cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:826146df9dcc73393e7dea7ab8c8650d5d804991
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
...
compare: cy:8ab4b10902b3dbe7c2a4e393d52d63882a159aa7
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

17 commits
826146df9d ... 8ab4b10902

Author SHA1 Message Date
cy
8ab4b10902
flake update 2025-03-17 00:42:16 -04:00
cy
8f72e20b09
use garage for sccache 2025-03-17 00:15:15 -04:00
cy
a22868f049
attempts to make garage and attic faster 2025-03-17 00:14:49 -04:00
cy
ffd7dc5ae6
disable cachix cache 2025-03-14 14:05:22 -04:00
cy
22204b49dd
patch attic to prefetch 32 chunks instead of 2 2025-03-14 14:05:03 -04:00
cy
00a8ac69cf
nix fmt 2025-03-14 02:10:11 -04:00
cy
9c72baf1c0
make garage and rclone better 2025-03-14 02:09:30 -04:00
cy
16788bc7b2
workflow: upload artifact only for packages 2025-03-14 01:01:18 -04:00
cy
5dd8b87f38
ytnix: disable nix sandbox 2025-03-14 00:58:59 -04:00
cy
fcd42883ea
add attic cache to nix.conf 2025-03-14 00:57:38 -04:00
cy
f1e4d7834f
better docker support 2025-03-14 00:57:10 -04:00
cy
1f3b9983d6
vscode: add toml and go 2025-03-14 00:56:29 -04:00
cy
60727812b8
rm tor and update firewall stuff 2025-03-14 00:55:53 -04:00
cy
386cf05f42
overlay garage 2025-03-14 00:55:00 -04:00
cy
25c7eb865a
workflow: use attic 2025-03-14 00:54:58 -04:00
cy
f4c7243b69
bring back attic. this time with garage backend 2025-03-13 13:25:28 -04:00
cy
f4f0691647
patch bitwarden to disable annoying ssh-agent confirmation and clean dead overlays 2025-03-11 14:52:31 -04:00
30 changed files with 448 additions and 441 deletions
Download patch file Download diff file Expand all files Collapse all files

51
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -3,6 +3,16 @@ on:
workflow_dispatch:
push:
pull_request:
env:
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
NIX_CONFIG: |
show-trace = true
extra-substituters = https://cache.cy7.sh/main
extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
experimental-features = nix-command flakes
extra-experimental-features = nix-command flakes
accept-flake-config = true
TERM: ansi
jobs:
build-machines:
strategy:
@ -27,20 +37,11 @@ jobs:
remove-docker-images: 'true'
build-mount-path: /nix
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.25.4/install
extra_nix_config: 'accept-flake-config = true'
uses: nixbuild/nix-quick-install-action@master
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
@ -58,7 +59,17 @@ jobs:
purge-primary-key: never
# always save the cache
save-always: true
- run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
- name: setup attic
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build and cache
run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
nix build -L "$package"
derivation="$(nix path-info --derivation "$package")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache"
build-homes:
strategy:
matrix:
@ -86,12 +97,6 @@ jobs:
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
@ -109,4 +114,14 @@ jobs:
purge-primary-key: never
# always save the cache
save-always: true
- run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage
- name: setup attic
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build and cache
run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix build -L "$package"
derivation="$(nix path-info --derivation "$package")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache"

36
.github/workflows/build-packages.yml vendored
View file

@ -6,6 +6,16 @@ on:
description: "package to build"
required: false
type: string
env:
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
NIX_CONFIG: |
show-trace = true
extra-substituters = https://cache.cy7.sh/main
extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
experimental-features = nix-command flakes
extra-experimental-features = nix-command flakes
accept-flake-config = true
TERM: ansi
jobs:
build-packages:
strategy:
@ -22,17 +32,25 @@ jobs:
steps:
- name: Install Nix
uses: cachix/install-nix-action@v30
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: setup attic
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- run: nix build -L ${{ matrix.package }}
- name: cache result
run: |
derivation="$(nix path-info --derivation "${{ matrix.package }}")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache"
- name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
- name: upload result
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}
path: result.tar
if-no-files-found: error

3
.sops.yaml
View file

@ -118,9 +118,8 @@ creation_rules:
- age:
- *chunk
- *cy
- path_regex: secrets/services/searx.yaml
key_groups:
- age:
- *chunk
- *cy
- *cy

