From d50d2dcb7354a58933e0b83a136d503a87f81f8e Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 21:38:31 -0400 Subject: [PATCH 01/47] workflow: always() cache --- .github/workflows/build-machines-and-homes.yml | 16 ++++++++++++---- .github/workflows/build-packages.yml | 3 ++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 21d70a8..4e45c05 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -63,13 +63,17 @@ jobs: run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache + if: always() + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" build-homes: strategy: fail-fast: false @@ -119,10 +123,14 @@ jobs: run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache + if: always() + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index d23da13..872aa6d 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -42,10 +42,11 @@ jobs: attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} - name: cache result + if: always() run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 7b4f70fbe6af7627e66c5f0de0bd1f9ccbd9d55f Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 23:32:31 -0400 Subject: [PATCH 02/47] remove lix input (only use lix-module) --- flake.lock | 81 ++++++------------------------------------------------ flake.nix | 7 +---- 2 files changed, 10 insertions(+), 78 deletions(-) diff --git a/flake.lock b/flake.lock index bd1a4e5..bff9eba 100644 --- a/flake.lock +++ b/flake.lock @@ -564,29 +564,17 @@ } }, "lix": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "nix2container": "nix2container", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-regression": "nixpkgs-regression", - "pre-commit-hooks": "pre-commit-hooks" - }, + "flake": false, "locked": { - "lastModified": 1741700536, - "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", - "ref": "refs/heads/main", - "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", - "revCount": 17635, - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" + "lastModified": 1742262179, + "narHash": "sha256-bmywICXzaly0Q9orrv8ADTAPyNrzjzPX52Dk5I2omd4=", + "rev": "5243a6f8b4d5936ffdf2b5b44451e5949a73da06", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/5243a6f8b4d5936ffdf2b5b44451e5949a73da06.tar.gz?rev=5243a6f8b4d5936ffdf2b5b44451e5949a73da06" }, "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" } }, "lix-module": { @@ -595,9 +583,7 @@ "flake-utils" ], "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], + "lix": "lix", "nixpkgs": [ "nixpkgs" ] @@ -760,22 +746,6 @@ "type": "github" } }, - "nix2container": { - "flake": false, - "locked": { - "lastModified": 1724996935, - "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1730531603, @@ -792,22 +762,6 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -967,22 +921,6 @@ "type": "github" } }, - "pre-commit-hooks": { - "flake": false, - "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1037,7 +975,6 @@ "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix": "lix", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", diff --git a/flake.nix b/flake.nix index 7746231..63877d3 100644 --- a/flake.nix +++ b/flake.nix @@ -51,12 +51,6 @@ url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; - inputs.lix.follows = "lix"; - }; - lix = { - url = "git+https://git.lix.systems/lix-project/lix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-compat.follows = "flake-compat"; }; nix-ld = { url = "github:nix-community/nix-ld"; @@ -166,6 +160,7 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ + inputs.lix-module.overlays.default inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); From ec9283ee263002081940c185e1a887ae8fc6d739 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 23:38:40 -0400 Subject: [PATCH 03/47] workflow: rm cache nix store action --- .../workflows/build-machines-and-homes.yml | 34 ------------------- 1 file changed, 34 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 4e45c05..741aa70 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -42,23 +42,6 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - name: setup attic run: | nix profile install github:zhaofengli/attic @@ -102,23 +85,6 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - name: setup attic run: | nix profile install github:zhaofengli/attic From f0add8c95fcef356a42db49da6910ce7ebb70c7f Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 23:42:19 -0400 Subject: [PATCH 04/47] rm lix-module from overlay --- flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake.nix b/flake.nix index 63877d3..8370a2d 100644 --- a/flake.nix +++ b/flake.nix @@ -160,7 +160,6 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ - inputs.lix-module.overlays.default inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); From c299b501a6d76f813398e68d2a4e082ca77b2bd4 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 00:15:32 -0400 Subject: [PATCH 05/47] workflow: use cachix installer --- .github/workflows/build-machines-and-homes.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 741aa70..7278ee3 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -37,7 +37,7 @@ jobs: remove-docker-images: 'true' build-mount-path: /nix - name: Install Nix - uses: nixbuild/nix-quick-install-action@master + uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: @@ -80,7 +80,8 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master + - name: Install Nix + uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: From 2260347ed95b1f5bd18ad59c2e3e0b242ce1630e Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 13:22:12 -0400 Subject: [PATCH 06/47] flake update --- flake.lock | 100 +++++++++++++++++++++++----------------------- modules/caddy.nix | 2 +- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index bff9eba..4bf9015 100644 --- a/flake.lock +++ b/flake.lock @@ -92,11 +92,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1741378155, - "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", + "lastModified": 1741891349, + "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", "owner": "girlbossceo", "repo": "complement", - "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", + "rev": "e587b3df569cba411aeac7c20b6366d03c143745", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1741642109, - "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", + "lastModified": 1742266954, + "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", + "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "crane": { "locked": { - "lastModified": 1741481578, - "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "lastModified": 1742317686, + "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", "owner": "ipetkov", "repo": "crane", - "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1741360584, - "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "lastModified": 1742243551, + "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1741701235, - "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", + "lastModified": 1742305478, + "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", + "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1742262179, - "narHash": "sha256-bmywICXzaly0Q9orrv8ADTAPyNrzjzPX52Dk5I2omd4=", - "rev": "5243a6f8b4d5936ffdf2b5b44451e5949a73da06", + "lastModified": 1741888409, + "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", + "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/5243a6f8b4d5936ffdf2b5b44451e5949a73da06.tar.gz?rev=5243a6f8b4d5936ffdf2b5b44451e5949a73da06" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" }, "original": { "type": "tarball", @@ -589,11 +589,11 @@ ] }, "locked": { - "lastModified": 1738176840, - "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", + "lastModified": 