From 48d8bacea8a961fdc306c788901da963fb38c549 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 13:53:21 -0400 Subject: [PATCH 1/5] change backup frequency --- home/yt/ytnix.nix | 1 + hosts/chunk/postgres.nix | 5 +---- hosts/ytnix/default.nix | 2 +- modules/backup.nix | 7 ++++--- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index f22d425..8afd45e 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -53,6 +53,7 @@ toolchain: toolchain.default.override { extensions = [ "rust-src" ]; + targets = [ "aarch64-unknown-linux-musl" ]; } )) pwgen diff --git a/hosts/chunk/postgres.nix b/hosts/chunk/postgres.nix index 07a3125..c4a6233 100644 --- a/hosts/chunk/postgres.nix +++ b/hosts/chunk/postgres.nix @@ -19,8 +19,5 @@ } ]; }; - services.postgresqlBackup = { - enable = true; - startAt = "hourly"; - }; + services.postgresqlBackup.enable = true; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ddf1364..c3759fa 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,7 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; + trustedInterfaces = [ "tailscale0" "virbr0" ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing diff --git a/modules/backup.nix b/modules/backup.nix index 2715deb..a07542d 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -47,7 +47,7 @@ in }; startAt = lib.mkOption { type = lib.types.str; - default = "hourly"; + default = "daily"; description = "see systemd.timer(5)"; }; jobName = lib.mkOption { @@ -98,8 +98,9 @@ in failOnWarnings = false; prune.keep = { - within = "2d"; - daily = 365; + daily = 7; + weekly = 12; + monthly = -1; }; extraPruneArgs = [ "--stats" ]; }; From d97917bba07573c81ea13f76683051607df9c674 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 13:54:25 -0400 Subject: [PATCH 2/5] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'garage': 'github:deuxfleurs-org/garage/4ef954d17604eba8aafa52902cd3c573978c7195' (2025-04-19) → 'github:deuxfleurs-org/garage/3c20984a08528f1a6672c8afc83d2306a0361e40' (2025-04-21) • Updated input 'home-manager': 'github:nix-community/home-manager/f98314bb064cf8f8446c44afbadaaad2505875a7' (2025-04-20) → 'github:nix-community/home-manager/22b326b42bf42973d5e4fe1044591fb459e6aeac' (2025-04-21) • Updated input 'lanzaboote': 'github:nix-community/lanzaboote/d8099586d9a84308ffedac07880e7f07a0180ff4' (2025-03-08) → 'github:nix-community/lanzaboote/e4cf2086105f47a22f92985358db295a20746abb' (2025-04-21) • Updated input 'lanzaboote/crane': 'github:ipetkov/crane/75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53' (2025-03-05) → 'github:ipetkov/crane/bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5' (2025-03-09) • Updated input 'lanzaboote/flake-parts': 'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01) → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07) • Updated input 'lanzaboote/pre-commit-hooks-nix': 'github:cachix/pre-commit-hooks.nix/42b1ba089d2034d910566bf6b40830af6b8ec732' (2025-03-02) → 'github:cachix/pre-commit-hooks.nix/b5a62751225b2f62ff3147d0a334055ebadcd5cc' (2025-03-07) • Updated input 'lanzaboote/rust-overlay': 'github:oxalica/rust-overlay/38e9826bc4296c9daf18bc1e6aa299f3e932a403' (2025-03-06) → 'github:oxalica/rust-overlay/c777dc8a1e35407b0e80ec89817fe69970f4e81a' (2025-03-10) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/e2142ef330a61c02f274ac9a9cb6f8487a5d0080' (2025-04-20) → 'github:oxalica/rust-overlay/68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a' (2025-04-21) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/ff14820202442f847fd37862eb48a7cb254a19d3' (2025-04-20) → 'github:nix-community/nix-vscode-extensions/6dfa23066faf8643ca05eac994aa14ef695231aa' (2025-04-21) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 4370247..2044b2a 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745093116, - "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", + "lastModified": 1745229893, + "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", + "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745128386, - "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", + "lastModified": 1745256380, + "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", "owner": "nix-community", "repo": "home-manager", - "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", + "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1741442524, - "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", + "lastModified": 1745217777, + "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", + "rev": "e4cf2086105f47a22f92985358db295a20746abb", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1740915799, - "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "lastModified": 1741379162, + "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", "type": "github" }, "original": { @@ -376,11 +376,11 @@ ] }, "locked": { - "lastModified": 1741228283, - "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "lastModified": 1741573199, + "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745116541, - "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", + "lastModified": 1745207416, + "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", + "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745114521, - "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", + "lastModified": 1745251368, + "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", + "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa", "type": "github" }, "original": { From 4f2af1bcfcffb3785cd3a25e2894951ba7ce76e8 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 17:19:13 -0400 Subject: [PATCH 3/5] rclone: limit sftp-concurrency to 64 (again) --- hosts/chunk/rclone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c474af..beb352f 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -23,7 +23,7 @@ let --vfs-fast-fingerprint \ --vfs-read-chunk-size 8M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ --write-back-cache \ From 17e257a318730463b5e5bd363485464847862d51 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 21 Apr 2025 22:04:05 -0400 Subject: [PATCH 4/5] use post-build-hook for build packages --- .github/workflows/build-packages.yml | 35 +++++++++++++++++----------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 423c88a..343a54f 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -24,14 +24,33 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - - macos-latest - - macos-13 + # - macos-latest + # - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -44,20 +63,10 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + post-build-hook = /etc/nix/upload-to-cache.sh - run: nix build -L ${{ matrix.package }} - - name: cache result - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - "${{ matrix.package }}" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From 9546caaa7cb896905847308aab02c20bf3f0d27f Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 23 Apr 2025 09:56:59 -0400 Subject: [PATCH 5/5] bring back roundcube (with sieve) --- home/yt/ytnix.nix | 1 + hosts/chunk/default.nix | 1 + hosts/chunk/rclone.nix | 1 + modules/roundcube.nix | 4 ++++ 4 files changed, 7 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8afd45e..c08d0b8 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -106,6 +106,7 @@ minio-client nil keepassxc + lua-language-server ]; home.sessionVariables = { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2e4c960..6f73eaf 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -187,4 +187,5 @@ enable = false; dataDir = "/opt/karakeep"; }; + my.roundcube.enable = true; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index beb352f..1c253f2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -30,6 +30,7 @@ let ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + Restart = "on-failure"; }; in { diff --git a/modules/roundcube.nix b/modules/roundcube.nix index 63b14c5..7dcfb9d 100644 --- a/modules/roundcube.nix +++ b/modules/roundcube.nix @@ -31,6 +31,7 @@ in "contextmenu" "custom_from" "thunderbird_labels" + "managesieve" ]; dicts = with pkgs.aspellDicts; [ en ]; extraConfig = '' @@ -38,6 +39,8 @@ in $config['smtp_host'] = "ssl://smtp.migadu.com:465"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; + $config['managesieve_host'] = "tls://imap.migadu.com"; + $config['managesieve_port'] = 4190; ''; }; @@ -48,6 +51,7 @@ in services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' import common + import authelia root ${roundcube.package} php_fastcgi unix/${fpm.socket} file_server