274
flake.lock generated
View file

@ -2,12 +2,22 @@
"nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"crane": [
"crane"
],
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1738524606,
@ -19,7 +29,6 @@
},
"original": {
"owner": "zhaofengli",
"ref": "main",
"repo": "attic",
"type": "github"
}
@ -27,9 +36,9 @@
"cachix": {
"inputs": {
"devenv": "devenv",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1737621947,
@ -63,7 +72,7 @@
"cachix",
"devenv"
],
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1728672398,
@ -83,11 +92,11 @@
"complement": {
"flake": false,
"locked": {
"lastModified": 1741378155,
"narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=",
"lastModified": 1741891349,
"narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
"owner": "girlbossceo",
"repo": "complement",
"rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9",
"rev": "e587b3df569cba411aeac7c20b6366d03c143745",
"type": "github"
},
"original": {
@ -99,7 +108,9 @@
},
"conduwuit": {
"inputs": {
"attic": "attic",
"attic": [
"attic"
],
"cachix": "cachix",
"complement": "complement",
"crane": [
@ -120,11 +131,11 @@
"rocksdb": "rocksdb"
},
"locked": {
"lastModified": 1741642109,
"narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=",
"lastModified": 1742163799,
"narHash": "sha256-00cdNSSAOCGQpWRq7mauC1cm55hQ3JJ9phW7f2TLZes=",
"owner": "girlbossceo",
"repo": "conduwuit",
"rev": "c4b05e77f3dd66636e26b64f8f4852703816c399",
"rev": "658c19d55eb5fdf30f27e189c414208e2eae6e24",
"type": "github"
},
"original": {
@ -134,34 +145,12 @@
}
},
"crane": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"lastModified": 1742143293,
"narHash": "sha256-8oKPsMlqlOQ7qnTWvhBEcfVFY1WqHIcSilGVtaLAquw=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1741481578,
"narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
"owner": "ipetkov",
"repo": "crane",
"rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
"rev": "de3bb0155823298161c1c0a7805f10d4b4074bbb",
"type": "github"
},
"original": {
@ -228,22 +217,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
@ -259,7 +232,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_2": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@ -275,28 +248,6 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
@ -320,7 +271,7 @@
"type": "github"
}
},
"flake-parts_3": {
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
@ -391,6 +342,38 @@
"type": "github"
}
},
"garage": {
"inputs": {
"crane": [
"crane"
],
"flake-compat": [
"flake-compat"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1741360584,
"narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=",
"owner": "deuxfleurs-org",
"repo": "garage",
"rev": "c96be1a9a8aa3b51075678888b80c2414ead2909",
"type": "github"
},
"original": {
"owner": "deuxfleurs-org",
"repo": "garage",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
@ -404,7 +387,7 @@
"cachix",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1733318908,
@ -472,11 +455,11 @@
]
},
"locked": {
"lastModified": 1741701235,
"narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
"lastModified": 1741955947,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
"type": "github"
},
"original": {
@ -593,11 +576,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1741700536,
"narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=",
"lastModified": 1742165831,
"narHash": "sha256-/ssmsf50UERQNlOcUuyfvigcnCNckAhAPZMo0+Y3mdY=",
"ref": "refs/heads/main",
"rev": "be1491fa6aef638e0147b81ff172131d6db668d9",
"revCount": 17635,
"rev": "2a336813ad2a4d64d027830507276da32927d215",
"revCount": 17664,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
},
@ -620,11 +603,11 @@
]
},
"locked": {
"lastModified": 1738176840,
"narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=",
"lastModified": 1741894565,
"narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=",
"ref": "refs/heads/main",
"rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e",
"revCount": 133,
"rev": "a6da43f8193d9e329bba1795c42590c27966082e",
"revCount": 136,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
@ -666,9 +649,9 @@
"cachix",
"devenv"
],
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"nixpkgs-23-11": [
"conduwuit",
"cachix",
@ -719,7 +702,6 @@
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
@ -745,11 +727,11 @@
]
},
"locked": {
"lastModified": 1741619381,
"narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=",
"lastModified": 1742174123,
"narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab",
"rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
"type": "github"
},
"original": {
@ -796,16 +778,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1726042813,
"narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -827,22 +809,6 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
@ -858,13 +824,13 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1741600792,
"narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
"lastModified": 1742136038,
"narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
"rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341",
"type": "github"
},
"original": {
@ -875,22 +841,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
@ -906,7 +856,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
@ -922,13 +872,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1741692589,
"narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=",
"lastModified": 1742140672,
"narHash": "sha256-WhUVudt/iXRFhMTzuT594/Ho/zCZ3KH3IkwInRD3xa4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713",
"rev": "329ca25a90a27b20526164767a3309d0066a00ca",
"type": "github"
},
"original": {
@ -949,11 +899,11 @@
"nuschtosSearch": "nuschtosSearch"
},
"locked": {
"lastModified": 1741637833,
"narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=",
"lastModified": 1741814789,
"narHash": "sha256-NbHsnnNwiYUcUaS4z8XK2tYpo3G8NXEKxaKkzMgMiLk=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9",
"rev": "33097dcf776d1fad0ff3842096c4e3546312f251",
"type": "github"
},
"original": {
@ -1078,11 +1028,13 @@
},
"root": {
"inputs": {
"attic": "attic",
"conduwuit": "conduwuit",
"crane": "crane_2",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3",
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils",
"garage": "garage",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"lix": "lix",
@ -1090,8 +1042,8 @@
"nil": "nil",
"nix-index-database": "nix-index-database",
"nix-ld": "nix-ld",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixvim": "nixvim",
"nvim-github-theme": "nvim-github-theme",
"pixelflasher": "pixelflasher",
@ -1125,11 +1077,11 @@
]
},
"locked": {
"lastModified": 1741660300,
"narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=",
"lastModified": 1742178793,
"narHash": "sha256-S2onMdoDS4tIYd3/Jc5oFEZBr2dJOgPrh9KzSO/bfDw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b",
"rev": "954582a766a50ebef5695a9616c93b5386418c08",
"type": "github"
},
"original": {
@ -1145,11 +1097,11 @@
]
},
"locked": {
"lastModified": 1741644481,
"narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
"lastModified": 1741861888,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e653d71e82575a43fe9d228def8eddb73887b866",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f",
"type": "github"
},
"original": {
@ -1218,11 +1170,11 @@
]
},
"locked": {
"lastModified": 1741704640,
"narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=",
"lastModified": 1742176409,
"narHash": "sha256-jaTi5Tn5EIvYxThnNs4lFXWROCh8ihgSeORZ9Z1EClc=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "27f37976beb94100b18ab8407ff056654db68506",
"rev": "002ff77f2ab6417997c5e33883c754f8b23dc11d",
"type": "github"
},
"original": {

