cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:8ab4b10902b3dbe7c2a4e393d52d63882a159aa7
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:826146df9dcc73393e7dea7ab8c8650d5d804991
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

No commits in common. "8ab4b10902b3dbe7c2a4e393d52d63882a159aa7" and "826146df9dcc73393e7dea7ab8c8650d5d804991" have entirely different histories.
8ab4b10902 ... 826146df9d

30 changed files with 441 additions and 448 deletions
Download patch file Download diff file Expand all files Collapse all files

51
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -3,16 +3,6 @@ on:
workflow_dispatch: workflow_dispatch:
push: push:
pull_request: pull_request:
env:
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
NIX_CONFIG: |
show-trace = true
extra-substituters = https://cache.cy7.sh/main
extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
experimental-features = nix-command flakes
extra-experimental-features = nix-command flakes
accept-flake-config = true
TERM: ansi
jobs: jobs:
build-machines: build-machines:
strategy: strategy:
@ -37,11 +27,20 @@ jobs:
remove-docker-images: 'true' remove-docker-images: 'true'
build-mount-path: /nix build-mount-path: /nix
- name: Install Nix - name: Install Nix
uses: nixbuild/nix-quick-install-action@master uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.25.4/install
extra_nix_config: 'accept-flake-config = true'
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Restore and cache Nix store - name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0 uses: nix-community/cache-nix-action@v5.1.0
with: with:
@ -59,17 +58,7 @@ jobs:
purge-primary-key: never purge-primary-key: never
# always save the cache # always save the cache
save-always: true save-always: true
- name: setup attic - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build and cache
run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
nix build -L "$package"
derivation="$(nix path-info --derivation "$package")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache"
build-homes: build-homes:
strategy: strategy:
matrix: matrix:
@ -97,6 +86,12 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Restore and cache Nix store - name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0 uses: nix-community/cache-nix-action@v5.1.0
with: with:
@ -114,14 +109,4 @@ jobs:
purge-primary-key: never purge-primary-key: never
# always save the cache # always save the cache
save-always: true save-always: true
- name: setup attic - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build and cache
run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix build -L "$package"
derivation="$(nix path-info --derivation "$package")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache"

36
.github/workflows/build-packages.yml vendored
View file

@ -6,16 +6,6 @@ on:
description: "package to build" description: "package to build"
required: false required: false
type: string type: string
env:
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
NIX_CONFIG: |
show-trace = true
extra-substituters = https://cache.cy7.sh/main
extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
experimental-features = nix-command flakes
extra-experimental-features = nix-command flakes
accept-flake-config = true
TERM: ansi
jobs: jobs:
build-packages: build-packages:
strategy: strategy:
@ -32,25 +22,17 @@ jobs:
steps: steps:
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: setup attic
run: | - uses: cachix/cachix-action@v14
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- run: nix build -L ${{ matrix.package }}
- name: cache result
run: |
derivation="$(nix path-info --derivation "${{ matrix.package }}")"
cache="$(nix-store --query --requisites --include-outputs "$derivation")"
attic push main --stdin <<< "$cache"
- name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
- name: upload result
uses: actions/upload-artifact@v4
with: with:
name: ${{ matrix.os }} name: cything
path: result.tar authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
if-no-files-found: error useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- run: nix build -L ${{ matrix.package }}

1
.sops.yaml
View file

@ -118,6 +118,7 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/services/searx.yaml - path_regex: secrets/services/searx.yaml
key_groups: key_groups:
- age: - age:

274
flake.lock generated
View file

@ -2,22 +2,12 @@
"nodes": { "nodes": {
"attic": { "attic": {
"inputs": { "inputs": {
"crane": [ "crane": "crane",
"crane" "flake-compat": "flake-compat",
], "flake-parts": "flake-parts",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": "nixpkgs",
"nixpkgs" "nixpkgs-stable": "nixpkgs-stable"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
}, },
"locked": { "locked": {
"lastModified": 1738524606, "lastModified": 1738524606,
@ -29,6 +19,7 @@
}, },
"original": { "original": {
"owner": "zhaofengli", "owner": "zhaofengli",
"ref": "main",
"repo": "attic", "repo": "attic",
"type": "github" "type": "github"
} }
@ -36,9 +27,9 @@
"cachix": { "cachix": {
"inputs": { "inputs": {
"devenv": "devenv", "devenv": "devenv",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1737621947, "lastModified": 1737621947,
@ -72,7 +63,7 @@
"cachix", "cachix",
"devenv" "devenv"
], ],
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1728672398, "lastModified": 1728672398,
@ -92,11 +83,11 @@
"complement": { "complement": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1741891349, "lastModified": 1741378155,
"narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=",
"owner": "girlbossceo", "owner": "girlbossceo",
"repo": "complement", "repo": "complement",
"rev": "e587b3df569cba411aeac7c20b6366d03c143745", "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -108,9 +99,7 @@
}, },
"conduwuit": { "conduwuit": {
"inputs": { "inputs": {
"attic": [ "attic": "attic",
"attic"
],
"cachix": "cachix", "cachix": "cachix",
"complement": "complement", "complement": "complement",
"crane": [ "crane": [
@ -131,11 +120,11 @@
"rocksdb": "rocksdb" "rocksdb": "rocksdb"
}, },
"locked": { "locked": {
"lastModified": 1742163799, "lastModified": 1741642109,
"narHash": "sha256-00cdNSSAOCGQpWRq7mauC1cm55hQ3JJ9phW7f2TLZes=", "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=",
"owner": "girlbossceo", "owner": "girlbossceo",
"repo": "conduwuit", "repo": "conduwuit",
"rev": "658c19d55eb5fdf30f27e189c414208e2eae6e24", "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -145,12 +134,34 @@
} }
}, },
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1742143293, "lastModified": 1722960479,
"narHash": "sha256-8oKPsMlqlOQ7qnTWvhBEcfVFY1WqHIcSilGVtaLAquw=", "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "de3bb0155823298161c1c0a7805f10d4b4074bbb", "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1741481578,
"narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
"owner": "ipetkov",
"repo": "crane",
"rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -217,6 +228,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
@ -232,7 +259,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": { "flake-compat_3": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@ -248,6 +275,28 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"conduwuit", "conduwuit",
@ -271,7 +320,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixpkgs" "nixpkgs"
@ -342,38 +391,6 @@
"type": "github" "type": "github"
} }
}, },
"garage": {
"inputs": {
"crane": [
"crane"
],
"flake-compat": [
"flake-compat"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1741360584,
"narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=",
"owner": "deuxfleurs-org",
"repo": "garage",
"rev": "c96be1a9a8aa3b51075678888b80c2414ead2909",
"type": "github"
},
"original": {
"owner": "deuxfleurs-org",
"repo": "garage",
"type": "github"
}
},
"git-hooks": { "git-hooks": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -387,7 +404,7 @@
"cachix", "cachix",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1733318908, "lastModified": 1733318908,
@ -455,11 +472,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741955947, "lastModified": 1741701235,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -576,11 +593,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1742165831, "lastModified": 1741700536,
"narHash": "sha256-/ssmsf50UERQNlOcUuyfvigcnCNckAhAPZMo0+Y3mdY=", "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "2a336813ad2a4d64d027830507276da32927d215", "rev": "be1491fa6aef638e0147b81ff172131d6db668d9",
"revCount": 17664, "revCount": 17635,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix" "url": "https://git.lix.systems/lix-project/lix"
}, },
@ -603,11 +620,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741894565, "lastModified": 1738176840,
"narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a6da43f8193d9e329bba1795c42590c27966082e", "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e",
"revCount": 136, "revCount": 133,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
@ -649,9 +666,9 @@
"cachix", "cachix",
"devenv" "devenv"
], ],
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"libgit2": "libgit2", "libgit2": "libgit2",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"nixpkgs-23-11": [ "nixpkgs-23-11": [
"conduwuit", "conduwuit",
"cachix", "cachix",
@ -702,6 +719,7 @@
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"conduwuit",
"attic", "attic",
"nixpkgs" "nixpkgs"
] ]
@ -727,11 +745,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742174123, "lastModified": 1741619381,
"narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -778,16 +796,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730531603, "lastModified": 1726042813,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -809,6 +827,22 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
@ -824,13 +858,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1742136038, "lastModified": 1741600792,
"narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=", "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341", "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -841,6 +875,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1717432640, "lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
@ -856,7 +906,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1733212471, "lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
@ -872,13 +922,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1742140672, "lastModified": 1741692589,
"narHash": "sha256-WhUVudt/iXRFhMTzuT594/Ho/zCZ3KH3IkwInRD3xa4=", "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "329ca25a90a27b20526164767a3309d0066a00ca", "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -899,11 +949,11 @@
"nuschtosSearch": "nuschtosSearch" "nuschtosSearch": "nuschtosSearch"
}, },
"locked": { "locked": {
"lastModified": 1741814789, "lastModified": 1741637833,
"narHash": "sha256-NbHsnnNwiYUcUaS4z8XK2tYpo3G8NXEKxaKkzMgMiLk=", "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "33097dcf776d1fad0ff3842096c4e3546312f251", "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1028,13 +1078,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"conduwuit": "conduwuit", "conduwuit": "conduwuit",
"crane": "crane", "crane": "crane_2",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_3",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"garage": "garage",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"lix": "lix", "lix": "lix",
@ -1042,8 +1090,8 @@
"nil": "nil", "nil": "nil",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-ld": "nix-ld", "nix-ld": "nix-ld",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable_3",
"nixvim": "nixvim", "nixvim": "nixvim",
"nvim-github-theme": "nvim-github-theme", "nvim-github-theme": "nvim-github-theme",
"pixelflasher": "pixelflasher", "pixelflasher": "pixelflasher",
@ -1077,11 +1125,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742178793, "lastModified": 1741660300,
"narHash": "sha256-S2onMdoDS4tIYd3/Jc5oFEZBr2dJOgPrh9KzSO/bfDw=", "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "954582a766a50ebef5695a9616c93b5386418c08", "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1097,11 +1145,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741861888, "lastModified": 1741644481,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", "rev": "e653d71e82575a43fe9d228def8eddb73887b866",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1170,11 +1218,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742176409, "lastModified": 1741704640,
"narHash": "sha256-jaTi5Tn5EIvYxThnNs4lFXWROCh8ihgSeORZ9Z1EClc=", "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "002ff77f2ab6417997c5e33883c754f8b23dc11d", "rev": "27f37976beb94100b18ab8407ff056654db68506",
"type": "github" "type": "github"
}, },
"original": { "original": {

