06) → 'github:nix-community/nix-vscode-extensions/47bd3dc652c4a02dc565a9360fe828af38bea287' (2025-04-16) --- flake.lock | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 9feaf1e..d4de20c 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1743948087, - "narHash": "sha256-B6cIi2ScgVSROPPlTti6len+TdR0K25B9R3oKvbw3M8=", + "lastModified": 1744833442, + "narHash": "sha256-BBMWW2m64Grcc5FlXz74+vdkUyCJOfUGnl+VcS/4x44=", "owner": "nix-community", "repo": "home-manager", - "rev": "ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7", + "rev": "c6b75d69b6994ba68ec281bd36faebcc56097800", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1743911143, - "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=", + "lastModified": 1744518957, + "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb", + "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1743410259, - "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=", + "lastModified": 1744621833, + "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", "owner": "nix-community", "repo": "nix-ld", - "rev": "140451db1cadeef1e7e9e054332b67b7be808916", + "rev": "9a3812797e25def1d4aed62b517606b7b93989dc", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1743906877, - "narHash": "sha256-Thah1oU8Vy0gs9bh5QhNcQh1iuQiowMnZPbrkURonZA=", + "lastModified": 1744803954, + "narHash": "sha256-f+gE6JtLhPzyDWOCEHbN/S30GEGHMtXEt41+Va7wzEU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "9d00c6b69408dd40d067603012938d9fbe95cfcd", + "rev": "c564fb830c7d5b3e4fde5ea829a62f0e41e43a20", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1743910657, - "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "523f58a4faff6c67f5f685bed33a7721e984c304", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { @@ -498,17 +498,16 @@ "vscode-extensions": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1743904774, - "narHash": "sha256-dHnwYLz1b6ohGP2DjWKpDFEZ9WOm4vYuPXKUna08awU=", + "lastModified": 1744768710, + "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "da51d4cab526bef885e8c95ab2b9455bfe0940d4", + "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", "type": "github" }, "original": { From 44a98fd703c59e659d3139af0d0113b1e4853c6b Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 17 Apr 2025 15:19:29 -0400 Subject: [PATCH 11/58] ytnix: enable firefox --- home/yt/ytnix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 4ba3f66..f22d425 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -162,4 +162,6 @@ enable = true; addKeysToAgent = "yes"; }; + + programs.firefox.enable = true; } From 140f0f5dcf033c7e03b4e65c8248fec2f6f6a06a Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:18:41 -0400 Subject: [PATCH 12/58] kitty: use default theme --- home/kitty.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/kitty.nix b/home/kitty.nix index a77a432..a6ddf37 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -7,7 +7,6 @@ package = pkgs.ibm-plex; size = 12; }; - themeFile = "GitHub_Dark"; settings = { enable_audio_bell = true; # how many windows should be open before kitty asks From c193ba21081c5387f74d41ae51c6fe431a964b8e Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:27:05 -0400 Subject: [PATCH 13/58] workflow: test post-build hook --- .github/workflows/build-machines-and-homes.yml | 17 ++++++++++++----- ci/upload-to-cache.sh | 8 ++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) create mode 100755 ci/upload-to-cache.sh diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6a14b19..1d86c47 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -39,6 +39,17 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -51,11 +62,7 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + post-build-hook = /etc/nix/upload-to-cache.sh - name: build run: | diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh new file mode 100755 index 0000000..a8f9e0f --- /dev/null +++ b/ci/upload-to-cache.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# https://nix.dev/guides/recipes/post-build-hook.html#implementing-the-build-hook +set -eu +set -f # disable globbing +export IFS=' ' +echo "Uploading paths" $OUT_PATHS +exec nix copy --to "s3://nixcache" $OUT_PATHS From 2591401aa3491151325bad378022861eae74505a Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:33:55 -0400 Subject: [PATCH 14/58] workflow: debug --- .github/workflows/build-machines-and-homes.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1d86c47..a70ff0d 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -63,6 +63,9 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh + + - name: debug + run: echo "$(which nix)" - name: build run: | From eb054c444ac71f2f1703012504c826b0ec889545 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:35:16 -0400 Subject: [PATCH 15/58] temp disable maximize disk space --- .../workflows/build-machines-and-homes.yml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index a70ff0d..17a8c17 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -24,17 +24,17 @@ jobs: runs-on: ${{ matrix.os }} steps: - - name: Maximize build disk space - uses: easimon/maximize-build-space@v10 - with: - overprovision-lvm: true - swap-size-mb: 1024 - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'true' - remove-docker-images: 'true' - build-mount-path: /nix + # - name: Maximize build disk space + # uses: easimon/maximize-build-space@v10 + # with: + # overprovision-lvm: true + # swap-size-mb: 1024 + # remove-dotnet: 'true' + # remove-android: 'true' + # remove-haskell: 'true' + # remove-codeql: 'true' + # remove-docker-images: 'true' + # build-mount-path: /nix - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem From 5a053b2379fd556f30a7a1a314e1b7491ad9ae30 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:36:23 -0400 Subject: [PATCH 16/58] fix nix path --- ci/upload-to-cache.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index a8f9e0f..c72c0a2 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,4 +5,5 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -exec nix copy --to "s3://nixcache" $OUT_PATHS +# this is where the cachix installer installs nix +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache" $OUT_PATHS From e38ed0e6f1d9e692a49451d45e9fc541e837f515 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:39:56 -0400 Subject: [PATCH 17/58] fix nix copy dest --- ci/upload-to-cache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index c72c0a2..6e348a7 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -6,4 +6,4 @@ set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS # this is where the cachix installer installs nix -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh" $OUT_PATHS From 4f1bd260644c52469c42827e3db5e91be95aefba Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:59:00 -0400 Subject: [PATCH 18/58] setup aws profile for s3 auth --- .../workflows/build-machines-and-homes.yml | 84 +++++++++---------- ci/upload-to-cache.sh | 1 - 2 files changed, 39 insertions(+), 46 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 17a8c17..f1e07bc 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -24,17 +24,17 @@ jobs: runs-on: ${{ matrix.os }} steps: - # - name: Maximize build disk space - # uses: easimon/maximize-build-space@v10 - # with: - # overprovision-lvm: true - # swap-size-mb: 1024 - # remove-dotnet: 'true' - # remove-android: 'true' - # remove-haskell: 'true' - # remove-codeql: 'true' - # remove-docker-images: 'true' - # build-mount-path: /nix + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + overprovision-lvm: true + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' + build-mount-path: /nix - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem @@ -50,6 +50,14 @@ jobs: sudo cp ci/upload-to-cache.sh /etc/nix/ sudo chmod +x /etc/nix/upload-to-cache.sh + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -63,28 +71,11 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh - - - name: debug - run: echo "$(which nix)" - name: build run: | - # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - # nix build -L "$package" nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - - name: cache - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - $package - build-homes: strategy: fail-fast: false @@ -113,6 +104,25 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -125,25 +135,9 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + post-build-hook = /etc/nix/upload-to-cache.sh - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - - - name: cache - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - $package diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index 6e348a7..6ea65f5 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,5 +5,4 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -# this is where the cachix installer installs nix exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh" $OUT_PATHS From f3f15724d2dca0347b065ad9cf44176b88f720d6 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:23:19 -0400 Subject: [PATCH 19/58] ci use zstd to compress cache --- ci/upload-to-cache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index 6ea65f5..98b72b5 