1741894565, + "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", "ref": "refs/heads/main", - "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", - "revCount": 133, + "rev": "a6da43f8193d9e329bba1795c42590c27966082e", + "revCount": 136, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -713,11 +713,11 @@ ] }, "locked": { - "lastModified": 1741619381, - "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", + "lastModified": 1742174123, + "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", + "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", "type": "github" }, "original": { @@ -733,11 +733,11 @@ ] }, "locked": { - "lastModified": 1741597901, - "narHash": "sha256-nLUTgXXcFFz+3pd3Khz1H4jUECqX5+OapNPGioPJRQs=", + "lastModified": 1742204505, + "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", "owner": "nix-community", "repo": "nix-ld", - "rev": "8e0308dd7dd9cd3656866fb2387bc29052fd6d3a", + "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", "type": "github" }, "original": { @@ -780,11 +780,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1741600792, - "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", + "lastModified": 1742268799, + "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", + "rev": "da044451c6a70518db5b730fe277b70f494188f1", "type": "github" }, "original": { @@ -828,11 +828,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1741692589, - "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", + "lastModified": 1742276595, + "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", + "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", "type": "github" }, "original": { @@ -853,11 +853,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741637833, - "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", + "lastModified": 1742255305, + "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", "owner": "nix-community", "repo": "nixvim", - "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", + "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", "type": "github" }, "original": { @@ -1014,11 +1014,11 @@ ] }, "locked": { - "lastModified": 1741660300, - "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", + "lastModified": 1742265167, + "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", + "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", "type": "github" }, "original": { @@ -1034,11 +1034,11 @@ ] }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1742239755, + "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "787afce414bcce803b605c510b60bf43c11f4b55", "type": "github" }, "original": { @@ -1084,11 +1084,11 @@ ] }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742303424, + "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ ] }, "locked": { - "lastModified": 1741704640, - "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", + "lastModified": 1742262692, + "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "27f37976beb94100b18ab8407ff056654db68506", + "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", "type": "github" }, "original": { diff --git a/modules/caddy.nix b/modules/caddy.nix index 6b46cb5..131edf3 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -21,7 +21,7 @@ in # (still need the @ to pass nix config check) "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" ]; - hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + hash = "sha256-W09nFfBKd+9QEuzV3RYLeNy2CTry1Tz3Vg1U2JPNPPc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; From 1c8135095c8b7700ccc6228d919e10b762a4a1ee Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 14:18:02 -0400 Subject: [PATCH 07/47] attic: try prefetching 8 chunks --- overlay/attic/default.nix | 2 +- .../attic/{prefetch-32-chunks.patch => prefetch-8-chunks.patch} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename overlay/attic/{prefetch-32-chunks.patch => prefetch-8-chunks.patch} (85%) diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 14f5daf..454d367 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -1,7 +1,7 @@ final: prev: { attic-server = prev.attic-server.overrideAttrs { patches = [ - ./prefetch-32-chunks.patch + ./prefetch-8-chunks.patch ]; }; } diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-8-chunks.patch similarity index 85% rename from overlay/attic/prefetch-32-chunks.patch rename to overlay/attic/prefetch-8-chunks.patch index bbb801b..3786541 100644 --- a/overlay/attic/prefetch-32-chunks.patch +++ b/overlay/attic/prefetch-8-chunks.patch @@ -7,7 +7,7 @@ index 02e4857..71eeee8 100644 // TODO: Make num_prefetch configurable // The ideal size depends on the average chunk size - let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { -+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { ++ let merged = merge_chunks(chunks, streamer, storage, 8).map_err(|e| { tracing::error!(%e, "Stream error"); e }); From f28234e55592f226b1b0f3a77d3f58d901ce1ae3 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 15:40:06 -0400 Subject: [PATCH 08/47] workflow: add system-features --- .github/workflows/build-machines-and-homes.yml | 2 +- .github/workflows/build-packages.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7278ee3..7731122 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -10,8 +10,8 @@ env: extra-substituters = https://cache.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm TERM: ansi jobs: build-machines: diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 872aa6d..fb0620e 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -13,7 +13,6 @@ env: extra-substituters = https://cache.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi jobs: From ed929219da13b0927a750bf4d71c8e9842e558df Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 23:16:06 -0400 Subject: [PATCH 09/47] nixvim: rm copilot stuff i never use --- home/nixvim/default.nix | 41 +---------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 94895c1..39c3ba9 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -71,41 +71,6 @@ key = ""; mode = "i"; } - # quick chat with copilot - { - key = "ccq"; - action.__raw = '' - function() - local input = vim.fn.input("Quick chat: ") - if input ~= "" then - require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer }) - end - end - ''; - mode = [ - "n" - "v" - ]; - } - # ask perplexity a quick question - { - key = "ccs"; - action.__raw = '' - function() - local input = vim.fn.input("Perplexity: ") - if input ~= "" then - require("CopilotChat").ask(input, { - agent = "perplexityai", - selection = false, - }) - end - end - ''; - mode = [ - "n" - "v" - ]; - } ]; plugins.cmp = { @@ -196,11 +161,7 @@ nix.flake.autoArchive = true; }; }; - rust_analyzer = { - enable = true; - installRustc = true; - installCargo = true; - }; + rust_analyzer.enable = true; eslint.enable = true; }; }; From 384398b08abd0aee66b3ce24ab9aee3df5c5f8b4 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 19 Mar 2025 23:14:24 -0400 Subject: [PATCH 10/47] misc --- home/codium.nix | 1 + home/nixvim/default.nix | 6 +++++- home/yt/ytnix.nix | 4 ++-- home/zsh/default.nix | 2 +- hosts/common.nix | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index 935866b..28c3a6e 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -22,6 +22,7 @@ emilast.logfilehighlighter tamasfe.even-better-toml golang.go + ms-python.python ]; userSettings = let diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 39c3ba9..0ce28d6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -161,7 +161,11 @@ nix.flake.autoArchive = true; }; }; - rust_analyzer.enable = true; + rust_analyzer = { + enable = true; + installRustc = false; + installCargo = false; + }; eslint.enable = true; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 3ec6aeb..1731475 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -60,7 +60,6 @@ unzip anki-bin trezorctl - trezor-agent q gdb fuzzel @@ -100,9 +99,10 @@ nix-output-monitor wl-clipboard-rs pixelflasher - element-desktop + cinny-desktop freetube gopls + rust-analyzer ]; home.sessionVariables = { diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 9b5bcc6..e599f0d 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -92,7 +92,7 @@ "s" = "sudo"; "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; - "hrs" = "home-manager switch -L --flake . |& nom --json"; + "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; diff --git a/hosts/common.nix b/hosts/common.nix index c7841c3..779a4e1 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -13,7 +13,7 @@ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - trusted-substituters = [ + extra-substituters = [ "https://nix-community.cachix.org" "https://cache.cy7.sh/main" ]; From 6fa16fa422fa02a8a3c65bd9a4825256366be8f3 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 19 Mar 2025 23:45:30 -0400 Subject: [PATCH 11/47] try default conduwuit package --- overlay/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/default.nix b/overlay/default.nix index 0eea626..cd9f038 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -15,7 +15,7 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = pkgFrom inputs.conduwuit "default"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; From 5cc48a3eb3f29f224b8df8c33635efa250569054 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 03:17:22 -0400 Subject: [PATCH 12/47] try alternative cache domain --- .github/workflows/build-machines-and-homes.yml | 2 +- .github/workflows/build-packages.yml | 2 +- flake.nix | 2 +- hosts/common.nix | 2 +- modules/attic.nix | 13 ++++++++----- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7731122..1900b0e 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -7,7 +7,7 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cache.cy7.sh/main + extra-substituters = https://cdn.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index fb0620e..1d23fe9 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -10,7 +10,7 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cache.cy7.sh/main + extra-substituters = https://cdn.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true diff --git a/flake.nix b/flake.nix index 8370a2d..b469e18 100644 --- a/flake.nix +++ b/flake.nix @@ -107,7 +107,7 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.cy7.sh/main" + "https://cdn.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" diff --git a/hosts/common.nix b/hosts/common.nix index 779a4e1..7067008 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -15,7 +15,7 @@ ]; extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.cy7.sh/main" + "https://cdn.cy7.sh/main" ]; }; channel.enable = false; diff --git a/modules/attic.nix b/modules/attic.nix index 5aa54c6..c08afe1 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -18,7 +18,7 @@ in settings = { listen = "[::]:8091"; api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" ]; + allowed-hosts = [ "cache.cy7.sh" "cdn.cy7.sh" ]; require-proof-of-possession = false; compression = { type = "none"; @@ -39,9 +39,12 @@ in }; }; - services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8091 - ''; + services.caddy.virtualHosts."cache.cy7.sh" = { + serverAliases = [ "cdn.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; + }; }; } From 02dc7351efac7d11e4b997609abdb6bdd1fb6848 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 10:09:34 -0400 Subject: [PATCH 13/47] make rclone master --- hosts/chunk/rclone.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 60d4e0e..09f5b18 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -44,15 +44,17 @@ --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers=32 \ + --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 10M \ - --vfs-read-chunk-streams 32 \ + --vfs-read-chunk-size 4M \ + --vfs-read-chunk-streams 64 \ + --sftp-concurrency 128 \ + --sftp-chunk-size 255k \ rsyncnet:garage /mnt/garage ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; From 959deb8dbc5c7559c17a377ece1b698a47dbef8d Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 11:03:22 -0400 Subject: [PATCH 14/47] try helix --- flake.lock | 43 ++++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++++ home/yt/ytnix.nix | 13 +++++++++++++ overlay/default.nix | 1 + 4 files changed, 61 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 4bf9015..ddda4b4 100644 --- a/flake.lock +++ b/flake.lock @@ -448,6 +448,30 @@ "type": "github" } }, + "helix": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": "nixpkgs_4", + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1742479163, + "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=", + "owner": "helix-editor", + "repo": "helix", + "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "repo": "helix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -827,6 +851,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1742276595, "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", @@ -973,13 +1013,14 @@ "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "garage": "garage", + "helix": "helix", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", diff --git a/flake.nix b/flake.nix index b469e18..54a1b90 100644 --- a/flake.nix +++ b/flake.nix @@ -92,6 +92,11 @@ flake-utils.follows = "flake-utils"; }; }; + helix = { + url = "github:helix-editor/helix"; + inputs.flake-utils.follows = "flake-utils"; + inputs.rust-overlay.follows = "rust-overlay"; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 1731475..6ce06ec 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -152,4 +152,17 @@ }; programs.nix-index-database.comma.enable = true; + programs.helix = { + enable = true; + settings = { + theme = "github_dark"; + editor = { + line-number = "relative"; + lsp.display-messages = true; + }; + keys.insert = { + "C-[" = "normal_mode"; + }; + }; + }; } diff --git a/overlay/default.nix b/overlay/default.nix index cd9f038..d8780e2 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -24,6 +24,7 @@ in meta.mainProgram = "garage"; } ); + helix = pkgFrom inputs.helix "default"; } ) ] From 8ffe43a4414500d1a11b2d50e5c735e98c051633 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 16:10:39 -0400 Subject: [PATCH 15/47] attic: always prefer streams --- overlay/attic/prefetch-8-chunks.patch | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch index 3786541..eafc514 100644 --- a/overlay/attic/prefetch-8-chunks.patch +++ b/overlay/attic/prefetch-8-chunks.patch @@ -1,7 +1,16 @@ diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..71eeee8 100644 +index 02e4857..b522154 100644 --- a/server/src/api/binary_cache.rs +++ b/server/src/api/binary_cache.rs +@@ -215,7 +215,7 @@ async fn get_nar( + let chunk = chunks[0].as_ref().unwrap(); + let remote_file = &chunk.remote_file.0; + let storage = state.storage().await?; +- match storage.download_file_db(remote_file, false).await? { ++ match storage.download_file_db(remote_file, true).await? { + Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), + Download::AsyncRead(stream) => { + let stream = ReaderStream::new(stream).map_err(|e| { @@ -262,7 +262,7 @@ async fn get_nar( // TODO: Make num_prefetch configurable @@ -11,3 +20,4 @@ index 02e4857..71eeee8 100644 tracing::error!