From f72e9c511d5f8f7dd1b8e1934d5e7d3aa84195ba Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 5 Jan 2025 18:21:20 -0500 Subject: [PATCH 001/410] try harmonia instead of attic --- .sops.yaml | 5 ++ flake.lock | 129 +-------------------------------- flake.nix | 13 ++-- home/yt/chunk.nix | 1 - home/yt/common.nix | 1 - hosts/chunk/Caddyfile | 2 +- hosts/chunk/default.nix | 6 +- hosts/chunk/harmonia.nix | 9 +++ hosts/chunk/postgres.nix | 7 -- hosts/chunk/rclone.nix | 14 ++-- hosts/common.nix | 4 +- secrets/services/harmonia.yaml | 31 ++++++++ 12 files changed, 67 insertions(+), 155 deletions(-) create mode 100644 hosts/chunk/harmonia.nix create mode 100644 secrets/services/harmonia.yaml diff --git a/.sops.yaml b/.sops.yaml index 4966beb..1125606 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -98,3 +98,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/harmonia.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/flake.lock b/flake.lock index 1d45c9a..fe5b79e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,52 +1,6 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -104,44 +58,7 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -224,9 +141,9 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_2", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -249,27 +166,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1735834308, @@ -319,22 +215,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1710695816, "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", @@ -361,7 +241,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1717664902, @@ -379,7 +259,6 @@ }, "root": { "inputs": { - "attic": "attic", "disko": "disko", "home-manager": "home-manager", "lanzaboote": "lanzaboote", diff --git a/flake.nix b/flake.nix index 63ef18c..a3a6726 100644 --- a/flake.nix +++ b/flake.nix @@ -23,10 +23,6 @@ url = "github:nix-community/lanzaboote/v0.4.1"; inputs.nixpkgs.follows = "nixpkgs"; }; - attic = { - url = "github:zhaofengli/attic"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR @@ -34,10 +30,13 @@ nixConfig = { extra-substituters = [ - "https://cache.cything.io/central" + # "https://cache.cything.io/" + "https://nix-community.cachix.org" + "https://cache.nixos.org/" ]; extra-trusted-public-keys = [ - "central:cuiJMi+5BFUGeBPNMNWiKO6dlVTOHbHizFY+t7UW12w=" + "cache.cything.io:4NhyCpZuroY7+JP18m1wkAgJGb6WL0jrtx2Bgrvdtow=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; builders-use-substitutes = true; }; @@ -135,12 +134,10 @@ modules = [ { nixpkgs = { inherit pkgs; }; - disabledModules = [ "services/networking/atticd.nix" ]; } ./hosts/chunk inputs.sops-nix.nixosModules.sops ./modules - inputs.attic.nixosModules.atticd ]; }; diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index 3285421..6dc7441 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -17,6 +17,5 @@ home.packages = with pkgs; [ foot.terminfo - attic-server ]; } diff --git a/home/yt/common.nix b/home/yt/common.nix index f14fc37..5574b42 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -18,7 +18,6 @@ man-pages-posix man man-db - attic-client bottom btop ]; diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile index a42032c..e186f29 100644 --- a/hosts/chunk/Caddyfile +++ b/hosts/chunk/Caddyfile @@ -63,5 +63,5 @@ element.cything.io { cache.cything.io { import common - reverse_proxy localhost:8090 + reverse_proxy localhost:5000 } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index f0d214e..c296a8e 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -24,7 +24,7 @@ ./conduwuit.nix ./immich.nix ./element.nix - ./attic.nix + ./harmonia.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -82,8 +82,8 @@ "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/de3911/chunk.yaml; }; - "attic/env" = { - sopsFile = ../../secrets/services/attic.yaml; + "harmonia/key" = { + sopsFile = ../../secrets/services/harmonia.yaml; }; }; diff --git a/hosts/chunk/harmonia.nix b/hosts/chunk/harmonia.nix new file mode 100644 index 0000000..d07277e --- /dev/null +++ b/hosts/chunk/harmonia.nix @@ -0,0 +1,9 @@ +{ config, ... }: { + services.harmonia = { + enable = true; + signKeyPaths = [ config.sops.secrets."harmonia/key".path ]; + settings = { + real_nix_store = "/mnt/harmonia"; + }; + }; +} diff --git a/hosts/chunk/postgres.nix b/hosts/chunk/postgres.nix index 07a3125..c733ffb 100644 --- a/hosts/chunk/postgres.nix +++ b/hosts/chunk/postgres.nix @@ -10,13 +10,6 @@ enableTCPIP = true; ensureDatabases = [ "hedgedoc" - "atticd" - ]; - ensureUsers = [ - { - name = "atticd"; - ensureDBOwnership = true; - } ]; }; services.postgresqlBackup = { diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index e283559..d19db20 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -22,20 +22,20 @@ }; }; - systemd.services.attic-mount = { + systemd.services.harmonia-mount = { enable = true; - description = "Mount the attic data remote"; + description = "Mount the harmonia data remote"; requires = [ "network-online.target" ]; after = [ "network-online.target" ]; - requiredBy = [ "atticd.service" ]; - before = [ "atticd.service" ]; + requiredBy = [ "harmonia.service" ]; + before = [ "harmonia.service" ]; serviceConfig = { Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/harmonia"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:attic /mnt/attic "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; + } --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:harmonia /mnt/harmonia "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/harmonia"; }; }; programs.fuse.userAllowOther = true; diff --git a/hosts/common.nix b/hosts/common.nix index 64722ad..d0140b5 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -6,8 +6,8 @@ auto-optimise-store = true; flake-registry = ""; trusted-users = [ "root" "@wheel" ]; - trusted-public-keys = [ "central:cuiJMi+5BFUGeBPNMNWiKO6dlVTOHbHizFY+t7UW12w=" ]; - substituters = [ "https://cache.cything.io/central" ]; + trusted-public-keys = [ "cache.cything.io:4NhyCpZuroY7+JP18m1wkAgJGb6WL0jrtx2Bgrvdtow=" ]; + substituters = [ "https://cache.cything.io/" ]; }; channel.enable = false; optimise = { diff --git a/secrets/services/harmonia.yaml b/secrets/services/harmonia.yaml new file mode 100644 index 0000000..89ca9c1 --- /dev/null +++ b/secrets/services/harmonia.yaml @@ -0,0 +1,31 @@ +harmonia: + key: ENC[AES256_GCM,data:dNyjPTLXrCASX2Fm/qhhZC5Plo1bNuF3HuDfiIWJTf3gjB3vekgtu1/QQ6z6Fh/V964vtSs9H5vAU3gNN0vcuFE7T7RafNDVYWBJzFhv9iBgB87bVpmQkzywC+jCDFKiMATNoRwyh6Gj,iv:xaDl6ihUkrYNNPy1Eyw/cdahkVSHJ7r/taGyo0BREG4=,tag:hZlWZ/7sC7EIKP0TSCkO4A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcm5VWkVMcUs3UTVCZWtN + dVR5WTFwUUo5WmV2UkJJQWZ4MlY4cDlmOW1RCnNFb01GRlZNVDBYcm43ak9VN2lB + eTc5K2pna3lkQ09OckVPVGx1QUhOcHMKLS0tIG9JemxVVEdlR3dXWkpkWjNIYUla + SW43RDVOOVM1MkhlZC9wbE9mdk82ZU0KTloZlP16doAkgDx3aiDAd/7zrpImJNiJ + hgaffc+04c0w5FGSfWFkel+xFXtBcJ3zLfezDF6FfeUzezyWo35blA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbFJkTWxEZUozd1R2Zk83 + VWtzZnl2OExyZzMyNnBpa29IbVpFSEpRNEZjClRid0tRc3B2c2tFWFhYV2cxNDhu + R2tRS0ZLMy9tVU1XcGdtZGZWOEdwWVkKLS0tIFlxNzJsY01FSkgrbndQRXFxa21E + WWxJR09hWWpDalNKL28wazlxUnpUUGcKt3CtF9hRl+FYglm/mjMMhtR1w8Ivb04k + eYpjKTTuujIru/6i7gS1bGw3QBSqgdCuaBMYHYmVsSzh1IH6sZgiHw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-05T22:50:01Z" + mac: ENC[AES256_GCM,data:paV6ipnt6BIEAf1/fOpvvSxrFNOU8yGseIsMac4beymoeQvIpqyq9R0KH1gLBIyHf2QUA1NANgXF9IKhakskA8/HXaMkPkRFXFxdPT4ah9Ml4yp13I/mEafXtdzbru7tu5NrPDwYjfiym9fMpNcDbb7A/mB2zv2mld+s+qVxyp8=,iv:s6I1m9HnyQsZbyKaJoNKQZs9DvuQ6fKiJPEf7niIVWM=,tag:n6Wx/MfBi+vOzM0u//vAzg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From 02c0b2332fd11e3c972b32e60d2f5b42dae2993c Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 5 Jan 2025 18:27:08 -0500 Subject: [PATCH 002/410] add harmonia as trusted user --- hosts/common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/common.nix b/hosts/common.nix index d0140b5..39c2704 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -5,7 +5,7 @@ experimental-features = "nix-command flakes"; auto-optimise-store = true; flake-registry = ""; - trusted-users = [ "root" "@wheel" ]; + trusted-users = [ "root" "@wheel" "harmonia" ]; trusted-public-keys = [ "cache.cything.io:4NhyCpZuroY7+JP18m1wkAgJGb6WL0jrtx2Bgrvdtow=" ]; substituters = [ "https://cache.cything.io/" ]; }; From 1e0bf9dad992b12ce864a9f00de7daa68009b31f Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 5 Jan 2025 18:28:05 -0500 Subject: [PATCH 003/410] extra substituters --- flake.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index a3a6726..bbb92a6 100644 --- a/flake.nix +++ b/flake.nix @@ -30,13 +30,10 @@ nixConfig = { extra-substituters = [ - # "https://cache.cything.io/" - "https://nix-community.cachix.org" - "https://cache.nixos.org/" + "https://cache.cything.io/" ]; extra-trusted-public-keys = [ "cache.cything.io:4NhyCpZuroY7+JP18m1wkAgJGb6WL0jrtx2Bgrvdtow=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; builders-use-substitutes = true; }; From a46b6f576645822c21a6b95872d8bb4c549fc080 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 5 Jan 2025 20:19:16 -0500 Subject: [PATCH 004/410] attic: configure garbage collection --- hosts/chunk/attic.nix | 4 ++++ hosts/chunk/default.nix | 1 + 2 files changed, 5 insertions(+) diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index da509bd..685d3bd 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -18,6 +18,10 @@ path = "/mnt/attic"; }; + garbage-collection = { + default-retention-period = "3 months"; + }; + chunking = { nar-size-threshold = 128 * 1024 * 1024; min-size = 64 * 1024 * 1024; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index f0d214e..f9daba8 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -172,6 +172,7 @@ tmux file sops + attic-server ]; environment.variables = { From c0b2deb8ea16c4261c7be83ce10b24977e677f1e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 5 Jan 2025 22:28:14 -0500 Subject: [PATCH 005/410] update neovim plugins (#15) Co-authored-by: cything <45041772+cything@users.noreply.github.com> --- home/nvim/lazy-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/home/nvim/lazy-lock.json b/home/nvim/lazy-lock.json index d968cd1..9d1fea5 100644 --- a/home/nvim/lazy-lock.json +++ b/home/nvim/lazy-lock.json @@ -7,18 +7,18 @@ "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" }, "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" }, "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" }, - "fzf-lua": { "branch": "main", "commit": "e1eab469be103bab47d8f1a925fd8712c3a91bbb" }, + "fzf-lua": { "branch": "main", "commit": "60428a8dc931639ee5e88756b2d7bc896cdc20c7" }, "gitsigns.nvim": { "branch": "main", "commit": "5f808b5e4fef30bd8aca1b803b4e555da07fc412" }, "hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" }, "iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" }, - "lazy.nvim": { "branch": "main", "commit": "7e6c863bc7563efbdd757a310d17ebc95166cef3" }, + "lazy.nvim": { "branch": "main", "commit": "72aa3a2624be5dc240646084f7b6a38eb99eb2ce" }, "lualine.nvim": { "branch": "master", "commit": "2a5bae925481f999263d6f5ed8361baef8df4f83" }, "nvim-autopairs": { "branch": "master", "commit": "b464658e9b880f463b9f7e6ccddd93fb0013f559" }, - "nvim-cmp": { "branch": "main", "commit": "b555203ce4bd7ff6192e759af3362f9d217e8c89" }, - "nvim-lspconfig": { "branch": "master", "commit": "f4ed656e876e45cf914d7beb972830561178e232" }, + "nvim-cmp": { "branch": "main", "commit": "4c1ca8268569bfc6d487473cd17b167560e5bed2" }, + "nvim-lspconfig": { "branch": "master", "commit": "8121483b8132b7053120fafd83728178fb3febf6" }, "nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" }, - "nvim-treesitter": { "branch": "master", "commit": "57713d079c3c2afcc31f3e0650bf8594a2a296ba" }, + "nvim-treesitter": { "branch": "master", "commit": "556ac68cd33973a38d3f2abac47f361432593fe2" }, "nvim-web-devicons": { "branch": "master", "commit": "5740b7382429d20b6ed0bbdb0694185af9507d44" }, - "tokyonight.nvim": { "branch": "main", "commit": "45d22cf0e1b93476d3b6d362d720412b3d34465c" }, + "tokyonight.nvim": { "branch": "main", "commit": "7bb270adaa7692c2c33befc35f5567fc596a2504" }, "vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" } } From de31b7a558d9cdb47d1299345b2133e44f26b673 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 5 Jan 2025 22:28:41 -0500 Subject: [PATCH 006/410] flake.lock: Update (#16) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/5ad12b6ea06b84e48f6b677957c74f32d47bdee0?narHash=sha256-uTstP36WaFrw%2BTEHb8nLF14hFPzQBOhmIxzioHCDaL8%3D' (2025-01-05) → 'github:nix-community/home-manager/172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196?narHash=sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4%3D' (2025-01-05) • Updated input 'treefmt': 'github:numtide/treefmt-nix/29806abab803e498df96d82dd6f34b32eb8dd2c8?narHash=sha256-1hKMRIT%2BQZNWX46e4gIovoQ7H8QRb7803ZH4qSKI45o%3D' (2025-01-03) → 'github:numtide/treefmt-nix/1788ca5acd4b542b923d4757d4cfe4183cc6a92d?narHash=sha256-FBG9d7e0BTFfxVdw4b5EmNll2Mv7hfRc54hbB4LrKko%3D' (2025-01-05) Co-authored-by: github-actions[bot] --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1d45c9a..b38f631 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ ] }, "locked": { - "lastModified": 1736066484, - "narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=", + "lastModified": 1736089250, + "narHash": "sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0", + "rev": "172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196", "type": "github" }, "original": { @@ -457,11 +457,11 @@ ] }, "locked": { - "lastModified": 1735905407, - "narHash": "sha256-1hKMRIT+QZNWX46e4gIovoQ7H8QRb7803ZH4qSKI45o=", + "lastModified": 1736115332, + "narHash": "sha256-FBG9d7e0BTFfxVdw4b5EmNll2Mv7hfRc54hbB4LrKko=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29806abab803e498df96d82dd6f34b32eb8dd2c8", + "rev": "1788ca5acd4b542b923d4757d4cfe4183cc6a92d", "type": "github" }, "original": { From 1fc9c1fd2ce61ac85f930a285827cf71454fe7dd Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 00:08:20 -0500 Subject: [PATCH 007/410] vfs-cache for attic mount --- hosts/chunk/rclone.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index e283559..bd3098b 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -34,8 +34,8 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:attic /mnt/attic "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; + } --cache-dir /var/cache/rclone --transfers=32 --allow-other --cache-dir /var/cache/rclone --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G rsyncnet:attic /mnt/attic "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; programs.fuse.userAllowOther = true; From 5b52fa03ce9c010fb7d6231f03733e527cf01b8a Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 00:23:00 -0500 Subject: [PATCH 008/410] attic: disable chunking --- hosts/chunk/attic.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index 685d3bd..e731c01 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -23,7 +23,7 @@ }; chunking = { - nar-size-threshold = 128 * 1024 * 1024; + nar-size-threshold = 0; # disables chunking min-size = 64 * 1024 * 1024; avg-size = 128 * 1024 * 1024; max-size = 256 * 1024 * 1024; From 60243a304b540519b8c2e334d6fd47ae729f71cc Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 00:45:49 -0500 Subject: [PATCH 009/410] basically do everything all over again --- flake.nix | 2 +- hosts/chunk/attic.nix | 8 ++++---- hosts/chunk/rclone.nix | 2 +- hosts/common.nix | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 63ef18c..86f4866 100644 --- a/flake.nix +++ b/flake.nix @@ -37,7 +37,7 @@ "https://cache.cything.io/central" ]; extra-trusted-public-keys = [ - "central:cuiJMi+5BFUGeBPNMNWiKO6dlVTOHbHizFY+t7UW12w=" + "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; builders-use-substitutes = true; }; diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index e731c01..7c728be 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -19,14 +19,14 @@ }; garbage-collection = { - default-retention-period = "3 months"; + default-retention-period = "1 minute"; }; chunking = { nar-size-threshold = 0; # disables chunking - min-size = 64 * 1024 * 1024; - avg-size = 128 * 1024 * 1024; - max-size = 256 * 1024 * 1024; + min-size = 0; + avg-size = 0; + max-size = 0; }; }; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index bd3098b..1083545 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -34,7 +34,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --allow-other --cache-dir /var/cache/rclone --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G rsyncnet:attic /mnt/attic "; + } --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:attic /mnt/attic "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; diff --git a/hosts/common.nix b/hosts/common.nix index 64722ad..373f0d5 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -6,7 +6,7 @@ auto-optimise-store = true; flake-registry = ""; trusted-users = [ "root" "@wheel" ]; - trusted-public-keys = [ "central:cuiJMi+5BFUGeBPNMNWiKO6dlVTOHbHizFY+t7UW12w=" ]; + trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; substituters = [ "https://cache.cything.io/central" ]; }; channel.enable = false; From 63dd8ee08795c03615bc9e93bb90e1bd03696ae7 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 01:28:53 -0500 Subject: [PATCH 010/410] welp debugging leftover --- hosts/chunk/attic.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index 7c728be..c442f94 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -19,7 +19,7 @@ }; garbage-collection = { - default-retention-period = "1 minute"; + default-retention-period = "3 months"; }; chunking = { From 5c7d5ee4f2e7ca76435c820d45ce2a58af7060d8 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 15:15:59 -0500 Subject: [PATCH 011/410] rsync.net cutoff --- hosts/chunk/backup.nix | 2 +- hosts/chunk/default.nix | 3 --- hosts/titan/backup.nix | 2 +- hosts/ytnix/default.nix | 2 +- 4 files changed, 3 insertions(+), 6 deletions(-) diff --git a/hosts/chunk/backup.nix b/hosts/chunk/backup.nix index e30c306..8f5c23f 100644 --- a/hosts/chunk/backup.nix +++ b/hosts/chunk/backup.nix @@ -4,7 +4,7 @@ }: { my.backup = { - enable = true; + enable = false; jobName = "crashRsync"; paths = [ "/var/backup" diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index f9daba8..811901a 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -11,7 +11,6 @@ ./hardware-configuration.nix ./gitlab.nix ./backup.nix - ./rclone.nix ./postgres.nix ./wireguard.nix ./adguard.nix @@ -22,9 +21,7 @@ ./wireguard.nix ./grafana.nix ./conduwuit.nix - ./immich.nix ./element.nix - ./attic.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix index ad09978..ab0631e 100644 --- a/hosts/titan/backup.nix +++ b/hosts/titan/backup.nix @@ -4,7 +4,7 @@ }: { my.backup = { - enable = true; + enable = false; jobName = "titanRsync"; repo = "titan"; passFile = config.sops.secrets."borg/rsyncnet".path; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index fbbeeb3..15e62c7 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -205,7 +205,7 @@ }; my.backup = { - enable = true; + enable = false; jobName = "ytnixRsync"; exclude = [ "/var/lib/private/ollama" From 850432f8fd0ea1a7fbdbc242d9edda972f5b0116 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 16:33:40 -0500 Subject: [PATCH 012/410] configure nix in home-manager --- home/yt/common.nix | 21 +++++++++++++++++++++ hosts/common.nix | 1 - 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index f14fc37..e07568e 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -5,6 +5,27 @@ ../zsh ]; + nix = { + settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + flake-registry = ""; + trusted-users = [ "root" "@wheel" ]; + trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; + substituters = [ "https://cache.cything.io/central" ]; + }; + gc = { + automatic = true; + frequency = "19:00"; + persistent = true; + options = "--delete-older-than 14d"; + }; + extraOptions = '' + builders-use-substitutes = true + ''; + package = pkgs.nix; + }; + home.sessionVariables = { "EDITOR" = "nvim"; }; diff --git a/hosts/common.nix b/hosts/common.nix index 373f0d5..51a9706 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -23,7 +23,6 @@ extraOptions = '' builders-use-substitutes = true ''; - }; time.timeZone = "America/Toronto"; networking.firewall.logRefusedConnections = false; From 752849f4345212ad97b6d90142ccae0ddea8e797 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 18:43:50 -0500 Subject: [PATCH 013/410] Revert "rsync.net cutoff" This reverts commit 5c7d5ee4f2e7ca76435c820d45ce2a58af7060d8. --- hosts/chunk/backup.nix | 2 +- hosts/chunk/default.nix | 3 +++ hosts/titan/backup.nix | 2 +- hosts/ytnix/default.nix | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/backup.nix b/hosts/chunk/backup.nix index 8f5c23f..e30c306 100644 --- a/hosts/chunk/backup.nix +++ b/hosts/chunk/backup.nix @@ -4,7 +4,7 @@ }: { my.backup = { - enable = false; + enable = true; jobName = "crashRsync"; paths = [ "/var/backup" diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 811901a..f9daba8 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -11,6 +11,7 @@ ./hardware-configuration.nix ./gitlab.nix ./backup.nix + ./rclone.nix ./postgres.nix ./wireguard.nix ./adguard.nix @@ -21,7 +22,9 @@ ./wireguard.nix ./grafana.nix ./conduwuit.nix + ./immich.nix ./element.nix + ./attic.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix index ab0631e..ad09978 100644 --- a/hosts/titan/backup.nix +++ b/hosts/titan/backup.nix @@ -4,7 +4,7 @@ }: { my.backup = { - enable = false; + enable = true; jobName = "titanRsync"; repo = "titan"; passFile = config.sops.secrets."borg/rsyncnet".path; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 15e62c7..fbbeeb3 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -205,7 +205,7 @@ }; my.backup = { - enable = false; + enable = true; jobName = "ytnixRsync"; exclude = [ "/var/lib/private/ollama" From 703af75b84734137f8bcb39c249d06b07a1a1fa2 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 19:10:07 -0500 Subject: [PATCH 014/410] migrate to new rsync.net host --- hosts/chunk/default.nix | 2 +- hosts/titan/default.nix | 2 +- hosts/ytnix/default.nix | 2 +- modules/backup.nix | 7 ++++--- secrets/rclone.yaml | 6 +++--- secrets/{de3911 => zh5061}/chunk.yaml | 0 secrets/{de3911 => zh5061}/titan.yaml | 0 secrets/{de3911 => zh5061}/yt.yaml | 0 8 files changed, 10 insertions(+), 9 deletions(-) rename secrets/{de3911 => zh5061}/chunk.yaml (100%) rename secrets/{de3911 => zh5061}/titan.yaml (100%) rename secrets/{de3911 => zh5061}/yt.yaml (100%) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index f9daba8..09b91f7 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -80,7 +80,7 @@ owner = config.users.users.git.name; }; "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/de3911/chunk.yaml; + sopsFile = ../../secrets/zh5061/chunk.yaml; }; "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix index 7eb6433..e8b03f0 100644 --- a/hosts/titan/default.nix +++ b/hosts/titan/default.nix @@ -30,7 +30,7 @@ sopsFile = ../../secrets/borg/titan.yaml; }; "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/de3911/titan.yaml; + sopsFile = ../../secrets/zh5061/titan.yaml; }; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index fbbeeb3..a3b4bb6 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -33,7 +33,7 @@ sopsFile = ../../secrets/wireguard/yt.yaml; }; "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/de3911/yt.yaml; + sopsFile = ../../secrets/zh5061/yt.yaml; }; "newsboat/miniflux" = { sopsFile = ../../secrets/newsboat.yaml; diff --git a/modules/backup.nix b/modules/backup.nix index 24148c5..e632726 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -52,7 +52,7 @@ in }; repo = lib.mkOption { type = lib.types.str; - description = "Borg repository to backup to. This is appended to `de3911@de3911.rsync.net:borg/`."; + description = "Borg repository to backup to. This is appended to `zh5061@zh5061.rsync.net:borg/`."; }; startAt = lib.mkOption { type = lib.types.str; @@ -76,7 +76,7 @@ in config = lib.mkIf cfg.enable { programs.ssh.knownHostsFiles = [ (pkgs.writeText "rsyncnet-keys" '' - de3911.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo + zh5061.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd '') ]; # needs to be a list @@ -87,7 +87,7 @@ in persistentTimer = true; paths = defaultPaths ++ cfg.paths; exclude = defaultExclude ++ cfg.exclude; - repo = "de3911@de3911.rsync.net:borg/" + cfg.repo; + repo = "zh5061@zh5061.rsync.net:borg/" + cfg.repo; encryption = { mode = "repokey-blake2"; passCommand = "cat ${cfg.passFile}"; @@ -96,6 +96,7 @@ in BORG_RSH = "ssh -i ${cfg.sshKeyFile}"; BORG_REMOTE_PATH = "borg1"; BORG_EXIT_CODES = "modern"; + BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; }; compression = "auto,zstd,8"; extraCreateArgs = [ diff --git a/secrets/rclone.yaml b/secrets/rclone.yaml index feeb182..1454ee1 100644 --- a/secrets/rclone.yaml +++ b/secrets/rclone.yaml @@ -1,5 +1,5 @@ rclone: - config: ENC[AES256_GCM,data:mvbvhlePt87lZl5AWyq5l0hwop4wHdY5pY82EMyzz+KtW7DKmi/3txVuNJ/GjcDWIY9HxklDDrIbN/r+prVvl/OEquHg+YLn/0w7njWDsqIEO+GwDCUBAaZqZtc94LVkI4SYXuE1Jl5wyWy0qaqkvR3kd91bC5ABoTKXnr2yxiTIIH9M2QyXMYy2/zDI3Ux6t5+vO6kze/d1kVmxpzzNyYrPDflQgR4o94P0hDAsnOJa2MW9S10mIsOU5h61IuILm5XHWgTAgNiyEGVA/nFOsu1Ny8bUXCcWtwWNZkNmkkL7lgIpnzbm09DmKWHn18I9+nyWaYxmuKn/g9rxPPBduzg77CHyLtQv55ZI+5hsZrkPHKfoMqJrjkz3zCU/XplCrR21cHVM1Yo1LRDWcCrIzmNQiqTzBHY0QGuLPqdYtG3mcLrwwuBE8uvQt3YJ7FQHuq8vERHsq/PHBigndstGvXpfkQmn33/tAZCBPvZEKHakJ9bFyol/lPm+sbOIAaCqf0FFDSL5l3m0PiUHfZRPTS8bm+rTNPfQBclFGbwmNmvofxsCcbnJEZpqRBK38tMOp08cBjcKGyyb21Wpy8Qx1igWOVb71Rn13VfCdYFO4JoLVAX1r9uI8b3kW4qOMYY66iEnBCLbgK+81Dk+bzy+ilWQQiTYuW/lo+Dx4vPoLfIwVmgo3ooY282t0huxCi2edjq9llo+NOd63o8yNKhbAJlBPAigqAA53aqndLUka17CwXKKhT+k+zChu/ZlkQ6viPo6HJq+1rymYoK4KUrjTvXiAr+8eYpT/qJ2tTK7rCysFZhGuRlwP1Xk5z0=,iv:WXPH8jBHdqM2TL8xtFmvvXujmaNYR6AKlyJgfYVRf44=,tag:60WucstY5TAq+B8GrIOQfA==,type:str] + config: ENC[AES256_GCM,data:/GFMFowcU2940P3n/4qQEmAflNyn/s7kujrv1SmStpsVfoiqklD0aB77wh2n7nxzL+Yg98e+L1MADSUTkc1e1uAfc6NwhB62HzKuEvZwCCRs/WZas8ZMuB5cVQUtxl1kRoqLWVxUaaVQU/qsjEFj4uA/dnOe/PSR9DYOnAA7PiHFFP4rtD0/tfhsdjNUiKY62n/yVDRTNJmQ7f14jR2OPby65Xu6Upi77XvOeFDy6LMyOcAH8UF9QTw5+4r5nosOA+H9SFc4Y+BAVnboBi7McrLYtz9SAiaYFQAqT4/nbNSSfvdnvuMSNMxpW88L/UnRxtEHfAYCEyUQD+GaDIEt2vSRQLWHJB6znMxnMXi5U/S9gCP7/NdcSvCh9SkrnHmRW9dQg3euGkuaVkpiYQoORyzk7RrxjFOKHCpU4gaaLD6FBrkkJHY8zDL/176aZKBgIpFaHlQN/TVwEByVDEUfEZ4Z+Af528rBjZ/W8gV9kgYzBECQ8Mgw5/HVSwO1fvVuFQedV5pz/TxIrd9V1t1W8XDN9UYgnfctQDch2oQMA1iCVuV2Mm7I8Ew4ikNeCy5qBgBq3MfDSlpCmqeiqSuCR1V0O7FeyWgV46cm+ORVCgkAvYUH9xy8ARYEVRjK1aogjFwc+e8GhK976fvI1Lt9aE6c87AdJd58kP/LiS0So6d4VWfTZUNX1sdpZA7y2G5oSu7PRGfR94unzqzmRhbMPACvKnoLPUnod8Sw93vLu7y+QGI9zl4oICPT8GF8k1kfVdqGLWjB5i91RAJInbpkG3jeHciE3I7RC2gVNufdEmkpRx2bt7kLw30ede0=,iv:V+Kd3HRD6kfM8TTjBbmc/uQbo2iafDV5u6FtnhFSTQs=,tag:e9WX+hD2UNvnsQhCuMebUA==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: aExPM3ZCL0kvMWpZZlFuTGMvU0pQNEEKTxkA30B3nPOO1Q0ZRiZZKicqvEpJoOL5 B/PchzkTvSbjPGz55r+Qq3oTHTQ4bwxpZ7T1hMyMcXhws+oftol5/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-30T21:01:01Z" - mac: ENC[AES256_GCM,data:K9HJyxbipXb9oAiJQH+pm8hwQd6TqkJbOflFJDO1AoejYeJB5qyeGYmEgQ2l4sBmKrGetiyG5+qOaAPrKZoLeqtwyM8SxnLDUQ8dQLzEHnHGixlilkLyI4AxlznvkfVvcSjOfughVb2G4N5xIcaIWLT1+zAiweb7hoB55LGOSG8=,iv:xt1DXi4ZhIBPO9o5m4Uf8Z6B7SmbU3FGuvp5t+WgJns=,tag:WFACS8fCHOvNBAWXHZoD6A==,type:str] + lastmodified: "2025-01-06T23:47:39Z" + mac: ENC[AES256_GCM,data:Yg/CiK3pZL+RPYHFVIMZj4pmDzenOpYj8slK/XL28+5IdQ/BBIETXgCz0JjN7p7li2sYGMnKv5DDa6NhCYOGhexmTxKzumAAjYNLrZamDaDBxXs+FnN6cBxytM2eEc+GFBazl0nEPPBulZNoDsFK1TpIFnMAClVjRe1y37cNXXQ=,iv:Rlxci8NVLzF9yDro30mDkymyiv30slcLKYCMIZv3y+o=,tag:a+m9ZcA/ttxiR/JXUPLfSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/de3911/chunk.yaml b/secrets/zh5061/chunk.yaml similarity index 100% rename from secrets/de3911/chunk.yaml rename to secrets/zh5061/chunk.yaml diff --git a/secrets/de3911/titan.yaml b/secrets/zh5061/titan.yaml similarity index 100% rename from secrets/de3911/titan.yaml rename to secrets/zh5061/titan.yaml diff --git a/secrets/de3911/yt.yaml b/secrets/zh5061/yt.yaml similarity index 100% rename from secrets/de3911/yt.yaml rename to secrets/zh5061/yt.yaml From 0c943d1336b67b8a26a5f0fb138512292e9250b7 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 21:18:01 -0500 Subject: [PATCH 015/410] try more checkers --- hosts/chunk/rclone.