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,4 +5,4 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd" $OUT_PATHS From 1cf31a7ae03f089ac038a998106e8e36b7f0d69c Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:26:56 -0400 Subject: [PATCH 20/58] ci use parallel compression --- ci/upload-to-cache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index 98b72b5..559d062 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,4 +5,4 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd¶llel-compression=true" $OUT_PATHS From 1b298adbf69446e4603cca5e1037a5c60c9bc30c Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:28:52 -0400 Subject: [PATCH 21/58] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'garage': 'github:deuxfleurs-org/garage/14d2f2b18da015508d4a1e31b2f014da5188d516' (2025-03-21) → 'github:deuxfleurs-org/garage/4ef954d17604eba8aafa52902cd3c573978c7195' (2025-04-19) • Updated input 'home-manager': 'github:nix-community/home-manager/c6b75d69b6994ba68ec281bd36faebcc56097800' (2025-04-16) → 'github:nix-community/home-manager/f98314bb064cf8f8446c44afbadaaad2505875a7' (2025-04-20) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/4fc9ea78c962904f4ea11046f3db37c62e8a02fd' (2025-04-13) → 'github:nix-community/nix-index-database/69716041f881a2af935021c1182ed5b0cc04d40e' (2025-04-20) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2631b0b7abcea6e640ce31cd78ea58910d31e650' (2025-04-12) → 'github:nixos/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef' (2025-04-17) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/c564fb830c7d5b3e4fde5ea829a62f0e41e43a20' (2025-04-16) → 'github:oxalica/rust-overlay/e2142ef330a61c02f274ac9a9cb6f8487a5d0080' (2025-04-20) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/47bd3dc652c4a02dc565a9360fe828af38bea287' (2025-04-16) → 'github:nix-community/nix-vscode-extensions/ff14820202442f847fd37862eb48a7cb254a19d3' (2025-04-20) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d4de20c..4370247 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1742547966, - "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=", + "lastModified": 1745093116, + "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516", + "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1744833442, - "narHash": "sha256-BBMWW2m64Grcc5FlXz74+vdkUyCJOfUGnl+VcS/4x44=", + "lastModified": 1745128386, + "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6b75d69b6994ba68ec281bd36faebcc56097800", + "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1744518957, - "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", + "lastModified": 1745120797, + "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", + "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1744803954, - "narHash": "sha256-f+gE6JtLhPzyDWOCEHbN/S30GEGHMtXEt41+Va7wzEU=", + "lastModified": 1745116541, + "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c564fb830c7d5b3e4fde5ea829a62f0e41e43a20", + "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1744768710, - "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", + "lastModified": 1745114521, + "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", + "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", "type": "github" }, "original": { From a7de77a0fca41ab1397d0981f8c85b096339a158 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:36:48 -0400 Subject: [PATCH 22/58] update caddy hash --- modules/caddy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index f3f8e14..c5de226 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -21,7 +21,7 @@ in # (still need the @ to pass nix config check) "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="; + hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; From 48d8bacea8a961fdc306c788901da963fb38c549 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 13:53:21 -0400 Subject: [PATCH 23/58] change backup frequency --- home/yt/ytnix.nix | 1 + hosts/chunk/postgres.nix | 5 +---- hosts/ytnix/default.nix | 2 +- modules/backup.nix | 7 ++++--- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index f22d425..8afd45e 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -53,6 +53,7 @@ toolchain: toolchain.default.override { extensions = [ "rust-src" ]; + targets = [ "aarch64-unknown-linux-musl" ]; } )) pwgen diff --git a/hosts/chunk/postgres.nix b/hosts/chunk/postgres.nix index 07a3125..c4a6233 100644 --- a/hosts/chunk/postgres.nix +++ b/hosts/chunk/postgres.nix @@ -19,8 +19,5 @@ } ]; }; - services.postgresqlBackup = { - enable = true; - startAt = "hourly"; - }; + services.postgresqlBackup.enable = true; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ddf1364..c3759fa 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,7 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; + trustedInterfaces = [ "tailscale0" "virbr0" ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing diff --git a/modules/backup.nix b/modules/backup.nix index 2715deb..a07542d 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -47,7 +47,7 @@ in }; startAt = lib.mkOption { type = lib.types.str; - default = "hourly"; + default = "daily"; description = "see systemd.timer(5)"; }; jobName = lib.mkOption { @@ -98,8 +98,9 @@ in failOnWarnings = false; prune.keep = { - within = "2d"; - daily = 365; + daily = 7; + weekly = 12; + monthly = -1; }; extraPruneArgs = [ "--stats" ]; }; From d97917bba07573c81ea13f76683051607df9c674 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 13:54:25 -0400 Subject: [PATCH 24/58] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'garage': 'github:deuxfleurs-org/garage/4ef954d17604eba8aafa52902cd3c573978c7195' (2025-04-19) → 'github:deuxfleurs-org/garage/3c20984a08528f1a6672c8afc83d2306a0361e40' (2025-04-21) • Updated input 'home-manager': 'github:nix-community/home-manager/f98314bb064cf8f8446c44afbadaaad2505875a7' (2025-04-20) → 'github:nix-community/home-manager/22b326b42bf42973d5e4fe1044591fb459e6aeac' (2025-04-21) • Updated input 'lanzaboote': 'github:nix-community/lanzaboote/d8099586d9a84308ffedac07880e7f07a0180ff4' (2025-03-08) → 'github:nix-community/lanzaboote/e4cf2086105f47a22f92985358db295a20746abb' (2025-04-21) • Updated input 'lanzaboote/crane': 'github:ipetkov/crane/75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53' (2025-03-05) → 'github:ipetkov/crane/bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5' (2025-03-09) • Updated input 'lanzaboote/flake-parts': 'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01) → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07) • Updated input 'lanzaboote/pre-commit-hooks-nix': 'github:cachix/pre-commit-hooks.nix/42b1ba089d2034d910566bf6b40830af6b8ec732' (2025-03-02) → 'github:cachix/pre-commit-hooks.nix/b5a62751225b2f62ff3147d0a334055ebadcd5cc' (2025-03-07) • Updated input 'lanzaboote/rust-overlay': 'github:oxalica/rust-overlay/38e9826bc4296c9daf18bc1e6aa299f3e932a403' (2025-03-06) → 'github:oxalica/rust-overlay/c777dc8a1e35407b0e80ec89817fe69970f4e81a' (2025-03-10) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/e2142ef330a61c02f274ac9a9cb6f8487a5d0080' (2025-04-20) → 'github:oxalica/rust-overlay/68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a' (2025-04-21) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/ff14820202442f847fd37862eb48a7cb254a19d3' (2025-04-20) → 'github:nix-community/nix-vscode-extensions/6dfa23066faf8643ca05eac994aa14ef695231aa' (2025-04-21) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 4370247..2044b2a 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745093116, - "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", + "lastModified": 1745229893, + "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", + "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745128386, - "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", + "lastModified": 1745256380, + "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", "owner": "nix-community", "repo": "home-manager", - "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", + "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1741442524, - "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", + "lastModified": 1745217777, + "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", + "rev": "e4cf2086105f47a22f92985358db295a20746abb", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1740915799, - "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "lastModified": 1741379162, + "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", "type": "github" }, "original": { @@ -376,11 +376,11 @@ ] }, "locked": { - "lastModified": 1741228283, - "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "lastModified": 1741573199, + "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745116541, - "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", + "lastModified": 1745207416, + "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", + "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745114521, - "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", + "lastModified": 1745251368, + "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", + "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa", "type": "github" }, "original": { From 