25
flake.nix
View file

@ -44,7 +44,6 @@
crane.follows = "crane"; crane.follows = "crane";
flake-compat.follows = "flake-compat"; flake-compat.follows = "flake-compat";
flake-utils.follows = "flake-utils"; flake-utils.follows = "flake-utils";
attic.follows = "attic";
}; };
}; };
lix-module = { lix-module = {
@ -78,26 +77,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; pixelflasher.url = "github:cything/nixpkgs/pixelflasher";
attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
crane.follows = "crane";
};
};
garage = {
url = "github:deuxfleurs-org/garage";
inputs = {
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
crane.follows = "crane";
flake-compat.follows = "flake-compat";
flake-utils.follows = "flake-utils";
};
};
nvim-github-theme = { nvim-github-theme = {
url = "github:projekt0n/github-nvim-theme"; url = "github:projekt0n/github-nvim-theme";
@ -114,12 +93,12 @@
extra-substituters = [ extra-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.garnix.io" "https://cache.garnix.io"
"https://cache.cy7.sh/main" "https://cything.cachix.org"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
]; ];
builders-use-substitutes = true; builders-use-substitutes = true;
}; };

5
home/codium.nix
View file

@ -10,7 +10,8 @@
extensions = extensions =
# if unfree # if unfree
# with pkgs.vscode-marketplace; # with pkgs.vscode-marketplace;
with pkgs.open-vsx; [ with pkgs.open-vsx;
[
vscodevim.vim vscodevim.vim
jnoortheen.nix-ide jnoortheen.nix-ide
github.github-vscode-theme github.github-vscode-theme
@ -20,8 +21,6 @@
tomrijndorp.find-it-faster tomrijndorp.find-it-faster
streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker
emilast.logfilehighlighter emilast.logfilehighlighter
tamasfe.even-better-toml
golang.go
]; ];
userSettings = userSettings =
let let

5
home/yt/ytnix.nix
View file

@ -102,7 +102,6 @@
pixelflasher pixelflasher
element-desktop element-desktop
freetube freetube
gopls
]; ];
home.sessionVariables = { home.sessionVariables = {
@ -113,13 +112,13 @@
RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
SCCACHE_BUCKET = "sccache"; SCCACHE_BUCKET = "sccache";
SCCACHE_REGION = "us-east-1"; SCCACHE_REGION = "us-east-1";
SCCACHE_ENDPOINT = "https://s3.cy7.sh"; SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_ALLOW_CORE_DUMPS = "true";
SCCACHE_S3_USE_SSL = "true"; SCCACHE_S3_USE_SSL = "true";
SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_CACHE_MULTIARCH = "true";
SCCACHE_LOG = "warn"; SCCACHE_LOG = "warn";
AWS_DEFAULT_REGION = "us-east-1"; AWS_DEFAULT_REGION = "us-east-1";
AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";

