test nixcp

use nixcp to upload machines as result

.editorconfig

@@ -0,0 +1,3 @@
+[*.nix]
+indent_style = space
+indent_size = 2

.github/workflows/build-machines-and-homes.yml

@@ -39,25 +39,6 @@ jobs:
       - name: setup binary cache key
         run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
 
-      - name: Sync repository
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: post-build-hook
-        run: |
-          sudo mkdir -p /etc/nix
-          sudo cp ci/upload-to-cache.sh /etc/nix/
-          sudo chmod +x /etc/nix/upload-to-cache.sh
-
-      - name: setup s3 credentials
-        run: |
-          sudo mkdir /root/.aws
-          echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
-          echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
-          echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
-          echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
-
       - name: Install Nix
         uses: cachix/install-nix-action@v30
         with:
@@ -70,12 +51,26 @@ jobs:
             secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
             extra-substituters = https://nixcache.cy7.sh
             extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
-            post-build-hook = /etc/nix/upload-to-cache.sh
+            download-buffer-size = 1073741824
+
+      - name: Sync repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: build
         run: |
           nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}"
 
+      - name: cache
+        run: |
+          nix run \
+            github:cything/nixcp/test-in-ci -- push \
+            --bucket nixcache \
+            --endpoint $AWS_ENDPOINT_URL \
+            --signing-key ${{ runner.temp }}/cache-priv-key.pem \
+            result
+
   build-homes:
     strategy:
       fail-fast: false
@@ -85,7 +80,6 @@ jobs:
           - yt@chunk
         os:
           - ubuntu-latest
-          # - macos-latest
     runs-on: ${{ matrix.os }}
 
     steps:
@@ -104,25 +98,6 @@ jobs:
       - name: setup binary cache key
         run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
 
-      - name: Sync repository
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: post-build-hook
-        run: |
-          sudo mkdir -p /etc/nix
-          sudo cp ci/upload-to-cache.sh /etc/nix/
-          sudo chmod +x /etc/nix/upload-to-cache.sh
-
-      - name: setup s3 credentials
-        run: |
-          sudo mkdir /root/.aws
-          echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
-          echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
-          echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
-          echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
-
       - name: Install Nix
         uses: cachix/install-nix-action@v30
         with:
@@ -135,9 +110,23 @@ jobs:
             secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
             extra-substituters = https://nixcache.cy7.sh
             extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
-            post-build-hook = /etc/nix/upload-to-cache.sh
+            download-buffer-size = 1073741824
+
+      - name: Sync repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: build
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
           nix build -L "$package"
+
+      - name: cache
+        run: |
+          nix run \
+            github:cything/nixcp/test-in-ci -- push \
+            --bucket nixcache \
+            --endpoint $AWS_ENDPOINT_URL \
+            --signing-key ${{ runner.temp }}/cache-priv-key.pem \
+            result

.github/workflows/build-packages.yml

@@ -32,25 +32,6 @@ jobs:
       - name: setup binary cache key
         run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
 
-      - name: Sync repository
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: post-build-hook
-        run: |
-          sudo mkdir -p /etc/nix
-          sudo cp ci/upload-to-cache.sh /etc/nix/
-          sudo chmod +x /etc/nix/upload-to-cache.sh
-
-      - name: setup s3 credentials
-        run: |
-          sudo mkdir /root/.aws
-          echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
-          echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
-          echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
-          echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
-
       - name: Install Nix
         uses: cachix/install-nix-action@v30
         with:
@@ -63,10 +44,18 @@ jobs:
             secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
             extra-substituters = https://nixcache.cy7.sh
             extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
-            post-build-hook = /etc/nix/upload-to-cache.sh
 
       - run: nix build -L ${{ matrix.package }}
 
+      - name: cache
+        run: |
+          nix run \
+            github:cything/nixcp/test-in-ci -- push \
+            --bucket nixcache \
+            --endpoint $AWS_ENDPOINT_URL \
+            --signing-key ${{ runner.temp }}/cache-priv-key.pem \
+            result
+
       - name: prepare tarball to upload
         run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
 