4f2af1bcfcffb3785cd3a25e2894951ba7ce76e8 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 17:19:13 -0400 Subject: [PATCH 25/58] rclone: limit sftp-concurrency to 64 (again) --- hosts/chunk/rclone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c474af..beb352f 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -23,7 +23,7 @@ let --vfs-fast-fingerprint \ --vfs-read-chunk-size 8M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ --write-back-cache \ From 17e257a318730463b5e5bd363485464847862d51 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 22:04:05 -0400 Subject: [PATCH 26/58] use post-build-hook for build packages --- .github/workflows/build-packages.yml | 35 +++++++++++++++++----------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 423c88a..343a54f 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -24,14 +24,33 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - - macos-latest - - macos-13 + # - macos-latest + # - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -44,20 +63,10 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + post-build-hook = /etc/nix/upload-to-cache.sh - run: nix build -L ${{ matrix.package }} - - name: cache result - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - "${{ matrix.package }}" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From 9546caaa7cb896905847308aab02c20bf3f0d27f Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 23 Apr 2025 09:56:59 -0400 Subject: [PATCH 27/58] bring back roundcube (with sieve) --- home/yt/ytnix.nix | 1 + hosts/chunk/default.nix | 1 + hosts/chunk/rclone.nix | 1 + modules/roundcube.nix | 4 ++++ 4 files changed, 7 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8afd45e..c08d0b8 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -106,6 +106,7 @@ minio-client nil keepassxc + lua-language-server ]; home.sessionVariables = { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2e4c960..6f73eaf 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -187,4 +187,5 @@ enable = false; dataDir = "/opt/karakeep"; }; + my.roundcube.enable = true; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index beb352f..1c253f2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -30,6 +30,7 @@ let ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + Restart = "on-failure"; }; in { diff --git a/modules/roundcube.nix b/modules/roundcube.nix index 63b14c5..7dcfb9d 100644 --- a/modules/roundcube.nix +++ b/modules/roundcube.nix @@ -31,6 +31,7 @@ in "contextmenu" "custom_from" "thunderbird_labels" + "managesieve" ]; dicts = with pkgs.aspellDicts; [ en ]; extraConfig = '' @@ -38,6 +39,8 @@ in $config['smtp_host'] = "ssl://smtp.migadu.com:465"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; + $config['managesieve_host'] = "tls://imap.migadu.com"; + $config['managesieve_port'] = 4190; ''; }; @@ -48,6 +51,7 @@ in services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' import common + import authelia root ${roundcube.package} php_fastcgi unix/${fpm.socket} file_server From 99b07bdb362447daf317456b13a93d7a5cfae854 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 24 Apr 2025 14:08:55 -0400 Subject: [PATCH 28/58] go back to sway --- home/yt/ytnix.nix | 10 +++++----- hosts/ytnix/default.nix | 23 ++++++++++++++++++----- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c08d0b8..7714c0b 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -97,16 +97,11 @@ libllvm ]) nix-output-monitor - wl-clipboard-rs pixelflasher cinny-desktop freetube - gopls - rust-analyzer minio-client - nil keepassxc - lua-language-server ]; home.sessionVariables = { @@ -158,6 +153,11 @@ enable = true; viAlias = true; vimAlias = true; + extraPackages = with pkgs; [ + lua-language-server + nil + rust-analyzer + ]; }; programs.ssh = { diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c3759fa..2ee496b 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -204,7 +204,7 @@ services.displayManager = { enable = true; autoLogin.user = "yt"; - defaultSession = "plasma"; + defaultSession = "sway"; sddm = { enable = true; wayland.enable = true; @@ -360,12 +360,8 @@ ]; }; - services.ollama.enable = false; - services.trezord.enable = true; - programs.niri.enable = false; - programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; services.udev.extraHwdb = '' @@ -393,4 +389,21 @@ nix.settings.sandbox = false; programs.ssh.startAgent = true; + + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + extraPackages = with pkgs; [ + rofi-wayland + cliphist + rofimoji + grim + slurp + swaylock + swayidle + brightnessctl + waybar + wl-clipboard + ]; + }; } From 9c509c79cb3755500555ae8979dc7639c36f82d5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 24 Apr 2025 14:30:28 -0400 Subject: [PATCH 29/58] fix caddy hash --- modules/caddy.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index c5de226..f6904a8 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -19,9 +19,9 @@ in plugins = [ # error message will tell you the correct version tag to use # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" + "github.com/caddy-dns/cloudflare@v0.2.2-0.20250420134112-006ebb07b349" ]; - hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; + hash = "sha256-2U+icm4GtI5Fww6U8nKzQ/+pPf63T3scTGuj1zjj4b4="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; @@ -37,9 +37,9 @@ in (authelia) { forward_auth localhost:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Name Remote-Email - } + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } } ''; environmentFile = config.sops.secrets."caddy/env".path; From 4e99cfcc94f1fd11ecfcccec8d468c8b6934917f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 24 Apr 2025 14:31:20 -0400 Subject: [PATCH 30/58] rm codium --- home/yt/ytnix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 7714c0b..d31b20a 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -8,7 +8,7 @@ ./common.nix ../irssi.nix ../kitty.nix - ../codium.nix + # ../codium.nix ]; home = { username = "yt"; From c400c4b5cd88ce75686cb59401595449a27f4359 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 24 Apr 2025 14:10:26 -0400 Subject: [PATCH 31/58] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'garage': 'github:deuxfleurs-org/garage/3c20984a08528f1a6672c8afc83d2306a0361e40' (2025-04-21) → 'github:deuxfleurs-org/garage/bf4691d98afe348e528ee24e26b06c325cca35d0' (2025-04-24) • Updated input 'home-manager': 'github:nix-community/home-manager/22b326b42bf42973d5e4fe1044591fb459e6aeac' (2025-04-21) → 'github:nix-community/home-manager/abfad3d2958c9e6300a883bd443512c55dfeb1be' (2025-04-24) • Updated input 'lanzaboote': 'github:nix-community/lanzaboote/e4cf2086105f47a22f92985358db295a20746abb' (2025-04-21) → 'github:nix-community/lanzaboote/995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba' (2025-04-21) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef' (2025-04-17) → 'github:nixos/nixpkgs/8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7' (2025-04-23) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a' (2025-04-21) → 'github:oxalica/rust-overlay/79d3acd1a7e67fb9315fa5c5556eb6adf93dc2da' (2025-04-24) • Updated input 'sops-nix': 'github:Mic92/sops-nix/61154300d945f0b147b30d24ddcafa159148026a' (2025-04-14) → 'github:Mic92/sops-nix/5e3e92b16d6fdf9923425a8d4df7496b2434f39c' (2025-04-22) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/6dfa23066faf8643ca05eac994aa14ef695231aa' (2025-04-21) → 'github:nix-community/nix-vscode-extensions/e4d64dfea41b1aae1f9506dbf11545d008053cd6' (2025-04-24) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 2044b2a..de7b936 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745229893, - "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=", + "lastModified": 1745480492, + "narHash": "sha256-atfb7grtY2DkjR5D9xTKx/CxXoXELBb+xQK2KVe6cso=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40", + "rev": "bf4691d98afe348e528ee24e26b06c325cca35d0", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745256380, - "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1745217777, - "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", + "lastModified": 1745271491, + "narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "e4cf2086105f47a22f92985358db295a20746abb", + "rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745207416, - "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=", + "lastModified": 1745462120, + "narHash": "sha256-TbVjPOl+Cg5vZ7TIn1KpQ8SOfHKD6OEgu84b6YSCfKE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a", + "rev": "79d3acd1a7e67fb9315fa5c5556eb6adf93dc2da", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745251368, - "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=", + "lastModified": 1745510572, + "narHash": "sha256-N0gORxOiGHRVxylYv84jngkjZ203DHAwKMWAGapehXw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa", + "rev": "e4d64dfea41b1aae1f9506dbf11545d008053cd6", "type": "github" }, "original": { From 14f9f0c06a6f52898af3ed34e85272e82ac9ee18 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 25 Apr 2025 10:57:53 -0400 Subject: [PATCH 32/58] install ida-free --- home/yt/ytnix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index d31b20a..9aed45a 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ freetube minio-client keepassxc + ida-free ]; home.sessionVariables = { From 0299139b8e917662b1a14f3a5eafcfe4437bdea8 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 27 Apr 2025 17:51:34 -0400 Subject: [PATCH 33/58] workflow: increase download buffer --- .../workflows/build-machines-and-homes.yml | 2 ++ home/yt/ytnix.nix | 34 ++++++++++++++++++- hosts/chunk/garage.nix | 2 +- hosts/chunk/rclone.nix | 9 +++-- hosts/ytnix/default.nix | 4 +-- 5 files changed, 41 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index f1e07bc..b85e53f 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -71,6 +71,7 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh + download-buffer-size = 1073741824 - name: build run: | @@ -136,6 +137,7 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh + download-buffer-size = 1073741824 - name: build run: | diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9aed45a..cfddbb7 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -60,7 +60,6 @@ gnumake unzip anki-bin - trezorctl q gdb fuzzel @@ -158,6 +157,11 @@ lua-language-server nil rust-analyzer + fzf + fd + ripgrep + bat + delta ]; }; @@ -167,4 +171,32 @@ }; programs.firefox.enable = true; + + programs.emacs = { + enable = true; + extraPackages = _: with pkgs; [ + rust-analyzer + nil + ispell + ]; + }; + + gtk = { + enable = true; + theme.package = pkgs.gnome-themes-extra; + theme.name = "Adwaita-dark"; + }; + + qt = { + enable = true; + platformTheme.name = "adwaita"; + style.name = "adwaita-dark"; + style.package = pkgs.adwaita-qt; + }; + + dconf.settings = { + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + }; + }; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index a36dc49..aef6578 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -25,7 +25,7 @@ compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; - logLevel = "warn"; + logLevel = "info"; }; services.caddy.virtualHosts = { diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c253f2..7ab5e2e 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,15 +14,14 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 64 \ - --vfs-cache-mode full \ + --transfers 16 \ + --vfs-cache-mode writes \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ - --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 8M \ - --vfs-read-chunk-streams 16 \ + --vfs-read-chunk-size 128M \ + --vfs-read-chunk-streams 0 \ --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 2ee496b..718a85e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -360,8 +360,6 @@ ]; }; - services.trezord.enable = true; - programs.xwayland.enable = true; services.udev.extraHwdb = '' @@ -386,7 +384,7 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; - nix.settings.sandbox = false; + nix.settings.sandbox = true; programs.ssh.startAgent = true; From 6220965c2dc5b450f790b7c7b7cc8e9cc03e3f9f Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 27 Apr 2025 17:59:24 -0400 Subject: [PATCH 34/58] install jj and taplo --- home/yt/ytnix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index cfddbb7..a841d0d 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ minio-client keepassxc ida-free + jujutsu ]; home.sessionVariables = { @@ -162,6 +163,7 @@ ripgrep bat delta + taplo ]; }; From e6e9310b29ad42445f5737c1a9644f9644c7aac8 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 28 Apr 2025 15:01:30 -0400 Subject: [PATCH 35/58] update flake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Updated input 'home-manager': 'github:nix-community/home-manager/abfad3d2958c9e6300a883bd443512c55dfeb1be' (2025-04-24) → 'github:nix-community/home-manager/d0d9d0a1454d5a0200693570618084d80a8b336c' (2025-04-28) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/69716041f881a2af935021c1182ed5b0cc04d40e' (2025-04-20) → 'github:nix-community/nix-index-database/187524713d0d9b2d2c6f688b81835114d4c2a7c6' (2025-04-27) • Updated input 'nix-ld': 'github:nix-community/nix-ld/9a3812797e25def1d4aed62b517606b7b93989dc' (2025-04-14) → 'github:nix-community/nix-ld/3a4fcea3d9a3c1366a745d23808114a67bf98c68' (2025-04-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7' (2025-04-23) → 'github:nixos/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/79d3acd1a7e67fb9315fa5c5556eb6adf93dc2da' (2025-04-24) → 'github:oxalica/rust-overlay/9a6045615437787dfb9c1a3242fd75c6b6976b6b' (2025-04-28) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/e4d64dfea41b1aae1f9506dbf11545d008053cd6' (2025-04-24) → 'github:nix-community/nix-vscode-extensions/3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a' (2025-04-28) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index de7b936..5146a69 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1745858959, + "narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "d0d9d0a1454d5a0200693570618084d80a8b336c", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1745120797, - "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", + "lastModified": 1745725746, + "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", + "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1744621833, - "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", + "lastModified": 1745836145, + "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=", "owner": "nix-community", "repo": "nix-ld", - "rev": "9a3812797e25def1d4aed62b517606b7b93989dc", + "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1745526057, + "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745462120, - "narHash": "sha256-TbVjPOl+Cg5vZ7TIn1KpQ8SOfHKD6OEgu84b6YSCfKE=", + "lastModified": 1745807802, + "narHash": "sha256-Aary9kzSx9QFgfK1CDu3ZqxhuoyHvf0F71j64gXZebA=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "79d3acd1a7e67fb9315fa5c5556eb6adf93dc2da", + "rev": "9a6045615437787dfb9c1a3242fd75c6b6976b6b", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745510572, - "narHash": "sha256-N0gORxOiGHRVxylYv84jngkjZ203DHAwKMWAGapehXw=", + "lastModified": 1745820808, + "narHash": "sha256-6WmnH372ixlcGIAExWBmNg8aRlP1enR97zRfvYKNqR0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e4d64dfea41b1aae1f9506dbf11545d008053cd6", + "rev": "3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a", "type": "github" }, "original": { From 1262c2daee7c2dfbeffcac051423b6dadcd57e6e Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 29 Apr 2025 00:36:16 -0400 Subject: [PATCH 36/58] add jj aliases; rm and update other aliases --- home/zsh/default.nix | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/home/zsh/default.nix b/home/zsh/default.nix index e599f0d..977de0b 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -37,12 +37,6 @@ searchDownKey = "^n"; }; - # prezto = { - # enable = true; - # caseSensitive = false; - # editor.keymap = "vi"; - # }; - initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL @@ -85,14 +79,11 @@ shellAliases = { "vi" = "nvim"; "vim" = "nvim"; - "t" = "tmux"; - "tl" = "tmux list-sessions"; - "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; - "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; - "hrs" = "home-manager switch -L --flake ."; + "nrs" = "sudo nixos-rebuild switch -L --flake ~/nixos-config"; + "nrt" = "sudo nixos-rebuild test -L --flake ~/nixos-config"; + "hrs" = "home-manager switch -L --flake ~/nixos-config"; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; @@ -100,7 +91,6 @@ "gc" = "git commit --verbose"; "gcmsg" = "git commit --message"; "gd" = "git diff"; - "gdca" = "git diff --cached"; "gds" = "git diff --staged"; "gl" = "git log --stat"; "glg" = "git log --graph"; @@ -113,6 +103,11 @@ "gs" = "git status --short"; "gss" = "git status"; "code" = "codium"; + "jl" = "jj log -n 10"; + "jll" = "jj log"; + "jd" = "jj diff"; + "jn" = "jj new"; + "jm" = "jj describe -m"; }; }; From abe85c7763fa510469c19debfa6cae5e8d27dfda Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 29 Apr 2025 00:36:16 -0400 Subject: [PATCH 37/58] rm README --- README | 1 - 1 file changed, 1 deletion(-) delete mode 100644 README diff --git a/README b/README deleted file mode 100644 index 1a59725..0000000 --- a/README +++ /dev/null @@ -1 +0,0 @@ -this is only open source for free ci From 2972c64f3341836ec6982ea903544a244e727f48 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 30 Apr 2025 11:58:16 -0400 Subject: [PATCH 38/58] add .editorconfig and rm unused packages --- .editorconfig | 3 +++ home/yt/ytnix.nix | 10 ---------- 2 files changed, 3 insertions(+), 10 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..2eafe75 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,3 @@ +[*.nix] +indent_style = space +indent_size = 2 diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index a841d0d..913eaae 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -28,10 +28,7 @@ home.packages = with pkgs; lib.flatten [ - ungoogled-chromium - librewolf bitwarden-desktop - bitwarden-cli fastfetch (with kdePackages; [ gwenview @@ -41,14 +38,12 @@ signal-desktop btop jq - sqlite usbutils calibre tor-browser wtype bat rclone - go (rust-bin.selectLatestNightlyWith ( toolchain: toolchain.default.override { @@ -56,11 +51,9 @@ targets = [ "aarch64-unknown-linux-musl" ]; } )) - pwgen gnumake unzip anki-bin - q gdb fuzzel hugo @@ -89,16 +82,13 @@ jadx scrcpy syncthing - syncthingtray (with llvmPackages; [ clangUseLLVM compiler-rt libllvm ]) nix-output-monitor - pixelflasher cinny-desktop - freetube minio-client keepassxc ida-free From 3e371387e73984926f07f5f49b608e4dddb24087 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 2 May 2025 11:42:23 -0400 Subject: [PATCH 39/58] install clang-tools --- home/yt/ytnix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 913eaae..8043825 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -154,6 +154,7 @@ bat delta taplo + llvmPackages.clang-tools ]; }; From 8100b8248588c6c2f449b1b1c1bde8be3a84338b Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 01:21:42 -0400 Subject: [PATCH 40/58] fix authelia in immich --- modules/authelia.