diff --git a/.editorconfig b/.editorconfig deleted file mode 100644 index 2eafe75..0000000 --- a/.editorconfig +++ /dev/null @@ -1,3 +0,0 @@ -[*.nix] -indent_style = space -indent_size = 2 diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index d54e390..f1e07bc 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -39,6 +39,25 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -51,26 +70,12 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - download-buffer-size = 1073741824 - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + post-build-hook = /etc/nix/upload-to-cache.sh - name: build run: | nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - - name: cache - run: | - nix run \ - github:cything/nixcp/test-in-ci -- push \ - --bucket nixcache \ - --endpoint $AWS_ENDPOINT_URL \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - result - build-homes: strategy: fail-fast: false @@ -80,6 +85,7 @@ jobs: - yt@chunk os: - ubuntu-latest + # - macos-latest runs-on: ${{ matrix.os }} steps: @@ -98,6 +104,25 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -110,23 +135,9 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - download-buffer-size = 1073741824 - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + post-build-hook = /etc/nix/upload-to-cache.sh - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - - - name: cache - run: | - nix run \ - github:cything/nixcp/test-in-ci -- push \ - --bucket nixcache \ - --endpoint $AWS_ENDPOINT_URL \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - result diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 61527a1..343a54f 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -32,6 +32,25 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -44,18 +63,10 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + post-build-hook = /etc/nix/upload-to-cache.sh - run: nix build -L ${{ matrix.package }} - - name: cache - run: | - nix run \ - github:cything/nixcp/test-in-ci -- push \ - --bucket nixcache \ - --endpoint $AWS_ENDPOINT_URL \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - result - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/README b/README new file mode 100644 index 0000000..1a59725 --- /dev/null +++ b/README @@ -0,0 +1 @@ +this is only open source for free ci diff --git a/flake.lock b/flake.lock index 5146a69..2044b2a 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745480492, - "narHash": "sha256-atfb7grtY2DkjR5D9xTKx/CxXoXELBb+xQK2KVe6cso=", + "lastModified": 1745229893, + "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "bf4691d98afe348e528ee24e26b06c325cca35d0", + "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745858959, - "narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=", + "lastModified": 1745256380, + "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0d9d0a1454d5a0200693570618084d80a8b336c", + "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1745271491, - "narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=", + "lastModified": 1745217777, + "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba", + "rev": "e4cf2086105f47a22f92985358db295a20746abb", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1745725746, - "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=", + "lastModified": 1745120797, + "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6", + "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1745836145, - "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=", + "lastModified": 1744621833, + "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", "owner": "nix-community", "repo": "nix-ld", - "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68", + "rev": "9a3812797e25def1d4aed62b517606b7b93989dc", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745807802, - "narHash": "sha256-Aary9kzSx9QFgfK1CDu3ZqxhuoyHvf0F71j64gXZebA=", + "lastModified": 1745207416, + "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "9a6045615437787dfb9c1a3242fd75c6b6976b6b", + "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745820808, - "narHash": "sha256-6WmnH372ixlcGIAExWBmNg8aRlP1enR97zRfvYKNqR0=", + "lastModified": 1745251368, + "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a", + "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa", "type": "github" }, "original": { diff --git a/home/kitty.nix b/home/kitty.nix index 40f25ef..a6ddf37 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -13,7 +13,6 @@ # for confirmation confirm_os_window_close = 0; clear_all_shortcuts = true; - background_opacity = 0.85; # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8a301d1..c08d0b8 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -8,7 +8,7 @@ ./common.nix ../irssi.nix ../kitty.nix - # ../codium.nix + ../codium.nix ]; home = { username = "yt"; @@ -28,7 +28,10 @@ home.packages = with pkgs; lib.flatten [ + ungoogled-chromium + librewolf bitwarden-desktop + bitwarden-cli fastfetch (with kdePackages; [ gwenview @@ -38,12 +41,14 @@ signal-desktop btop jq + sqlite usbutils calibre tor-browser wtype bat rclone + go (rust-bin.selectLatestNightlyWith ( toolchain: toolchain.default.override { @@ -51,9 +56,12 @@ targets = [ "aarch64-unknown-linux-musl" ]; } )) + pwgen gnumake unzip anki-bin + trezorctl + q gdb fuzzel hugo @@ -82,18 +90,23 @@ jadx scrcpy syncthing + syncthingtray (with llvmPackages; [ clangUseLLVM compiler-rt libllvm ]) nix-output-monitor + wl-clipboard-rs + pixelflasher cinny-desktop + freetube + gopls + rust-analyzer minio-client + nil keepassxc - ida-free - jujutsu - ffmpeg + lua-language-server ]; home.sessionVariables = { @@ -145,19 +158,6 @@ enable = true; viAlias = true; vimAlias = true; - extraPackages = with pkgs; [ - lua-language-server - nil - rust-analyzer - fzf - fd - ripgrep - bat - delta - taplo - llvmPackages.clang-tools - pyright - ]; }; programs.ssh = { @@ -166,32 +166,4 @@ }; programs.firefox.enable = true; - - programs.emacs = { - enable = true; - extraPackages = _: with pkgs; [ - rust-analyzer - nil - ispell - ]; - }; - - gtk = { - enable = true; - theme.package = pkgs.gnome-themes-extra; - theme.name = "Adwaita-dark"; - }; - - qt = { - enable = true; - platformTheme.name = "adwaita"; - style.name = "adwaita-dark"; - style.package = pkgs.adwaita-qt; - }; - - dconf.settings = { - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - }; - }; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 977de0b..e599f0d 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -37,6 +37,12 @@ searchDownKey = "^n"; }; + # prezto = { + # enable = true; + # caseSensitive = false; + # editor.keymap = "vi"; + # }; + initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL @@ -79,11 +85,14 @@ shellAliases = { "vi" = "nvim"; "vim" = "nvim"; + "t" = "tmux"; + "tl" = "tmux list-sessions"; + "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake ~/nixos-config"; - "nrt" = "sudo nixos-rebuild test -L --flake ~/nixos-config"; - "hrs" = "home-manager switch -L --flake ~/nixos-config"; + "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; + "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; + "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; @@ -91,6 +100,7 @@ "gc" = "git commit --verbose"; "gcmsg" = "git commit --message"; "gd" = "git diff"; + "gdca" = "git diff --cached"; "gds" = "git diff --staged"; "gl" = "git log --stat"; "glg" = "git log --graph"; @@ -103,11 +113,6 @@ "gs" = "git status --short"; "gss" = "git status"; "code" = "codium"; - "jl" = "jj log -n 10"; - "jll" = "jj log"; - "jd" = "jj diff"; - "jn" = "jj new"; - "jm" = "jj describe -m"; }; }; diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index aef6578..a36dc49 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -25,7 +25,7 @@ compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; - logLevel = "info"; + logLevel = "warn"; }; services.caddy.virtualHosts = { diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 7ab5e2e..1c253f2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,14 +14,15 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 16 \ - --vfs-cache-mode writes \ + --transfers 64 \ + --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ + --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 128M \ - --vfs-read-chunk-streams 0 \ + --vfs-read-chunk-size 8M \ + --vfs-read-chunk-streams 16 \ --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 920cd4f..c3759fa 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,7 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ]; + trustedInterfaces = [ "tailscale0" "virbr0" ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing @@ -204,7 +204,7 @@ services.displayManager = { enable = true; autoLogin.user = "yt"; - defaultSession = "sway"; + defaultSession = "plasma"; sddm = { enable = true; wayland.enable = true; @@ -238,7 +238,6 @@ "/home/yt/Games" "/home/yt/Videos" "/home/yt/.bitmonero" - "/home/yt/vms" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; @@ -361,6 +360,12 @@ ]; }; + services.ollama.enable = false; + + services.trezord.enable = true; + + programs.niri.enable = false; + programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; services.udev.extraHwdb = '' @@ -385,24 +390,7 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; - nix.settings.sandbox = true; + nix.settings.sandbox = false; programs.ssh.startAgent = true; - - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - extraPackages = with pkgs; [ - rofi-wayland - cliphist - rofimoji - grim - slurp - swaylock - swayidle - brightnessctl - waybar - wl-clipboard - ]; - }; } diff --git a/modules/authelia.nix b/modules/authelia.nix index 915be02..f231f50 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -68,7 +68,6 @@ in ]; scopes = [ "openid" "profile" "email" ]; userinfo_signed_response_alg = "none"; - token_endpoint_auth_method = "client_secret_basic"; } { client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; diff --git a/modules/caddy.nix b/modules/caddy.nix index f6904a8..c5de226 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -19,9 +19,9 @@ in plugins = [ # error message will tell you the correct version tag to use # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.2.2-0.20250420134112-006ebb07b349" + "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-2U+icm4GtI5Fww6U8nKzQ/+pPf63T3scTGuj1zjj4b4="; + hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; @@ -37,9 +37,9 @@ in (authelia) { forward_auth localhost:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Name Remote-Email - } + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } } ''; environmentFile = config.sops.secrets."caddy/env".path;