diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index c955639..7ede8d4 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -47,14 +47,17 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" nix --version - name: Sync repository @@ -64,20 +67,24 @@ jobs: - name: build run: | - # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - # nix build -L "$package" - nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" - name: cache # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ - -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ - $package + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done build-homes: strategy: @@ -117,14 +124,17 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" nix --version - name: Sync repository @@ -142,8 +152,13 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ - -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ - $package + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index c188482..fea88fc 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -40,14 +40,17 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" nix --version - name: Sync repository @@ -61,11 +64,16 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ - -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ - "${{ matrix.package }}" + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "${{ matrix.package }}") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 3b79705..59006f6 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -11,32 +11,10 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 - with: - ssh-key: ${{ secrets.SSH_DEPLOY_KEY }} - + - uses: actions/checkout@v4 - name: Install Nix - uses: cachix/install-nix-action@53fb48f556dd912c4814b24ee8059a9c91c82b18 + uses: cachix/install-nix-action@v30 with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - + github_access_token: ${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock - run: | - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - nix flake update --commit-lock-file - - - name: Create PR - uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 - with: - title: nix flake update - branch: update-flake-inputs - branch-suffix: timestamp + uses: DeterminateSystems/update-flake-lock@v24 diff --git a/.sops.yaml b/.sops.yaml index 21d2151..9e9a860 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -129,10 +129,3 @@ creation_rules: - *yt - *cy - *chunk - - path_regex: secrets/services/authelia.yaml - key_groups: - - age: - - *yt - - *cy - - *chunk - diff --git a/flake.lock b/flake.lock index 76a4f1e..f000fd8 100644 --- a/flake.lock +++ b/flake.lock @@ -2,12 +2,22 @@ "nodes": { "attic": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" + ] }, "locked": { "lastModified": 1738524606, @@ -19,7 +29,6 @@ }, "original": { "owner": "zhaofengli", - "ref": "main", "repo": "attic", "type": "github" } @@ -27,9 +36,9 @@ "cachix": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1737621947, @@ -63,7 +72,7 @@ "cachix", "devenv" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1728672398, @@ -99,13 +108,21 @@ }, "conduwuit": { "inputs": { - "attic": "attic", + "attic": [ + "attic" + ], "cachix": "cachix", "complement": "complement", - "crane": "crane_2", + "crane": [ + "crane" + ], "fenix": "fenix", - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils", + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], "liburing": "liburing", "nix-filter": "nix-filter", "nixpkgs": [ @@ -114,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743780871, - "narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=", + "lastModified": 1743186614, + "narHash": "sha256-uGI98B+binIclsCJd2wXb7l1k2wV7e+sNmX4R8L5RPc=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d", + "rev": "3e57b7d35d5bd6cfed5900b377f7c68970213518", "type": "github" }, "original": { @@ -128,65 +145,12 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "ref": "master", - "repo": "crane", - "type": "github" - } - }, - "crane_3": { - "locked": { - "lastModified": 1737689766, - "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", - "owner": "ipetkov", - "repo": "crane", - "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_4": { - "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", - "owner": "ipetkov", - "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -255,11 +219,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -269,55 +233,6 @@ } }, "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "ref": "master", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { - "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_5": { - "flake": false, "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -333,28 +248,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "conduwuit", @@ -378,19 +271,18 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -413,7 +305,6 @@ }, "original": { "owner": "numtide", - "ref": "main", "repo": "flake-utils", "type": "github" } @@ -436,60 +327,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -507,13 +344,21 @@ }, "garage": { "inputs": { - "crane": "crane_3", - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_2", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { "lastModified": 1742547966, @@ -542,7 +387,7 @@ "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1733318908, @@ -610,11 +455,11 @@ ] }, "locked": { - "lastModified": 1743783108, - "narHash": "sha256-Lg1cK7oGCNPOO1ts481m269WmdGNoigz8RNXLRE9Co0=", + "lastModified": 