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/authelia.nix b/modules/authelia.nix index f231f50..915be02 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -68,6 +68,7 @@ in ]; scopes = [ "openid" "profile" "email" ]; userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_basic"; } { client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; From 477d94687d5af9cbc4700dae7e90331d99277811 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 01:21:42 -0400 Subject: [PATCH 41/58] install ffmpeg, pyright; exclude vms from backup; make kitty transparent --- home/kitty.nix | 1 + home/yt/ytnix.nix | 2 ++ hosts/ytnix/default.nix | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/home/kitty.nix b/home/kitty.nix index a6ddf37..40f25ef 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -13,6 +13,7 @@ # for confirmation confirm_os_window_close = 0; clear_all_shortcuts = true; + background_opacity = 0.85; # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8043825..8a301d1 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -93,6 +93,7 @@ keepassxc ida-free jujutsu + ffmpeg ]; home.sessionVariables = { @@ -155,6 +156,7 @@ delta taplo llvmPackages.clang-tools + pyright ]; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 718a85e..920cd4f 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,7 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" "virbr0" ]; + trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing @@ -238,6 +238,7 @@ "/home/yt/Games" "/home/yt/Videos" "/home/yt/.bitmonero" + "/home/yt/vms" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; From 5cb9e6170866e06db255fcf8c96b068579b88e99 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 4 May 2025 01:59:10 -0400 Subject: [PATCH 42/58] test nixcp use nixcp to upload machines as result --- .../workflows/build-machines-and-homes.yml | 69 ++++++++----------- .github/workflows/build-packages.yml | 29 +++----- 2 files changed, 37 insertions(+), 61 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index b85e53f..d54e390 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -39,25 +39,6 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: post-build-hook - run: | - sudo mkdir -p /etc/nix - sudo cp ci/upload-to-cache.sh /etc/nix/ - sudo chmod +x /etc/nix/upload-to-cache.sh - - - name: setup s3 credentials - run: | - sudo mkdir /root/.aws - echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials - echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials - echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials - echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config - - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -70,13 +51,26 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - post-build-hook = /etc/nix/upload-to-cache.sh download-buffer-size = 1073741824 + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: build run: | nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" + - name: cache + run: | + nix run \ + github:cything/nixcp/test-in-ci -- push \ + --bucket nixcache \ + --endpoint $AWS_ENDPOINT_URL \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + result + build-homes: strategy: fail-fast: false @@ -86,7 +80,6 @@ jobs: - yt@chunk os: - ubuntu-latest - # - macos-latest runs-on: ${{ matrix.os }} steps: @@ -105,25 +98,6 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: post-build-hook - run: | - sudo mkdir -p /etc/nix - sudo cp ci/upload-to-cache.sh /etc/nix/ - sudo chmod +x /etc/nix/upload-to-cache.sh - - - name: setup s3 credentials - run: | - sudo mkdir /root/.aws - echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials - echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials - echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials - echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config - - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -136,10 +110,23 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - post-build-hook = /etc/nix/upload-to-cache.sh download-buffer-size = 1073741824 + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + + - name: cache + run: | + nix run \ + github:cything/nixcp/test-in-ci -- push \ + --bucket nixcache \ + --endpoint $AWS_ENDPOINT_URL \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + result diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 343a54f..61527a1 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -32,25 +32,6 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: post-build-hook - run: | - sudo mkdir -p /etc/nix - sudo cp ci/upload-to-cache.sh /etc/nix/ - sudo chmod +x /etc/nix/upload-to-cache.sh - - - name: setup s3 credentials - run: | - sudo mkdir /root/.aws - echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials - echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials - echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials - echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config - - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -63,10 +44,18 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - post-build-hook = /etc/nix/upload-to-cache.sh - run: nix build -L ${{ matrix.package }} + - name: cache + run: | + nix run \ + github:cything/nixcp/test-in-ci -- push \ + --bucket nixcache \ + --endpoint $AWS_ENDPOINT_URL \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + result + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From b26df5666a8604e88f067a331c75d8468fbb926d Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 7 May 2025 00:08:29 -0400 Subject: [PATCH 43/58] =?UTF-8?q?flake=20update=20=E2=80=A2=20Updated=20in?= =?UTF-8?q?put=20'home-manager':=20=20=20=20=20'github:nix-community/home-?= =?UTF-8?q?manager/d0d9d0a1454d5a0200693570618084d80a8b336c'=20(2025-04-28?= =?UTF-8?q?)=20=20=20=E2=86=92=20'github:nix-community/home-manager/355353?= =?UTF-8?q?45be0be7dbae2e9b787c6cf790f8c893d5'=20(2025-05-07)=20=E2=80=A2?= =?UTF-8?q?=20Updated=20input=20'nix-index-database':=20=20=20=20=20'githu?= =?UTF-8?q?b:nix-community/nix-index-database/187524713d0d9b2d2c6f688b8183?= =?UTF-8?q?5114d4c2a7c6'=20(2025-04-27)=20=20=20=E2=86=92=20'github:nix-co?= =?UTF-8?q?mmunity/nix-index-database/137fd2bd726fff343874f85601b51769b486?= =?UTF-8?q?85cc'=20(2025-05-04)=20=E2=80=A2=20Updated=20input=20'nix-ld':?= =?UTF-8?q?=20=20=20=20=20'github:nix-community/nix-ld/3a4fcea3d9a3c1366a7?= =?UTF-8?q?45d23808114a67bf98c68'=20(2025-04-28)=20=20=20=E2=86=92=20'gith?= =?UTF-8?q?ub:nix-community/nix-ld/3262ac5b572f0f45a97212afda927208f3a463f?= =?UTF-8?q?1'=20(2025-05-05)=20=E2=80=A2=20Updated=20input=20'nixpkgs':=20?= =?UTF-8?q?=20=20=20=20'github:nixos/nixpkgs/f771eb401a46846c1aebd20552521?= =?UTF-8?q?b233dd7e18b'=20(2025-04-24)=20=20=20=E2=86=92=20'github:nixos/n?= =?UTF-8?q?ixpkgs/3730d8a308f94996a9ba7c7138ede69c1b9ac4ae'=20(2025-05-05)?= =?UTF-8?q?=20=E2=80=A2=20Updated=20input=20'rust-overlay':=20=20=20=20=20?= =?UTF-8?q?'github:oxalica/rust-overlay/9a6045615437787dfb9c1a3242fd75c6b6?= =?UTF-8?q?976b6b'=20(2025-04-28)=20=20=20=E2=86=92=20'github:oxalica/rust?= =?UTF-8?q?-overlay/72dd969389583664f87aa348b3458f2813693617'=20(2025-05-0?= =?UTF-8?q?7)=20=E2=80=A2=20Updated=20input=20'sops-nix':=20=20=20=20=20'g?= =?UTF-8?q?ithub:Mic92/sops-nix/5e3e92b16d6fdf9923425a8d4df7496b2434f39c'?= =?UTF-8?q?=20(2025-04-22)=20=20=20=E2=86=92=20'github:Mic92/sops-nix/e93e?= =?UTF-8?q?e1d900ad264d65e9701a5c6f895683433386'=20(2025-05-05)=20?= =?UTF-8?q?=E2=80=A2=20Updated=20input=20'vscode-extensions':=20=20=20=20?= =?UTF-8?q?=20'github:nix-community/nix-vscode-extensions/3f05a23a57d43dfc?= =?UTF-8?q?aa41f4fb59f9bd1e9382ba1a'=20(2025-04-28)=20=20=20=E2=86=92=20'g?= =?UTF-8?q?ithub:nix-community/nix-vscode-extensions/5ce9c4adcc0098d86b682?