(%e, "Stream error"); e }); + From c67622ba36b205d1d1f8d2ab268142ba538b6157 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:43:22 -0400 Subject: [PATCH 16/47] refactor rclone, use same serviceConfig for all mounts --- hosts/chunk/rclone.nix | 66 ++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 09f5b18..31cdf54 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -4,6 +4,32 @@ lib, ... }: +let + mkServiceConfig = remote: mount: { + Type = "notify"; + TimeoutSec = "5min 20s"; + ExecStartPre = "/usr/bin/env mkdir -p ${mount}"; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers 32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ + --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 4M \ + --vfs-read-chunk-streams 32 \ + --sftp-concurrency 128 \ + --sftp-chunk-size 255k \ + ${remote} ${mount} + ''; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + }; +in { systemd.services.immich-mount = { enable = true; @@ -12,21 +38,7 @@ after = [ "network-online.target" ]; requiredBy = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --cache-dir /var/cache/rclone \ - --transfers=32 \ - --dir-cache-time 30d \ - --vfs-cache-mode writes \ - --vfs-cache-max-size 2G \ - photos: /mnt/photos - ''; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; - }; + serviceConfig = mkServiceConfig "photos:" "/mnt/photos"; }; systemd.services.garage-mount = { @@ -36,28 +48,6 @@ after = [ "network-online.target" ]; requiredBy = [ "garage.service" ]; before = [ "garage.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --allow-other \ - --cache-dir /var/cache/rclone \ - --transfers 32 \ - --vfs-cache-mode full \ - --vfs-cache-min-free-space 5G \ - --dir-cache-time 30d \ - --no-checksum \ - --no-modtime \ - --vfs-fast-fingerprint \ - --vfs-read-chunk-size 4M \ - --vfs-read-chunk-streams 64 \ - --sftp-concurrency 128 \ - --sftp-chunk-size 255k \ - rsyncnet:garage /mnt/garage - ''; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; - }; + serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage"; }; } From 31e8487a3f1d3fd3671ba47a6749a6117e992585 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:44:29 -0400 Subject: [PATCH 17/47] immich: backup database to disk (not mount) --- hosts/chunk/immich.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 6541770..f2636f1 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -9,6 +9,7 @@ let thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; + backupsLocation = "/opt/immich/backups"; in { virtualisation.oci-containers.containers = { @@ -21,6 +22,7 @@ in "${uploadLocation}:/usr/src/app/upload" "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" + "${backupsLocation}:/usr/src/app/upload/backups" ]; environment = { REDIS_HOSTNAME = "immich-redis"; From 9400279febe41d5283e377fdff61196d4416e2e2 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:44:45 -0400 Subject: [PATCH 18/47] garage: use 128M block_size --- hosts/chunk/garage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 81b4af3..6a25df2 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -15,7 +15,7 @@ replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "10M"; + block_size = "128M"; compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; From 55267c5154af54c5eae292bba2a30c51e0923cd1 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:45:22 -0400 Subject: [PATCH 19/47] attic: don't chunk, s3 at localhost, start after garage --- modules/attic.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/modules/attic.nix b/modules/attic.nix index c08afe1..a43d444 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -30,12 +30,31 @@ in type = "s3"; region = "us-east-1"; bucket = "attic"; - endpoint = "https://s3.cy7.sh"; + # attic must be patched to never serve pre-signed s3 urls directly + # otherwise it will redirect clients to this localhost endpoint + endpoint = "http://127.0.0.1:3900"; }; garbage-collection = { default-retention-period = "1 month"; }; + + chunking = { + # disable chunking since garage does its own + nar-size-threshold = 0; + # defaults + min-size = 16384; + avg-size = 65536; + max-size = 262144; + }; + }; + }; + + systemd.services.atticd = { + requires = [ "garage.service" ]; + after = [ "garage.service" ]; + environment = { + RUST_LOG = "INFO"; }; }; From 8c921fc1ab4d703cffd19bee965280845ff1ad24 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:46:04 -0400 Subject: [PATCH 20/47] nixvim: enable yamlls; home/chunk: remove attic-server --- home/nixvim/default.nix | 8 +------- home/yt/chunk.nix | 4 ---- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 0ce28d6..5199812 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -167,6 +167,7 @@ installCargo = false; }; eslint.enable = true; + yamlls.enable = true; }; }; plugins.treesitter = { @@ -198,13 +199,6 @@ settings.current_line_blame = true; }; - plugins.copilot-chat = { - enable = true; - settings = { - model = "claude-3.5-sonnet"; - }; - }; - plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; plugins.cmp-nvim-lsp.enable = true; diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index ad024cd..474abfc 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -14,8 +14,4 @@ programs.home-manager.enable = true; systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - attic-server - ]; } From b5d3358f526f7ea323ff7adddc998ee9b23ba610 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Mar 2025 10:43:56 -0400 Subject: [PATCH 21/47] vscode stuff and try to make treefmt not suck --- .../workflows/build-machines-and-homes.yml | 6 ++ flake.nix | 8 ++- home/codium.nix | 64 +++++++++++++++++-- home/yt/ytnix.nix | 1 - 4 files changed, 70 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1900b0e..43ea5bf 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: push: pull_request: + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -13,6 +14,7 @@ env: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm TERM: ansi + jobs: build-machines: strategy: @@ -36,16 +38,20 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix uses: cachix/install-nix-action@v30 + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" diff --git a/flake.nix b/flake.nix index 54a1b90..1c5adea 100644 --- a/flake.nix +++ b/flake.nix @@ -134,7 +134,6 @@ imports = [ inputs.treefmt.flakeModule ]; - debug = true; systems = [ "x86_64-linux" ]; @@ -147,11 +146,14 @@ treefmt = { projectRootFile = "flake.nix"; programs.nixfmt.enable = true; - programs.stylua.enable = true; - programs.yamlfmt.enable = true; programs.typos.enable = true; programs.shellcheck.enable = true; + programs.yamlfmt = { + enable = true; + settings.retain_line_breaks = true; + }; + settings.global.excludes = [ "secrets/*" "**/*.png" # tries to format a png file diff --git a/home/codium.nix b/home/codium.nix index 28c3a6e..00724b6 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { programs.vscode = { enable = true; @@ -23,10 +23,12 @@ tamasfe.even-better-toml golang.go ms-python.python + christian-kohler.path-intellisense ]; userSettings = let vimCommonKeyBindings = [ + # nice emacs bindings { "before" = [ "C-a" ]; "commands" = [ "cursorHome" ]; @@ -35,6 +37,19 @@ "before" = [ "C-e" ]; "commands" = [ "cursorEnd" ]; } + { + "before" = [ "C-b" ]; + "commands" = [ "cursorLeft" ]; + } + { + "before" = [ "C-f" ]; + "commands" = [ "cursorRight" ]; + } + # ctrl+h to turn off search highlighting + { + "before" = [ "C-h" ]; + "commands" = [ ":nohl" ]; + } ]; in { @@ -74,7 +89,7 @@ "markdown-preview-enhanced.previewTheme" = "github-dark.css"; "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; + "nix.serverPath" = "${lib.getExe pkgs.nil}"; "bookmarks.saveBookmarksInProject" = true; "cSpell.enabledFileTypes" = { @@ -84,6 +99,15 @@ # vim stuff "vim.leader" = ","; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; + "vim.sneak" = true; + "vim.sneakUseIgnorecaseAndSmartcase" = true; + "vim.enableNeovim" = true; + "vim.hlsearch" = true; + "vim.easymotion" = true; + "editor.lineNumbers" = "relative"; "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ { "before" = [ ";" ]; @@ -118,6 +142,13 @@ ]; "commands" = [ "workbench.action.toggleSidebarVisibility" ]; } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } { "before" = [ "" @@ -191,10 +222,33 @@ "commands" = [ "editor.action.outdentLines" ]; } ]; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; }; + keybindings = [ + # repeat these vim bindings here cause otherwise they get overridden by vscode + { + "key" = "ctrl+b"; + "when" = "inputFocus"; + "command" = "cursorLeft"; + } + { + "key" = "ctrl+f"; + "when" = "inputFocus"; + "command" = "cursorRight"; + } + # clear default bindings that conflict + { + "key" = "ctrl+f"; + "command" = "-actions.find"; + } + { + "key" = "ctrl+b"; + "command" = "-workbench.action.toggleSidebarVisibility"; + } + { + "key" = "ctrl+w"; + "command" = "-workbench.action.closeActiveEditor"; + } + ]; }; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 6ce06ec..4e431b2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -76,7 +76,6 @@ )) p7zip qbittorrent - nil android-tools frida-tools mitmproxy From 57aa1103476fa98b45e43ae8ce43a756ee6ccd94 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Mar 2025 11:51:51 -0400 Subject: [PATCH 22/47] don't overlay pixelflasher and don't patch attic num_prefetch --- flake.lock | 17 ----------------- flake.nix | 1 - overlay/attic/prefetch-8-chunks.patch | 9 --------- overlay/default.nix | 1 - 4 files changed, 28 deletions(-) diff --git a/flake.lock b/flake.lock index ddda4b4..a6ee1bb 100644 --- a/flake.lock +++ b/flake.lock @@ -945,22 +945,6 @@ "type": "github" } }, - "pixelflasher": { - "locked": { - "lastModified": 1741302870, - "narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "5ef8b274bb7f939104295a22cec3382268ed73cc", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "pixelflasher", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1024,7 +1008,6 @@ "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", - "pixelflasher": "pixelflasher", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", diff --git a/flake.nix b/flake.nix index 1c5adea..b5fccc8 100644 --- a/flake.nix +++ b/flake.nix @@ -71,7 +71,6 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; - pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; attic = { url = "github:zhaofengli/attic"; inputs = { diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch index eafc514..3d6134f 100644 --- a/overlay/attic/prefetch-8-chunks.patch +++ b/overlay/attic/prefetch-8-chunks.patch @@ -11,13 +11,4 @@ index 02e4857..b522154 100644 Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), Download::AsyncRead(stream) => { let stream = ReaderStream::new(stream).map_err(|e| { -@@ -262,7 +262,7 @@ async fn get_nar( - - // TODO: Make num_prefetch configurable - // The ideal size depends on the average chunk size -- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { -+ let merged = merge_chunks(chunks, streamer, storage, 8).map_err(|e| { - tracing::error!(%e, "Stream error"); - e - }); diff --git a/overlay/default.nix b/overlay/default.nix index d8780e2..71bee1e 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -16,7 +16,6 @@ in in { conduwuit = pkgFrom inputs.conduwuit "default"; - pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; garage = ( From 225e01d935cd3208e2c6a8bd735b3f8d6b9717cc Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Mar 2025 11:53:06 -0400 Subject: [PATCH 23/47] nix fmt --- .../workflows/build-machines-and-homes.yml | 6 --- home/codium.nix | 54 +++++++++---------- modules/attic.nix | 5 +- 3 files changed, 31 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 43ea5bf..1900b0e 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,7 +3,6 @@ on: workflow_dispatch: push: pull_request: - env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -14,7 +13,6 @@ env: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm TERM: ansi - jobs: build-machines: strategy: @@ -38,20 +36,16 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" diff --git a/home/codium.nix b/home/codium.nix index 00724b6..117c9e0 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -107,7 +107,7 @@ "vim.enableNeovim" = true; "vim.hlsearch" = true; "vim.easymotion" = true; - "editor.lineNumbers" = "relative"; + "editor.lineNumbers" = "relative"; "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ { "before" = [ ";" ]; @@ -223,32 +223,32 @@ } ]; }; - keybindings = [ - # repeat these vim bindings here cause otherwise they get overridden by vscode - { - "key" = "ctrl+b"; - "when" = "inputFocus"; - "command" = "cursorLeft"; - } - { - "key" = "ctrl+f"; - "when" = "inputFocus"; - "command" = "cursorRight"; - } - # clear default bindings that conflict - { - "key" = "ctrl+f"; - "command" = "-actions.find"; - } - { - "key" = "ctrl+b"; - "command" = "-workbench.action.toggleSidebarVisibility"; - } - { - "key" = "ctrl+w"; - "command" = "-workbench.action.closeActiveEditor"; - } - ]; + keybindings = [ + # repeat these vim bindings here cause otherwise they get overridden by vscode + { + "key" = "ctrl+b"; + "when" = "inputFocus"; + "command" = "cursorLeft"; + } + { + "key" = "ctrl+f"; + "when" = "inputFocus"; + "command" = "cursorRight"; + } + # clear default bindings that conflict + { + "key" = "ctrl+f"; + "command" = "-actions.find"; + } + { + "key" = "ctrl+b"; + "command" = "-workbench.action.toggleSidebarVisibility"; + } + { + "key" = "ctrl+w"; + "command" = "-workbench.action.closeActiveEditor"; + } + ]; }; }; } diff --git a/modules/attic.nix b/modules/attic.nix index a43d444..e546a9e 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -18,7 +18,10 @@ in settings = { listen = "[::]:8091"; api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" "cdn.cy7.sh" ]; + allowed-hosts = [ + "cache.cy7.sh" + "cdn.cy7.sh" + ]; require-proof-of-possession = false; compression = { type = "none"; From aea2a217c24d56b34ca7341f3f77edc75abf8caf Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 13:24:37 -0400 Subject: [PATCH 24/47] chunk: remove unused stuff --- hosts/chunk/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9a621c4..f016a84 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -184,7 +184,6 @@ security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; - programs.gnupg.agent.enable = true; programs.git.enable = true; my.caddy.enable = true; @@ -192,8 +191,5 @@ # container stuff my.containerization.enable = true; - my.roundcube.enable = true; - my.zipline.enable = true; - my.searx.enable = true; my.attic.enable = true; } From 8c3f3a4dffe25798bc32aa5adc993fc7d9929979 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 14:42:22 -0400 Subject: [PATCH 25/47] workflow: use new s3 nix cache add cache priv and pub key add cache priv key to /home/runner workflow: use new cache for build-packages --- .../workflows/build-machines-and-homes.yml | 29 +++++++------------ .github/workflows/build-packages.yml | 15 ++++------ 2 files changed, 17 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1900b0e..3b36789 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -7,12 +7,15 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cdn.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} jobs: build-machines: strategy: @@ -36,16 +39,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" @@ -53,10 +54,7 @@ jobs: - name: cache if: always() run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" build-homes: strategy: fail-fast: false @@ -80,16 +78,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" @@ -97,7 +93,4 @@ jobs: - name: cache if: always() run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 1d23fe9..2e926b2 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -10,10 +10,11 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cdn.