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1083545..71ce045 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -17,7 +17,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; }; }; @@ -34,7 +34,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:attic /mnt/attic "; + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --allow-other rsyncnet:attic /mnt/attic "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; From f439de8a8bcdb8f7367ee843704341ae27977eb6 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 22:06:36 -0500 Subject: [PATCH 016/410] use my fork for attic --- flake.lock | 11 ++++++----- flake.nix | 7 ++++--- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index b38f631..e93696e 100644 --- a/flake.lock +++ b/flake.lock @@ -12,15 +12,16 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", - "owner": "zhaofengli", + "lastModified": 1736211977, + "narHash": "sha256-Bzt7ZnmR1Dj0j0S/gwCwFt5n1aRdx1zZgFUtNE0R++k=", + "owner": "cything", "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", + "rev": "e6175ad2434c6c8eab576b5544bb0bad13cc14e6", "type": "github" }, "original": { - "owner": "zhaofengli", + "owner": "cything", + "ref": "32", "repo": "attic", "type": "github" } diff --git a/flake.nix b/flake.nix index 86f4866..84a6521 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; attic = { - url = "github:zhaofengli/attic"; + url = "github:cything/attic/32"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -76,8 +76,9 @@ flake: pkgNames: _final: prev: overridePkgsFromFlake prev flake pkgNames; overlays = [ - (overlayPkgsFromFlake inputs.nixpkgs-stable [ - # "prometheus" # fails to build on unstable + (overlayPkgsFromFlake inputs.attic [ + "attic-server" + "attic-client" ]) ] ++ import ./overlay; From c1001402d45124747ab5ad87484509373d03e708 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 6 Jan 2025 22:08:12 -0500 Subject: [PATCH 017/410] fix home-manager nix settings --- home/yt/common.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index e07568e..bfbdd0b 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -9,7 +9,6 @@ settings = { experimental-features = "nix-command flakes"; auto-optimise-store = true; - flake-registry = ""; trusted-users = [ "root" "@wheel" ]; trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; substituters = [ "https://cache.cything.io/central" ]; From ae627a95e5dd0090000e06c911183ef67294f711 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 03:14:17 -0500 Subject: [PATCH 018/410] flake.lock: Update (#18) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196?narHash=sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4%3D' (2025-01-05) → 'github:nix-community/home-manager/20665c6efa83d71020c8730f26706258ba5c6b2a?narHash=sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs%3D' (2025-01-06) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/6df24922a1400241dae323af55f30e4318a6ca65?narHash=sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk%3D' (2025-01-02) → 'github:nixos/nixpkgs/8f3e1f807051e32d8c95cd12b9b421623850a34d?narHash=sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs%2BrI%3D' (2025-01-04) • Updated input 'sops-nix': 'github:Mic92/sops-nix/5dc08f9cc77f03b43aacffdfbc8316807773c930?narHash=sha256-xJRN0FmX9QJ6%2Bw8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20%3D' (2025-01-05) → 'github:Mic92/sops-nix/c9c88f08e3ee495e888b8d7c8624a0b2519cb773?narHash=sha256-eSjkBwBdQk%2BTZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4%3D' (2025-01-06) • Updated input 'treefmt': 'github:numtide/treefmt-nix/1788ca5acd4b542b923d4757d4cfe4183cc6a92d?narHash=sha256-FBG9d7e0BTFfxVdw4b5EmNll2Mv7hfRc54hbB4LrKko%3D' (2025-01-05) → 'github:numtide/treefmt-nix/13c913f5deb3a5c08bb810efd89dc8cb24dd968b?narHash=sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw%3D' (2025-01-06) Co-authored-by: github-actions[bot] --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index e93696e..1ffb0c4 100644 --- a/flake.lock +++ b/flake.lock @@ -210,11 +210,11 @@ ] }, "locked": { - "lastModified": 1736089250, - "narHash": "sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4=", + "lastModified": 1736204492, + "narHash": "sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs=", "owner": "nix-community", "repo": "home-manager", - "rev": "172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196", + "rev": "20665c6efa83d71020c8730f26706258ba5c6b2a", "type": "github" }, "original": { @@ -273,11 +273,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736012469, + "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "type": "github" }, "original": { @@ -423,11 +423,11 @@ ] }, "locked": { - "lastModified": 1736064798, - "narHash": "sha256-xJRN0FmX9QJ6+w8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20=", + "lastModified": 1736203741, + "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5dc08f9cc77f03b43aacffdfbc8316807773c930", + "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", "type": "github" }, "original": { @@ -458,11 +458,11 @@ ] }, "locked": { - "lastModified": 1736115332, - "narHash": "sha256-FBG9d7e0BTFfxVdw4b5EmNll2Mv7hfRc54hbB4LrKko=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1788ca5acd4b542b923d4757d4cfe4183cc6a92d", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { From 1a13af5c5eac4dc03d966003c4a09a5aa8d753a6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 03:14:43 -0500 Subject: [PATCH 019/410] update neovim plugins (#17) Co-authored-by: cything <45041772+cything@users.noreply.github.com> --- home/nvim/lazy-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/home/nvim/lazy-lock.json b/home/nvim/lazy-lock.json index 9d1fea5..ddbe841 100644 --- a/home/nvim/lazy-lock.json +++ b/home/nvim/lazy-lock.json @@ -7,17 +7,17 @@ "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" }, "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" }, "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" }, - "fzf-lua": { "branch": "main", "commit": "60428a8dc931639ee5e88756b2d7bc896cdc20c7" }, + "fzf-lua": { "branch": "main", "commit": "12b4bc6257da8a8ffe6662e98322962259b847b4" }, "gitsigns.nvim": { "branch": "main", "commit": "5f808b5e4fef30bd8aca1b803b4e555da07fc412" }, "hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" }, "iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" }, - "lazy.nvim": { "branch": "main", "commit": "72aa3a2624be5dc240646084f7b6a38eb99eb2ce" }, + "lazy.nvim": { "branch": "main", "commit": "d8f26efd456190241afd1b0f5235fe6fdba13d4a" }, "lualine.nvim": { "branch": "master", "commit": "2a5bae925481f999263d6f5ed8361baef8df4f83" }, "nvim-autopairs": { "branch": "master", "commit": "b464658e9b880f463b9f7e6ccddd93fb0013f559" }, - "nvim-cmp": { "branch": "main", "commit": "4c1ca8268569bfc6d487473cd17b167560e5bed2" }, + "nvim-cmp": { "branch": "main", "commit": "8c82d0bd31299dbff7f8e780f5e06d2283de9678" }, "nvim-lspconfig": { "branch": "master", "commit": "8121483b8132b7053120fafd83728178fb3febf6" }, "nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" }, - "nvim-treesitter": { "branch": "master", "commit": "556ac68cd33973a38d3f2abac47f361432593fe2" }, + "nvim-treesitter": { "branch": "master", "commit": "958af94dd8d74071c72c9d6840b41d06ea436b2f" }, "nvim-web-devicons": { "branch": "master", "commit": "5740b7382429d20b6ed0bbdb0694185af9507d44" }, "tokyonight.nvim": { "branch": "main", "commit": "7bb270adaa7692c2c33befc35f5567fc596a2504" }, "vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" } From af7fc5cebafd83012a67f7d34f43074209a9d93b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 04:58:15 -0500 Subject: [PATCH 020/410] update attic rev --- flake.lock | 6 +++--- flake.nix | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 1ffb0c4..6ca5f24 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1736211977, - "narHash": "sha256-Bzt7ZnmR1Dj0j0S/gwCwFt5n1aRdx1zZgFUtNE0R++k=", + "lastModified": 1736241594, + "narHash": "sha256-Sf6MWdljMgvzpzEMIAvA8nJqncIY+qGHUjDTQLl6BlA=", "owner": "cything", "repo": "attic", - "rev": "e6175ad2434c6c8eab576b5544bb0bad13cc14e6", + "rev": "81c2370c17c724935902732cfe3433f8562511fc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 84a6521..3acb17c 100644 --- a/flake.nix +++ b/flake.nix @@ -77,8 +77,9 @@ overridePkgsFromFlake prev flake pkgNames; overlays = [ (overlayPkgsFromFlake inputs.attic [ - "attic-server" - "attic-client" + # home-manager doesn't like these + # "attic-server" + # "attic-client" ]) ] ++ import ./overlay; From 8b9f2f44e88a0d6c1112ac86829a9a81adf9bd3a Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 04:58:39 -0500 Subject: [PATCH 021/410] enable vfs-cache on attic mount --- hosts/chunk/rclone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 71ce045..3204c0b 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -34,7 +34,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --allow-other rsyncnet:attic /mnt/attic "; + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; From 0eb72474c71facdd1e20c393e1ddc2939ebae5c0 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 15:13:26 -0500 Subject: [PATCH 022/410] gitlab: default to dark --- hosts/chunk/gitlab.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix index 7bcc80c..753bcbd 100644 --- a/hosts/chunk/gitlab.nix +++ b/hosts/chunk/gitlab.nix @@ -25,7 +25,10 @@ keepTime = 48; # hours }; extraConfig = { - gitlab.default_theme = 11; + gitlab = { + # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database + default_color_mode = 2; + }; prometheus.enabled = false; }; }; From 7b2f26107ab36298613c6873154446cf4decfd48 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 16:19:09 -0500 Subject: [PATCH 023/410] dont configure nix.conf in home-manager --- home/yt/common.nix | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index bfbdd0b..f14fc37 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -5,26 +5,6 @@ ../zsh ]; - nix = { - settings = { - experimental-features = "nix-command flakes"; - auto-optimise-store = true; - trusted-users = [ "root" "@wheel" ]; - trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; - substituters = [ "https://cache.cything.io/central" ]; - }; - gc = { - automatic = true; - frequency = "19:00"; - persistent = true; - options = "--delete-older-than 14d"; - }; - extraOptions = '' - builders-use-substitutes = true - ''; - package = pkgs.nix; - }; - home.sessionVariables = { "EDITOR" = "nvim"; }; From 3834a0667bfcc3ef7425ea1ceb729845c06d0f3f Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 16:19:18 -0500 Subject: [PATCH 024/410] overlay attic to use my fork --- overlay/attic/default.nix | 23 +++++++++++++++++++++++ overlay/default.nix | 1 + 2 files changed, 24 insertions(+) create mode 100644 overlay/attic/default.nix diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix new file mode 100644 index 0000000..424cea1 --- /dev/null +++ b/overlay/attic/default.nix @@ -0,0 +1,23 @@ +final: prev: { + attic-client = prev.attic-client.override (old: { + rustPlatform = old.rustPlatform // { + buildRustPackage = + args: + old.rustPlatform.buildRustPackage ( + args + // { + version = "0.1.1"; + src = final.fetchFromGitHub { + owner = "cything"; + repo = "attic"; + rev = "3e0c381aa1b4f41234284b5491aa818c24af5983"; + hash = "sha256-kw7zeQH+mg0bCTzfr6MqlqAHzYfPSlNj2Fk+lRqVO7A="; + }; + cargoLock = null; + cargoHash = "sha256-0z7cFMMltJQt3zBQ0L+t8MLKPE+HtduWJnNXED7rEHc="; + useFetchCargoVendor = true; + } + ); + }; + }); +} diff --git a/overlay/default.nix b/overlay/default.nix index 4578a75..1710eb7 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,6 +1,7 @@ let overlays = [ ./conduwuit + ./attic ]; importedOverlays = map (m: import m) overlays; in From 87437e35535128b4a05615b0d55bf4ab4077d98b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 19:51:14 -0500 Subject: [PATCH 025/410] update license --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index fa2a07b..e886c24 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Cy Pokhrel +Copyright (c) 2025 Cy Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From cb44375897af2d819af2e97c5f7ceece8157c28b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 20:09:14 -0500 Subject: [PATCH 026/410] Create flakehub-publish-rolling.yml --- .../workflows/flakehub-publish-rolling.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/flakehub-publish-rolling.yml diff --git a/.github/workflows/flakehub-publish-rolling.yml b/.github/workflows/flakehub-publish-rolling.yml new file mode 100644 index 0000000..910477f --- /dev/null +++ b/.github/workflows/flakehub-publish-rolling.yml @@ -0,0 +1,20 @@ +name: "Publish every Git push to main to FlakeHub" +on: + push: + branches: + - "main" +jobs: + flakehub-publish: + runs-on: "ubuntu-latest" + permissions: + id-token: "write" + contents: "read" + steps: + - uses: "actions/checkout@v4" + - uses: "DeterminateSystems/nix-installer-action@main" + - uses: "DeterminateSystems/flakehub-push@main" + with: + name: "cything/infra" + rolling: true + visibility: "Public" + include-output-paths: true From 21067c7283c5b9c2f040449598866bda6cdf267b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 20:10:37 -0500 Subject: [PATCH 027/410] fix typo --- .github/workflows/flakehub-publish-rolling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flakehub-publish-rolling.yml b/.github/workflows/flakehub-publish-rolling.yml index 910477f..0c12e33 100644 --- a/.github/workflows/flakehub-publish-rolling.yml +++ b/.github/workflows/flakehub-publish-rolling.yml @@ -16,5 +16,5 @@ jobs: with: name: "cything/infra" rolling: true - visibility: "Public" + visibility: "public" include-output-paths: true From 55e0a20772958e9030fd48d5b68be47a91bde36b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 22:37:19 -0500 Subject: [PATCH 028/410] update neovim plugins (#19) Co-authored-by: cything <45041772+cything@users.noreply.github.com> --- home/nvim/lazy-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/nvim/lazy-lock.json b/home/nvim/lazy-lock.json index ddbe841..b35ef9f 100644 --- a/home/nvim/lazy-lock.json +++ b/home/nvim/lazy-lock.json @@ -7,8 +7,8 @@ "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" }, "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" }, "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" }, - "fzf-lua": { "branch": "main", "commit": "12b4bc6257da8a8ffe6662e98322962259b847b4" }, - "gitsigns.nvim": { "branch": "main", "commit": "5f808b5e4fef30bd8aca1b803b4e555da07fc412" }, + "fzf-lua": { "branch": "main", "commit": "3d7e5db8fa56cfc2b92a38999016a51abe9e1d23" }, + "gitsigns.nvim": { "branch": "main", "commit": "b544bd62623ca1b483d8b9bfb6d65805f112a320" }, "hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" }, "iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" }, "lazy.nvim": { "branch": "main", "commit": "d8f26efd456190241afd1b0f5235fe6fdba13d4a" }, @@ -17,7 +17,7 @@ "nvim-cmp": { "branch": "main", "commit": "8c82d0bd31299dbff7f8e780f5e06d2283de9678" }, "nvim-lspconfig": { "branch": "master", "commit": "8121483b8132b7053120fafd83728178fb3febf6" }, "nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" }, - "nvim-treesitter": { "branch": "master", "commit": "958af94dd8d74071c72c9d6840b41d06ea436b2f" }, + "nvim-treesitter": { "branch": "master", "commit": "622a4a6ba76d1de52b72a965159213ae655b4ac7" }, "nvim-web-devicons": { "branch": "master", "commit": "5740b7382429d20b6ed0bbdb0694185af9507d44" }, "tokyonight.nvim": { "branch": "main", "commit": "7bb270adaa7692c2c33befc35f5567fc596a2504" }, "vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" } From 61fbb386b1d34aaf18469c176a30e8bc48bf2a83 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 22:39:33 -0500 Subject: [PATCH 029/410] neovim: rm restore cursor thing --- home/nvim/init.lua | 48 ---------------------------------------------- 1 file changed, 48 deletions(-) diff --git a/home/nvim/init.lua b/home/nvim/init.lua index df1f89f..b57e106 100644 --- a/home/nvim/init.lua +++ b/home/nvim/init.lua @@ -48,54 +48,6 @@ api.nvim_create_autocmd("VimLeave", { -- blinking cursor in insert mode opt.guicursor = "i-ci-ve:ver25-blinkon500-blinkon500" --- copied from https://github.com/jdhao/nvim-config/blob/c7fb090e4ce94e72414169a247ac62f049d6b03b/lua/custom-autocmd.lua#L138 --- Return to last cursor position when opening a file, note that here we cannot use BufReadPost --- as event. It seems that when BufReadPost is triggered, FileType event is still not run. --- So the filetype for this buffer is empty string. -api.nvim_create_autocmd("FileType", { - group = api.nvim_create_augroup("resume_cursor_position", { clear = true }), - pattern = "*", - callback = function(ev) - local mark_pos = api.nvim_buf_get_mark(ev.buf, '"') - local last_cursor_line = mark_pos[1] - - local max_line = vim.fn.line("$") - local buf_filetype = api.nvim_get_option_value("filetype", { buf = ev.buf }) - local buftype = api.nvim_get_option_value("buftype", { buf = ev.buf }) - - -- only handle normal files - if buf_filetype == "" or buftype ~= "" then - return - end - - -- Only resume last cursor position when there is no go-to-line command (something like '+23'). - if vim.fn.match(vim.v.argv, [[\v^\+(\d){1,}$]]) ~= -1 then - return - end - - if last_cursor_line > 1 and last_cursor_line <= max_line then - -- vim.print(string.format("mark_pos: %s", vim.inspect(mark_pos))) - -- it seems that without vim.schedule, the cursor position can not be set correctly - vim.schedule(function() - local status, result = pcall(api.nvim_win_set_cursor, 0, mark_pos) - if not status then - api.nvim_err_writeln( - string.format( - "Failed to resume cursor position. Context %s, error: %s", - vim.inspect(ev), - result - ) - ) - end - end) - -- the following two ways also seem to work, - -- ref: https://www.reddit.com/r/neovim/comments/104lc26/how_can_i_press_escape_key_using_lua/ - -- vim.api.nvim_feedkeys("g`\"", "n", true) - -- vim.fn.execute("normal! g`\"") - end - end, -}) - keymap.set("n", "s", require("nvim-tree.api").tree.toggle, { desc = "toggle nvim-tree", silent = true, From 3aeffe98979597a371825fdb97a30cb4d959c89f Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 22:41:29 -0500 Subject: [PATCH 030/410] use quad9 for dns --- hosts/chunk/default.nix | 6 ------ hosts/common.nix | 7 +++++++ hosts/ytnix/default.nix | 4 ---- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 09b91f7..38fbaeb 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -135,12 +135,6 @@ address = "31.59.129.1"; interface = "ens18"; }; - networking.nameservers = [ - "127.0.0.1" - "::1" - ]; - - time.timeZone = "America/Toronto"; i18n.defaultLocale = "en_US.UTF-8"; console = { diff --git a/hosts/common.nix b/hosts/common.nix index 51a9706..100c6ec 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -26,6 +26,13 @@ }; time.timeZone = "America/Toronto"; networking.firewall.logRefusedConnections = false; + networking.nameservers = [ + # quad9 + "2620:fe::fe" + "2620:fe::9" + "9.9.9.9" + "149.112.112.112" + ]; # this is true by default and mutually exclusive with # programs.nix-index diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a3b4bb6..016582b 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -84,10 +84,6 @@ dns = "none"; wifi.backend = "iwd"; }; - nameservers = [ - "31.59.129.225" - "2a0f:85c1:840:2bfb::1" - ]; resolvconf.enable = true; firewall = { allowedUDPPorts = [ 51820 ]; # for wireguard From ee806629db536956a1b26dda14ab09fc4e449a3f Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 7 Jan 2025 22:41:46 -0500 Subject: [PATCH 031/410] attic: concurency is configurable now --- flake.lock | 8 ++++---- flake.nix | 2 +- hosts/chunk/attic.nix | 1 + 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 6ca5f24..35db661 100644 --- a/flake.lock +++ b/flake.lock @@ -12,17 +12,17 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1736241594, - "narHash": "sha256-Sf6MWdljMgvzpzEMIAvA8nJqncIY+qGHUjDTQLl6BlA=", + "lastModified": 1736305328, + "narHash": "sha256-OGY1hFiDZzDi6cPuD/4Za23TkerPfVv7Nx9ded8w3lk=", "owner": "cything", "repo": "attic", - "rev": "81c2370c17c724935902732cfe3433f8562511fc", + "rev": "9df5db35697a3a3eedcb2ef79b09f50bc62da81f", "type": "github" }, "original": { "owner": "cything", - "ref": "32", "repo": "attic", + "rev": "9df5db35697a3a3eedcb2ef79b09f50bc62da81f", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 3acb17c..bd44262 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; attic = { - url = "github:cything/attic/32"; + url = "github:cything/attic/9df5db35697a3a3eedcb2ef79b09f50bc62da81f"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index c442f94..2f84394 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -27,6 +27,7 @@ min-size = 0; avg-size = 0; max-size = 0; + concurrent-chunk-uploads = 32; }; }; }; From aff0542bb175fe354c8ceefabdf28a19ef95cc6c Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 14:55:26 -0500 Subject: [PATCH 032/410] rclone: increase vfs-cache-max-size for attic --- hosts/chunk/rclone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 3204c0b..8f8af57 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -34,7 +34,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:attic /mnt/attic "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; From 5e89ec6e2044def211e692e9e9bcec4b01df1113 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 19:25:59 -0500 Subject: [PATCH 033/410] attic: use configurable-concurrency branch --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 35db661..ad5fb3a 100644 --- a/flake.lock +++ b/flake.lock @@ -12,17 +12,17 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1736305328, - "narHash": "sha256-OGY1hFiDZzDi6cPuD/4Za23TkerPfVv7Nx9ded8w3lk=", + "lastModified": 1736353000, + "narHash": "sha256-PzglFIpNjoFLR5u0NO2+vrI2LACT9ZCRXk4zqYwEv+M=", "owner": "cything", "repo": "attic", - "rev": "9df5db35697a3a3eedcb2ef79b09f50bc62da81f", + "rev": "cdb032600405c3db0ef76ea837ab34afdc97c3e3", "type": "github" }, "original": { "owner": "cything", + "ref": "configurable-concurrency", "repo": "attic", - "rev": "9df5db35697a3a3eedcb2ef79b09f50bc62da81f", "type": "github" } }, diff --git a/flake.nix b/flake.nix index bd44262..5d46947 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; attic = { - url = "github:cything/attic/9df5db35697a3a3eedcb2ef79b09f50bc62da81f"; + url = "github:cything/attic/configurable-concurrency"; inputs.nixpkgs.follows = "nixpkgs"; }; From 4d1ba317f5a704590717381a991bca1b4c682529 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 21:35:09 -0500 Subject: [PATCH 034/410] test new workflow --- .github/workflows/build-and-cache.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/build-and-cache.yml diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml new file mode 100644 index 0000000..7662410 --- /dev/null +++ b/.github/workflows/build-and-cache.yml @@ -0,0 +1,26 @@ +name: build and cache random stuff + +on: + workflow_dispatch: + push: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + + - uses: cachix/cachix-action@v15 + with: + name: cything + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + + - run: nix build github:nixos/nixpkgs/e12eb3ea24df94fe90bf1661d1f711fe6fe80202#vault-tasks From b88547b137429bc16609fc5aea4146424bab4797 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 21:59:32 -0500 Subject: [PATCH 035/410] workflow: buidl attic --- .github/workflows/build-and-cache.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 7662410..65815d2 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -23,4 +23,6 @@ jobs: cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - run: nix build github:nixos/nixpkgs/e12eb3ea24df94fe90bf1661d1f711fe6fe80202#vault-tasks + - run: nix build github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic + - run: nix build github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-server + - run: nix build github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-client From 6709f95384a1c0cc262f08be9fd46a9b3da65ee9 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 22:22:02 -0500 Subject: [PATCH 036/410] maybe make workflow faster --- .github/workflows/build-and-cache.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 65815d2..0859089 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -6,6 +6,13 @@ on: jobs: build: + strategy: + matrix: + package: + - github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic + - github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-server + - github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-client + runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main @@ -23,6 +30,4 @@ jobs: cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - run: nix build github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic - - run: nix build github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-server - - run: nix build github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-client + - run: nix build '${{ matrix.package }}' From 6dc1049030ec839ac7df758058d33d102f954e2e Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 23:07:02 -0500 Subject: [PATCH 037/410] workflow: try to build this --- .github/workflows/build-and-cache.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 0859089..8fcb1f5 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -9,9 +9,9 @@ jobs: strategy: matrix: package: - - github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic - - github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-server - - github:cything/attic/4938bf3584258e74d6f2036198eef81d7cdb4c85#attic-client + - github:cything/attic/e91261dc9a22d267700ab9095155f5581ac3b06c#attic + - github:cything/attic/e91261dc9a22d267700ab9095155f5581ac3b06c#attic-server + - github:cything/attic/e91261dc9a22d267700ab9095155f5581ac3b06c#attic-client runs-on: ubuntu-latest steps: From 4858051772ab9376824e9b204425cf9a5319cad9 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 23:43:31 -0500 Subject: [PATCH 038/410] flake update --- flake.lock | 14 +++++++------- flake.nix | 8 +++++--- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index ad5fb3a..5b81ed1 100644 --- a/flake.lock +++ b/flake.lock @@ -12,16 +12,16 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1736353000, - "narHash": "sha256-PzglFIpNjoFLR5u0NO2+vrI2LACT9ZCRXk4zqYwEv+M=", + "lastModified": 1736394512, + "narHash": "sha256-dIrCD0rLXlW1XsNiF50vTeHi1l4xHYh0m+aCdHNcMfU=", "owner": "cything", "repo": "attic", - "rev": "cdb032600405c3db0ef76ea837ab34afdc97c3e3", + "rev": "e91261dc9a22d267700ab9095155f5581ac3b06c", "type": "github" }, "original": { "owner": "cything", - "ref": "configurable-concurrency", + "ref": "compression", "repo": "attic", "type": "github" } @@ -210,11 +210,11 @@ ] }, "locked": { - "lastModified": 1736204492, - "narHash": "sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs=", + "lastModified": 1736366465, + "narHash": "sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU=", "owner": "nix-community", "repo": "home-manager", - "rev": "20665c6efa83d71020c8730f26706258ba5c6b2a", + "rev": "7e00856596891850ba5ad4c5ecd2ed74468c08c5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5d46947..5dab1b9 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; attic = { - url = "github:cything/attic/configurable-concurrency"; + url = "github:cything/attic/compression"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -35,9 +35,13 @@ nixConfig = { extra-substituters = [ "https://cache.cything.io/central" + "https://cache.cything.io/infra-ci" + "https://cache.cything.io/attic" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "infra-ci:xG5f5tddUBcvToYjlpHD5OY/puYQkKmgKeIQCshNs38=" + "attic:HL3hVpqXxwcF7Q1R+IvU2i0+YxIjQA2xxKM5EJMXLLs=" ]; builders-use-substitutes = true; }; @@ -137,12 +141,10 @@ modules = [ { nixpkgs = { inherit pkgs; }; - disabledModules = [ "services/networking/atticd.nix" ]; } ./hosts/chunk inputs.sops-nix.nixosModules.sops ./modules - inputs.attic.nixosModules.atticd ]; }; From 8658515be25097ed5ac48bc8afe81d7dc564e5ee Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 8 Jan 2025 23:43:42 -0500 Subject: [PATCH 039/410] workflow: use overlays --- .github/workflows/build-and-cache.yml | 10 +++++++--- flake.nix | 2 ++ overlay/attic/default.nix | 6 +++--- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 8fcb1f5..50c4b0c 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -9,13 +9,17 @@ jobs: strategy: matrix: package: - - github:cything/attic/e91261dc9a22d267700ab9095155f5581ac3b06c#attic - - github:cything/attic/e91261dc9a22d267700ab9095155f5581ac3b06c#attic-server - - github:cything/attic/e91261dc9a22d267700ab9095155f5581ac3b06c#attic-client + - .