cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:5cb9e6170866e06db255fcf8c96b068579b88e99
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:9546caaa7cb896905847308aab02c20bf3f0d27f
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

No commits in common. "5cb9e6170866e06db255fcf8c96b068579b88e99" and "9546caaa7cb896905847308aab02c20bf3f0d27f" have entirely different histories.
5cb9e61708 ... 9546caaa7c

13 changed files with 139 additions and 155 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.editorconfig
View file

@ -1,3 +0,0 @@
[*.nix]
indent_style = space
indent_size = 2

71
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -39,6 +39,25 @@ jobs:
- name: setup binary cache key - name: setup binary cache key
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: post-build-hook
run: |
sudo mkdir -p /etc/nix
sudo cp ci/upload-to-cache.sh /etc/nix/
sudo chmod +x /etc/nix/upload-to-cache.sh
- name: setup s3 credentials
run: |
sudo mkdir /root/.aws
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -51,26 +70,12 @@ jobs:
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
download-buffer-size = 1073741824 post-build-hook = /etc/nix/upload-to-cache.sh
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: build - name: build
run: | run: |
nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}"
- name: cache
run: |
nix run \
github:cything/nixcp/test-in-ci -- push \
--bucket nixcache \
--endpoint $AWS_ENDPOINT_URL \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
result
build-homes: build-homes:
strategy: strategy:
fail-fast: false fail-fast: false
@ -80,6 +85,7 @@ jobs:
- yt@chunk - yt@chunk
os: os:
- ubuntu-latest - ubuntu-latest
# - macos-latest
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
@ -98,6 +104,25 @@ jobs:
- name: setup binary cache key - name: setup binary cache key
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: post-build-hook
run: |
sudo mkdir -p /etc/nix
sudo cp ci/upload-to-cache.sh /etc/nix/
sudo chmod +x /etc/nix/upload-to-cache.sh
- name: setup s3 credentials
run: |
sudo mkdir /root/.aws
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -110,23 +135,9 @@ jobs:
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
download-buffer-size = 1073741824 post-build-hook = /etc/nix/upload-to-cache.sh
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: build - name: build
run: | run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage" package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix build -L "$package" nix build -L "$package"
- name: cache
run: |
nix run \
github:cything/nixcp/test-in-ci -- push \
--bucket nixcache \
--endpoint $AWS_ENDPOINT_URL \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
result

29
.github/workflows/build-packages.yml vendored
View file

@ -32,6 +32,25 @@ jobs:
- name: setup binary cache key - name: setup binary cache key
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: post-build-hook
run: |
sudo mkdir -p /etc/nix
sudo cp ci/upload-to-cache.sh /etc/nix/
sudo chmod +x /etc/nix/upload-to-cache.sh
- name: setup s3 credentials
run: |
sudo mkdir /root/.aws
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -44,18 +63,10 @@ jobs:
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
post-build-hook = /etc/nix/upload-to-cache.sh
- run: nix build -L ${{ matrix.package }} - run: nix build -L ${{ matrix.package }}
- name: cache
run: |
nix run \
github:cything/nixcp/test-in-ci -- push \
--bucket nixcache \
--endpoint $AWS_ENDPOINT_URL \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
result
- name: prepare tarball to upload - name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result

1
README Normal file
View file

@ -0,0 +1 @@
this is only open source for free ci

54
flake.lock generated
View file

@ -147,11 +147,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1745480492, "lastModified": 1745229893,
"narHash": "sha256-atfb7grtY2DkjR5D9xTKx/CxXoXELBb+xQK2KVe6cso=", "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=",
"owner": "deuxfleurs-org", "owner": "deuxfleurs-org",
"repo": "garage", "repo": "garage",
"rev": "bf4691d98afe348e528ee24e26b06c325cca35d0", "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -189,11 +189,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745858959, "lastModified": 1745256380,
"narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=", "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d0d9d0a1454d5a0200693570618084d80a8b336c", "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -214,11 +214,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1745271491, "lastModified": 1745217777,
"narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=", "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba", "rev": "e4cf2086105f47a22f92985358db295a20746abb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -257,11 +257,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745725746, "lastModified": 1745120797,
"narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=", "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6", "rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -277,11 +277,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745836145, "lastModified": 1744621833,
"narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=", "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-ld", "repo": "nix-ld",
"rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68", "rev": "9a3812797e25def1d4aed62b517606b7b93989dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -292,11 +292,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1745526057, "lastModified": 1744932701,
"narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,11 +417,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745807802, "lastModified": 1745207416,
"narHash": "sha256-Aary9kzSx9QFgfK1CDu3ZqxhuoyHvf0F71j64gXZebA=", "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "9a6045615437787dfb9c1a3242fd75c6b6976b6b", "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -437,11 +437,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745310711, "lastModified": 1744669848,
"narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "rev": "61154300d945f0b147b30d24ddcafa159148026a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -503,11 +503,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745820808, "lastModified": 1745251368,
"narHash": "sha256-6WmnH372ixlcGIAExWBmNg8aRlP1enR97zRfvYKNqR0=", "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a", "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
home/kitty.nix
View file