25
flake.nix
View file

@ -44,6 +44,7 @@
crane.follows = "crane";
flake-compat.follows = "flake-compat";
flake-utils.follows = "flake-utils";
attic.follows = "attic";
};
};
lix-module = {
@ -77,6 +78,26 @@
inputs.nixpkgs.follows = "nixpkgs";
};
pixelflasher.url = "github:cything/nixpkgs/pixelflasher";
attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
crane.follows = "crane";
};
};
garage = {
url = "github:deuxfleurs-org/garage";
inputs = {
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
crane.follows = "crane";
flake-compat.follows = "flake-compat";
flake-utils.follows = "flake-utils";
};
};
nvim-github-theme = {
url = "github:projekt0n/github-nvim-theme";
@ -93,12 +114,12 @@
extra-substituters = [
"https://nix-community.cachix.org"
"https://cache.garnix.io"
"https://cything.cachix.org"
"https://cache.cy7.sh/main"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
"main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0="
];
builders-use-substitutes = true;
};

5
home/codium.nix
View file

@ -10,8 +10,7 @@
extensions =
# if unfree
# with pkgs.vscode-marketplace;
with pkgs.open-vsx;
[
with pkgs.open-vsx; [
vscodevim.vim
jnoortheen.nix-ide
github.github-vscode-theme
@ -21,6 +20,8 @@
tomrijndorp.find-it-faster
streetsidesoftware.code-spell-checker
emilast.logfilehighlighter
tamasfe.even-better-toml
golang.go
];
userSettings =
let

5
home/yt/ytnix.nix
View file

@ -102,6 +102,7 @@
pixelflasher
element-desktop
freetube
gopls
];
home.sessionVariables = {
@ -112,13 +113,13 @@
RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
SCCACHE_BUCKET = "sccache";
SCCACHE_REGION = "us-east-1";
SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
SCCACHE_ENDPOINT = "https://s3.cy7.sh";
SCCACHE_ALLOW_CORE_DUMPS = "true";
SCCACHE_S3_USE_SSL = "true";
SCCACHE_CACHE_MULTIARCH = "true";
SCCACHE_LOG = "warn";
AWS_DEFAULT_REGION = "us-east-1";
AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
AWS_ENDPOINT_URL = "https://s3.cy7.sh";
AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";