#attic-client + - .#attic-server runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + - uses: DeterminateSystems/magic-nix-cache-action@main - uses: cachix/cachix-action@v15 diff --git a/flake.nix b/flake.nix index 5dab1b9..779e8a7 100644 --- a/flake.nix +++ b/flake.nix @@ -117,6 +117,8 @@ checks = forEachSystem (pkgs: { formatting = treefmtEval.${pkgs.system}.config.build.check self; }); + # lets us build overlayed packages with `nix build .#` + packages = pkgsFor; nixosConfigurations = let diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 424cea1..7e7c030 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -10,11 +10,11 @@ final: prev: { src = final.fetchFromGitHub { owner = "cything"; repo = "attic"; - rev = "3e0c381aa1b4f41234284b5491aa818c24af5983"; - hash = "sha256-kw7zeQH+mg0bCTzfr6MqlqAHzYfPSlNj2Fk+lRqVO7A="; + rev = "e91261dc9a22d267700ab9095155f5581ac3b06c"; + hash = "sha256-dIrCD0rLXlW1XsNiF50vTeHi1l4xHYh0m+aCdHNcMfU="; }; cargoLock = null; - cargoHash = "sha256-0z7cFMMltJQt3zBQ0L+t8MLKPE+HtduWJnNXED7rEHc="; + cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; useFetchCargoVendor = true; } ); From 6a51c67d61aeb460665f727170f49905c6ca067b Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 00:37:11 -0500 Subject: [PATCH 040/410] rm attic flake input cause we use nixpkgs module --- flake.lock | 130 ++--------------------------------------------------- flake.nix | 4 -- 2 files changed, 4 insertions(+), 130 deletions(-) diff --git a/flake.lock b/flake.lock index 5b81ed1..a74ed2d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,53 +1,6 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1736394512, - "narHash": "sha256-dIrCD0rLXlW1XsNiF50vTeHi1l4xHYh0m+aCdHNcMfU=", - "owner": "cything", - "repo": "attic", - "rev": "e91261dc9a22d267700ab9095155f5581ac3b06c", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "compression", - "repo": "attic", - "type": "github" - } - }, "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -105,44 +58,7 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -225,9 +141,9 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_2", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -250,27 +166,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1736012469, @@ -320,22 +215,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1710695816, "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", @@ -362,7 +241,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1717664902, @@ -380,7 +259,6 @@ }, "root": { "inputs": { - "attic": "attic", "disko": "disko", "home-manager": "home-manager", "lanzaboote": "lanzaboote", diff --git a/flake.nix b/flake.nix index 779e8a7..f7c743f 100644 --- a/flake.nix +++ b/flake.nix @@ -23,10 +23,6 @@ url = "github:nix-community/lanzaboote/v0.4.1"; inputs.nixpkgs.follows = "nixpkgs"; }; - attic = { - url = "github:cything/attic/compression"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR From 0f4f663272279880a94bbf664ef92b98022d06a3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 00:37:27 -0500 Subject: [PATCH 041/410] rclone: cache even more for attic --- hosts/chunk/rclone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 8f8af57..ba9e45d 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -34,7 +34,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:attic /mnt/attic "; + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; From 3b032c1b621d54c79546a793b43969fa55b7e514 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 00:46:42 -0500 Subject: [PATCH 042/410] rm flakehub workflow --- .github/workflows/build-and-cache.yml | 4 ++-- .../workflows/flakehub-publish-rolling.yml | 20 ------------------- 2 files changed, 2 insertions(+), 22 deletions(-) delete mode 100644 .github/workflows/flakehub-publish-rolling.yml diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 50c4b0c..69efd2f 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -14,8 +14,6 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty @@ -34,4 +32,6 @@ jobs: cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} + - uses: actions/checkout@v4 + - run: nix build '${{ matrix.package }}' diff --git a/.github/workflows/flakehub-publish-rolling.yml b/.github/workflows/flakehub-publish-rolling.yml deleted file mode 100644 index 0c12e33..0000000 --- a/.github/workflows/flakehub-publish-rolling.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: "Publish every Git push to main to FlakeHub" -on: - push: - branches: - - "main" -jobs: - flakehub-publish: - runs-on: "ubuntu-latest" - permissions: - id-token: "write" - contents: "read" - steps: - - uses: "actions/checkout@v4" - - uses: "DeterminateSystems/nix-installer-action@main" - - uses: "DeterminateSystems/flakehub-push@main" - with: - name: "cything/infra" - rolling: true - visibility: "public" - include-output-paths: true From 105625bd54897ccfd90681714db0e270ed2e3699 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 00:53:01 -0500 Subject: [PATCH 043/410] overlay eza --- .github/workflows/build-and-cache.yml | 1 + flake.lock | 17 +++++++++++++++++ flake.nix | 7 +++---- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 69efd2f..79ebbee 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -11,6 +11,7 @@ jobs: package: - .#attic-client - .#attic-server + - .#eza runs-on: ubuntu-latest steps: diff --git a/flake.lock b/flake.lock index a74ed2d..af0f5d2 100644 --- a/flake.lock +++ b/flake.lock @@ -42,6 +42,22 @@ "type": "github" } }, + "eza": { + "locked": { + "lastModified": 1736397430, + "narHash": "sha256-l00P7P3zcx8rzYOOQMNUwBqK/yz/4Cv8G8+pYbfyQ5Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d722e8ce81cf103280ce1ff65accb3fc25cbd2ba", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d722e8ce81cf103280ce1ff65accb3fc25cbd2ba", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -260,6 +276,7 @@ "root": { "inputs": { "disko": "disko", + "eza": "eza", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index f7c743f..4ca2874 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,7 @@ nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR + eza.url = "github:nixos/nixpkgs/d722e8ce81cf103280ce1ff65accb3fc25cbd2ba"; }; nixConfig = { @@ -76,10 +77,8 @@ flake: pkgNames: _final: prev: overridePkgsFromFlake prev flake pkgNames; overlays = [ - (overlayPkgsFromFlake inputs.attic [ - # home-manager doesn't like these - # "attic-server" - # "attic-client" + (overlayPkgsFromFlake inputs.eza [ + "eza" ]) ] ++ import ./overlay; From 8c144400ea239c2534995c2be44a5875c1913170 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 01:18:01 -0500 Subject: [PATCH 044/410] workflow: allow force push when mirroring to gitlab --- .github/workflows/mirror.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index 60ddae3..ae04c89 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -11,7 +11,7 @@ jobs: args: "https://git.cything.io/cy/infra" env: FOLLOW_TAGS: "true" - FORCE_PUSH: "false" + FORCE_PUSH: "true" GITLAB_HOSTNAME: "git.cything.io" GITLAB_USERNAME: "cy" GITLAB_PASSWORD: ${{ secrets.GITLAB_PASSWORD }} From ef1fab203826ed23741ae880f52b52b5f72d40c3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 02:17:30 -0500 Subject: [PATCH 045/410] attic: bump fork --- overlay/attic/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 7e7c030..5e4161b 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -10,8 +10,8 @@ final: prev: { src = final.fetchFromGitHub { owner = "cything"; repo = "attic"; - rev = "e91261dc9a22d267700ab9095155f5581ac3b06c"; - hash = "sha256-dIrCD0rLXlW1XsNiF50vTeHi1l4xHYh0m+aCdHNcMfU="; + rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; + hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; }; cargoLock = null; cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; From d543d076984e4c5505d75e67778b7bdf979ac56c Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 03:00:00 -0500 Subject: [PATCH 046/410] build conduwuit with debug enabled --- .github/workflows/build-and-cache.yml | 1 + overlay/conduwuit/default.nix | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 79ebbee..d27a167 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -12,6 +12,7 @@ jobs: - .#attic-client - .#attic-server - .#eza + - .#conduwuit runs-on: ubuntu-latest steps: diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix index cb2502a..6eaaeab 100644 --- a/overlay/conduwuit/default.nix +++ b/overlay/conduwuit/default.nix @@ -5,13 +5,13 @@ final: prev: { args: old.rustPlatform.buildRustPackage ( args - // rec { + // { version = "0.5.0-rc2"; src = final.fetchFromGitHub { owner = "girlbossceo"; repo = "conduwuit"; - rev = "v${version}"; - hash = "sha256-xnwqhU3yOIyWRrD/Pq3jmUHoNZSY8Ms9h8OTsZVYQ1g="; + rev = "8c74e35e7640a041c1f3496d82585e5240294352"; + hash = "sha256-/2YD3TXT9pQ7oPEm9wDrq35afU88qukMIWqrBX5JyXg="; }; doCheck = false; cargoHash = "sha256-ZenMTCEJrALKQnW7/eXqrhFj+BedE9i/rQZMsPHl8K0="; @@ -20,6 +20,18 @@ final: prev: { ]; # unstable has this set to "conduit" meta.mainProgram = "conduwuit"; + + buildFeatures = [ + "brotli_compression" + "element_hacks" + "gzip_compression" + # "release_max_log_level" # without this feature to enable debug logging + "sentry_telemetry" + "systemd" + "zstd_compression" + "jemalloc" + "io_uring" + ]; } ); }; From 679e5d412ae89c0cfc164e892f1fb1742cf581dc Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 15:38:08 -0500 Subject: [PATCH 047/410] build conduwuit without debug --- overlay/conduwuit/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix index 6eaaeab..6ce6e72 100644 --- a/overlay/conduwuit/default.nix +++ b/overlay/conduwuit/default.nix @@ -25,7 +25,7 @@ final: prev: { "brotli_compression" "element_hacks" "gzip_compression" - # "release_max_log_level" # without this feature to enable debug logging + "release_max_log_level" # without this feature to enable debug logging "sentry_telemetry" "systemd" "zstd_compression" From d506bc2b6ac80dfd3b1258f8966a7e2e222404e0 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 9 Jan 2025 18:23:35 -0500 Subject: [PATCH 048/410] element-desktop stopped working --- home/yt/ytnix.nix | 1 - hosts/titan/Caddyfile | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 729894f..b3652ac 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -52,7 +52,6 @@ fastfetch discord nwg-look - element-desktop kdePackages.gwenview kdePackages.okular kdePackages.qtwayland diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile index d13e7ac..70cc99f 100644 --- a/hosts/titan/Caddyfile +++ b/hosts/titan/Caddyfile @@ -17,6 +17,8 @@ cything.io { header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * + header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD + header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} } From 876cb663b1e0fd362c9450dc92f7f98062bced2f Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 01:27:05 -0500 Subject: [PATCH 049/410] migrate to forgejo --- hosts/chunk/Caddyfile | 9 +++++++-- hosts/chunk/default.nix | 28 +++++++--------------------- hosts/chunk/forgejo.nix | 28 ++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 23 deletions(-) create mode 100644 hosts/chunk/forgejo.nix diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile index a42032c..d2ba708 100644 --- a/hosts/chunk/Caddyfile +++ b/hosts/chunk/Caddyfile @@ -11,9 +11,14 @@ header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" } -git.cy7.sh, git.cything.io { +git.cything.io { import common - reverse_proxy unix//run/gitlab/gitlab-workhorse.socket + redir https://git.cy7.sh{uri} permanent +} + +git.cy7.sh { + import common + reverse_proxy localhost:3000 } rss.cything.io { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 38fbaeb..563aa21 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -9,7 +9,6 @@ ../common.nix ../zsh.nix ./hardware-configuration.nix - ./gitlab.nix ./backup.nix ./rclone.nix ./postgres.nix @@ -25,6 +24,7 @@ ./immich.nix ./element.nix ./attic.nix + ./forgejo.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -59,26 +59,6 @@ "miniflux/env" = { sopsFile = ../../secrets/services/miniflux.yaml; }; - "gitlab/root" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/secret" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/jws" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/db" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/otp" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/chunk.yaml; }; @@ -157,6 +137,12 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" ]; + # for forgejo + users.users.git = { + isSystemUser = true; + group = "git"; + }; + users.groups.git = {}; environment.systemPackages = with pkgs; [ vim diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix new file mode 100644 index 0000000..fd03e40 --- /dev/null +++ b/hosts/chunk/forgejo.nix @@ -0,0 +1,28 @@ +{...}: +{ + services.forgejo = { + enable = true; + user = "git"; + group = "git"; + settings = { + server = { + ROOT_URL = "https://git.cy7.sh"; + HTTP_PORT = 3000; + HTTP_ADDR = "127.0.0.1"; + DOMAIN = "git.cy7.sh"; + }; + session.COOKIE_SECURE = true; + service.DISABLE_REGISTRATION = true; + ui = { + AMBIGUOUS_UNICODE_DETECTION = false; + DEFAULT_THEME = "gitea-dark"; + }; + }; + database = { + type = "postgres"; + socket = "/run/postgresql"; + user = "git"; + name = "git"; + }; + }; +} From 8e492db3d1d3a93169e4c15c073ba94921afdf10 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 01:37:47 -0500 Subject: [PATCH 050/410] rm mirror workflow --- .github/workflows/mirror.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .github/workflows/mirror.yml diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml deleted file mode 100644 index ae04c89..0000000 --- a/.github/workflows/mirror.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: mirror to gitlab -on: [push] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: mirror - uses: SvanBoxel/gitlab-mirror-and-ci-action@5c211f993d35256d96b772d995972f434b94e11a - with: - args: "https://git.cything.io/cy/infra" - env: - FOLLOW_TAGS: "true" - FORCE_PUSH: "true" - GITLAB_HOSTNAME: "git.cything.io" - GITLAB_USERNAME: "cy" - GITLAB_PASSWORD: ${{ secrets.GITLAB_PASSWORD }} - GITLAB_PROJECT_ID: "2" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 96efcd1ba603c6d03cf2f328fb5c57f2721b932a Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 01:37:57 -0500 Subject: [PATCH 051/410] fix git user for forgejo --- hosts/chunk/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 563aa21..192854e 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -139,7 +139,8 @@ ]; # for forgejo users.users.git = { - isSystemUser = true; + isNormalUser = true; + home = "/var/lib/forgejo"; group = "git"; }; users.groups.git = {}; From c5dbde3aa56b0ac7667d9a658cc60f0b4838d4cf Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 01:43:19 -0500 Subject: [PATCH 052/410] forgejo: disable actions --- hosts/chunk/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index fd03e40..98706df 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -17,6 +17,7 @@ AMBIGUOUS_UNICODE_DETECTION = false; DEFAULT_THEME = "gitea-dark"; }; + actions.ENABLED = false; }; database = { type = "postgres"; From 4227ca4c641ba95f8df2adaf3ec3aee153987c9d Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 01:55:03 -0500 Subject: [PATCH 053/410] dont break gitlab links --- hosts/chunk/Caddyfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile index d2ba708..2d6dde0 100644 --- a/hosts/chunk/Caddyfile +++ b/hosts/chunk/Caddyfile @@ -13,7 +13,13 @@ git.cything.io { import common - redir https://git.cy7.sh{uri} permanent + + # wrap in route so things are evaluated in the order written + route { + # rewrite gitlab URIs to make it work with forgejo + uri path_regexp \/-\/ / + redir https://git.cy7.sh{uri} permanent + } } git.cy7.sh { From 8e2d98fb188a4dbb4b33bc4dae4ed0ba8419ef44 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 01:57:13 -0500 Subject: [PATCH 054/410] make it better --- hosts/chunk/Caddyfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile index 2d6dde0..6d2916d 100644 --- a/hosts/chunk/Caddyfile +++ b/hosts/chunk/Caddyfile @@ -17,7 +17,8 @@ git.cything.io { # wrap in route so things are evaluated in the order written route { # rewrite gitlab URIs to make it work with forgejo - uri path_regexp \/-\/ / + uri path_regexp /-/ / + uri replace /blob/ /src/ redir https://git.cy7.sh{uri} permanent } } From 4790c19d2dfc23f28281ff3360c2de6d313fd840 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 21:42:35 -0500 Subject: [PATCH 055/410] sway: disable mouse_warping --- home/sway/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/sway/config b/home/sway/config index a5521db..7412fc4 100644 --- a/home/sway/config +++ b/home/sway/config @@ -26,7 +26,7 @@ floating_modifier $mod normal default_border pixel smart_borders on focus_follows_mouse always -mouse_warping container +# mouse_warping container bindsym $mod+Return exec $term bindsym $mod+Ctrl+q kill From bb44d07ce932d2b4117a4a1f1020bd6c639245b1 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 21:43:00 -0500 Subject: [PATCH 056/410] some forgejo settings --- hosts/chunk/forgejo.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 98706df..41f0278 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -10,6 +10,7 @@ HTTP_PORT = 3000; HTTP_ADDR = "127.0.0.1"; DOMAIN = "git.cy7.sh"; + LANDING_PAGE = "/cy"; }; session.COOKIE_SECURE = true; service.DISABLE_REGISTRATION = true; @@ -18,6 +19,7 @@ DEFAULT_THEME = "gitea-dark"; }; actions.ENABLED = false; + repository.ENABLE_PUSH_CREATE_USER = true; }; database = { type = "postgres"; From 8dddc70a6c113418d295cc319ed10644dd0570ae Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 21:43:17 -0500 Subject: [PATCH 057/410] nvim: dont jump --- home/nvim/lua/config/nvim-cmp.lua | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/home/nvim/lua/config/nvim-cmp.lua b/home/nvim/lua/config/nvim-cmp.lua index 8cfdedb..de42470 100644 --- a/home/nvim/lua/config/nvim-cmp.lua +++ b/home/nvim/lua/config/nvim-cmp.lua @@ -25,20 +25,20 @@ cmp.setup({ end), [""] = cmp.mapping(function(fallback) - if luasnip.locally_jumpable(1) then - luasnip.jump(1) - elseif cmp.visible() then + if cmp.visible() then cmp.select_next_item() + elseif luasnip.locally_jumpable(1) then + luasnip.jump(1) else fallback() end end, { "i", "s" }), [""] = cmp.mapping(function(fallback) - if luasnip.locally_jumpable(-1) then - luasnip.jump(-1) - elseif cmp.visible() then + if cmp.visible() then cmp.select_prev_item() + elseif luasnip.locally_jumpable(-1) then + luasnip.jump(-1) else fallback() end From 2b04222b413285b567951f456f51e29790db3525 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 23:16:31 -0500 Subject: [PATCH 058/410] nixvim: init --- flake.lock | 280 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 5 + home/nixvim/default.nix | 156 ++++++++++++++++++++++ home/yt/common.nix | 6 +- home/yt/ytnix.nix | 2 +- 5 files changed, 443 insertions(+), 6 deletions(-) create mode 100644 home/nixvim/default.nix diff --git a/flake.lock b/flake.lock index af0f5d2..e48dca5 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,27 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "owner": "numtide", + "repo": "devshell", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -74,6 +95,20 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -95,6 +130,27 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -113,6 +169,50 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "nixvim", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -135,6 +235,28 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -155,6 +277,55 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736366465, + "narHash": "sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7e00856596891850ba5ad4c5ecd2ed74468c08c5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -182,6 +353,27 @@ "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736370755, + "narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "57733bd1dc81900e13438e5b4439239f1b29db0e", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1736012469, @@ -246,6 +438,57 @@ "type": "github" } }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", + "home-manager": "home-manager_2", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1736430661, + "narHash": "sha256-0dabFSGqcPo47WfgPRM5usnVXaGMdYvPlDJ5PeIqjr4=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "67de84848e43ca6a5025e4f8eddc2f6684a51f2b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_2", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735854821, + "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=", + "owner": "NuschtOS", + "repo": "search", + "rev": "836908e3bddd837ae0f13e215dd48767aee355f0", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -282,6 +525,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-borg": "nixpkgs-borg", "nixpkgs-btrbk": "nixpkgs-btrbk", + "nixvim": "nixvim", "sops-nix": "sops-nix", "treefmt": "treefmt" } @@ -346,6 +590,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -365,6 +624,27 @@ "repo": "treefmt-nix", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4ca2874..7d7ad97 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ url = "github:nix-community/lanzaboote/v0.4.1"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR @@ -165,6 +169,7 @@ extraSpecialArgs = { inherit inputs outputs; }; modules = [ ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim ]; }; diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix new file mode 100644 index 0000000..0050777 --- /dev/null +++ b/home/nixvim/default.nix @@ -0,0 +1,156 @@ +{ pkgs, ...}: +{ + programs.nixvim = { + enable = true; + plugins.lualine.enable = true; + opts = { + number = true; + relativenumber = true; + expandtab = true; + autoindent = true; + shiftwidth = 2; + smartindent = true; + tabstop = 2; + ignorecase = true; + incsearch = true; + smartcase = true; + }; + colorscheme = "iceberg"; + clipboard.register = "unnamedplus"; + + globals = { + mapleader = ","; + }; + + extraPlugins = with pkgs.vimPlugins; [ + iceberg-vim + ]; + + keymaps = [ + { + action = "Neotree toggle"; + key = "s"; + mode = "n"; + options.silent = true; + } + { + # shortcut to command mode + action = ":"; + key = ";"; + mode = ["n" "x"]; + options.silent = true; + } + { + # insert line below without moving cursor + action = "printf('m`%so``', v:count1)"; + key = "o"; + options.expr = true; + mode = "n"; + } + { + # insert line above without moving cursor + action = "printf('m`%sO``', v:count1)"; + key = "O"; + options.expr = true; + mode = "n"; + } + # nice emacs bindings + { + action = ""; + key = ""; + mode = "i"; + } + { + action = ""; + key = ""; + mode = "i"; + } + ]; + + plugins.cmp = { + enable = true; + settings.sources = [ + { name = "nvim_lsp"; } + { name = "luasnip"; } + { name = "buffer"; } + { name = "nvim_lua"; } + { name = "path"; } + ]; + + settings.mappings = { + "" = "cmp.mapping.abort()"; + "" = "cmp.mapping.select_next_item()"; + "" = "cmp.mapping.select_prev_item()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = "cmp.mapping.confirm({ select = true })"; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").expand_or_jumpable() then + require("luasnip").expand_or_jump() + else + fallback() + end + end,{"i","s"}) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(-1) then + require("luasnip").jump(-1) + else + fallback() + end + end,{"i","s"}) + ''; + }; + }; + plugins.lsp = { + enable = true; + keymaps.lspBuf = { + "K" = "hover"; + "gd" = "definition"; + "gD" = "references"; + "gt" = "type_definition"; + "gi" = "implementation"; + }; + servers = { + bashls.enable = true; + lua_ls.enable = true; + nil_ls.enable = true; + rust_analyzer = { + enable = true; + installRustc = true; + installCargo = true; + }; + }; + }; + plugins.treesitter = { + enable = true; + nixGrammars = true; + settings.indent.enable = true; + }; + plugins.fzf-lua = { + enable = true; + keymaps = { + "ff" = "git_files"; + "fg" = "live_grep"; + }; + }; + + plugins.neo-tree = { + enable = true; + closeIfLastWindow = true; + }; + + plugins.cmp-buffer.enable = true; + plugins.cmp-emoji.enable = true; + plugins.cmp-nvim-lsp.enable = true; + plugins.cmp-path.enable = true; + plugins.cmp_luasnip.enable = true; + plugins.luasnip.enable = true; + plugins.nvim-autopairs.enable = true; + plugins.rainbow-delimiters.enable = true; + plugins.web-devicons.enable = true; + plugins.gitsigns.enable = true; + }; +} diff --git a/home/yt/common.nix b/home/yt/common.nix index f14fc37..b4894d5 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,16 +3,13 @@ imports = [ ../tmux.nix ../zsh + ../nixvim ]; home.sessionVariables = { "EDITOR" = "nvim"; }; - xdg.configFile = { - nvim.source = ../nvim; - }; - home.packages = with pkgs; [ man-pages man-pages-posix @@ -30,7 +27,6 @@ }; programs.zoxide.enable = true; programs.eza.enable = true; - programs.neovim.enable = true; programs.git = { enable = true; userName = "cy"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b3652ac..543e4e2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -96,7 +96,7 @@ opentofu terraform-ls gdb - gcc + clang seahorse ]; From a9b4fab153f18bab237d392bd5aec5563b62c7b1 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 23:16:46 -0500 Subject: [PATCH 059/410] neovim: rm --- home/nvim/init.lua | 84 -------------------------- home/nvim/lazy-lock.json | 24 -------- home/nvim/lua/config/fzf.lua | 21 ------- home/nvim/lua/config/hop.lua | 16 ----- home/nvim/lua/config/lsp.lua | 74 ----------------------- home/nvim/lua/config/nvim-cmp.lua | 54 ----------------- home/nvim/lua/plugin_specs.lua | 99 ------------------------------- 7 files changed, 372 deletions(-) delete mode 100644 home/nvim/init.lua delete mode 100644 home/nvim/lazy-lock.json delete mode 100644 home/nvim/lua/config/fzf.lua delete mode 100644 home/nvim/lua/config/hop.lua delete mode 100644 home/nvim/lua/config/lsp.lua delete mode 100644 home/nvim/lua/config/nvim-cmp.lua delete mode 100644 home/nvim/lua/plugin_specs.lua diff --git a/home/nvim/init.lua b/home/nvim/init.lua deleted file mode 100644 index b57e106..0000000 --- a/home/nvim/init.lua +++ /dev/null @@ -1,84 +0,0 @@ -require("plugin_specs") - -local keymap = vim.keymap -local opt = vim.opt -local api = vim.api - -vim.g.loaded_netrw = 1 -vim.g.loaded_netrwPlugin = 1 -vim.opt.termguicolors = true -require("nvim-tree").setup() - -require("lualine").setup({ - options = { - theme = "auto", - icons_enabled = true, - globalstatus = true, - }, -}) - -require("gitsigns").setup() - -opt.tabstop = 2 -opt.softtabstop = 2 -opt.shiftwidth = 2 -opt.expandtab = true -opt.relativenumber = true -opt.ignorecase = true -opt.smartcase = true -opt.scrolloff = 3 -opt.confirm = true -opt.history = 500 -opt.undofile = true -opt.termguicolors = true -opt.showmode = false -opt.mouse = "" -opt.wrap = false -opt.clipboard:append("unnamedplus") - -vim.cmd.colorscheme("iceberg") - --- restore terminal cursor on exit -api.nvim_create_autocmd("VimLeave", { - callback = function() - opt.guicursor = "a:ver25-blinkon500-blinkon500" - end, -}) - --- blinking cursor in insert mode -opt.guicursor = "i-ci-ve:ver25-blinkon500-blinkon500" - -keymap.set("n", "s", require("nvim-tree.api").tree.toggle, { - desc = "toggle nvim-tree", - silent = true, -}) - --- shortcut to command mode -keymap.set({ "n", "x" }, ";", ":", { silent = true }) - -keymap.set("n", "o", "printf('m`%so``', v:count1)", { - expr = true, - desc = "insert line below without moving cursor", -}) - -keymap.set("n", "O", "printf('m`%sO``', v:count1)", { - expr = true, - desc = "insert line above without moving cursor", -}) - -keymap.set("n", "/", [[/\v]]) - -keymap.set("n", "c", '"_c') -keymap.set("n", "C", '"_C') -keymap.set("n", "cc", '"_cc') -keymap.set("x", "c", '"_c') -keymap.set("x", "p", '"_cp') - --- Break inserted text into smaller undo units when we insert some punctuation chars. -local undo_ch = { ",", ".", "!", "?", ";", ":" } -for _, ch in ipairs(undo_ch) do - keymap.set("i", ch, ch .. "u") -end - -keymap.set("i", "", "") -keymap.set("i", "", "") diff --git a/home/nvim/lazy-lock.json b/home/nvim/lazy-lock.json deleted file mode 100644 index b35ef9f..0000000 --- a/home/nvim/lazy-lock.