16
hosts/chunk/default.nix
View file

@ -22,6 +22,7 @@
./forgejo.nix ./forgejo.nix
./garage.nix ./garage.nix
./tailscale.nix ./tailscale.nix
./tor.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -100,18 +101,22 @@
${tc} qdisc del dev ens18 root || true ${tc} qdisc del dev ens18 root || true
# create HTB hierarchy # create HTB hierarchy
${tc} qdisc add dev ens18 root handle 1: htb default 10 ${tc} qdisc add dev ens18 root handle 1: htb default 30
${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
# rest # tailscale
${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
# caddy # caddy
${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
# rest
${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
# mark traffic # mark traffic
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
# route marked packets # route marked packets
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
''; '';
}; };
interfaces.ens18 = { interfaces.ens18 = {
@ -195,5 +200,4 @@
my.roundcube.enable = true; my.roundcube.enable = true;
my.zipline.enable = true; my.zipline.enable = true;
my.searx.enable = true; my.searx.enable = true;
my.attic.enable = true;
} }

12
hosts/chunk/garage.nix
View file

@ -10,13 +10,15 @@
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";
root_domain = "s3.cy7.sh"; root_domain = "s3.cy7.sh";
}; };
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.s3.cy7.sh";
index = "index.html";
};
admin.api_bind_addr = "[::]:3903"; admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
replication_factor = 1; replication_factor = 1;
db_engine = "lmdb"; db_engine = "lmdb";
disable_scrub = true;
block_size = "10M";
compression_level = "none";
}; };
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
}; };
@ -29,6 +31,10 @@
reverse_proxy localhost:3900 reverse_proxy localhost:3900
''; '';
}; };
"*.web.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3902
'';
"admin.s3.cy7.sh".extraConfig = '' "admin.s3.cy7.sh".extraConfig = ''
import common import common
reverse_proxy localhost:3903 reverse_proxy localhost:3903

8
hosts/chunk/grafana.nix
View file

@ -29,14 +29,6 @@
} }
]; ];
} }
{
job_name = "garage";
static_configs = [
{
targets = [ "127.0.0.1:3903" ];
}
];
}
]; ];
}; };

49
hosts/chunk/rclone.nix
View file

@ -15,20 +15,30 @@
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
ExecStart = '' ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
${lib.getExe pkgs.rclone} mount \ config.sops.secrets."rclone/config".path
--config ${config.sops.secrets."rclone/config".path} \ } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos ";
--cache-dir /var/cache/rclone \
--transfers=32 \
--dir-cache-time 30d \
--vfs-cache-mode writes \
--vfs-cache-max-size 2G \
photos: /mnt/photos
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos";
}; };
}; };
systemd.services.attic-mount = {
enable = true;
description = "Mount the attic data remote";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [ "atticd.service" ];
before = [ "atticd.service" ];
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
};
};
systemd.services.garage-mount = { systemd.services.garage-mount = {
enable = true; enable = true;
description = "Mount the garage data remote"; description = "Mount the garage data remote";
@ -39,22 +49,9 @@
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
ExecStart = '' ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
${lib.getExe pkgs.rclone} mount \ config.sops.secrets."rclone/config".path
--config ${config.sops.secrets."rclone/config".path} \ } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
--allow-other \
--cache-dir /var/cache/rclone \
--transfers=32 \
--vfs-cache-mode full \
--vfs-cache-min-free-space 5G \
--dir-cache-time 30d \
--no-checksum \
--no-modtime \
--vfs-fast-fingerprint \
--vfs-read-chunk-size 10M \
--vfs-read-chunk-streams 32 \
rsyncnet:garage /mnt/garage
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
}; };
}; };

16
hosts/chunk/tor.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
services.tor = {
enable = true;
openFirewall = true;
relay = {
enable = true;
role = "relay";
};
settings = {
ORPort = 9001;
Nickname = "chunk";
# MaxAdvertisedBandwidth = "20MBytes";
};
};
}