README

@@ -1 +0,0 @@
-this is only open source for free ci

flake.lock

@@ -147,11 +147,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1745229893,
+        "lastModified": 1745480492,
-        "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=",
+        "narHash": "sha256-atfb7grtY2DkjR5D9xTKx/CxXoXELBb+xQK2KVe6cso=",
         "owner": "deuxfleurs-org",
         "repo": "garage",
-        "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40",
+        "rev": "bf4691d98afe348e528ee24e26b06c325cca35d0",
         "type": "github"
       },
       "original": {
@@ -189,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745256380,
+        "lastModified": 1745858959,
-        "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
+        "narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
+        "rev": "d0d9d0a1454d5a0200693570618084d80a8b336c",
         "type": "github"
       },
       "original": {
@@ -214,11 +214,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1745217777,
+        "lastModified": 1745271491,
-        "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=",
+        "narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "e4cf2086105f47a22f92985358db295a20746abb",
+        "rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba",
         "type": "github"
       },
       "original": {
@@ -257,11 +257,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745120797,
+        "lastModified": 1745725746,
-        "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
+        "narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
+        "rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6",
         "type": "github"
       },
       "original": {
@@ -277,11 +277,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744621833,
+        "lastModified": 1745836145,
-        "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=",
+        "narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=",
         "owner": "nix-community",
         "repo": "nix-ld",
-        "rev": "9a3812797e25def1d4aed62b517606b7b93989dc",
+        "rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68",
         "type": "github"
       },
       "original": {
@@ -292,11 +292,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1744932701,
+        "lastModified": 1745526057,
-        "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
+        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
+        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
         "type": "github"
       },
       "original": {
@@ -417,11 +417,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745207416,
+        "lastModified": 1745807802,
-        "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=",
+        "narHash": "sha256-Aary9kzSx9QFgfK1CDu3ZqxhuoyHvf0F71j64gXZebA=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a",
+        "rev": "9a6045615437787dfb9c1a3242fd75c6b6976b6b",
         "type": "github"
       },
       "original": {
@@ -437,11 +437,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744669848,
+        "lastModified": 1745310711,
-        "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=",
+        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "61154300d945f0b147b30d24ddcafa159148026a",
+        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
         "type": "github"
       },
       "original": {
@@ -503,11 +503,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745251368,
+        "lastModified": 1745820808,
-        "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=",
+        "narHash": "sha256-6WmnH372ixlcGIAExWBmNg8aRlP1enR97zRfvYKNqR0=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa",
+        "rev": "3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a",
         "type": "github"
       },
       "original": {

home/kitty.nix

@@ -13,6 +13,7 @@
       # for confirmation
       confirm_os_window_close = 0;
       clear_all_shortcuts = true;
+      background_opacity = 0.85;
 
       # will probably lower this later but the max allowed is actually 4GB
       # this is NOT stored in memory and can only be viewed with scrollback_pager

home/yt/ytnix.nix

@@ -8,7 +8,7 @@
     ./common.nix
     ../irssi.nix
     ../kitty.nix
-    ../codium.nix
+    # ../codium.nix
   ];
   home = {
     username = "yt";
@@ -28,10 +28,7 @@
   home.packages =
     with pkgs;
     lib.flatten [
-      ungoogled-chromium
-      librewolf
       bitwarden-desktop
-      bitwarden-cli
       fastfetch
       (with kdePackages; [
         gwenview
@@ -41,14 +38,12 @@
       signal-desktop
       btop
       jq
-      sqlite
       usbutils
       calibre
       tor-browser
       wtype
       bat
       rclone
-      go
       (rust-bin.selectLatestNightlyWith (
         toolchain:
         toolchain.default.override {
@@ -56,12 +51,9 @@
           targets = [ "aarch64-unknown-linux-musl" ];
         }
       ))
-      pwgen
       gnumake
       unzip
       anki-bin
-      trezorctl
-      q
       gdb
       fuzzel
       hugo
@@ -90,23 +82,18 @@
       jadx
       scrcpy
       syncthing
-      syncthingtray
       (with llvmPackages; [
         clangUseLLVM
         compiler-rt
         libllvm
       ])
       nix-output-monitor
-      wl-clipboard-rs
-      pixelflasher
       cinny-desktop
-      freetube
-      gopls
-      rust-analyzer
       minio-client
-      nil
       keepassxc
-      lua-language-server
+      ida-free
+      jujutsu
+      ffmpeg
     ];
 
   home.sessionVariables = {
@@ -158,6 +145,19 @@
     enable = true;
     viAlias = true;
     vimAlias = true;
+    extraPackages = with pkgs; [
+      lua-language-server
+      nil
+      rust-analyzer
+      fzf
+      fd
+      ripgrep
+      bat
+      delta
+      taplo
+      llvmPackages.clang-tools
+      pyright
+    ];
   };
 
   programs.ssh = {
@@ -166,4 +166,32 @@
   };
 
   programs.firefox.enable = true;
+
+  programs.emacs = {
+    enable = true;
+    extraPackages = _: with pkgs; [
+      rust-analyzer
+      nil
+      ispell
+    ];
+  };
+
+  gtk = {
+    enable = true;
+    theme.package = pkgs.gnome-themes-extra;
+    theme.name = "Adwaita-dark";
+  };
+
+  qt = {
+    enable = true;
+    platformTheme.name = "adwaita";
+    style.name = "adwaita-dark";
+    style.package = pkgs.adwaita-qt;
+  };
+
+  dconf.settings = {
+    "org/gnome/desktop/interface" = {
+      color-scheme = "prefer-dark";
+    };
+  };
 }

home/zsh/default.nix

@@ -37,12 +37,6 @@
       searchDownKey = "^n";
     };
 