= =?UTF-8?q?3fcb7926b4776d53e49'=20(2025-05-07)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 5146a69..068c5ed 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745858959, - "narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=", + "lastModified": 1746585355, + "narHash": "sha256-p+3fK8HEYC+0q4gPKSE4OSRxqt5H/tWZkB9wF7aaWOY=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0d9d0a1454d5a0200693570618084d80a8b336c", + "rev": "35535345be0be7dbae2e9b787c6cf790f8c893d5", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1745725746, - "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=", + "lastModified": 1746330942, + "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6", + "rev": "137fd2bd726fff343874f85601b51769b48685cc", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1745836145, - "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=", + "lastModified": 1746437902, + "narHash": "sha256-cAYSTvh+nKl/DQDS0+MlepFRQxsAGt7bRSwvoRyNJuw=", "owner": "nix-community", "repo": "nix-ld", - "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68", + "rev": "3262ac5b572f0f45a97212afda927208f3a463f1", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1746461020, + "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745807802, - "narHash": "sha256-Aary9kzSx9QFgfK1CDu3ZqxhuoyHvf0F71j64gXZebA=", + "lastModified": 1746585402, + "narHash": "sha256-Pf+ufu6bYNA1+KQKHnGMNEfTwpD9ZIcAeLoE2yPWIP0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "9a6045615437787dfb9c1a3242fd75c6b6976b6b", + "rev": "72dd969389583664f87aa348b3458f2813693617", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745820808, - "narHash": "sha256-6WmnH372ixlcGIAExWBmNg8aRlP1enR97zRfvYKNqR0=", + "lastModified": 1746583118, + "narHash": "sha256-ZZxKOjzztBd+NVbEUPPpw+GtObhNfMZHF9YNEN8wVoY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a", + "rev": "5ce9c4adcc0098d86b6823fcb7926b4776d53e49", "type": "github" }, "original": { From a0f0a406b9a8d0a18d12b278b5d5fdcb38a3fb97 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 9 May 2025 17:12:21 -0400 Subject: [PATCH 44/58] install stuff --- home/yt/ytnix.nix | 31 +++++++++++++++++++------------ hosts/ytnix/default.nix | 1 + 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8a301d1..ffc0360 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -60,18 +60,9 @@ ghidra sccache awscli2 - (cutter.withPlugins ( - p: with p; [ - rz-ghidra - jsdec - sigdb - ] - )) p7zip qbittorrent android-tools - frida-tools - mitmproxy (python313.withPackages ( p: with p; [ python-lsp-server @@ -79,7 +70,6 @@ virtualenv ] )) - jadx scrcpy syncthing (with llvmPackages; [ @@ -91,9 +81,23 @@ cinny-desktop minio-client keepassxc - ida-free jujutsu ffmpeg + typst + + # reversing + radare2 + ida-free + jadx + frida-tools + mitmproxy + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) ]; home.sessionVariables = { @@ -147,7 +151,7 @@ vimAlias = true; extraPackages = with pkgs; [ lua-language-server - nil + nixd rust-analyzer fzf fd @@ -157,6 +161,9 @@ taplo llvmPackages.clang-tools pyright + tree-sitter + nodejs + nixfmt-rfc-style ]; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 920cd4f..e59abc3 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -317,6 +317,7 @@ xorg.libxshmfence xorg.libXxf86vm xorg.libSM + xorg.libICE gtk3 pango gdk-pixbuf From 064fa8990d506a047f79134525a375b111d19f5c Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 13 May 2025 19:27:39 -0400 Subject: [PATCH 45/58] flake update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Updated input 'garage': 'github:deuxfleurs-org/garage/bf4691d98afe348e528ee24e26b06c325cca35d0' (2025-04-24) → 'github:deuxfleurs-org/garage/a2a9e3cec4945c4f6bb93622b860ef696ed3c075' (2025-05-09) • Updated input 'home-manager': 'github:nix-community/home-manager/35535345be0be7dbae2e9b787c6cf790f8c893d5' (2025-05-07) → 'github:nix-community/home-manager/8d832ddfda9facf538f3dda9b6985fb0234f151c' (2025-05-13) • Updated input 'lanzaboote': 'github:nix-community/lanzaboote/995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba' (2025-04-21) → 'github:nix-community/lanzaboote/2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85' (2025-05-12) • Updated input 'lanzaboote/crane': 'github:ipetkov/crane/bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5' (2025-03-09) → 'github:ipetkov/crane/dfd9a8dfd09db9aad544c4d3b6c47b12562544a5' (2025-05-03) • Updated input 'lanzaboote/flake-parts': 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07) → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) • Updated input 'lanzaboote/pre-commit-hooks-nix': 'github:cachix/pre-commit-hooks.nix/b5a62751225b2f62ff3147d0a334055ebadcd5cc' (2025-03-07) → 'github:cachix/pre-commit-hooks.nix/fa466640195d38ec97cf0493d6d6882bc4d14969' (2025-05-06) • Updated input 'lanzaboote/rust-overlay': 'github:oxalica/rust-overlay/c777dc8a1e35407b0e80ec89817fe69970f4e81a' (2025-03-10) → 'github:oxalica/rust-overlay/5b07506ae89b025b14de91f697eba23b48654c52' (2025-05-12) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/137fd2bd726fff343874f85601b51769b48685cc' (2025-05-04) → 'github:nix-community/nix-index-database/e9b21b01e4307176b9718a29ac514838e7f6f4ff' (2025-05-11) • Updated input 'nix-ld': 'github:nix-community/nix-ld/3262ac5b572f0f45a97212afda927208f3a463f1' (2025-05-05) → 'github:nix-community/nix-ld/90316ea7ffa3336547b85b3b2827d9d4552a4a79' (2025-05-12) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3730d8a308f94996a9ba7c7138ede69c1b9ac4ae' (2025-05-05) → 'github:nixos/nixpkgs/d89fc19e405cb2d55ce7cc114356846a0ee5e956' (2025-05-10) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/72dd969389583664f87aa348b3458f2813693617' (2025-05-07) → 'github:oxalica/rust-overlay/fe36c63649875f391949e8b2ec33949d0cd8aa95' (2025-05-13) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/5ce9c4adcc0098d86b6823fcb7926b4776d53e49' (2025-05-07) → 'github:nix-community/nix-vscode-extensions/1830b606ba0a839ab60f8465c23613620e9982de' (2025-05-13) --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 068c5ed..1fd0e8b 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741481578, - "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "lastModified": 1746291859, + "narHash": "sha256-DdWJLA+D5tcmrRSg5Y7tp/qWaD05ATI4Z7h22gd1h7Q=", "owner": "ipetkov", "repo": "crane", - "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "rev": "dfd9a8dfd09db9aad544c4d3b6c47b12562544a5", "type": "github" }, "original": { @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745480492, - "narHash": "sha256-atfb7grtY2DkjR5D9xTKx/CxXoXELBb+xQK2KVe6cso=", + "lastModified": 1746786847, + "narHash": "sha256-QKb+8DHlceK62uPHd+KTI22efwUMJ8zI2eD6HOSw99s=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "bf4691d98afe348e528ee24e26b06c325cca35d0", + "rev": "a2a9e3cec4945c4f6bb93622b860ef696ed3c075", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1746585355, - "narHash": "sha256-p+3fK8HEYC+0q4gPKSE4OSRxqt5H/tWZkB9wF7aaWOY=", + "lastModified": 1747155932, + "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=", "owner": "nix-community", "repo": "home-manager", - "rev": "35535345be0be7dbae2e9b787c6cf790f8c893d5", + "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1745271491, - "narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=", + "lastModified": 1747056319, + "narHash": "sha256-qSKcBaISBozadtPq6BomnD+wIYTZIkiua3UuHLaD52c=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba", + "rev": "2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1746330942, - "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=", + "lastModified": 1746934494, + "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "137fd2bd726fff343874f85601b51769b48685cc", + "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1746437902, - "narHash": "sha256-cAYSTvh+nKl/DQDS0+MlepFRQxsAGt7bRSwvoRyNJuw=", + "lastModified": 1747037786, + "narHash": "sha256-nhOupZpHdrUYK2a2y1y238VEPVpUmJw/nEd212wyG0c=", "owner": "nix-community", "repo": "nix-ld", - "rev": "3262ac5b572f0f45a97212afda927208f3a463f1", + "rev": "90316ea7ffa3336547b85b3b2827d9d4552a4a79", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746461020, - "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1741379162, - "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", + "lastModified": 1746537231, + "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", + "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "type": "github" }, "original": { @@ -376,11 +376,11 @@ ] }, "locked": { - "lastModified": 1741573199, - "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=", + "lastModified": 1747017456, + "narHash": "sha256-C/U12fcO+HEF071b5mK65lt4XtAIZyJSSJAg9hdlvTk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a", + "rev": "5b07506ae89b025b14de91f697eba23b48654c52", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1746585402, - "narHash": "sha256-Pf+ufu6bYNA1+KQKHnGMNEfTwpD9ZIcAeLoE2yPWIP0=", + "lastModified": 1747103809, + "narHash": "sha256-a3Yk+CoFmNw7V8J/si/AM8WuI/qTxQhiJpuQ7HFl774=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "72dd969389583664f87aa348b3458f2813693617", + "rev": "fe36c63649875f391949e8b2ec33949d0cd8aa95", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1746583118, - "narHash": "sha256-ZZxKOjzztBd+NVbEUPPpw+GtObhNfMZHF9YNEN8wVoY=", + "lastModified": 1747101711, + "narHash": "sha256-VJ6NkQAIXvNr+THN6TlNqlSY3lB1hv/o4yvfG82sHQI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5ce9c4adcc0098d86b6823fcb7926b4776d53e49", + "rev": "1830b606ba0a839ab60f8465c23613620e9982de", "type": "github" }, "original": { From c39588711801d8ed789d69a113a50d10cfa54a44 