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "LuaSnip": { "branch": "master", "commit": "03c8e67eb7293c404845b3982db895d59c0d1538" }, - "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" }, - "cmp-cmdline": { "branch": "main", "commit": "d250c63aa13ead745e3a40f61fdd3470efde3923" }, - "cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" }, - "cmp-omni": { "branch": "main", "commit": "4ef610bbd85a5ee4e97e09450c0daecbdc60de86" }, - "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" }, - "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" }, - "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" }, - "fzf-lua": { "branch": "main", "commit": "3d7e5db8fa56cfc2b92a38999016a51abe9e1d23" }, - "gitsigns.nvim": { "branch": "main", "commit": "b544bd62623ca1b483d8b9bfb6d65805f112a320" }, - "hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" }, - "iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" }, - "lazy.nvim": { "branch": "main", "commit": "d8f26efd456190241afd1b0f5235fe6fdba13d4a" }, - "lualine.nvim": { "branch": "master", "commit": "2a5bae925481f999263d6f5ed8361baef8df4f83" }, - "nvim-autopairs": { "branch": "master", "commit": "b464658e9b880f463b9f7e6ccddd93fb0013f559" }, - "nvim-cmp": { "branch": "main", "commit": "8c82d0bd31299dbff7f8e780f5e06d2283de9678" }, - "nvim-lspconfig": { "branch": "master", "commit": "8121483b8132b7053120fafd83728178fb3febf6" }, - "nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" }, - "nvim-treesitter": { "branch": "master", "commit": "622a4a6ba76d1de52b72a965159213ae655b4ac7" }, - "nvim-web-devicons": { "branch": "master", "commit": "5740b7382429d20b6ed0bbdb0694185af9507d44" }, - "tokyonight.nvim": { "branch": "main", "commit": "7bb270adaa7692c2c33befc35f5567fc596a2504" }, - "vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" } -} diff --git a/home/nvim/lua/config/fzf.lua b/home/nvim/lua/config/fzf.lua deleted file mode 100644 index c96f06d..0000000 --- a/home/nvim/lua/config/fzf.lua +++ /dev/null @@ -1,21 +0,0 @@ -local keymap = vim.keymap - -local fzf = require("fzf-lua") - -keymap.set("n", "ff", fzf.files, { silent = true }) -keymap.set("n", "fr", fzf.oldfiles, { silent = true }) -keymap.set("n", "fc", fzf.resume, { silent = true }) -keymap.set("n", "fs", fzf.treesitter, { silent = true }) -keymap.set("n", "fg", fzf.grep_project, { silent = true }) - -fzf.setup({ - "fzf-native", - keymap = { - fzf = { - ["ctrl-u"] = "half-page-up", - ["ctrl-d"] = "half-page-down", - ["ctrl-j"] = "preview-page-down", - ["ctrl-k"] = "preview-page-up", - }, - }, -}) diff --git a/home/nvim/lua/config/hop.lua b/home/nvim/lua/config/hop.lua deleted file mode 100644 index 3724b9f..0000000 --- a/home/nvim/lua/config/hop.lua +++ /dev/null @@ -1,16 +0,0 @@ -local hop = require("hop") -local keymap = vim.keymap - -hop.setup({ - case_insensitive = true, - char2_fallback_key = "", - quit_key = "", "", { - silent = true, - noremap = true, - callback = function() - hop.hint_char1() - end, -}) diff --git a/home/nvim/lua/config/lsp.lua b/home/nvim/lua/config/lsp.lua deleted file mode 100644 index 149163b..0000000 --- a/home/nvim/lua/config/lsp.lua +++ /dev/null @@ -1,74 +0,0 @@ -local lsp = vim.lsp -local diagnostic = vim.diagnostic -local keymap = vim.keymap - -keymap.set("n", "gd", lsp.buf.definition) -keymap.set("n", "rn", lsp.buf.rename) -keymap.set("n", "gr", lsp.buf.references) -keymap.set("n", "[d", diagnostic.goto_prev) -keymap.set("n", "]d", diagnostic.goto_next) - -diagnostic.config({ - signs = false, -}) - -local lspconfig = require("lspconfig") -local capabilities = require("cmp_nvim_lsp").default_capabilities() - -lspconfig.pylsp.setup({ capabilities = capabilities }) -lspconfig.clangd.setup({ capabilities = capabilities }) -lspconfig.bashls.setup({ capabilities = capabilities }) -lspconfig.rust_analyzer.setup({ - capabilities = capabilities, -}) - -lspconfig.gopls.setup({ - settings = { - gopls = { - analyses = { - unusedparams = true, - }, - staticcheck = true, - gofumpt = true, - }, - }, - capabilities = capabilities, -}) - -lspconfig.lua_ls.setup({ - capabilities = capabilities, - on_init = function(client) - if client.workspace_folders then - local path = client.workspace_folders[1].name - if vim.uv.fs_stat(path .. "/.luarc.json") or vim.uv.fs_stat(path .. "/.luarc.jsonc") then - return - end - end - - client.config.settings.Lua = vim.tbl_deep_extend("force", client.config.settings.Lua, { - runtime = { - -- Tell the language server which version of Lua you're using - -- (most likely LuaJIT in the case of Neovim) - version = "LuaJIT", - }, - -- Make the server aware of Neovim runtime files - workspace = { - checkThirdParty = false, - library = { - vim.env.VIMRUNTIME, - -- Depending on the usage, you might want to add additional paths here. - -- "${3rd}/luv/library" - -- "${3rd}/busted/library", - }, - -- or pull in all of 'runtimepath'. NOTE: this is a lot slower - -- library = vim.api.nvim_get_runtime_file("", true) - }, - }) - end, - settings = { - Lua = {}, - }, -}) - -lspconfig.nixd.setup({ capabilities = capabilities }) -lspconfig.terraformls.setup({ capabilities = capabilities }) diff --git a/home/nvim/lua/config/nvim-cmp.lua b/home/nvim/lua/config/nvim-cmp.lua deleted file mode 100644 index de42470..0000000 --- a/home/nvim/lua/config/nvim-cmp.lua +++ /dev/null @@ -1,54 +0,0 @@ -local cmp = require("cmp") -local luasnip = require("luasnip") - -cmp.setup({ - snippet = { - expand = function(args) - require("luasnip").lsp_expand(args.body) - end, - }, - mapping = { - [""] = cmp.mapping(function(fallback) - if cmp.visible() then - if luasnip.expandable() then - luasnip.expand() - else - cmp.confirm({ - select = true, - }) - end - else - fallback() - end - end), - - [""] = cmp.mapping(function(fallback) - if cmp.visible() then - cmp.select_next_item() - elseif luasnip.locally_jumpable(1) then - luasnip.jump(1) - else - fallback() - end - end, { "i", "s" }), - - [""] = cmp.mapping(function(fallback) - if cmp.visible() then - cmp.select_prev_item() - elseif luasnip.locally_jumpable(-1) then - luasnip.jump(-1) - else - fallback() - end - end, { "i", "s" }), - }, - sources = cmp.config.sources({ - { name = "nvim_lsp" }, - { name = "luasnip" }, - }, { - { name = "buffer" }, - { name = "path" }, - }), -}) diff --git a/home/nvim/lua/plugin_specs.lua b/home/nvim/lua/plugin_specs.lua deleted file mode 100644 index a51272e..0000000 --- a/home/nvim/lua/plugin_specs.lua +++ /dev/null @@ -1,99 +0,0 @@ --- Bootstrap lazy.nvim -local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim" -if not (vim.uv or vim.loop).fs_stat(lazypath) then - local lazyrepo = "https://github.com/folke/lazy.nvim.git" - local out = vim.fn.system({ "git", "clone", "--filter=blob:none", "--branch=stable", lazyrepo, lazypath }) - if vim.v.shell_error ~= 0 then - vim.api.nvim_echo({ - { "Failed to clone lazy.nvim:\n", "ErrorMsg" }, - { out, "WarningMsg" }, - { "\nPress any key to exit..." }, - }, true, {}) - vim.fn.getchar() - os.exit(1) - end -end -vim.opt.rtp:prepend(lazypath) - -vim.g.mapleader = "," - -local plugin_specs = { - { - "nvim-treesitter/nvim-treesitter", - build = ":TSUpdate", - event = "VeryLazy", - }, - - { - "neovim/nvim-lspconfig", - event = { "BufRead", "BufNewFile" }, - config = function() - require("config.lsp") - end, - }, - - { - "hrsh7th/nvim-cmp", - event = "VeryLazy", - dependencies = { - "hrsh7th/cmp-nvim-lsp", - "hrsh7th/cmp-path", - "hrsh7th/cmp-buffer", - "hrsh7th/cmp-omni", - "hrsh7th/cmp-cmdline", - "saadparwaiz1/cmp_luasnip", - }, - config = function() - require("config.nvim-cmp") - end, - }, - - { - "L3MON4D3/LuaSnip", - version = "v2.*", - build = "make install_jsregexp", - }, - - { "stevearc/dressing.nvim", event = "VeryLazy" }, - - { - "nvim-tree/nvim-tree.lua", - lazy = false, - dependencies = { - "nvim-tree/nvim-web-devicons", - }, - }, - - { - "ibhagwan/fzf-lua", - dependencies = { "nvim-tree/nvim-web-devicons" }, - config = function() - require("config.fzf") - end, - }, - - { "windwp/nvim-autopairs", event = "InsertEnter", config = true }, - - { "tpope/vim-commentary", event = "VeryLazy" }, - - { "folke/tokyonight.nvim", lazy = false, priority = 1000 }, - - { "lewis6991/gitsigns.nvim" }, - - { "nvim-lualine/lualine.nvim", dependencies = { "nvim-tree/nvim-web-devicons" } }, - - { - "smoka7/hop.nvim", - version = "*", - config = function() - require("config.hop") - end, - }, - - { "cocopon/iceberg.vim" }, -} - -require("lazy").setup({ - spec = plugin_specs, - rocks = { enabled = true }, -}) From c4cda77be8e170edcca725d1b23daa0fafd3fac1 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 23:17:27 -0500 Subject: [PATCH 060/410] nix fmt --- .github/workflows/build-and-cache.yml | 8 -------- flake.nix | 2 +- home/nixvim/default.nix | 7 +++++-- hosts/chunk/default.nix | 2 +- hosts/chunk/forgejo.nix | 2 +- hosts/common.nix | 9 ++++++--- overlay/default.nix | 2 +- 7 files changed, 15 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index d27a167..29173cb 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -1,9 +1,7 @@ name: build and cache random stuff - on: workflow_dispatch: push: - jobs: build: strategy: @@ -13,27 +11,21 @@ jobs: - .#attic-server - .#eza - .#conduwuit - runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty - - uses: DeterminateSystems/magic-nix-cache-action@main - - uses: cachix/cachix-action@v15 with: name: cything authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - uses: actions/checkout@v4 - - run: nix build '${{ matrix.package }}' diff --git a/flake.nix b/flake.nix index 7d7ad97..4dd4994 100644 --- a/flake.nix +++ b/flake.nix @@ -116,7 +116,7 @@ checks = forEachSystem (pkgs: { formatting = treefmtEval.${pkgs.system}.config.build.check self; }); - # lets us build overlayed packages with `nix build .#` + # lets us build overlaid packages with `nix build .#` packages = pkgsFor; nixosConfigurations = diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 0050777..f03967a 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ...}: +{ pkgs, ... }: { programs.nixvim = { enable = true; @@ -37,7 +37,10 @@ # shortcut to command mode action = ":"; key = ";"; - mode = ["n" "x"]; + mode = [ + "n" + "x" + ]; options.silent = true; } { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 192854e..287b57b 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -143,7 +143,7 @@ home = "/var/lib/forgejo"; group = "git"; }; - users.groups.git = {}; + users.groups.git = { }; environment.systemPackages = with pkgs; [ vim diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 41f0278..5b8ad1d 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -1,4 +1,4 @@ -{...}: +{ ... }: { services.forgejo = { enable = true; diff --git a/hosts/common.nix b/hosts/common.nix index 100c6ec..b334b5f 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -5,7 +5,10 @@ experimental-features = "nix-command flakes"; auto-optimise-store = true; flake-registry = ""; - trusted-users = [ "root" "@wheel" ]; + trusted-users = [ + "root" + "@wheel" + ]; trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; substituters = [ "https://cache.cything.io/central" ]; }; @@ -21,8 +24,8 @@ options = "--delete-older-than 14d"; }; extraOptions = '' - builders-use-substitutes = true - ''; + builders-use-substitutes = true + ''; }; time.timeZone = "America/Toronto"; networking.firewall.logRefusedConnections = false; diff --git a/overlay/default.nix b/overlay/default.nix index 1710eb7..99fc17b 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -5,4 +5,4 @@ let ]; importedOverlays = map (m: import m) overlays; in - importedOverlays +importedOverlays From e22ed2d5a4755a2a6f6f602abc0b223617dda520 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 10 Jan 2025 23:29:48 -0500 Subject: [PATCH 061/410] rm workflow to update nvim plugins --- .github/workflows/lazy-update.yml | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 .github/workflows/lazy-update.yml diff --git a/.github/workflows/lazy-update.yml b/.github/workflows/lazy-update.yml deleted file mode 100644 index 7229ab9..0000000 --- a/.github/workflows/lazy-update.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "update lazy plugins" -on: - repository_dispatch: - workflow_dispatch: - schedule: - - cron: "0 3 * * *" -permissions: - pull-requests: write - contents: write -jobs: - update-lazy-plugins: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - uses: cachix/install-nix-action@v30 - - name: Update vim plugins - run: | - export XDG_CONFIG_HOME=$PWD/home - nix run nixpkgs#neovim -- --headless "+Lazy! update" +qa - - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 - with: - title: update lazy plugins - commit-message: update neovim plugins From 5218a5331d971b14fc6089ce8148e50219e65d4e Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 00:08:00 -0500 Subject: [PATCH 062/410] fix cmp mapping --- home/nixvim/default.nix | 91 ++++++++++++++++++++++++++--------------- 1 file changed, 59 insertions(+), 32 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index f03967a..48bf914 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -72,41 +72,68 @@ plugins.cmp = { enable = true; - settings.sources = [ - { name = "nvim_lsp"; } - { name = "luasnip"; } - { name = "buffer"; } - { name = "nvim_lua"; } - { name = "path"; } - ]; - - settings.mappings = { - "" = "cmp.mapping.abort()"; - "" = "cmp.mapping.select_next_item()"; - "" = "cmp.mapping.select_prev_item()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = "cmp.mapping.confirm({ select = true })"; - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").expand_or_jumpable() then - require("luasnip").expand_or_jump() - else - fallback() - end - end,{"i","s"}) - ''; - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(-1) then - require("luasnip").jump(-1) - else - fallback() - end - end,{"i","s"}) + settings = { + formatting.fields = [ + "abbr" + "kind" + "menu" + ]; + experimental = { + ghost_text = true; + }; + snippet.expand = '' + function(args) require('luasnip').lsp_expand(args.body) end ''; + sources = [ + { name = "nvim_lsp"; } + { name = "emoji"; } + { name = "luasnip"; } + { name = "buffer"; } + { name = "path"; } + ]; + mapping = { + "" = "cmp.mapping.abort()"; + "" = "cmp.mapping.select_next_item()"; + "" = "cmp.mapping.select_prev_item()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = '' + cmp.mapping(function(fallback) + if cmp.visible() then + if require("luasnip").expandable() then + require("luasnip").expand() + else + cmp.confirm({ + select = true, + }) + end + else + fallback() + end + end) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(1) then + require("luasnip").jump(1) + else + fallback() + end + end,{"i","s"}) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(-1) then + require("luasnip").jump(-1) + else + fallback() + end + end,{"i","s"}) + ''; + }; }; }; + plugins.lsp = { enable = true; keymaps.lspBuf = { From 4a8eecbd5646c755e0ab8ce7605d2c9623424ee5 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 18:26:41 -0500 Subject: [PATCH 063/410] install github-cli --- home/yt/ytnix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 543e4e2..67f448d 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -98,6 +98,7 @@ gdb clang seahorse + github-cli ]; programs.waybar.enable = true; From 4099e9dce40dea44b98b76992dd90570ab9d5096 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 18:27:04 -0500 Subject: [PATCH 064/410] give nixvim to chunk --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 4dd4994..38b3382 100644 --- a/flake.nix +++ b/flake.nix @@ -178,6 +178,7 @@ extraSpecialArgs = { inherit inputs outputs; }; modules = [ ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim ]; }; }; From d5b6ec3dafda3bda654bd671cac6f941b411ba82 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 18:53:55 -0500 Subject: [PATCH 065/410] init --- home/vscode.nix | 9 +++++++++ home/yt/ytnix.nix | 1 + 2 files changed, 10 insertions(+) create mode 100644 home/vscode.nix diff --git a/home/vscode.nix b/home/vscode.nix new file mode 100644 index 0000000..5c897e4 --- /dev/null +++ b/home/vscode.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: { + programs.vscode = { + enable = true; + package = pkgs.vscodium; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; + }; +} diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 67f448d..45d1dd3 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,6 +6,7 @@ imports = [ ./common.nix ../foot.nix + ../vscode.nix ]; home = { username = "yt"; From e7f01b5ba0952d58143d05870107b66dd92cd417 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 19:56:52 -0500 Subject: [PATCH 066/410] build nil_ls --- .github/workflows/build-and-cache.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 29173cb..c806300 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -11,6 +11,7 @@ jobs: - .#attic-server - .#eza - .#conduwuit + - "github:oxalica/nil" runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main From 0dd68a7d2582e9601861db6420c5563e34f4c114 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 22:50:00 -0500 Subject: [PATCH 067/410] nixvim dont remap gt --- home/nixvim/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 48bf914..6d453f8 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -140,7 +140,8 @@ "K" = "hover"; "gd" = "definition"; "gD" = "references"; - "gt" = "type_definition"; + # "gt" = "type_definition"; # conflicts with switch tab + "gI" = "type_definition"; "gi" = "implementation"; }; servers = { From 2bdfb3e1a295fe41f1e53d14a60c87a638f78359 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 23:18:22 -0500 Subject: [PATCH 068/410] bring back garage (#1) make it work with my fork Reviewed-on: https://git.cy7.sh/cy/infra/pulls/1 --- .sops.yaml | 5 +++++ flake.lock | 17 +++++++++++++++++ flake.nix | 5 +++++ hosts/chunk/Caddyfile | 10 ++++++++++ hosts/chunk/default.nix | 5 +++++ hosts/chunk/garage.nix | 18 ++++++++++++++++++ hosts/chunk/rclone.nix | 18 ++++++++++++++++++ secrets/services/garage.yaml | 31 +++++++++++++++++++++++++++++++ 8 files changed, 109 insertions(+) create mode 100644 hosts/chunk/garage.nix create mode 100644 secrets/services/garage.yaml diff --git a/.sops.yaml b/.sops.yaml index 4966beb..3cfb014 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -98,3 +98,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/garage.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/flake.lock b/flake.lock index e48dca5..554b079 100644 --- a/flake.lock +++ b/flake.lock @@ -422,6 +422,22 @@ "type": "github" } }, + "nixpkgs-garage": { + "locked": { + "lastModified": 1736655158, + "narHash": "sha256-1ZVtf+4BvqJrGGXBQEjAxjKWSaoySVt46un4pN1zH5g=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "b7bc158e553db4031ce6242e341e64e1023ec86a", + "type": "github" + }, + "original": { + "owner": "cything", + "ref": "garage-module", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1710695816, @@ -525,6 +541,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-borg": "nixpkgs-borg", "nixpkgs-btrbk": "nixpkgs-btrbk", + "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "sops-nix": "sops-nix", "treefmt": "treefmt" diff --git a/flake.nix b/flake.nix index 38b3382..e84606c 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,7 @@ nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR eza.url = "github:nixos/nixpkgs/d722e8ce81cf103280ce1ff65accb3fc25cbd2ba"; + nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; }; nixConfig = { @@ -142,10 +143,14 @@ modules = [ { nixpkgs = { inherit pkgs; }; + disabledModules = [ + "services/web-servers/garage.nix" + ]; } ./hosts/chunk inputs.sops-nix.nixosModules.sops ./modules + (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") ]; }; diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile index 6d2916d..d9a069d 100644 --- a/hosts/chunk/Caddyfile +++ b/hosts/chunk/Caddyfile @@ -77,3 +77,13 @@ cache.cything.io { import common reverse_proxy localhost:8090 } + +s3.cy7.sh { + import common + reverse_proxy localhost:3900 +} + +admin.s3.cy7.sh { + import common + reverse_proxy localhost:3903 +} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 287b57b..edb153b 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -25,6 +25,7 @@ ./element.nix ./attic.nix ./forgejo.nix + ./garage.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -65,6 +66,10 @@ "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; + + "garage/env" = { + sopsFile = ../../secrets/services/garage.yaml; + }; }; boot.loader.grub.enable = true; diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix new file mode 100644 index 0000000..aac9396 --- /dev/null +++ b/hosts/chunk/garage.nix @@ -0,0 +1,18 @@ +{config, pkgs, ...}: { + services.garage = { + enable = true; + package = pkgs.garage; + settings = { + data_dir = "/mnt/garage"; + s3_api = { + s3_region = "earth"; + api_bind_addr = "[::]:3900"; + }; + admin.api_bind_addr = "[::]:3903"; + rpc_bind_addr = "[::]:3901"; + replication_factor = 1; + db_engine = "lmdb"; + }; + environmentFile = config.sops.secrets."garage/env".path; + }; +} diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index ba9e45d..be833af 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -38,5 +38,23 @@ ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; + + systemd.services.garage-mount = { + enable = true; + description = "Mount the garage data remote"; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + requiredBy = [ "garage.service" ]; + before = [ "garage.service" ]; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; + }; + }; + programs.fuse.userAllowOther = true; } diff --git a/secrets/services/garage.yaml b/secrets/services/garage.yaml new file mode 100644 index 0000000..d84d4af --- /dev/null +++ b/secrets/services/garage.yaml @@ -0,0 +1,31 @@ +garage: + env: ENC[AES256_GCM,data:miNp4SJ9xuMXSEIJYCZFWM96enAh8uwCxv0ySn2Jbp5V4Iso2uZ2R9dXqSS7y60pRq+bbXPYbBxBnmb+fhjvB7TdCLPom9CKSY8zMI7n/p1IE4qUFvzCG4ejV6BIsh/887BjzAx1UNcRG/9eUNcMfTu58wQwKmIzr1iu5pD+IlLHa+0/orpZKssQ2Ba1hMwLOAXp,iv:zgkGikunB4zQ4CfGgEd1DmLgYpEREJhoX4oT/zK3mI8=,tag:ohpZWF/lPHQc010mteJZDw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIemdMVVE4alZ2MElWeUpj + TjNhL2VYL2dwMmN0VzJxVGwzWHgvbm82QWtjCk1pem5SdzFpR0dRci80emo1VlVu + VWtWMVpoN2M4NUphcTgxeTB6aU83bjAKLS0tIGlJanA1TFBnaE9PTmRnQWVidE53 + elRZaFVaZ1VTRU1MbWlqSkJNZG1oRW8K8IupEpJzC0CJGpxSTssiFrQgdHAzCW4I + IlvYdZkUou/6km5OMnsFqhqEqIjAwVuJ08YiNzAv67ZzTG0ThD133A== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiemRZRmF1NWozM1RFS2Z2 + bld5V0lTS3V1OW1SU0VaR2IzZjJmbEtJVkhjCnBVKzFYUXYveGdkSTVmbzRldGRo + eVAxWXQ1TzczVjZiQ2NsUEk3YmhGNk0KLS0tIG04d0FDYXF1MU5ab3ZMTmpCUWNa + WTQ3dWs4enQrc2F3K3AvMUQvWEh6RDgKxJl3ftSpIrK+45LzjX9gIy41Lv+bcZsV + 7rriUhKAtaCXsQcO6Povif7zJyCROYhC0sgpRhmMKoN76TAH3zxvag== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-08T20:44:32Z" + mac: ENC[AES256_GCM,data:rVv9sNYb9Fttm5IjonAZBmcrCqC1cAp2sjMJDZ3JMt+YeyiCUI6jsXSGAc3pgP+7vvaTvDvdNwlAa5axxA72omE4eAK+9me0RLI75vA4UGrh3KiB4qrHK6H6qMUFg92uhKFo+uhtxERIV5/HSwbZPBT2R0pbSSQzTKk5U9UuJsY=,iv:CRSEqphlBsHwPvwXlTQui5U4fsXWgWnZ+8KYFAyVRlg=,tag:82mxRsp5uCo235jzJNK8LQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From 40bc68df75d50c2951b91b087497e1a297f9e5b5 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 11 Jan 2025 23:42:35 -0500 Subject: [PATCH 069/410] bump garage and test --- .github/workflows/build-and-cache.yml | 3 +-- flake.lock | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index c806300..8e5aaa3 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -9,9 +9,8 @@ jobs: package: - .#attic-client - .#attic-server - - .#eza - .#conduwuit - - "github:oxalica/nil" + - "github:cything/nixpkgs/9a35d495d2f49eee003b57265228844bb48c933e#nixosTests.garage.with-3node-replication1_x" runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main diff --git a/flake.lock b/flake.lock index 554b079..8c50268 100644 --- a/flake.lock +++ b/flake.lock @@ -424,11 +424,11 @@ }, "nixpkgs-garage": { "locked": { - "lastModified": 1736655158, - "narHash": "sha256-1ZVtf+4BvqJrGGXBQEjAxjKWSaoySVt46un4pN1zH5g=", + "lastModified": 1736656100, + "narHash": "sha256-Y/r6cOYW4UsFj55gp0FTdxDmrrccn6wXQo/zll2Yx8g=", "owner": "cything", "repo": "nixpkgs", - "rev": "b7bc158e553db4031ce6242e341e64e1023ec86a", + "rev": "9a35d495d2f49eee003b57265228844bb48c933e", "type": "github" }, "original": { From 6c7c4125338ecdc6caf22429deb68b5aa1648c67 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 13 Jan 2025 03:26:20 +0000 Subject: [PATCH 070/410] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/7e00856596891850ba5ad4c5ecd2ed74468c08c5?narHash=sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU%3D' (2025-01-08) → 'github:nix-community/home-manager/2532b500c3ed2b8940e831039dcec5a5ea093afc?narHash=sha256-ZOaGwa%2BWnB7Zn3YXimqjmIugAnHePdXCmNu%2BAHkq808%3D' (2025-01-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/8f3e1f807051e32d8c95cd12b9b421623850a34d?narHash=sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs%2BrI%3D' (2025-01-04) → 'github:nixos/nixpkgs/130595eba61081acde9001f43de3248d8888ac4a?narHash=sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s%3D' (2025-01-10) • Updated input 'nixpkgs-garage': 'github:cything/nixpkgs/9a35d495d2f49eee003b57265228844bb48c933e?narHash=sha256-Y/r6cOYW4UsFj55gp0FTdxDmrrccn6wXQo/zll2Yx8g%3D' (2025-01-12) → 'github:cything/nixpkgs/616be0a7b830a10d0874d569aabd40034c9151aa?narHash=sha256-KpbFF8d5cqcBF7%2Bm5fXDcPn%2BADg3kURbX49JGx18NXU%3D' (2025-01-12) • Updated input 'nixvim': 'github:nix-community/nixvim/67de84848e43ca6a5025e4f8eddc2f6684a51f2b?narHash=sha256-0dabFSGqcPo47WfgPRM5usnVXaGMdYvPlDJ5PeIqjr4%3D' (2025-01-09) → 'github:nix-community/nixvim/35d6c12626f9895cd5d8ccf5d19c3d00de394334?narHash=sha256-5YAiZ3wrEJ/fzFoCwNf14xqfRTvgdcnl/%2By0vye3Y6A%3D' (2025-01-12) • Updated input 'nixvim/home-manager': 'github:nix-community/home-manager/7e00856596891850ba5ad4c5ecd2ed74468c08c5?narHash=sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU%3D' (2025-01-08) → 'github:nix-community/home-manager/2532b500c3ed2b8940e831039dcec5a5ea093afc?narHash=sha256-ZOaGwa%2BWnB7Zn3YXimqjmIugAnHePdXCmNu%2BAHkq808%3D' (2025-01-10) • Updated input 'sops-nix': 'github:Mic92/sops-nix/c9c88f08e3ee495e888b8d7c8624a0b2519cb773?narHash=sha256-eSjkBwBdQk%2BTZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4%3D' (2025-01-06) → 'github:Mic92/sops-nix/f214c1b76c347a4e9c8fb68c73d4293a6820d125?narHash=sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs%3D' (2025-01-10) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 8c50268..83cb365 100644 --- a/flake.lock +++ b/flake.lock @@ -264,11 +264,11 @@ ] }, "locked": { - "lastModified": 1736366465, - "narHash": "sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU=", + "lastModified": 1736508663, + "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e00856596891850ba5ad4c5ecd2ed74468c08c5", + "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", "type": "github" }, "original": { @@ -285,11 +285,11 @@ ] }, "locked": { - "lastModified": 1736366465, - "narHash": "sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU=", + "lastModified": 1736508663, + "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e00856596891850ba5ad4c5ecd2ed74468c08c5", + "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", "type": "github" }, "original": { @@ -376,11 +376,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1736523798, + "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "130595eba61081acde9001f43de3248d8888ac4a", "type": "github" }, "original": { @@ -424,11 +424,11 @@ }, "nixpkgs-garage": { "locked": { - "lastModified": 1736656100, - "narHash": "sha256-Y/r6cOYW4UsFj55gp0FTdxDmrrccn6wXQo/zll2Yx8g=", + "lastModified": 1736657901, + "narHash": "sha256-KpbFF8d5cqcBF7+m5fXDcPn+ADg3kURbX49JGx18NXU=", "owner": "cything", "repo": "nixpkgs", - "rev": "9a35d495d2f49eee003b57265228844bb48c933e", + "rev": "616be0a7b830a10d0874d569aabd40034c9151aa", "type": "github" }, "original": { @@ -469,11 +469,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736430661, - "narHash": "sha256-0dabFSGqcPo47WfgPRM5usnVXaGMdYvPlDJ5PeIqjr4=", + "lastModified": 1736715511, + "narHash": "sha256-5YAiZ3wrEJ/fzFoCwNf14xqfRTvgdcnl/+y0vye3Y6A=", "owner": "nix-community", "repo": "nixvim", - "rev": "67de84848e43ca6a5025e4f8eddc2f6684a51f2b", + "rev": "35d6c12626f9895cd5d8ccf5d19c3d00de394334", "type": "github" }, "original": { @@ -579,11 +579,11 @@ ] }, "locked": { - "lastModified": 1736203741, - "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", + "lastModified": 1736515725, + "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", + "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", "type": "github" }, "original": { From 62d2b139102e209524487b5aa949474186ce7df7 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 12 Jan 2025 11:30:36 -0500 Subject: [PATCH 071/410] rm old overlays and make sway float anki add window --- flake.lock | 34 ---------------------------------- flake.nix | 9 +++------ home/sway/config | 1 + modules/backup.nix | 7 ------- 4 files changed, 4 insertions(+), 47 deletions(-) diff --git a/flake.lock b/flake.lock index 83cb365..cd5c828 100644 --- a/flake.lock +++ b/flake.lock @@ -63,22 +63,6 @@ "type": "github" } }, - "eza": { - "locked": { - "lastModified": 1736397430, - "narHash": "sha256-l00P7P3zcx8rzYOOQMNUwBqK/yz/4Cv8G8+pYbfyQ5Y=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d722e8ce81cf103280ce1ff65accb3fc25cbd2ba", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d722e8ce81cf103280ce1ff65accb3fc25cbd2ba", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -390,22 +374,6 @@ "type": "github" } }, - "nixpkgs-borg": { - "locked": { - "lastModified": 1735547260, - "narHash": "sha256-ScKuaBbUXNqS9c6Y+N647BAQx7SvKywpu5MxBV3Y5pk=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "53add6c0c30200663cd21beb06672ec2c8afc176", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "borg", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-btrbk": { "locked": { "lastModified": 1735945390, @@ -535,11 +503,9 @@ "root": { "inputs": { "disko": "disko", - "eza": "eza", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", - "nixpkgs-borg": "nixpkgs-borg", "nixpkgs-btrbk": "nixpkgs-btrbk", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index e84606c..6f869f7 100644 --- a/flake.nix +++ b/flake.nix @@ -28,10 +28,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR - eza.url = "github:nixos/nixpkgs/d722e8ce81cf103280ce1ff65accb3fc25cbd2ba"; - nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; + nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; nixConfig = { @@ -82,9 +80,8 @@ flake: pkgNames: _final: prev: overridePkgsFromFlake prev flake pkgNames; overlays = [ - (overlayPkgsFromFlake inputs.eza [ - "eza" - ]) + # (overlayPkgsFromFlake inputs.eza [ + # ]) ] ++ import ./overlay; pkgsFor = lib.genAttrs systems ( diff --git a/home/sway/config b/home/sway/config index 7412fc4..1005b61 100644 --- a/home/sway/config +++ b/home/sway/config @@ -125,6 +125,7 @@ for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable for_window [app_id="LibreWolf" title="^Extension"] floating enable for_window [floating] border csd for_window [app_id="Bitwarden"] floating enable +for_window [app_id=anki title="Add"] floating enable bar { swaybar_command waybar diff --git a/modules/backup.nix b/modules/backup.nix index e632726..7524c55 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -31,13 +31,6 @@ let ]; in { - imports = [ - { - disabledModules = [ "services/backup/borgbackup.nix" ]; - } - (inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix") - ]; - options.my.backup = { enable = lib.mkEnableOption "backup"; paths = lib.mkOption { From b6c18ce5f26f17ad5a1820c053c2f01f11760058 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 13 Jan 2025 01:17:13 -0500 Subject: [PATCH 072/410] nix fmt --- flake.nix | 18 ------------------ hosts/chunk/garage.nix | 3 ++- modules/backup.nix | 1 - 3 files changed, 2 insertions(+), 20 deletions(-) diff --git a/flake.nix b/flake.nix index 6f869f7..66f65c4 100644 --- a/flake.nix +++ b/flake.nix @@ -61,24 +61,6 @@ systems = [ "x86_64-linux" ]; forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system}); - - overridePkgsFromFlake = - pkgs: flake: pkgNames: - let - pkgs' = import flake { inherit (pkgs) system config; }; - pkgNames' = builtins.map (lib.splitString ".") pkgNames; - pkgVals = builtins.map ( - path: - let - package = lib.getAttrFromPath path pkgs'; - in - lib.setAttrByPath path package - ) pkgNames'; - in - lib.foldl' lib.recursiveUpdate { } pkgVals; - overlayPkgsFromFlake = - flake: pkgNames: _final: prev: - overridePkgsFromFlake prev flake pkgNames; overlays = [ # (overlayPkgsFromFlake inputs.eza [ # ]) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index aac9396..fe3ef46 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -1,4 +1,5 @@ -{config, pkgs, ...