From ec978a406d5039abbe471edb24972e3f8f50f1d4 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 09:55:07 -0400 Subject: [PATCH 01/31] workflow: rm GITHUB_TOKEN from update-flake-lock --- .github/workflows/update-flake-lock.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 59006f6..248b096 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -14,7 +14,5 @@ jobs: - uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v30 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v24 From 925f78853bab654428f2caed31ec2d1ba7b28bf2 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 10:21:23 -0400 Subject: [PATCH 02/31] workflow: use deploy keys in update-flake-lock to trigger actions --- .github/workflows/update-flake-lock.yml | 28 ++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 248b096..8d94149 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -11,8 +11,30 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + with: + ssh-key: ${{ secrets.SSH_DEPLOY_KEY }} + - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@53fb48f556dd912c4814b24ee8059a9c91c82b18 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v24 + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + nix flake update --commit-lock-file + + - name: Create PR + uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 + with: + title: nix flake update From f34eec7b178b1ded0e342a07d8957fde3c3dcb39 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 31 Mar 2025 09:01:33 -0400 Subject: [PATCH 03/31] serve nixcache home as text/plain --- hosts/chunk/garage.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index b046a4b..28f7b22 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -43,6 +43,14 @@ serverAliases = [ "nixcache.cy7.sh" ]; extraConfig = '' import common + @plain { + host nixcache.cy7.sh nixcache.web.cy7.sh + path / /nix-cache-info + } + header @plain { + >content-type text/plain + } + reverse_proxy localhost:3902 ''; }; From 67f6032b67f66feb30bb4a1dfde3c6a9ff749446 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 21:29:11 -0400 Subject: [PATCH 04/31] workflow: use nixpkgs#nixos-rebuild --- .github/workflows/build-machines-and-homes.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7ede8d4..563a44c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -67,8 +67,9 @@ jobs: - name: build run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix build -L "$package" + # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + # nix build -L "$package" + nix run nixpkgs#nixos-rebuild build -- --flake ".#${{ matrix.machine }}" - name: cache # https://stackoverflow.com/a/58859404 From 897fd44badfa9277064c2de8436f647c9839b232 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 31 Mar 2025 10:36:45 -0400 Subject: [PATCH 05/31] use release-2.92 branch for lix --- flake.lock | 21 +++++++++++---------- flake.nix | 2 +- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 20d9470..8f15385 100644 --- a/flake.lock +++ b/flake.lock @@ -566,15 +566,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1741888409, - "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", - "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", + "lastModified": 1742250400, + "narHash": "sha256-be2mY7VFiWcPw7GcaJBbUvpnpoLd39wxqTXagBNTR5w=", + "rev": "d8db15010d2059a23a17f70ef542b4d1e7d2c640", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8db15010d2059a23a17f70ef542b4d1e7d2c640.tar.gz?rev=d8db15010d2059a23a17f70ef542b4d1e7d2c640" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -589,15 +589,16 @@ ] }, "locked": { - "lastModified": 1741894565, - "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", - "ref": "refs/heads/main", - "rev": "a6da43f8193d9e329bba1795c42590c27966082e", - "revCount": 136, + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "ref": "release-2.92", + "rev": "3fae818597ca2f1474de62022f850c23be50528d", + "revCount": 134, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, "original": { + "ref": "release-2.92", "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" } diff --git a/flake.nix b/flake.nix index b76d3e1..3093168 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,7 @@ }; }; lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module"; + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; From 16848e291ef454cdee5afa1e6cfb9ff9b3689272 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 31 Mar 2025 10:42:51 -0400 Subject: [PATCH 06/31] workflow: use branch-suffix for update-flake-lock --- .github/workflows/update-flake-lock.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 8d94149..3b79705 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -38,3 +38,5 @@ jobs: uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 with: title: nix flake update + branch: update-flake-inputs + branch-suffix: timestamp From 08a75b8b8fe22e907f6ccdcd280aaa20f99a791a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 12:11:41 -0400 Subject: [PATCH 07/31] flake.lock: Update (#35) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'conduwuit': 'github:girlbossceo/conduwuit/7bf92c8a3710eeff229bd86bc81a89daa94b66d5?narHash=sha256-PoVjZXR24r1WPyWWK%2BDZDAlVr4otn/BcxY7/jd8fehM%3D' (2025-03-18) → 'github:girlbossceo/conduwuit/3e57b7d35d5bd6cfed5900b377f7c68970213518?narHash=sha256-uGI98B%2BbinIclsCJd2wXb7l1k2wV7e%2BsNmX4R8L5RPc%3D' (2025-03-28) • Updated input 'crane': 'github:ipetkov/crane/66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb?narHash=sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE%3D' (2025-03-18) → 'github:ipetkov/crane/70947c1908108c0c551ddfd73d4f750ff2ea67cd?narHash=sha256-vVOAp9ahvnU%2BfQoKd4SEXB2JG2wbENkpqcwlkIXgUC0%3D' (2025-03-19) • Updated input 'garage': 'github:deuxfleurs-org/garage/6906a4ff12838da2a74bdaeb7e7cd05cd1d69699?narHash=sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E%3D' (2025-03-17) → 'github:deuxfleurs-org/garage/14d2f2b18da015508d4a1e31b2f014da5188d516?narHash=sha256-AJfw%2BXRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI%3D' (2025-03-21) • Updated input 'home-manager': 'github:nix-community/home-manager/fb74bb76d94a6c55632376c931fc108131260ee9?narHash=sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4%3D' (2025-03-18) → 'github:nix-community/home-manager/216690777e47aa0fb1475e4dbe2510554ce0bc4b?narHash=sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI%3D' (2025-03-31) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8db15010d2059a23a17f70ef542b4d1e7d2c640.tar.gz?narHash=sha256-be2mY7VFiWcPw7GcaJBbUvpnpoLd39wxqTXagBNTR5w%3D&rev=d8db15010d2059a23a17f70ef542b4d1e7d2c640' (2025-03-17) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?narHash=sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW%2BDvDtuv9SwQZZcs%3D&rev=079528098f5998ba13c88821a2eca1005c1695de' (2025-01-18) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c?narHash=sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y%3D' (2025-03-17) → 'github:nix-community/nix-index-database/b3696bfb6c24aa61428839a99e8b40c53ac3a82d?narHash=sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E%3D' (2025-03-30) • Updated input 'nix-ld': 'github:nix-community/nix-ld/bc1ecb8ca83507c764a3909f02f1acf53c033585?narHash=sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A%3D' (2025-03-17) → 'github:nix-community/nix-ld/140451db1cadeef1e7e9e054332b67b7be808916?narHash=sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs%3D' (2025-03-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2b3795787eba0066a2bc8bba7362422e5713840f?narHash=sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80%3D' (2025-03-18) → 'github:nixos/nixpkgs/1d3a750cb7d8e1058a425810c80790a3842ef27b?narHash=sha256-aRAFj%2BSzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA%3D' (2025-03-31) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/da044451c6a70518db5b730fe277b70f494188f1?narHash=sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic%3D' (2025-03-18) → 'github:nixos/nixpkgs/7ffe0edc685f14b8c635e3d6591b0bbb97365e6c?narHash=sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI%3D' (2025-03-30) • Updated input 'nixvim': 'github:nix-community/nixvim/78f6166c23f80bdfbcc8c44b20f7f4132299a33f?narHash=sha256-XxygfriVXQt%2B5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg%3D' (2025-03-17) → 'github:nix-community/nixvim/d81f37256d0a8691b837b74979d27bf89be8ecdd?narHash=sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU%3D' (2025-03-30) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/86e2038290859006e05ca7201425ea5b5de4aecb?narHash=sha256-4DaDrQDAIxlWhTjH6h/%2BxfG05jt3qDZrZE/7zDLQaS4%3D' (2025-02-02) → 'github:NuschtOS/search/508752835128a3977985a4d5225ff241f7756181?narHash=sha256-i/JCrr/jApVorI9GkSV5to%2BUSrRCa0rWuQDH8JSlK2A%3D' (2025-03-22) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/87f0965f9f5b13fca9f38074eee8369dc767550d?narHash=sha256-RB0UEF9IXIgwuuBFC%2Bs9H4rDyvmMZePHlBAK4vRAwf4%3D' (2025-03-18) → 'github:oxalica/rust-overlay/011de3c895927300651d9c2cb8e062adf17aa665?narHash=sha256-OBcNE%2B2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc%3D' (2025-03-31) • Updated input 'sops-nix': 'github:Mic92/sops-nix/787afce414bcce803b605c510b60bf43c11f4b55?narHash=sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ%3D' (2025-03-17) → 'github:Mic92/sops-nix/8e873886bbfc32163fe027b8676c75637b7da114?narHash=sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo%3D' (2025-03-30) • Updated input 'treefmt': 'github:numtide/treefmt-nix/b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753?narHash=sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00%3D' (2025-03-18) → 'github:numtide/treefmt-nix/29a3d7b768c70addce17af0869f6e2bd8f5be4b7?narHash=sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE%3D' (2025-03-27) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/32de9a383db6b555ac92877dd8b5b986f4151de7?narHash=sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA%2BPy%2Bes%3D' (2025-03-18) → 'github:nix-community/nix-vscode-extensions/300097f877ee9a0c401a57e7ec731f4edace7117?narHash=sha256-LqcqOUJJcTUgACX2N%2Bi6cqMTZ/b0WAT4WUhwV9JWsZg%3D' (2025-03-31) Co-authored-by: github-actions[bot] --- flake.lock | 92 +++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/flake.lock b/flake.lock index 8f15385..df19b3b 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1742266954, - "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", + "lastModified": 