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 13 May 2025 19:30:25 -0400 Subject: [PATCH 46/58] use nixcp main branch in ci --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index d54e390..7c45cd6 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -65,7 +65,7 @@ jobs: - name: cache run: | nix run \ - github:cything/nixcp/test-in-ci -- push \ + github:cything/nixcp -- push \ --bucket nixcache \ --endpoint $AWS_ENDPOINT_URL \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ @@ -125,7 +125,7 @@ jobs: - name: cache run: | nix run \ - github:cything/nixcp/test-in-ci -- push \ + github:cything/nixcp -- push \ --bucket nixcache \ --endpoint $AWS_ENDPOINT_URL \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 61527a1..678db19 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -50,7 +50,7 @@ jobs: - name: cache run: | nix run \ - github:cything/nixcp/test-in-ci -- push \ + github:cything/nixcp -- push \ --bucket nixcache \ --endpoint $AWS_ENDPOINT_URL \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ From 04bcd9eba111dd661662e28222341f034116a7a1 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 19 May 2025 11:14:34 -0400 Subject: [PATCH 47/58] only exclude libvirt/images --- hosts/ytnix/default.nix | 18 +++++++++++++----- modules/backup.nix | 2 +- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index e59abc3..f75138d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,11 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ]; + trustedInterfaces = [ + "tailscale0" + "virbr0" + "virbr1" + ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing @@ -213,10 +217,14 @@ }; fonts = { - packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; + packages = + (with pkgs; [ + ibm-plex + ]) + ++ (with pkgs.nerd-fonts; [ + roboto-mono + jetbrains-mono + ]); enableDefaultPackages = true; }; diff --git a/modules/backup.nix b/modules/backup.nix index a07542d..b9d43c1 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -21,7 +21,7 @@ let "/var/lib/docker" "/var/lib/containers" # podman "/var/lib/systemd" - "/var/lib/libvirt" + "/var/lib/libvirt/images" "**/.rustup" "**/.cargo" "**/.docker" From f280227e5d2a60acd6d427334001b28709c881eb Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 20 May 2025 14:51:57 -0400 Subject: [PATCH 48/58] use nftables --- hosts/chunk/default.nix | 28 +--------------------------- hosts/common.nix | 1 + 2 files changed, 2 insertions(+), 27 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 6f73eaf..8a7139e 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,6 +1,5 @@ { pkgs, - lib, ... }: { @@ -79,32 +78,6 @@ allowedUDPPorts = [ 443 ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in - '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off - - # clear existing rules - ${tc} qdisc del dev ens18 root || true - - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 10 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 - - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 - ''; }; interfaces.ens18 = { ipv6.addresses = [ @@ -157,6 +130,7 @@ environment.systemPackages = with pkgs; [ vim + neovim wget curl tree diff --git a/hosts/common.nix b/hosts/common.nix index b1989b1..fe6e1c6 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -56,6 +56,7 @@ "nts.teambelgium.net" "c.st1.ntp.br" ]; + nftables.enable = true; }; services.chrony = { enable = true; From 24ea763f2aa36c7df57bcb89e34773be66b5ce41 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 20 May 2025 14:54:24 -0400 Subject: [PATCH 49/58] install pavucontrol; fix pw.conf; updateMicrocode to true --- home/yt/ytnix.nix | 1 + hosts/ytnix/default.nix | 26 ++++++++++++++------------ hosts/ytnix/hardware-configuration.nix | 2 +- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index ffc0360..d97e4bf 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -84,6 +84,7 @@ jujutsu ffmpeg typst + pavucontrol # reversing radare2 diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index f75138d..ac0db6d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -127,18 +127,20 @@ }; # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters wireplumber.extraConfig.disableSuspend = { - "monitor.bluez.rules" = { - matches = [ - { - "node.name" = "bluez_output.*"; - } - ]; - }; - actions = { - update-props = { - "session.suspend-timeout-seconds" = 0; - }; - }; + "monitor.bluez.rules" = [ + { + matches = [ + { + "node.name" = "bluez_output.*"; + } + ]; + actions = { + update-props = { + "session.suspend-timeout-seconds" = 0; + }; + }; + } + ]; }; }; diff --git a/hosts/ytnix/hardware-configuration.nix b/hosts/ytnix/hardware-configuration.nix index c98a8c5..cd1c283 100644 --- a/hosts/ytnix/hardware-configuration.nix +++ b/hosts/ytnix/hardware-configuration.nix @@ -82,5 +82,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault true; } From deef6be2276a49282099346adba9b852b45d4760 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 20 May 2025 18:00:35 -0400 Subject: [PATCH 50/58] flake update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Updated input 'home-manager': 'github:nix-community/home-manager/8d832ddfda9facf538f3dda9b6985fb0234f151c' (2025-05-13) → 'github:nix-community/home-manager/29dda415f5b2178278283856c6f9f7b48a2a4353' (2025-05-20) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/e9b21b01e4307176b9718a29ac514838e7f6f4ff' (2025-05-11) → 'github:nix-community/nix-index-database/ec179dd13fb7b4c6844f55be91436f7857226dce' (2025-05-18) • Updated input 'nix-ld': 'github:nix-community/nix-ld/90316ea7ffa3336547b85b3b2827d9d4552a4a79' (2025-05-12) → 'github:nix-community/nix-ld/14ad0c0a26dae752c93fa9fa59437bfd2b8aaf69' (2025-05-19) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/d89fc19e405cb2d55ce7cc114356846a0ee5e956' (2025-05-10) → 'github:nixos/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043' (2025-05-18) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/fe36c63649875f391949e8b2ec33949d0cd8aa95' (2025-05-13) → 'github:oxalica/rust-overlay/3e7b002daad1ff342b223af3a9de7b2a4b6fdc7d' (2025-05-20) • Updated input 'sops-nix': 'github:Mic92/sops-nix/e93ee1d900ad264d65e9701a5c6f895683433386' (2025-05-05) → 'github:Mic92/sops-nix/8d215e1c981be3aa37e47aeabd4e61bb069548fd' (2025-05-18) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/1830b606ba0a839ab60f8465c23613620e9982de' (2025-05-13) → 'github:nix-community/nix-vscode-extensions/d096058275e83be4133081e53dcd53e029a5ad80' (2025-05-20) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 1fd0e8b..069a535 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1747155932, - "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=", + "lastModified": 1747763032, + "narHash": "sha256-9j3oCbemeH7bTVXJ3pDWxOptbxDx2SdK1jY2AHpjQiw=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c", + "rev": "29dda415f5b2178278283856c6f9f7b48a2a4353", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1746934494, - "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", + "lastModified": 1747540584, + "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", + "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1747037786, - "narHash": "sha256-nhOupZpHdrUYK2a2y1y238VEPVpUmJw/nEd212wyG0c=", + "lastModified": 1747646130, + "narHash": "sha256-B4+JyeF6u7FINPD1Fzc7QiDlmG1L06z/34MqMlBfPDQ=", "owner": "nix-community", "repo": "nix-ld", - "rev": "90316ea7ffa3336547b85b3b2827d9d4552a4a79", + "rev": "14ad0c0a26dae752c93fa9fa59437bfd2b8aaf69", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747542820, + "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1747103809, - "narHash": "sha256-a3Yk+CoFmNw7V8J/si/AM8WuI/qTxQhiJpuQ7HFl774=", + "lastModified": 1747708620, + "narHash": "sha256-eqQ6D9o7WUpwarjmkzW/20bfqmhhKqGgPOhDdvJddxw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "fe36c63649875f391949e8b2ec33949d0cd8aa95", + "rev": "3e7b002daad1ff342b223af3a9de7b2a4b6fdc7d", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1747101711, - "narHash": "sha256-VJ6NkQAIXvNr+THN6TlNqlSY3lB1hv/o4yvfG82sHQI=", + "lastModified": 1747706401, + "narHash": "sha256-GbNsCBxX2zMMckvlY7SPgUkxL9IaVT49p/gbdwqvyuE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1830b606ba0a839ab60f8465c23613620e9982de", + "rev": "d096058275e83be4133081e53dcd53e029a5ad80", "type": "github" }, "original": { From cd88edf75935be8c6e9ae7392c14c6ba7cb7a6e1 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 20 May 2025 18:00:35 -0400 Subject: [PATCH 51/58] fix podman firewall and bluetooth --- hosts/chunk/default.nix | 5 ++++- hosts/ytnix/default.nix | 14 +++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 8a7139e..eeb62c9 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -69,7 +69,10 @@ networkmanager.