}: { +{ config, pkgs, ... }: +{ services.garage = { enable = true; package = pkgs.garage; diff --git a/modules/backup.nix b/modules/backup.nix index 7524c55..52913b4 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - inputs, ... }: let From 8c8d0fbb564cb083fcd02772db435b4a9eeb24c7 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 13 Jan 2025 15:13:10 -0500 Subject: [PATCH 073/410] some nvim and vscode changes --- home/nixvim/default.nix | 5 +++-- home/vscode.nix | 8 ++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 6d453f8..2ea829b 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -147,7 +147,7 @@ servers = { bashls.enable = true; lua_ls.enable = true; - nil_ls.enable = true; + nixd.enable = true; rust_analyzer = { enable = true; installRustc = true; @@ -170,7 +170,8 @@ plugins.neo-tree = { enable = true; - closeIfLastWindow = true; + buffers.followCurrentFile.enabled = true; + window.width = 30; }; plugins.cmp-buffer.enable = true; diff --git a/home/vscode.nix b/home/vscode.nix index 5c897e4..6f099d7 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -5,5 +5,13 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; mutableExtensionsDir = false; + extensions = with pkgs.vscode-extensions; [ + vscodevim.vim + jnoortheen.nix-ide # nix language support + editorconfig.editorconfig # editorconfig + dracula-theme.theme-dracula # color scheme + tomoki1207.pdf # pdf viewer + yzhang.markdown-all-in-one # markdown tools + ]; }; } From 5b27c6e0dca223295651edfece3497f4b03256f0 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 13 Jan 2025 19:17:14 -0500 Subject: [PATCH 074/410] flake update --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index cd5c828..545c2d2 100644 --- a/flake.lock +++ b/flake.lock @@ -248,11 +248,11 @@ ] }, "locked": { - "lastModified": 1736508663, - "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -360,11 +360,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736523798, - "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=", + "lastModified": 1736701207, + "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "130595eba61081acde9001f43de3248d8888ac4a", + "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", "type": "github" }, "original": { @@ -437,11 +437,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736715511, - "narHash": "sha256-5YAiZ3wrEJ/fzFoCwNf14xqfRTvgdcnl/+y0vye3Y6A=", + "lastModified": 1736784172, + "narHash": "sha256-dXvzw4LmupgZb2VfwclzygiIyfqjnmKhTdjHDun2rDg=", "owner": "nix-community", "repo": "nixvim", - "rev": "35d6c12626f9895cd5d8ccf5d19c3d00de394334", + "rev": "a54b752259ff16d340d270928ee603b4b9599192", "type": "github" }, "original": { @@ -545,11 +545,11 @@ ] }, "locked": { - "lastModified": 1736515725, - "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", + "lastModified": 1736808430, + "narHash": "sha256-wlgdf/n7bJMLBheqt1jmPoxJFrUP6FByKQFXuM9YvIk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", + "rev": "553c7cb22fed19fd60eb310423fdc93045c51ba8", "type": "github" }, "original": { From a8ce6936a7c3988b8736d241a9e4588b97ae4ab5 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 13 Jan 2025 20:09:39 -0500 Subject: [PATCH 075/410] use unstable-small --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 545c2d2..7110280 100644 --- a/flake.lock +++ b/flake.lock @@ -360,16 +360,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736701207, - "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", + "lastModified": 1736789786, + "narHash": "sha256-YKr7RhOtFFl7metHJ2oWmPF5//mlvasFr1jJ0gLdNyQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", + "rev": "ba9f7942037ac78a690eb7e2c15f4869c9515eb4", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 66f65c4..7c921e8 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; From 66101edde51270ef759760c8c4d16aefd0db0231 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 13 Jan 2025 20:09:51 -0500 Subject: [PATCH 076/410] swap scroll doc keys --- home/nixvim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 2ea829b..f0d2e99 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -95,8 +95,8 @@ "" = "cmp.mapping.abort()"; "" = "cmp.mapping.select_next_item()"; "" = "cmp.mapping.select_prev_item()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.scroll_docs(4)"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; "" = '' cmp.mapping(function(fallback) if cmp.visible() then From 22f42ec745dcc7ece974f9b4b37462cf3844c94c Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 14 Jan 2025 00:01:37 -0500 Subject: [PATCH 077/410] make vim nicer --- home/nixvim/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index f0d2e99..2b4e354 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -163,7 +163,7 @@ plugins.fzf-lua = { enable = true; keymaps = { - "ff" = "git_files"; + "ff" = "files"; "fg" = "live_grep"; }; }; @@ -174,6 +174,11 @@ window.width = 30; }; + plugins.gitsigns = { + enable = true; + settings.current_line_blame = true; + }; + plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; plugins.cmp-nvim-lsp.enable = true; @@ -183,6 +188,7 @@ plugins.nvim-autopairs.enable = true; plugins.rainbow-delimiters.enable = true; plugins.web-devicons.enable = true; - plugins.gitsigns.enable = true; + plugins.auto-save.enable = true; + plugins.indent-blankline.enable = true; }; } From d35639285fa19e9d1c40b4c02e9aba59b0ee0a47 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 14 Jan 2025 10:28:29 -0500 Subject: [PATCH 078/410] change forgejo landing page to explore update git email don't include vscode in common --- home/yt/common.nix | 2 +- home/yt/ytnix.nix | 1 - hosts/chunk/forgejo.nix | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index b4894d5..77c98fe 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -30,7 +30,7 @@ programs.git = { enable = true; userName = "cy"; - userEmail = "hi@cything.io"; + userEmail = "cy@cy7.sh"; delta = { enable = true; options = { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 45d1dd3..67f448d 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,7 +6,6 @@ imports = [ ./common.nix ../foot.nix - ../vscode.nix ]; home = { username = "yt"; diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 5b8ad1d..0b644a2 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -10,7 +10,7 @@ HTTP_PORT = 3000; HTTP_ADDR = "127.0.0.1"; DOMAIN = "git.cy7.sh"; - LANDING_PAGE = "/cy"; + LANDING_PAGE = "explore"; }; session.COOKIE_SECURE = true; service.DISABLE_REGISTRATION = true; From f327c0628ac1b3cc880abae15d94394c728425b7 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 14 Jan 2025 10:50:19 -0500 Subject: [PATCH 079/410] add codespace home --- flake.nix | 9 +++++++++ home/yt/codespace.nix | 22 ++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 home/yt/codespace.nix diff --git a/flake.nix b/flake.nix index 7c921e8..f11bde6 100644 --- a/flake.nix +++ b/flake.nix @@ -165,6 +165,15 @@ inputs.nixvim.homeManagerModules.nixvim ]; }; + + "codespace@codespace" = home-manager.lib.homeManagerConfiguration { + pkgs = pkgsFor.x86_64-linux; + extraSpecialArgs = { inherit inputs outputs; }; + modules = [ + ./home/yt/codespace.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; }; }; } diff --git a/home/yt/codespace.nix b/home/yt/codespace.nix new file mode 100644 index 0000000..6720c17 --- /dev/null +++ b/home/yt/codespace.nix @@ -0,0 +1,22 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ./common.nix + ]; + home = { + username = "codespace"; + homeDirectory = "/home/codespace"; + stateVersion = "24.05"; + }; + programs.home-manager.enable = true; + + systemd.user.startServices = "sd-switch"; + + home.packages = with pkgs; [ + foot.terminfo + attic-client + ]; +} From 09b6e25b2b32a867420b00ae9692abf200a087fa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 22:47:18 -0500 Subject: [PATCH 080/410] flake.lock: Update (#23) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/65a441502c9382d41ada1adbc9bd31d6c9b00fe2?narHash=sha256-snPBgTqwn3FPZVdFC5yt7Bnk3squim1vZOZ8CObWykk%3D' (2024-12-13) → 'github:nix-community/disko/0141aabed359f063de7413f80d906e1d98c0c123?narHash=sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0%3D' (2025-01-14) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/ba9f7942037ac78a690eb7e2c15f4869c9515eb4?narHash=sha256-YKr7RhOtFFl7metHJ2oWmPF5//mlvasFr1jJ0gLdNyQ%3D' (2025-01-13) → 'github:nixos/nixpkgs/69b5cebd7cc197ee5885fa694465039c42a5c8dc?narHash=sha256-j9ysmoP7UJUEZdA1/Gjqa8zsx5gaq35PxRsaTBwgoWk%3D' (2025-01-15) • Updated input 'nixpkgs-garage': 'github:cything/nixpkgs/616be0a7b830a10d0874d569aabd40034c9151aa?narHash=sha256-KpbFF8d5cqcBF7%2Bm5fXDcPn%2BADg3kURbX49JGx18NXU%3D' (2025-01-12) → 'github:cything/nixpkgs/97f27249297bf5fbc563014ae9d4884dee27f1e0?narHash=sha256-A7knAvBOwoM5X7oNdIOKvuXYtXJpuR4O8iKHIk8EwOI%3D' (2025-01-15) • Updated input 'nixvim': 'github:nix-community/nixvim/a54b752259ff16d340d270928ee603b4b9599192?narHash=sha256-dXvzw4LmupgZb2VfwclzygiIyfqjnmKhTdjHDun2rDg%3D' (2025-01-13) → 'github:nix-community/nixvim/5b068e7f8f2b6beaa1fafe0c8b3604b63bcccc2d?narHash=sha256-gb3ujURRlI/D5Jc8PUDOpJr8RyrTwnDDIDtnQK4upso%3D' (2025-01-15) Co-authored-by: github-actions[bot] --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 7110280..89484ba 100644 --- a/flake.lock +++ b/flake.lock @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1734088167, - "narHash": "sha256-snPBgTqwn3FPZVdFC5yt7Bnk3squim1vZOZ8CObWykk=", + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", "owner": "nix-community", "repo": "disko", - "rev": "65a441502c9382d41ada1adbc9bd31d6c9b00fe2", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", "type": "github" }, "original": { @@ -360,11 +360,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736789786, - "narHash": "sha256-YKr7RhOtFFl7metHJ2oWmPF5//mlvasFr1jJ0gLdNyQ=", + "lastModified": 1736966948, + "narHash": "sha256-j9ysmoP7UJUEZdA1/Gjqa8zsx5gaq35PxRsaTBwgoWk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ba9f7942037ac78a690eb7e2c15f4869c9515eb4", + "rev": "69b5cebd7cc197ee5885fa694465039c42a5c8dc", "type": "github" }, "original": { @@ -392,11 +392,11 @@ }, "nixpkgs-garage": { "locked": { - "lastModified": 1736657901, - "narHash": "sha256-KpbFF8d5cqcBF7+m5fXDcPn+ADg3kURbX49JGx18NXU=", + "lastModified": 1736921030, + "narHash": "sha256-A7knAvBOwoM5X7oNdIOKvuXYtXJpuR4O8iKHIk8EwOI=", "owner": "cything", "repo": "nixpkgs", - "rev": "616be0a7b830a10d0874d569aabd40034c9151aa", + "rev": "97f27249297bf5fbc563014ae9d4884dee27f1e0", "type": "github" }, "original": { @@ -437,11 +437,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736784172, - "narHash": "sha256-dXvzw4LmupgZb2VfwclzygiIyfqjnmKhTdjHDun2rDg=", + "lastModified": 1736964246, + "narHash": "sha256-gb3ujURRlI/D5Jc8PUDOpJr8RyrTwnDDIDtnQK4upso=", "owner": "nix-community", "repo": "nixvim", - "rev": "a54b752259ff16d340d270928ee603b4b9599192", + "rev": "5b068e7f8f2b6beaa1fafe0c8b3604b63bcccc2d", "type": "github" }, "original": { From ff3df361986260228b028d6deefb977b583bfe03 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 16 Jan 2025 11:01:55 -0500 Subject: [PATCH 081/410] nvim undotree and direnv --- home/nixvim/default.nix | 1 + home/yt/ytnix.nix | 5 +++++ home/zsh/default.nix | 1 + 3 files changed, 7 insertions(+) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 2b4e354..d90b5dd 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -190,5 +190,6 @@ plugins.web-devicons.enable = true; plugins.auto-save.enable = true; plugins.indent-blankline.enable = true; + plugins.undotree.enable = true; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 67f448d..8a725fe 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -138,4 +138,9 @@ }; services.gnome-keyring.enable = true; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 2dd2a84..c1df4e8 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -116,4 +116,5 @@ programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; programs.nix-index.enableZshIntegration = false; + programs.direnv.enableZshIntegration = false; } From 193fc258b9058b1b592928dfd5df7b16dbfd5787 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 16 Jan 2025 16:11:24 -0500 Subject: [PATCH 082/410] make things work with flake-parts also don't use my fork for btrbk anymore --- flake.lock | 126 ++++++++++++++++----- flake.nix | 238 ++++++++++++++++++++-------------------- home/vscode.nix | 3 +- hosts/ytnix/default.nix | 7 -- 4 files changed, 223 insertions(+), 151 deletions(-) diff --git a/flake.lock b/flake.lock index 89484ba..6cdea25 100644 --- a/flake.lock +++ b/flake.lock @@ -80,6 +80,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -94,6 +110,24 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -114,7 +148,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -172,12 +206,34 @@ } }, "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737043064, + "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { "inputs": { "flake-compat": [ "nixvim", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore_3", "nixpkgs": [ "nixvim", "nixpkgs" @@ -198,6 +254,27 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -219,7 +296,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "nixvim", @@ -313,8 +390,8 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -374,22 +451,6 @@ "type": "github" } }, - "nixpkgs-btrbk": { - "locked": { - "lastModified": 1735945390, - "narHash": "sha256-isFSp8EsqnFJE7o07XdT/eia0Rtzvz6NqLt4tCdFido=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "acf701b49a7687e23b4b18701d4ab62285dec029", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "btrbk", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-garage": { "locked": { "lastModified": 1736921030, @@ -406,6 +467,18 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1710695816, @@ -425,9 +498,9 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", + "git-hooks": "git-hooks_2", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", "nixpkgs": [ @@ -479,7 +552,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -503,10 +576,11 @@ "root": { "inputs": { "disko": "disko", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", - "nixpkgs-btrbk": "nixpkgs-btrbk", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index f11bde6..17f763a 100644 --- a/flake.nix +++ b/flake.nix @@ -27,21 +27,21 @@ url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; }; + flake-parts.url = "github:hercules-ci/flake-parts"; + git-hooks = { + url = "github:cachix/git-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; nixConfig = { extra-substituters = [ "https://cache.cything.io/central" - "https://cache.cything.io/infra-ci" - "https://cache.cything.io/attic" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" - "infra-ci:xG5f5tddUBcvToYjlpHD5OY/puYQkKmgKeIQCshNs38=" - "attic:HL3hVpqXxwcF7Q1R+IvU2i0+YxIjQA2xxKM5EJMXLLs=" ]; builders-use-substitutes = true; }; @@ -53,127 +53,131 @@ home-manager, treefmt, disko, + flake-parts, ... }@inputs: - let - lib = nixpkgs.lib; - inherit (self) outputs; + flake-parts.lib.mkFlake { inherit inputs; } ( + { ... }: + { + imports = [ + inputs.git-hooks.flakeModule + ]; + debug = true; + systems = [ + "x86_64-linux" + ]; + perSystem = + { + pkgs, + system, + ... + }: + { + # make pkgs available to `perSystem` + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + config = { + allowUnfree = true; + }; + }; - systems = [ "x86_64-linux" ]; - forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system}); - overlays = [ - # (overlayPkgsFromFlake inputs.eza [ - # ]) - ] ++ import ./overlay; + pre-commit = { + check.enable = true; + settings.hooks = { + nixfmt-rfc-style.enable = true; + }; + }; - pkgsFor = lib.genAttrs systems ( - system: - import nixpkgs { - inherit system overlays; - config = { - allowUnfree = true; - }; - } - ); - - treefmtEval = forEachSystem ( - pkgs: - treefmt.lib.evalModule pkgs { - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.stylua.enable = true; - programs.yamlfmt.enable = true; - programs.typos.enable = true; - programs.shellcheck.enable = true; - programs.deadnix.enable = true; - - settings.global.excludes = [ "secrets/*" ]; - } - ); - in - { - formatter = forEachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper); - checks = forEachSystem (pkgs: { - formatting = treefmtEval.${pkgs.system}.config.build.check self; - }); - # lets us build overlaid packages with `nix build .#` - packages = pkgsFor; - - nixosConfigurations = - let - pkgs = pkgsFor.x86_64-linux; - in - { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - inputs.sops-nix.nixosModules.sops - ./modules - inputs.lanzaboote.nixosModules.lanzaboote - ]; + formatter = pkgs.nixfmt-rfc-style; }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - disabledModules = [ - "services/web-servers/garage.nix" + flake = { + nixosConfigurations = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + }; + lib = nixpkgs.lib; + in + { + ytnix = lib.nixosSystem { + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + inputs.sops-nix.nixosModules.sops + ./modules + inputs.lanzaboote.nixosModules.lanzaboote ]; - } - ./hosts/chunk - inputs.sops-nix.nixosModules.sops - ./modules - (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") - ]; - }; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + disabledModules = [ + "services/web-servers/garage.nix" + ]; + } + ./hosts/chunk + inputs.sops-nix.nixosModules.sops + ./modules + (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") + ]; + }; - titan = lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/titan - disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - ./modules - ]; - }; - }; + titan = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/titan + disko.nixosModules.disko + inputs.sops-nix.nixosModules.sops + ./modules + ]; + }; + }; + homeConfigurations = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + }; + lib = home-manager.lib; + in + { + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; - homeConfigurations = { - "yt@ytnix" = home-manager.lib.homeManagerConfiguration { - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; - "yt@chunk" = home-manager.lib.homeManagerConfiguration { - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim - ]; + "codespace@codespace" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/codespace.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + }; }; - - "codespace@codespace" = home-manager.lib.homeManagerConfiguration { - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home/yt/codespace.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; - }; - }; + } + ); } diff --git a/home/vscode.nix b/home/vscode.nix index 6f099d7..d2b7bb0 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.vscode = { enable = true; package = pkgs.vscodium; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 016582b..f6e5c55 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -1,7 +1,6 @@ { config, pkgs, - inputs, lib, ... }: @@ -10,12 +9,6 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix - { - disabledModules = [ - "services/backup/btrbk.nix" - ]; - } - (inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix") ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; From acb4987357b4ff38feb0a2db8e5fa557a3b63713 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 16 Jan 2025 16:34:18 -0500 Subject: [PATCH 083/410] flake update and bring back overlays --- flake.lock | 18 +++++++++--------- flake.nix | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6cdea25..654491f 100644 --- a/flake.lock +++ b/flake.lock @@ -325,11 +325,11 @@ ] }, "locked": { - "lastModified": 1736785676, - "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", + "lastModified": 1736883540, + "narHash": "sha256-dgPgoPUSg8cGAMqbhQRkww665sZtgzpWXxWjlyqhv94=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", + "rev": "0dfec9deb275854a56c97c356c40ef72e3a2e632", "type": "github" }, "original": { @@ -437,11 +437,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736966948, - "narHash": "sha256-j9ysmoP7UJUEZdA1/Gjqa8zsx5gaq35PxRsaTBwgoWk=", + "lastModified": 1737007772, + "narHash": "sha256-YmN6LpUQwOaY7gYdcXtX5CtpT4W37taAjbAF6WOmY4Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "69b5cebd7cc197ee5885fa694465039c42a5c8dc", + "rev": "62e9d4ae7c343fdae23f7cf347d98204488c1401", "type": "github" }, "original": { @@ -669,11 +669,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1737054102, + "narHash": "sha256-saLiCRQ5RtdTnznT/fja7GxcYRAzeY3k8S+IF/2s/2A=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "97871d416166803134ba64597a1006f3f670fbde", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 17f763a..53aa657 100644 --- a/flake.nix +++ b/flake.nix @@ -97,6 +97,7 @@ pkgs = import nixpkgs { config.allowUnfree = true; system = "x86_64-linux"; + overlays = import ./overlay; }; lib = nixpkgs.lib; in From 64cb83cddb87dfe30fa95daadf84b24c29f8a9fc Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 16 Jan 2025 16:56:31 -0500 Subject: [PATCH 084/410] bring back treefmt rm git-hooks --- flake.lock | 72 +++++------------------------------------------------- flake.nix | 24 ++++++++---------- 2 files changed, 16 insertions(+), 80 deletions(-) diff --git a/flake.lock b/flake.lock index 654491f..305caa0 100644 --- a/flake.lock +++ b/flake.lock @@ -80,22 +80,6 @@ } }, "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -206,34 +190,12 @@ } }, "git-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737043064, - "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "git-hooks_2": { "inputs": { "flake-compat": [ "nixvim", "flake-compat" ], - "gitignore": "gitignore_3", + "gitignore": "gitignore_2", "nixpkgs": [ "nixvim", "nixpkgs" @@ -254,27 +216,6 @@ } }, "gitignore": { - "inputs": { - "nixpkgs": [ - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -296,7 +237,7 @@ "type": "github" } }, - "gitignore_3": { + "gitignore_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -390,7 +331,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "nixpkgs": [ @@ -498,9 +439,9 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks_2", + "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", "nixpkgs": [ @@ -552,7 +493,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -577,7 +518,6 @@ "inputs": { "disko": "disko", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 53aa657..3a449b9 100644 --- a/flake.nix +++ b/flake.nix @@ -28,10 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; flake-parts.url = "github:hercules-ci/flake-parts"; - git-hooks = { - url = "github:cachix/git-hooks.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; @@ -51,7 +47,6 @@ self, nixpkgs, home-manager, - treefmt, disko, flake-parts, ... @@ -60,7 +55,7 @@ { ... }: { imports = [ - inputs.git-hooks.flakeModule + inputs.treefmt.flakeModule ]; debug = true; systems = [ @@ -68,7 +63,6 @@ ]; perSystem = { - pkgs, system, ... }: @@ -81,14 +75,16 @@ }; }; - pre-commit = { - check.enable = true; - settings.hooks = { - nixfmt-rfc-style.enable = true; - }; - }; + treefmt = { + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.stylua.enable = true; + programs.yamlfmt.enable = true; + programs.typos.enable = true; + programs.shellcheck.enable = true; - formatter = pkgs.nixfmt-rfc-style; + settings.global.excludes = [ "secrets/*" ]; + }; }; flake = { From 91f1a9b55211312df22f760da34fe542a14a9b22 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 16 Jan 2025 18:48:33 -0500 Subject: [PATCH 085/410] make it nicer --- flake.nix | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 3a449b9..15b79ed 100644 --- a/flake.nix +++ b/flake.nix @@ -87,14 +87,17 @@ }; }; - flake = { + flake = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = import ./overlay; + }; + in + { nixosConfigurations = let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = import ./overlay; - }; lib = nixpkgs.lib; in { @@ -140,10 +143,6 @@ }; homeConfigurations = let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - }; lib = home-manager.lib; in { From 2aa7fa8a4700852e348e557b8287fafed025cc9e Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 16 Jan 2025 23:28:56 -0500 Subject: [PATCH 086/410] fix nil_ls --- home/nixvim/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index d90b5dd..675dbc0 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -147,7 +147,13 @@ servers = { bashls.enable = true; lua_ls.enable = true; - nixd.enable = true; + nil_ls = { + enable = true; + settings = { + formatting.command = [ "nix" "fmt" ]; + nix.flake.autoArchive = true; + }; + }; rust_analyzer = { enable = true; installRustc = true; From 0ebc1a3836d22677ddc94afb287ec9a1898367dc Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 17 Jan 2025 16:19:20 -0500 Subject: [PATCH 087/410] move rss to cy7.sh --- hosts/chunk/Caddyfile | 2 +- hosts/chunk/miniflux.