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi jobs: build-packages: @@ -29,23 +30,19 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} - name: cache result if: always() run: | - derivation="$(nix path-info --derivation "${{ matrix.package }}")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + nix copy "${{ matrix.machine }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 1ac785fba41a7a9db98352a79c8d1943d6d00813 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 16:39:33 -0400 Subject: [PATCH 26/47] use s3 nix cache --- flake.nix | 4 ++-- hosts/chunk/garage.nix | 12 ++++++++++++ hosts/common.nix | 4 ++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index b5fccc8..52d012f 100644 --- a/flake.nix +++ b/flake.nix @@ -111,11 +111,11 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cdn.cy7.sh/main" + "https://nixcache.cy7.sh" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; }; diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 6a25df2..da9b650 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,6 +10,11 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.cy7.sh"; + add_host_to_metrics = true; + }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; @@ -33,5 +38,12 @@ import common reverse_proxy localhost:3903 ''; + "*.web.cy7.sh" = { + serverAliases = [ "nixcache.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; + }; }; } diff --git a/hosts/common.nix b/hosts/common.nix index 7067008..1d54545 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -11,11 +11,11 @@ ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; extra-substituters = [ "https://nix-community.cachix.org" - "https://cdn.cy7.sh/main" + "https://nixcache.cy7.sh" ]; }; channel.enable = false; From 789e0b7597f0363c06d63583cd96b3923a2f4e2a Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 18:44:53 -0400 Subject: [PATCH 27/47] try to fix rclone memory issue; also disable OOM for now --- hosts/chunk/rclone.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 31cdf54..1da2ad7 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,20 +14,22 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 32 \ + --transfers 16 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 4M \ - --vfs-read-chunk-streams 32 \ + --vfs-read-chunk-size 16M \ + --vfs-read-chunk-streams 16 \ --sftp-concurrency 128 \ --sftp-chunk-size 255k \ + --buffer-size 0 \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + OOMScoreAdjust = -1000; }; in { From ec1f55aecea53367c868a76548bb53dc6de66041 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 18:45:14 -0400 Subject: [PATCH 28/47] sops: add binary cache priv key --- .sops.yaml | 5 +++++ secrets/cache-priv-key.pem | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 secrets/cache-priv-key.pem diff --git a/.sops.yaml b/.sops.yaml index cb7e65d..c812080 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -123,3 +123,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/cache-priv-key.pem + key_groups: + - age: + - *yt + - *cy diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem new file mode 100644 index 0000000..30618df --- /dev/null +++ b/secrets/cache-priv-key.pem @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdkxBV3NSL1NDRjhPanpZ\nWTQwUmJmTExNOG0xZ1l1M2ZUSlFaTWdzS2hvCkdNT0dmK3FhcC85RE1mQmN1Uncw\nU1A4Znk1Vnk3RmY1UWdBY21VdnRZdWMKLS0tIHhTYUVUeTZsYkJFWk5LdnNDWlc5\ndDFDMUN2RmN0MDNXclpEMFA5Z0F5M0kKsLgc2D73RPNdTo4q7hBPGcBVPGwY73g+\nqQZbkVVzKPHo814ivwIVFYv+i5Qvf+p985Rko/fQ98GxW0G5c9Qfkg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZ3B4czExQVZxNUJGNk1X\nbE9Md1Z6blM1S2xhb3VLT0JWbUpjSkxxS1U0Cm41bmt5Rk9LVTJFbVRFT2xxM01i\nTGUyYVU2RWdzRUhBVmNsTzJZWmh6cFUKLS0tIFlXVHQrcTVvbnptRitQVkVXRHBJ\nTjIxVXFvRmRQbUFHRXFjbFIva1IxVG8KciKyUdNjec7ocuKVX8KflMVPKpf/tEVr\nTxudivOoQ0XaqyPVi3cWDpuk2IAWUuJDxjmEctE6JgPtQvs1GsKCdg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-03-27T20:37:28Z", + "mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file From 7c8bc5a1f616cdc72875daeeecb2a129e746d3f0 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 19:10:04 -0400 Subject: [PATCH 29/47] rclone: limit sftp-concurrency to 64 and remove OOMScoreAdjust workaround --- hosts/chunk/rclone.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1da2ad7..803a188 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -23,13 +23,12 @@ let --vfs-fast-fingerprint \ --vfs-read-chunk-size 16M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; - OOMScoreAdjust = -1000; }; in { From 9dbc689e14447020452c7bfb7dffcc591aa90e20 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 19:19:54 -0400 Subject: [PATCH 30/47] workflow: fix typo and don't build on macos --- .github/workflows/build-packages.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 2e926b2..3411c89 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -26,8 +26,8 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - - macos-latest - - macos-13 + # - macos-latest + # - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key @@ -42,7 +42,7 @@ jobs: - name: cache result if: always() run: | - nix copy "${{ matrix.machine }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy "${{ matrix.package }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 9f47fb8a956975923ecf1fc9f84292e50b0c0ca5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 22:11:21 -0400 Subject: [PATCH 31/47] update caddy cloudflare plugin --- modules/caddy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index 131edf3..3e6ca63 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -19,9 +19,9 @@ in plugins = [ # error message will tell you the correct version tag to use # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" + "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-W09nFfBKd+9QEuzV3RYLeNy2CTry1Tz3Vg1U2JPNPPc="; + hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; From 073e118366383504884abd2c5f4aad85316b2dff Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 23:41:07 -0400 Subject: [PATCH 32/47] rm helix; install minio-client --- .sops.yaml | 1 + flake.lock | 43 +------------------------------------------ flake.nix | 5 ----- home/yt/ytnix.nix | 14 +------------- overlay/default.nix | 1 - 5 files changed, 3 insertions(+), 61 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c812080..9e9a860 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -128,3 +128,4 @@ creation_rules: - age: - *yt - *cy + - *chunk diff --git a/flake.lock b/flake.lock index a6ee1bb..20d9470 100644 --- a/flake.lock +++ b/flake.lock @@ -448,30 +448,6 @@ "type": "github" } }, - "helix": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": "nixpkgs_4", - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1742479163, - "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=", - "owner": "helix-editor", - "repo": "helix", - "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c", - "type": "github" - }, - "original": { - "owner": "helix-editor", - "repo": "helix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -851,22 +827,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1742276595, "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", @@ -997,14 +957,13 @@ "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "garage": "garage", - "helix": "helix", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", diff --git a/flake.nix b/flake.nix index 52d012f..b76d3e1 100644 --- a/flake.nix +++ b/flake.nix @@ -91,11 +91,6 @@ flake-utils.follows = "flake-utils"; }; }; - helix = { - url = "github:helix-editor/helix"; - inputs.flake-utils.follows = "flake-utils"; - inputs.rust-overlay.follows = "rust-overlay"; - }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 4e431b2..cd6baa4 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ freetube gopls rust-analyzer + minio-client ]; home.sessionVariables = { @@ -151,17 +152,4 @@ }; programs.nix-index-database.comma.enable = true; - programs.helix = { - enable = true; - settings = { - theme = "github_dark"; - editor = { - line-number = "relative"; - lsp.display-messages = true; - }; - keys.insert = { - "C-[" = "normal_mode"; - }; - }; - }; } diff --git a/overlay/default.nix b/overlay/default.nix index 71bee1e..f4a7353 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -23,7 +23,6 @@ in meta.mainProgram = "garage"; } ); - helix = pkgFrom inputs.helix "default"; } ) ] From 36d1097c2605c82f1e6af2f9628ee7a65addb304 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 23:41:24 -0400 Subject: [PATCH 33/47] add cache priv key to nix.conf --- hosts/common.