add sccache, some vscode changes, use kitten ssh

make garage better
Signed-off-by: cy <cy@cy7.sh>
2025-01-30 12:48:48 -05:00 · 2025-01-30 12:35:19 -05:00 · 2025-01-30 12:33:03 -05:00 · 2025-01-29 21:48:31 -05:00
13 changed files with 125 additions and 12 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -108,3 +108,8 @@ creation_rules:
      - age:
          - *chunk
          - *cy
+  - path_regex: secrets/yt/(.*).yaml$
+    key_groups:
+      - age:
+          - *yt
+          - *cy
--- a/home/kitty.nix
+++ b/home/kitty.nix
@ -67,4 +67,6 @@
      "kitty_mod+o>l" = "kitten hints --type linenum";
    };
  };
+
+  programs.zsh.shellAliases."ssh" = "kitten ssh";
 }
--- a/home/niri/default.nix
+++ b/home/niri/default.nix
@ -102,6 +102,7 @@ in
          { app-id = "com.mitchellh.ghostt"; }
          { app-id = "org.kde.okular"; }
          { app-id = "kitty"; }
+          { app-id = "VSCodium"; }
        ];
        default-column-width.proportion = .5;
      }
--- a/home/vscode.nix
+++ b/home/vscode.nix
@ -11,6 +11,8 @@
      jnoortheen.nix-ide
      editorconfig.editorconfig
      github.github-vscode-theme
+      github.copilot
+      rust-lang.rust-analyzer
    ];
    userSettings = {
      "workbench.colorTheme" = "GitHub Dark Default";
@ -18,10 +20,10 @@
      "nix.enableLanguageServer" = true;
      "nix.serverPath" = "nixd";
      "editor.fontFamily" = "IBM Plex Mono";
-      "editor.fontSize" = 15;
+      "editor.fontSize" = 16;
      "editor.wordWrap" = "on";

-      # vim mode
+      # vim mode settings
      "vim.handleKeys" = {
        "<C-b>" = false; # file tree toggle
      };
@ -32,6 +34,7 @@
          "silent" = true;
        }
      ];
+      "workbench.startupEditor" = "none";
    };
  };
 }
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -1,5 +1,6 @@
 {
  pkgs,
+  lib,
  ...
 }:
 {
@ -108,6 +109,8 @@
    hugo
    ghidra
    sequoia
+    sccache
+    awscli2
  ];

  programs.waybar.enable = true;
@ -164,5 +167,19 @@
  home.sessionVariables = {
    # to make ghidra work on xwayland
    _JAVA_AWT_WM_NONREPARENTING = 1;
+
+    # sccache stuff
+    RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
+    SCCACHE_BUCKET = "sccache";
+    SCCACHE_REGION = "earth";
+    SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
+    SCCACHE_ALLOW_CORE_DUMPS = "true";
+    SCCACHE_S3_USE_SSL = "true";
+    SCCACHE_CACHE_MULTIARCH = "true";
+    SCCACHE_LOG_LEVEL = "warn";
+    AWS_DEFAULT_REGION = "earth";
+    AWS_ENDPOINT_URL = "https://s3.cy7.sh";
+    AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
+    AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";
  };
 }
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -1,6 +1,4 @@
 {
-  config,
-  lib,
  pkgs,
  ...
 }:
--- a/hosts/chunk/garage.nix
+++ b/hosts/chunk/garage.nix
@ -8,6 +8,12 @@
      s3_api = {
        s3_region = "earth";
        api_bind_addr = "[::]:3900";
+        root_domain = ".s3.cy7.sh";
+      };
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = ".web.s3.cy7.sh";
+        index = "index.html";
      };
      admin.api_bind_addr = "[::]:3903";
      rpc_bind_addr = "[::]:3901";
@ -17,8 +23,21 @@
    environmentFile = config.sops.secrets."garage/env".path;
  };

-  services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
+  services.caddy.virtualHosts = {
+    "s3.cy7.sh" = {
+      serverAliases = [ "*.s3.cy7.sh" ];
+      extraConfig = ''
        import common
        reverse_proxy localhost:3900
      '';
+    };
+    "*.web.s3.cy7.sh".extraConfig = ''
+      import common
+      reverse_proxy localhost:3902
+    '';
+    "admin.s3.cy7.sh".extraConfig = ''
+      import common
+      reverse_proxy localhost:3903
+    '';
+  };
 }
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -36,6 +36,14 @@
    "tailscale/auth" = {
      sopsFile = ../../secrets/services/tailscale.yaml;
    };
+    "aws/key_id" = {
+      sopsFile = ../../secrets/yt/aws.yaml;
+      owner = "yt";
+    };
+    "aws/key_secret" = {
+      sopsFile = ../../secrets/yt/aws.yaml;
+      owner = "yt";
+    };
  };

  boot = {
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 let
@ -14,6 +15,14 @@ in
  config = lib.mkIf cfg.enable {
    services.caddy = {
      enable = true;
+      package = pkgs.caddy.withPlugins {
+        plugins = [
+          # error message will tell you the correct version tag to use
+          # (still need the @ to pass nix config check)
+          "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
+        ];
+        hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
+      };
      logFormat = lib.mkForce "level INFO";
      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
      extraConfig = ''
@ -22,6 +31,10 @@ in
          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
        }
      '';
+      globalConfig = ''
+        acme_dns cloudflare {$CLOUDFLARE_KEY}
+      '';
+      environmentFile = config.sops.secrets."caddy/env".path;
    };
  };
 }
--- a/overlay/default.nix
+++ b/overlay/default.nix
@ -2,6 +2,7 @@ let
  overlays = [
    ./conduwuit
    ./attic
+    ./vscode.nix
  ];
  importedOverlays = map (m: import m) overlays;
 in
--- a/overlay/vscode.nix
+++ b/overlay/vscode.nix
@ -0,0 +1,14 @@
+final: prev: {
+  vscode-extensions = prev.vscode-extensions // {
+    github = prev.vscode-extensions.github // {
+      codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension {
+        mktplcRef = {
+          publisher = "github";
+          name = "codespaces";
+          version = "1.17.3";
+          hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w=";
+        };
+      };
+    };
+  };
+}
--- a/secrets/services/caddy.yaml
+++ b/secrets/services/caddy.yaml
@ -1,5 +1,5 @@
 caddy:
-    env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str]
+    env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -33,8 +33,8 @@ sops:
            Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
            AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-17T03:25:37Z"
-    mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str]
+    lastmodified: "2025-01-30T17:26:39Z"
+    mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4
--- a/secrets/yt/aws.yaml
+++ b/secrets/yt/aws.yaml
@ -0,0 +1,32 @@
+aws:
+    key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str]
+    key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT
+            T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL
+            dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R
+            azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO
+            HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu
+            dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv
+            Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0
+            UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
+            j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-30T17:45:09Z"
+    mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4
Author	SHA1	Message	Date
cy	30c82dcb4f	add sccache, some vscode changes, use kitten ssh	2025-01-30 12:48:48 -05:00
cy	d0ba9ca90b	make garage better Signed-off-by: cy <cy@cy7.sh>	2025-01-30 12:35:19 -05:00
cy	4e0c1fbbb4	caddy: use acme_dns for wildcard TLS to work use cloudflare dns plugin to update zone	2025-01-30 12:33:03 -05:00
cy	4f015ecb45	vscode: overlay github codespaces extension Signed-off-by: cy <cy@cy7.sh>	2025-01-29 21:48:31 -05:00