1743267068, + "narHash": "sha256-G7866vbO5jgqMcYJzgbxej40O6mBGQMGt6gM0himjoA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb036cb35383982066e01a6ac8d45597132cf5d5", + "rev": "b431496538b0e294fbe44a1441b24ae8195c63f0", "type": "github" }, "original": { @@ -623,16 +468,52 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "lanzaboote": { "inputs": { - "crane": "crane_4", - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_3", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay_2" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { "lastModified": 1741442524, @@ -685,46 +566,53 @@ "lix": { "flake": false, "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", + "lastModified": 1742622332, + "narHash": "sha256-z652gNdFc/95Fheq4DzVObERYRo+j9RdCF6tzkR8r80=", + "rev": "6059cbb031e49e05dd5d16208e2e50d3ab2611db", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/6059cbb031e49e05dd5d16208e2e50d3ab2611db.tar.gz?rev=6059cbb031e49e05dd5d16208e2e50d3ab2611db" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" } }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": [ + "flake-utils" + ], "flakey-profile": "flakey-profile", "lix": "lix", - "nixpkgs": "nixpkgs_5" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1742943028, - "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", - "ref": "release-2.92", - "rev": "3fae818597ca2f1474de62022f850c23be50528d", - "revCount": 134, + "lastModified": 1742945498, + "narHash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", + "ref": "refs/heads/main", + "rev": "fa69ae26cc32dda178117b46487c2165c0e08316", + "revCount": 138, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, "original": { - "ref": "release-2.92", "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" } }, "nil": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_3" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { "lastModified": 1741118843, @@ -747,9 +635,9 @@ "cachix", "devenv" ], - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-23-11": [ "conduwuit", "cachix", @@ -800,7 +688,6 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ - "conduwuit", "attic", "nixpkgs" ] @@ -826,11 +713,11 @@ ] }, "locked": { - "lastModified": 1743306489, - "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=", + "lastModified": 1742701275, + "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d", + "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", "type": "github" }, "original": { @@ -846,11 +733,11 @@ ] }, "locked": { - "lastModified": 1743410259, - "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=", + "lastModified": 1742804816, + "narHash": "sha256-oRNAhQwybNM5IUeGLR/4APdiec3t8t3vuWALEGg0t/Q=", "owner": "nix-community", "repo": "nix-ld", - "rev": "140451db1cadeef1e7e9e054332b67b7be808916", + "rev": "27a5f75260a086f391c0eca38a5e306b9823a0b4", "type": "github" }, "original": { @@ -860,70 +747,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { - "locked": { - "lastModified": 1743576891, - "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "44a69ed688786e98a101f02b712c313f1ade37ab", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -939,7 +762,39 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -955,7 +810,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -971,35 +826,82 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", - "owner": "nixos", + "lastModified": 1743276155, + "narHash": "sha256-58M8lZwf07NZA+rfqF4S7XBAchBaqLayXCmlCn3XUMQ=", + "owner": "cything", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "b1a1a918e0f3b30085441fd246b52b572057e919", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "cything", + "ref": "rtl8821ce-6.14", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_6": { + "nixvim": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch" + }, "locked": { - "lastModified": 1743775863, - "narHash": "sha256-gUnR9qcZK/O20oQFn1ijz7Nn66qG2Sp7JprDFl+oQBo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "30705076a1748a2b2a1cf0539ea1665eef4d2f4a", + "lastModified": 1743157969, + "narHash": "sha256-ldlSyVKNaXL7ys7Jr7mLhlpGDE4VPVcWmV7Odupn5TY=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "95573411bc9be155a93b0f15d2bad62c6b43b3cc", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_2", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742659553, + "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", + "owner": "NuschtOS", + "repo": "search", + "rev": "508752835128a3977985a4d5225ff241f7756181", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "nvim-github-theme": { + "flake": false, + "locked": { + "lastModified": 1735641120, + "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", + "owner": "projekt0n", + "repo": "github-nvim-theme", + "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", + "type": "github" + }, + "original": { + "owner": "projekt0n", + "repo": "github-nvim-theme", "type": "github" } }, @@ -1048,7 +950,12 @@ }, "root": { "inputs": { + "attic": "attic", "conduwuit": "conduwuit", + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils", "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -1056,10 +963,13 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_3", - "rust-overlay": "rust-overlay_4", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_2", + "nixvim": "nixvim", + "nvim-github-theme": "nvim-github-theme", + "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", + "treefmt": "treefmt", "vscode-extensions": "vscode-extensions" } }, @@ -1083,79 +993,15 @@ "rust-overlay": { "inputs": { "nixpkgs": [ - "garage", "nixpkgs" ] }, "locked": { - "lastModified": 