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hosts/common.nix b/hosts/common.nix index 1d54545..77e0edb 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, config, ... }: { nix = { settings = { @@ -9,7 +9,7 @@ "root" "@wheel" ]; - trusted-public-keys = [ + extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; @@ -17,6 +17,9 @@ "https://nix-community.cachix.org" "https://nixcache.cy7.sh" ]; + secret-key-files = [ + config.sops.secrets.cache-priv-key.path + ]; }; channel.enable = false; optimise = { @@ -74,4 +77,11 @@ services.thermald.enable = true; environment.enableAllTerminfo = true; + + sops.secrets.cache-priv-key = { + format = "binary"; + sopsFile = ../secrets/cache-priv-key.pem; + mode = "0440"; + group = "users"; + }; } From ec8606984436bc33f5d764369a208fbc1e9c451e Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 01:01:12 -0400 Subject: [PATCH 34/47] update sops key; immich: change thumbs path; disable nm-applet --- hosts/chunk/garage.nix | 1 + hosts/chunk/immich.nix | 4 ++-- hosts/ytnix/default.nix | 4 +++- secrets/cache-priv-key.pem | 8 ++++++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index da9b650..b046a4b 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -24,6 +24,7 @@ compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; + logLevel = "warn"; }; services.caddy.virtualHosts = { diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index f2636f1..7dc7824 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -6,7 +6,7 @@ }: let uploadLocation = "/mnt/photos/immich"; - thumbsLocation = "/opt/immich/thumbs"; + # thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; backupsLocation = "/opt/immich/backups"; @@ -20,7 +20,7 @@ in pull = "newer"; volumes = [ "${uploadLocation}:/usr/src/app/upload" - "${thumbsLocation}:/usr/src/app/upload/thumbs" + # "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" "${backupsLocation}:/usr/src/app/upload/backups" ]; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b57887e..eba3509 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -94,8 +94,10 @@ # 3003 # immich-ml # ]; }; + hosts = { + "100.122.132.30" = [ "s3.cy7.sh" ]; + }; }; - programs.nm-applet.enable = true; security.rtkit.enable = true; services.pipewire = { diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem index 30618df..c9bd80e 100644 --- a/secrets/cache-priv-key.pem +++ b/secrets/cache-priv-key.pem @@ -8,11 +8,15 @@ "age": [ { "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdkxBV3NSL1NDRjhPanpZ\nWTQwUmJmTExNOG0xZ1l1M2ZUSlFaTWdzS2hvCkdNT0dmK3FhcC85RE1mQmN1Uncw\nU1A4Znk1Vnk3RmY1UWdBY21VdnRZdWMKLS0tIHhTYUVUeTZsYkJFWk5LdnNDWlc5\ndDFDMUN2RmN0MDNXclpEMFA5Z0F5M0kKsLgc2D73RPNdTo4q7hBPGcBVPGwY73g+\nqQZbkVVzKPHo814ivwIVFYv+i5Qvf+p985Rko/fQ98GxW0G5c9Qfkg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZ3B4czExQVZxNUJGNk1X\nbE9Md1Z6blM1S2xhb3VLT0JWbUpjSkxxS1U0Cm41bmt5Rk9LVTJFbVRFT2xxM01i\nTGUyYVU2RWdzRUhBVmNsTzJZWmh6cFUKLS0tIFlXVHQrcTVvbnptRitQVkVXRHBJ\nTjIxVXFvRmRQbUFHRXFjbFIva1IxVG8KciKyUdNjec7ocuKVX8KflMVPKpf/tEVr\nTxudivOoQ0XaqyPVi3cWDpuk2IAWUuJDxjmEctE6JgPtQvs1GsKCdg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-27T20:37:28Z", From d281beea431ab1729b337d5ce3de9b54f66247b2 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 16:57:46 -0400 Subject: [PATCH 35/47] chunk: rm attic; rclone: use 32 transfers --- hosts/chunk/default.nix | 2 -- hosts/chunk/rclone.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index f016a84..22290c1 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -190,6 +190,4 @@ # container stuff my.containerization.enable = true; - - my.attic.enable = true; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 803a188..c592fbb 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,7 +14,7 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 16 \ + --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ From d4bf0f3ef5a33721149839ba356abaab3032a6b3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 23:43:53 -0400 Subject: [PATCH 36/47] workflow: nix copy --all --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 3b36789..bc1f2db 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -54,7 +54,7 @@ jobs: - name: cache if: always() run: | - nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose build-homes: strategy: fail-fast: false @@ -93,4 +93,4 @@ jobs: - name: cache if: always() run: | - nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 3411c89..c530cb7 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -16,6 +16,8 @@ env: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} jobs: build-packages: strategy: @@ -42,7 +44,7 @@ jobs: - name: cache result if: always() run: | - nix copy "${{ matrix.package }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From e610ca24e10996f97dcdf68297dbd0c1b9ffc4ed Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 10:48:25 -0400 Subject: [PATCH 37/47] workflow: sign all just in case something got missed --- .github/workflows/build-machines-and-homes.yml | 2 ++ .github/workflows/build-packages.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index bc1f2db..7e25ec2 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -55,6 +55,7 @@ jobs: if: always() run: | nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose + nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all build-homes: strategy: fail-fast: false @@ -94,3 +95,4 @@ jobs: if: always() run: | nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose + nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index c530cb7..5e779ac 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -45,6 +45,7 @@ jobs: if: always() run: | nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose + nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 61b5533dcaf4fe65494665f9ab3b48cfd74dc138 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 16:59:32 -0400 Subject: [PATCH 38/47] justfile: --commit-lock-file --- justfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/justfile b/justfile index 68b7e5c..9f6236c 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,7 @@ update: git branch -D update || true git switch -c update - nix flake update - git add flake.lock - git commit -s -m "flake update" + nix flake update --commit-lock-file git push -f git switch main From 70ed1418632966ebb70bf52c07c04be5d22e3ebd Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:14:08 -0400 Subject: [PATCH 39/47] workflow: try lix --- .../workflows/build-machines-and-homes.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7e25ec2..8459ace 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -43,6 +43,16 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + - name: Sync repository uses: actions/checkout@v4 with: @@ -83,6 +93,16 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + - name: Sync repository uses: actions/checkout@v4 with: From a45f4132e5902f45545762cceaeffcd8c32359a4 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:36:51 -0400 Subject: [PATCH 40/47] workflow: try another cache command cause --all is really all --- .github/workflows/build-machines-and-homes.