@ -13,7 +13,6 @@
# for confirmation # for confirmation
confirm_os_window_close = 0; confirm_os_window_close = 0;
clear_all_shortcuts = true; clear_all_shortcuts = true;
background_opacity = 0.85;
# will probably lower this later but the max allowed is actually 4GB # will probably lower this later but the max allowed is actually 4GB
# this is NOT stored in memory and can only be viewed with scrollback_pager # this is NOT stored in memory and can only be viewed with scrollback_pager

62
home/yt/ytnix.nix
View file

@ -8,7 +8,7 @@
./common.nix ./common.nix
../irssi.nix ../irssi.nix
../kitty.nix ../kitty.nix
# ../codium.nix ../codium.nix
]; ];
home = { home = {
username = "yt"; username = "yt";
@ -28,7 +28,10 @@
home.packages = home.packages =
with pkgs; with pkgs;
lib.flatten [ lib.flatten [
ungoogled-chromium
librewolf
bitwarden-desktop bitwarden-desktop
bitwarden-cli
fastfetch fastfetch
(with kdePackages; [ (with kdePackages; [
gwenview gwenview
@ -38,12 +41,14 @@
signal-desktop signal-desktop
btop btop
jq jq
sqlite
usbutils usbutils
calibre calibre
tor-browser tor-browser
wtype wtype
bat bat
rclone rclone
go
(rust-bin.selectLatestNightlyWith ( (rust-bin.selectLatestNightlyWith (
toolchain: toolchain:
toolchain.default.override { toolchain.default.override {
@ -51,9 +56,12 @@
targets = [ "aarch64-unknown-linux-musl" ]; targets = [ "aarch64-unknown-linux-musl" ];
} }
)) ))
pwgen
gnumake gnumake
unzip unzip
anki-bin anki-bin
trezorctl
q
gdb gdb
fuzzel fuzzel
hugo hugo
@ -82,18 +90,23 @@
jadx jadx
scrcpy scrcpy
syncthing syncthing
syncthingtray
(with llvmPackages; [ (with llvmPackages; [
clangUseLLVM clangUseLLVM
compiler-rt compiler-rt
libllvm libllvm
]) ])
nix-output-monitor nix-output-monitor
wl-clipboard-rs
pixelflasher
cinny-desktop cinny-desktop
freetube
gopls
rust-analyzer
minio-client minio-client
nil
keepassxc keepassxc
ida-free lua-language-server
jujutsu
ffmpeg
]; ];
home.sessionVariables = { home.sessionVariables = {
@ -145,19 +158,6 @@
enable = true; enable = true;
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
extraPackages = with pkgs; [
lua-language-server
nil
rust-analyzer
fzf
fd
ripgrep
bat
delta
taplo
llvmPackages.clang-tools
pyright
];
}; };
programs.ssh = { programs.ssh = {
@ -166,32 +166,4 @@
}; };
programs.firefox.enable = true; programs.firefox.enable = true;
programs.emacs = {
enable = true;
extraPackages = _: with pkgs; [
rust-analyzer
nil
ispell
];
};
gtk = {
enable = true;
theme.package = pkgs.gnome-themes-extra;
theme.name = "Adwaita-dark";
};
qt = {
enable = true;
platformTheme.name = "adwaita";
style.name = "adwaita-dark";
style.package = pkgs.adwaita-qt;
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
} }

21
home/zsh/default.nix
View file

@ -37,6 +37,12 @@
searchDownKey = "^n"; searchDownKey = "^n";
}; };
# prezto = {
# enable = true;
# caseSensitive = false;
# editor.keymap = "vi";
# };
initExtra = '' initExtra = ''
# disable control+s to pause terminal # disable control+s to pause terminal
unsetopt FLOW_CONTROL unsetopt FLOW_CONTROL
@ -79,11 +85,14 @@
shellAliases = { shellAliases = {
"vi" = "nvim"; "vi" = "nvim";
"vim" = "nvim"; "vim" = "nvim";
"t" = "tmux";
"tl" = "tmux list-sessions";
"ta" = "tmux new-session -A -s";
"se" = "sudoedit"; "se" = "sudoedit";
"s" = "sudo"; "s" = "sudo";
"nrs" = "sudo nixos-rebuild switch -L --flake ~/nixos-config"; "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json";
"nrt" = "sudo nixos-rebuild test -L --flake ~/nixos-config"; "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json";
"hrs" = "home-manager switch -L --flake ~/nixos-config"; "hrs" = "home-manager switch -L --flake .";
"g" = "git"; "g" = "git";
"ga" = "git add"; "ga" = "git add";
"gaa" = "git add --all"; "gaa" = "git add --all";
@ -91,6 +100,7 @@
"gc" = "git commit --verbose"; "gc" = "git commit --verbose";
"gcmsg" = "git commit --message"; "gcmsg" = "git commit --message";
"gd" = "git diff"; "gd" = "git diff";
"gdca" = "git diff --cached";
"gds" = "git diff --staged"; "gds" = "git diff --staged";
"gl" = "git log --stat"; "gl" = "git log --stat";
"glg" = "git log --graph"; "glg" = "git log --graph";
@ -103,11 +113,6 @@
"gs" = "git status --short"; "gs" = "git status --short";
"gss" = "git status"; "gss" = "git status";
"code" = "codium"; "code" = "codium";
"jl" = "jj log -n 10";
"jll" = "jj log";
"jd" = "jj diff";
"jn" = "jj new";
"jm" = "jj describe -m";
}; };
}; };