16
hosts/chunk/default.nix
View file

@ -22,7 +22,6 @@
./forgejo.nix
./garage.nix
./tailscale.nix
./tor.nix
];
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -101,22 +100,18 @@
${tc} qdisc del dev ens18 root || true
# create HTB hierarchy
${tc} qdisc add dev ens18 root handle 1: htb default 30
${tc} qdisc add dev ens18 root handle 1: htb default 10
${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
# tailscale
${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
# caddy
${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
# rest
${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100%
# caddy
${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
# mark traffic
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3
# route marked packets
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30
'';
};
interfaces.ens18 = {
@ -200,4 +195,5 @@
my.roundcube.enable = true;
my.zipline.enable = true;
my.searx.enable = true;
my.attic.enable = true;
}

12
hosts/chunk/garage.nix
View file

@ -10,15 +10,13 @@
api_bind_addr = "[::]:3900";
root_domain = "s3.cy7.sh";
};
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.s3.cy7.sh";
index = "index.html";
};
admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901";
replication_factor = 1;
db_engine = "lmdb";
disable_scrub = true;
block_size = "10M";
compression_level = "none";
};
environmentFile = config.sops.secrets."garage/env".path;
};
@ -31,10 +29,6 @@
reverse_proxy localhost:3900
'';
};
"*.web.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3902
'';
"admin.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3903

8
hosts/chunk/grafana.nix
View file

@ -29,6 +29,14 @@
}
];
}
{
job_name = "garage";
static_configs = [
{
targets = [ "127.0.0.1:3903" ];
}
];
}
];
};

49
hosts/chunk/rclone.nix
View file

@ -15,30 +15,20 @@
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos ";
ExecStart = ''
${lib.getExe pkgs.rclone} mount \
--config ${config.sops.secrets."rclone/config".path} \
--cache-dir /var/cache/rclone \
--transfers=32 \
--dir-cache-time 30d \
--vfs-cache-mode writes \
--vfs-cache-max-size 2G \
photos: /mnt/photos
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos";
};
};
systemd.services.attic-mount = {
enable = true;
description = "Mount the attic data remote";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [ "atticd.service" ];
before = [ "atticd.service" ];
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
};
};
systemd.services.garage-mount = {
enable = true;
description = "Mount the garage data remote";
@ -49,9 +39,22 @@
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
ExecStart = ''
${lib.getExe pkgs.rclone} mount \
--config ${config.sops.secrets."rclone/config".path} \
--allow-other \
--cache-dir /var/cache/rclone \
--transfers=32 \
--vfs-cache-mode full \
--vfs-cache-min-free-space 5G \
--dir-cache-time 30d \
--no-checksum \
--no-modtime \
--vfs-fast-fingerprint \
--vfs-read-chunk-size 10M \
--vfs-read-chunk-streams 32 \
rsyncnet:garage /mnt/garage
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
};
};

16
hosts/chunk/tor.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
services.tor = {
enable = true;
openFirewall = true;
relay = {
enable = true;
role = "relay";
};
settings = {
ORPort = 9001;
Nickname = "chunk";
# MaxAdvertisedBandwidth = "20MBytes";
};
};
}

6
hosts/common.nix
View file

@ -10,16 +10,14 @@
"@wheel"
];
trusted-public-keys = [
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
"main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0="
];
substituters = [
"https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://cache.garnix.io"
"https://cything.cachix.org"
"https://cache.cy7.sh/main"
];
};
channel.enable = false;

32
hosts/ytnix/containers.nix
View file

@ -1,4 +1,4 @@
{
{
config,
pkgs,
lib,
@ -6,20 +6,22 @@
}:
{
virtualisation.oci-containers.containers = {
immich-ml = let
modelCache = "/opt/immich-ml";
in {
image = "ghcr.io/immich-app/immich-machine-learning:release";
autoStart = true;
pull = "newer";
ports = [ "3003:3003" ];
environment = {
REDIS_HOSTNAME = "immich-redis";
DB_HOSTNAME = "immich-db";
immich-ml =
let
modelCache = "/opt/immich-ml";
in
{
image = "ghcr.io/immich-app/immich-machine-learning:release";
autoStart = true;
pull = "newer";
ports = [ "3003:3003" ];
environment = {
REDIS_HOSTNAME = "immich-redis";
DB_HOSTNAME = "immich-db";
};
volumes = [ "${modelCache}:/cache" ];
networks = [ "immich-net" ];
};
volumes = [ "${modelCache}:/cache" ];
networks = [ "immich-net" ];
};
};
systemd.services.create-immich-net = rec {
@ -33,4 +35,4 @@
${lib.getExe pkgs.podman} network create immich-net
'';
};
}
}