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile index d9a069d..5e56278 100644 --- a/hosts/chunk/Caddyfile +++ b/hosts/chunk/Caddyfile @@ -28,7 +28,7 @@ git.cy7.sh { reverse_proxy localhost:3000 } -rss.cything.io { +rss.cy7.sh { import common reverse_proxy localhost:8080 } diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 9376ca6..f40b2b6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -5,7 +5,7 @@ adminCredentialsFile = config.sops.secrets."miniflux/env".path; config = { PORT = 8080; - BASE_URL = "https://rss.cything.io"; + BASE_URL = "https://rss.cy7.sh"; FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; From 12885fa92af83ebbfd067148729822cd60136e06 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 17 Jan 2025 21:46:49 -0500 Subject: [PATCH 088/410] flake update --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 305caa0..dd82f82 100644 --- a/flake.lock +++ b/flake.lock @@ -202,11 +202,11 @@ ] }, "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "lastModified": 1737043064, + "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", "type": "github" }, "original": { @@ -266,11 +266,11 @@ ] }, "locked": { - "lastModified": 1736883540, - "narHash": "sha256-dgPgoPUSg8cGAMqbhQRkww665sZtgzpWXxWjlyqhv94=", + "lastModified": 1737120639, + "narHash": "sha256-p5e/45V41YD3tMELuiNIoVCa25/w4nhOTm0B9MtdHFI=", "owner": "nix-community", "repo": "home-manager", - "rev": "0dfec9deb275854a56c97c356c40ef72e3a2e632", + "rev": "a0046af169ce7b1da503974e1b22c48ef4d71887", "type": "github" }, "original": { @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1736508663, - "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", + "lastModified": 1737075266, + "narHash": "sha256-u1gk5I1an975FOAMMdS6oBKnSIsZza5ZKhaeBZAskVo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", + "rev": "12851ae7467bad8ef422b20806ab4d6d81e12d29", "type": "github" }, "original": { @@ -363,11 +363,11 @@ ] }, "locked": { - "lastModified": 1736370755, - "narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=", + "lastModified": 1736819234, + "narHash": "sha256-deQVtIH4UJueELJqluAICUtX7OosD9paTP+5FgbiSwI=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "57733bd1dc81900e13438e5b4439239f1b29db0e", + "rev": "bd921223ba7cdac346477d7ea5204d6f4736fcc6", "type": "github" }, "original": { @@ -378,11 +378,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737007772, - "narHash": "sha256-YmN6LpUQwOaY7gYdcXtX5CtpT4W37taAjbAF6WOmY4Y=", + "lastModified": 1737083351, + "narHash": "sha256-hCddtSuk6m6XROmdOC0te0j2sLeUr28QIzNRk0qF1as=", "owner": "nixos", "repo": "nixpkgs", - "rev": "62e9d4ae7c343fdae23f7cf347d98204488c1401", + "rev": "0993fc268872148cebcd1fac8660a8b8ced49542", "type": "github" }, "original": { @@ -451,11 +451,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736964246, - "narHash": "sha256-gb3ujURRlI/D5Jc8PUDOpJr8RyrTwnDDIDtnQK4upso=", + "lastModified": 1737143193, + "narHash": "sha256-+/BdPFrdJpgmzrMEUZMxsLeND8IvFtjyZbxHX2XrNv4=", "owner": "nix-community", "repo": "nixvim", - "rev": "5b068e7f8f2b6beaa1fafe0c8b3604b63bcccc2d", + "rev": "aa839cf994f6b9a6b38e755597452087beac0567", "type": "github" }, "original": { @@ -559,11 +559,11 @@ ] }, "locked": { - "lastModified": 1736808430, - "narHash": "sha256-wlgdf/n7bJMLBheqt1jmPoxJFrUP6FByKQFXuM9YvIk=", + "lastModified": 1737107480, + "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "553c7cb22fed19fd60eb310423fdc93045c51ba8", + "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6", "type": "github" }, "original": { @@ -609,11 +609,11 @@ ] }, "locked": { - "lastModified": 1737054102, - "narHash": "sha256-saLiCRQ5RtdTnznT/fja7GxcYRAzeY3k8S+IF/2s/2A=", + "lastModified": 1737103437, + "narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "97871d416166803134ba64597a1006f3f670fbde", + "rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899", "type": "github" }, "original": { @@ -630,11 +630,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1737054102, + "narHash": "sha256-saLiCRQ5RtdTnznT/fja7GxcYRAzeY3k8S+IF/2s/2A=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "97871d416166803134ba64597a1006f3f670fbde", "type": "github" }, "original": { From 4d739520aae2d1756fa899d05d054279ab283432 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 00:24:52 -0500 Subject: [PATCH 089/410] building overlay stuff broke --- .github/workflows/build-and-cache.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 8e5aaa3..f8ac172 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -7,10 +7,7 @@ jobs: strategy: matrix: package: - - .#attic-client - - .#attic-server - - .#conduwuit - - "github:cything/nixpkgs/9a35d495d2f49eee003b57265228844bb48c933e#nixosTests.garage.with-3node-replication1_x" + - github:cything/nixpkgs/3bbe764179eb980831392a8dc76ad63722420737#gollum runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main From 91bdd3e273990ac655f9276c67582b126df92fa7 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 01:06:54 -0500 Subject: [PATCH 090/410] also test builds on mac --- .github/workflows/build-and-cache.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index f8ac172..575b958 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -7,8 +7,15 @@ jobs: strategy: matrix: package: - - github:cything/nixpkgs/3bbe764179eb980831392a8dc76ad63722420737#gollum - runs-on: ubuntu-latest + - github:cything/nixpkgs/a9c7c4c52da181e7c66156c61b65c39f567efb41#gollum + - github:cything/nixpkgs/a9c7c4c52da181e7c66156c61b65c39f567efb41#gollum.tests.gollum + - github:cything/nixpkgs/e1e065c4bd58bef677474a828c4673c643f99545#schismtracker + - github:cything/nixpkgs/d23ce3cde5a3d6ad84b4726f12391c39c04a0601#museum + - github:cything/nixpkgs/b4f2fc5c507a60d92503a2def27cfebdfb1942d5#ente-auth + os: + - ubuntu-latest + - macos-latest + runs-on: ${{ matrix.os }} steps: - uses: DeterminateSystems/nix-installer-action@main with: From 784df6404fd28426b83f9eb441a0d5f4ac4cbfa3 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 01:24:30 -0500 Subject: [PATCH 091/410] workflow continue-on-error --- .github/workflows/build-and-cache.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 575b958..af1a632 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -16,6 +16,7 @@ jobs: - ubuntu-latest - macos-latest runs-on: ${{ matrix.os }} + continue-on-error: true steps: - uses: DeterminateSystems/nix-installer-action@main with: From 07fcbcb5676be3c0c4ac6b3127c12c347eae2cc0 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 03:10:53 -0500 Subject: [PATCH 092/410] replace build list with placeholder --- .github/workflows/build-and-cache.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index af1a632..82e64de 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -7,11 +7,7 @@ jobs: strategy: matrix: package: - - github:cything/nixpkgs/a9c7c4c52da181e7c66156c61b65c39f567efb41#gollum - - github:cything/nixpkgs/a9c7c4c52da181e7c66156c61b65c39f567efb41#gollum.tests.gollum - - github:cything/nixpkgs/e1e065c4bd58bef677474a828c4673c643f99545#schismtracker - - github:cything/nixpkgs/d23ce3cde5a3d6ad84b4726f12391c39c04a0601#museum - - github:cything/nixpkgs/b4f2fc5c507a60d92503a2def27cfebdfb1942d5#ente-auth + - github:nixos/nixpkgs#hello os: - ubuntu-latest - macos-latest From f2f8c204ee7ba5025106a03d5e92c65b0d0a21d8 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 03:05:43 -0500 Subject: [PATCH 093/410] make workflow better --- .github/workflows/build-and-cache.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 82e64de..aca9d1e 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -7,7 +7,7 @@ jobs: strategy: matrix: package: - - github:nixos/nixpkgs#hello + - github:cything/nixpkgs/fd06e41125350bc3db5628df49d3b84e4652a59d#lact os: - ubuntu-latest - macos-latest @@ -18,15 +18,10 @@ jobs: with: logger: pretty - uses: DeterminateSystems/magic-nix-cache-action@main - - uses: cachix/cachix-action@v15 - with: - name: cything - authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - uses: actions/checkout@v4 - - run: nix build '${{ matrix.package }}' + - run: nix build -L '${{ matrix.package }}' From fd8db4c006dbd350746e0cefe5b949f1c33fc38e Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 20:39:51 -0500 Subject: [PATCH 094/410] init niri --- flake.lock | 108 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 10 +++- home/niri.nix | 43 ++++++++++++++++ home/yt/ytnix.nix | 2 + hosts/ytnix/default.nix | 5 ++ modules/default.nix | 1 + modules/niri.nix | 15 ++++++ 7 files changed, 183 insertions(+), 1 deletion(-) create mode 100644 home/niri.nix create mode 100644 modules/niri.nix diff --git a/flake.lock b/flake.lock index dd82f82..60b8454 100644 --- a/flake.lock +++ b/flake.lock @@ -355,6 +355,64 @@ "type": "github" } }, + "niri": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1737231928, + "narHash": "sha256-eOvFTgpFGP8hy6r3O8Ae5jOGc483l4BszwQsPcccbbs=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "ca748d585a271a512807cd60e5353a9ddb4d1dee", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1736614405, + "narHash": "sha256-AJ1rlgNOPb3/+DbS5hkhm21t6Oz8IgqLllwmZt0lyzk=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "e05bc269e678ecf828b96ae79c991c13b00b38a5", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.01", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1737211438, + "narHash": "sha256-XPcV2rV7Vy7lLeZMhTOwd0t/sRwNquXI7CH7+3Aftt0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "818248457210f5101459ea7d7066d12c456c8a97", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -436,6 +494,22 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1737165118, + "narHash": "sha256-s40Kk/OulP3J/1JvC3VT16U4r/Xw6Qdi7SRw3LYkPWs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6a3ae7a5a12fb8cac2d59d7df7cbd95f9b2f0566", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", @@ -520,6 +594,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "niri": "niri", "nixpkgs": "nixpkgs", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", @@ -642,6 +717,39 @@ "repo": "treefmt-nix", "type": "github" } + }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1730166465, + "narHash": "sha256-nq7bouXQXaaPPo/E+Jbq+wNHnatD4dY8OxSrRqzvy6s=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a713cf46cb7db84a0d1b57c3a397c610cad3cf98", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.5", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1736487362, + "narHash": "sha256-4kGoOA7FgK9N2mzS+TFEn41kUUNY6KwdiA/0rqlr868=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "8f55e27f63a749881c4bbfbb6b1da028342a91d1", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 15b79ed..19754ba 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; flake-parts.url = "github:hercules-ci/flake-parts"; + niri.url = "github:sodiboo/niri-flake"; + niri.inputs.nixpkgs.follows = "nixpkgs"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; @@ -35,9 +37,11 @@ nixConfig = { extra-substituters = [ "https://cache.cything.io/central" + "https://niri.cachix.org" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" ]; builders-use-substitutes = true; }; @@ -92,7 +96,8 @@ pkgs = import nixpkgs { config.allowUnfree = true; system = "x86_64-linux"; - overlays = import ./overlay; + overlays = [ inputs.niri.overlays.niri ] + ++ import ./overlay; }; in { @@ -102,6 +107,7 @@ in { ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; modules = [ { nixpkgs = { inherit pkgs; }; @@ -110,6 +116,7 @@ inputs.sops-nix.nixosModules.sops ./modules inputs.lanzaboote.nixosModules.lanzaboote + inputs.niri.nixosModules.niri ]; }; chunk = lib.nixosSystem { @@ -152,6 +159,7 @@ modules = [ ./home/yt/ytnix.nix inputs.nixvim.homeManagerModules.nixvim + inputs.niri.homeModules.config ]; }; diff --git a/home/niri.nix b/home/niri.nix new file mode 100644 index 0000000..bea6ba7 --- /dev/null +++ b/home/niri.nix @@ -0,0 +1,43 @@ +{ config, ...}: +{ + programs.niri.settings = { + prefer-no-csd = true; + }; + + programs.niri.settings.binds = with config.lib.niri.actions; { + "Mod+Return".action = spawn "foot"; + "Mod+D".action = spawn "fuzzel"; + + "Mod+Shift+E".action = quit; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + "Mod+Shift+Equal".action = set-window-height "+10%"; + "Mod+Shift+Minus".action = set-window-height "-10%"; + "Mod+1".action = focus-workspace 1; + "Super+Alt+L".action = spawn "swaylock"; + "Mod+Ctrl+Q".action = close-window; + "Mod+H".action = focus-column-left; + "Mod+L".action = focus-column-right; + "Mod+K".action = focus-window-up; + "Mod+J".action = focus-window-down; + "Mod+Shift+H".action = move-column-left; + "Mod+Shift+L".action = move-column-right; + "Mod+Shift+K".action = move-window-up; + "Mod+Shift+J".action = move-window-down; + "Mod+U".action = focus-workspace-up; + "Mod+I".action = focus-workspace-down; + "Mod+Shift+U".action = move-workspace-up; + "Mod+Shift+I".action = move-workspace-down; + "Mod+W".action = maximize-column; + "Mod+C".action = center-column; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Space".action = switch-focus-between-floating-and-tiling; + "Print".action = screenshot; + "Alt+Print".action = screenshot-window; + "Ctrl+Print".action = screenshot-screen; + "Mod+R".action = switch-preset-column-width; + "Mod+Shift+R".action = switch-preset-window-height; + "Mod+Ctrl+R".action = reset-window-height; + "Mod+F".action = fullscreen-window; + }; +} diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8a725fe..908d68e 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,6 +6,7 @@ imports = [ ./common.nix ../foot.nix + ../niri.nix ]; home = { username = "yt"; @@ -99,6 +100,7 @@ clang seahorse github-cli + fuzzel ]; programs.waybar.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index f6e5c55..36786f4 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -315,4 +315,9 @@ }; services.trezord.enable = true; + + my.niri = { + enable = true; + package = pkgs.niri-unstable; + }; } diff --git a/modules/default.nix b/modules/default.nix index 2155137..bde6e96 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,5 +2,6 @@ { imports = [ ./backup.nix + ./niri.nix ]; } diff --git a/modules/niri.nix b/modules/niri.nix new file mode 100644 index 0000000..565a147 --- /dev/null +++ b/modules/niri.nix @@ -0,0 +1,15 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.my.niri; +in +{ + options.my.niri = { + enable = lib.mkEnableOption "niri"; + package = lib.mkPackageOption pkgs "niri" { }; + }; + + config = lib.mkIf cfg.enable { + programs.niri.package = cfg.package; + programs.niri.enable = true; + }; +} From 4b28b210684c54457ce0af5bae4bca98e5117745 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 21:11:26 -0500 Subject: [PATCH 095/410] nix fmt --- flake.nix | 155 ++++++++++++++++++++-------------------- home/niri.nix | 105 +++++++++++++++++---------- home/nixvim/default.nix | 5 +- modules/niri.nix | 7 +- 4 files changed, 154 insertions(+), 118 deletions(-) diff --git a/flake.nix b/flake.nix index 19754ba..0493875 100644 --- a/flake.nix +++ b/flake.nix @@ -96,92 +96,91 @@ pkgs = import nixpkgs { config.allowUnfree = true; system = "x86_64-linux"; - overlays = [ inputs.niri.overlays.niri ] - ++ import ./overlay; + overlays = [ inputs.niri.overlays.niri ] ++ import ./overlay; }; in { - nixosConfigurations = - let - lib = nixpkgs.lib; - in - { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - inputs.sops-nix.nixosModules.sops - ./modules - inputs.lanzaboote.nixosModules.lanzaboote - inputs.niri.nixosModules.niri - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - disabledModules = [ - "services/web-servers/garage.nix" - ]; - } - ./hosts/chunk - inputs.sops-nix.nixosModules.sops - ./modules - (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") - ]; - }; + nixosConfigurations = + let + lib = nixpkgs.lib; + in + { + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + inputs.sops-nix.nixosModules.sops + ./modules + inputs.lanzaboote.nixosModules.lanzaboote + inputs.niri.nixosModules.niri + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + disabledModules = [ + "services/web-servers/garage.nix" + ]; + } + ./hosts/chunk + inputs.sops-nix.nixosModules.sops + ./modules + (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") + ]; + }; - titan = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/titan - disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - ./modules - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in - { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim - inputs.niri.homeModules.config - ]; + titan = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/titan + disko.nixosModules.disko + inputs.sops-nix.nixosModules.sops + ./modules + ]; + }; }; + homeConfigurations = + let + lib = home-manager.lib; + in + { + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.niri.homeModules.config + ]; + }; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; - "codespace@codespace" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/codespace.nix - inputs.nixvim.homeManagerModules.nixvim - ]; + "codespace@codespace" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/codespace.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; }; - }; - }; + }; } ); } diff --git a/home/niri.nix b/home/niri.nix index bea6ba7..74c8071 100644 --- a/home/niri.nix +++ b/home/niri.nix @@ -1,43 +1,72 @@ -{ config, ...}: +{ config, ... }: { programs.niri.settings = { prefer-no-csd = true; + input.keyboard.xkb.options = "ctrl:nocaps"; + spawn-at-startup = [ + { command = [ "waybar" ]; } + ]; }; - - programs.niri.settings.binds = with config.lib.niri.actions; { - "Mod+Return".action = spawn "foot"; - "Mod+D".action = spawn "fuzzel"; - - "Mod+Shift+E".action = quit; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - "Mod+Shift+Equal".action = set-window-height "+10%"; - "Mod+Shift+Minus".action = set-window-height "-10%"; - "Mod+1".action = focus-workspace 1; - "Super+Alt+L".action = spawn "swaylock"; - "Mod+Ctrl+Q".action = close-window; - "Mod+H".action = focus-column-left; - "Mod+L".action = focus-column-right; - "Mod+K".action = focus-window-up; - "Mod+J".action = focus-window-down; - "Mod+Shift+H".action = move-column-left; - "Mod+Shift+L".action = move-column-right; - "Mod+Shift+K".action = move-window-up; - "Mod+Shift+J".action = move-window-down; - "Mod+U".action = focus-workspace-up; - "Mod+I".action = focus-workspace-down; - "Mod+Shift+U".action = move-workspace-up; - "Mod+Shift+I".action = move-workspace-down; - "Mod+W".action = maximize-column; - "Mod+C".action = center-column; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Space".action = switch-focus-between-floating-and-tiling; - "Print".action = screenshot; - "Alt+Print".action = screenshot-window; - "Ctrl+Print".action = screenshot-screen; - "Mod+R".action = switch-preset-column-width; - "Mod+Shift+R".action = switch-preset-window-height; - "Mod+Ctrl+R".action = reset-window-height; - "Mod+F".action = fullscreen-window; - }; + + programs.niri.settings.binds = + with config.lib.niri.actions; + let + terminal = "foot"; + menu = "fuzzel"; + browser = "librewolf"; + file-manager = "thunar"; + in + { + "Mod+Return".action = spawn terminal; + "Mod+D".action = spawn menu; + + "Mod+Shift+E".action = quit; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + "Mod+Shift+Equal".action = set-window-height "+10%"; + "Mod+Shift+Minus".action = set-window-height "-10%"; + "Super+Alt+L".action = spawn "swaylock"; + "Mod+Ctrl+Q".action = close-window; + "Mod+H".action = focus-column-left; + "Mod+L".action = focus-column-right; + "Mod+K".action = focus-window-up; + "Mod+J".action = focus-window-down; + "Mod+Shift+H".action = move-column-left; + "Mod+Shift+L".action = move-column-right; + "Mod+Shift+K".action = move-window-up; + "Mod+Shift+J".action = move-window-down; + "Mod+U".action = focus-workspace-up; + "Mod+I".action = focus-workspace-down; + "Mod+Shift+U".action = move-workspace-up; + "Mod+Shift+I".action = move-workspace-down; + "Mod+W".action = maximize-column; + "Mod+C".action = center-column; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Space".action = switch-focus-between-floating-and-tiling; + "Print".action = screenshot; + "Alt+Print".action = screenshot-window; + "Ctrl+Print".action = screenshot-screen; + "Mod+R".action = switch-preset-column-width; + "Mod+Shift+R".action = switch-preset-window-height; + "Mod+Ctrl+R".action = reset-window-height; + "Mod+F".action = fullscreen-window; + + "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+"; + "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; + "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + "XF86MonBrightnessUp".action = sh "brightnessctl set 10%+"; + "XF86MonBrightnessDown".action = sh "brightnessctl set 10%-"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + + "Mod+Alt+B".action = spawn browser; + "Mod+Alt+A".action = spawn "anki"; + "Mod+Alt+F".action = spawn file-manager; + "Mod+Alt+E".action = spawn "evolution"; + "Mod+P".action = spawn "bitwarden"; + }; } diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 675dbc0..98a97ee 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -150,7 +150,10 @@ nil_ls = { enable = true; settings = { - formatting.command = [ "nix" "fmt" ]; + formatting.command = [ + "nix" + "fmt" + ]; nix.flake.autoArchive = true; }; }; diff --git a/modules/niri.nix b/modules/niri.nix index 565a147..5a3666d 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: let cfg = config.my.niri; in From e7b6fda85757879e5e9f8edfecd7cd556a98a5a1 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 18 Jan 2025 23:10:45 -0500 Subject: [PATCH 096/410] make wallpaper work on niri --- home/{niri.nix => niri/default.nix} | 18 ++++++++++++------ home/niri/nixos-c-book.png | Bin 0 -> 153705 bytes home/yt/ytnix.nix | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) rename home/{niri.nix => niri/default.nix} (89%) create mode 100644 home/niri/nixos-c-book.png diff --git a/home/niri.nix b/home/niri/default.nix similarity index 89% rename from home/niri.nix rename to home/niri/default.nix index 74c8071..889e3b1 100644 --- a/home/niri.nix +++ b/home/niri/default.nix @@ -1,20 +1,26 @@ -{ config, ... }: +{ config, pkgs, lib, ... }: +let + wallpaper = "${./nixos-c-book.png}"; + terminal = "foot"; + menu = "fuzzel"; + browser = "librewolf"; + file-manager = "thunar"; +in { - programs.niri.settings = { + programs.niri.settings = + { prefer-no-csd = true; input.keyboard.xkb.options = "ctrl:nocaps"; spawn-at-startup = [ { command = [ "waybar" ]; } + { command = [ "${lib.getExe pkgs.swaybg}" "-m" "fill" "-i" wallpaper ]; } ]; }; programs.niri.settings.binds = with config.lib.niri.actions; let - terminal = "foot"; - menu = "fuzzel"; - browser = "librewolf"; - file-manager = "thunar"; + sh = spawn "sh" "-c"; in { "Mod+Return".action = spawn terminal; diff --git a/home/niri/nixos-c-book.png b/home/niri/nixos-c-book.png new file mode 100644 index 0000000000000000000000000000000000000000..96abf8feecbfbc9534742ba3e39c73c594db875d GIT binary patch literal 153705 zcmeAS@N?(olHy`uVBq!ia0y~yU_QXWz$C-L#=yW}8GF2%fkF6SRY*ihP-3}4K~a8M zW=^U?No7H*LTW{38UsVct-G@#i=LQ?x&GhS6~`o(ro*1>@_xbe`_GMnUrmY;eY)ZA z)k&($G=*616|ir(^Yi@v^}ogASI#ciydGAiIdA=yVE$(Qv-|fQ`+U2ms?I+C^zR>b zzn|{e{Pgf=%>u9Kd-Oi9-P8B2@L%oW;}_ZHf8uA}`t{%8Kfl`N#T~z}kM~Q}n*Lc6 z?cRTP_-h-$v)=wjb;HM~Y5IGw%1<{q|N6(i|DtSlbLy6UE4@|!pA@_6&v$>mD|2i19YVqH|Pdvjaj^>f8B+h!zjsZW?B za7Zc8>bgfDzjl>--lTnR+oY=RY@E2!wMset@bj2Am3j4Y+t+-2kQ*b}bFjy{>GJye zN57{t-(5XP{lHt#y|zC$E?AZzb!tvsu_))p-+}HwIX@i#{$2m6>7;{yT6P+~`|#QH z$eC~Jbgu^12+8g=D6aWB>*`;*27!-n&ZOu}VvN^G(|(rCaka<7?31y?ii;+RlbB9h z=A=mm^|U_OvLLx{Y+O^-TqHyY-$Mzb#YW&gpU0ulM#JbY@rPezGHmWc?C(+W6N*X_9wRoS-pG`>}UJ-i?QC) zvd6yW_lsWVZomI=rfKo|E&m?=KA(QpZj;zNpO=Sz%{0wh`!$(EcuvaGo}Si}ls#I^ zA|(OmYBo=43Vt=k_&#&&MCQ$Byv~`W_V6rAR*e6B=I(!^@2dHFOZQLR{$Zl!@+*IZ zXBK}s1el6NO7Ze7^)O8IShvdqF>1Mi-HKV9zs`}X4Bo7VrwnZG7& z{!(lsl(y76q+IuL$SY&#BgZ4>?hX8wy!~R2)C}!w-cx(3-sG)gjb}=|s66%hF`13| zUE8-!)bL)IX`QU&p8sSEx8|Y~*CMY3-fZMoZkxij_1c?lG3RpkF57*5LEDjv)%_7{PYRqolfO*8)p6%d{xh#v{cTp;LMDH^l4rTL*Esn0N*#eu z#|n>WsYmSI_*V9X`2KArbKXCl;`HprK2I6Gu>O2;=uGw(>C1aepI*Kl`?W9T_ub5i zI=}iFF7{0P82oJimHYB4@9p~E{qEdfvcyA%KjeY&&o`bsE-d=$b9d_QXR+5mJyBNu zx`2IwDU+qcwVR9nM~7zqIOA|ckvTfO>ecD(Q}WM+++(#(TY2)?O$PQx%|bV=UFkDQ zRF3d?7(ZeOY1{wcqRhcV8n$zk`FgGIyEqzp3+?ah(VRQs=~C%iqGu{TeXEHw_qFqx zR4cpEquk)q7Umz*wrW3mc59xQpVCuRIj$X{%e;2Ggh`&dV(@&;isab8am5bFeQQ7E zxJhPSx6HbGJj#FOJ7$ZCMN4C^J?<6}@$mdmw(5jvR$&nL^R^ddHriJ#s~3Gz;Or7=R>rSoDCTb}$8ivf~2^Z#C*VdYd?lpbl%6i$lTe?=M=G_u*^)Fiw%W}J!XmyihGYvGmvB+WRhn zcc<)FIVGBHh5X-l9W&&()ub*K&syCZ^W3qz&w5v*>-Ot=f1C@ynd5&?pynqdU;M|^ z1wT(*&%YEtq2kWIw(J*HzxF+s)Dzvmd=jh2B$>P==U)}Ox4S)f<^6TVwrK5^PCbhR zC5Ot%&9Mj8oOXV}yOwvy8=b8k4_4Y3Ofy?v$>2M0;qvJVdM?kIX*J`5c}z~v|g7P5GChdUR3@s-tm>n5}a+kBd`IXgq^s(Pd=Shuv z3l0bFkc$&zn)~20UqXbFN0If>2_CXezs#cV#j3tkl2CW>KHzv^T_WS+!t|)zd!7@W zG&5%Xwb^EqYy81xvU}Bz&FkNMv-)hnT=nRK!3O4MZ1=Ck8`P*@bF+$+V^GQY{zv|x zpLBt~@2iU9@=}|Ov=g;T?ME3J4e||ktXGiSn$_F$;Y=f+lJ+UV|K@^Q`)j056d$<# zHqV>IIQy|vhs@5#yL#q%tN8!sajZ9${<^Bi^h5FF`*)MSZB}ZTDUYuj^pBFwe|CSV3x`c7!Be4zZnmAABDGGjd4V7E}RgtqjMd4MqXH#f~;eyn)b2J&> zaMrC(WzM@)x@fECy$o*twt%t*{Zjr9mACbij&&XgT|7x4Y3<94mn>8wSlPo}P48_j zHVtW8@LA!2kHg$&xoqnaw(N4d8Q$6(aJRd{DU!S3aglOp=HybFT*+Lq+`ItqHKNnm ztn!u=9GK4YMe4)j02h zqV44v@t+=I6H>Z19Ig*IdyqT7ptfJ$S`s$MbjvXCeUlQO7vPtn)YL8Wbms!4IUADar?368DbmC}Tp=Uw3RmVP z_8i8<-e#@lnudZCy#fpV>pCBuv!vj8ip`gM1%jrVGzDTjGLB5Tb@zt;L4n*DhTXa= z7Hh2hr@FU)HsjqD5-q|LZuGgU_%6T7aalA$K>2*Hja9mtpZ0quEo-@OF`?yqlQYinG!^#cI4H>odiyd^8cCSAk zC|$JAbyB;V=B=60aRF(Ki?nV@p5i>jG=u}n97R&g5T-bi%1E+Nfh zT(vLRM4zMO?t#?uGf-z^OS9OGdbt8 z-8tSKFSB&ci~AZI`~QmtnqFCyxbs7yXr-jvksmScT_1gZPTgoA^_=gTQbIz2y{>V` z!G*rH>-4r4Fj}4tGTqlb#`5#y=84~vpJUgW>x z_04Y3apD(twq#^Ww3I1d>=e*^A|QgB!=LwYd^xLcVT8wLcJJyFJGPyEyFK0V(weg? zPieGC%$<=uukp}grWH&*J5zMOF6_D{*TFa~`GevF8ezq3TJ(|)bR89xlc-K zHqR)S`G?o$`+_g#0yot7%LSApayBSFx_sTYXM)oMfg-q$npV*!xK} z;9ns76P6hgH$xxw`zE>uERXTDD?EE~%W_Yqz=labQrN^qK2BzQur}dJfOf6V45?M; z&j!A{?)^*g(dmQ#N||p+Qwbh3DVx7v1bTN!7+SABf_ zlC$uM`?~o3}6YosklHBovA@upRXEIAY&Ro&i!C7%x&%$eG+S!iD_nA~#x>>ZYb16MBy#P2ZOD?j(W?EAcRe_rPD{1Uyx#;TxG%6Fb=!Uvg^ z=SAn3wX`~yCvp{ww=9w_()0*P^PRcoa?d0OqpwXRTu<4o=I9-J6tFR9UZiy3fyyau zoJYjXH*MASnw)d3UCmEbxP&WOnz{4YQIpq4dEQEjhg$7nlFBd4Ei0*GyRw;h&zRP1cJBVJ5TU_z&~!-*3&#TWTlEsz?6Z9O zYV(^r9VgE5UNntT_^DeM@9?jA8B@S9gWX$-t2(-!+$+pCwVjBt>CZe|vcO8HM3hHG zO4RExcfy6nLo8vZvmd;hXzQ@m{YUm^CjW+mxAGbyPds_c?!;K2r1Hw-? zK0UI63jO%YMnmTIn$nCuKw|SGVuD_5~T*pT@^F6{(isgE@EOoe*A0p!ZeK+?$ znMwwyFg5Wj&ZotFcuGp-<&)NSj zvu|qdqf?%o{EI$+vEJ1ZvN7UK+D$p_on}=|)vrR|n>RdJAYMK7Om)pKgPkEBe4fkp zim6z5U%nl*Vtr<}oULH|Z-p7}*t{0iRmyC3o#y!J<-;v%Z&^aOc4h}$bx*h(m|d9c zY!Jl$^TN}J304m6{|a4fIRt;%oyb4T&pF}Mua$}$mvw|Jx}wL$V|5~ny#AkvrhROT^zf2C_G10ihpJ3c_PU-|p3+JJIcT0r+ zEp%Aq!8J=y^_r#a3C;;k$}gf+J_%jAG{@uI zyED9Rj!ypaYM$BAK>bdG+@)e1d{asmXsK+EbQJZ_WKvk8$akDk=kdfve2Iy_UhwpY zx_DM?`P|7>CnUV3_(4YOYH5awZ*%uN*`TwVzctLz$Z*C{Bv_h0^K67iHUj}1AiviKcM7c9#T z;TPQ8vpc1cb?erxnO6)Vn{OqD7+m(OQM_X9wr)>j`;otC-S5@izhAZw(ECyM{vUVK zb>-Q+zyE7wU|?*?baoE#basXf<}ol-%&DDd>v7mY=4gDdtLD^2VFHCG0_N&;bXjDH zb_FcF!nM|FM$9i(U#UqV;_e5xK6r3E>FU9wk>Tv&jskxe3X6+_N+t^ZpDq%0q@v(X zfBAR0^7jl2!=A=Rk4I-NVPP@76f~ z$?p5}7lB1;%r#0MbuROES2R~tUA|=bUbsCnFsS2v=W(803LllPr%u0bAuc0Uk#@sl z`LoW$N0JuyJ~c~obyl6H)Tgn^?WfbR)Yi{p>04t`&sKjDXDhyS%IJC~pK_n8jv}X^ z(JGCFJlug%ra?YSGVGr{lrQ?@S#okH0W_1c!G@KX@P@p&RgR*YVxEZ&&~R?z4Hnyt#i- z|L(3j83qPksmzdwk_cZPtK|G#y~LFKq*T3%+yVv=u(7WwNKDR7Em25HP0!4;ReHaB zzmh^`img((sjq==fpcm`rbks#YH*cbNODznvSo^ry&acLg;hmvL2hbEqC!P(PF}H9 zg{>0UT&uidE0D0hk^)#sNw%$0gl~X?bAC~(f{C7qo`J4wMP`|ik{y?VO;JjkRgjAt z)QF;#G+U*Nl9B=|ef{$Ca=mh6z5JqdeM3u2OML?)eIp~?qLeh<;>x^|#0uTKVr7sK z5Hnm-i<65o3raHc^Atd4CMM;Vme?vOaVaP$Kn<_RE%5b)8=qGU4Ta?VT>Xl~0)0b0 z1O41wePkWQC9Y*9_;nPAR2HP_2c;J0mlh?bx|XHpl_(<{k&+D8Ur<_<1NKfzvVLk# zYHn&?NwL16o*{~r?w-B@a2=o^NYBhI0PCvAEkIFOl9`4GEEL~>WWe4*c1T5T0o+^^ z)iA$<6@$ab$|XO!6y!Wl7h5He{Z=XY$(bouV5YfwN@}X5L85M2ilK$BiDhD{ZlbAC zvTlm8MUr`PQi_?8xfzmCo_WP3iFwJXAfqaB3-mHGQ>;u3lamuo%u;ks6H`reO^hs( zbuG*iO?6XJ%~DblO;VCfjgpXz@Gr_t&&*5AL3S0$sFchUt3-2ilN93=6Wt_30|Q+X z(~>?3o}ClbAu#9h*2rYR&M!4xrrsVN}0Kd>8bh!dFfy~Kml&$7~pBE zWTa<+5DCahEJ@2R%C%MU$;>OQKuCmS=B5UhB!WWI(9GDx#M0E%*uucj(9*&Pp(rf1 zs5mn}4`imHfu4~GSOyd=R{lkqsd*)dpmb`hWC#|o$StsPE=o--$uA1Y&(E<{0y#;+ zNYBs!oV*omAd%vcSzMA|RA~oJ(cpX&oLUIsL9#$jCRj>A0i0~D5|bg86epIYrhqL{ zfJr51B<7{3rr0V$6BJB56H8?gxw*c%L1r2aeYNEQOJR=npP6kGXx`qb2hUOtg z23E#KR)!YZ21Zr}21@!6FWTsXay87yHu@N00#Sfe4A^lgK*WMv-0Zk)^uc8js9b^= z2r3t7iJ@^pODhxQL70(Y)*J~21_t&LPhVH| zr(A+U3W6u@RktuOC@^@sIEGZ*dUH3tAm;h(=il#F2bC+cD;cp1BrMYi6j}M@di=ym zX=TSvjZJrN)!QA@7rL+HXI0HZ>G0g2r}k}%-51%uO1J;|X`jHzMJ}pLXClwAcnWkn zv z6Bf3qOzh7bH>0#)`|iE}dwu=B)~#V~Zr9W{g_g}(_ISn(m507844|M&W6Tz974DZ~ zTsyVU)-o>OtD=RL=v0-H`ogc`ZPI^R%WwK#x8l?KZJ)N*{oH8%Klk0egbmkDoo4y; zXF-gqB9T-57b-?)aiCYot;ul-m)=w&wTga8OR_6Nk zBNr-rV<(WGSzyFT; ze46Ril}(RMC2sIkvY#B7e!l4KpX>jdg=SCL|BXjZJ-Tw9{=d8S84rIw7ZKy)-zjp> z>zGET(%WD1|F^E2Yo}>HJJr&JA>q~z*}L8UCLU&Bn9=q{Te|g>Sy}eQ;{21xguNb3 znq;x&&u2z?PtU>`;S)}u)LJ}I`}oscS1b2lE0p1l-LqibKG9XVSz$8MP8sU;rA~G+ z^PF#oU7YEJ$}5a>d}rp3D2hWNFNWJ zF+b$|v*}xZtt}7TVH@}J=i>H?BVFFAl{0&?qN7T_?Plh$XJ%z+`2F|pSw#j0A8&@B zorb~b@5O#b#$WR~w!