1738549608, - "narHash": "sha256-GdyT9QEUSx5k/n8kILuNy83vxxdyUfJ8jL5mMpQZWfw=", + "lastModified": 1743215516, + "narHash": "sha256-52qbrkG65U1hyrQWltgHTgH4nm0SJL+9TWv2UDCEPNI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741228283, - "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { - "inputs": { - "nixpkgs": [ - "nil", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741055476, - "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "aefb7017d710f150970299685e8d8b549d653649", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_4": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743682350, - "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", + "rev": "524463199fdee49338006b049bc376b965a2cfed", "type": "github" }, "original": { @@ -1171,11 +1017,11 @@ ] }, "locked": { - "lastModified": 1743756170, - "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -1214,64 +1060,41 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "vscode-extensions": { + "treefmt": { "inputs": { - "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1743731627, - "narHash": "sha256-gFvZTGlSGCl7MZ5MrihUf7pkIY0zwaUVhl/iUBto/3I=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "vscode-extensions": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743213162, + "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c8270f31af9c37e4fe5711567a6412460e94e9b7", + "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 37215e0..31b2c6c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,29 +2,105 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:cything/nixpkgs/rtl8821ce-6.14"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - sops-nix.url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; - lanzaboote.url = "github:nix-community/lanzaboote/master"; - lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - rust-overlay.url = "github:oxalica/rust-overlay"; - rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - conduwuit.url = "github:girlbossceo/conduwuit"; - conduwuit.inputs.nixpkgs.follows = "nixpkgs"; - lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; - nix-ld.url = "github:nix-community/nix-ld"; - nix-ld.inputs.nixpkgs.follows = "nixpkgs"; - nil.url = "github:oxalica/nil"; - nil.inputs.nixpkgs.follows = "nixpkgs"; - vscode-extensions.url = "github:nix-community/nix-vscode-extensions/"; - vscode-extensions.inputs.nixpkgs.follows = "nixpkgs"; - nix-index-database.url = "github:nix-community/nix-index-database"; - nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; - garage.url = "github:deuxfleurs-org/garage"; - garage.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + treefmt = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + lanzaboote = { + url = "github:nix-community/lanzaboote/master"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.crane.follows = "crane"; + inputs.flake-compat.follows = "flake-compat"; + inputs.flake-parts.follows = "flake-parts"; + inputs.rust-overlay.follows = "rust-overlay"; + }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + conduwuit = { + url = "github:girlbossceo/conduwuit"; + inputs = { + nixpkgs.follows = "nixpkgs"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + attic.follows = "attic"; + }; + }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + nix-ld = { + url = "github:nix-community/nix-ld"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nil = { + url = "github:oxalica/nil"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.rust-overlay.follows = "rust-overlay"; + inputs.flake-utils.follows = "flake-utils"; + }; + vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions/"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + attic = { + url = "github:zhaofengli/attic"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + flake-compat.follows = "flake-compat"; + flake-parts.follows = "flake-parts"; + crane.follows = "crane"; + }; + }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; + + nvim-github-theme = { + url = "github:projekt0n/github-nvim-theme"; + flake = false; + }; + + # deduplication + flake-utils.url = "github:numtide/flake-utils"; + crane.url = "github:ipetkov/crane"; + flake-compat.url = "github:edolstra/flake-compat"; }; nixConfig = { @@ -43,72 +119,111 @@ self, nixpkgs, home-manager, + flake-parts, ... }@inputs: - let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = [ - inputs.rust-overlay.overlays.default - inputs.vscode-extensions.overlays.default - ] ++ (import ./overlay { inherit inputs; }); - }; - in + flake-parts.lib.mkFlake { inherit inputs; } ( + { ... }: { - nixosConfigurations = - let - lib = nixpkgs.lib; - in + imports = [ + inputs.treefmt.flakeModule + ]; + systems = [ + "x86_64-linux" + ]; + perSystem = { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default - inputs.nix-ld.nixosModules.nix-ld - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in + inputs', + ... + }: { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nix-index-database.hmModules.nix-index - ]; - }; + treefmt = { + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.typos.enable = true; + programs.shellcheck.enable = true; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix + programs.yamlfmt = { + enable = true; + settings.retain_line_breaks = true; + }; + + settings.global.excludes = [ + "secrets/*" + "**/*.png" # tries to format a png file ]; }; }; - }; + + flake = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default + ] ++ (import ./overlay { inherit inputs; }); + }; + in + { + nixosConfigurations = + let + lib = nixpkgs.lib; + in + { + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lanzaboote.nixosModules.lanzaboote + inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/chunk + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default + ]; + }; + }; + homeConfigurations = + let + lib = home-manager.lib; + in + { + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.nix-index-database.hmModules.nix-index + ]; + }; + + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + }; + }; + } + ); } diff --git a/home/kitty.nix b/home/kitty.nix index 0021bb5..ea7047f 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -17,10 +17,10 @@ # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager - "scrollback_pager_history_size" = "10"; # in MB + "scrollback_pager_history_size" = "1024"; # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; - # "scrollback_lines" = 20000; + "scrollback_lines" = 20000; }; keybindings = { # kitty_mod is ctrl+shift by default @@ -58,29 +58,18 @@ "kitty_mod+alt+p" = "move_tab_backward"; "kitty_mod+q" = "close_tab"; "kitty_mod+t" = "new_tab_with_cwd"; + "ctrl+f2" = "detach_tab"; # hints # > basically means the preceding key is a prefix (think tmux) "kitty_mod+o>o" = "open_url_with_hints"; - # `--program @` means copy to clipboard - "kitty_mod+o>u" = "kitten hints --type url --program @"; - "kitty_mod+o>p" = "kitten hints --type path --program @"; - "kitty_mod+o>n" = "kitten hints --type line --program @"; - "kitty_mod+o>w" = "kitten hints --type word --program @"; - "kitty_mod+o>h" = "kitten hints --type hash --program @"; + "kitty_mod+o>p" = "kitten hints --type path --program -"; + "kitty_mod+o>n" = "kitten hints --type line --program -"; + "kitty_mod+o>w" = "kitten hints --type word --program -"; + "kitty_mod+o>h" = "kitten hints --type hash --program -"; "kitty_mod+o>l" = "kitten hints --type linenum"; - - # scrolling - "kitty_mod+u" = "scroll_page_up"; - "kitty_mod+d" = "scroll_page_down"; - "kitty_mod+a" = "scroll_home"; - "kitty_mod+e" = "scroll_end"; - "kitty_mod+z" = "scroll_to_prompt -1"; # scroll to previous shell prompt - "kitty_mod+x" = "scroll_to_prompt 1"; # scroll to next shell prompt - "kitty_mod+y" = "show_scrollback"; # browse scrollback buffer in pager - "kitty_mod+g" = "show_last_command_output"; # browse output of last command in pager }; }; - programs.zsh.shellAliases."ssh" = "kitten ssh"; + # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( } diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix new file mode 100644 index 0000000..5199812 --- /dev/null +++ b/home/nixvim/default.nix @@ -0,0 +1,215 @@ +{ pkgs, inputs, ... }: +{ + programs.nixvim = { + enable = true; + plugins.lualine.enable = true; + opts = { + number = true; + relativenumber = true; + expandtab = true; + autoindent = true; + shiftwidth = 2; + smartindent = true; + tabstop = 2; + ignorecase = true; + incsearch = true; + smartcase = true; + }; + colorscheme = "github_dark_tritanopia"; + clipboard.register = "unnamed"; + + globals = { + mapleader = ","; + }; + + extraPlugins = [ + (pkgs.vimUtils.buildVimPlugin { + name = "github-theme"; + src = inputs.nvim-github-theme; + }) + ]; + + keymaps = [ + { + action = "Neotree toggle"; + key = "s"; + mode = "n"; + options.silent = true; + } + { + # shortcut to command mode + action = ":"; + key = ";"; + mode = [ + "n" + "x" + ]; + options.silent = true; + } + { + # insert line below without moving cursor + action = "printf('m`%so``', v:count1)"; + key = "o"; + options.expr = true; + mode = "n"; + } + { + # insert line above without moving cursor + action = "printf('m`%sO``', v:count1)"; + key = "O"; + options.expr = true; + mode = "n"; + } + # nice emacs bindings + { + action = ""; + key = ""; + mode = "i"; + } + { + action = ""; + key = ""; + mode = "i"; + } + ]; + + plugins.cmp = { + enable = true; + settings = { + formatting.fields = [ + "abbr" + "kind" + "menu" + ]; + experimental = { + ghost_text = true; + }; + snippet.expand = '' + function(args) require('luasnip').lsp_expand(args.body) end + ''; + sources = [ + { name = "nvim_lsp"; } + { name = "emoji"; } + { name = "luasnip"; } + { name = "buffer"; } + { name = "path"; } + ]; + mapping = { + "" = "cmp.mapping.abort()"; + "" = "cmp.mapping.select_next_item()"; + "" = "cmp.mapping.select_prev_item()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = '' + cmp.mapping(function(fallback) + if cmp.visible() then + if require("luasnip").expandable() then + require("luasnip").expand() + else + cmp.confirm({ + select = true, + }) + end + else + fallback() + end + end) + ''; + # plain tab conflicts with i try to indent + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(1) then + require("luasnip").jump(1) + else + fallback() + end + end,{"i","s"}) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(-1) then + require("luasnip").jump(-1) + else + fallback() + end + end,{"i","s"}) + ''; + }; + }; + }; + + plugins.lsp = { + enable = true; + keymaps.lspBuf = { + "K" = "hover"; + "gd" = "definition"; + "gD" = "references"; + # "gt" = "type_definition"; # conflicts with switch tab + "gI" = "type_definition"; + "gi" = "implementation"; + }; + servers = { + bashls.enable = true; + lua_ls.enable = true; + nil_ls = { + enable = true; + settings = { + formatting.command = [ + "nix" + "fmt" + ]; + nix.flake.autoArchive = true; + }; + }; + rust_analyzer = { + enable = true; + installRustc = false; + installCargo = false; + }; + eslint.enable = true; + yamlls.enable = true; + }; + }; + plugins.treesitter = { + enable = true; + nixGrammars = true; + settings = { + indent.enable = true; + auto_install = true; + highlight.enable = true; + }; + }; + plugins.fzf-lua = { + enable = true; + profile = "fzf-native"; + keymaps = { + "ff" = "files"; + "fg" = "live_grep"; + }; + }; + + plugins.neo-tree = { + enable = true; + buffers.followCurrentFile.enabled = true; + window.width = 30; + }; + + plugins.gitsigns = { + enable = true; + settings.current_line_blame = true; + }; + + plugins.cmp-buffer.enable = true; + plugins.cmp-emoji.enable = true; + plugins.cmp-nvim-lsp.enable = true; + plugins.cmp-path.enable = true; + plugins.cmp_luasnip.enable = true; + plugins.luasnip.enable = true; + plugins.nvim-autopairs.enable = true; + plugins.rainbow-delimiters.enable = true; + plugins.web-devicons.enable = true; + plugins.auto-save.enable = true; + plugins.indent-blankline.enable = true; + plugins.undotree.enable = true; + }; +} diff --git a/home/yt/common.nix b/home/yt/common.nix index d06d67b..a8c9467 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,6 +3,7 @@ imports = [ ../tmux.nix ../zsh + ../nixvim ]; home.sessionVariables = { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 686a8a3..cd6baa4 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -122,6 +122,9 @@ AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + + # bitwarden ssh agent + SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; home.sessionPath = [ @@ -149,15 +152,4 @@ }; programs.nix-index-database.comma.enable = true; - - programs.neovim = { - enable = true; - viAlias = true; - vimAlias = true; - }; - - programs.ssh = { - enable = true; - addKeysToAgent = "yes"; - }; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 56bae51..22290c1 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -146,12 +146,12 @@ ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" ]; # for forgejo users.users.git = { @@ -190,6 +190,4 @@ # container stuff my.containerization.enable = true; - - my.authelia.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 639bbd8..b046a4b 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -20,8 +20,8 @@ replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "16M"; - compression_level = 3; + block_size = "128M"; + compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; logLevel = "warn"; @@ -40,17 +40,9 @@ reverse_proxy localhost:3903 ''; "*.web.cy7.sh" = { - serverAliases = [ "nixcache.cy7.sh" "staging.cy7.sh" ]; + serverAliases = [ "nixcache.cy7.sh" ]; extraConfig = '' import common - @plain { - host nixcache.cy7.sh nixcache.web.cy7.sh - path / /nix-cache-info - } - header @plain { - >content-type text/plain - } - reverse_proxy localhost:3902 ''; }; diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 33a77a0..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -42,7 +42,6 @@ services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' import common - import authelia reverse_proxy localhost:8088 ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 765e0f5..62505f9 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -11,10 +11,9 @@ dialect = "postgresql"; }; port = 8085; - domain = "pad.cy7.sh"; + domain = "pad.cything.io"; allowEmailRegister = false; protocolUseSSL = true; - imageuploadtype = "minio"; }; }; diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 9c6a8c7..84783f6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -12,7 +12,6 @@ services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' import common - import authelia reverse_proxy localhost:8080 ''; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c474af..c592fbb 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,19 +14,18 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 64 \ + --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 8M \ + --vfs-read-chunk-size 16M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ - --write-back-cache \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index fac65cd..d095da5 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -13,7 +13,6 @@ services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' import common - import authelia reverse_proxy localhost:8087 ''; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ed91b61..eba3509 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -329,7 +329,6 @@ curl pcre2 gsettings-desktop-schemas - fzf ]; }; programs.evolution.enable = true; @@ -391,6 +390,4 @@ nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; nix.settings.sandbox = false; - - programs.ssh.startAgent = true; } diff --git a/modules/authelia.nix b/modules/authelia.nix deleted file mode 100644 index b882a42..0000000 --- a/modules/authelia.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.authelia; - getSecret = path: config.sops.secrets.