86
hosts/ytnix/default.nix
View file

@ -144,49 +144,52 @@
"docker"
"disk"
"adbusers"
"podman"
];
environment.systemPackages = with pkgs; lib.flatten [
tmux
vim
wget
tree
kitty
borgbackup
htop
file
dnsutils
q
age
compsize
wireguard-tools
traceroute
sops
sbctl # secure boot
lm_sensors
sshfs
openssl
just
killall
lshw
bubblewrap
fuse-overlayfs
dwarfs
wineWowPackages.stagingFull
(with gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-plugins-base
])
vulkan-loader
(heroic.override {
extraPkgs = pkgs: [
pkgs.gamescope
pkgs.gamemode
];
})
];
environment.systemPackages =
with pkgs;
lib.flatten [
tmux
vim
wget
tree
kitty
borgbackup
htop
file
dnsutils
q
age
compsize
wireguard-tools
traceroute
sops
sbctl # secure boot
lm_sensors
sshfs
openssl
just
killall
lshw
bubblewrap
fuse-overlayfs
dwarfs
wineWowPackages.stagingFull
(with gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-plugins-base
])
vulkan-loader
(heroic.override {
extraPkgs = pkgs: [
pkgs.gamescope
pkgs.gamemode
];
})
];
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
@ -384,4 +387,5 @@
programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
programs.fuse.userAllowOther = true;
nix.settings.sandbox = false;
}

47
modules/attic.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
lib,
...
}:
let
cfg = config.my.attic;
in
{
options.my.attic = {
enable = lib.mkEnableOption "attic";
};
config = lib.mkIf cfg.enable {
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."attic/env".path;
settings = {
listen = "[::]:8091";
api-endpoint = "https://cache.cy7.sh/";
allowed-hosts = [ "cache.cy7.sh" ];
require-proof-of-possession = false;
compression = {
type = "none";
level = 3;
};
database.url = "postgresql:///atticd?host=/run/postgresql";
storage = {
type = "s3";
region = "us-east-1";
bucket = "attic";
endpoint = "https://s3.cy7.sh";
};
garbage-collection = {
default-retention-period = "1 month";
};
};
};
services.caddy.virtualHosts."cache.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8091
'';
};
}

5
modules/containerization.nix
View file

@ -28,8 +28,11 @@ in
dns_enabled = true;
ipv6_enabled = true;
};
# answer on /var/run/docker.sock
dockerSocket.enable = true;
};
oci-containers.backend = lib.mkIf cfg.usePodman "podman";
docker.enable = lib.mkIf (!cfg.usePodman) true;
oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker";
};
};
}

1
modules/default.nix
View file

@ -8,5 +8,6 @@
./containerization.nix
./vaultwarden.nix
./searx.nix
./attic.nix
];
}

2
modules/searx.nix
View file

@ -44,4 +44,4 @@ in
reverse_proxy 127.0.0.1:8090
'';
};
}
}

2
modules/vaultwarden.nix
View file

@ -29,4 +29,4 @@ in
};
};
};
}
}

13
overlay/attic/concurrent-32.patch
View file

@ -1,13 +0,0 @@
diff --git a/server/src/config.rs b/server/src/config.rs
index 4412cbf..6dd483a 100644
--- a/server/src/config.rs
+++ b/server/src/config.rs
@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration {
}
fn default_concurrent_chunk_uploads() -> usize {
- 10
+ 32
}
fn load_config_from_path(path: &Path) -> Result<Config> {

29
overlay/attic/default.nix
View file

@ -1,26 +1,7 @@
final: prev: {
attic-client = prev.attic-client.override (old: {
rustPlatform = old.rustPlatform // {
buildRustPackage =
args:
old.rustPlatform.buildRustPackage (
args
// {
version = "0.1.1";
src = final.fetchFromGitHub {
owner = "cything";
repo = "attic";
rev = "d660c85bdb6bb10499a23a846a13107ea0c72769";
hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg=";
};
cargoLock = null;
cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
useFetchCargoVendor = true;
patches = [
./concurrent-32.patch
];
}
);
};
});
attic-server = prev.attic-server.overrideAttrs {
patches = [
./prefetch-32-chunks.patch
];
};
}

13
overlay/attic/prefetch-32-chunks.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs
index 02e4857..71eeee8 100644
--- a/server/src/api/binary_cache.rs
+++ b/server/src/api/binary_cache.rs
@@ -262,7 +262,7 @@ async fn get_nar(
// TODO: Make num_prefetch configurable
// The ideal size depends on the average chunk size
- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| {
+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| {
tracing::error!(%e, "Stream error");
e
});

9
overlay/bitwarden/default.nix Normal file
View file

@ -0,0 +1,9 @@
final: prev: {
bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (
finalAttrs: prevAttrs: {
patches = prevAttrs.patches ++ [
./ssh-agent-no-confirm.patch
];
}
);
}

34
overlay/bitwarden/ssh-agent-no-confirm.patch Normal file
View file

@ -0,0 +1,34 @@
diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs
index 4e304cc..8203dca 100644
--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
+++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
@@ -44,28 +44,7 @@ impl ssh_agent::Agent<peerinfo::models::PeerInfo> for BitwardenDesktopAgent {
return false;
}
- let request_id = self.get_request_id().await;
- println!(
- "[SSH Agent] Confirming request from application: {}",
- info.process_name()
- );
-
- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe();
- self.show_ui_request_tx
- .send(SshAgentUIRequest {
- request_id,
- cipher_id: Some(ssh_key.cipher_uuid.clone()),
- process_name: info.process_name().to_string(),
- is_list: false,
- })
- .await
- .expect("Should send request to ui");
- while let Ok((id, response)) = rx_channel.recv().await {
- if id == request_id {
- return response;
- }
- }
- false
+ true
}
async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool {

44
overlay/conduwuit/default.nix
View file

@ -1,44 +0,0 @@
final: prev:
let
newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
newRustPlatform = final.makeRustPlatform {
cargo = newRust;
rustc = newRust;
};
in
{
conduwuit = prev.conduwuit.override (old: {
rustPlatform = newRustPlatform // {
buildRustPackage =
args:
newRustPlatform.buildRustPackage (
args
// {
version = "0.5.0-rc2";
src = final.fetchFromGitHub {
owner = "girlbossceo";
repo = "conduwuit";
rev = "5b8464252c2c03edf65e43153be026dbb768a12a";
hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U=";
};
doCheck = false;
cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80=";
# unstable has this set to "conduit"
meta.mainProgram = "conduwuit";
buildFeatures = [
"brotli_compression"
"element_hacks"
"gzip_compression"
"release_max_log_level" # without this feature to enable debug logging
"sentry_telemetry"
"systemd"
"zstd_compression"
"jemalloc"
"io_uring"
];
}
);
};
});
}

28
overlay/conduwuit/rust-toolchain.toml
View file

@ -1,28 +0,0 @@
# This is the authoritiative configuration of this project's Rust toolchain.
#
# Other files that need upkeep when this changes:
#
# * `Cargo.toml`
# * `flake.nix`
#
# Search in those files for `rust-toolchain.toml` to find the relevant places.
# If you're having trouble making the relevant changes, bug a maintainer.
[toolchain]
channel = "1.84.0"
profile = "minimal"
components = [
# For rust-analyzer
"rust-src",
"rust-analyzer",
# For CI and editors
"rustfmt",
"clippy",
]
targets = [
#"x86_64-apple-darwin",
"x86_64-unknown-linux-gnu",
"x86_64-unknown-linux-musl",
"aarch64-unknown-linux-musl",
#"aarch64-apple-darwin",
]

22
overlay/default.nix
View file

@ -1,24 +1,30 @@
{ inputs }:
let
overlays = [
./attic
./zipline
./bitwarden
./attic
];
importedOverlays = map (m: import m) overlays;
in
importedOverlays
++ [
[
(
final: prev:
let
nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg};
pkgFrom = flake: pkgFrom' flake "default";
pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg};
pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg};
in
{
conduwuit =
pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised";
conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised";
pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher";
attic-server = pkgFrom inputs.attic "attic-server";
attic = pkgFrom inputs.attic "attic";
garage = (
(pkgFrom inputs.garage "default").overrideAttrs {
meta.mainProgram = "garage";
}
);
}
)
]
]
++ importedOverlays

6
secrets/services/attic.yaml
View file

File diff suppressed because one or more lines are too long

10
secrets/yt/aws.yaml
View file

@ -1,6 +1,8 @@
aws:
key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str]
key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str]
key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str]
key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str]
_r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str]
_r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str]
_garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str]
_garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str]
sops:
@ -27,8 +29,8 @@ sops:
UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-27T02:50:27Z"
mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str]
lastmodified: "2025-03-16T16:45:13Z"
mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4