diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 343a54f..423c88a 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -24,33 +24,14 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - # - macos-latest - # - macos-13 + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: post-build-hook - run: | - sudo mkdir -p /etc/nix - sudo cp ci/upload-to-cache.sh /etc/nix/ - sudo chmod +x /etc/nix/upload-to-cache.sh - - - name: setup s3 credentials - run: | - sudo mkdir /root/.aws - echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials - echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials - echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials - echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config - - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -63,10 +44,20 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - post-build-hook = /etc/nix/upload-to-cache.sh - run: nix build -L ${{ matrix.package }} + - name: cache result + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' + run: | + nix run github:cything/nixcp -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + -u https://nix-community.cachix.org \ + "${{ matrix.package }}" + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/flake.lock b/flake.lock index 2044b2a..4370247 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741481578, - "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "owner": "ipetkov", "repo": "crane", - "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", "type": "github" }, "original": { @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745229893, - "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=", + "lastModified": 1745093116, + "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40", + "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745256380, - "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", + "lastModified": 1745128386, + "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", "owner": "nix-community", "repo": "home-manager", - "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", + "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1745217777, - "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "e4cf2086105f47a22f92985358db295a20746abb", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1741379162, - "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", "type": "github" }, "original": { @@ -376,11 +376,11 @@ ] }, "locked": { - "lastModified": 1741573199, - "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=", + "lastModified": 1741228283, + "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a", + "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745207416, - "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=", + "lastModified": 1745116541, + "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a", + "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745251368, - "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=", + "lastModified": 1745114521, + "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa", + "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", "type": "github" }, "original": { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c08d0b8..f22d425 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -53,7 +53,6 @@ toolchain: toolchain.default.override { extensions = [ "rust-src" ]; - targets = [ "aarch64-unknown-linux-musl" ]; } )) pwgen @@ -106,7 +105,6 @@ minio-client nil keepassxc - lua-language-server ]; home.sessionVariables = { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 6f73eaf..2e4c960 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -187,5 +187,4 @@ enable = false; dataDir = "/opt/karakeep"; }; - my.roundcube.enable = true; } diff --git a/hosts/chunk/postgres.nix b/hosts/chunk/postgres.nix index c4a6233..07a3125 100644 --- a/hosts/chunk/postgres.nix +++ b/hosts/chunk/postgres.nix @@ -19,5 +19,8 @@ } ]; }; - services.postgresqlBackup.enable = true; + services.postgresqlBackup = { + enable = true; + startAt = "hourly"; + }; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c253f2..1c474af 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -23,14 +23,13 @@ let --vfs-fast-fingerprint \ --vfs-read-chunk-size 8M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 64 \ + --sftp-concurrency 128 \ --sftp-chunk-size 255k \ --buffer-size 0 \ --write-back-cache \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; - Restart = "on-failure"; }; in { diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c3759fa..ddf1364 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,7 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" "virbr0" ]; + trustedInterfaces = [ "tailscale0" ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing diff --git a/modules/backup.nix b/modules/backup.nix index a07542d..2715deb 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -47,7 +47,7 @@ in }; startAt = lib.mkOption { type = lib.types.str; - default = "daily"; + default = "hourly"; description = "see systemd.timer(5)"; }; jobName = lib.mkOption { @@ -98,9 +98,8 @@ in failOnWarnings = false; prune.keep = { - daily = 7; - weekly = 12; - monthly = -1; + within = "2d"; + daily = 365; }; extraPruneArgs = [ "--stats" ]; }; diff --git a/modules/roundcube.nix b/modules/roundcube.nix index 7dcfb9d..63b14c5 100644 --- a/modules/roundcube.nix +++ b/modules/roundcube.nix @@ -31,7 +31,6 @@ in "contextmenu" "custom_from" "thunderbird_labels" - "managesieve" ]; dicts = with pkgs.aspellDicts; [ en ]; extraConfig = '' @@ -39,8 +38,6 @@ in $config['smtp_host'] = "ssl://smtp.migadu.com:465"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; - $config['managesieve_host'] = "tls://imap.migadu.com"; - $config['managesieve_port'] = 4190; ''; }; @@ -51,7 +48,6 @@ in services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' import common - import authelia root ${roundcube.package} php_fastcgi unix/${fpm.socket} file_server