${path}.path; - sopsConfig = { - sopsFile = ../secrets/services/authelia.yaml; - owner = "authelia-main"; - }; - domain = "auth.cy7.sh"; - varPath = "/var/lib/authelia-main"; -in -{ - options.my.authelia = { - enable = lib.mkEnableOption "authelia"; - }; - - config = lib.mkIf cfg.enable { - services.authelia.instances.main = { - enable = true; - settings = { - theme = "dark"; - default_2fa_method = "webauthn"; - log.level = "info"; - log.format = "text"; - server = { - disable_healthcheck = true; - endpoints.authz.forward-auth.implementation = "ForwardAuth"; - }; - authentication_backend.file.path = "${varPath}/users_database.yaml"; - access_control = { - default_policy = "deny"; - rules = [ - { - domain = "*.cy7.sh"; - policy = "one_factor"; - } - ]; - }; - session.cookies = [{ - domain = "cy7.sh"; - authelia_url = "https://${domain}"; - }]; - storage.local.path = "${varPath}/db.sqlite3"; - notifier.filesystem.filename = "${varPath}/notifications.txt"; - webauthn = { - enable_passkey_login = true; - }; - identity_providers.oidc.clients = [ - { - client_id = "immich"; - client_name = "immich"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://photos.cy7.sh/auth/login" - "https://photos.cy7.sh/user-settings" - "app.immich:///oauth-callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - } - { - client_id = "forgejo"; - client_name = "Forgejo"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://git.cy7.sh/user/oauth2/authelia/callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - token_endpoint_auth_method = "client_secret_basic"; - } - { - client_id = "hedgedoc"; - client_name = "HedgeDoc"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://pad.cy7.sh/auth/oauth2/callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - grant_types = [ "refresh_token" "authorization_code" ]; - response_types = [ "code" ]; - response_modes = [ "form_post" "query" "fragment" ]; - audience = []; - token_endpoint_auth_method = "client_secret_post"; - } - ]; - }; - secrets = { - sessionSecretFile = getSecret "authelia/session"; - storageEncryptionKeyFile = getSecret "authelia/storage"; - jwtSecretFile = getSecret "authelia/jwt"; - oidcHmacSecretFile = getSecret "authelia/hmac"; - oidcIssuerPrivateKeyFile = getSecret "authelia/oidc_private"; - }; - }; - - sops.secrets = { - "authelia/jwt" = sopsConfig; - "authelia/storage" = sopsConfig; - "authelia/session" = sopsConfig; - "authelia/hmac" = sopsConfig; - "authelia/oidc_private" = sopsConfig; - }; - - services.caddy.virtualHosts.${domain}.extraConfig = '' - import common - reverse_proxy localhost:9091 - ''; - }; -} diff --git a/modules/caddy.nix b/modules/caddy.nix index 0eb2cb7..3e6ca63 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -34,24 +34,8 @@ in resolvers 1.1.1.1 8.8.8.8 } } - - (authelia) { - forward_auth localhost:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Name Remote-Email - } - } ''; environmentFile = config.sops.secrets."caddy/env".path; - - virtualHosts."keys.cy7.sh".extraConfig = '' - import common - respond / 200 { - body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD" - } - ''; }; }; } diff --git a/modules/default.nix b/modules/default.nix index db7bfa4..640d56b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -9,6 +9,5 @@ ./vaultwarden.nix ./searx.nix ./attic.nix - ./authelia.nix ]; } diff --git a/modules/vault.nix b/modules/vault.nix deleted file mode 100644 index 1e3772d..0000000 --- a/modules/vault.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.vault; -in -{ - options.my.vault = { - enable = lib.mkEnableOption "hashicorp vault"; - }; - - config = lib.mkIf cfg.enable { - services.vault = { - - }; - }; -} \ No newline at end of file diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix new file mode 100644 index 0000000..454d367 --- /dev/null +++ b/overlay/attic/default.nix @@ -0,0 +1,7 @@ +final: prev: { + attic-server = prev.attic-server.overrideAttrs { + patches = [ + ./prefetch-8-chunks.patch + ]; + }; +} diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch new file mode 100644 index 0000000..3d6134f --- /dev/null +++ b/overlay/attic/prefetch-8-chunks.patch @@ -0,0 +1,14 @@ +diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs +index 02e4857..b522154 100644 +--- a/server/src/api/binary_cache.rs ++++ b/server/src/api/binary_cache.rs +@@ -215,7 +215,7 @@ async fn get_nar( + let chunk = chunks[0].as_ref().unwrap(); + let remote_file = &chunk.remote_file.0; + let storage = state.storage().await?; +- match storage.download_file_db(remote_file, false).await? { ++ match storage.download_file_db(remote_file, true).await? { + Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), + Download::AsyncRead(stream) => { + let stream = ReaderStream::new(stream).map_err(|e| { + diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix new file mode 100644 index 0000000..e9ace96 --- /dev/null +++ b/overlay/bitwarden/default.nix @@ -0,0 +1,9 @@ +final: prev: { + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( + finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + } + ); +} diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch new file mode 100644 index 0000000..3e8e023 --- /dev/null +++ b/overlay/bitwarden/ssh-agent-no-confirm.patch @@ -0,0 +1,34 @@ +diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs +index 4e304cc..8203dca 100644 +--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs ++++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs +@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { + return false; + } + +- let request_id = self.get_request_id().await; +- println!