1743186614, + "narHash": "sha256-uGI98B+binIclsCJd2wXb7l1k2wV7e+sNmX4R8L5RPc=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", + "rev": "3e57b7d35d5bd6cfed5900b377f7c68970213518", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "crane": { "locked": { - "lastModified": 1742317686, - "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1742243551, - "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", + "lastModified": 1742547966, + "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", + "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1742305478, - "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", + "lastModified": 1743430792, + "narHash": "sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", + "rev": "216690777e47aa0fb1475e4dbe2510554ce0bc4b", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1742250400, - "narHash": "sha256-be2mY7VFiWcPw7GcaJBbUvpnpoLd39wxqTXagBNTR5w=", - "rev": "d8db15010d2059a23a17f70ef542b4d1e7d2c640", + "lastModified": 1737234286, + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8db15010d2059a23a17f70ef542b4d1e7d2c640.tar.gz?rev=d8db15010d2059a23a17f70ef542b4d1e7d2c640" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", @@ -714,11 +714,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1743306489, + "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d", "type": "github" }, "original": { @@ -734,11 +734,11 @@ ] }, "locked": { - "lastModified": 1742204505, - "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", + "lastModified": 1743410259, + "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=", "owner": "nix-community", "repo": "nix-ld", - "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", + "rev": "140451db1cadeef1e7e9e054332b67b7be808916", "type": "github" }, "original": { @@ -781,11 +781,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "lastModified": 1743367904, + "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", "type": "github" }, "original": { @@ -829,11 +829,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1742276595, - "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", + "lastModified": 1743386251, + "narHash": "sha256-aRAFj+SzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", + "rev": "1d3a750cb7d8e1058a425810c80790a3842ef27b", "type": "github" }, "original": { @@ -854,11 +854,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1742255305, - "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", + "lastModified": 1743362786, + "narHash": "sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU=", "owner": "nix-community", "repo": "nixvim", - "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", + "rev": "d81f37256d0a8691b837b74979d27bf89be8ecdd", "type": "github" }, "original": { @@ -877,11 +877,11 @@ ] }, "locked": { - "lastModified": 1738508923, - "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", + "lastModified": 1742659553, + "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", "owner": "NuschtOS", "repo": "search", - "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", + "rev": "508752835128a3977985a4d5225ff241f7756181", "type": "github" }, "original": { @@ -998,11 +998,11 @@ ] }, "locked": { - "lastModified": 1742265167, - "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", + "lastModified": 1743388531, + "narHash": "sha256-OBcNE+2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", + "rev": "011de3c895927300651d9c2cb8e062adf17aa665", "type": "github" }, "original": { @@ -1018,11 +1018,11 @@ ] }, "locked": { - "lastModified": 1742239755, - "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", + "lastModified": 1743305778, + "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=", "owner": "Mic92", "repo": "sops-nix", - "rev": "787afce414bcce803b605c510b60bf43c11f4b55", + "rev": "8e873886bbfc32163fe027b8676c75637b7da114", "type": "github" }, "original": { @@ -1068,11 +1068,11 @@ ] }, "locked": { - "lastModified": 1742303424, - "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ ] }, "locked": { - "lastModified": 1742262692, - "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", + "lastModified": 1743386331, + "narHash": "sha256-LqcqOUJJcTUgACX2N+i6cqMTZ/b0WAT4WUhwV9JWsZg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", + "rev": "300097f877ee9a0c401a57e7ec731f4edace7117", "type": "github" }, "original": { From ecc20e71f30e4e626ab815687911560fe0e44870 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:17:57 -0400 Subject: [PATCH 08/31] don't use flake-parts --- flake.lock | 19 ++++++- flake.nix | 158 ++++++++++++++++++++--------------------------------- 2 files changed, 75 insertions(+), 102 deletions(-) diff --git a/flake.lock b/flake.lock index df19b3b..480ec6e 100644 --- a/flake.lock +++ b/flake.lock @@ -273,9 +273,7 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { "lastModified": 1741352980, @@ -763,6 +761,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, diff --git a/flake.nix b/flake.nix index 3093168..525c090 100644 --- a/flake.nix +++ b/flake.nix @@ -29,10 +29,6 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-parts.follows = "flake-parts"; }; - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -101,6 +97,7 @@ flake-utils.url = "github:numtide/flake-utils"; crane.url = "github:ipetkov/crane"; flake-compat.url = "github:edolstra/flake-compat"; + flake-parts.url = "github:hercules-ci/flake-parts"; }; nixConfig = { @@ -119,111 +116,74 @@ self, nixpkgs, home-manager, - flake-parts, ... }@inputs: - flake-parts.lib.mkFlake { inherit inputs; } ( - { ... }: + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default + ] ++ (import ./overlay { inherit inputs; }); + }; + in { - imports = [ - inputs.treefmt.flakeModule - ]; - systems = [ - "x86_64-linux" - ]; - perSystem = + nixosConfigurations = + let + lib = nixpkgs.lib; + in { - inputs', - ... - }: - { - treefmt = { - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.typos.enable = true; - programs.shellcheck.enable = true; - - programs.yamlfmt = { - enable = true; - settings.retain_line_breaks = true; - }; - - settings.global.excludes = [ - "secrets/*" - "**/*.png" # tries to format a png file + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lanzaboote.nixosModules.lanzaboote + inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/chunk + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default ]; }; }; - - flake = + homeConfigurations = let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = [ - inputs.rust-overlay.overlays.default - inputs.vscode-extensions.overlays.default - ] ++ (import ./overlay { inherit inputs; }); - }; + lib = home-manager.lib; in { - nixosConfigurations = - let - lib = nixpkgs.lib; - in - { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default - inputs.nix-ld.nixosModules.nix-ld - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in - { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim - inputs.nix-index-database.hmModules.nix-index - ]; - }; + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.nix-index-database.hmModules.nix-index + ]; + }; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; - }; + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; }; - } - ); + }; } From de4797cf066dd4f64de0bf5f4d622c405b12e59d Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:18:12 -0400 Subject: [PATCH 09/31] caddy: add keys.cy7.sh --- modules/caddy.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/caddy.nix b/modules/caddy.nix index 3e6ca63..90ec770 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -36,6 +36,15 @@ in } ''; environmentFile = config.sops.secrets."caddy/env".path; + + virtualHosts."keys.cy7.sh".extraConfig = '' + import common + respond / 200 { + body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD" + } + ''; }; }; } From 35638117ab2ef9ed1021d5049b8a2ef3bcc62f06 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:22:32 -0400 Subject: [PATCH 10/31] dogfood nixcp --- .../workflows/build-machines-and-homes.yml | 32 +++++++------------ 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 563a44c..88d531a 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -76,16 +76,12 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$package") - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + nix profile install git+https://git.cy7.sh/cy/nixcp.git + nixcp \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + -u https://nix-community.cachix.org \ + -u https://nixcache.cy7.sh \ + $package build-homes: strategy: @@ -153,13 +149,9 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$package") - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + nix profile install git+https://git.cy7.sh/cy/nixcp.git + nixcp \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + -u https://nix-community.cachix.org \ + -u https://nixcache.cy7.sh \ + $package From 0db4f4c4abce421fefe7e8d5e01fae93e317c93d Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:37:10 -0400 Subject: [PATCH 11/31] dogfood nixcp everywhere --- .github/workflows/build-machines-and-homes.yml | 6 ++---- .github/workflows/build-packages.yml | 15 +++++---------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 88d531a..6995a7a 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -76,8 +76,7 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix profile install git+https://git.cy7.sh/cy/nixcp.git - nixcp \ + nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ -u https://nixcache.cy7.sh \ @@ -149,8 +148,7 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix profile install git+https://git.cy7.sh/cy/nixcp.git - nixcp \ + nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ -u https://nixcache.cy7.sh \ diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index fea88fc..ce4afd1 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -64,16 +64,11 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "${{ matrix.package }}") - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + nix run git+https://git.cy7.sh/cy/nixcp.git -- \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + -u https://nix-community.cachix.org \ + -u https://nixcache.cy7.sh \ + "${{ matrix.package }}" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From 97da2848c616b3c571d58b37f2e7de16df94acf9 