`RH<%{;m6rS! z+}Z3>`6}_<_kua>br$P>cOSnZ^wNR{Wa*U)_tshPq^lW(t=hKpnA+Of{M9)^)92rp z|NCeE$AXyfM7#CxM76i3JXULM{j*qiDLXg@D~x^~50nuLy?=A{w4bN7yywer=H9aP zQ_bRY_jD%}sz%qIPRO04apGyo!w3GmF4S*`+3Hug^WBw6pMO~vZ~3*hT%`Tsma-*v zGoA~Ic1Qg@HaqLxywxj0s`e=4_2kH8->r_Gnw_KdUUiue4>)J6QsTH3aqRSp)%o2r zlTX|_&aZt;!Zk7Q>|O4wSM~-KhOF7A^&uo;@|FF?yS*k)E(*%KlhPA76X&4Y1;nb5r#%xS8nc(%nMM@PPUB+e<*UOeyQZu-p%PHk522K@|}I@ zPJ4FGBrnyfyT9d6NldOX&&XbTE%&d(&0TD&g*LiZZ>>z&|LCjv6{Grni-M-!V_*bV z=;wWYP4#tRH9h+(Vqc(_m(gX3fYZjQ&R4f@Syg(m%}aC#mv-Z|Q@l*FKQp$wv9mw@ zRkupC$ zJ^%iS%GK9bxH#*81J6MD;dP6y#f!3LiLa>rD0MXO;YppqxvN;NJ-f26X7eMJFw=Kz zTd!%Icv_P6KU~VDRO{={t-;lWx5aeB-mhNodphpU@A+bjgX)4#Z{M@3Z>g<+&ijp9 z!}?xl-Mz;Dgx&Gyj7{k+#J?nLXL{_a^`t@X=>nfH9SM&ET{tnA7;z9}{8-zV*rAt}qX&h^U5Mt!|z-Q}%14I05FOw*6=!*J*nI8s+I9md;O~1mqx8enRqus>JQ=m3ZuT&zqb7}>I&w&Uq1cExyV0Fk2Zu% z^-f&7^^>ur?BA66ZR=yEiL<=ych!1gTK_dlx8~i?OzCcut5Yjae%8IkoV2KnZJx)tbCrZ_Uf+h_rkZWTW2Kp(vUeLRqy?*wem}%ukH&^ zGA;RNb9VvQUTp$Q>T1<7@XCiJh$N`I9Xo_UTpiU*4_f;uoxl@G0fo`m`nt_Bb(h!u zkyh5uOn7cK_0!LpD_24Ca=Ia7v}N9cLoY&k=hA>RUU&P+kW=t zsmbo8&koeF-Yi*tz{t&0WaYZ0uG#nM{5>UXZ*59UPI(;h`d)SXR$gDPMH*M19yjxR z^1R6E|7B1~9pHHCY6&jt#pnd&w>Ek!wXGzFSd;ROBS=Fi@*Q|GQ)<4_1TGaLE zE1B+)oBTBy=kbI-2ub(bdf&JNLf z61+aedfnQI#`$+SbQhoY?>U%jF&|TXo=b*t(04o||jUnNzbsYn`Fn(wex_X8B>)KkaK@C+C0t zZ1cp`;UzyF?=>#^%mB9G!MzgI*)6-O{=7aFv1H2ry)vqWfwHIP1ut8;+3L8`$~`^X z3#xto?k+nM;j!K9;;i!RTG8?U+mk20o4a$*v$x+x+7o{r-@2)$CgHrE?;R<>+MgES zRCOS}MeF+c7vFk~cU3+-!qew^YSrfS&6AFVy^mND(_8oNV|A>J$%HE9FY3)V6|C$^A0!g(9o!k8dmbQMMxmQnQ6lY&e}fu`4;;wBnb#<-0RIu0^&h zi;s#)E}wN=Db=*%*A%~Z|2M^4^(pquPt^&^E#7=>&*!*Q$t^#7lOyZ=UT?2k;p6-E zecipuHhzv~%Z=~9yZ$uU{Ymg&R&e=zb!y|<82!bw)AwJ0J27!*+^^(`k2b7W)>oM| zYr9)u#NOnIG54=O+`HSf?(wo1`=^ghOvN%Ur-Ni8Ute22#lP}R zVCwz%M^0>D`}Sta;eGMogdfm)((hQI=+tAT6_27ljV;7h=1<;}<9xNxwWu~e`8s=P z#eKP*juWa5Z1z+#|Dc^b@ttIDO3x&Vuw~1_UT>?bP@k|&b7NSY+G1t-`Xv{&!=JJ; z&Yce_jzrxOW}o=rNC(fF+x>{$_)=$NzRzI(b@2Y#&^T)^RYg+`U z-L)??YSTy8*4Cn_*CiHj2ncwey?%A>#U$6GNxPE!C%M$AEtY;>f9>OW`>E5<3e`ca zFz!onjO)TSGXXRpcm<+%6KgzUGwqo=OT zpVFIrG;zhUb9!s*KEJ)6JK^h+`I8OZn60<1uK2x8=6dQ+V{lSj5qC|kXz!Z5`!>sG zKkr{|FXs8Z$2H2%RBRs|JH7j6id)SJAv zHhpzgbd-pD;IH2GTE`zhpI^7&qbS(m8LEmAVSULa6-oQMgnxdDSQ0W@HvE{9?u*da z+d)UK-V!)1aZ=*z`#b9%9dUUj>Yv6T#Ljd?NQ+xErXt<@Hp8f4>l?8LE+Mqj^j6tkn6-01P}$&zV#HJ*31!!><&{<6L*T3u2Q;BGf-=DHh@;h=u$T&?7Zd9Po6 z%vY_PHF2YdSxEZ(?oUR%n>?4SlIec(bC<2j66fmjlVAUSVP0V9^~l51ggN%~vS&)~ zZ!Z0~aN(7F1_n@*kHIH+n`XbO)Xt)a!{PcTW_ND%C|q%CS=v_JyDKcXR+s4nO*sAX z%fG+7%09LH$uaw@dSL3`6D$AS@l>*(ef8>O^^#Y!*NZ$UYJp@4gKkOpO%vD2{f`RF zNKerTvN07~xv}cFlH~Eg5Up1a`f|M<{g|1-lq$1WrSIzgMVn>-OztHR@a3 zc-J~aLfW@hCuo-a^2e2@`g^kyzWdEw{`ENvxX?JC#I&s_CjRKh*SpGIxm)JBnLTZb zxF%(}E;Rgpnxy%JoS@eBlc%_iq;^#V9=H3uWRLg{O`f)EQ9oz)fMR{SUi>6+mN(E6 z$Upo=;oqLNx_^$_^Y6}CxY0w^wCqgi=Rc)gi=9IITz3ic+1FYfUg#?Xs=D-IE^PF- zugh|_1E=8hF8%G#IRSFOcXUQ&2< zrZK>7^sw?%K^~{fGt*AX| zl`6e^b+OK*Wo|64Qa5(S7Opf>$_QJ2zo>crhJcX&=W@L!J((%-6*^L3P%|sD>ckA| ze)iwSZpS1dBX`z?O?G}>`uPuMI`DZ0he;CgF zSGK>SM6tLm{KXj#86SDlIR%L+0#?E^Z&O%t-|2? zV|GuT`?p^32=A*|bnIK@sVi4bs1;^Sy|GfO;PfB4yEgk{7Ek~E^vBKLI&t^L4L3+>0%$onN~joar8P zE)%#~zINK{=XIiAde-!6|37c@V7gb`N7Hw^r(Bhgytz9xZn3rKLlwTM^0GnO*6ovN z2)31RTPL0U?p64dl`Gfl7;fAD!XszxJC?2S&$ccRdNkQO)aQ4%|0ezk@BjVS@!VbS z6nBr?y11(o`@g?Dy8o}WsJdF({Y#12Pk%M?y}i43qqO;ym1~#&;s#gD^B5j$aDL8u z5wkEg`rpi+I{gg03fFZq@7~x3`hDj;Flq1am(QllZ!TP-!WX=QLygK9f4*sO#lEj3BYbHlFc`EH+=9XUn!%v()^ylYo zhWjC7OEZps3^(h1@_g2ni=UgOOwl^K-XJ?K&V_ZW&Wpg>=S4>Y12++C~`<{N9RD68>+|sj08NeNrxeTcy?h9{C+q+`cF}9j}0wK}~|nVt>(J!xy#VkYsgn?IRI9S!v4&7GSSyTLJVrGoy6 z7a#7~O6@OnUiUscm1EnrQ`}5f`UolcQm#jE^}9{)#9rsrtlL+%{$Xux4KzI;yW&~pYmrvhJPAh7u!w;+)8s;t zcGs)h^@CskN$pbBdzSu_GgRpKsjJslCjU%xP4sm1?e(ksx^&%qTV?y%Ygb9jfIAku zYMyL3S6A-fxNVtM{s9TkLZQ{QKgCjCXH7X0cC78yt7^}!S?{k1e_$du;9P&5HkaNmx>x4IKK*ejc*x;>wz}-_3XK zXOVVSy+`wfuBm;hai3eOuf1{7{IjnfIqa|d_mcf*s8QUBsMQM7FTea7|MJ#J;n488 z`+mC!pR9QG>bBB(^YT0)$;TRf+*$Fv!genE*|k`x_c6GPUUBJ%_H36=O>Cul^?{of zMjZMnGB@_I23L31%eWQG-i3B8ZhEpq>c-aCqn(_V>$J}%Y`q_)ef_(sT}g2Jw>PV9 z{XO|~wu`H2>H4tX>rJQX;*0&w{6tc0O4nAnCKX74tFo(76HduCKi9drV%M^?X$5w3 z(<6hHtlM|C=ucE-<8tZe=U*QYpFef=TC;g4S#-=fN}epuR6efM;`7DqVhEjPYj zvv#$5-}#8gn#T*TT)4PS@@_}X{_mYyn>SXQ-QVk(^6y72$T>IL@>C6ZH-h7KM&;DL zZF5hXpZ?sl#@9m4f9I!&B~8zCUWC^EHc~BIp}}+2zIk!`B#Udaw%-p<4xhd#Xyq!c zWx>fyUfr6OdG63X_IuZ}Cr3Ey1*G3U{j@N6&liZP54nG@Sh4Kg)U0=L5ic`Num6_b zxOLLwNKhfuqi#R@;?u?Mpn+hnO{Ocu8hZ`94hNX}`bPc!7N%Ml6MHpiwnyLkb)vJM z+8ojPxKf&TEq7JO{hRL2I^dvAGx&GvRzzR?>T~z*zsu-e{^O1GVhf#>8 z-niDZ$Y;?`?QJJMW@U7+f(uC>wguN*r9wA{E_r=P zRrc?fia+TqL^~GZ%Y4vaokjyG(9&c{Jol{rfo^ZTq*r9`{mAS zyXS?=Oskj=E_Wsrfd)x`Ze9E8#mxmOn$r#o%-eb0QO12$W=_cOO}<@+7B$8A9k=`K z;yhjN6n9gI^9IPE!|$-nlgE6uL_ZlvvCez-?9RTD$yrj;qQ@^Pw}vYRzuR;7_a39t zT(3tH+9JT+_a$YC`im{Pu58SiTvWRC>h|YCnr$}jg&_gACz+lyJvUuswSn2P#=F*O zYBf^IvyVjmeiwGt#6+ue@yyCxsl_Ti!GZEc-7b78hhWcJmae^P%+{@>VtFvNMywpQ(s>)Tpjju$Ccku3d| zJ5fI5u$}jrEi1JOKJQV@dJ(nILhGbj=dbd-@CdD?ahztyG<3waKI%2UYE&NgDtY3v zLs_-y>!Y6O*Y0`se(!r5?Va;NuXlx~+*xoZRtg*}HYd4%FOssVx@uGYaZButWV|^_e$jSx^lLwsfH>x8`zva%m#$A1;F8FSj^s_B1OD}SF zd9hYDu0LE|{_@*}33ntVx<$m)wthM4`zmguSEAkAwuq;*T~xQ~#jO9e&F|>NlJNQO z%kF*4j!F@hN@6^a^Qf#u|Cc)-GsBs-hQ}IuPp|I!z*@TM&JIb~S^&N1#TGgR4}0$m zXy3lE@Zss@OP8$Zyl7~-ZZ)X6=vCR$@4IG?kK5L>x>n!+Hk#a12}*r)anbYbr#|~y ze(`^NK1YjpqmgN;*P7)Qv(=yMlGC?ln4$WkmzQC)@;@z4rPNo}CgopG7sYt0dCT9D zOj-RYR7uq=FgJMavvq$apZovey-3PttB*&YgSz)y&&*!GBEl!v|HIvl9@<;JEIn)W z@8|MUSFYG?e0sypEl_6V>h#G)yro@UKh-z6RA%)T{(f{-YF|aj&xzbcdwX=Mo4_UB zjCm=^k3DuCD|_m`K09fJLfOVM3dci!O2{Z5|N8W~)RdO(p>uYu{Wtga*JJhH;+O8v zTChpJ;_U7BFCRJV@0vWhD5m_@^yK?*`}PIoc3-#o`0mBEsGp6C*NLuw@y7hWIjsCU zwmR1`Z^6gc%T3GPrdSFV2Pa7Nz2>QVAF^rr#1zOVV*joS|0j#(R>UnmdGgDu15-D8 z_};x6^>exT*Sq$Aqf@i8QAY%6no^5d!U#|oeR+BYYCN##Vy z$nSjH)sy4v^z5hCGKt>!JGNEujSfSR2$!Je`|5;`P=~CxEy!qvcFNF%FkiJ|TH zfALelFMjs9U*wS7)~3wKE;DaM{r&L&pS{%n%EdB=<~3eO(q^pq^UPQF-tOqx|Bvnu zl38Yb_*#_q@zSk%ui1B%eLC`3ztPOiQ${QJ`ZCZ|(vhQIW>1#X?6Zxv|GG9OX2QqK zEs$6YSjRL?O?_*|;m=VU>YCNu-7dZL%2^v@f8p!q^pcG8d6kYIa_*LG2y@h19vol4 zQdNK7l5a=7MZ~yX_PJ__T-muN{IpsA#f$!Sdge!}jws}$h^TM8H9bFU+q$qo&AYGG zZ|$_PU;X;|`OKOR8)EE#``qziY`EEDdw`)~%BA&Fj%+kCHI4fJuia?s+5P;R`@a{; z2UTi*Iq+_-R!{%Qk9*R!H$+75;|$bTQGeX*riy1S=a;+J8v}*hqW*rXUX`62D&yK; zBD}=r+lmFdt{u&a-V#(e!{79eAM39m#cK~b^;MHIYr!=k!!oAs)f)mXdyl>=F|btMGCVoA9ZF1b!ndXAGW*GUM)N2 zIJ;?SS=QD0_k%*T?4mffcc#>ouB&jJH~rtLb6pfCpsDEB2ns;B%oYC8G zkMCWcm$hF@x9Y|$d7+r!Ch=IKt1D~XcDJ*0KZ~>;Ejhn@Yf-GfaPs3_g=zcmr01$a z#&mboKj=E_k$tby|LfYdUWbBKH6B&l*c9Wp{QLXsTPLeON#A@vG_U7z##_*onRfNW_u^^2fkM-#s@7kv~TWEk^_q~za{W9#QndYyji><&nWb@RNs-bork>lOxP-@mIReSD?)KCOED#s6Y&ht8R? zBE-_tbU)w1LQPQe5OEJ&Wv;R8T%b%_)Zc5?tMaphW&VAel$I=WG%@h2tSxAa%|d5M z^xv(M9`Dfd6DxiDB)mxGus0_-)O=XQ7H@z|44mFm+2xgKzE3OMT%S+o%Fp?AKDBqw z=NOvGy*jmVvDNRpjI1}m99KG;xT5VF-`cv*vPYNRe<_eBENLDP{$9*-op1e{i9(in zZq3WcdR-CEQ6}xIxzc1|1OWxL2r&q~YGRH$Ri-P`IZ$Ej;?sjs& z+=B{GH};+EED70(lRqWICifhwi8~!%=la%rnwE}OU0|nPzpd7a)PGf`WhL5vySsmc zC~tijy{qz_^-j6pC%{$bfxAbPW~)T~zQ=yb%tXtx^5^EQVRd@TC&$;We4T#&#QBt! z|Nb5P_^HX^@O1r`Hi55PBcty%^~$qdK5ahx>P;sPDq3k;E(UKq1+njARLPJm|bJoW9y$prM2*;weG0?}O{^KG~Y^)=D>G`#-x_?nHkR616sJ6$@APM*9$Ro@lVMlz&##*!*ZzO7{>cu%U*4|Tj6Y7?y9*go*c|hf zv48gCU8nkcGZU_V`!YK*bY8OxNbQuBtEc)3sTO+fTvquiVv}28$c)B~?m;4IyQ&^} zdkQA^gH!W?kO%{*__VZzv8CN|CpZ8R#N%qV(+Q{i`i_g5|4Iv_xP0n|oVStn29qUxvCD$uo{@{8gS49HA51m*{o>cA-e? z!n!}-|N8}MhRC#My?7J+dC$_9;q}_09}m5~EoJj_Ys~rN>-yj%wPW%ek@kgQd%yNc z-MU?0KJT^gX>Cs>`|!oZ_Wu@ix3itP8ZQ-Zd#mtFTIt&>o^$^_TkR!k>-Y3G+s--X zYCdmWH`hwhe)h!2DOav;ckSy;&D~`lyk?Dz`r_5<`@=IIE$ew)Y|ILd>M7dgi5pjZ zQ}w?3`&2g9=hiF7`KGQeo%(lmk4@E?FX>Nz&EtD}bM424ik5XBQl?Le);|8(r114L zzPERE&-05+=gNxQ;mBKjOVr)i@SDbk8)qGP|NfaAGk>EyxLN*S-hl*_wYPsYHpTdP zPWp6XvBk9cXI~w8KL6#jpPxS&Nv_)8FU|0`$Bljc%M<(deri^~?Rh&&+kW!JiT>X* zzq|^y?3);VdC|Fh;!{+PUO6r&nLIVZJ-okOSK9ZK#4$N=$BQ9!)&8G*Kn*$WYiq+- z8tqd%yWv@?k<`8-S9iOAD`e_cUh_R%sCz%e;^)!yU4`%72=88*Fxe$eZSidJbFYs) zpMUE7QxW%tR#j%&;o;WI#!G~E)`e}?n|txbR^g(*I=$<`X~`i{==iB?*D~*3<3Dw< znC+OH<-Fz2)#aHdUT-tSkg)`RV`f3v(?xCc*pW&cZ`STGsSV&5m60 z?dWRJ_M=~p%USjva$1qCzHgQl54erPFsU%swY8}#zCN~COfM)z=iGrCi|4G9v0i3; z|IPe~8*Tkd+5Cil?woT@{*R~lFMhx3!)p}5+ zJ9)A4uEJ;0JLjDbf{ex#s7q>gDy^-3ZhO^it48OdlJ8kztM;e!)hs@Jyzf-{n~RgJ z&&}*vH{W)#FsMN~d+xM^jJ2Vlsh#cd*&ohiR!YYAg|9xh@2pXm%2NAp9)1h5)%S%) zNK7rX*~lOTPN;WQ-YH!lv2v+?ZrI8Rd5>4GtlbY;X<=C#>iOs0$FgPz_it}6-uUXc z^WWo8_tVL3HFxEtE-kd({q*O)ML~hZV)pBQO$$33IOE?9W&6b&4|?w^O>~&&{#YAa zl^cjkOmbQGJoE2w`Dup(CVh)L`{~A<#q-}>{xJ3Qr>2IdtNd*geo5`O1Wjt4{`&X$ z?uQ9$_b6PLSX*scRU2^3@YI#9D>tV%PgMK*_+gQXv=ZA&|}YdVs|V^o?mN}>s|EmxS|Doz0s2**$t$PESt{sAE!Sq@S&P^=#xK z%kEzy?X8j$)lXJUIsf|B$-hN0(_{C8v+;sY)7uQWx?R^+ebzNCE7#VVdg<=!%JVno z6yL8`-@mNwSa@dI1C_uDr>FM+@4tWgyzQNj^M8F7=llBl`TV+&31>a7g@)f3JA35E zvz4#je>G+gmDnFAR~^Fn()ibehez2M{5y^-GBl`5OPmtlvVY&E`Tw}@wEybr7l`Tw zEs`=#f2j0z-#2yFR;OLb{mZl_9Cg~sG*hLhH}U6Z9)n{qF07NCwLNRA&Hd@VZ{+tg zXg^;+<$QL+^Rkl?M*{=Tex4s5{Jh5X;S-)7+fSvxpNYm=|67_O?7H+1^S+s9gsbbL zJdatFECl!S&n$bAt(sg{U%zTAe_3Ys*8{1B+P@#n|Gi-0#ao}In@oBXF=6pD=$v$x4-mYWiZ!@f9KA4|2`-8=Cjqmo9b2X4(|^ue6+2nQ2xaq z*?$@9+0M@in{e98&n>oA-^=VuPl#>r;zLJfNLf{<$i$mOAW7WeJ19J|O|4L+aDb7*Bt+@$KQsPWbM(_nZ7*^`MnseyRh3~J)+9=|>|J0^u^XfPA|Cwj<{qNlm3(l(t#THKn&5&rfe>=f# zGwmlcXu4pPiMUE<%>C=TzS~cEY@sE}Rn#-{?pNvPoA)!d586ImcOJBs&}diTw;sQm zpRCFKt6prCODVRheju%T`^%(VRpA;sf1Y}*S^2sA@147!r@JiNRkdAXGOtLhv2??G z@r?f#*X-`xesR#E>u{6Rv^7^h99^u{6Fc?s#z%|{%eZ3~FedC;xA6Vk{@b^gZwQ$1 z*rMF&@tRr-zonY}ldFErwO#Bby(>A#NTpZ%E>~d>u)F>KRxxk7I-M11`u+dvqY_60J--%PUD@=(@@V2jEl4h_ayl>zylijZrav>2KkYbv`D<-2 zAKxo*8>OLke`xK#q@OqE^wods%$sMgug~$MV&1WJ@z+6ZV^&GkM9;UNcJD&RLYcs` z^%DeilvQ0zzwJ@jzbw>@(=rcKq&7(IaVV9U`f2j4{Z-I4u|`*a?(i>MH0kwkt3Bz{ zkF~cw`C&JA{_0;fo_()Z8Q86BylbtJeCql8#j(3;KQHT46OFv#MtUD-i zv~W#~^WIz2_b##MTQP_EKyng~&qX<{iJY{@Kgd^j z5N`GC{N;+EeK*Xs`rps!GVWaBWEiq--$(KKWfoS8uFlQ< zyZY8$*-~6Ee;0S~;vl>A^QLcGv3R+A;zEb7<+J*-g^q(3GA3>ev0KLS;AY{wkhp#S zE^qtqfB*mG{h=~#UXKEL=hkM;+}-l({o^|^95JQe_US~rZ?4&7!64AkxQgq*-M6zm z)^u%5@wH^xy>9u1s8+LyCo67keE-^d{{Q%YpRa#;YtH`V)uOz}WDzmt-aB&PDNA1; z4Op(mwJQ3`>f142Y)ch&`JAtA-IDe7_IoY9o3qVh#eX^a_MZFuVXvO7-H{uMZf{^Bs*rIZ-|G`*M9LU zmoBb6oM+4a?d5Kz&=8%htI_$ZH!cn?l-Ts;=f}&FWv++T<@hk~E(_3{b5!xhN1Muh z>vx0%yne*HDnB<|=A&HYp2t~FW_ZY+-hSfaYZdA4ylPM~mb?AnZNSc1YurAm-aK{G z)l7Ir##*nyH9o#)_3ieDoXCDVXW6HEl}l$I8j7yHdVaEM>!hgg_0JdB<=)(G^lioF z?f!e$?+J_hb*A<278Z5;*_Su^+h4qJl)J}v*3(HlmMqxjJJ>3woeP!Ok895>CPutx4@uv-||?0?A&*B zS3!k??ONVROALBU=Ez^KNGdgp54zoS^jFdcGxo2VBF866SzAq6xpr-j?IWizg@@OR zvq3bb^;!5-f6SD}zl5qAK|MjA z_IIk@rL{#)Q|E;l^*xbZ>?vt#W_I`Io;N>q@5;$to^xxC%FACTRF3TgtuPie%k}3)hs^oKpFijDW*!TanHq9? zS43`im=<4Vjj3(^M3=tlSHBwDYueX1_MOhjVW<%4ah%0=UVr|2@mpC-oE$$}-!A$5 zi+8Slag_4n?WsnQGjCO;itAkbChu3YA+7V_?aHenr$rNzmnxh%H8Di1ZCByfT}wV0 zz3B1WlH}Jdb6vx;NAJGG#i=JJwJrAO4qtcu-^t(Yi&WqCt_odZ+jm;c<>H2?HV=(x(yn^LNUDknE=sVSQm z;JMB!e2>m~^R5^C=DZKDpZaR!%hUhj+0OS*elePNFf=gO6i-tV{`KnrkMFNycLgNJ z_ny9^mr;-taxBW%t#h4P*z5nhW-^<0UopM*I!bZR=lgxHH9yq2wk~ozuC_GBlHvBF zB~{N&Jg;Sy>{)Soak5pQ#;Rr2o!^dc-T!l|xLIoH?`socqAwj;`a0{yyGz%mhppVV zF6@|^)ZR+ppBrD#X^9lL)fD3w-YYdpO7iCO(_5RDBV-rPQyz1;16+Qms zr{z6i1_y>ZBeO4hm!@W4-?FECr=7jQ2XXoT)9b&g`__G4d9S*3^0vH))vxVqmw(*I z`L|-x3eVXYN`|`(OxE@N{JbRCeBQ3dpXdK?uU{-ZUGLS2gN&)n{@T-Yt}I=Bz2xyV zUD0mVlRJu1RF!vb+7#!OXSRCREUBw$n@{~{%zE{@^u-6myHb1C?pykKYtB=tzq8-Y zKl9@J)`EvhbALPuK6-3o^5Y^7v%W`1RxJxURq=c(@2_|B|M~xYdnrp3A4beRpM#Y4&O5>Km_rTrd|h+Pc;1-_7N_iXQD~$_cx+ z>(#rvD&{9L-+1kxR1jk{@5cLxub?$DpoIW$ZtE;A$eJc2_xgIz)Ys`IMPC=W>B&xd zp2`90pv;S_-&;A=&2N6tH5IFmNA+~;|FQNyuea{_bG-h4_^=G8XX;NYAPB){tpQ+O%+>PAkJwM6Mlv)$t_gYIw%*4=e;f9DSONIabdUm;g z>yGFD)8C(c{CLMZ?fdWdhVET(@kaRs21f=Jj(66sUP`WSXQ!UrCStkqk!Q~FBDKDp z^pDcNBnH!lB_4@yq%;Pt?e1eUEah}&Y<#b@AXx?zW)up z+MCBP#iNrcb@jRD&P*8#R;|tpFTG!U{(ZThwrHqniJX0_+oeq_rZyeoSo-yI<)fXl z?|=UMcJvXCdhik%gC!@9>9Vz`NfewvE+?-j(j6?tInm4N&C9oo@0SIX=6-oL;r`Lm z)FbN0C0<(|?3Ld&Q~&=xW)s~UCKe5LTdN+wBLc2RJ3Is*W^}OI{g3{0HNKAb)T}?! zpK9$4O`9Fv&X*OxNI$>n-@5)ueMkRny4xM$FkzWzPD;yPfBT2Wo<(@B63bt{!GtSg zRn+=tZ~o0sU}LU3`TY0Xe_V~ZOIKv>?aHWR^|N}mdjIs4n1h82wm%l#vgrUvb?P&_ znjaq?9#%i_Ug-Lotc5COrzX0~w|(Tya$>xt%*sz?>|6W%~3* zZEO>xCT|MLF!AEBI;J-B{~VQuU_lqty#MHv&GibR-3KSbom3^vv@szMB!NIY#}>1u zZ96KU<1$d74; zTnk0cz0h#;);`2h_&C@6yh+o@NtHwJ6& z7x~3>Tu*}Qk#GS}^ODYj&U(YgF*nJv|fO?Ok$gm%y_8U!UvJGEaF5 zYpq&Zb}?(qTj}`NS=BCyY}_xb%Q`v_3eRZVu>Rk#4-XHw`#0RTHQS=UK*i4KdH4AX zQXC&XZcDS`mvvz_)ZCafIYjjQz4JfM^VdyYbt%c`@&OMu!z~9k#e7Xaa*;>-=&q~T z6*=!Get-KjKW^)clAK8&7cwrnVDtO^eRZ+!!epy{U?8yQ62^ z-_daG8S52uvr8K`%q&n_AFO%ZDAMb~t>R;)$DK7!|K3{=zJ6-iY1hJP21B3k{;ev( zuQDRdPNsBy?Brzo_1mKKlZowLW|=$N=ZD8vPhPy9FDN|RJup&q(S{kVzT7vfpFG(u zH+lL!3y;*#Ovf%~W;wBXtXdUfIcrzCWFC~Ztz|jwJws!4+mge3 zE;0Q&CzJkp*3&;1~7izAO-lyEIHamqH4(shW`lz4S~O{Rm_#Oaudy+MK-v7{lpyB)Wk#37p;+v8~ z>IdHcQe)KQ4f@DZ>t3#~v_N|eICp_!jdxw_MW^%Y#5E0M-o@B4GruUEPH@O?|p z=sp)dFEzuaZK~hm9BFn(M~wrYo_a^_tI>>JcjwHksoENvT1^fIR5y6-o`0@P>g|%i z$(b8uzduhorMj)}tzc~HwwwU2g(6H(CnbOIl44yD`%cgY;)ONDFf~a2bp%U9lw9^$DXne zEb_6JPR%^WCnhSoKyZqf_@Z2PcaL=uduRL;pSLJ6le>AcCLb?v^49f>&0k)KNGYiK zpI!6spZ~|``8(Kc4I3|4vIJ=^3DPjRWS!4x5!XG(A*sJ7AtXeZDRJG-k81mV+3)v@ zvhc|`T)(|){^XqwDu+&*mtEeJY0Rq~Ho;G&M)ZfShGTPvt8u9B z+sciWeN&gz#0eiRJuPX!Tl}#3|4R9NQ-qFt39Zdqx@hIue%oCsf5HttuI2~JkGl`wWncSv?6CcV@G$+yuV!(%RaYCxvUe^rkw~+d%J5WxLn=&V6#PR-H1Gbyb?`q$%O=GilnSy3>i5XO-IQ`F`W~qnhoy@h2u8mc0@#cJcnk z_Kd`qeg7EQez9?~^ITgWeYEXscI4hH)oimol?1Qwyg;tpr58VXmS}bQExqt^i+7$Z z>o(qPtrt!$-RPvyQgVG|s{{ALX}Vdgw+eqNZ)H=QaO-mW)-v8!8R@BB$^tjv=4v`} zO%RF{Xmk(=6mV-fWD*j3so?qBJAWtge-8hD_gSy`_fKCY`+t`2xAD`--JEsQOX${; zO?7hlWifM%YRVE=Y%M!4Eafnn7$A|$v2K5&w)?JjiCGOv^QmwSr9fYwkQW-NK+4$h7701iSKS7yhU%G5OK! zUpt9?|JPbICeeSpul}CL!ZBs>jn79GU(w4eKDoYp?(Z2p69jZR3exV&`R)B^b+AC< zc;THJGQrP}KFiQGaGAABHG0My`?hOhKcYVTe#`25f}zxVTY|)c9~<4@*LiF`X29&z z$75LW$+XAe#QVnY4-dEV&u7?Q{pRjZF7DN*cjg{7+A=k5&vxmTYuAa1iy2Mon(TAL z@^+=r^A~R<_qp@SKWkgYy5gkglE(tuWpzwEbtOG+hv;XuE}nk=Z{^`fY;#h2egx>V zm+f`2kXiKm2*dJS=P%i;pSCtU|Kb0CkMF0yy>(Th(cqTf;>n(067>DF-ugYz<<8lD zKfJ;vETh+9hkdnct9xguqBULIw}RBM%-?isv`3=Ylo{Jm+;?Mt(i zoWgpNch5WSwYx2J@EO5_UqvhMLDJ>2e6Eu#U`+C9J;>6C4oVRApinwv3L8R@sqJGPE{l)`p z*~Ml?C@i#{r(<)_J$=7dOtw#Mqt_9^BoSRz4`xB0O)Hmn`tJYFQ2+11-#=fD&aL_U z+dk!avi-AJUtf2c={&hO{rkSB5^P;uFa3@MIw{yrii#3B>azKNulbB{nbh+u^R%>2 zNxXQQRI*|I+we7swaK>LT3UCDKTLUhCPVU;qj&xamUZXe>auZ|EMrQIv~YGlG0Esq zYwMkg*SdSYyoytJvp@MS(*$c}fd>aJ`(N5oWcn~e@YKdyp*iL*vjS8OHKxyB`2L5X zxs?~ois(&}TaM<;v}EcG@_Z$>HhIr;g|H%tM3x%oHK)&Cx^PNOKyT@~TxE^Zwfy^e zu3yo={kubw$M8<^tc&xSCFH&nLO;EF!LoIt!L=I#Tpl;_{=d(-m2`Dhsm;$n?<{SXPkWWb zG}(F1jlW8rDN?=5QtNEZ@0T!_$L{a_^hjuWfEN4f9Da?~5X-K2TlgPp7MZ!$Obyff zc|>{H&ZQmmM089euLdiuoO|8j?H{+WY>R?5ljUtbNi-Hr*m`=}<&gOH32IRWOL@Gv zpN~k1Zn52@+p=0HeV)93<+0b^*SOYhiJm6gzj%p?f{OY2_|s=!U*C}ZzV6@s_kX07 z^YDLiq@n=iJbISUqr^?Pc!=ZUNR^-E?iF;XDCR$g#^Y3KIDiT_}rKj4ij^E$zrwF(B z`o~XpD*lgsUF-L*$Dv{4K0CgDUnJM<`2Kjw<8x=?9(2!I|N8qA3;pLme0cbZ9?V>B z(5xtw#@LS+~rDG;6!B zzu!CW1WQwXeDU9TF`s`at^3P;f4M-y?WST`edfN|jcgJKJXV-!C)Pp04Y`IbzEYhH}~u5 z>s2JUb}l_TOGfnOYkskJf>KJxZ@+SE`hMiyA9sJ- zRn|aLOJ~8>Wlh%W_V!K4-1T>#(*EGUjK+XTF@J5mAKQ9bY%X~4-~rFq3%52 z?OS)zC6OuDg70qPdTw-7E>lpLUr?B88&bI*>5=+?G_weu1 z{KDHS#5*%%>4qRq7JH9(- z$&zVzcE%em^oZi%QV!gfd+$ux)=uWR?mwru|C_7o%YAc08ZYZX0Y0gx5h{;4bB;5L z1kDl=6-%1IxV=Bjc&pJoTeD9d8-DMRY`y)r@^aVHKQFTDPxjBRomc}->rXS z;T~Vr>9B+$b?M5;J*@#2ExCJZbNa3&u$gT2Uiaik-{pN;WtKnn7fe}J_Hio9Va7L> zWp(GCJpMNS#e*mB+9$Ssyq3R8eB+0bgQ<7KH_s>y{632%SJ8L>nfvXasAc*irw|)< zc1fneB)>pOy#)()wEVch;CNXlRrvK-pG0G>$gchDjljq5vLaJS<>^2wO6E#dqU8z z^Rqj}g5K?v$k=irm__cwr3dR?Z!iA)jMwJNm*PJkR=V#j{F~<1eynp7y{0&y%XUbe+?>lUK`%MG|aJt9YNcYCNUm zWl{UwVA0W>osYPd{F3T^7JlL8~nORjtV9opwzwr1_;RV#R;-_-pQlsWz|`1{?{^}F8Z@nkM?Yuo5A z+n#dj?5(qk(Km%2eXb4bo_Rlg%V{0k(@!&Z-tVpnTm5y)q1ooH0>PR4Zw6&gbe^}> zjidQ#u6N|MYv&I39sYB8`+xqcpPv{1F1^jk;w&QOs;Scz6dnBhn*z6aab-fmgt^t< zjBE@W=lUeE9X7do^+H6nuWu=@Mtg`>tC&!tRNhZ@g{^Mh&5IHy#Q(pbd#Cj6)jxOr z=P8(3oZ)>v{ll4TS&{Se{g*R(HLetGUC1CTT$mK~Fylho6aV-BeZ{VX`0L7~oZ6Ni zYf;gC@cXv&Hc1&5K1x&-&2iW=gTMBL*}U4q>HpV#?Pl`l6kGPwtlP8LA!3P&X!piX z$D&un-S8b)*u(R$&v zLNOVVtNOi5Gp#v{eQJM;EeWyMHY0f7w3El*zOH#Ht|5P2eG7O?dHG0LASVdS=PA-&q%l+yzM?qqugtOO_#hd&N_7w$OTChXI$@Q?) zgS)~HwzYl@Y2!U7XMO11J2|_$?{jP3ZLgc`VbLHbe^^qA@%Fh%>(<S$_V8^05w|`)d+@Zc5dO-!|v*a=*{L^}ob! zZ_i0O+ZAdtFEA`D(bOj^D=T)<>xs8c-jGn=RaNo$g5WOs>Pa6Xnhs?sN>ATrSRc1H zdq?Wh2~i0g2ELtQLOzrIP~g-rLMO-5R?%`a8|khB-e^jojqIoB`X>ZX~CR^77fw>@?CxU9v_+vkse z1$7JM?HKFSHz*zb(&PIeqftmeM@z}h%*ivbh3T-%O|wMJ%D+daf8Hi7FLlUM^)pBJ z+Z!sfzOl*7|9@NC*IhqecJ|lOId(hR9}5eEy3~cIzpY-edNrf_!#OXVmQM=qJ3Zm; zOV*g1M)`|ozdU*M@`-nErkK2+{zy0N{h?aFx!0dszvaJ|cIy4M<5g+_Gu7gF&-(h- zJls70;mzmq4`$#0FIRr2Liy>`sq6NKEo+I=-14PoGmqnzEj?3JQ`h9gzp`|;=IQVG zaBN=fo*y@ieQt>9UJcF3$X>Q>jY#Tk4W2h!dfCFRT@RMx`uOAC-#^>^@4Hquo;)edebIesWJZnroOG!uGyLT+$ z&a*Z3w}0&@IMx)_HP!sS*Nz=6B|2u?U#)*E(Bo$LS3w9MF?8#>nKQ)Vd~P&iRGR)e-kDow?j^bF%GN){+MEDmF=v zB|ko?+aLS0D@&>M=)6zb%jSMQ>VNF$mX75;2e%0+aCd9=x>bByIbUdUo!W+e?j7@% zsLb`au%X8CwcQ`VIU!kjC)Zz_aZuqgGxMHLck>rdb-J0EH9cqPqJ^x-{q`n*4ajyi z5Mf(9VdK2Rc~ATLzt8yZC8O>8_tM)b=d-KA*Wb6UJ$u%njU#2Pt@P3CM*wpUKMcH*1)c-K!?XYF(bTI%u8{~ zEXO+5%`?KE)`@Q35VH2Xb0TZy9>4kNzccUn$8-D?jms~%$5?G&A^dI9q#(P$tG^5N zx%@c(zGnKqe{n2QFC{1J>}Gsd;!&-7(!Ns4dtmW_Q=*LEwUF5GjJ zf8ydp`@1#MzSXOqOk=Ztym*1ES?)e2YtiLQVP7btqGuT7wA;;Z^Viq&>fOBJJU?xjcYmh!%%gv`CV$la6q&1caPGSw zHHyMdeKbqc;@4GqPdl+oC3sWnUn?=)oJR}Q=Pz2eYL@i+yIv|1=lYm~buZ*)ZaY(= z;r;$fG0!R{weD&9$rn$lKFH{kvpnR?Z|_>DapJ6bOm|?2OL@3{Zt7A7i){-`q?T32 z**dyE)M(vwDbB}t-TKeF)unFgq?jzpEivko)O&Jmc7DSDgM9y&ef_vCMNzbW^P63- zS4M8>D6z47ek{DPU`DZfUqQ}s?G`Ssf;A>vbHjyrSoJl&y>Pl`#&db$y1!a|ymLP# zPrP?KTtwiC-c2Wkl!WDLPYYCwJbW{8?~ykDM7BRX8IZs}_dtJs)s5O8Cfs7%KYy70 z+rgu$HPECfL#08J*K6s)lg;cAdn+8vq+3sKn(}ti+$mEJISTmS4!L?Y?u%i}WxM_# zH-&4S>i_S_&cD$o_u{BksZ3kDU|(|xSEo}3tK834pPM?DuLRHite+osrpM^T_IYlT z-`APGjV}DR_TJ4kcYo{eUv%Sd+>Rqr-j1QAqVs=VtzNl$wWv@Ui*Jc<~2XWRQBMvTQ=c$&i0Nb7aJG4(1sBVdZyKJLRdtZfeGKp#A-h-q`$iOLy8l zy1&EjoOhk<=|w9xO%gS~(~}%oEVo)|iGw9ywR}Cx?M(rGvlh*Aono%HE9KR~>Uo)7 zt6pnl#}r3~oa8_D^~o{0saJHD?x|DkGrhjiT`F^iikjNX_jei-XVg914C-wB01Xj1 zIC<7xD-^L7X<6Z2u%u3{GkO=#)mo|D&vle$I%V}<>59n>OqZCG;3g8dkMnYgk6`xTcdOc~gXfkC^|y@rASco1%Zbsju1E*u(4Z{}ufAmEHc)i;c-Q&)zx8Iajyd z?8uZ&b5yV2WMye|V7jGxh(m14mV*E9>-tW8GCIe{7bs>H=(LE}^TdQ3eZ3+=jm}zf z?%BPcu5c_2{b$8ud00;`hf#5J?Ix#k77uk5k&Ge%w)i|9E2hyv2_rmftp;Q`j-hIJh%L zHDc#}VXO8(-aHEfqIMN)D@JUt6TY;GQ!3bU@l#g8W5Ho%Oliw6XDk)Czwt3X{rHE0Ro(tO)Y+HJO6#=?)+ntuO5aRPu%y- zyx#NoqO>=c)h|AN?6FkfRA`-QmRhIHc@~#$8Qt&~H-$TwO@I2VR&?`!of%0BUX-hC zcp~^&MoA~_r+KcmqN9Xl(;J_e@tNjjD_8Amy8rXb`pwDTrEUHm>P|_y7sI^fW=p=J zQ8%a1!)xKyEYS*Ej!bA0Sa4aaujJ~(PfY^LtIsuttt)$TBjTjXx2>8Q9R@~5k2r5> z{kQCu398wr^;I%k?A@W3Furp~BsALj>!0|wY}%RRy1M@HuNjUKEE`@;;}_J?aL`Qm zJ3W8vHI_q)eE+g6S&$f=dyl=w#`mfqori(r- zDP8!uu>Z=-HLEwCo_}xO9dBdNkFO`~k2zFcS5)a3Z+zsp?Ae5S^LCuyH<#@t!zt74 z7f=0-^D*?88~jL?tNq85^>>>u%zFR-NnlByX3;YXmAv>3M?wp>TAyostRUN3CSo&yJK&Bgv_)8Y0Fxu;9(k3Bt?(Hh3}_J)eO`b-Ilq($rdFK$kkd}np` z$I4)zlDUbWV)&DvS4r62_ASjdweBk~{Ba_)>X*Cc@yi_{v;O^yD_^wMsz4b=|7|JvNJ*kAMbZYJOBK z|ByT(&9Ttg*x&ZIh4eIi#eg8EUG|=-shpyB1%+yv|J>U9{o`EqxI-Lm9$Kwm&McOB zx#jZPji2pHx^*zkd&AMzpBbFtuI4_)&pPLR-&4G) zd2i$8piMPLgSx!DDnC@)KUf!?=aS*;A8xLk{8;6fy2NaWbR{w6xjxD=t}?z^N`6{1 z)lxjfOwTQ@4Ky~LDr#bCR`6o0?Hp;@h3ORn4Ot5-7C% zm%gcrNX(jbNTGIe=Ko`V7YK_TR=K^t$}IW8wEa-sMGgL+)`)C5Py zzNw3r<#IO`Fj)V+C#SHa+V4iUt~8|Q=)ZSGy&INke4Ns-X8HM$3vJ)U>RSq^i`1xO<+8}uE2`Sd79WC*@&+lJQX;(h&&cX8i|DCtR?(7VGeN7?t z*y|{Tt<4t>Men(waawU|kFd1-^CKUP_mq6#SblDwkAY(PZGEQC|f9q`T z?R5?w!kM#j?r)hW9#_+9{eG9QyMyoHns09^S~C(^W|m3F%PrfnsL8>=qW8+{HB)py z#e1E%@J`<^-r%PaI5}BDb!yD!w^?%4A9)oX+}|Oe@=2SeOv^R$ug$dBYT2-?chw24 zQ*OL8sg|$jSu4^vdC`h0Ls8!DXFk26P7iKmc4@ED%#S+n@SJeSNw0FA7=AVyFtUqSJbi~d5rTsSU!#q1gdBFo>hmWf^#LJh-v8>Med0V{P@SVmK zNr#MxfLNzWjRQ{(FfbgwsB!8d$4enGVMnEz%hoK(IQH+Fes)@*NKi6!&AaRGQWBL^DUN^;-$+CxMt@4tqcwk@r=?=s1zA^=#_nliDIE7VN zC4>$eaJDeHc%NF4m-DDAd)>3`^}mh(T#f%DUibcVe9Fm3VO5vjSfOgWXjOKJU{>ZsWpzFVb> z$t?-G;q1I1C-25S(V#lXE$1UxZf%ULyu4Oq+O)+v)p^yXQ=K;~Xn1TL|1c(POe|8*zKIZ@1Xem-Lsz@P)I$h>Y^-oOx^9JP0M|Dz2@O!j^oOt%VgwLG@fOPk>|HDubw``4e_6`!ly;vN$l^hPLM@eV7;bdyzYia8$& z`MkBz;4Hse%I@P`kA=5MCKOe4{PnkgdF*&4TU}r7qNy{Y|7kjCwilQ>6uhW)f%P*7sBw7P&v+g|bFFAJ2&SzHhZk4yRNV-U}d7S)J zX)0q~ILZIsuA{2Ewkf^!=&$$6S^7fy#QF5S$zPf7)%;A|_a$52b$O1LmzN>$+1J+P z7m7cb_;SzA%!>5T5Sg>>#M<+p^Q8pm&HMZM;g^q(=e&BgXvG$t_P@^z5)GrLefX(n zCC520@6wZ%JJ0H#eRFsB^ot)2&8G_=Ha>hx@oLhv+N!?mJNr3VT2)2LB+4c4Hk1OtZk0W$i-4>gKu=pl*irlaNQTRQ7spFOv9iJ8{@x8nMzABH?H`$rl zNZ{Fzm&Ok)JfbJgn2}JF!7z6<%j?X;z31MSUX%NIRY8_LJw@R1gq&MjCf-|@_kY>n z1}E)SL7ol2uH82Dxx9DTvo8!W&!0D+w>zAXukWVNa7`#x{iXFMnLgo^byuwwRr;nb zSXC+6D(X9rak_t#e!_zQzgYo=vZiZS2l{2b>s=qS-u|3y9qZaPGRvJI(F0mgYx(bM zXShcEjZ+K%Dat5r@SWV$uwbu()9t3JY1{POxH_`AId8P7O!P6dG7Ozm^?&Ydi!Gm3 z?TXLGUYRm2Fed2C%g4tnzAe`eiVO6-eQBHKquI}|tZ~rte>vyd-hj;(sZY-<96NUG z#>RC0+uL$JT0EL^@+zy3<1)dGGx?u?Ho5-u>#?=bl`lT37vykfG8{UwOKSI{w7yw0 zf2!MVPk;GjZgQcg;-Q9r7X_DPH7ytXu;=5fWeME8J2tv#v=+#0nfgq4{-4mYxi6l5 zXyjWmA;Z0LiTPoNxia2btX{jdHY@%(QTx5<>bKP|x|S9$DF}U#F=PH)%Ol(Cz9c`| z=$Z52SN8g6x9$HJ9@kt(DcDIj8uswy{XkgDakW zdwwuA7Tnl<{_c-iHxk&J)B6<8?tFjvsua_*1?&E19hgz={wDs&Yt8_#;N2D63q5X} zoiOk6^)q|(*!;^4EGrK6+d@k@#(gp?ax)%vDyzpTJ-3KxJNfIUsZ2$w`O%9SLLRsH zINdLsnzZP$EPZ;EAt!I`)06r2-LJ2&PkVVtt>y8DE0517a7S#-(){{4%YeCYrl6~v z-on|-7AYM%hhpdu8Yl=6N_{1SBYLSxFcH9&+=R<;-yYu%B)qh50@RieP-H` zDVw4rWS-u78~*V`u>azz%U5$foS3j@#{AE@>o-3=9mU{u>B@xz2X0tQ+q8G}Ro(a3 zg3g^$pJue)zADQjSA{R==86=dobK~~&b|L|Id*;VmluZm^E`d6Q%$EH)iL7Q>NIOs zfBie*E$iY>uRLi|$nvx`aaI>s<)^84@BB}%KYLyNPq^Q_cgq&;nX-IdC10mQb}v)j z&c9{Hk_zYD-+H_FSy{dLg{!VPB`IFK^X(p9)_W<+)N*Ma*P01^%~EnnUuRvl=qwaF zzy4$X4StbmL5pp^TlUNmHNX33UfP>|R}DE>e$T6!6Qc8M-~Eiawe=H&F4TWvom9xJ z`8>)~%H9+keSi&pHKdWyCCdEFipkIV^OsxPd6aRqhVoTC9= z1J>SO&bxTozL)3!BwE<_eeDYnyD~*}(iIW+2~mL(Tpv$J|K9O(nsmjx-~Sz>Q&pFr zFEO?-Jh*Yn;r9B+!X@SNkG``#`OB62#|_@=7q4GG&b>SC>9^VI7w_9PZR5p6E$!8x zye4ct@iIg>va4#|&8{U;|mY#MDEe3&U1S4Ch@UsdYsFo6F>Z`YtJ|}m}uzhKTde=nWe40r}%1R z{N1XAWmV0~KUcU+vr%$fn%m^6y5{D#sqFv%$!D%vyI_fmRcNaEmn*lL#s919`IoB8 za!6p!?M>4Pb~L2lw>h$NqeSY_z*F9fdVG&q+%-S3dH1~qk3+=Wt@<|Aey&oQ$l>I* z#3W)(`AfRT#bR?lf4<$P^xW;%WW6`;;p^=-&OD1Uc-AR;oz;?8X8(ImRWh#^??#;jJEA% zMrGdw+!Wrd{swLZKHfW1`iJv}Zy8zH&lf&U-xKERI8jm4YkBAQlHdq|M_*T`eSJJzE53Ay89;WW9KKJS5Z#%!tO3UR{=M3xXn%!@tJiA=4_He4P zRL$}gv2MCwL@x6j^gfbg^YxHl-raq~S*j4%4sd`oi__>)ooQJDno$ls%tY zGRN-l>Gki+IG2cUERhbJGMiIp=E8qndoEv{(dOuxDym*x9ee!w9p+Oz9J9kk%N|ef z$#h<}nI$GGoYSwLFEAkD40HXz<$vz-*Bv_WLc&XX%a$dlX>Ht*opW``!l zn{~&(*8F`PpLlfD(l>AApH#e82vv1837@)g$)YK)M+2pr9RJ-8-*@WAgNEm4-pZZ+ zy8WJ0z0uK!%I=&0?ho?tQI)iT)y!21pgUI8aNw+;uNreRl1@|W}eSYu9DINnun-dRCUN>ZNwEuPj z()DHeQS@l$xjGHK<;591s;al9tXZq|d}n%{Uv8?T@Jo|v-xFg)LQY&*nXIzQZ^PfN zuYVqY|JQr$S!>OUbNq=j*fy4M-S$eHmA1_!()&VCig(LamfQxu)(dTOx)>+PC7#n* zV);ZbIOa%pY$ncsU)2^eb%aPj1R zK5G9{Snl6TZXVwLhD*Vz7kq9{pOMz5x=d+u%%_(d3KDf?msbT?Z4WnJKE?X*tfkkV z&j~J?E9k#9V8`FRVpfJt#)dAQuB!2W^#6;;*M6w>@jG@gOKX+pZhu{Yp!Cg4?@aep zGSFD1^R)cm2gX~|w-~H5HJ$o&iEjJGjh?&IlVs%OmVQ1HsdnsGaa({w55xC6)#mJe zbC-QSvU1JGX>JK#!r4ZSYgV@(aj=iF{Q2;}%r(#FI9`4%oD;RbP3iLVdV7Nl@AmF` zb?r8%sMw-8JKtTs!otO6@#|Cfm-!a&zWqCwwQs55p(9?s7pqg)J1)$bzLiTcu&isA zYc{8AcA(#_e%Dj-id!}r9!|ZoEthF(+PUO@mJFYBrEeS}4O`mW}7s~dL$n4JRR1Rg%G<_{3mQ?RsjG)Q>B(cEHi@8dM%T6wAVP@yQeC<+?q`~J~Ijz@%_wHgUQD~U4U%=L`E8sGxQf2D#ire46fBSUd zvi)Q8cRwSxsfRuBnX%RVk;}0fuh(;ga^{||+N^r=$&8H7Ih#@qomsEVYg*l^5+Js; z&{6sShX?yN{5{pXZk9r;c<7Oy7mM$7UYIg}YWbf_OO|YFlhuE_U~8tFM*AG6g#0_p z&M9u6b5r%$&ZkeMm_3#z&zPvxrM+t9s?|?l|9}1d#)d_`0UB?(ySlRzrQQskiv{50_q7@2LB2#=@l9qFp1+ zc6z$r!~64UW;tD6vT9AvtEdk~^`Tn5re=*|T*e~jjQsYUS`1FfcqOcPjpzR8qL&5*yz%5>Z-@b=8dVkrnWlYYySgv|5_go&-a%f@B9)Gu8SA!}xI?j`diDGo#D_3}SuI>}zz=x8i zH~nVW|2TDh$M=^lGaN+Getdn?foRhxF=JkxF61( zwj?;ga?AQS@27jBvMyH?fWlINy|u4xzA{AeoV9d z&8{Z}r*yoz=7tuv7I0XIU3;NmvEf(O**m{)p8xn@d!2{X)S_5-U z?%2xZhoqW9->warK3zzUN3oaTsp!)?J4%ITu*vUztoE&3=CRB3jcl^SIdbgR8wCMR;n7 zZxLLZHM4lqce}Lx7G<-VF8#b>vi{4XMbB=m@$p(S#X0}@=_j-8z&o_~M;y-O4XX zQjOWL+e^kRDD#rn;zLOFtBHQizc<-&()uo$K%$yzS|2!$yiNAAb)>Z8jqHfE7C2UonQnh!7rHZ+? z!cy~@V((V%aVvgw=B3Ob%iaTA%btYw|KW<6o|Ii6(emIQyWM$y`RcZXjSn>+ElZz& zpViUup+;`WW;0kw)3y44M@t(mv zC-VIN?`z*zygho$ny=AGpu^?IUiNp-KZeIApTDSlFCcBvVw>}MO9MWtbQ<4PY5Nt} zH&s>1DZ3yi#O7q_>}!UGcJKDD{u}gJlv#Ub%Ezm>SLEd#o0a`FT$AacLGAIr!Y@y! zbBKw=2ryocN}Qpn#@1(eqg3QDPyDn9mBTH&mWDTSoGFR^pRjH@L%{AQUQ7#jo}W;* zzT4oh`gdV@%jU$kKR1*iojTAw(Xm-YVpCdY%6k-4Jmh!N=-{rOsv*(MF@f@r9?rMviwrw7vH0+um#>z29NJURFypC# zlz)-Zyd^6W!!b2Wz;{{cVfa^)x}KF)?fPi7pWgxc4E$% znJYW)NGON<`rOW}`*Y;;pKs~!oM+6lE=dd0Ir&mD?UaSrlV=~TQhw+0Za;tH?Li@p z+YeL1%cnhg7HerVpM`tvW|{CCW-7rhTC0A%VV?hZb^ZVKdG^}B{wzIz^RsZU&duLp zs*goP-8;j=iog8GEDu;RM`=f7vhGCZ6MH|-U1sIo&%xfRW_qtbIkMr&D(m-)7HpX$ zYhAW`@BUkb+s|&u)Vw41YR*S@k7rk}OehjrBAfGc)p4(b$DZcyDf+=NJ8W&j`Gd+b zuPo-6zZP*)nAoBeSoi+({HL9^>^BNuB=Fr7{Q2|Pwq9Ekzdv6xCpp(<9Cy-qI_W{l ztXGdTR^Oier+jOC)FbStCE9^Dkq+>!}rwT({;MV(=7uWE{blEwx9H}&FN(dqSZDp^jNHcLg;RaC<}KO&TgEnh z*Uy{hjN)ouimFvraV)vyQ}TV&Mgxx<0wylaEsvX=lP8Bv6Z!bm{-@GJ50(DIjcFMf z6IPuHdVg|HT;%$G)5mYKvyZNeUBCHd-|dSZ4LAAipZWN7fTChi$C4*2pOIz& z#Pwj{f|l9Iv#WWMX1UBN4Zg(lg;!9wCn!MTo7a-%9FOXOf| zRok7i|J%QR;nt;CHozGXtHodV82#Ijf$Y{z`U|edVkU7`9U*7gF(^>QT4!8eA{d+in z|LN=hj@O^v$H%l?|IUR;hc*TM`_TBi^26=>k0bK+zsKyI8lW)Yd(qCP*ZFR-Wf!ni zm&k11)02>Cd5dSkBTlzAwwoJP%)C3-_TTQ?`tr$+k!IR?J7#9MvaURN(z3L!EV-Y{ z^5ZMNb8l`xU$tL+u|!s{Nz;;J=PzFWsn)B#Jz;rrv5yn$3KP%@&NbgPZuuQxzf|D4 zU~97p_lo@6O(I4hp8EID(Ldkk|6{rT|NMXT`VYJJd*-J%Ud-x!7{w5k9K-*zx+mkTe(k%- zXJ%MxD@L2F)IGG}{{z7=o!A3kxK?CtoyBEQ^@SzQpMM@R%g2)GPty3cFZXQVnN@%1 z2haDr_1C{>ZLC;(@9ybEQzorH&&xaUWa=%CwTufdaun@5-+jA$(W4cqPCC*x0Sj(R zPw8z)2|TEv;J2to=486v|I>e-udkh5Rr<*oFc^uJC#ndg?q?tn{iGt9!? z;DHndOba#E_LfiG2PqqPibZkS6A%ZnxEbKJr^#Y zz5n06!<{mFL;vL;vr#>sl;mn*bnMDY<0Df&Lv}XxDV53C%(J_>&V1LTlz)7B@#ijC zzgJpwbzR;YK?T|Ns+~vH_4fa{!4}pVvE<_8+nWA8k1g(nzD*Q!S`gy1Z*}*~?(2&m zeaMyUzOth2`?-4dqci`8*UCtJKltPW>oLFgM?P-S{OLPU$+b&Fld*1b!RJ4bEnB7H z|6N+Iu!T)DIZO1*3xii@JRc>uclys$kdtfsq++y2Im^^#Z=W!0$BkJ^o=bmxV1EDX z{l9PPUz|;w(II;5dAc^b4^QqfySQxWy|S%` zOifo!e!O5Uttsb%JKi zT2z0`Cojfg`v1q-_f^(hpJePSvvBDFQKn{>G@H7Y`+w_bUt9C!y}4bV(Js+eSEcrR zYyX9&N*pWVcX$|B9^1ugZm?f{zTM4r#u95MUV6BUzeeKt_w{w_mj&&(slz_My6s}{ z@&eGW~sO!b@EVQI+n3 zWs>Vt?>+HdaM7#i;R7)rnJtmumwQ0t_g`n=TAxolcf352x-2v&%JeO z_r2eGJ%xg9TRT>mYzxxfsbsZsZhBvD|Ha4?lV?QSUZIpYYgtT`_9L&}UVq#BD?+!W z{%G>+nV(~8y0TLJ>hp-Bo>RRV9)Enj|GV{{?fLcxue?~g?9ZQ1k26oLzkSTZ#HjJH zz+#iXpPxM}KmX{(%gy0_^KQ>sGMn$><#!d9x=N>vyXLHXeC7Cs#H;`M9)G%7|I@nW z_e0;F-hT7mgK^!<%vB!W{i!4D$h%#cd*1DyIZ+!wu=UB=ox0V^{o>TKg2Nr}?Y^aW z%U;;A@8sHsOA@+2ZY-~xSeYI6>G}OX?ymw{rtzIBoyB*_S4hVpi}|Y6#R~?1Wi8c? z=`Ho&_PT35$0CJ6$S(x=uYltA76b*(cNgAD#Z=m%U9>r*iexlI+06fqzV$6qYW$aj|n6U*BxS>sK57 z)?K~iYF_Z`4(qdXvI$#)9vjQoO=y?9?ILhR_;`---VHep#{|{7ex6XToA=x9kMWb~6?enj!F{#}Y>z{H|VvkQ->i2u!!(w1+xS!>CGjMnL|RWDyW z{N#e^|_M;I>)Gyw1Bo_S znYT}zbmo!0clN@n|9;|u(iyiWDqoxB{8VcD`iMia-|r=MFFLd(Dqni$zKmmD zqFu3b*VfLO=4^QE!;8nWBezzm9=&Jxdv5VFi&t;w zw>7(VPE}B1%i|lJscWM4?#*@c`|359nVsKw@r3kqf241zoL;MQ%v*W-iL{!$$lbHt z=hw}f|M$S}iIbLmzdp%H(O3KY46(w}7SCe_lJS~9&))y9`|pi*{h3{*s|#)Uw=Z6- zD<7f$?wlEySH{&l(>N;F-vIv}AYrKd*CJ7RUw<*uoBKD?5XtE~~1|NDXcqLbS9#H5b2H-%hFFI=_a zuY1A#!#4JhfBon3KiAyt4$O(%{HF9OoBQj`s};vHuAQ0ZDxe+4S62Mskjt-@-Etb; zQ(U%6smI^+`+w-@w3;~8V;NhHoqlRj|AFE7w!IDW&+b+H^x91)sPc=2@^U_-4Jo39 z5xZBlMVN_s8t?cdcWSZv`ZZ2*%Qs~-x*Qkv+w;LU%1?CqZh?K@On)o7mEM~Etn{xW zPmtG=$Ex$E+doat4U(D6gN-FAQ9`dM~@x>A#m0DU(%t{Jp>^tYQ`PPk; zmd=p!lA1~H^KKn-xBF+U3~le0B3i6)M^53Kub&!4Y-(|qk~fyo6aN=h1{oiGJGSp*Y5XzzoXgpwD{)A-+Zr@8tsbn?hD+$siUFa?R;0(q$P<^@ zJubw*abU1~^yOvQ+yfHLuYb$be3R6Zv+kOHHg2n2f+DL`-_5NL6GKGyF1+;GP3O{4 z=V;DVr7e4QEsMLxp|zwq&A#^Y^@X>RCiWP?$(8Y~GWX`y%YjAJN$k(#^a4j(y4c{shuGn9p;)oF^#Y;j^jbY9AH1wgp@ll28=r z4cd@7(dDwiJR!4xZW*s1?S8rPxh6y9alZ+EVN7G_)^ zm)d7E=|xTSkZAVP+SOa3;@+^*$HARHgR^g;MRvpYx@>H{hj+i%Zi>3` zm3Ot$hNv=k%@7G8e%|88Yqx(`UjKP|&DZj}{_l4;O|uSPyUB7ENA*3ohQ^*LUw$_| z6x3_dg%)-=WpFxA(^4!?Wi<{?qukV&@%c>x=nEl&0zz zeSER{&W3M!k2X|=u0Fujc#)C$bbk7yLy9F4Y;TgLPCvVF>%Mnf2X$-xyUbH`S{+;` zmZpinJh2SaSoCVRpEPB;TI9Z>nX2hqtGb_?D-B)15(e4Wr0WK(cnR$}Rdb=^6qpNVo_Totlvj%{gMr138u!>PL@7c(=Zvgp6J zJW>DaZ+#~JjFOx^@)@pce`8zFGCM!YdtZdh{P`QQVvhftWu~x6vU<_R zEUz9{C3oYKA7$-p=Iq;-_ly14jUAcB`#w#ukWSn*Z(@7sgPcuc>KD` zYxy!C7Nr%pT{-T1c5HmIuD_;Zt-sAlZvB0yY`@=Wntbx+i^XY|H!EJ6<>apSGIvYR z+njLqgCUaV3p*ZnMAq(|V_7(FsrlDW_jX_Zy!O5AsoL**g&+Prd*|7=4i!d^wSk2` zHSctcpX)z4|L@)UpWEaAh3_eOU@-sxhu<$hZn~y$Ym3?!ZT4R?PyL#syOe*&>$F8{ zP3!cI-?Xi^`1q+?XYXgZrmUxDjSqYMs>_}%{HE?rV0PMfwG%eEGJb6rAK!jCcl#u# zbit*MR=caTIB2`Bi%7Y4$=Y)J@4zJ`A3s;h{ducDSzGL)*WSG`i-P~0(B}02`!&As zec&b{ZoR_@XCxSNOF?