diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2e9a593..eded224 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi - jobs: build-machines: strategy: @@ -37,15 +36,12 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -63,12 +59,10 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" @@ -76,7 +70,6 @@ jobs: derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - build-homes: strategy: matrix: @@ -99,14 +92,11 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -124,12 +114,10 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5bb8b29..d23da13 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -16,7 +16,6 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi - jobs: build-packages: strategy: @@ -29,33 +28,26 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 - runs-on: ${{ matrix.os }} steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - run: nix build -L ${{ matrix.package }} - - name: cache result run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - name: upload result uses: actions/upload-artifact@v4 with: diff --git a/.sops.yaml b/.sops.yaml index 6276e76..cb7e65d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,9 +118,8 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/services/searx.yaml key_groups: - age: - *chunk - - *cy \ No newline at end of file + - *cy diff --git a/home/codium.nix b/home/codium.nix index dcdf4ea..935866b 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,8 +10,7 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; - [ + with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 0dade9f..1620a67 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,15 +10,13 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.s3.cy7.sh"; - index = "index.html"; - }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; + disable_scrub = true; + block_size = "10M"; + compression_level = 3; }; environmentFile = config.sops.secrets."garage/env".path; }; @@ -31,10 +29,6 @@ reverse_proxy localhost:3900 ''; }; - "*.web.s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3902 - ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index ee5a382..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,6 +29,14 @@ } ]; } + { + job_name = "garage"; + static_configs = [ + { + targets = [ "127.0.0.1:3903" ]; + } + ]; + } ]; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 59a02e1..a3faaa2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -32,9 +32,17 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers=32 --checkers=32 \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 5G \ + --dir-cache-time 30d \ + rsyncnet:garage /mnt/garage + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix index a2aa405..4ef858c 100644 --- a/hosts/ytnix/containers.nix +++ b/hosts/ytnix/containers.nix @@ -1,4 +1,4 @@ -{ +{ config, pkgs, lib, @@ -6,20 +6,22 @@ }: { virtualisation.oci-containers.containers = { - immich-ml = let - modelCache = "/opt/immich-ml"; - in { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; + immich-ml = + let + modelCache = "/opt/immich-ml"; + in + { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; - }; }; systemd.services.create-immich-net = rec { @@ -33,4 +35,4 @@ ${lib.getExe pkgs.podman} network create immich-net ''; }; -} \ No newline at end of file +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 15ccf21..b57887e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -147,47 +147,49 @@ "podman" ]; - environment.systemPackages = with pkgs; lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = + with pkgs; + lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; diff --git a/modules/attic.nix b/modules/attic.nix index e7fbe8d..b24820b 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -44,4 +44,4 @@ in reverse_proxy localhost:8091 ''; }; -} \ No newline at end of file +} diff --git a/modules/searx.nix b/modules/searx.nix index 9e23955..db22bed 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -44,4 +44,4 @@ in reverse_proxy 127.0.0.1:8090 ''; }; -} \ No newline at end of file +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 8fda611..443d886 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -29,4 +29,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix index bcbabea..e9ace96 100644 --- a/overlay/bitwarden/default.nix +++ b/overlay/bitwarden/default.nix @@ -1,7 +1,9 @@ final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - }); -} \ No newline at end of file + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( + finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + } + ); +} diff --git a/overlay/default.nix b/overlay/default.nix index 1df98bd..3a655fd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -14,14 +14,15 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = - pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; - garage = ((pkgFrom inputs.garage "default").overrideAttrs { + garage = ( + (pkgFrom inputs.garage "default").overrideAttrs { meta.mainProgram = "garage"; - }); + } + ); } ) ]