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 17:05:07 -0400 Subject: [PATCH 12/31] use good ol ssh-agent instead of bitwarden crap; install regular neovim --- home/yt/ytnix.nix | 14 +++++++++++--- hosts/ytnix/default.nix | 3 +++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index cd6baa4..686a8a3 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -122,9 +122,6 @@ AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; - - # bitwarden ssh agent - SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; home.sessionPath = [ @@ -152,4 +149,15 @@ }; programs.nix-index-database.comma.enable = true; + + programs.neovim = { + enable = true; + viAlias = true; + vimAlias = true; + }; + + programs.ssh = { + enable = true; + addKeysToAgent = "yes"; + }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index eba3509..ed91b61 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -329,6 +329,7 @@ curl pcre2 gsettings-desktop-schemas + fzf ]; }; programs.evolution.enable = true; @@ -390,4 +391,6 @@ nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; nix.settings.sandbox = false; + + programs.ssh.startAgent = true; } From 6a3a5d0cfdff73ee6e30cc7affa866bd81c480ae Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 17:08:22 -0400 Subject: [PATCH 13/31] rm overlays fot stuff we dont use anymore --- overlay/attic/default.nix | 7 --- overlay/attic/prefetch-8-chunks.patch | 14 ------ overlay/bitwarden/default.nix | 9 ---- overlay/bitwarden/ssh-agent-no-confirm.patch | 34 --------------- overlay/default.nix | 9 ---- overlay/vscode.nix | 14 ------ overlay/zipline/default.nix | 7 --- overlay/zipline/no-check-bucket.patch | 45 -------------------- 8 files changed, 139 deletions(-) delete mode 100644 overlay/attic/default.nix delete mode 100644 overlay/attic/prefetch-8-chunks.patch delete mode 100644 overlay/bitwarden/default.nix delete mode 100644 overlay/bitwarden/ssh-agent-no-confirm.patch delete mode 100644 overlay/vscode.nix delete mode 100644 overlay/zipline/default.nix delete mode 100644 overlay/zipline/no-check-bucket.patch diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix deleted file mode 100644 index 454d367..0000000 --- a/overlay/attic/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -final: prev: { - attic-server = prev.attic-server.overrideAttrs { - patches = [ - ./prefetch-8-chunks.patch - ]; - }; -} diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch deleted file mode 100644 index 3d6134f..0000000 --- a/overlay/attic/prefetch-8-chunks.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..b522154 100644 ---- a/server/src/api/binary_cache.rs -+++ b/server/src/api/binary_cache.rs -@@ -215,7 +215,7 @@ async fn get_nar( - let chunk = chunks[0].as_ref().unwrap(); - let remote_file = &chunk.remote_file.0; - let storage = state.storage().await?; -- match storage.download_file_db(remote_file, false).await? { -+ match storage.download_file_db(remote_file, true).await? { - Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), - Download::AsyncRead(stream) => { - let stream = ReaderStream::new(stream).map_err(|e| { - diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix deleted file mode 100644 index e9ace96..0000000 --- a/overlay/bitwarden/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( - finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - } - ); -} diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch deleted file mode 100644 index 3e8e023..0000000 --- a/overlay/bitwarden/ssh-agent-no-confirm.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs -index 4e304cc..8203dca 100644 ---- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs -+++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs -@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { - return false; - } - -- let request_id = self.get_request_id().await; -- println!( -- "[SSH Agent] Confirming request from application: {}", -- info.process_name() -- ); -- -- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); -- self.show_ui_request_tx -- .send(SshAgentUIRequest { -- request_id, -- cipher_id: Some(ssh_key.cipher_uuid.clone()), -- process_name: info.process_name().to_string(), -- is_list: false, -- }) -- .await -- .expect("Should send request to ui"); -- while let Ok((id, response)) = rx_channel.recv().await { -- if id == request_id { -- return response; -- } -- } -- false -+ true - } - - async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/default.nix b/overlay/default.nix index f4a7353..9e6336c 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,12 +1,4 @@ { inputs }: -let - overlays = [ - ./zipline - ./bitwarden - ./attic - ]; - importedOverlays = map (m: import m) overlays; -in [ ( final: prev: @@ -26,4 +18,3 @@ in } ) ] -++ importedOverlays diff --git a/overlay/vscode.nix b/overlay/vscode.nix deleted file mode 100644 index 4de2d90..0000000 --- a/overlay/vscode.nix +++ /dev/null @@ -1,14 +0,0 @@ -final: prev: { - vscode-extensions = prev.vscode-extensions // { - github = prev.vscode-extensions.github // { - codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - publisher = "github"; - name = "codespaces"; - version = "1.17.3"; - hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; - }; - }; - }; - }; -} diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix deleted file mode 100644 index b114119..0000000 --- a/overlay/zipline/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -final: prev: { - zipline = prev.zipline.overrideAttrs { - patches = [ - ./no-check-bucket.patch - ]; - }; -} diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch deleted file mode 100644 index 9d1c756..0000000 --- a/overlay/zipline/no-check-bucket.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts -index 089dd64..39dd8f4 100644 ---- a/src/lib/datasource/S3.ts -+++ b/src/lib/datasource/S3.ts -@@ -4,7 +4,6 @@ import { - DeleteObjectCommand, - DeleteObjectsCommand, - GetObjectCommand, -- ListBucketsCommand, - ListObjectsCommand, - PutObjectCommand, - S3Client, -@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource { - endpoint: this.options.endpoint ?? undefined, - forcePathStyle: this.options.forcePathStyle ?? false, - }); -- -- this.ensureBucketExists(); -- } -- -- private async ensureBucketExists() { -- try { -- const res = await this.client.send(new ListBucketsCommand()); -- if (res.$metadata.httpStatusCode !== 200) { -- this.logger -- .error('there was an error while listing buckets', res.$metadata as Record) -- .error('zipline will now exit'); -- process.exit(1); -- } -- -- if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) { -- this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit'); -- process.exit(1); -- } -- } catch (e) { -- this.logger -- .error('there was an error while listing buckets', e as Record) -- .error('zipline will now exit'); -- process.exit(1); -- } finally { -- this.logger.debug(`bucket ${this.options.bucket} exists`); -- } - } - - public async get(file: string): Promise { From da709432f552d3f3c3144a716f65bdda5535a143 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 2 Apr 2025 01:03:35 -0400 Subject: [PATCH 14/31] flake.lock: Update (#37) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'conduwuit': 'github:girlbossceo/conduwuit/3e57b7d35d5bd6cfed5900b377f7c68970213518?narHash=sha256-uGI98B%2BbinIclsCJd2wXb7l1k2wV7e%2BsNmX4R8L5RPc%3D' (2025-03-28) → 'github:girlbossceo/conduwuit/0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8?narHash=sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI%3D' (2025-04-01) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9?narHash=sha256-%2Bu2UunDA4Cl5Fci3m7S643HzKmIDAe%2BfiXrLqYsR2fs%3D' (2025-03-07) → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01) • Updated input 'home-manager': 'github:nix-community/home-manager/216690777e47aa0fb1475e4dbe2510554ce0bc4b?narHash=sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI%3D' (2025-03-31) → 'github:nix-community/home-manager/5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0?narHash=sha256-rvU79DJ6rPDxiH0sTp686Vlm%2BJewwAZPGcwt8OfHJbM%3D' (2025-04-02) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/1d3a750cb7d8e1058a425810c80790a3842ef27b?narHash=sha256-aRAFj%2BSzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA%3D' (2025-03-31) → 'github:nixos/nixpkgs/adae22bea8bcc0aa2fd6e8732044660fb7755f5e?narHash=sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys%2BjQWnkS/BHAMXVk%3D' (2025-04-02) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/7ffe0edc685f14b8c635e3d6591b0bbb97365e6c?narHash=sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI%3D' (2025-03-30) → 'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4?narHash=sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4%3D' (2025-04-01) • Updated input 'nixvim': 'github:nix-community/nixvim/d81f37256d0a8691b837b74979d27bf89be8ecdd?narHash=sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU%3D' (2025-03-30) → 'github:nix-community/nixvim/754b8df7e37be04b7438decee5a5aa18af72cbe1?narHash=sha256-/jlBU7EGIfaa5VKwvVyrSspuuNmgKYOjAuTd2ywyevg%3D' (2025-04-01) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/508752835128a3977985a4d5225ff241f7756181?narHash=sha256-i/JCrr/jApVorI9GkSV5to%2BUSrRCa0rWuQDH8JSlK2A%3D' (2025-03-22) → 'github:NuschtOS/search/2651dbfad93d6ef66c440cbbf23238938b187bde?narHash=sha256-bb/dqoIjtIWtJRzASOe8g4m8W2jUIWtuoGPXdNjM/Tk%3D' (2025-03-28) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/011de3c895927300651d9c2cb8e062adf17aa665?narHash=sha256-OBcNE%2B2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc%3D' (2025-03-31) → 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7?narHash=sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p%2BL5Ojh1SEOqs%3D' (2025-04-02) • Updated input 'sops-nix': 'github:Mic92/sops-nix/8e873886bbfc32163fe027b8676c75637b7da114?narHash=sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo%3D' (2025-03-30) → 'github:Mic92/sops-nix/e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8?narHash=sha256-zI2WSkU%2Bei4zCxT%2BIVSQjNM9i0ST%2B%2BT2qSFXTsAND7s%3D' (2025-04-01) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/300097f877ee9a0c401a57e7ec731f4edace7117?narHash=sha256-LqcqOUJJcTUgACX2N%2Bi6cqMTZ/b0WAT4WUhwV9JWsZg%3D' (2025-03-31) → 'github:nix-community/nix-vscode-extensions/bc23f562c367b3e6300d596c24f0080220897df7?narHash=sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY%3D' (2025-04-02) Co-authored-by: