9 changed files with 49 additions and 64 deletions
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@ -24,33 +24,14 @@ jobs:
        os:
          - ubuntu-latest
          - ubuntu-24.04-arm
-          # - macos-latest
+          - macos-latest
-          # - macos-13
+          - macos-13
    runs-on: ${{ matrix.os }}
    steps:
      - name: setup binary cache key
        run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
      - name: Sync repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: post-build-hook
        run: |
          sudo mkdir -p /etc/nix
          sudo cp ci/upload-to-cache.sh /etc/nix/
          sudo chmod +x /etc/nix/upload-to-cache.sh
      - name: setup s3 credentials
        run: |
          sudo mkdir /root/.aws
          echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
          echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
          echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
          echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
      - name: Install Nix
        uses: cachix/install-nix-action@v30
        with:
@ -63,10 +44,20 @@ jobs:
            secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
            extra-substituters = https://nixcache.cy7.sh
            extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
            post-build-hook = /etc/nix/upload-to-cache.sh
      - run: nix build -L ${{ matrix.package }}
      - name: cache result
        # https://stackoverflow.com/a/58859404
        if: '!cancelled()'
        run: |
          nix run github:cything/nixcp -- \
            push \
            --bucket nixcache \
            --signing-key ${{ runner.temp }}/cache-priv-key.pem \
            -u https://nix-community.cachix.org \
            "${{ matrix.package }}"
      - name: prepare tarball to upload
        run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
--- a/flake.lock
+++ b/flake.lock
@ -17,11 +17,11 @@
    },
    "crane_2": {
      "locked": {
-        "lastModified": 1741481578,
+        "lastModified": 1741148495,
-        "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
+        "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
+        "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
        "type": "github"
      },
      "original": {
@ -69,11 +69,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741352980,
+        "lastModified": 1740872218,
-        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
+        "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
+        "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
        "type": "github"
      },
      "original": {
@ -147,11 +147,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1745229893,
+        "lastModified": 1745093116,
-        "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=",
+        "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=",
        "owner": "deuxfleurs-org",
        "repo": "garage",
-        "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40",
+        "rev": "4ef954d17604eba8aafa52902cd3c573978c7195",
        "type": "github"
      },
      "original": {
@ -189,11 +189,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745256380,
+        "lastModified": 1745128386,
-        "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
+        "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
+        "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7",
        "type": "github"
      },
      "original": {
@ -214,11 +214,11 @@
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1745217777,
+        "lastModified": 1741442524,
-        "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=",
+        "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "e4cf2086105f47a22f92985358db295a20746abb",
+        "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
        "type": "github"
      },
      "original": {
@ -319,11 +319,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741379162,
+        "lastModified": 1740915799,
-        "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
+        "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
+        "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
        "type": "github"
      },
      "original": {
@ -376,11 +376,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741573199,
+        "lastModified": 1741228283,
-        "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=",
+        "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a",
+        "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
        "type": "github"
      },
      "original": {
@ -417,11 +417,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745207416,
+        "lastModified": 1745116541,
-        "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=",
+        "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a",
+        "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080",
        "type": "github"
      },
      "original": {
@ -503,11 +503,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745251368,
+        "lastModified": 1745114521,
-        "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=",
+        "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa",
+        "rev": "ff14820202442f847fd37862eb48a7cb254a19d3",
        "type": "github"
      },
      "original": {
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -53,7 +53,6 @@
        toolchain:
        toolchain.default.override {
          extensions = [ "rust-src" ];
          targets = [ "aarch64-unknown-linux-musl" ];
        }
      ))
      pwgen
@ -106,7 +105,6 @@
      minio-client
      nil
      keepassxc
      lua-language-server
    ];
  home.sessionVariables = {
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -187,5 +187,4 @@
    enable = false;
    dataDir = "/opt/karakeep";
  };
  my.roundcube.enable = true;
 }
--- a/hosts/chunk/postgres.nix
+++ b/hosts/chunk/postgres.nix
@ -19,5 +19,8 @@
      }
    ];
  };
-  services.postgresqlBackup.enable = true;
+  services.postgresqlBackup = {
    enable = true;
    startAt = "hourly";
  };
 }
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -23,14 +23,13 @@ let
        --vfs-fast-fingerprint \
        --vfs-read-chunk-size 8M \
        --vfs-read-chunk-streams 16 \
-        --sftp-concurrency 64 \
+        --sftp-concurrency 128 \
        --sftp-chunk-size 255k \
        --buffer-size 0 \
        --write-back-cache \
        ${remote} ${mount}
    '';
    ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}";
    Restart = "on-failure";
  };
 in
 {
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -87,7 +87,7 @@
    resolvconf.enable = true;
    firewall = {
      enable = true;
-      trustedInterfaces = [ "tailscale0" "virbr0" ];
+      trustedInterfaces = [ "tailscale0" ];
      # allowedTCPPorts = [
      #   8080 # mitmproxy
      #   22000 # syncthing
--- a/modules/backup.nix
+++ b/modules/backup.nix
@ -47,7 +47,7 @@ in
    };
    startAt = lib.mkOption {
      type = lib.types.str;
-      default = "daily";
+      default = "hourly";
      description = "see systemd.timer(5)";
    };
    jobName = lib.mkOption {
@ -98,9 +98,8 @@ in
      failOnWarnings = false;
      prune.keep = {
-        daily = 7;
+        within = "2d";
-        weekly = 12;
+        daily = 365;
        monthly = -1;
      };
      extraPruneArgs = [ "--stats" ];
    };
--- a/modules/roundcube.nix
+++ b/modules/roundcube.nix
@ -31,7 +31,6 @@ in
        "contextmenu"
        "custom_from"
        "thunderbird_labels"
        "managesieve"
      ];
      dicts = with pkgs.aspellDicts; [ en ];
      extraConfig = ''
@ -39,8 +38,6 @@ in
        $config['smtp_host'] = "ssl://smtp.migadu.com:465";
        $config['smtp_user'] = "%u";
        $config['smtp_pass'] = "%p";
        $config['managesieve_host'] = "tls://imap.migadu.com";
        $config['managesieve_port'] = 4190;
      '';
    };
@ -51,7 +48,6 @@ in
    services.caddy.virtualHosts."mail.cy7.sh".extraConfig = ''
      import common
      import authelia
      root ${roundcube.package}
      php_fastcgi unix/${fpm.socket}
      file_server