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; + trustedInterfaces = [ + "tailscale0" + "podman1" + ]; allowedTCPPorts = [ 22 80 diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ac0db6d..a592e2f 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -44,7 +44,7 @@ efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxKernel.packages.linux_zen; + kernelPackages = pkgs.linuxPackages_latest; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; @@ -109,8 +109,10 @@ pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; - wireplumber.extraConfig.bluetoothEnhancements = { - # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration + wireplumber.extraConfig."10-bluetooth-enhancements" = { + "wireplumber.settings" = { + "bluetooth.autoswitch-to-headset-profile" = false; + }; "monitor.bluez.properties" = { "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; @@ -118,20 +120,18 @@ "bluez5.roles" = [ "a2dp_sink" "a2dp_source" - "hsp_hs" - "hsp_ag" "hfp_hf" "hfp_ag" ]; }; }; # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters - wireplumber.extraConfig.disableSuspend = { + wireplumber.extraConfig."11-disable-suspend" = { "monitor.bluez.rules" = [ { matches = [ { - "node.name" = "bluez_output.*"; + "device.name" = "bluez_card.*"; } ]; actions = { From 5a5638b7d7274e2657c887ae9c92c57031ffe7f3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 22 May 2025 21:41:29 -0400 Subject: [PATCH 52/58] install vmware --- hosts/ytnix/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a592e2f..d669142 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -48,6 +48,7 @@ extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; + kernelModules = [ "8821ce" ]; kernelParams = [ # see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management "pcie_aspm=off" @@ -90,7 +91,6 @@ trustedInterfaces = [ "tailscale0" "virbr0" - "virbr1" ]; # allowedTCPPorts = [ # 8080 # mitmproxy @@ -277,6 +277,10 @@ enable = true; qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; + virtualisation.vmware.host = { + enable = true; + package = pkgs.vmware-workstation; + }; programs.virt-manager.enable = true; my.containerization.enable = true; From 202966d58abb6cedbec13d438e2a31c0901abc59 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 24 May 2025 15:01:30 -0400 Subject: [PATCH 53/58] fix firewall with vms --- hosts/common.nix | 2 +- hosts/ytnix/default.nix | 19 ++++++++----------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/hosts/common.nix b/hosts/common.nix index fe6e1c6..c125822 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -39,7 +39,7 @@ i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { - firewall.logRefusedConnections = false; + firewall.logRefusedConnections = true; nameservers = [ # quad9 (unfiltered) "2620:fe::10" diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index d669142..1cbc5c1 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -61,7 +61,10 @@ enable = true; pkiBundle = "/var/lib/sbctl"; }; - kernel.sysctl."kernel.sysrq" = 1; + kernel.sysctl = { + "kernel.sysrq" = 1; + # "net.ipv4.ip_forward" = 1; + }; binfmt.emulatedSystems = [ "aarch64-linux" ]; }; @@ -90,13 +93,7 @@ enable = true; trustedInterfaces = [ "tailscale0" - "virbr0" ]; - # allowedTCPPorts = [ - # 8080 # mitmproxy - # 22000 # syncthing - # 3003 # immich-ml - # ]; }; hosts = { "100.122.132.30" = [ "s3.cy7.sh" ]; @@ -277,10 +274,10 @@ enable = true; qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; - virtualisation.vmware.host = { - enable = true; - package = pkgs.vmware-workstation; - }; + # virtualisation.vmware.host = { + # enable = true; + # package = pkgs.vmware-workstation; + # }; programs.virt-manager.enable = true; my.containerization.enable = true; From 10749634ee3645b60aae70369481ecea11bdf838 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 26 May 2025 08:08:03 -0400 Subject: [PATCH 54/58] kitty set oapacity = 0.9 --- home/kitty.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/kitty.nix b/home/kitty.nix index 40f25ef..df48225 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -13,7 +13,7 @@ # for confirmation confirm_os_window_close = 0; clear_all_shortcuts = true; - background_opacity = 0.85; + background_opacity = 0.9; # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager From e174c25353222f8f8fdf802206a904481f19d872 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 27 May 2025 11:28:57 -0400 Subject: [PATCH 55/58] install ghidra as nixos option --- home/yt/ytnix.nix | 1 - hosts/ytnix/default.nix | 11 +++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index d97e4bf..b81e3e3 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -57,7 +57,6 @@ gdb fuzzel hugo - ghidra sccache awscli2 p7zip diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 1cbc5c1..f5ff1bc 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -94,6 +94,9 @@ trustedInterfaces = [ "tailscale0" ]; + extraInputRules = '' + ip saddr 192.168.100.0/24 tcp dport 9234 accept + ''; }; hosts = { "100.122.132.30" = [ "s3.cy7.sh" ]; @@ -417,4 +420,12 @@ wl-clipboard ]; }; + + programs.ghidra = { + enable = true; + package = pkgs.ghidra.withExtensions (p: with p; [ + findcrypt + ret-sync + ]); + }; } From f9ede8a0fca97cc6c6d2ec93981bf2e9ba2d1063 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 29 May 2025 11:53:32 -0400 Subject: [PATCH 56/58] don't change kitty scroll multiplier --- home/kitty.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/kitty.nix b/home/kitty.nix index df48225..aedaf96 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -21,7 +21,7 @@ # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; # "scrollback_lines" = 20000; - wheel_scroll_multiplier = 50; + # wheel_scroll_multiplier = 50; }; keybindings = { # kitty_mod is ctrl+shift by default From 842f67c75e2949f4016fc912885bcd497020aed6 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 29 May 2025 11:58:35 -0400 Subject: [PATCH 57/58] flake update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Updated input 'garage': 'github:deuxfleurs-org/garage/a2a9e3cec4945c4f6bb93622b860ef696ed3c075' (2025-05-09) → 'github:deuxfleurs-org/garage/37e5621dde5c25ccac4f6da4d7c60f45fc71ff88' (2025-05-23) • Updated input 'home-manager': 'github:nix-community/home-manager/29dda415f5b2178278283856c6f9f7b48a2a4353' (2025-05-20) → 'github:nix-community/home-manager/da282034f4d30e787b8a10722431e8b650a907ef' (2025-05-29) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/ec179dd13fb7b4c6844f55be91436f7857226dce' (2025-05-18) → 'github:nix-community/nix-index-database/a98adbf54d663395df0b9929f6481d4d80fc8927' (2025-05-25) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043' (2025-05-18) → 'github:nixos/nixpkgs/4faa5f5321320e49a78ae7848582f684d64783e9' (2025-05-27) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/3e7b002daad1ff342b223af3a9de7b2a4b6fdc7d' (2025-05-20) → 'github:oxalica/rust-overlay/4bf1892eb81113e868efe67982b64f1da15c8c5a' (2025-05-29) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/d096058275e83be4133081e53dcd53e029a5ad80' (2025-05-20) → 'github:nix-community/nix-vscode-extensions/ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5' (2025-05-28) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 069a535..2af1d4d 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746786847, - "narHash": "sha256-QKb+8DHlceK62uPHd+KTI22efwUMJ8zI2eD6HOSw99s=", + "lastModified": 1748012719, + "narHash": "sha256-s6VG70nqLCzAOLRgZ3oETQ8VJcsrEUol2vjTiYyesK4=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "a2a9e3cec4945c4f6bb93622b860ef696ed3c075", + "rev": "37e5621dde5c25ccac4f6da4d7c60f45fc71ff88", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1747763032, - "narHash": "sha256-9j3oCbemeH7bTVXJ3pDWxOptbxDx2SdK1jY2AHpjQiw=", + "lastModified": 1748529677, + "narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=", "owner": "nix-community", "repo": "home-manager", - "rev": "29dda415f5b2178278283856c6f9f7b48a2a4353", + "rev": "da282034f4d30e787b8a10722431e8b650a907ef", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1747540584, - "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", + "lastModified": 1748145500, + "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", + "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1747708620, - "narHash": "sha256-eqQ6D9o7WUpwarjmkzW/20bfqmhhKqGgPOhDdvJddxw=", + "lastModified": 1748486227, + "narHash": "sha256-veMuFa9cq/XgUXp1S57oC8K0TIw3XyZWL2jIyGWlW0c=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "3e7b002daad1ff342b223af3a9de7b2a4b6fdc7d", + "rev": "4bf1892eb81113e868efe67982b64f1da15c8c5a", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1747706401, - "narHash": "sha256-GbNsCBxX2zMMckvlY7SPgUkxL9IaVT49p/gbdwqvyuE=", + "lastModified": 1748397853, + "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d096058275e83be4133081e53dcd53e029a5ad80", + "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "type": "github" }, "original": { From 06f9548c86d5a97c65815106b95b35ea6ec8c19e Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 30 May 2025 13:56:07 -0400 Subject: [PATCH 58/58] rm ida-free and pin kernel to 6.14 --- home/yt/ytnix.nix | 1 - hosts/ytnix/default.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b81e3e3..db3dfb2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -87,7 +87,6 @@ # reversing radare2 - ida-free jadx frida-tools mitmproxy diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index f5ff1bc..763c51e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -44,7 +44,7 @@ efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_6_14; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ];