diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 413b892..2e8073c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -6,7 +6,6 @@ on: jobs: build-machines: strategy: - fail-fast: false matrix: machine: - chunk diff --git a/flake.lock b/flake.lock index 129ff5f..87450d3 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741396358, - "narHash": "sha256-js4c6tqxluo4Fysn8gloLnlZ6ZjQkuWMgGjHN8+WssE=", + "lastModified": 1741021986, + "narHash": "sha256-VX8M6arxQU05mipDmLjk0TJVRNzu+VQx3w1gVmyPkO4=", "owner": "ipetkov", "repo": "crane", - "rev": "aaebfb7ce7e13c691aea178aff7621906f466662", + "rev": "5245473d6638a96da540e44372da96eebb97735a", "type": "github" }, "original": { @@ -327,11 +327,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1741461731, - "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=", + "lastModified": 1741056285, + "narHash": "sha256-/JKDMVqq8PIqcGonBVKbKq1SooV3kzGmv+cp3rKAgPA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44", + "rev": "70fbbf05a5594b0a72124ab211bff1d502c89e3f", "type": "github" }, "original": { @@ -533,11 +533,11 @@ ] }, "locked": { - "lastModified": 1741442524, - "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", + "lastModified": 1741001137, + "narHash": "sha256-XxWib5eI3rgMPA4VzDHOx89WT76IN/ZNb+votz5gakw=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", + "rev": "cc9786aa8158437facead0d8e21ac0c03be91dc8", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1741358751, - "narHash": "sha256-cDPg74UirjlGcVjB9qI/8ImkdEJ9p2y8Y2FQBfU8KzY=", + "lastModified": 1741082941, + "narHash": "sha256-mxMbmNSXLZ0G+4uPEXCodjRJffqh/Jq4X5pgFuQFZB0=", "ref": "refs/heads/main", - "rev": "93c3ca4e92b8cd1a129498f4c3f4c48558032d46", - "revCount": 17620, + "rev": "ca89e431a31527a014bfd0d529da2a8099027a5f", + "revCount": 17577, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -646,11 +646,11 @@ ] }, "locked": { - "lastModified": 1741118843, - "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", + "lastModified": 1732053863, + "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=", "owner": "oxalica", "repo": "nil", - "rev": "577d160da311cc7f5042038456a0713e9863d09e", + "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362", "type": "github" }, "original": { @@ -745,11 +745,11 @@ ] }, "locked": { - "lastModified": 1741446546, - "narHash": "sha256-0z0GiUsUhjhZWa24bcAxqmlI3Ch8QvEeh42wghc6oVw=", + "lastModified": 1740886574, + "narHash": "sha256-jN6kJ41B6jUVDTebIWeebTvrKP6YiLd1/wMej4uq4Sk=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "eeaf10849c3a0435323216885c0df7569dc95cb9", + "rev": "26a0f969549cf4d56f6e9046b9e0418b3f3b94a5", "type": "github" }, "original": { @@ -860,11 +860,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1740932899, + "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", "type": "github" }, "original": { @@ -924,11 +924,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741455743, - "narHash": "sha256-raXtjhD9mmNrVdCoJkYoUo0X2lhEyIZYQ6M7uUp/Uuc=", + "lastModified": 1741073343, + "narHash": "sha256-8qmLpDUmaiBGLZkFfVyK5/T5fyTXXGdzCRdqAtO0gf4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c1ee2620296430ac1e3ee72583ad0191463a9d60", + "rev": "72bccb2960235fd31de456566789c324a251f297", "type": "github" }, "original": { @@ -1046,11 +1046,11 @@ ] }, "locked": { - "lastModified": 1740915799, - "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { @@ -1125,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1741400194, - "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "rev": "aefb7017d710f150970299685e8d8b549d653649", "type": "github" }, "original": { @@ -1210,6 +1210,9 @@ }, "vscode-extensions": { "inputs": { + "flake-compat": [ + "flake-compat" + ], "flake-utils": [ "flake-utils" ], @@ -1218,16 +1221,17 @@ ] }, "locked": { - "lastModified": 1741693734, - "narHash": "sha256-Df0jzarVCkwJttnITExjsbSN20FOOuenGhpKvOj49hk=", + "lastModified": 1740924345, + "narHash": "sha256-TO8Ttb+7PeKBkUe8vUrBt6Vxg3RMeQp4ARmlWQfcWrs=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6d444be7edf281b8df98235d911d176beaa31510", + "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" }, "original": { "owner": "nix-community", "repo": "nix-vscode-extensions", + "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" } } diff --git a/flake.nix b/flake.nix index 29fc0ab..cdb829e 100644 --- a/flake.nix +++ b/flake.nix @@ -68,9 +68,11 @@ inputs.flake-utils.follows = "flake-utils"; }; vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions/"; + # https://github.com/nix-community/nix-vscode-extensions/issues/102 + url = "github:nix-community/nix-vscode-extensions/1fc267a10f46200e32f0850caa396bd1ba4ba08e"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; + inputs.flake-compat.follows = "flake-compat"; }; nix-index-database = { url = "github:nix-community/nix-index-database"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9b20a66..c0182e7 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -101,9 +101,27 @@ wl-clipboard-rs pixelflasher element-desktop - freetube ]; + programs.feh.enable = true; + + xdg.configFile = { + mpv.source = ../mpv; + }; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + + programs.git.extraConfig = { + user = { + signingKey = "~/.ssh/id_ed25519"; + }; + gpg.format = "ssh"; + commit.gpgsign = true; + }; + home.sessionVariables = { # to make ghidra work on xwayland _JAVA_AWT_WM_NONREPARENTING = 1; @@ -126,29 +144,5 @@ SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; - home.sessionPath = [ - "$HOME/.cargo/bin" - "$HOME/go/bin" - ]; - - programs.feh.enable = true; - - xdg.configFile = { - mpv.source = ../mpv; - }; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - - programs.git.extraConfig = { - user = { - signingKey = "~/.ssh/id_ed25519"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - programs.nix-index-database.comma.enable = true; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 465e0b9..48d7d84 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -79,7 +79,6 @@ networkmanager.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; allowedTCPPorts = [ 22 80 @@ -87,6 +86,8 @@ ]; allowedUDPPorts = [ 443 + 53 + 853 ]; extraCommands = let diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 6541770..9661e8c 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,7 +1,6 @@ { pkgs, config, - lib, ... }: let @@ -68,9 +67,21 @@ in ]; networks = [ "immich-net" ]; }; + + # immich-ml = { + # image = "ghcr.io/immich-app/immich-machine-learning:release"; + # autoStart = true; + # pull = "newer"; + # environment = { + # REDIS_HOSTNAME = "immich-redis"; + # DB_HOSTNAME = "immich-db"; + # }; + # volumes = [ "${modelCache}:/cache" ]; + # networks = [ "immich-net" ]; + # }; }; - systemd.services.create-immich-net = rec { + systemd.services.create-immich-net = { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -78,10 +89,10 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = requiredBy; + before = config.systemd.services.create-immich-net.requiredBy; script = '' - ${lib.getExe pkgs.podman} network exists immich-net || \ - ${lib.getExe pkgs.podman} network create immich-net + ${pkgs.podman}/bin/podman network exists immich-net || \ + ${pkgs.podman}/bin/podman network create immich-net ''; }; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix deleted file mode 100644 index a2aa405..0000000 --- a/hosts/ytnix/containers.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - virtualisation.oci-containers.containers = { - immich-ml = let - modelCache = "/opt/immich-ml"; - in { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; - }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; - }; - }; - - systemd.services.create-immich-net = rec { - serviceConfig.Type = "oneshot"; - requiredBy = with config.virtualisation.oci-containers; [ - "${backend}-immich-ml.service" - ]; - before = requiredBy; - script = '' - ${lib.getExe pkgs.podman} network exists immich-net || \ - ${lib.getExe pkgs.podman} network create immich-net - ''; - }; -} \ No newline at end of file diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c185991..c097165 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -10,7 +10,6 @@ ../common.nix ../zsh.nix ./tailscale.nix - ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -87,12 +86,10 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; - # allowedTCPPorts = [ - # 8080 # mitmproxy - # 22000 # syncthing - # 3003 # immich-ml - # ]; + allowedTCPPorts = [ + 8080 # mitmproxy + 22000 # syncthing + ]; }; }; programs.nm-applet.enable = true; @@ -255,11 +252,11 @@ xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; + "*/html" = "chromium-browser.desktop"; }; - virtualisation.libvirtd = { - enable = true; - qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; + virtualisation = { + libvirtd.enable = true; }; programs.virt-manager.enable = true; my.containerization.enable = true; @@ -383,5 +380,4 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; - programs.fuse.userAllowOther = true; } diff --git a/modules/searx.nix b/modules/searx.nix index 9e23955..3eb178a 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -5,6 +5,7 @@ }: let cfg = config.my.searx; + sockPath = "/run/searx/searx.sock"; in { options.my.searx = { @@ -24,19 +25,6 @@ in server.secret_key = "@SEARX_SECRET_KEY@"; }; environmentFile = config.sops.secrets."searx/env".path; - redisCreateLocally = true; # required for limiter - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - botdetection.ip_lists.pass_ip = [ - "100.121.152.86" - "100.66.32.54" - ]; - link_token = true; - }; }; services.caddy.virtualHosts."x.cy7.sh".extraConfig = ''