6
hosts/common.nix
View file

@ -10,14 +10,16 @@
"@wheel" "@wheel"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
]; ];
substituters = [ substituters = [
"https://niri.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.garnix.io" "https://cache.garnix.io"
"https://cache.cy7.sh/main" "https://cything.cachix.org"
]; ];
}; };
channel.enable = false; channel.enable = false;

6
hosts/ytnix/containers.nix
View file

@ -6,11 +6,9 @@
}: }:
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
immich-ml = immich-ml = let
let
modelCache = "/opt/immich-ml"; modelCache = "/opt/immich-ml";
in in {
{
image = "ghcr.io/immich-app/immich-machine-learning:release"; image = "ghcr.io/immich-app/immich-machine-learning:release";
autoStart = true; autoStart = true;
pull = "newer"; pull = "newer";

6
hosts/ytnix/default.nix
View file

@ -144,12 +144,9 @@
"docker" "docker"
"disk" "disk"
"adbusers" "adbusers"
"podman"
]; ];
environment.systemPackages = environment.systemPackages = with pkgs; lib.flatten [
with pkgs;
lib.flatten [
tmux tmux
vim vim
wget wget
@ -387,5 +384,4 @@
programs.ccache.enable = true; programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
nix.settings.sandbox = false;
} }

47
modules/attic.nix
View file

@ -1,47 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.my.attic;
in
{
options.my.attic = {
enable = lib.mkEnableOption "attic";
};
config = lib.mkIf cfg.enable {
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."attic/env".path;
settings = {
listen = "[::]:8091";
api-endpoint = "https://cache.cy7.sh/";
allowed-hosts = [ "cache.cy7.sh" ];
require-proof-of-possession = false;
compression = {
type = "none";
level = 3;
};
database.url = "postgresql:///atticd?host=/run/postgresql";
storage = {
type = "s3";
region = "us-east-1";
bucket = "attic";
endpoint = "https://s3.cy7.sh";
};
garbage-collection = {
default-retention-period = "1 month";
};
};
};
services.caddy.virtualHosts."cache.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8091
'';
};
}

5
modules/containerization.nix
View file

@ -28,11 +28,8 @@ in
dns_enabled = true; dns_enabled = true;
ipv6_enabled = true; ipv6_enabled = true;
}; };
# answer on /var/run/docker.sock
dockerSocket.enable = true;
}; };
docker.enable = lib.mkIf (!cfg.usePodman) true; oci-containers.backend = lib.mkIf cfg.usePodman "podman";
oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker";
}; };
}; };
} }

1
modules/default.nix
View file

@ -8,6 +8,5 @@
./containerization.nix ./containerization.nix
./vaultwarden.nix ./vaultwarden.nix
./searx.nix ./searx.nix
./attic.nix
]; ];
} }

13
overlay/attic/concurrent-32.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/server/src/config.rs b/server/src/config.rs
index 4412cbf..6dd483a 100644
--- a/server/src/config.rs
+++ b/server/src/config.rs
@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration {
}
fn default_concurrent_chunk_uploads() -> usize {
- 10
+ 32
}
fn load_config_from_path(path: &Path) -> Result<Config> {

27
overlay/attic/default.nix
View file

@ -1,7 +1,26 @@
final: prev: { final: prev: {
attic-server = prev.attic-server.overrideAttrs { attic-client = prev.attic-client.override (old: {
patches = [ rustPlatform = old.rustPlatform // {
./prefetch-32-chunks.patch buildRustPackage =
]; args:
old.rustPlatform.buildRustPackage (
args
// {
version = "0.1.1";
src = final.fetchFromGitHub {
owner = "cything";
repo = "attic";
rev = "d660c85bdb6bb10499a23a846a13107ea0c72769";
hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg=";
}; };
cargoLock = null;
cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
useFetchCargoVendor = true;
patches = [
./concurrent-32.patch
];
}
);
};
});
} }

13
overlay/attic/prefetch-32-chunks.patch
View file

@ -1,13 +0,0 @@
diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs
index 02e4857..71eeee8 100644
--- a/server/src/api/binary_cache.rs
+++ b/server/src/api/binary_cache.rs
@@ -262,7 +262,7 @@ async fn get_nar(
// TODO: Make num_prefetch configurable
// The ideal size depends on the average chunk size
- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| {
+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| {
tracing::error!(%e, "Stream error");
e
});