2
hosts/chunk/garage.nix
View file

@ -25,7 +25,7 @@
compression_level = "none"; compression_level = "none";
}; };
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
logLevel = "info"; logLevel = "warn";
}; };
services.caddy.virtualHosts = { services.caddy.virtualHosts = {

9
hosts/chunk/rclone.nix
View file

@ -14,14 +14,15 @@ let
--config ${config.sops.secrets."rclone/config".path} \ --config ${config.sops.secrets."rclone/config".path} \
--allow-other \ --allow-other \
--cache-dir /var/cache/rclone \ --cache-dir /var/cache/rclone \
--transfers 16 \ --transfers 64 \
--vfs-cache-mode writes \ --vfs-cache-mode full \
--vfs-cache-min-free-space 5G \ --vfs-cache-min-free-space 5G \
--dir-cache-time 30d \ --dir-cache-time 30d \
--no-checksum \
--no-modtime \ --no-modtime \
--vfs-fast-fingerprint \ --vfs-fast-fingerprint \
--vfs-read-chunk-size 128M \ --vfs-read-chunk-size 8M \
--vfs-read-chunk-streams 0 \ --vfs-read-chunk-streams 16 \
--sftp-concurrency 64 \ --sftp-concurrency 64 \
--sftp-chunk-size 255k \ --sftp-chunk-size 255k \
--buffer-size 0 \ --buffer-size 0 \

30
hosts/ytnix/default.nix
View file

@ -87,7 +87,7 @@
resolvconf.enable = true; resolvconf.enable = true;
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ]; trustedInterfaces = [ "tailscale0" "virbr0" ];
# allowedTCPPorts = [ # allowedTCPPorts = [
# 8080 # mitmproxy # 8080 # mitmproxy
# 22000 # syncthing # 22000 # syncthing
@ -204,7 +204,7 @@
services.displayManager = { services.displayManager = {
enable = true; enable = true;
autoLogin.user = "yt"; autoLogin.user = "yt";
defaultSession = "sway"; defaultSession = "plasma";
sddm = { sddm = {
enable = true; enable = true;
wayland.enable = true; wayland.enable = true;
@ -238,7 +238,6 @@
"/home/yt/Games" "/home/yt/Games"
"/home/yt/Videos" "/home/yt/Videos"
"/home/yt/.bitmonero" "/home/yt/.bitmonero"
"/home/yt/vms"
]; ];
repo = "yt"; repo = "yt";
passFile = config.sops.secrets."borg/rsyncnet".path; passFile = config.sops.secrets."borg/rsyncnet".path;
@ -361,6 +360,12 @@
]; ];
}; };
services.ollama.enable = false;
services.trezord.enable = true;
programs.niri.enable = false;
programs.niri.package = pkgs.niri-unstable;
programs.xwayland.enable = true; programs.xwayland.enable = true;
services.udev.extraHwdb = '' services.udev.extraHwdb = ''
@ -385,24 +390,7 @@
programs.ccache.enable = true; programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
nix.settings.sandbox = true; nix.settings.sandbox = false;
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraPackages = with pkgs; [
rofi-wayland
cliphist
rofimoji
grim
slurp
swaylock
swayidle
brightnessctl
waybar
wl-clipboard
];
};
} }

1
modules/authelia.nix
View file

@ -68,7 +68,6 @@ in
]; ];
scopes = [ "openid" "profile" "email" ]; scopes = [ "openid" "profile" "email" ];
userinfo_signed_response_alg = "none"; userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
} }
{ {
client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU";

10
modules/caddy.nix
View file

@ -19,9 +19,9 @@ in
plugins = [ plugins = [
# error message will tell you the correct version tag to use # error message will tell you the correct version tag to use
# (still need the @ to pass nix config check) # (still need the @ to pass nix config check)
"github.com/caddy-dns/cloudflare@v0.2.2-0.20250420134112-006ebb07b349" "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
]; ];
hash = "sha256-2U+icm4GtI5Fww6U8nKzQ/+pPf63T3scTGuj1zjj4b4="; hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc=";
}; };
logFormat = lib.mkForce "level INFO"; logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
@ -37,9 +37,9 @@ in
(authelia) { (authelia) {
forward_auth localhost:9091 { forward_auth localhost:9091 {
uri /api/authz/forward-auth uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
} }
} }
''; '';
environmentFile = config.sops.secrets."caddy/env".path; environmentFile = config.sops.secrets."caddy/env".path;