github-actions[bot] --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 480ec6e..a0bb113 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743186614, - "narHash": "sha256-uGI98B+binIclsCJd2wXb7l1k2wV7e+sNmX4R8L5RPc=", + "lastModified": 1743473828, + "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "3e57b7d35d5bd6cfed5900b377f7c68970213518", + "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8", "type": "github" }, "original": { @@ -276,11 +276,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -453,11 +453,11 @@ ] }, "locked": { - "lastModified": 1743430792, - "narHash": "sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI=", + "lastModified": 1743556466, + "narHash": "sha256-rvU79DJ6rPDxiH0sTp686Vlm+JewwAZPGcwt8OfHJbM=", "owner": "nix-community", "repo": "home-manager", - "rev": "216690777e47aa0fb1475e4dbe2510554ce0bc4b", + "rev": "5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0", "type": "github" }, "original": { @@ -794,11 +794,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1743367904, - "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", + "lastModified": 1743501102, + "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", + "rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4", "type": "github" }, "original": { @@ -842,11 +842,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1743386251, - "narHash": "sha256-aRAFj+SzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA=", + "lastModified": 1743559129, + "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1d3a750cb7d8e1058a425810c80790a3842ef27b", + "rev": "adae22bea8bcc0aa2fd6e8732044660fb7755f5e", "type": "github" }, "original": { @@ -867,11 +867,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1743362786, - "narHash": "sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU=", + "lastModified": 1743536158, + "narHash": "sha256-/jlBU7EGIfaa5VKwvVyrSspuuNmgKYOjAuTd2ywyevg=", "owner": "nix-community", "repo": "nixvim", - "rev": "d81f37256d0a8691b837b74979d27bf89be8ecdd", + "rev": "754b8df7e37be04b7438decee5a5aa18af72cbe1", "type": "github" }, "original": { @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1742659553, - "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", + "lastModified": 1743201766, + "narHash": "sha256-bb/dqoIjtIWtJRzASOe8g4m8W2jUIWtuoGPXdNjM/Tk=", "owner": "NuschtOS", "repo": "search", - "rev": "508752835128a3977985a4d5225ff241f7756181", + "rev": "2651dbfad93d6ef66c440cbbf23238938b187bde", "type": "github" }, "original": { @@ -1011,11 +1011,11 @@ ] }, "locked": { - "lastModified": 1743388531, - "narHash": "sha256-OBcNE+2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc=", + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "011de3c895927300651d9c2cb8e062adf17aa665", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", "type": "github" }, "original": { @@ -1031,11 +1031,11 @@ ] }, "locked": { - "lastModified": 1743305778, - "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=", + "lastModified": 1743502316, + "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8e873886bbfc32163fe027b8676c75637b7da114", + "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", "type": "github" }, "original": { @@ -1104,11 +1104,11 @@ ] }, "locked": { - "lastModified": 1743386331, - "narHash": "sha256-LqcqOUJJcTUgACX2N+i6cqMTZ/b0WAT4WUhwV9JWsZg=", + "lastModified": 1743558944, + "narHash": "sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "300097f877ee9a0c401a57e7ec731f4edace7117", + "rev": "bc23f562c367b3e6300d596c24f0080220897df7", "type": "github" }, "original": { From 026abe5123811883035cf36dcd409f8e0ee0a592 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 03:09:27 -0400 Subject: [PATCH 15/31] init authelia --- .sops.yaml | 7 ++++ hosts/chunk/default.nix | 6 ++- hosts/chunk/garage.nix | 2 +- hosts/chunk/redlib.nix | 1 + modules/authelia.nix | 68 ++++++++++++++++++++++++++++++++++ modules/caddy.nix | 7 ++++ modules/default.nix | 1 + secrets/services/authelia.yaml | 37 ++++++++++++++++++ 8 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 modules/authelia.nix create mode 100644 secrets/services/authelia.yaml diff --git a/.sops.yaml b/.sops.yaml index 9e9a860..21d2151 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -129,3 +129,10 @@ creation_rules: - *yt - *cy - *chunk + - path_regex: secrets/services/authelia.yaml + key_groups: + - age: + - *yt + - *cy + - *chunk + diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 22290c1..56bae51 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -146,12 +146,12 @@ ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" ]; # for forgejo users.users.git = { @@ -190,4 +190,6 @@ # container stuff my.containerization.enable = true; + + my.authelia.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 28f7b22..982e1f4 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -40,7 +40,7 @@ reverse_proxy localhost:3903 ''; "*.web.cy7.sh" = { - serverAliases = [ "nixcache.cy7.sh" ]; + serverAliases = [ "nixcache.cy7.sh" "staging.cy7.sh" ]; extraConfig = '' import common @plain { diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index d095da5..fac65cd 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -13,6 +13,7 @@ services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8087 ''; } diff --git a/modules/authelia.nix b/modules/authelia.nix new file mode 100644 index 0000000..0db83ee --- /dev/null +++ b/modules/authelia.nix @@ -0,0 +1,68 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.authelia; + getSecret = path: config.sops.secrets.${path}.path; + sopsConfig = { + sopsFile = ../secrets/services/authelia.yaml; + owner = "authelia-main"; + }; + domain = "auth.cy7.sh"; + varPath = "/var/lib/authelia-main"; +in +{ + options.my.authelia = { + enable = lib.mkEnableOption "authelia"; + }; + + config = lib.mkIf cfg.enable { + services.authelia.instances.main = { + enable = true; + settings = { + theme = "dark"; + default_2fa_method = "webauthn"; + log.level = "info"; + log.format = "text"; + server = { + disable_healthcheck = true; + endpoints.authz.forward-auth.implementation = "ForwardAuth"; + }; + authentication_backend.file.path = "${varPath}/users_database.yaml"; + access_control = { + default_policy = "deny"; + rules = [ + { + domain = "red.cy7.sh"; + policy = "one_factor"; + } + ]; + }; + session.cookies = [{ + domain = "cy7.sh"; + authelia_url = "https://${domain}"; + }]; + storage.local.path = "${varPath}/db.sqlite3"; + notifier.filesystem.filename = "${varPath}/notifications.txt"; + }; + secrets = { + sessionSecretFile = getSecret "authelia/session"; + storageEncryptionKeyFile = getSecret "authelia/storage"; + jwtSecretFile = getSecret "authelia/jwt"; + }; + }; + + sops.secrets = { + "authelia/jwt" = sopsConfig; + "authelia/storage" = sopsConfig; + "authelia/session" = sopsConfig; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + import common + reverse_proxy localhost:9091 + ''; + }; +} \ No newline at end of file diff --git a/modules/caddy.nix b/modules/caddy.nix index 90ec770..0eb2cb7 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -34,6 +34,13 @@ in resolvers 1.1.1.1 8.8.8.8 } } + + (authelia) { + forward_auth localhost:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } + } ''; environmentFile = config.sops.secrets."caddy/env".path; diff --git a/modules/default.nix b/modules/default.nix index 640d56b..db7bfa4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -9,5 +9,6 @@ ./vaultwarden.nix ./searx.nix ./attic.nix + ./authelia.nix ]; } diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml new file mode 100644 index 0000000..ebf6497 --- /dev/null +++ b/secrets/services/authelia.yaml @@ -0,0 +1,37 @@ +authelia: + jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] + storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] + session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] +sops: + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJOG1menBCTTF3YURCOThM + Q3Z4bnZJYmtQY1RmdTBSeFlhZCtUVzg4Qm5ZClo5NFJqaWg3NElKQjRLcFZGdmxP + cFMwOGxoelJlVnJNamUxWFhETWpiY3cKLS0tIFNDWGRkYVZQWTd2YXg2aGswbmJz + MVJQdDV3ZGdzd3NYL29tYU51NndiNmcKtagAZdoZQo0y0atvRI6f1tY/3j8aD4RP + yvs9RVDdNqm990O5EudjMNhoKLXnFQtX9NlzYVHzrsX0UT/HSUi7mQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0K2tGaktsdXVPN3g0bXps + ZkVWamZGc0QzNk1TaVdla1RDaW90TVpYb25rCmRPL29ZNFFCbVkrbVpseW5SZlFN + dmlLWHVBb1RMb1dvY3NKNHc3NEpMZFEKLS0tIFluRGN6U2paVzVBdCt4d3FyMVZ4 + Nkx5aHo4Qk8vU01wazdWdmhvNWRLQTAK7kiQiEdF1LpzQ/syjRjyhchShrnfhHFE + M/XWLSIcnnApt1dOyJhJlpsQTnT6Y6Fqem0y779/uOQCBJGavscOWw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzK2U3YlRLK3BuK1Q0TkYy + SE1lTkVXUUV4NFVuT2V2VjdqUFpBbVFLSTJnCjI3c0xpMnBnV0M0Q0ZHYTdUSVZl + MWNMQXowWitFVTlIMFBadVJ6OHBBR28KLS0tIHJ1M0NkZzFMSndIUjBwN2tFUmF5 + b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds + JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-02T06:02:29Z" + mac: ENC[AES256_GCM,data:F/nZqGBLsjLqocmtQCShAEDK79pEwZRVXw1ZNd6Rr2I6fewF2j3XAM5Zk9oRyI1jeD6lnKcWaYVx7dYFbcstlmTUZ2farIYZ6G/ylBMQxNP9mom+wWPz9oCwd5qBF5YrI0PtO6dFD7XXcUlWcWlPheuJ035XGp53rtNmvy1LVW0=,iv:+iWhVLm+KSLMb42n5d2I3JE6AQq/6tbd6LHd2nyUKfI=,tag:+oclIvtaG1s3SVLqbDiNwQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 From 7653df7715b58fe9f2960fc3fb2f7d7f0ed5c9e1 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 10:13:51 -0400 Subject: [PATCH 16/31] authelia: configure oidc and use it for immich --- modules/authelia.nix | 23 +++++++++++++++++++++++ secrets/services/authelia.yaml | 6 ++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/modules/authelia.nix b/modules/authelia.nix index 0db83ee..0e404cd 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -46,11 +46,32 @@ in }]; storage.local.path = "${varPath}/db.sqlite3"; notifier.filesystem.filename = "${varPath}/notifications.txt"; + webauthn = { + enable_passkey_login = true; + }; + identity_providers.oidc.clients = [ + { + client_id = "immich"; + client_name = "immich"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://photos.cy7.sh/auth/login" + "https://photos.cy7.sh/user-settings" + "app.immich:///oauth-callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + } + ]; }; secrets = { sessionSecretFile = getSecret "authelia/session"; storageEncryptionKeyFile = getSecret "authelia/storage"; jwtSecretFile = getSecret "authelia/jwt"; + oidcHmacSecretFile = getSecret "authelia/hmac"; + oidcIssuerPrivateKeyFile = getSecret "authelia/oidc_private"; }; }; @@ -58,6 +79,8 @@ in "authelia/jwt" = sopsConfig; "authelia/storage" = sopsConfig; "authelia/session" = sopsConfig; + "authelia/hmac" = sopsConfig; + "authelia/oidc_private" = sopsConfig; }; services.caddy.virtualHosts.