-    # prezto = {
-    #   enable = true;
-    #   caseSensitive = false;
-    #   editor.keymap = "vi";
-    # };
-
     initExtra = ''
       # disable control+s to pause terminal
       unsetopt FLOW_CONTROL
@@ -85,14 +79,11 @@
     shellAliases = {
       "vi" = "nvim";
       "vim" = "nvim";
-      "t" = "tmux";
-      "tl" = "tmux list-sessions";
-      "ta" = "tmux new-session -A -s";
       "se" = "sudoedit";
       "s" = "sudo";
-      "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json";
+      "nrs" = "sudo nixos-rebuild switch -L --flake ~/nixos-config";
-      "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json";
+      "nrt" = "sudo nixos-rebuild test -L --flake ~/nixos-config";
-      "hrs" = "home-manager switch -L --flake .";
+      "hrs" = "home-manager switch -L --flake ~/nixos-config";
       "g" = "git";
       "ga" = "git add";
       "gaa" = "git add --all";
@@ -100,7 +91,6 @@
       "gc" = "git commit --verbose";
       "gcmsg" = "git commit --message";
       "gd" = "git diff";
-      "gdca" = "git diff --cached";
       "gds" = "git diff --staged";
       "gl" = "git log --stat";
       "glg" = "git log --graph";
@@ -113,6 +103,11 @@
       "gs" = "git status --short";
       "gss" = "git status";
       "code" = "codium";
+      "jl" = "jj log -n 10";
+      "jll" = "jj log";
+      "jd" = "jj diff";
+      "jn" = "jj new";
+      "jm" = "jj describe -m";
     };
   };
 

hosts/chunk/garage.nix

@@ -25,7 +25,7 @@
       compression_level = "none";
     };
     environmentFile = config.sops.secrets."garage/env".path;
-    logLevel = "warn";
+    logLevel = "info";
   };
 
   services.caddy.virtualHosts = {

hosts/chunk/rclone.nix

@@ -14,15 +14,14 @@ let
         --config ${config.sops.secrets."rclone/config".path} \
         --allow-other \
         --cache-dir /var/cache/rclone \
-        --transfers 64 \
+        --transfers 16 \
-        --vfs-cache-mode full \
+        --vfs-cache-mode writes \
         --vfs-cache-min-free-space 5G \
         --dir-cache-time 30d \
-        --no-checksum \
         --no-modtime \
         --vfs-fast-fingerprint \
-        --vfs-read-chunk-size 8M \
+        --vfs-read-chunk-size 128M \
-        --vfs-read-chunk-streams 16 \
+        --vfs-read-chunk-streams 0 \
         --sftp-concurrency 64 \
         --sftp-chunk-size 255k \
         --buffer-size 0 \

hosts/ytnix/default.nix

@@ -87,7 +87,7 @@
     resolvconf.enable = true;
     firewall = {
       enable = true;
-      trustedInterfaces = [ "tailscale0" "virbr0" ];
+      trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ];
       # allowedTCPPorts = [
       #   8080 # mitmproxy
       #   22000 # syncthing
@@ -204,7 +204,7 @@
   services.displayManager = {
     enable = true;
     autoLogin.user = "yt";
-    defaultSession = "plasma";
+    defaultSession = "sway";
     sddm = {
       enable = true;
       wayland.enable = true;
@@ -238,6 +238,7 @@
       "/home/yt/Games"
       "/home/yt/Videos"
       "/home/yt/.bitmonero"
+      "/home/yt/vms"
     ];
     repo = "yt";
     passFile = config.sops.secrets."borg/rsyncnet".path;
@@ -360,12 +361,6 @@
     ];
   };
 
-  services.ollama.enable = false;
-
-  services.trezord.enable = true;
-
-  programs.niri.enable = false;
-  programs.niri.package = pkgs.niri-unstable;
   programs.xwayland.enable = true;
 
   services.udev.extraHwdb = ''
@@ -390,7 +385,24 @@
   programs.ccache.enable = true;
   nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
   programs.fuse.userAllowOther = true;
-  nix.settings.sandbox = false;
+  nix.settings.sandbox = true;
 
   programs.ssh.startAgent = true;
+
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+    extraPackages = with pkgs; [
+      rofi-wayland
+      cliphist
+      rofimoji
+      grim
+      slurp
+      swaylock
+      swayidle
+      brightnessctl
+      waybar
+      wl-clipboard
+    ];
+  };
 }

modules/authelia.nix

@@ -68,6 +68,7 @@ in
             ];
             scopes = [ "openid" "profile" "email" ];
             userinfo_signed_response_alg = "none";
+            token_endpoint_auth_method = "client_secret_basic";
           }
           {
             client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU";

modules/caddy.nix

@@ -19,9 +19,9 @@ in
         plugins = [
           # error message will tell you the correct version tag to use
           # (still need the @ to pass nix config check)
-          "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
+          "github.com/caddy-dns/cloudflare@v0.2.2-0.20250420134112-006ebb07b349"
         ];
-        hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc=";
+        hash = "sha256-2U+icm4GtI5Fww6U8nKzQ/+pPf63T3scTGuj1zjj4b4=";
       };
       logFormat = lib.mkForce "level INFO";
       acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
@@ -37,9 +37,9 @@ in
 
         (authelia) {
           forward_auth localhost:9091 {
-		        uri /api/authz/forward-auth
+            uri /api/authz/forward-auth
-		        copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+            copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
-	        }
+	  }
         }
       '';
       environmentFile = config.sops.secrets."caddy/env".path;