9
overlay/bitwarden/default.nix
View file

@ -1,9 +0,0 @@
final: prev: {
bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (
finalAttrs: prevAttrs: {
patches = prevAttrs.patches ++ [
./ssh-agent-no-confirm.patch
];
}
);
}

34
overlay/bitwarden/ssh-agent-no-confirm.patch
View file

@ -1,34 +0,0 @@
diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs
index 4e304cc..8203dca 100644
--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
+++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs
@@ -44,28 +44,7 @@ impl ssh_agent::Agent<peerinfo::models::PeerInfo> for BitwardenDesktopAgent {
return false;
}
- let request_id = self.get_request_id().await;
- println!(
- "[SSH Agent] Confirming request from application: {}",
- info.process_name()
- );
-
- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe();
- self.show_ui_request_tx
- .send(SshAgentUIRequest {
- request_id,
- cipher_id: Some(ssh_key.cipher_uuid.clone()),
- process_name: info.process_name().to_string(),
- is_list: false,
- })
- .await
- .expect("Should send request to ui");
- while let Ok((id, response)) = rx_channel.recv().await {
- if id == request_id {
- return response;
- }
- }
- false
+ true
}
async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool {

44
overlay/conduwuit/default.nix Normal file
View file

@ -0,0 +1,44 @@
final: prev:
let
newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
newRustPlatform = final.makeRustPlatform {
cargo = newRust;
rustc = newRust;
};
in
{
conduwuit = prev.conduwuit.override (old: {
rustPlatform = newRustPlatform // {
buildRustPackage =
args:
newRustPlatform.buildRustPackage (
args
// {
version = "0.5.0-rc2";
src = final.fetchFromGitHub {
owner = "girlbossceo";
repo = "conduwuit";
rev = "5b8464252c2c03edf65e43153be026dbb768a12a";
hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U=";
};
doCheck = false;
cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80=";
# unstable has this set to "conduit"
meta.mainProgram = "conduwuit";
buildFeatures = [
"brotli_compression"
"element_hacks"
"gzip_compression"
"release_max_log_level" # without this feature to enable debug logging
"sentry_telemetry"
"systemd"
"zstd_compression"
"jemalloc"
"io_uring"
];
}
);
};
});
}

28
overlay/conduwuit/rust-toolchain.toml Normal file
View file

@ -0,0 +1,28 @@
# This is the authoritiative configuration of this project's Rust toolchain.
#
# Other files that need upkeep when this changes:
#
# * `Cargo.toml`
# * `flake.nix`
#
# Search in those files for `rust-toolchain.toml` to find the relevant places.
# If you're having trouble making the relevant changes, bug a maintainer.
[toolchain]
channel = "1.84.0"
profile = "minimal"
components = [
# For rust-analyzer
"rust-src",
"rust-analyzer",
# For CI and editors
"rustfmt",
"clippy",
]
targets = [
#"x86_64-apple-darwin",
"x86_64-unknown-linux-gnu",
"x86_64-unknown-linux-musl",
"aarch64-unknown-linux-musl",
#"aarch64-apple-darwin",
]

20
overlay/default.nix
View file

@ -1,30 +1,24 @@
{ inputs }: { inputs }:
let let
overlays = [ overlays = [
./zipline
./bitwarden
./attic ./attic
./zipline
]; ];
importedOverlays = map (m: import m) overlays; importedOverlays = map (m: import m) overlays;
in in
[ importedOverlays
++ [
( (
final: prev: final: prev:
let let
nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg};
pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; pkgFrom = flake: pkgFrom' flake "default";
pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg};
in in
{ {
conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; conduwuit =
pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised";
pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher";
attic-server = pkgFrom inputs.attic "attic-server";
attic = pkgFrom inputs.attic "attic";
garage = (
(pkgFrom inputs.garage "default").overrideAttrs {
meta.mainProgram = "garage";
}
);
} }
) )
] ]
++ importedOverlays

6
secrets/services/attic.yaml
View file

File diff suppressed because one or more lines are too long

10
secrets/yt/aws.yaml
View file

@ -1,8 +1,6 @@
aws: aws:
key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str]
key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str]
_r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str]
_r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str]
_garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str]
_garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str]
sops: sops:
@ -29,8 +27,8 @@ sops:
UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-16T16:45:13Z" lastmodified: "2025-02-27T02:50:27Z"
mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4