${domain}.extraConfig = '' diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml index ebf6497..6aa9c33 100644 --- a/secrets/services/authelia.yaml +++ b/secrets/services/authelia.yaml @@ -2,6 +2,8 @@ authelia: jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] + hmac: ENC[AES256_GCM,data:K/qiyibBlu9wNh9IINHgYQiEZMromSA9Kf0iRVHPVuuhhUBZRyyfFyd4sLYNDLWvYKRJGnTBniIscQuBR+HU3/ttFGN0EkDsuAXlW3tKyLSxTiVgEvsKhA==,iv:2femAZUtSE9DjopiRIRT3Be3T2Qi0J+b8TaNJZ9vcjw=,tag:Sb7TT+1uxtStv20oM8oa8A==,type:str] + oidc_private: ENC[AES256_GCM,data:dzrykbgRk77yDbrnayTzSyiAjvgr5RUuDG046azumPinHL9wBaKpNdx6CqY7o+W95yOyVr/Xriw/aBbSyCZE8RoMchZhnS5Z8moHrIK7RryRM/BmEpOfyFLf9kpaO5QqSGyPt13yJQSA/3TwoXD4et3rVEdEz8mwb+vIA+G3WIZrNY+95KNjhwu9W648eouGBqJFfwTw0tm8mHsu+VZE8OYdp+ujSlKWZcVDEzgMEe+egXbvSB/3sk82HjolcqCmDx+U1TWMZfZdZPaT4RxONy+4kgGDW4FOqtsgctS2uRUQ2CLuRLD8xIulBO/VbsnNuticiM86BYygobq3RUdCKAFLUpcXqNWgnDBvnYPcF6mXPTmFCD3Gr2t4uRkqIIPc3NrW6DKnSO4pu4oVlUiSd9XaHGvAuo0yR7zcG7Zl4BAzhZa1HuVq6QmSNMf1TAo5P5zBc/NKlUVUhgIEKmRkwf95ZDyph1CJJagTsRZp/D4n6gbuzmV2Pjd8GxT6X+GOK7MQ3hPWsQP8+hhf8DArnVa988Z5cVxG3CQS6wEdEfc8yoHXlXwsB6iHjG4GooJk17GkP0YnMqOkv5Y9QbWXGNN/Zce6LJrSdvpd1Z8oWHxFB9ChFEA34tTYE/1wv0C71K6VRADnshBTyg0i+7GxvW0iyplWGEB2/DRv9WbpmIze1vff0KPlwvmdPXvZM7kfJE6uRP+DH5kJeIlKezA+hwuZmTLEu8kTdIkIJVfbzuOmXtX1yO+sQmSs6anqbSBuw5dpKYFFtQ04V+P27uTdi6lbUUfaBiHMhiW2A8aj/1Xf+pOV5oIN1c7PXNhAGrsNbmumQ7mBmbfOZeLC2aze5iKLSu5xqCzMNEWdlxXkmK+eEuUgDAQgW0pRAA12wvAFT8cf5BIeEPQQF4gPJprrQ3u93AXCVXve/TPC6rSEb+uCVq30JRGvIciFAEPWjhtSSO2Mh2zxjaALXVRE456k8DQq5mvovCp003EW23Io+lKDfg73n4LLZvbpHBVa3SQY0YMazjynJTo6UcDT3J/u9kNutIRjszzohMdW4jmykawPb/FFGv4yaX199bkTT/6/ztygaUTUTtWrl40p61lMzFHsz1qPy/5Bp4fxOYk6mLHpUFBpXUlu90ZxiReu6fX9HR6oQ1OC6MmpYjvcvxOAfIszgoMmp0LABJ1XN7DMOxpRrjNqW071xnel2/NzYy/gx0r2SdusxFJckGjrnyVzjEBVFwdpc9lZ+NdyzbNaElt/duk5AhdQ/iTCDlQpFsBhcl83Sbt38P/QlsOCPvRYuOz3vvOgeRprZn4hXuvGpQKJZEy+/rHDFijVABgbqLBxhfQiCpFmfwqQrcI+vFnPBGHP96p8S7xg5Dh2007QyFk9D2zHDHY6E+Iv27UkjaCZI29IAEdBe86IMtLI7Pl0q6XE44cHwD+QqzS55YlPj/F3va9LesoylPzBJwlxogciolfBQfQjLp4OF1rBSpy1Xy/Es7+M9eEsdatX1a3qFzYCJbC8+no5ol0PaIHx4ejH9aeoIiVfq/yXtzV04pJQz0bZfpfKVwtroyHhclEsP9pZVHnnexIFY1xqVF76V0kbusiizhru5ldOWE7smwXD5+KyMCTfDuxPnEjFBZLb/BLjo46sugJTAGQJhBBWJY+h7Je5PP+FnjQG28h4n4NMshhPfnyDEAZWNpDAHi08KhHOGzbNhPl+E+pNrNoNwmJjWbiqZ+P9LVQf1s5C+UrL+uV6qpeVKcm9tjy75fgVTD4iRXb4ejQIWlwO2EVLBzI9BXYsVmly6z0C+8f3wDPswwwocna9SonBus1QGudZ8cLSihZqSYmq6fCIFqfXTlCj3H0aOBNbX7dCYrles/y6jtn0VebQa3UEflXs+4WytpXdKEelN5f1PoJVnjrRF6Wtyq23GNbo1M9BTBQfpUf5x7QnZrxyIVbgvHq3JSR6/5p6yv6SGOdypCEqMtvnw9+bJMi6bxy55tXQNNpBB/GHWPqzOE9//9pqazJzikL/x7HWg/t+tJ7yV7MCFV6Bk2cy77j7i0fftxfHqjF7MRbnIaJRqxiTqp0z2rA4L797Que6a903b/u/AStMnsm8sE9gRy7P5L/PafqpgA/kK2FIxbDDP91cnvikRi2u+oaydHLhCkaq20SIupBCbgyDVkOXZ9n5EnKJDjFOAbOQ2UiXYrQPXDEMPLLUklBeLzQBHY4ZTQ7zzMb1tqvo4UqaHVnw2FwY+PoX2IPmF1ciccFO5uHX2w2qz8Hx0ZCPa9AsR/3HhKAg9sdg0cF0k3nXqTWCSs8j+9vpJxjCmrN1bXwoRA8K/ICYDoOtjb76c1B/Ahvc2YA7OULcM0EAzsQ2Z++cU/OCIcQatxzEx+TOp5i1yN2YnCFHqDBpE1UB2UbxBCYb+oEEBqB9qeFkQI6eZmvHASjdasXUtvnBYNCc3nliGfODoOXKLmzHQZJVPguWFu7b06zWA7fy3qGMjf7h/RhKbfkL9o7HkAvHTSh0+Lpc8gjPVu+sqLNUMyk3196LJWUI3nf7L3kUxkdSBdsJ/18FZ97OzC3Ws9dhhWe02ry3Y2ptRnIlLf8f4Y/P6FpqwR8Asa6NYBq+LKNSuWfzo4ZynkPt4irAm0LDOnZzbrRbQTB7tUHIA1dZMMWueIe22mUDOzTGDPuFSfF31rYbh2rmc3Tjvkumz6g53kdCV4QnL04htkMwql4KvpMCrkkMxDRlOTf1Xh10QrO49aPd29i7LbFjorGj1872hXszPDpmdDN78VApvMzVue8dKdhlz/x/9aCJnp9oEEgdObEg2OYyc29bqd9kbCOs5F4vaI4YdMrN9QKTqjAVG0kQAKH41Q7VCe0/jPWmGpH4Kd40RQ6/NY5g312D3RKV3V30DlCOIm+w1z7XzV2EWTgb5vgg4EbYyVmh3Y7wBguv2qOqzwhGMFrWGx+fTFAe5Zq8TVwvQUfeN/vFlYz+jc8ysKBbyrrAl4vKm2pz9Geu3Rh4AfRRmxawNjE/qlrTk6sWdWNJu7i2Wgk1C2+1FZeAprPg6EsZj7rFEGOFvZIjWrTi7n+IHI+8rRKDo3J5SkAsxiDaDo8dfvGecPp9ig5l9+OiN68t29HxfGnhJsk5eim/vkuA5mdFJW0cy7h3gtP1Z0PtRYsRoBO+hPp7dcYhhh9NqkP4LbVI8graz5FEf0yMmaA6ci7xgBWe/zOa0V539Y9cWzTK5zE2wrWI+mHKsbgUH9s+7y0tTVk9mPaNKhih1MHgCQiFyctQLzVnd6fXnv7JHzkkIY7AQiCjEZ4QPUrj99rDh0bikDtKX0hAiVedGMJQ664Hhyd3sWVGfrC/Qmob+4LhpE24kAxIRf94d2cB1zRFQ02HMGkbVUbge8SPNqqq/HoWkYvNo/ltdL0Nr5Qb1OmY0LP5txGh8cCQt8SD3K/ww+ZjD0ZbqqTwIaND9reyzXL0ryf8yNkiPCTpFiNmdL1rtHw+E2s9HtdngCz9XuGW5GRa4cL5xY1Yt4WBLEnxXwmyB/EOjBIeO4aJuwAcssL3UrvS/IEERWN4XrqVM4O81ainLaXeze1jj9VJcMb+/qz8dMdgm4WGkKfbbJeIsFCrlHOJ0CFNZZmijMvkoTvZ9WTq2OpxxZdsci1UmItlU60LETfWTUK8Q3YOo+c+fukIMPv68NLQH1LsiYjFXo9yDdzfD990uI5wdwnR3S3Sx6Vp04SkzJX7BAZ2UuL0wJ564Ny4S9Ew5BfWucd70mfQaEzOl52M9mqCyJYDfMYhd65YxkAEAV1dMg3FBlpZmOr2wtEQqXz+25cSPCNwQ/obCQt12cLNGRhyNi1Stz2E67Q9sesmssF7dgq0u/TeLezzVxTk13sJj6PzMtdpOYDwsgZJdh9hz8PZ32nJMTJnlkq6zcTYsbq23+HreCx1dHJJEDjpqZlttMYqLZ8mLLob25PzFaue164MbqozFtNTOc8eeOD+hoPCP/hfPoKoNi7oARs0fvwOwCQEug0XpMcz9mF/85ZBxYuDUBEP1vpbD9MpP/ECslqGdHuJePEFiiJOrDVggpaGcgWUfS2jwWv/46Bbz+W9QH+6Y8IevMf+lXPOL294g5VOoOW5k77naeNNCbycbijFD76gR5DtA+Vn+B6pxzF7l4E4VqC0Vlc1OUvYA7GLZ4rzb4bH4cEZiIb2/skDhJOmcb2btPWKRgutbmpHmi59eVbVkKUAKXm/WBw8xLwt2sLBS5r5R7aAZpMu/NaXFTfBEBGUzrH1u8Pfz3FwRK7v0QEyzhu2bS2JkGxSsaxD5+geQlvzN8eRYW4+pst/CfcCxTES9spBnqSWIX++rs8f9/mECf4jXzZQDv0fdbGILAU=,iv:GTKiBIir9+G3Lh45x77KARxi7paEsGP1m0qVldRnuOw=,tag:eCsjDzyO1g2HvnDhR/Gb4w==,type:str] sops: age: - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 @@ -31,7 +33,7 @@ sops: b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-02T06:02:29Z" - mac: ENC[AES256_GCM,data:F/nZqGBLsjLqocmtQCShAEDK79pEwZRVXw1ZNd6Rr2I6fewF2j3XAM5Zk9oRyI1jeD6lnKcWaYVx7dYFbcstlmTUZ2farIYZ6G/ylBMQxNP9mom+wWPz9oCwd5qBF5YrI0PtO6dFD7XXcUlWcWlPheuJ035XGp53rtNmvy1LVW0=,iv:+iWhVLm+KSLMb42n5d2I3JE6AQq/6tbd6LHd2nyUKfI=,tag:+oclIvtaG1s3SVLqbDiNwQ==,type:str] + lastmodified: "2025-04-02T14:06:11Z" + mac: ENC[AES256_GCM,data:wK8Nb1Vb80UfolzqZOpifZdoEKYu847anowYiCdSluoK+dfHhDhCj7ZxznYV7SwVACIoLsqLR5syRzC861PRBrAujkhbcn7lTc1kQRCjw0gMAbPYR/xiO76EHmiYqnV2UMN0EmuQg1nIRIWY9EO9C7m1b9fjoZFgDsj/7O99aVU=,iv:CJxUKpyNgEYwqLhSvuXoHb+Hu3M7ydKh0WlsjlOtKkM=,tag:4KXmNwwFrqvBjxe656Jvug==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1 From f072b33fe26886b409466a32a6f8d81e995319f7 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 10:58:48 -0400 Subject: [PATCH 17/31] authelia: configure forgejo for oidc --- modules/authelia.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/authelia.nix b/modules/authelia.nix index 0e404cd..ae5b0ad 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -64,6 +64,19 @@ in scopes = [ "openid" "profile" "email" ]; userinfo_signed_response_alg = "none"; } + { + client_id = "forgejo"; + client_name = "Forgejo"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://git.cy7.sh/user/oauth2/authelia/callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_basic"; + } ]; }; secrets = { From 9bab7059626b05ad53f173828a67f80b6fef7716 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 15:06:40 -0400 Subject: [PATCH 18/31] flake: only override nixpkgs input --- flake.lock | 551 ++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 118 +++--------- 2 files changed, 438 insertions(+), 231 deletions(-) diff --git a/flake.lock b/flake.lock index a0bb113..d7cfcaa 100644 --- a/flake.lock +++ b/flake.lock @@ -2,22 +2,12 @@ "nodes": { "attic": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1738524606, @@ -29,6 +19,7 @@ }, "original": { "owner": "zhaofengli", + "ref": "main", "repo": "attic", "type": "github" } @@ -36,9 +27,9 @@ "cachix": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1737621947, @@ -72,7 +63,7 @@ "cachix", "devenv" ], - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1728672398, @@ -108,21 +99,13 @@ }, "conduwuit": { "inputs": { - "attic": [ - "attic" - ], + "attic": "attic", "cachix": "cachix", "complement": "complement", - "crane": [ - "crane" - ], + "crane": "crane_2", "fenix": "fenix", - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils", "liburing": "liburing", "nix-filter": "nix-filter", "nixpkgs": [ @@ -145,6 +128,59 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "master", + "repo": "crane", + "type": "github" + } + }, + "crane_3": { + "locked": { + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_4": { "locked": { "lastModified": 1742394900, "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", @@ -217,6 +253,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -232,7 +284,40 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "master", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { + "flake": false, "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -248,6 +333,28 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "conduwuit", @@ -271,9 +378,33 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] }, "locked": { "lastModified": 1743550720, @@ -303,6 +434,7 @@ }, "original": { "owner": "numtide", + "ref": "main", "repo": "flake-utils", "type": "github" } @@ -325,6 +457,78 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -342,21 +546,13 @@ }, "garage": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], + "crane": "crane_3", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay" }, "locked": { "lastModified": 1742547966, @@ -385,7 +581,7 @@ "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1733318908, @@ -496,22 +692,14 @@ }, "lanzaboote": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], + "crane": "crane_4", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1741442524, @@ -577,9 +765,7 @@ }, "lix-module": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -603,15 +789,11 @@ }, "nil": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1741118843, @@ -634,9 +816,9 @@ "cachix", "devenv" ], - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-23-11": [ "conduwuit", "cachix", @@ -687,6 +869,7 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ + "conduwuit", "attic", "nixpkgs" ] @@ -747,36 +930,37 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -792,7 +976,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1743501102, "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", @@ -809,6 +993,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -824,7 +1024,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -840,7 +1040,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1743559129, "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", @@ -858,9 +1058,7 @@ }, "nixvim": { "inputs": { - "flake-parts": [ - "flake-parts" - ], + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -882,7 +1080,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_5", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -903,22 +1101,6 @@ "type": "github" } }, - "nvim-github-theme": { - "flake": false, - "locked": { - "lastModified": 1735641120, - "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", - "owner": "projekt0n", - "repo": "github-nvim-theme", - "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", - "type": "github" - }, - "original": { - "owner": "projekt0n", - "repo": "github-nvim-theme", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -964,12 +1146,7 @@ }, "root": { "inputs": { - "attic": "attic", "conduwuit": "conduwuit", - "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils", "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -977,13 +1154,11 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_3", "nixvim": "nixvim", - "nvim-github-theme": "nvim-github-theme", - "rust-overlay": "rust-overlay", + "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", - "treefmt": "treefmt", "vscode-extensions": "vscode-extensions" } }, @@ -1005,6 +1180,70 @@ } }, "rust-overlay": { + "inputs": { + "nixpkgs": [ + "garage", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738549608, + "narHash": "sha256-GdyT9QEUSx5k/n8kILuNy83vxxdyUfJ8jL5mMpQZWfw=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "nil", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -1074,31 +1313,69 @@ "type": "github" } }, - "treefmt": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, + "systems_3": { "locked": { - "lastModified": 1743081648, - "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "numtide", - "repo": "treefmt-nix", + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", "type": "github" } }, "vscode-extensions": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 525c090..aa43dea 100644 --- a/flake.nix +++ b/flake.nix @@ -4,100 +4,30 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - treefmt = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - lanzaboote = { - url = "github:nix-community/lanzaboote/master"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.crane.follows = "crane"; - inputs.flake-compat.follows = "flake-compat"; - inputs.flake-parts.follows = "flake-parts"; - inputs.rust-overlay.follows = "rust-overlay"; - }; - nixvim = { - url = "github:nix-community/nixvim"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - conduwuit = { - url = "github:girlbossceo/conduwuit"; - inputs = { - nixpkgs.follows = "nixpkgs"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - attic.follows = "attic"; - }; - }; - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - nix-ld = { - url = "github:nix-community/nix-ld"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nil = { - url = "github:oxalica/nil"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - inputs.flake-utils.follows = "flake-utils"; - }; - vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions/"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - flake-compat.follows = "flake-compat"; - flake-parts.follows = "flake-parts"; - crane.follows = "crane"; - }; - }; - garage = { - url = "github:deuxfleurs-org/garage"; - inputs = { - nixpkgs.follows = "nixpkgs"; - rust-overlay.follows = "rust-overlay"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - }; - }; - - nvim-github-theme = { - url = "github:projekt0n/github-nvim-theme"; - flake = false; - }; - - # deduplication - flake-utils.url = "github:numtide/flake-utils"; - crane.url = "github:ipetkov/crane"; - flake-compat.url = "github:edolstra/flake-compat"; - flake-parts.url = "github:hercules-ci/flake-parts"; + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote.url = "github:nix-community/lanzaboote/master"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + nixvim.url = "github:nix-community/nixvim"; + nixvim.inputs.nixpkgs.follows = "nixpkgs"; + rust-overlay.url = "github:oxalica/rust-overlay"; + rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; + conduwuit.url = "github:girlbossceo/conduwuit"; + conduwuit.inputs.nixpkgs.follows = "nixpkgs"; + lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; + lix-module.inputs.nixpkgs.follows = "nixpkgs"; + nix-ld.url = "github:nix-community/nix-ld"; + nix-ld.inputs.nixpkgs.follows = "nixpkgs"; + nil.url = "github:oxalica/nil"; + nil.inputs.nixpkgs.follows = "nixpkgs"; + vscode-extensions.url = "github:nix-community/nix-vscode-extensions/"; + vscode-extensions.inputs.nixpkgs.follows = "nixpkgs"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + garage.url = "github:deuxfleurs-org/garage"; + garage.inputs.nixpkgs.follows = "nixpkgs"; }; nixConfig = { From f894fdb61ce842259bb318c0df80d833e9462bc2 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 15:07:08 -0400 Subject: [PATCH 19/31] authelia: auth redlib --- hosts/chunk/miniflux.nix | 1 + modules/authelia.nix | 2 +- modules/vault.nix | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 modules/vault.nix diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 84783f6..9c6a8c7 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -12,6 +12,7 @@ services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8080 ''; } diff --git a/modules/authelia.nix b/modules/authelia.nix index ae5b0ad..afd8b52 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -35,7 +35,7 @@ in default_policy = "deny"; rules = [ { - domain = "red.cy7.sh"; + domain = "*.cy7.sh"; policy = "one_factor"; } ]; diff --git a/modules/vault.nix b/modules/vault.nix new file mode 100644 index 0000000..1e3772d --- /dev/null +++ b/modules/vault.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vault; +in +{ + options.my.vault = { + enable = lib.mkEnableOption "hashicorp vault"; + }; + + config = lib.mkIf cfg.enable { + services.vault = { + + }; + }; +} \ No newline at end of file From 2f1b064d59f420a877da9f649e0907a420dea076 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 15:08:13 -0400 Subject: [PATCH 20/31] rm nixvim --- flake.nix | 4 - home/nixvim/default.nix | 215 ---------------------------------------- home/yt/common.nix | 1 - 3 files changed, 220 deletions(-) delete mode 100644 home/nixvim/default.nix diff --git a/flake.nix b/flake.nix index aa43dea..3bcf3e7 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,6 @@ home-manager.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.url = "github:nix-community/lanzaboote/master"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - nixvim.url = "github:nix-community/nixvim"; - nixvim.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; conduwuit.url = "github:girlbossceo/conduwuit"; @@ -101,7 +99,6 @@ extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim inputs.nix-index-database.hmModules.nix-index ]; }; @@ -111,7 +108,6 @@ extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim ]; }; }; diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix deleted file mode 100644 index 5199812..0000000 --- a/home/nixvim/default.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ pkgs, inputs, ... }: -{ - programs.nixvim = { - enable = true; - plugins.lualine.enable = true; - opts = { - number = true; - relativenumber = true; - expandtab = true; - autoindent = true; - shiftwidth = 2; - smartindent = true; - tabstop = 2; - ignorecase = true; - incsearch = true; - smartcase = true; - }; - colorscheme = "github_dark_tritanopia"; - clipboard.register = "unnamed"; - - globals = { - mapleader = ","; - }; - - extraPlugins = [ - (pkgs.vimUtils.buildVimPlugin { - name = "github-theme"; - src = inputs.nvim-github-theme; - }) - ]; - - keymaps = [ - { - action = "Neotree toggle"; - key = "s"; - mode = "n"; - options.silent = true; - } - { - # shortcut to command mode - action = ":"; - key = ";"; - mode = [ - "n" - "x" - ]; - options.silent = true; - } - { - # insert line below without moving cursor - action = "printf('m`%so``', v:count1)"; - key = "o"; - options.expr = true; - mode = "n"; - } - { - # insert line above without moving cursor - action = "printf('m`%sO``', v:count1)"; - key = "O"; - options.expr = true; - mode = "n"; - } - # nice emacs bindings - { - action = ""; - key = ""; - mode = "i"; - } - { - action = ""; - key = ""; - mode = "i"; - } - ]; - - plugins.cmp = { - enable = true; - settings = { - formatting.fields = [ - "abbr" - "kind" - "menu" - ]; - experimental = { - ghost_text = true; - }; - snippet.expand = '' - function(args) require('luasnip').lsp_expand(args.body) end - ''; - sources = [ - { name = "nvim_lsp"; } - { name = "emoji"; } - { name = "luasnip"; } - { name = "buffer"; } - { name = "path"; } - ]; - mapping = { - "" = "cmp.mapping.abort()"; - "" = "cmp.mapping.select_next_item()"; - "" = "cmp.mapping.select_prev_item()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = '' - cmp.mapping(function(fallback) - if cmp.visible() then - if require("luasnip").expandable() then - require("luasnip").expand() - else - cmp.confirm({ - select = true, - }) - end - else - fallback() - end - end) - ''; - # plain tab conflicts with i try to indent - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(1) then - require("luasnip").jump(1) - else - fallback() - end - end,{"i","s"}) - ''; - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(-1) then - require("luasnip").jump(-1) - else - fallback() - end - end,{"i","s"}) - ''; - }; - }; - }; - - plugins.lsp = { - enable = true; - keymaps.lspBuf = { - "K" = "hover"; - "gd" = "definition"; - "gD" = "references"; - # "gt" = "type_definition"; # conflicts with switch tab - "gI" = "type_definition"; - "gi" = "implementation"; - }; - servers = { - bashls.enable = true; - lua_ls.enable = true; - nil_ls = { - enable = true; - settings = { - formatting.command = [ - "nix" - "fmt" - ]; - nix.flake.autoArchive = true; - }; - }; - rust_analyzer = { - enable = true; - installRustc = false; - installCargo = false; - }; - eslint.enable = true; - yamlls.enable = true; - }; - }; - plugins.treesitter = { - enable = true; - nixGrammars = true; - settings = { - indent.enable = true; - auto_install = true; - highlight.enable = true; - }; - }; - plugins.fzf-lua = { - enable = true; - profile = "fzf-native"; - keymaps = { - "ff" = "files"; - "fg" = "live_grep"; - }; - }; - - plugins.neo-tree = { - enable = true; - buffers.followCurrentFile.enabled = true; - window.width = 30; - }; - - plugins.gitsigns = { - enable = true; - settings.current_line_blame = true; - }; - - plugins.cmp-buffer.enable = true; - plugins.cmp-emoji.enable = true; - plugins.cmp-nvim-lsp.enable = true; - plugins.cmp-path.enable = true; - plugins.cmp_luasnip.enable = true; - plugins.luasnip.enable = true; - plugins.nvim-autopairs.enable = true; - plugins.rainbow-delimiters.enable = true; - plugins.web-devicons.enable = true; - plugins.auto-save.enable = true; - plugins.indent-blankline.enable = true; - plugins.undotree.enable = true; - }; -} diff --git a/home/yt/common.nix b/home/yt/common.nix index a8c9467..d06d67b 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,7 +3,6 @@ imports = [ ../tmux.nix ../zsh - ../nixvim ]; home.sessionVariables = { From 22cc5aed313e82c89427376d93a7db4c3ad54c32 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 16:18:16 -0400 Subject: [PATCH 21/31] workflow: use direct s3 url check for hit on nixcache --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6995a7a..79f3f7b 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -79,7 +79,7 @@ jobs: nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ + -u https://nixcache.web.cy7.sh \ $package build-homes: @@ -151,5 +151,5 @@ jobs: nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ + -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index ce4afd1..11ebc32 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -67,7 +67,7 @@ jobs: nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ + -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" - name: prepare tarball to upload From f6b7c0d3a1e895771a77c66dfcd035460fc386fe Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 16:21:35 -0400 Subject: [PATCH 22/31] nix flake lock oops --- flake.lock | 130 +---------------------------------------------------- 1 file changed, 1 insertion(+), 129 deletions(-) diff --git a/flake.lock b/flake.lock index d7cfcaa..1a2c3f1 100644 --- a/flake.lock +++ b/flake.lock @@ -399,27 +399,6 @@ "type": "github" } }, - "flake-parts_4": { - "inputs": { - "nixpkgs-lib": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -511,24 +490,6 @@ "type": "github" } }, - "flake-utils_6": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -662,34 +623,6 @@ "type": "github" } }, - "ixx": { - "inputs": { - "flake-utils": [ - "nixvim", - "nuschtosSearch", - "flake-utils" - ], - "nixpkgs": [ - "nixvim", - "nuschtosSearch", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729958008, - "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.0.6", - "repo": "ixx", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane_4", @@ -1056,51 +989,6 @@ "type": "github" } }, - "nixvim": { - "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": [ - "nixpkgs" - ], - "nuschtosSearch": "nuschtosSearch" - }, - "locked": { - "lastModified": 1743536158, - "narHash": "sha256-/jlBU7EGIfaa5VKwvVyrSspuuNmgKYOjAuTd2ywyevg=", - "owner": "nix-community", - "repo": "nixvim", - "rev": "754b8df7e37be04b7438decee5a5aa18af72cbe1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixvim", - "type": "github" - } - }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils_5", - "ixx": "ixx", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743201766, - "narHash": "sha256-bb/dqoIjtIWtJRzASOe8g4m8W2jUIWtuoGPXdNjM/Tk=", - "owner": "NuschtOS", - "repo": "search", - "rev": "2651dbfad93d6ef66c440cbbf23238938b187bde", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1156,7 +1044,6 @@ "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_3", - "nixvim": "nixvim", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" @@ -1358,24 +1245,9 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] From d6186b23eedafee54bdba4fe3599a5da24637033 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 17:55:05 -0400 Subject: [PATCH 23/31] flake: don't override lix-module's nixpkgs input --- flake.lock | 22 ++++++++++++++++++---- flake.nix | 1 - 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 1a2c3f1..0fe0871 100644 --- a/flake.lock +++ b/flake.lock @@ -701,9 +701,7 @@ "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1742943028, @@ -974,6 +972,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1743559129, "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", @@ -1042,7 +1056,7 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_3", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index 3bcf3e7..37215e0 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,6 @@ conduwuit.url = "github:girlbossceo/conduwuit"; conduwuit.inputs.nixpkgs.follows = "nixpkgs"; lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; - lix-module.inputs.nixpkgs.follows = "nixpkgs"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nil.url = "github:oxalica/nil"; From a61c7fbf503361e5d6761a4a23bad28291f43109 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 17:32:29 -0400 Subject: [PATCH 24/31] workflow: nix copy compression none; add cache.lix.systems; pass -L to nixos-rebuild --- .../workflows/build-machines-and-homes.yml | 24 +++++++------------ .github/workflows/build-packages.yml | 11 ++++----- 2 files changed, 13 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 79f3f7b..c955639 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -47,17 +47,14 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + upgrade-nix nix --version - name: Sync repository @@ -69,7 +66,7 @@ jobs: run: | # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" # nix build -L "$package" - nix run nixpkgs#nixos-rebuild build -- --flake ".#${{ matrix.machine }}" + nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - name: cache # https://stackoverflow.com/a/58859404 @@ -77,7 +74,7 @@ jobs: run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package @@ -120,17 +117,14 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + upgrade-nix nix --version - name: Sync repository @@ -149,7 +143,7 @@ jobs: run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 11ebc32..c188482 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -40,17 +40,14 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + upgrade-nix nix --version - name: Sync repository @@ -65,7 +62,7 @@ jobs: if: '!cancelled()' run: | nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" From 912cde0be459bb4a727cce882ed846d32f73d6d9 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 10:01:49 -0400 Subject: [PATCH 25/31] bump conduwuit --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0fe0871..7eb0812 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743473828, - "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=", + "lastModified": 1743735594, + "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8", + "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696", "type": "github" }, "original": { @@ -151,11 +151,11 @@ }, "crane_2": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1739936662, + "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", "type": "github" }, "original": { From d3c61ac0dfe0c7cca1595edd9846551ce3331b22 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:06:56 -0400 Subject: [PATCH 26/31] kitty: improve keybindings and bring back kitten ssh alias --- home/kitty.nix | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/home/kitty.nix b/home/kitty.nix index ea7047f..0021bb5 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -17,10 +17,10 @@ # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager - "scrollback_pager_history_size" = "1024"; + "scrollback_pager_history_size" = "10"; # in MB # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; - "scrollback_lines" = 20000; + # "scrollback_lines" = 20000; }; keybindings = { # kitty_mod is ctrl+shift by default @@ -58,18 +58,29 @@ "kitty_mod+alt+p" = "move_tab_backward"; "kitty_mod+q" = "close_tab"; "kitty_mod+t" = "new_tab_with_cwd"; - "ctrl+f2" = "detach_tab"; # hints # > basically means the preceding key is a prefix (think tmux) "kitty_mod+o>o" = "open_url_with_hints"; - "kitty_mod+o>p" = "kitten hints --type path --program -"; - "kitty_mod+o>n" = "kitten hints --type line --program -"; - "kitty_mod+o>w" = "kitten hints --type word --program -"; - "kitty_mod+o>h" = "kitten hints --type hash --program -"; + # `--program @` means copy to clipboard + "kitty_mod+o>u" = "kitten hints --type url --program @"; + "kitty_mod+o>p" = "kitten hints --type path --program @"; + "kitty_mod+o>n" = "kitten hints --type line --program @"; + "kitty_mod+o>w" = "kitten hints --type word --program @"; + "kitty_mod+o>h" = "kitten hints --type hash --program @"; "kitty_mod+o>l" = "kitten hints --type linenum"; + + # scrolling + "kitty_mod+u" = "scroll_page_up"; + "kitty_mod+d" = "scroll_page_down"; + "kitty_mod+a" = "scroll_home"; + "kitty_mod+e" = "scroll_end"; + "kitty_mod+z" = "scroll_to_prompt -1"; # scroll to previous shell prompt + "kitty_mod+x" = "scroll_to_prompt 1"; # scroll to next shell prompt + "kitty_mod+y" = "show_scrollback"; # browse scrollback buffer in pager + "kitty_mod+g" = "show_last_command_output"; # browse output of last command in pager }; }; - # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( + programs.zsh.shellAliases."ssh" = "kitten ssh"; } From afda7622defc3f33bfa35b2346f29ab10ca1e931 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:07:39 -0400 Subject: [PATCH 27/31] hedgedoc: fix domain --- hosts/chunk/hedgedoc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 62505f9..1e7e497 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -11,7 +11,7 @@ dialect = "postgresql"; }; port = 8085; - domain = "pad.cything.io"; + domain = "pad.cy7.sh"; allowEmailRegister = false; protocolUseSSL = true; }; From 541d625c8e30176fd25e79201eee72871309088b Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:14:02 -0400 Subject: [PATCH 28/31] garage: use 16M block_size and compression_level 3 --- hosts/chunk/garage.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 982e1f4..639bbd8 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -20,8 +20,8 @@ replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "128M"; - compression_level = "none"; + block_size = "16M"; + compression_level = 3; }; environmentFile = config.sops.secrets."garage/env".path; logLevel = "warn"; From 160f89b4238b8278f0e0d00d97829eef067bfc50 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:14:24 -0400 Subject: [PATCH 29/31] tune rclone (again) --- hosts/chunk/rclone.