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 8459ace..2924929 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -52,6 +52,7 @@ jobs: 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ upgrade-nix \ --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version - name: Sync repository uses: actions/checkout@v4 @@ -64,8 +65,10 @@ jobs: - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') build-homes: strategy: fail-fast: false @@ -102,6 +105,7 @@ jobs: 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ upgrade-nix \ --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version - name: Sync repository uses: actions/checkout@v4 @@ -114,5 +118,7 @@ jobs: - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') From 048800c0bf7ddb2778e92b7e0e4e7d42f3e5fd3a Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:40:46 -0400 Subject: [PATCH 41/47] workflow: same changes to build-packages --- .github/workflows/build-packages.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5e779ac..44af952 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -36,6 +36,17 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version + - name: Sync repository uses: actions/checkout@v4 with: @@ -44,8 +55,9 @@ jobs: - name: cache result if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 47e5c5cd7798811d59702ad9cac04e356c0a08b7 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:47:46 -0400 Subject: [PATCH 42/47] workflow: add new lines --- .github/workflows/build-machines-and-homes.yml | 13 +++++++++++++ .github/workflows/build-packages.yml | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2924929..1272cc1 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: push: pull_request: + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -16,6 +17,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-machines: strategy: @@ -27,6 +29,7 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -39,8 +42,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -58,10 +63,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache if: always() run: | @@ -69,6 +76,7 @@ jobs: nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + build-homes: strategy: fail-fast: false @@ -80,6 +88,7 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -92,8 +101,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -111,10 +122,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache if: always() run: | diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 44af952..637afbf 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,7 @@ on: description: "package to build" required: false type: string + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -18,6 +19,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-packages: strategy: @@ -31,9 +33,11 @@ jobs: # - macos-latest # - macos-13 runs-on: ${{ matrix.os }} + steps: - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -51,15 +55,19 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - run: nix build -L ${{ matrix.package }} + - name: cache result if: always() run: | nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: From 1537fd644418e4ae1b8e60c31d465076ee7bdfce Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:01:35 -0400 Subject: [PATCH 43/47] workflow: try yet another way to cache --- .../workflows/build-machines-and-homes.yml | 30 ++++++++++++++----- .github/workflows/build-packages.yml | 13 ++++++-- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1272cc1..f04d05f 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,12 +70,19 @@ jobs: nix build -L "$package" - name: cache - if: always() + # if: always() run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done build-homes: strategy: @@ -129,9 +136,16 @@ jobs: nix build -L "$package" - name: cache - if: always() + # if: always() run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 637afbf..17e5637 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -61,9 +61,16 @@ jobs: - name: cache result if: always() run: | - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "${{ matrix.package }}") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From c6999339dac9d9241cee33799d253803e5e3d965 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:28:48 -0400 Subject: [PATCH 44/47] workflow: use !cancelled() instead of always() --- .github/workflows/build-machines-and-homes.yml | 6 ++++-- .github/workflows/build-packages.yml | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index f04d05f..2bf0350 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,7 +70,8 @@ jobs: nix build -L "$package" - name: cache - # if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivations=() @@ -136,7 +137,8 @@ jobs: nix build -L "$package" - name: cache - # if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivations=() diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 17e5637..cd3c273 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -59,7 +59,8 @@ jobs: - run: nix build -L ${{ matrix.package }} - name: cache result - if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | derivations=() while IFS=$'\n' read derivation; do From 616d2910303b0d0feb692871ba0e005e11fa550c Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 29 Mar 2025 14:14:11 -0400 Subject: [PATCH 45/47] workflow: use cachix extra_nix_config option --- .../workflows/build-machines-and-homes.yml | 29 +++++++++++++------ .github/workflows/build-packages.yml | 18 +++++++----- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2bf0350..7ede8d4 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -5,15 +5,6 @@ on: pull_request: env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} @@ -48,6 +39,16 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | @@ -115,6 +116,16 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index cd3c273..fea88fc 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -8,14 +8,6 @@ on: type: string env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} @@ -40,6 +32,16 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | From 888fb86155dbf3b6cec0032029081c2b11434379 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 09:55:07 -0400 Subject: [PATCH 46/47] workflow: rm GITHUB_TOKEN from update-flake-lock --- .github/workflows/update-flake-lock.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 59006f6..248b096 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -14,7 +14,5 @@ jobs: - uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v30 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v24 From 015b6baa8d1200bacd0e30eb241f3d9f3cb2c5f5 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 09:55:22 -0400 Subject: [PATCH 47/47] workflow: use sed to stop spam --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7ede8d4..dd08f2c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -78,7 +78,7 @@ jobs: derivations=() while IFS=$'\n' read derivation; do derivations+=("$derivation") - done < <(nix path-info --derivation "$package") + done < <(nix path-info --derivation "$package" | sed 's/\.drv$/.drv^*/') for derivation in "${derivations[@]}"; do nix copy -j8 \ @@ -155,7 +155,7 @@ jobs: derivations=() while IFS=$'\n' read derivation; do derivations+=("$derivation") - done < <(nix path-info --derivation "$package") + done < <(nix path-info --derivation "$package" | sed 's/\.drv$/.drv^*/') for derivation in "${derivations[@]}"; do nix copy -j8 \ diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index fea88fc..7ef9afb 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -67,7 +67,7 @@ jobs: derivations=() while IFS=$'\n' read derivation; do derivations+=("$derivation") - done < <(nix path-info --derivation "${{ matrix.package }}") + done < <(nix path-info --derivation "${{ matrix.package }}" | sed 's/\.drv$/.drv^*/') for derivation in "${derivations[@]}"; do nix copy -j8 \