( +- "[SSH Agent] Confirming request from application: {}", +- info.process_name() +- ); +- +- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); +- self.show_ui_request_tx +- .send(SshAgentUIRequest { +- request_id, +- cipher_id: Some(ssh_key.cipher_uuid.clone()), +- process_name: info.process_name().to_string(), +- is_list: false, +- }) +- .await +- .expect("Should send request to ui"); +- while let Ok((id, response)) = rx_channel.recv().await { +- if id == request_id { +- return response; +- } +- } +- false ++ true + } + + async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/default.nix b/overlay/default.nix index 9e6336c..f4a7353 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,4 +1,12 @@ { inputs }: +let + overlays = [ + ./zipline + ./bitwarden + ./attic + ]; + importedOverlays = map (m: import m) overlays; +in [ ( final: prev: @@ -18,3 +26,4 @@ } ) ] +++ importedOverlays diff --git a/overlay/vscode.nix b/overlay/vscode.nix new file mode 100644 index 0000000..4de2d90 --- /dev/null +++ b/overlay/vscode.nix @@ -0,0 +1,14 @@ +final: prev: { + vscode-extensions = prev.vscode-extensions // { + github = prev.vscode-extensions.github // { + codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { + mktplcRef = { + publisher = "github"; + name = "codespaces"; + version = "1.17.3"; + hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; + }; + }; + }; + }; +} diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix new file mode 100644 index 0000000..b114119 --- /dev/null +++ b/overlay/zipline/default.nix @@ -0,0 +1,7 @@ +final: prev: { + zipline = prev.zipline.overrideAttrs { + patches = [ + ./no-check-bucket.patch + ]; + }; +} diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch new file mode 100644 index 0000000..9d1c756 --- /dev/null +++ b/overlay/zipline/no-check-bucket.patch @@ -0,0 +1,45 @@ +diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts +index 089dd64..39dd8f4 100644 +--- a/src/lib/datasource/S3.ts ++++ b/src/lib/datasource/S3.ts +@@ -4,7 +4,6 @@ import { + DeleteObjectCommand, + DeleteObjectsCommand, + GetObjectCommand, +- ListBucketsCommand, + ListObjectsCommand, + PutObjectCommand, + S3Client, +@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource { + endpoint: this.options.endpoint ?? undefined, + forcePathStyle: this.options.forcePathStyle ?? false, + }); +- +- this.ensureBucketExists(); +- } +- +- private async ensureBucketExists() { +- try { +- const res = await this.client.send(new ListBucketsCommand()); +- if (res.$metadata.httpStatusCode !== 200) { +- this.logger +- .error('there was an error while listing buckets', res.$metadata as Record) +- .error('zipline will now exit'); +- process.exit(1); +- } +- +- if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) { +- this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit'); +- process.exit(1); +- } +- } catch (e) { +- this.logger +- .error('there was an error while listing buckets', e as Record) +- .error('zipline will now exit'); +- process.exit(1); +- } finally { +- this.logger.debug(`bucket ${this.options.bucket} exists`); +- } + } + + public async get(file: string): Promise { diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml deleted file mode 100644 index 6aa9c33..0000000 --- a/secrets/services/authelia.yaml +++ /dev/null @@ -1,39 +0,0 @@ -authelia: - jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] - storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] - session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] - hmac: ENC[AES256_GCM,data:K/qiyibBlu9wNh9IINHgYQiEZMromSA9Kf0iRVHPVuuhhUBZRyyfFyd4sLYNDLWvYKRJGnTBniIscQuBR+HU3/ttFGN0EkDsuAXlW3tKyLSxTiVgEvsKhA==,iv:2femAZUtSE9DjopiRIRT3Be3T2Qi0J+b8TaNJZ9vcjw=,tag:Sb7TT+1uxtStv20oM8oa8A==,type:str] - oidc_private: ENC[AES256_GCM,data:dzrykbgRk77yDbrnayTzSyiAjvgr5RUuDG046azumPinHL9wBaKpNdx6CqY7o+W95yOyVr/Xriw/aBbSyCZE8RoMchZhnS5Z8moHrIK7RryRM/BmEpOfyFLf9kpaO5QqSGyPt13yJQSA/3TwoXD4et3rVEdEz8mwb+vIA+G3WIZrNY+95KNjhwu9W648eouGBqJFfwTw0tm8mHsu+VZE8OYdp+ujSlKWZcVDEzgMEe+egXbvSB/3sk82HjolcqCmDx+U1TWMZfZdZPaT4RxONy+4kgGDW4FOqtsgctS2uRUQ2CLuRLD8xIulBO/VbsnNuticiM86BYygobq3RUdCKAFLUpcXqNWgnDBvnYPcF6mXPTmFCD3Gr2t4uRkqIIPc3NrW6DKnSO4pu4oVlUiSd9XaHGvAuo0yR7zcG7Zl4BAzhZa1HuVq6QmSNMf1TAo5P5zBc/NKlUVUhgIEKmRkwf95ZDyph1CJJagTsRZp/D4n6gbuzmV2Pjd8GxT6X+GOK7MQ3hPWsQP8+hhf8DArnVa988Z5cVxG3CQS6wEdEfc8yoHXlXwsB6iHjG4GooJk17GkP0YnMqOkv5Y9QbWXGNN/Zce6LJrSdvpd1Z8oWHxFB9ChFEA34tTYE/1wv0C71K6VRADnshBTyg0i+7GxvW0iyplWGEB2/DRv9WbpmIze1vff0KPlwvmdPXvZM7kfJE6uRP+DH5kJeIlKezA+hwuZmTLEu8kTdIkIJVfbzuOmXtX1yO+sQmSs6anqbSBuw5dpKYFFtQ04V+P27uTdi6lbUUfaBiHMhiW2A8aj/1Xf+pOV5oIN1c7PXNhAGrsNbmumQ7mBmbfOZeLC2aze5iKLSu5xqCzMNEWdlxXkmK+eEuUgDAQgW0pRAA12wvAFT8cf5BIeEPQQF4gPJprrQ3u93AXCVXve/TPC6rSEb+uCVq30JRGvIciFAEPWjhtSSO2Mh2zxjaALXVRE456k8DQq5mvovCp003EW23Io+lKDfg73n4LLZvbpHBVa3SQY0YMazjynJTo6UcDT3J/u9kNutIRjszzohMdW4jmykawPb/FFGv4yaX199bkTT/6/ztygaUTUTtWrl40p61lMzFHsz1qPy/5Bp4fxOYk6mLHpUFBpXUlu90ZxiReu6fX9HR6oQ1OC6MmpYjvcvxOAfIszgoMmp0LABJ1XN7DMOxpRrjNqW071xnel2/NzYy/gx0r2SdusxFJckGjrnyVzjEBVFwdpc9lZ+NdyzbNaElt/duk5AhdQ/iTCDlQpFsBhcl83Sbt38P/QlsOCPvRYuOz3vvOgeRprZn4hXuvGpQKJZEy+/rHDFijVABgbqLBxhfQiCpFmfwqQrcI+vFnPBGHP96p8S7xg5Dh2007QyFk9D2zHDHY6E+Iv27UkjaCZI29IAEdBe86IMtLI7Pl0q6XE44cHwD+QqzS55YlPj/F3va9LesoylPzBJwlxogciolfBQfQjLp4OF1rBSpy1Xy/Es7+M9eEsdatX1a3qFzYCJbC8+no5ol0PaIHx4ejH9aeoIiVfq/yXtzV04pJQz0bZfpfKVwtroyHhclEsP9pZVHnnexIFY1xqVF76V0kbusiizhru5ldOWE7smwXD5+KyMCTfDuxPnEjFBZLb/BLjo46sugJTAGQJhBBWJY+h7Je5PP+FnjQG28h4n4NMshhPfnyDEAZWNpDAHi08KhHOGzbNhPl+E+pNrNoNwmJjWbiqZ+P9LVQf1s5C+UrL+uV6qpeVKcm9tjy75fgVTD4iRXb4ejQIWlwO2EVLBzI9BXYsVmly6z0C+8f3wDPswwwocna9SonBus1QGudZ8cLSihZqSYmq6fCIFqfXTlCj3H0aOBNbX7dCYrles/y6jtn0VebQa3UEflXs+4WytpXdKEelN5f1PoJVnjrRF6Wtyq23GNbo1M9BTBQfpUf5x7QnZrxyIVbgvHq3JSR6/5p6yv6SGOdypCEqMtvnw9+bJMi6bxy55tXQNNpBB/GHWPqzOE9//9pqazJzikL/x7HWg/t+tJ7yV7MCFV6Bk2cy77j7i0fftxfHqjF7MRbnIaJRqxiTqp0z2rA4L797Que6a903b/u/AStMnsm8sE9gRy7P5L/PafqpgA/kK2FIxbDDP91cnvikRi2u+oaydHLhCkaq20SIupBCbgyDVkOXZ9n5EnKJDjFOAbOQ2UiXYrQPXDEMPLLUklBeLzQBHY4ZTQ7zzMb1tqvo4UqaHVnw2FwY+PoX2IPmF1ciccFO5uHX2w2qz8Hx0ZCPa9AsR/3HhKAg9sdg0cF0k3nXqTWCSs8j+9vpJxjCmrN1bXwoRA8K/ICYDoOtjb76c1B/Ahvc2YA7OULcM0EAzsQ2Z++cU/OCIcQatxzEx+TOp5i1yN2YnCFHqDBpE1UB2UbxBCYb+oEEBqB9qeFkQI6eZmvHASjdasXUtvnBYNCc3nliGfODoOXKLmzHQZJVPguWFu7b06zWA7fy3qGMjf7h/RhKbfkL9o7HkAvHTSh0+Lpc8gjPVu+sqLNUMyk3196LJWUI3nf7L3kUxkdSBdsJ/18FZ97OzC3Ws9dhhWe02ry3Y2ptRnIlLf8f4Y/P6FpqwR8Asa6NYBq+LKNSuWfzo4ZynkPt4irAm0LDOnZzbrRbQTB7tUHIA1dZMMWueIe22mUDOzTGDPuFSfF31rYbh2rmc3Tjvkumz6g53kdCV4QnL04htkMwql4KvpMCrkkMxDRlOTf1Xh10QrO49aPd29i7LbFjorGj1872hXszPDpmdDN78VApvMzVue8dKdhlz/x/9aCJnp9oEEgdObEg2OYyc29bqd9kbCOs5F4vaI4YdMrN9QKTqjAVG0kQAKH41Q7VCe0/jPWmGpH4Kd40RQ6/NY5g312D3RKV3V30DlCOIm+w1z7XzV2EWTgb5vgg4EbYyVmh3Y7wBguv2qOqzwhGMFrWGx+fTFAe5Zq8TVwvQUfeN/vFlYz+jc8ysKBbyrrAl4vKm2pz9Geu3Rh4AfRRmxawNjE/qlrTk6sWdWNJu7i2Wgk1C2+1FZeAprPg6EsZj7rFEGOFvZIjWrTi7n+IHI+8rRKDo3J5SkAsxiDaDo8dfvGecPp9ig5l9+OiN68t29HxfGnhJsk5eim/vkuA5mdFJW0cy7h3gtP1Z0PtRYsRoBO+hPp7dcYhhh9NqkP4LbVI8graz5FEf0yMmaA6ci7xgBWe/zOa0V539Y9cWzTK5zE2wrWI+mHKsbgUH9s+7y0tTVk9mPaNKhih1MHgCQiFyctQLzVnd6fXnv7JHzkkIY7AQiCjEZ4QPUrj99rDh0bikDtKX0hAiVedGMJQ664Hhyd3sWVGfrC/Qmob+4LhpE24kAxIRf94d2cB1zRFQ02HMGkbVUbge8SPNqqq/HoWkYvNo/ltdL0Nr5Qb1OmY0LP5txGh8cCQt8SD3K/ww+ZjD0ZbqqTwIaND9reyzXL0ryf8yNkiPCTpFiNmdL1rtHw+E2s9HtdngCz9XuGW5GRa4cL5xY1Yt4WBLEnxXwmyB/EOjBIeO4aJuwAcssL3UrvS/IEERWN4XrqVM4O81ainLaXeze1jj9VJcMb+/qz8dMdgm4WGkKfbbJeIsFCrlHOJ0CFNZZmijMvkoTvZ9WTq2OpxxZdsci1UmItlU60LETfWTUK8Q3YOo+c+fukIMPv68NLQH1LsiYjFXo9yDdzfD990uI5wdwnR3S3Sx6Vp04SkzJX7BAZ2UuL0wJ564Ny4S9Ew5BfWucd70mfQaEzOl52M9mqCyJYDfMYhd65YxkAEAV1dMg3FBlpZmOr2wtEQqXz+25cSPCNwQ/obCQt12cLNGRhyNi1Stz2E67Q9sesmssF7dgq0u/TeLezzVxTk13sJj6PzMtdpOYDwsgZJdh9hz8PZ32nJMTJnlkq6zcTYsbq23+HreCx1dHJJEDjpqZlttMYqLZ8mLLob25PzFaue164MbqozFtNTOc8eeOD+hoPCP/hfPoKoNi7oARs0fvwOwCQEug0XpMcz9mF/85ZBxYuDUBEP1vpbD9MpP/ECslqGdHuJePEFiiJOrDVggpaGcgWUfS2jwWv/46Bbz+W9QH+6Y8IevMf+lXPOL294g5VOoOW5k77naeNNCbycbijFD76gR5DtA+Vn+B6pxzF7l4E4VqC0Vlc1OUvYA7GLZ4rzb4bH4cEZiIb2/skDhJOmcb2btPWKRgutbmpHmi59eVbVkKUAKXm/WBw8xLwt2sLBS5r5R7aAZpMu/NaXFTfBEBGUzrH1u8Pfz3FwRK7v0QEyzhu2bS2JkGxSsaxD5+geQlvzN8eRYW4+pst/CfcCxTES9spBnqSWIX++rs8f9/mECf4jXzZQDv0fdbGILAU=,iv:GTKiBIir9+G3Lh45x77KARxi7paEsGP1m0qVldRnuOw=,tag:eCsjDzyO1g2HvnDhR/Gb4w==,type:str] -sops: - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJOG1menBCTTF3YURCOThM - Q3Z4bnZJYmtQY1RmdTBSeFlhZCtUVzg4Qm5ZClo5NFJqaWg3NElKQjRLcFZGdmxP - cFMwOGxoelJlVnJNamUxWFhETWpiY3cKLS0tIFNDWGRkYVZQWTd2YXg2aGswbmJz - MVJQdDV3ZGdzd3NYL29tYU51NndiNmcKtagAZdoZQo0y0atvRI6f1tY/3j8aD4RP - yvs9RVDdNqm990O5EudjMNhoKLXnFQtX9NlzYVHzrsX0UT/HSUi7mQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0K2tGaktsdXVPN3g0bXps - ZkVWamZGc0QzNk1TaVdla1RDaW90TVpYb25rCmRPL29ZNFFCbVkrbVpseW5SZlFN - dmlLWHVBb1RMb1dvY3NKNHc3NEpMZFEKLS0tIFluRGN6U2paVzVBdCt4d3FyMVZ4 - Nkx5aHo4Qk8vU01wazdWdmhvNWRLQTAK7kiQiEdF1LpzQ/syjRjyhchShrnfhHFE - M/XWLSIcnnApt1dOyJhJlpsQTnT6Y6Fqem0y779/uOQCBJGavscOWw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzK2U3YlRLK3BuK1Q0TkYy - SE1lTkVXUUV4NFVuT2V2VjdqUFpBbVFLSTJnCjI3c0xpMnBnV0M0Q0ZHYTdUSVZl - MWNMQXowWitFVTlIMFBadVJ6OHBBR28KLS0tIHJ1M0NkZzFMSndIUjBwN2tFUmF5 - b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds - JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-02T14:06:11Z" - mac: ENC[AES256_GCM,data:wK8Nb1Vb80UfolzqZOpifZdoEKYu847anowYiCdSluoK+dfHhDhCj7ZxznYV7SwVACIoLsqLR5syRzC861PRBrAujkhbcn7lTc1kQRCjw0gMAbPYR/xiO76EHmiYqnV2UMN0EmuQg1nIRIWY9EO9C7m1b9fjoZFgDsj/7O99aVU=,iv:CJxUKpyNgEYwqLhSvuXoHb+Hu3M7ydKh0WlsjlOtKkM=,tag:4KXmNwwFrqvBjxe656Jvug==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.1 diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index a970c3b..84ef3d6 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,6 +1,10 @@ hedgedoc: - env: ENC[AES256_GCM,data:XClDoB4GH+gdOO2d2MQZUvjY1Y70/hlGbPlULBMNL+xv8OLUQCIpA8XBV8pLKdSbSimrzyXhIAIbCGGS4Q1NoWcoH99G4+pXRvHyOo7MyUs8wqXJc/mQ+e1SEXji3cwdiQUxrbov6w6e6fEYg4VhsHs/zJXLeS2M3jdYAlYy3jeJ5WcbPO9zlkz6h21fO5FOKzzaPXgnZGxj4JiZUivHLzSsQ+4TN3bgSdb+2048uQAn9RnLFKeROVE9Z8DzAIIPbE6KxWwYr2fFCdlegFA3taLJ+FwoCCaSoLDOrd78SDzcHmSpLJfD3ZRCFExE9xogLXx7kZNX6uPtncxN1W5iemW9F7aEyZmkv0POUlldyLSyhTk8Z6jzQkgbymIp/STHdcg4GvWvz8KZ+Yd+tBjkNlTCXuc0S/JGuyjf6we8yuYWnRkfMwQ4GNIjsIHQYSMjpLviNZfKrPk8T0DijtmZnb4Zdw5eg4KLjMS3DfJAeR7c3LnOOIwgzcwTBDFsQunnxpZTT6eZSFbyktVEBH6CaXTWONzOH2Ff1mn/Tbzg7RHo/CaOXDqeJ6B5GejK5ahmeko1SYp+qsX/qdf75lNbJieUcPtfkVwrcHK187HbPSZkf6DYDNvpDcuPD1kQqq2OUb5lHKohbN8iGnwzFlPF4w60jGOzwry8CbctZtynFB6LdK4NTPsiGv9OqU+y5rqm24GjaHljTawbMwYt5kWmLYMtVwcWkXJdFdRUu4hfmMmNUYExpx5CBCjiXZTnElTivmGw3NPdncIsfjo8gOliM/ZidmZxrn5a5+RzLfYslQecp50ek/9UIRPB9P4UyLqgl3rYwh4BadVyIro5mRQBz3nnvEj1kwIeSVwC60Ysv/Uel4zfULKV0vAE+7x2Ogs1s/4N3wYuCns/+UOnS2DNnnjpSHF75Z/GktD9Ni1MJYeOpLU559gbGzKen+6ndy2oXQw8fdFC7ZlwkzRO5YKmrOpwVaVUC4vIYWJO4lFCgajJEpqGhRgPjHE8xFcPu1/kCyYFWVUC/9CAYFFqzpOhczLiS08CqCR9F9XktX3tgHqcJkz473B6xsAIeS2TCgMtRozLwi8OBwiDUZZYAVSmt+h1Dlq09cvjfhXfPQCHVh5jajlPNuXsNXtfVlz45i1DYo7ccyE+Svn2eMs5smkCXt66aFOMujURvkzTZqXYK3loaQPck2DXlN6nFCXlig==,iv:eUa/yfdrxj9+GBqyp03s/7q67fAgr6Z39sT4iqb/38Q=,tag:Je9lq7BLB4NJGDTWAKRgIQ==,type:str] + env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn enc: | @@ -20,7 +24,8 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-04T16:46:41Z" - mac: ENC[AES256_GCM,data:X7wtnmauh/tRbYCSPNtr/38CVyhIezYQKwcysna+3d31QatbAfTSkAMAWcSG+brpvAW14UfhwRiaCPoSjkS5eSkwd99S0CBI50yCjUFh43Uum3TBJhAnc6bzQkJHGXRk7duxkQJvEeDDZT4ph+/UoZ2xGu5LCjpLenDqldeHgCg=,iv:jMVBz0gPoW/J8NvkSGMjx28nXpX8mpWBrvXyCgi7F1U=,tag:mTj/2mwVjy3wYIsHnbMXDw==,type:str] + lastmodified: "2024-12-17T03:25:54Z" + mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.1 + version: 3.9.2