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index c592fbb..1c474af 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,18 +14,19 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 32 \ + --transfers 64 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 16M \ + --vfs-read-chunk-size 8M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 64 \ + --sftp-concurrency 128 \ --sftp-chunk-size 255k \ --buffer-size 0 \ + --write-back-cache \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; From 2c9d24f06a1a20292aca678437f959f1dc2ab2e5 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:52:29 -0400 Subject: [PATCH 30/31] authelia: oauth for hedgedoc and guard grafana --- hosts/chunk/grafana.nix | 1 + hosts/chunk/hedgedoc.nix | 1 + modules/authelia.nix | 19 ++++++++++++++++++- secrets/services/hedgedoc.yaml | 13 ++++--------- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index f79a7ff..33a77a0 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -42,6 +42,7 @@ services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8088 ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1e7e497..765e0f5 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -14,6 +14,7 @@ domain = "pad.cy7.sh"; allowEmailRegister = false; protocolUseSSL = true; + imageuploadtype = "minio"; }; }; diff --git a/modules/authelia.nix b/modules/authelia.nix index afd8b52..b882a42 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -77,6 +77,23 @@ in userinfo_signed_response_alg = "none"; token_endpoint_auth_method = "client_secret_basic"; } + { + client_id = "hedgedoc"; + client_name = "HedgeDoc"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://pad.cy7.sh/auth/oauth2/callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + grant_types = [ "refresh_token" "authorization_code" ]; + response_types = [ "code" ]; + response_modes = [ "form_post" "query" "fragment" ]; + audience = []; + token_endpoint_auth_method = "client_secret_post"; + } ]; }; secrets = { @@ -101,4 +118,4 @@ in reverse_proxy localhost:9091 ''; }; -} \ No newline at end of file +} diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index 84ef3d6..a970c3b 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,10 +1,6 @@ hedgedoc: - env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] + env: ENC[AES256_GCM,data:XClDoB4GH+gdOO2d2MQZUvjY1Y70/hlGbPlULBMNL+xv8OLUQCIpA8XBV8pLKdSbSimrzyXhIAIbCGGS4Q1NoWcoH99G4+pXRvHyOo7MyUs8wqXJc/mQ+e1SEXji3cwdiQUxrbov6w6e6fEYg4VhsHs/zJXLeS2M3jdYAlYy3jeJ5WcbPO9zlkz6h21fO5FOKzzaPXgnZGxj4JiZUivHLzSsQ+4TN3bgSdb+2048uQAn9RnLFKeROVE9Z8DzAIIPbE6KxWwYr2fFCdlegFA3taLJ+FwoCCaSoLDOrd78SDzcHmSpLJfD3ZRCFExE9xogLXx7kZNX6uPtncxN1W5iemW9F7aEyZmkv0POUlldyLSyhTk8Z6jzQkgbymIp/STHdcg4GvWvz8KZ+Yd+tBjkNlTCXuc0S/JGuyjf6we8yuYWnRkfMwQ4GNIjsIHQYSMjpLviNZfKrPk8T0DijtmZnb4Zdw5eg4KLjMS3DfJAeR7c3LnOOIwgzcwTBDFsQunnxpZTT6eZSFbyktVEBH6CaXTWONzOH2Ff1mn/Tbzg7RHo/CaOXDqeJ6B5GejK5ahmeko1SYp+qsX/qdf75lNbJieUcPtfkVwrcHK187HbPSZkf6DYDNvpDcuPD1kQqq2OUb5lHKohbN8iGnwzFlPF4w60jGOzwry8CbctZtynFB6LdK4NTPsiGv9OqU+y5rqm24GjaHljTawbMwYt5kWmLYMtVwcWkXJdFdRUu4hfmMmNUYExpx5CBCjiXZTnElTivmGw3NPdncIsfjo8gOliM/ZidmZxrn5a5+RzLfYslQecp50ek/9UIRPB9P4UyLqgl3rYwh4BadVyIro5mRQBz3nnvEj1kwIeSVwC60Ysv/Uel4zfULKV0vAE+7x2Ogs1s/4N3wYuCns/+UOnS2DNnnjpSHF75Z/GktD9Ni1MJYeOpLU559gbGzKen+6ndy2oXQw8fdFC7ZlwkzRO5YKmrOpwVaVUC4vIYWJO4lFCgajJEpqGhRgPjHE8xFcPu1/kCyYFWVUC/9CAYFFqzpOhczLiS08CqCR9F9XktX3tgHqcJkz473B6xsAIeS2TCgMtRozLwi8OBwiDUZZYAVSmt+h1Dlq09cvjfhXfPQCHVh5jajlPNuXsNXtfVlz45i1DYo7ccyE+Svn2eMs5smkCXt66aFOMujURvkzTZqXYK3loaQPck2DXlN6nFCXlig==,iv:eUa/yfdrxj9+GBqyp03s/7q67fAgr6Z39sT4iqb/38Q=,tag:Je9lq7BLB4NJGDTWAKRgIQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn enc: | @@ -24,8 +20,7 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:54Z" - mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] - pgp: [] + lastmodified: "2025-04-04T16:46:41Z" + mac: ENC[AES256_GCM,data:X7wtnmauh/tRbYCSPNtr/38CVyhIezYQKwcysna+3d31QatbAfTSkAMAWcSG+brpvAW14UfhwRiaCPoSjkS5eSkwd99S0CBI50yCjUFh43Uum3TBJhAnc6bzQkJHGXRk7duxkQJvEeDDZT4ph+/UoZ2xGu5LCjpLenDqldeHgCg=,iv:jMVBz0gPoW/J8NvkSGMjx28nXpX8mpWBrvXyCgi7F1U=,tag:mTj/2mwVjy3wYIsHnbMXDw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.1 From 2a8f9dd1ad8232cde8c01f6a44c99fe996f1dab3 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:55:01 -0400 Subject: [PATCH 31/31] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'conduwuit': 'github:girlbossceo/conduwuit/00f7745ec4ebcea5f892376c5de5db1299f71696' (2025-04-04) → 'github:girlbossceo/conduwuit/4e5b87d0cd16f3d015f4b61285b369d027bb909d' (2025-04-04) • Updated input 'garage/crane': 'github:ipetkov/crane/70947c1908108c0c551ddfd73d4f750ff2ea67cd' (2025-03-19) → 'github:ipetkov/crane/6fe74265bbb6d016d663b1091f015e2976c4a527' (2025-01-24) • Updated input 'home-manager': 'github:nix-community/home-manager/5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0' (2025-04-02) → 'github:nix-community/home-manager/bb036cb35383982066e01a6ac8d45597132cf5d5' (2025-04-04) • Updated input 'lanzaboote/crane': 'github:ipetkov/crane/70947c1908108c0c551ddfd73d4f750ff2ea67cd' (2025-03-19) → 'github:ipetkov/crane/75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53' (2025-03-05) • Updated input 'lanzaboote/flake-parts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) → 'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01) • Updated input 'lanzaboote/rust-overlay': 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7' (2025-04-02) → 'github:oxalica/rust-overlay/38e9826bc4296c9daf18bc1e6aa299f3e932a403' (2025-03-06) • Updated input 'lix-module/nixpkgs': 'github:nixos/nixpkgs/77b584d61ff80b4cef9245829a6f1dfad5afdfa3' (2025-03-31) → 'github:nixos/nixpkgs/1e5b653dff12029333a6546c11e108ede13052eb' (2025-03-22) • Updated input 'nil/rust-overlay': 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7' (2025-04-02) → 'github:oxalica/rust-overlay/aefb7017d710f150970299685e8d8b549d653649' (2025-03-04) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/adae22bea8bcc0aa2fd6e8732044660fb7755f5e' (2025-04-02) → 'github:nixos/nixpkgs/30705076a1748a2b2a1cf0539ea1665eef4d2f4a' (2025-04-04) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4' (2025-04-01) → 'github:nixos/nixpkgs/44a69ed688786e98a101f02b712c313f1ade37ab' (2025-04-02) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7' (2025-04-02) → 'github:oxalica/rust-overlay/c4a8327b0f25d1d81edecbb6105f74d7cf9d7382' (2025-04-03) • Updated input 'sops-nix': 'github:Mic92/sops-nix/e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8' (2025-04-01) → 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/bc23f562c367b3e6300d596c24f0080220897df7' (2025-04-02) → 'github:nix-community/nix-vscode-extensions/c8270f31af9c37e4fe5711567a6412460e94e9b7' (2025-04-04) --- flake.lock | 78 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 7eb0812..76a4f1e 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743735594, - "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=", + "lastModified": 1743780871, + "narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696", + "rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d", "type": "github" }, "original": { @@ -167,11 +167,11 @@ }, "crane_3": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1737689766, + "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", "type": "github" }, "original": { @@ -182,11 +182,11 @@ }, "crane_4": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", "type": "github" }, "original": { @@ -386,11 +386,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -610,11 +610,11 @@ ] }, "locked": { - "lastModified": 1743556466, - "narHash": "sha256-rvU79DJ6rPDxiH0sTp686Vlm+JewwAZPGcwt8OfHJbM=", + "lastModified": 1743783108, + "narHash": "sha256-Lg1cK7oGCNPOO1ts481m269WmdGNoigz8RNXLRE9Co0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0", + "rev": "bb036cb35383982066e01a6ac8d45597132cf5d5", "type": "github" }, "original": { @@ -909,11 +909,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1743501102, - "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", + "lastModified": 1743576891, + "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4", + "rev": "44a69ed688786e98a101f02b712c313f1ade37ab", "type": "github" }, "original": { @@ -973,11 +973,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -989,11 +989,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1743559129, - "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", + "lastModified": 1743775863, + "narHash": "sha256-gUnR9qcZK/O20oQFn1ijz7Nn66qG2Sp7JprDFl+oQBo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "adae22bea8bcc0aa2fd6e8732044660fb7755f5e", + "rev": "30705076a1748a2b2a1cf0539ea1665eef4d2f4a", "type": "github" }, "original": { @@ -1110,11 +1110,11 @@ ] }, "locked": { - "lastModified": 1743561237, - "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "lastModified": 1741228283, + "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", "type": "github" }, "original": { @@ -1131,11 +1131,11 @@ ] }, "locked": { - "lastModified": 1743561237, - "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "rev": "aefb7017d710f150970299685e8d8b549d653649", "type": "github" }, "original": { @@ -1151,11 +1151,11 @@ ] }, "locked": { - "lastModified": 1743561237, - "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", "type": "github" }, "original": { @@ -1171,11 +1171,11 @@ ] }, "locked": { - "lastModified": 1743502316, - "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", + "lastModified": 1743756170, + "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", + "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d", "type": "github" }, "original": { @@ -1267,11 +1267,11 @@ ] }, "locked": { - "lastModified": 1743558944, - "narHash": "sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY=", + "lastModified": 1743731627, + "narHash": "sha256-gFvZTGlSGCl7MZ5MrihUf7pkIY0zwaUVhl/iUBto/3I=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "bc23f562c367b3e6300d596c24f0080220897df7", + "rev": "c8270f31af9c37e4fe5711567a6412460e94e9b7", "type": "github" }, "original": {