diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 429a454..413b892 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,17 +3,6 @@ on: workflow_dispatch: push: pull_request: -env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - extra-substituters = https://cache.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= - experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes - accept-flake-config = true - TERM: ansi - jobs: build-machines: strategy: @@ -37,15 +26,21 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix - uses: nixbuild/nix-quick-install-action@master - + uses: cachix/install-nix-action@v30 + with: + install_url: https://releases.nixos.org/nix/nix-2.25.4/install + extra_nix_config: 'accept-flake-config = true' - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -63,30 +58,7 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - - name: build and cache - run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix build -L "$package" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" - - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.machine }}-${{ matrix.os }} - path: result.tar - if-no-files-found: error - + - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel build-homes: strategy: matrix: @@ -109,14 +81,17 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -134,26 +109,4 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - - name: build and cache - run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix build -L "$package" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" - - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.home }}-${{ matrix.os }} - path: result.tar - if-no-files-found: error + - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5bb8b29..72fc72c 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,17 +6,6 @@ on: description: "package to build" required: false type: string -env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - extra-substituters = https://cache.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= - experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes - accept-flake-config = true - TERM: ansi - jobs: build-packages: strategy: @@ -29,7 +18,6 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 - runs-on: ${{ matrix.os }} steps: - name: Install Nix @@ -39,26 +27,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix - run: nix build -L ${{ matrix.package }} - - - name: cache result - run: | - derivation="$(nix path-info --derivation "${{ matrix.package }}")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" - - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.os }} - path: result.tar - if-no-files-found: error diff --git a/flake.lock b/flake.lock index bd1a4e5..e40aeed 100644 --- a/flake.lock +++ b/flake.lock @@ -342,38 +342,6 @@ "type": "github" } }, - "garage": { - "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1741360584, - "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", - "owner": "deuxfleurs-org", - "repo": "garage", - "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", - "type": "github" - }, - "original": { - "owner": "deuxfleurs-org", - "repo": "garage", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -1034,7 +1002,6 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", - "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", diff --git a/flake.nix b/flake.nix index 494ce4f..a07ce00 100644 --- a/flake.nix +++ b/flake.nix @@ -88,16 +88,6 @@ crane.follows = "crane"; }; }; - garage = { - url = "github:deuxfleurs-org/garage"; - inputs = { - nixpkgs.follows = "nixpkgs"; - rust-overlay.follows = "rust-overlay"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - }; - }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -115,13 +105,11 @@ "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" - "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; }; diff --git a/home/codium.nix b/home/codium.nix index dcdf4ea..2d7bb9d 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -21,8 +21,6 @@ tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker emilast.logfilehighlighter - tamasfe.even-better-toml - golang.go ]; userSettings = let diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 5d60a6d..9b20a66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,7 +102,6 @@ pixelflasher element-desktop freetube - gopls ]; home.sessionVariables = { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9a621c4..2fee98c 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,6 +22,7 @@ ./forgejo.nix ./garage.nix ./tailscale.nix + ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -100,18 +101,22 @@ ${tc} qdisc del dev ens18 root || true # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 10 + ${tc} qdisc add dev ens18 root handle 1: htb default 30 ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 ''; }; interfaces.ens18 = { diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix new file mode 100644 index 0000000..2ad4a89 --- /dev/null +++ b/hosts/chunk/tor.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + services.tor = { + enable = true; + openFirewall = true; + relay = { + enable = true; + role = "relay"; + }; + settings = { + ORPort = 9001; + Nickname = "chunk"; + # MaxAdvertisedBandwidth = "20MBytes"; + }; + }; +} diff --git a/hosts/common.nix b/hosts/common.nix index 0fb2fc6..feafd17 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -14,14 +14,12 @@ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; substituters = [ "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" - "https://cache.cy7.sh/main" ]; }; channel.enable = false; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 15ccf21..c185991 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -144,7 +144,6 @@ "docker" "disk" "adbusers" - "podman" ]; environment.systemPackages = with pkgs; lib.flatten [ @@ -385,5 +384,4 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; - nix.settings.sandbox = false; } diff --git a/modules/containerization.nix b/modules/containerization.nix index fd39da9..416d2bf 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -28,11 +28,8 @@ in dns_enabled = true; ipv6_enabled = true; }; - # answer on /var/run/docker.sock - dockerSocket.enable = true; }; - docker.enable = lib.mkIf (!cfg.usePodman) true; - oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; + oci-containers.backend = lib.mkIf cfg.usePodman "podman"; }; }; } diff --git a/overlay/default.nix b/overlay/default.nix index 1df98bd..b3cdb56 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -19,10 +19,7 @@ in pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; - garage = ((pkgFrom inputs.garage "default").overrideAttrs { - meta.mainProgram = "garage"; - }); } ) ] -++ importedOverlays +++ importedOverlays \ No newline at end of file