|*kNUUl3=W^(J> z!rIFFig~+V^R>+1dSqkN%yq((FWaXGZsT7arn|ZHx81$(2fyFgf0?m&Ri1H_dia4B zLAKX6cW-%kta^6kW%rMnJm%};j(M+tr?QScdS}k@)NE|^_QYapTqp{lXv_tQMt-*u6**gt$j?7qVCG=zc!7> zO>u?5MC~LQbHxKfsmtQEUhb&*5WN3D`M&Q@`VAbnKh~bbt)S5BvC7eKndWIfkL}Mt zuhjo*_5aHYHNW{bm*1?+`{KpzkWwpieX;6%wwY%ih;RB*Qfg>q=~|vIp01t~|8DK- za3dSDgWCH0n*?~p6>h40Q&K$4YiZ)>Q1Xf8r_;px@8>K=_fqbyXK6KD zcWvj~+&p`sa(mFH*`S7jCS%=eLrc59*Sk`RDy4SCEe~9hyTRe}tssMBo@E!CEiDfo zy__ESmEri;6_N*MTv`*molBQzrqe;MZ$8~yq}EKo+$p?#=i6wgM^nwf`!BttG~=Sf{Zks0lgIq`u{xVmxG?wK0l z6AoN?qT=KwbNy*;`Mp!-`~KFp6l7FnZr9l}`R;{l!ZKGbDl1zYdN_Ihf2R1K-~ad7 z|Npl*$GT2N*Y)$BcX9istn}ioFS4mU6dV5M`ZuQj`PQG?jtK63_c}wmy5!}VOg@{> zCV6Jxm-)Ss-smCx{F_1H!z|PkN{pRzTc`wtZ zIBB;EG<~|ET9$vOq2Q9tV{jjV^Mh$aa(kb_4g1ZKD;GC${FGX5eYSDaU-`8i%e-D_ zJh>Fo+1Jx=)b=oI?##cnKX&r$5W0Te=vK&`juzLv|Vpr#;z^7p~!rSbHz2nC;i|b5H-gG*(cV|8ws7;zws#^?LgjKkC?#!@1_d zG>&eKh7D<}4|raUY5%(I|=YmI8wwuK-neJd(tGuXcZmhK2wziIyELKOiR9}7Y zv`D7rUF5Oz^SxK^2lWOg3O&eX-u(ObjQt6A8QQ64U#)t7L?3?o?$Fzu8(}IX5`tH? z7c7igJMnbI1B;$3%-8O1?3-y^bu!I(ho84pM(RPK#s>!$3ZI#6e*4&a6W?u7Ejg#V zt#>?+{ch6l#By~>xcKa=+6OA~PIKOD=o8(V)jGXQ_SwAeckcHXXStZ){Fm5#LM15X z@~cd-padhy6BS`yvaEBgYUf%0-E2|#i^u%T>*YbK3qD@S>f&B z26y(P*xj%FQE0vG>>TA}|6mT6Z4J}-4oyB1<=Y)6bj-k_UQWGF?r?E&%@=XIBmcK2 z8Z$Mo3cr|mMd_eK$=a5J%^c_5r7zq{c%&`ccmMy#{!d3H&(;iYzOKGM*JVzQn6m8a zX}YW}rBX&ki<1HZS7+UuP+4s^|HmWoij>QrryNtu-6|2VQEl>h)9O>V^|zUx5jwK* z;AFk88ZH^Ty^M<8bLWFV?!(*pXWmKg zJy!j_;L+2!6+i!k7Va=T_FzY()?#%D%Swjhr~ggZXr2GWkfWtTGNw>GDD9(>-SYCc zPoA6$zhA+;LB#%QcR*NYAt?XU3-#L6i5WYzpg z=HK*n>fbA?8DB`muJx5x7d$?rN^;`+96viB5tHLfCf>E&kYPCUoKicVtn2ZrU4L%I zl6Yt|0Gyg9|tyc6Qa%ocpy66CY007E8Ysp623go1nv~#&tnlZ-M^2#St$a z*#BF;|G;e9>Gr>Fna@}g7P&J^Qn-{TOlb}wjz$Yo=`SS@$HqbnoF!F9a+!Xa9osy2K7Uou~? z*Z;fCzKOS<{Fr^K8{Dtg3}X7D{P4?7#b;m7=Lq`Dj{f}XBY$t_Ji`|XDr>@p52qdO zk+dx-FDb~{bcS7iNB_fznpV}^9_Kgz&Y2*6Q=zG8;zREcZU(v!>VhnmOl%4wL)J_Z8*7-i#zQ8jheNm*DorJ-O?qnEbydn zpW}`NN+y$v1dK1(Pi9v44?dAHW7eEU(@eE@Rur}@ZtvUTvAr?Lol%ozU$XCtn(I$( z%kQ3(|Ephr^2ySVW|P-FaXB5_(WhkedU4N|wywLRWv_{@*S`Pr8=KAjr~k_D zAKa|}hAFw@wWyDX?|iXvb-}*w*SkF!)p#<@m}j@Ja34Hh^Q774;}^42PftzV^!%GG zmt({_1*4s5^;>6umj3pj?BIg1xp8~*-yAReaWnp}PQUH;-d8D{!bfGStEX-C7K=BW zoByYG^49|sGm;CI_`Gxf{duYRnbfq62fmxzcrMo5tGIN3PU^Cy1^!h{OE13gPF_)* zUO4g3!|?wz%J;qB`{(%j`pN(9=_Mt6dbIM3X1T4>&gJEP%IWquRqjYM&p%yQayzW8 zPiEh$%EP)z4~3_+Nm~8k>YKguRcJz^%WEs<(|JcvpFdD2>*hE2$%SX>Z!1h}go5_u ziqGGZGmX2Qzwpme@sFEU8Y#GTiD(8f)$l4#FMRoO>qRRy9zmyn2YxQhc&zKVv*#k4 zvgk2Eoj9ZUN$KoX(-ZGn=N&3^w2+*mBDcaZLioFunz!nvojM-NkJin0x$)u9x!OB* zx2;;{Z~VK$O=0OAyGGw{cc(mbGgRxlS^q@E{QeH9m+7yG+$FVs z_DLt1{&ScttzsmUV;>R);H95Z&tQ>T*@P!{XUF_IJ;Zu3i7( zBERi{@AGe@b*>3JGS#ctNvDTxsX?Nw`fO&!j>)fddOO=UO}vR zv5zmYh^h3Sj>L~Q;`&8?XE>4!$&>)6=Jl?-b|ZaVcfrj{>! z#GyYq@&06g14EOR*Gr48Z~wk)^4FdldkdKZCH7Ssrhsd7CDjA=d~9s&8e-NtD*h>) z8!BQSWh+-7NLVyuL(s8_Vc%Bu9{6h9@>9oLFUsSZhmoZG2EToaB<+)ZXZ1Af-OXS4 zc$Mljo^8*$RG;~t-@9dY_5ITPq**G4R!0hF{gF_XDfp|l@vy|BBFWCQ_xBd>dHk*1 zN4>;vlJK1$)3&TzDijs;AV+SIz~Z$+HAzKH@7DRfi`d_%tbRUVUC4#PBcD>a4HAz$ zxuC(YZ-b#C!@3PBwzns$zph*pzq#kJy5Cko`|O)4EeC!2lxxq26)xK0X=6Cyq{S7r z<1_5*8#<%TIMmDEHU4c;^+bljYQ>@~UCC_*Y)wXo&OY3w=kjsO$(`$b83Se*c8h9H zE6BL7m^HQQ@9xa2@zuSp7k2~+gr1t6j#-RZq;8VsW5PcJRIo8hzT&!7B1TKzV= zTdTIZiMa3R^QhZC_3`bBT>HtciJs;`+ib4$lsx5n!d)45X7<@-&$s)jGp}{dJEj*o zwSh@8IY46J1gm2{K8yV3vxt5^&~A4m{Qu$kmoDD)RC{b(^GxIOZ>vko?|yY_n!I9B z?d*98kN)hOue0jJ4U6ry{&okS995J#Uwyh`o&cZLnxcmXxNofZwOv6>bCq%OK`*Oc zVhR^Rjvc@G`G?z*>8E1vpX>IEvpat>JpS36dwcU^UOR&F`VtS$57Mn0yTwnW=Pp~a z;;K%&!Geiv?Yt8WGI%`K&%SuY`|*w_#jU0HrV4FgX7``>6tojleX`+83(wZ+W}lU{ zx8AFMVWAzalO=db%wDBOxlGpX?5^8+xf9oEO#GsDbBmjY%QlX}hK}S8(N%Fr1G|FN z&uz?l8`ZOc&CjgbJTW*ZAx8e;(}{sS=^}?zBsbTw39M+j(A(E{`R?VDvqZZsE1sxq zUlV!i-(PowsKWPi%|E|+CVoN7rA2UEw)(Zc=R((%jehFPm{EFq`o}-hrVE_f@@`4n zCv!f-sa$pY8n_Nki#C-y-neF+V4T#mbzjXteR&rC^8ow%=ewiJOw=FmGHDA~rRi-J zn6cXVC*PuFCO5xjuYMI$yzxP^e2u<;{@q?qrV@$xM4wd8jT_z6GJFD@MRrBa*}5@a z)JeuWw^{uFm!xxS}$`O?C@ zI>OJt85cfGN$N;l_wB-?s;0)N<%@d{oKCacm8&hzC+Cy8KL7gnS&s##c)bCQ?aY}0 z?w|)T)vR3@vTnlJ=Z?}LA}VipzUAB9dudi)-P+QYS+ktD=FTvb-qQA1T+g5+v&qu< zw?f|wA)(`)x!>kzoXp8pTeHx_&NJNIy<22!%^HiMS2o4Z&Zx79L3!mx5UQ-Fz?OW?8^`TfIX3vg3m)mv;ng`D&Z8@OPZgA<1 zeZh=(=lHfvu_?Hp%M&k?SWzV8?jd%5{_z(VG##BV)lAOZw(6XddY`O2eo<_;Jv0uKQSK(pilefF{=^fLdEY`(2I-<8!LK7K} zIX*C1{fe!ir_HPL!xKZFH7{PgdgTBAPyMs&_P;%kwVgA(F*&Sp{qD-0*D7|}9N)hG z#Le3355@Lv*~QiNgpvr3CXA5#_E^UKERyiu($EYhC0 zwdcHc(WIah`ay2zkfo+wOEhpSfqoRlwD>SW%(l1{q$J>tlN zF6+WQOzYkk{+n^(b_;ARz=68H+>35(kE`uiGR!I9r^rc3%`vksA6EM zdHZm){r|eGL>I-`64Nr~iX{1No?aA{zi#Onm!+?^URoJFQ079oM^9kb91%*>g#u1c3V!HIc=hfz)YV>-m_&Q1)9R< zNK2&`+{=k^kD9EP8-KXt$Q4fxgG*tx!sRKK(+;Qxev4Nu?3Vq}*BmIM$nrWbrm>56 zH=nFBpOTnv)Pa4<>VlUZ{FL*O+_cX7+(!Y^X61t{hTrdOYCC(o%t_{A()4NFl9~of zHB;OdK4s}W=+W$;6x+WcD*bEM(>J%bcK?1KcYfO3b^{BOqSny0w|aP;j;>hHH2>_4 zj#X-cCN5W3*|I6_O#Q3-#hVdkZwRJI$_Y7W`TEQDR!tVkyxF z*XKyzF8+Dpd~JvLcbNrY>lbD}{8D!GNw)4J6CEDeyRj)&*0V!XmZV&K<9IG^$BA2_ z-Zy`p(ra39uS4b7*UeY7r!G^Rp0Rswl)hqAx0#ij)P$*02QN0iSXsEF9-atw_EOcYU!O+KZCPM={3*l(6Zc`Biq_KvfXcGCQpoMLmniK3lrmU7%O>2!X~>^oyyzJzbgD&`0UuJQ}sIM%_>@n(mUD~oP`sA0luk)WBz3c99^vG8R!IrWWvEq|=%}E~e6{pswx)MRFXO`o0S}c!pB4FpGE2G* zBvlozaU>SBF7;~npS#WGKF6k=HnqmPKH7+jx_U5YPuE=-v`**>(<6;#5jqO2XXae& z)n<*26wg)pzBc}N@cCTtRp)xUC-n4ga=GL&%h0{|)b@gyJu&kVlIDEBQ?0JvH-ABX zn!bA9eD{YDe3I!K{T71-qMeeL&cuAS@BFy&S3 zy4LTH&Gzv+k)m;xd6#uJ$MK`*pHKQ0+xU2ghU`O$gPUBrf3&~POZanX=`o%;IU6Te z?d=Nun0@xb?Yx?5^IcAg1{H1(TLeG83=Wv3H2LhO{k31?jaSb|JvryzmzU+SALFB! zYW4PQdcM*9|4oU-Ws%SK`T9Tj@y|5os!@jMzNIP}lg}FLc#~Hm^Z4l|nVM&rZvJz< zsvXytb2J{@@OmR}%hg*`3tM45zUy4`ZtdaC6^fENKEo|_`$QjQ*GCMwo{=#t7cLf< zxnbK9yN<`+X7V;?WV5F|vRb!xmDQw~#=A79uHIs@j%%UmtqdpTTN7OpE!O4>Ke%u) z`A*U8vte1<3nH^bt|f6Q3e1#Q7Up$kI*%4lZkYh`KP&O*WWrJuX8f=YSCrZNGaDCDd%06`kF6#B&)An7RMy|@JD3c z&c|Wj&X zGSC0TYPNTac;})Rt*w4`ic;&8Ki0GttvxnpXR`uJUAp?EjgKFzu-u;5w6$A&LZM2( z&AyeTk3HIRwl#ZIYFR#)H;6aZwKO^QV1Zy^hgGpq;QB|uCI9`o|A*1mvR$-z_e}G} z#SHM@A}j$PdHb$Z8V+U~a8TfBVjzh&LB-~=J` zAX`*={@uK@lNV$zxMCnCUj=XOZjVFJ@Afy=EE8 zYea6Hj$+nXoclg|ibs3$;U6KbGmF{YRGKO`xg@<)5tx^Lx34rv)bHG#U7@#s$hb?W zFbTWq#MUrZ^T};|oOIy)Pn(MSxjj97%Duh+W?HW159hF9*_qUME{UC^-6Qi)PM<;B zyvWTnOf9;@%irfs+?Mud^0AOrCqJsCrQBK|#dmGp+ugjU9zXdM`7Ubj9N*jDgI2Mu zJuQCSFmcX|CP|;YJX%>{QL-kHD+^omb~)bP_)m7vrt_yZg$5jEQM}^S(I@GtzavwK z@pWsO!BrupaE6yE%Yv9L@0)P(Pi=3fQuIu*Niq5Ivdn+y$jdDZTO|?~{J z^@IZ_4|N^mXg1_Ju8|@mG}o$crO%{~wg2Am*H2gFel}55kemJYCH0424>kw}3AHO) z%hz#ywaPo%JMUq)J700i>uK`)(toTH_HPVQ+&t}`-?qiVOOxW3%RkKG(Y<8Ivu=-c zbNBqSMW3!tx7?dvK8w9tcK`H4QN4Hj?V1eLV&8zq`n#qu#Q(k!v`FgQ3C@R^UlvFu zuCbhQ@yJyzHI7NImZ&Owu&Ym273n(Z#d`eg#Pb#3@@t&S{l%9Cv9iQinYRQopGMmuZvC0?0bGmq=r8|x#z=4&g@a;|h#*}Jw+wLB{M5Xa(N)}o9Q8O;S3 zE@z)t=ab&-GNJEn?$mXE>ywSrgwiwLe7_YNQYv!sX6TX$XN}Cv5<6E3o|zG-GX3+1 z8g|XZZ*w9u6b<^EmrYQOe{0>DQAJgoJuFx!gG7A^dnHL+v}B zs-m7XQ)-@a&wrNwZZC6rmP)Nqoc`yswI7Qt&&l36zEM2B!nf#JLGQhvFAlpT{!rfO z79aXay8TJ@bEE8wQ6Vx4Ej8Kw>Rc~h&38U;Q*Fbr+swu%Wc~6>H(vMsk1{=aQG8p` z#~T;r*ML{}fR_93OIt9dl*>%&roq9iC-)_U!V_H$EITh`&DwM>q2M#C+1?H9v#+gF z>fxOk!>76CXYj&+1g#aqt%BD4GK;s@vpI3a-70OEeSO`6xV7q=t}TgE8Dm1>qztFBl@TO*C^7PwZj^o+v|4&(hH3r+enTSKN~J z@qkaCyydyw_bR3R_iUNn{M-LV(sHpCStsM{mKOFng)W=5?!4N>7Hf$|QKHR?hlW6rFZ3lC16v?FM% zTcp#5SKoGXWC@D9yR8ggp5qhT#NetJe&DO|wCPgSv3FwjO+0?2XPw_M{ocu+jdkL; z31mK4*z3Q|Xc=qD=gMVjYWk-o^X4x#j*V4_V!WcZQ>?G^!gRM2*G^6GpZ`Eu{;$IK zJDcatD^RMHinHHbzU1+y>c@+x96vT;-R(6Wq}G1?ROz?pmr?rncRR~gPd~ZWcE=;V znDe{U`T`Xk+IiMR^gk|tRHb+LcpqrIV5Q}y(r^C?WBNbcQ2l22^N0Oyf7nD(&DjGJ zn>6|i3wv@R9L#-Z@i<97iaP5RGuwDhOHPI5oS13i-`_l6ruun8-=WETZV}~={zcYK zITiX%-s0G+Q18j}4<6+{{N?L;g|LeyO-U@z&+!=+KjYc7GiJ5ZY=KfuRVS|{(>MM- z#mf}EKB@I$*TjuNo728VD6KYK7L!${;eCDclxw9q_g9&9{+=@RyjjW?rI*@fZpmAY z2{Il3Jkxml{Ds_$Ra%o;rdZg{eGwxzweZC}>+U}Z_Ip1+zqm0)P_}!TQS#ljXCmv> zSHIiWyYHy>i#UV%Q(xyjT6&i~dg{qz5wj&?b6vP@_9RXIa*~Vj()lRW?FKV8oZGdu z`{lbA5A^qKZ2Y*U@ ze`ee4Pv+;F^y-JjF%6zB10KOXf3@kkOVn@HrhJlcU(~8F{e1Ac>w?D&>c25ul9+dI z-{i^Z=WnbsXR@E~-maLq_Efex6Sq(E3iBo3-%h&t58v zwpJ>KvtY&y6UM>>-*pCa_J=ImzB*y<($F40WsbEkr+g?r;_=~gS$&{nVu;dbwUzHy zy<~o}OTs-VW`^PBeuw5R(?i7p`}lw6ZOYDD^n6?SrSkK;HSg7^%f65BPy6TeXC|}7 z-n}R8#c>sjH%@0f{xsSCyP{mxx1%aeCy!~HrapJ{7VA--AfXc0rB^Hd@~6bhqRX3D zV`StMxt!{L9)AC9e_i$DSoH%NBljOunBsIyaG6!#N`K$iXFsvd_+-$MDyA2GV%=f& z8#`XA8ni74a_jF;3h6i@KFLC5d8noDv6EMpP58;DU3>0{0>>0YkX}Hl3lvQ?2NpG!!AC(Ch_m` zS-P(*^o(8y&6=~tEh(lhx%-Li-2izGZyA@{|9jn%k|!hxzFTr*<=(-Rfd1 z^<+=|Mc)+b=L#*$YF-Le%h&6y6^Y}2FTJ+VSW<7U-O+{5=N&zp77SY__D@skz&`h_ zQMpr0Zl{M!tmRbqo{?p$IZ3U}-DyFrym|bSI~QE7j3n98&M8bk8Nkat<>FbHn;$o7 zhOLk466AB^SoKtB?oXRSk%c99o*l|ry>5Bm{M3t+TpJYlUgiGXaI&>Pw&ii6)TPL! z23A=@>pMF&H_hz%n=hjjnsRo5k5kPb8Kud`T^OCNM*rS6D>|ArkFQa28k7Cwhn12> zvX;+uW;AQ0oc#9f!bSTA>teBgZ&)pi+1IGtIIFNE|9Ftf&O=NodfC1^mK?Tzx2IYB zyNp7}Eun(s(qm0G!U7jp1uZO_H8EHy*Y=PM`(uy1m|YFwWp7e{PIA>)eDL#)`X@YG zx4pBIvX`iCabhW5;hWIo_;Ojjq}rNAt5w5vXZC-v*_LZLcDfbo0Ubb&gWaT}iKR>9XvYbaeZ@V>cfPwp?oo zjb7P1_0glFfzQs*y=ym>jm7BkO;_IQiXmJJc~3t(o9vd(Zr8Sa`}++ykDRT#-3&wT6C|CXCaeyaABiuVi=F-U%Bt#MAm;pjutbh{MaBQb1Y zcY6CwtmWZFuG}-`Xat@RUsk^$$)fU;NcVI-mbDi)W`)+Z9*}4*$^E~MWAdu?h8(hH zQ*TfHx*;?%V591_tz2hw)XmdZ_JwgQT`pL+&^K5q=X?78GMo8M;p{(?)Q`^G`=n}D zVN5imNS}FcjG~HL*S4cAE^)aVLPJ!3I`Ny|-P1Sy+Z%tG?US#Yvb9UdMm^G>T-&iM zahij*UXW9My!mszzJlMn*+0Gs>wn0WuhWnJ|Lt+c+Q6uVO&coXGFmy6d{QQyG?Z}A zXzg&$i!hkJ@uX1s-D>uJ+uvMVIVwRrQ_i3Nd~35DV}Mb9(y|2&-j@~Wtj(%dh9w=5QYylL{}^?Q7_-8i|ih_w!UW5x_9KZWK#Nr-e=q2of9`wt^wWj^4%qqa*(9q! z-(TDqJVK>holxpv~_ISzk_C9;_L8JKBE=hT5<>}{r=U-u5?$2vzQOzKH?1-c8$&aQA zDpAehFSgvjZ1&FG{p0`h_hz@BF1%WPZ+`Krs=dGWd57;#&7Ibod(+75Sc7=jWP=Yz z&K!xKQmQB0a7NzqNjs_X(6h})%*azgv0HeOfC48^f`M7wM$-@z53OhRqO2T-~aUY+7B&;%R6PJI-L}nb3rIM zRMRQp>eTF((Cn)l!n?E|?1ZUi_Qn&t zXRJ7K?TWtYVe9)p&ED0QupjeyeZtwLX{y^4-Nf=Kwg#6&{B&g57qd87Em2()XLabE zv%BZk?Hj6&2FfzxvG%ai@sB2vMHnQ%Q{at7Mqd(sLnAMnY z|1kfjOTzueAOGkHt<*O5*4$vbt$B66%H2y%VXumI%Kg2aaH~&f7+1GD3ohkJ2?38C|cy#gY`J&@*w?EpE7yIJn zlOvj8y7G%-bS__;)GN~F8_SWsEo9m5{pZt6LrMjAnjCXfxg@x8tL=U#)`?epYp-9q zDXHbS#A8jbZ&Vvs@VVxT+j_(lc*Hw>x@X1qaVqhe2^p(C2FDyu!^nKrJzJEWp`5#YT-O}h3&V1pLP)6#k6Z10G_$~e^EBi_{euaUJ z*_nT}?wo%nT;N|2jPIsDp>j=)85hG`Hjx_o`=^zA8c*$sRlTt}Y9=ijJ0ik#}71!v*2nYuSsAG+my_ z!?a?W*NX%3e_G3A{&a=jFF)J@8N2P@DZzce%8pC_*z%qCf^nU$ z)`tmwhu{6)-xYr1_|nbmx4rM&w)D;MGMmFUo!K7;eUmUuI?}=UVYTp0pGie4I|8*H zl}}p}`uut3w^eJqT{sVZJo$M^FlP_r`d1gP-i%dW`7(q_#xvrp<}|I6k}Z!_CJ8PS zJahKkrEAwbcSfmB_KMiO@I?By5S_$JnVWKRC7wQBkri@GMse=eBi1X-KCUq+IxV_@ zcb?&rsA%1b!3xTIm1DO>9&pi0>?~Nzaz5bw?03ZMAO zWb{%FEQ-_0Q`#i+)sHzyqGw9V?OPEWvsC--KG#fP+?H(MmQa&wzqs^p^Y(4|niKuF zSa`mDE&TK)^4`B+vnw9$tS$M@_u*Hr`G*JQ^Ns~Bu$32V5!`tFYrU(4l2hu*ZQFiJ z#TuRZczN=jO<&pMZtj$hY2>Ua*_dn~Y~@%*!{*hxzyd)EC`5?45T`o#KnvUo~PYkcg@_?$eGJJ><;P7#7NQ zJ*Iv3%R_~-&-~^;Ie9wzx8zutE_%9m;?^GB|Ez0G8_hV(8|7O>yi-k>BvUuS(L_*0H>F^Gtp1*nLSO_k&mJq?0YG<%iOg($DE%xOzF&yZ{%JnRja9etG*~HJ?MvK%= zJ@m?vTpRyY`qgodS*@E@#M2sl=lWfp&vp8cl+@t`vD3HjdFuP;YWly<+j+ahTAB@+ zba@YP_$+N%S@rGisa=fM`wn_~Z1K5p^VXq_!ISTNTQ+;=|A+ZSIgdmhA8!8h^8O#; zsYR_d5*O~xIyzOzrRl;{mC1UXCYMSJE_n*AYo0LakxyTH+56N5yC)w$?*IAAt$P{ZNeC>ai%sZQF7~qr~5BpbIZJT!au#=o1yby&8V&6#0!{=^Lp1&-SJK}WN{oZ>n-D^%Ok-1O|Z=ifhn zw*N02`0Ym8-BVAEJQ|H=Wi9Z$%DQCD+cP*9Ym24g_qq60cFQ~O-ajbI_7oYIf_S=jtU;mpjEis$+M1nO+@Dz(z zNMWn9+T>+Xry07JMZNa;|LDd~*jfO?AF1Blj#JFm*sh-~6Te|a!H#!d%|E~X|91Nf zi{d_2<>ZXxlj3z*)3Ue(1xvL=mx(>IFfN@}v+lsm&dV})%V!jSw)7MAezH8>a<+cK zlOKV<*mv*zd`)_Ww#d(o|G&teC|h>2q|D@0*HY$73O%dj`#BSz-bmc{?Z)LhC9ieQ zJnMe)Nj2|gm9ExYRrAtWn=U;`PoJ>QU2X0%<;zY+6BV{kSiE#~Q_kj@#diyM^LlQY zG>I_v&YJCBvQ612a#F0VMsmQhIQiVUxgAFqrH0quk}-E&VS4h!=E#H>S^3Vt6<03l z7HM)XfAi>W`Ta)6sD*2$iS5afTPw0KTxsH~j&r*eC;AELi3BV>HOX@VrkDa-oHM0{`|ze*W0dnF5LFmSZz_x zF}@&HLCLZU61%LUS62OVjnKQ zfzz(CZCjq~e7n2i!NcR0#W_tYKO3vuj=HfaRd}^~`;M%mMtS$P^i7*4R`<96|D^f< zx6Xe&x&9x&PV}ahr`pptRXsJb`!e}|>-V$gC+0;r2`EVgUpcd?lVj1@b=;XJwrvYo z`Ag)K>$aSz^Yd$8y|4J4Yd+a4dz0GPBeOJV-iAktQ=Z*;`1s4${s(P} zOD^^Hgq#h({$kmsWcJQ&g>9`edCR8in&+mz|CrpfgKufg#CaPT=cGJJ{S(RHcj+j< ziEd}hStoCHMU_j15qnE!Tz>xCV&jD5yt;Yo*5yr@6ymLYFotjK0c{b_En9Ear6oE` zyqspz`jaV^Ikx+J{x$p`_rgqz^(Z`$HEi+)D>eZ)7kK4CBlU!5N5+<;!ZNk(>r*$q&8X>0wzB*_|-Z1E=fso!IyOam%b0mR7~N=YqcMIeKKpPvNisF4T8(Twk_Pvs>q3t^6-R zx!e1=Ctb^XdeD9TBVYMHmUiDd_p9BW^izL#J95WA$6I?7E8M4`9v6hgz^QC*& zyp$e3c*>;{y|2aTXmVW|-%_4UA+25Qe#->RayaFD{O6x5fnbedp-XAW_G?uR(i*#E(zw0X1e=g(Yo{7W_t+C61YBb zV%e;(5_#`mE!e+z?$4Tu8`ts4-TvCdYsS%7GWo=k?9hFCwGx-+FzX0znrX5xUiHi2 zZWg_)YO}9zOd0wP_uh^>9xh+8sZLSiVbSetx@%-#Jy^AG+K)cT$G=b3T|A|J*Y3oD zQ)gFPsJ=S!KHJ7GFXZCfo`1L+CUAPIqy6HqkJ>M3h}PxzEBug?v)jGDOg>Jr{A6`( zt3b|p$^Aj)j9IUWed>}y9VWE{>(lOR zddrrUo~FRTq2(H48MK9$_m;_@^os=_Zg3u(uDe!v<>cV!lCNI(y>Pnn@D)ebQZDV| z$Ca8SbDcH&_LR)o_)u_3$qKF1&69Z99PQ$jX8J@u5@eaSpjA=h{v@%?xBVX$$NA&rOcYOTOGWGxN-8&yd`IS&v1wJ~HYxXv1I82y_e4Xq})C%(-NX?O~?Fe^!286SZr~<>%*>dflWBTEDAP zw*Dq_9E}VX0}OJ(yP(mXlBamXT3Iiv-xj*4s2{H5}kR< z$*6TgUug3*zSGlm9zO79=RCc%Bjfe5l|nNvWY6N4{mRc=CptNP!RFoVbKWl&=CrzX z+cC4mv`1u%ba7gX!bG1&Ba4$PP8=mup2pw2@85CIQ$^zS%SRW}%M^PyGKy#lcDneg z@#ZV~7q^95@y)%-bG7DS)93V8dtXir*;%W{EEY4FgZlq|RL``j znXvKRw;$^yAOCjl*l>%xIeXj0GfR{n?h5~$!Nhj`UW?Bbm*ka^$8_sDPJdzWSY|vi z;JUKPrJ3H*@1(!_sBexmyZiN9mF~5rbH#stYM&CGQ(ptCv9z74)79NtHO?z*OuMl4 zUsPsoa<5^aTKK0cjmmdw?uu<`xWJK?E++B%ZKR8o*t6m#Mwyd3L-u~ZE}`uaIzxX# z-=CP$kYh2y*G-)sv7ege;O??Atv{tH=*oQQ%HLVLB?1#0jD#8$LYk7(&l%pjcj`|J z-(sf=if-Iptwxs`E-;0jiVRw7>Nb1V*5Ka952hCOteXENM9J~wcS9$4(IdTe0XB~#=4~E{QrOT&!?@u-lRNhTlj0UK91ETI-FCR z&gD$|^F}9m@nRoe-)KgC#+TE?^6qTvbDwvsF`iHA=IL4IH?FKyxc$KGlJBH*OFr7j zwE11_M2GBcqJdXi0uMMAC%%tnYB|tbbt|j;>c(|^T->Z}*0&{PWD@>+y9Xpj z_@8>cqAg0g`IFWRg$46k#hJ`!9{M4tmNUm(T6p90OC8U6Zwl_n>uQ`>r>1`1<<*O@ zC2Q7ipZ&k!_v;mB{EnBOmAKEYrxMucUj1LIYTBB8k8=C}z5U1$B5~o`Rp<9Vre)ZK z%dNb0Y=Xzq8~{n6H|?CZ|}?qi`*qn_D_nXRkZBK1455vJ4XSA7`l@xVfZT z+2N`92k)sT4!JLGb#ZU;&F;J~L0{zMo43avD77vL&@i$w^6{0tDRJ;!E&GiRrK^61 zn>2P+o%K>X@3(lW;s@s0rt78%u6=8=eE}!4m$uK+rjMt5XLfaPWQXb(=AQ`;2?@|j zTBSOzr`Irc-Gri;fVK@0jUNsPW$dmn^V2A`eVqISn@`8}oVe5v*76(KU2>^dzDJDReu$DjQstFI7p zcGao4?eBN~HoMhweAB{tKh8-$u5P}_p?>tj)!P&LDt$xdaj8UwOUCSN4av55`xzdW zc2Q!<>!6dmA09Es@3xs{AGo0Oa%{fp%(IK8b{TH~jhhH6s~xz{Z_&w;JJV!p4d24U zY?-UScX{;)$k$NGH)@GbPt{-aP zIQ7v?$t_b-Hc7HD-RIZg6b>w0C9vbzgtEoV7Xme9m_$RQB)#_s2Ccr>(Q-t?Q9$d{ zPNwbmwus*6=d6`q;wIs{@QrIXXLEp5;0eV;3+DY4eX&CKiozBrjo!r~OwRe~;@n4r zj>sy1O3UfrVz4YQ?9P^i-nf`8Pon?)f5v{N=(VrSwhW zEcSM@G$}l!H8G2KsgO$Ux5z719gQhUo^^?A!FsptC1pEvXYNY4`KWa6*E%z=M6Swd z`ts>{RebIdfhNIg7p=OdbSg)mwNsw0)G7A%8fjMlX=^3Yzk9pi+>|NnZ?k{5+=LTb zwi;V+4yfNhUq8b1W7HleuM{KC01a2k+RH92Z|C_OzB5y!=+L$6xsO)PJ^yg3Hiw9k zl|OUs-8~Q9 z`|6g77xntg&AA~pQ^Wn&S@Ca0udik6J~U1^G@;qOZ?fOAz+01Ucx~*s)b($nU5~(= zxw8&^_hJ$4|0}#)Qu2kPi;BDUU6(H#R8M+6v|>7xb=O$jVan=>9^nluD|nS8STa~| zWvo)=*AL<0;hT_`uNr?wd5iAiwLhM!nI^^RU)-v6!piH|s}o5lr^QFV%Y2cWue^Q2 zag)!Nekr+_O}zYT)z(VRub-~JKAgo--K!Jpv@k$retgHK)4onYTZ^wk6~HUCTR`vs$G7><=F8Re9D2jE$dl*vxBq6_a(kBPPF9Rx>1O6P zDSBP>`N!wqA8qL}2J&KYy7k9kaIYnqKukzo&GIo`-USEqp zy7>IQ3mi5aoSfn%8IyN3Dy@licWXA;vCrjTY21DJKdD|xl)!pHidAvKV)2&^_=q^ueDYM(pa23x#aVPe2*;F0Be(Bck zH(jFNgn|||HQbHg%`eI}eIHLGN63TC@4lH|zIVN!t7!(y@eV;{x1Jdc_3Hx`CKW8` zzZ`6Qag(>p-u{FFrN)&Lia&Gr=tgG!>~5O5)ACg4{1mO=?8m9Ui>q&Js#I1GWb>Ol zYsu2Btp`?rx^yJ-*l{-<$%$bZhhId!U%Nr_;DvAUvoGXNu;+1ecZy)^@QTb{a`l_| z^Zp_1xrWznT|Bq*v+;>rix%J8 z9#dVHxa|9*x=r_!N?F~MWZKu7$DLni+wO4nM`7;oMS-zvrT3olyHsVWHknf^uJy1x z-=+K4UH3&Sc~;EbboF)EL|?Uv2mjgw7KU1h?Mlnk$sdX|6{j4UG5vhYfg6^5&Q-sD zzb)jx5VYVT%hF9-mvlYbGwrjfgVx-2=WBaexD_Kd)@ZIwY08P#PJjMP^I7rNyMCa>E->Y#isqf<~fK=O@AHJIzaO%!fX)W5>Imcz0exUq^ zbIk2Gwq!E*_C-4DO;=Y|JsD!86xt?x{!P;9w$-_9<{=_otlqn}B)<9*dFxixYp-cm zLaM6_Ws+6gq$eFpP`a(?9I|MQ$+9<&zJIS=aoOacv3tTKrj~0OK|J5T7XA3K(#rDf z+t*JYEPNdJvZ#5-&7#N4-o*J@?ugr`^CBZVIZsi3s#o{2eQ~on#Z0^B&#HP^zUxyo zOS|;8xbxqhe^XeJcWYXN%eD-qhwDm|y)~R~c@}(mp*fA0zv$PU$QAQd1)@G3eqX^o z|Mx59IkRn&bvv>oZ?4dn$~~WxuI3mJ++);qZ(-dQ!!uL8T0-rGT+9MixoDj>^LWVN z8Sv2{u|rcN_gR>9$WobDPo-CmV!WTCrDLx;htx8yzSCEO8Fr zTA}KDoj9}{MZ+5&@95E&eR|`GO8EMybH=~FCoehT;Ti7F|2!@2^}HFYf;vU^D+d~j z&uQs?|5L)gM`Ug8%{{zqo;^Dsm?`jt$8T+lbyr(aCEDbr`fIc8{_lH!s6z*GJk5$b&0>HukX*w?cX=Ku+4Gmxr2sQ?q&jUE1BYtDaf?j#{buvdZ%e?-mW9t zJnEJnS~Yu{;fAE8x~+Yz8$l!Aph>R%)o*J4x$cUd6f(6-?AJtt&?%Cp#|r)z@2>ou zyWZWsc7mJqvtrk%%`bN~gi8FFGk@;V@&tjN#HwdDZ`bOEc!!3VE{Rxo>H7WX_eEbn7jRmarL4jKO-*RdKJ`r(K$qlE}G2TQ&1|;?o~Oesir- zJ7+X*J69%Gms4%Ka*gkkH(FVI>x(8jZ4T|ZCczsUYx^T^YhHP>K5OLiLbuF+XMOa= zH@jz@QsO@NI&S;S=ln8}Dq*R${nC;Nr_JB)Yb`On_3maN%Vc9?ok*iIPoDf-R_oED zyz}9%YzgT%j~m<-SwABwq4C&k_l z*W`JTm7SYX*J!|#;k%rpdBVJFWgnck<=#7SS^v$}=MfxteA=9@=3kOCZaErta@*W| z^Qlg=FHCcvz3XD=Vy^{hvqd`-B^4t!mGpGJto*Y{Eqq8Jfz^S9< z7bMm<6x__tD|mZ$hv#*+@;(PXgqlBEa?3#N58u1x(`Wscx|1?#=gG@56<-pC z0vX;389k^{tGXPU@9I&Q`CVQaG_sS#^e4($?Y2{Vy7=;Q^Ln*xrEmHqCZr|yZMw$8 z$9LgPa`d{8jQ8)h#I0xJleIcCD^z=t%iJe7@BWV1oTGYmQ~!JRIkv@p{~G@tYmw6a z5cvM<)mdAVIc-)S$hq($%6yH{j4am88!mjvmT0viHqd zp|9rt``69-Cl;qTwiGJ$s(F9m6+C#QOr}x3;Li&d>-qN&GvBZ1N#FMVh<2z(_0{Q? zGM!S4X5IfPKDyr9u5$R>)_DsBQ;bgjso5tdlA+eKtkXc+<;hX)m2HZ1^Q4}(r$if_ z@zuYv_S&ZD4O95`f4FRaYP$SwzXzep6Lp$9jAkimZT_~(?qthtl{DR*d8e!R=FT|q zeN~Irt3uP>#E9$|$MSOX%b$%|T5XPLCvS245xQjM%^1^KH+!oM&efN7e66uTS=K5l zYR38Jf`__FTAyawRx}Chkn}b?@iv8D*E8_c(2aeb2P6m3Xz?4*D2ta;*G7sfyN@7ZN*Xy_=Y-@qepsjY^Bd%7$s{{C-W3 zuRqFFE1B%E*r&SjyzIh^{q5ni#QE@d_Y;=l;eM^vJ&H8yg#-}DFPf0YJ zzI^+7@zw>47f)tzGz@o&ULPX3L2m_o0swe&-45i?Vort@z<}anRDkU1t|9NlpgNOtobSNI!x#BY=4{J?`3LA z>k}@peY(nZ(`C^_Uhxf2Uzys}zmO1W{#NU~rgUvd)OF8alP(JS$=UY?GEUK6V4@Us zX`SyJ2bYv+6OXDXg>n0GIG3M0Z!+n=Q_>bS9Z~VKxo%!dO2i|b&Ysb~aQS+(z@(|p z%`$eC)Bf#qlwoY|lUteI*gmbd_{$SbX$J$gr_~wuYt+BWnm208Zh60WuZFN{mRLx4 z?#wp^DsEOWWJv`ey*bXnVey?`*lF)6Xqp;@N zb_;7;_iQ!qh_9SIn<5Xc(Es-55a^te>9@DvjZhafy|`fK&d6O+(K?-+&T&>%Q&LY) zYizsu)6(kp?Td*WMh2$V$Ge_-7fhDCE#I?X>)zg&g#usiMlsDS6Mpi%Xd>%6M{mi{ z*={N>*)9uSKicb-J>{YV&(2mQ-IpPI7kxc;R{F-?bbF2F36oS$Py29Iy}V(Xhho6K zXGfXYe;m30$5#I5i}xS5s?U4&&iu}y_Y*_dDdi~V@-?I0gS^xKy`;LFJ zzWU6YnJI7~qps&*+V58^p(blev!48jUjIu^;Y`z7^ScN7#J}ruaa}RLe5E)$t8Smu zgD4oH~U-nf8VQQ|NpBuzbWXVL{{}Q59Nn+8!GW=>Zz}v?mgR-(vrAi|MXyWe`Tj;PG+AM%6nGnisYYii{G(ewXV|Tb>2&3 z9J!hWc>SMVSZyYttj*+P4|-mGYOaBlYc#mh|v@4F`dx$R=G;?nj%R#CgF*S`AjRKa5U!adhA ze2pe26`VCIS@N&$D69GwwTb77N{$=*$lY*PDxR4$@!0f@&%SQd4T81#%6re(Jr#^% zYo8c3S%1m}rvOUB_;2>&ov**%uBf=)J?)If*<+^Km3i+OcT zuR`@VX>I<$Wy>~0>+KB}PAz-(w@dWsqLpXH($DS$yf2!apoIEPcme*cs#w* zFYd{ZHHu$1;pCEnhHpOHc8YoV{MYkt9%%M|za@35L{wDtNpbH|MpK>@L9C0Nwf8Bj z`h~=;-LpV%y6&smXKJr1#lN0txi)L!!aA;n3(GSmx6g zl~~=r`>}OqPrjsp@hSDIx6U7UrTgN85vLPpqU$_^=@r|riLFdOnRV+|_`)Xbt74uD zLQizZ@8*9RUlpyQ$+GbM=6AjM%aRiewz+nJx_c6ajQ{cqbE?|Iq0`6PE+k5}EO-%` z`95o{u>3+^3%;MNPDd8LDYLe=UNNOM<%zaVR@~lW3Kw{dGF3Dh!vZDO3yAE|nz>C( zCegu)hyRzlss`KmWfFScuqZc>l! z)vb0J?6W%~49yPhTp1~)bB-&WGuc3GL+bt*j~e};Pch1K#5a0@4t29R;Uw_Lz07La z%<`)?J)K??7-#wfe6fj&z8$%*gtNVG&XVnmMUzdo8oh8ez1{b~*L-i^|KAUUdq1TM zPiv*h=Vf)}jRw;VrYfviX`j6LYU0);V@oFm*-n9oub(y)cD+));C3aS{n!kRWM1j( z>z}?@S-gcu|LNrUd;44OI89z4vFHD}>%t<>A6aMibPH=cXr4VVD|gAJ%-g%`PVQW< zvL-BI#w?c;PgKvdNHbr$$P-&?e8@9)=QfL9KAy0(03I)S()r{byy$zYqQ6mBXrgUc zwm-l0J>+`i`i$=)&42gWd^y7B#51p?;^7a@Z8J}X|krmnrQu-@*mE<(<^#vRD5ah9m4#jas1DKAxMb;xMFcH!>bv;Tif??2sV%f9pXH}g%2UoAF2Pd}+5 zTq;$q=x;i4ZQ$DGumlO&7mvSOnWEZy@#8JCn=AOkTEDW+iRIqACh&*Sk?oRY^Nl7Z z)ZDaa_nVUw!hU_pJYVIC1fM4hdzQTVUGnYgg&a#d$)#Y zDNb!l;#}O6!8cpBCNn~R=F#q5vvh+OhGep^E^3Vx_{!+-KQD2~a{eWE=Lt0}PCsX8 zX5tW@uDd zVWMa(uhj9F-Ep&y?peXA?v%IlWmOR8!6P-Tts&<1zxd<(Y8rD3lD`JXC(CA9J@$Gb zA+9)2Yt5xw+ne@%T&?H*?XpC#kIGEDU9*$V*UUWdUB9yIa@DvvCH`BL(aN8!$yH9AoVSEf#qNqORHGhP4UM9<=PXC&?Z{?z|) zTmHZBwRI7Px*j^({diZtvFN3R`MnQTWp8hvKPjxf=uPhBZ%W^^Ou8jD9@vnwVE$zF z^KL9VIxk3i-`TRM$ixr`dw;+7jL0>)>ecFW^04QU zoSi$TE#P%>{(pcWai`OR-!^|PDA&9?|9{fq_WlPcMiU=xOl@5^*+sm&qlop@!QN#& zAGSva@8YwXxFACBHiOHPkK6(xr!&^BoZ`J@+g7u4eb;1c>YDyF#<~6e{c3T{{xn|p zemV7vm(KB;=Oups$Nbg8A>N-~IQa9G$IJ~Ye`(y`{MdH~M|hO$2d|g6^<6fa#Y&ug z7JAws)O*S9Hn$!BXEw{&SZ#ctmvq{5)waQ}Jct>GbX?UYkCy z+pZ)liD+T&5Bf8|`v25#69a1=Tsb2%FYJe-$N38$&VN?T6ya(%Yn$?V!|MZz@2Vb~ z6|7NzKlyff;ooPyEshDA(=R?LV*OQBJvwgS!WN~}l-2?gcPtq&i-+q6 z7L`o-|8c*a--~L&gC<{fGHf?57w_M`cCqYYk=B@XfwN@xK4WlO={A4$PL79vr~NHC zJ2RItsNn6iUfxG3V%IsOFIspo`pmO+Ul;ML|Non~f4_?3m*rP<df!EM6F z#$IsY(8E7Yjqkph{d;kFzH|2c3mPVENh@1SW>wq&mHhYaz1`t&$LBrxa`3Rt?<;!$ zKHfY3DAZ=&{k_wV%l}jRe&;jay8SPgt#H|xc+up_^}{uK{Q-)Lc0}ym8E9Mg@#q@m z*qEi7VOm@NRM{phT5V^=Q?TXO%39IIYYLY}EL**}x8&3}25Zjg7fnxFnpIBo(K>tf zc3w)-ClfA%pbPgdo?E%{rP~QdjuHu>5F70o&p4KBv7NB$jj67VzE1k~Fh8aVOjWlp zZAqKV;B!VyGIn2+{l4$<98CMy-LtxP|LC!g`+np}Eq)oN#o4TNH(C0njEpPmRqy+k zHP@8heR5BoW3}p?kZCiM&j-z!eXLM;`kXtOqLbccEU&*B7E-}_TPbyo?xi;?gLj;~ zqRK0FC3oVr{DeQZt_y~oDipH-cSvjQKiqeXy<%6uQXQ7!xYqS{KY702skL_MP+J(k z`@#CDo3ie!PxadL{igVjwef#lvkMoCrY~QXk)OSM(rk9!f+fxxEGKicdF53-)MB)z zc0Jv2X&OiRX59s*PhK`X_sB{CyyCU(x?&3qK~_DSM3C`(@Ifb64M}|G?4i z?^l$THZMTh$W#3Mch9s*4GHTesCPb??f>S9recO@(~`y|0zWP?Riy1Zb2q<=*>>+< zGv>QjxU(C+P2<_jUD@XDpwXKt<^1+bXZ}VeaR;l33M+oim~}k=t+SVK*r_c`E=y>x zF`H^|=FEBJ-i5pO%1WNy8`w2`J&?H z(PHw|q#$6`gsjZ1qFn159TGTnKl-Ws3|oF>+C}MG)|;kqTb@W^uy|w1qbKt7*kkLR zufOGf+pWwK-uuPq^=_MLt!=JdiUw9H6Z6tvtXjL^uj|42-p)@<@{A6jIl?G*ZePo6 zk4AwP3(m}J_TT*K*mgyi153{wx|TEXS9ng!zbkgDej0O_S4Li0x&Q1DMOk+J`OlB8 zub&!i|K;)Y-j4h|pYzndzg6X7Y7vnP(@h{$;c2b7kJ% zzhwm}e~-`W_|w&KMZ!JktFxA9|Gar|EdoCCW~G#*u!#Q1NEKMfwlvUh?PIf3Wn8y+ ztZww$dFMl`Xw$lLWkuYTQ{rR4D93NMTlMv{-(1_n>HB`9s-5@y=v;pP+@(GbWU6tHZk9j0;LxN5@fkLSUF)`)E#s4CT&(P$kgLsP zuw&t}2pxT{pqLl)v!9n2w#gotI4Q);dBLnr8kh2}CwzD&ej+XU_1--a2bKM855Fj| z*FJvyb#UgEg^Tx2z4J%Ljq6TdUYlE+McpG7MMc}ccc<9)Uk(nIxILxs3X>qqw)E?Q z7VEkvm^}~<+tZzXV9|+Afdw1A&c9=oQM9!=xA%XI{Hd0&=W}*enX;>&J5qi{V%u}m zFE68aPR(&=_iCLUbHT%-eL>K}HwTwbFyd0m?0vlKy z&aY>#|9G=LFXG#^f9ZM(8v4nm-HXMuFE}1uYaa~qv~$y9Lw5ip{J)YJeYb~#=fYB zxxN4M>HnX<|7`y)m-gt6PUza#?#kI_z862*eEG6DuzKTzA0IhGMB-NHK6G-B3_j1` zFK64xv8v|H_J8K}Ke+$5s{i}REpvPC?8Upkf4uW;uFc;+a?hSUmooENW?0{w&~~;( ziZSZNuRl9Dr{{QcFXWT{6V$bQi>41Yq#YHilC|Hr_}Ck9*)Y%YzDxU)gthkA z918E7{pila=PRC^Q=Gd@XZ41I$BNnKtMGhL6_?r;`GD*0V(kp+4Tln9I=6W^EtvY~ z=i5Un4B*?A%gkis&QPsanil|KaRi_KNe>_nR-WEmYROBQ-N~QEjJ7 z)8Xak3;r(S{rcvBvGx4q$Gc3gIjJe_-uHfTp)g14EU~z00s69Uo}c*GStW14HceOd z;f<4?hgOM4UN-5=&r1ZYCOY>i_4JO~+hcmBiC`k!3&->l`I3-ABjUi0ws{KeXHw=kuheRWG; zx;XjWtlXx8m`R;1sq33oRVz0?_L#!ASg5$#Y0E{M@0Yww(l)D1($tO&0l$~qRVqxr7 zOAoxfL-%?a4^L_Ng=uj*pYK?2>#4S{-(T7;)YLLN>83|`jr(86=ld_FnrwOYRps)# zrCTp8^!$-k*Y2^Qu;GnX-ofjv`vqv<>I0!ug(IMxD^3jrZr8mog#iB z6D~+-R{XobXcZOpLiU9!PmWor`^?0LRxbjI?>^(T+56ej$Lj2*)$5WzovE}DRccZB zuu4WNfz3p zT$h(lczgcs_U(c%FI=}jQL5ekc=s!Qt)HSoq7_?s*DbBi`I)-Wc9XfqbYu2;POMM6 zr=64Hxm0Lb{v%WCsL-WCz0CT|wJv-1Zl6EzW43bR2JNe2Clk*ze-EBD|M1Q$+dL*J zTE{=(0* zDf4aAov4|c4JUd`b<=Ksy^F(LPi@xLp4Q1Kw=bUkaq8(Di_%%S+wYzE=iDAy{WXfM zYIkML@5>h#Mk>Vx?_F1JbNh(q<78zYnfY7lSO5OS#o_cjuXZEPdsnYz;)0L4=X1AB z>n;BG#$;iT&5sj@Yd-9K|8Sl4dk2rsi(OeO4;*xE|JaqyFPX z^ZSL;|6lXloeGz$p3q)yb5{NTNBJKI+Ut9^|Nmf{vop;Wbo_pDb)_j=uENDxsee{I zjVXUFz4K@Ly`#^}_cPwS+LzCBn}5H{^%DvVw#>DEE*-C%Y`*_{yJza=ma7cP8(TKs zi;2D78Rt@yUC6XJw|~9xO}U?r9xIqi*7jS>?C@I1%Xae4AsP0*`3Z+#h0btkTHxoJ z8)iMxZ{cb=?Xb0vUVIGZPJuW)jkSl3daL!u(980(DA&g;C~t1NtIQ%0z(1!vC` ziOkK1kF7ZNbG2Y~VDRH>rAl)=ta^ifsHIe~|GcE^pSW$uU8J0$iv z?U2l_R#_weed*o($4W1snQwXQ(35{Fj)%w3xnarKbV(;z-?n>7rgXucDK@f=fuU^S z@$O2uo39-do&M0|*n?$3PtMIt{ePJMVO&~}ql*Gs4A>U) zsF}3nomF_QWdBESXVvA~_YbDq|MX;QXM6GH-IF_Kc;su|+y1$C{QsP_*Ygx7pH1>{ z+19e+w(v}i-MiCHYP9#yPkMW7>({>=$rr4)Jf1pfmTBaM1^Y24) z&Da0;j&FRdKEuY`b*YrXR>jW5qmu;1iayVoW8)Wgsn+dD+HB@I2Br@h zG(9;4COIguI0>B)=ixjmz`N9Uf-eQlckaUB4^u{o5@wZ~p$Bd|or0 zH6}IreAT?do!{qFFPmfhJob0&`=~Q<+oq(H=Kh#B!NdKb%f>x6&$2PW^vREy|0y9`T?Enc~C z-n+x?Z{G)rp2^Eh%*dE=?ONG~+Bq&=zPtGgUf#NV`0jSGtBz*<(%woc9M&woAB!G3 zo-k@QNvv0MDmLGu`u4cPs)ZBT<>JmiIbsodwRFzb9L}vDe@k?~Tdi-&q4@E0<}9&! z?xo4bjpnt7cF%J1+Ox<1{I*h&;$3Gyp4?RQnCE@{l(w6vSFTyVRr0-hR|{9;HO7;x zxT3`7o_^@N|48S~qb5z_Je+(?b6lEazu!H*$N2oBb$glZr&}k^jZjpLQ*%DvHF-w) zv6&@n1Xi-k12vSpnJ7qcL~_be|zE-`T4*RmflcNRpTWAYB@be3S(Xgak5oab-%lG zvZCkJE3aSd>?fap@(@{>QuHif-NiEDYbx3k8cX^0<}cN~WhvS6nxQFTQ&ac4U0uK5 zMIUDspLcrw`{?tBesWvnpUv9$BXz^>3Z%VK@X0|h8Q(Y5mJBHB*c+<;_0P3f4XPCeDPvQ_Upb!o99ko z;eN2_bJ*vd`f=wA^5ygEKi{r+EWQ5m{(rxJ=hW0_3ky#U30tya%^C*xiQ-MWFh zw=Yi3c&Adh?EE>;?%RFLY-?-hoWsJ{b!%GLxyq+gd#da@U3v}#uCaOjrRaCg7RIMu zJ?~{#Pnu`xoXsP2;_2r^_s~hFpYJIDTqbvOkF0Rn;;qX$O;Y~KY`<5^Kh<#htyNhv zD<#YsCC_g@&;NImpp@{BkZU2z22YG4Q&LSoPuE?zJ^zB<42iRf=RX`cAhORq_}se9 znF2z|DTU#s4_cG&re1n}fp?F^Go82jpLQR-~ZvluF{e% z=8LzaJwN#FQQgmFDn2pW-wFPEVS4@J+4p}K{H4>*&U6m0X8*d@_ll``(EU4S)_hYF zJCmtCwd3MlbC>TA6fVzmPvCKk;OY1GDSBLABWrK+`I3iUU-0e|EyYsgoah93-8%#>&xi*{0)V6?u8N&)c`(J$vJX z1YgtUX=l3Lt5a-v zGKx+u9D+(rH90!57fw3F^S}Q$d3(^^0REjNk~euyEH_>evF8g*?v3&tvoD9u?J=A6 zwLd4}=AE0DAZrU%WvSv!A! ziRSMrHUTCz_qLbTH8YCO$98{AaK7J1IImdr?3vUqT6k+G;$`7?+dh^cf=kMm0X+L+=TjJb}*0~29 z(u!s|sO~5}z3$Q>=O5Fq@6@>@cvL=mvT>{#n@(4^rP=MM1)?tw2o(3tJ-oBj>2lD_ zNArGPZ@l*7r%y?Et>(mdMb1AuE8BjWoQ-yTknUIWMvzT0`OCWs34Pxpp zxc!kKZe788+lkNp1%5=ny7fHp^1eTnoxN3?ey?OcyDYl?>z<=Zl{;ll>sQU3n)v*) zAZMQdIDIhMiMP{5Gw026O0+(>G@WzHgqVVFk~UikjgN|zHx@kK2Wu3$W61S|ZB%~y^ zJ-*nOcJfqc&h1YuGjpc(-Y%bD%oZAZa_RNGGxz^IqyF>6{@N~=JFc3Zp}C@$0zHHm zY?RH?wwNX%7{{)7;`ycuDKpzY95?s$8wzAJ^QCw8n%()fd45ul;#98-micyT->#LB zl6lyqt*3dKN7wqkl>$fV+5Oo&F0`Eg{AWSMovBkr7l@pl`!?ox7x&Ju=SoZD-#rcI zw>flmwg1slS(${aEU9Fk+^?liE=#^{Rb%n!4C0b)IQKkqW0K_louB<2E*h5e{pOcx zso_)PdHGUjD{pDe{o)JfYQ%kaI{dawIm4@ZwMF*zrW=cees6t0so+>mQqinmZI9h$ zcIp=I{5g-^fFsRx`-ZH%;F9#(l?O5ex~{1{f4obzexLBSPsbMAkq~CS+apsWbKKWv zX@qhz&!x`Ea<(TP>|1->{9Kh^zoWv3jOa4GQ)_2r`h9QOdB#j^W&U-)U2-x1_Z(5m zyssV^eEQ`29X693-8(>urGr79e{u8QJuknm-}L`+<%<%vClen2S#4$<_UCt7TSit6 z)8d&D(vKhJ?vC7;pl3B(_mr#e3h#NRo^%|YqvR=|_QpdiIz&~NvuLM{b2D?tfmw-` zeTSRQMZUSUTikxS`uy{)b5n!m_H%JeDOz)Ul1NxvR6&~9qAAzCGa^FfUG7dicPiK- z`D_;7_wvW7o6o$8Iyt}(&>6s@H z!V;aFdz4>KNDn!(WxJ`7(cFWkO}B2j^<4b(qrU#!9aZj~k0&1A`DWMl4;R_iLSfWwmAG?RM(F` zb#S5JE`GTsYm3d;fB!mASg=Ip!mQ?GNw?aA3olN*(5(Ar%J0gSkfSr6C5Z(6e8*iK zeSxWG$^zEf$B)mvw5i*3v2JooMa`Uf_wr`VmbzKJzpz1Y?`SdrU|ZqTv&F~IT zkTGv+&)XuYl>+OyPH!(_N?v+HJoZ=7ww&AN{{MM#{LYW7`GxmuUq|jQ6u$oNDf`Vm z+19ho@}Et!e)s6WJ-re$Z`W8`H_kTp->1%OV9>WeEbwaPqU3KmzmBON^4ppCH+H|` zJF61@-lB)9;+vj*(sr=gc34}r`kSnRLE9X&9^Re^A(o|~q|=6zOF&;Q%>ZDOA2TJLL0 zsn_}%=LFcL^{#K@dy`VM;q}Y%{9Z?o=`~d|_Qm!$bj>d?Piu7f9T_Dy*KN%vR@o=< zGd6nU&DprmZri!JXyu#}yjJk!vGI+{^w=%aTx=L`J@EHW+Sxd_ z^2$z|OQolu$(lxQdz8FO`&0X32>GL<;5mVeZFY|A-$^V3b8oh4Pv(hT1G<5JA|w?0HwX_@QCue?l) zLo%9R#Xb+5bm3e_exr{Y&FNAJXrqUY)u8^Uwc3)VRgZr5nwD zeEI)J-+N!L%RhW?_w9U4!K;&hzWe7X`mEeiyy&=5ozbE#wyq&puRhH5Rw)(uaG`mB z>RWBSq`!-2TRy*}J)zHAfo0yc6y}3BZd7RGo2A(FcRoxkn*6wjpRXX}eB8I(`zIS? zcT37jFrC+aH;+y2Z$m=bncPC=gUtME_^t0Wxwx_lKc4)gucV64`h0@2V_o>c<%d@@ zZ;Q5`d$vj7$Q=pC1&&%Rk2e+gsW)GKxoI`0m*+CK;|^R>t6!gZy2({od!@`4POY< zKg?&+Wx3^1ty?qy`1Z2D=UzuehaW$7Haasi(?RrKT8p^(|EqSq+X$L&s^B?f)TOBb;o z&DO|tJ#gn**pkIJwk5ZxN(U`!dGIFKKke|dwLf;+%ybg}ae{lXNTWc;+S3+AH!`O& zDa%eccZO@#l0;T@w>4XNLxY=3l33Px|K2q9&*kTKhj)t4IWE5MPib8BQ_(-apW7c5 zxBKt8Zr3j_p^p;%IXBO>+m+d}@A{^+l&3Q|;F@SH+fg?S(eRaAH9YLQc6nS2EBssEZ+V*9 z!7a}7r#Wz{w`OG=TD#UwRcPB{9o6^0PTUW?7;s#C|1aJp6PB#Xim3e-8B_H#bCZbks zwf>F?o3G6|zQ(e6#hQGjz{taQCWn34%l_{9-|O|Wg0IDRWx6aN#uVl*I>TgkpBEtI%W!;Xc_v`uemj1ssul~-u34&(V zRwfuMi+ zg3%r>cI;LOCoj43@b)KtvJ6_ub?mtM%emin);{)Qs8TCFGuwE&`}X(zv4?WE-~17G zabc8)ba$&pbPQ+e7blOF7Tw+amu!vxR_njr_K+tubSe)YpOM|%-gj&C898{GW4}*4 zKQ|&gA(`h?;Y=yn#EkRG8s8%)JrYZrSXFLxX|MVjA-juh5f3abY|GK*cz$Gem+i{S zOA04zezV;*(K*^o*n62@hIoXQYgyK$-17U0;v9?k3P4?9mx`6b55nVW%*yXnaj&nv zYZ|7O!}D{ZqRd-y>nb<)1g02sv009sYRlDDtXp+tV%NNVbyEawEVH8gp&+4x4)@dG>q-j+!MQ7JV+7?X1OCmK8q)tfp^wdD-E#JRo2f z$DTRu23%Y2hAWDkaCzBn|0aojr_Jx(--=J4&wqC8{QVR5d;TAe`F<;V=bu;Rg)djH zd%9|R{K4w`-ZPVZI?2oC8UBLwZyB|{j1X%S1?fG?e{jz$k)35IrSgxHrcgb?K zH~U2IE<7vvv+Zg_FDgv{Ca zEN0)=?%9zgm%NzPI#+Hkz5DLg-tO1=KXl}OoM_kK;(!3_swstt@hi&VhwJZ z?6G*T=LTQKn)U4yPiE@v{gQN>m*T+An9ac0grK9gB* zcYin7zjNNig^ow|{G5`R<9&4gfpY@Zew{L0nX$8dHQG%l^r*hf$xM8{?ygS!Hl9WY zsk5%>a}WBz-!*+_@iPNUGr!#6;FqON>6z|atEQ+-KRs#98V=rVZ*rDR;PZ(7@%HA% z?)UZIkKg&y9dBr4({$zdgplMHk`hVJ*X_Mid%bo?kig`oH_u{o>!IWn|%ER=x-M@L^V&^)q3m2~(I6QlM z!KcdSg2kdUChY5)H0Add)91+?7oyr_d=*+BJS=@(k@B}{-R^g~JiUDjCwtZ?3a;(# zIK_3RLS~cYrr-RN4Hz$d{_t7O?RMX4W!;0ed+P0-w8Z8YS%va`?eX=ME7dv1FOa8W zvd}8bGB1?n+nJ7}ITPlepMGxt<3~p(U*olT7IZtnJuI6^MQh3P+)~pV+ky$kS=pH@ z)+bjKO*)XVL|WNL$&Iu3W9^cQb2im*&X&LHqN8S6vSa$eKW9{R1Mi>cdndcl=s?7* zx#ty98_de;Vz^BodvM9-v?vPj?cej_E=BE4Am9uZ(zOgY~-(@J-j9Bnqy);$$i=mNrzgu~nXqzULBKt1Ka5Su+^@&^&AaNRHrqMLX|m?-lLlocPA&5;bebmM)$&;E|26@pTods%G3VCu z=WUql7_QW-_-==akfG5$_d2Uyaj8^MkEJ1Iua+AL9{+B8fo&mgBcpOMhxxfa-{>DN z;%hpx*Htjz|M#q1QdY|C<)+L%hfWk6oN-bjMdR_eEs3|TXC&X)lgyw0|AP7pX~~BV zd-;RIo>Y4ZGCZOaR_R(n=2OKE%h`(a&M-?OKD&mKPN z`@20Qzg)i3ULiF2_Y%F_DCuwVRz9IxMU8cx0SPSyABu&)y!)Yh;zqIGr51+!m%qG? za6fqAgQeoPzS9TZ-Jdjbj*FfAMvq2!*I3!!&*8!qKS3o>QS7`OkFWdi@h_J7zSGwK zn1XD(?*4tfD<>vi;p|K70u8)y2r||=KDu&rv*e4n4`uVKwK*1certc*tCgk z^VVGIz;$xf&*F-L*JVuik9VpI9#Uw1aB1_ol)sN>3$AlcOH%styXgSOlAsd)Z^kB5 zL4D(g)3@I}=l}2h^qS|p|DXOk|1VR1<>Bbc&!PEG{@2wA?|f-uxVCVs>JHZQ#7v&h zP6@-M1xpugT-bLigh_Ml%jp`%9j|01p6!+YrOwCS8+`kM!|gwnIk&b+KR&`)v{TY8 z;k?M);^&ucn;*&jZhzv`)zzJ#N`XFgwd^z_p{r7u4fI6O5nY%h!6KC@uI@u?e0Q@S{7S{_HtOqg-_$+5>CniFR% zY78(EOs+`aXy}`k)>P4>`smCOuM#h@wcSs z32ldylT~NdC20ITFE}?Zw`<~MH;;EQ+Z$QA#V%j9{jp@->pzuqQJmk*5vZr^uS=r&K_i%VW>Yq9b9Im_J_3g6w`*=)PNc0z=ar00Ba*XhvZW8Gd%xt}EU ztlrCHWoaG!@un_Gd-JO-gF{@_z1u#e?|<>dd*g~1FJC`5ogT{*Wo%*N6&x(Q*Y-tlN zc=^rIw^w}GTKeZ|Se8xsy&9|MXOx!n+VB2p_U$|G#N%Cowz((Rx9Ln?Hm6MVa)u#? z(N3Gf>kt2QpMQL2Yj$9t^O=bnIY%xm^S!;}d!O~ky*AB{C&&ChnqPEn)zd$BtM47G z<^MlTb@?2xYupxDtAcI*IxSzha;7!g@rsh)b^pF{zdxkGko!HN+BLK4>T~=>J!H`zDvJ@c)PJ8~na=_0Er9)$W8M0+^zRJZv$7AF7yWo=z*N|>CbFgZikrs-zVfxVJ661Hc&WZTeP8Wq zMzOHaNyZP`)edqyz3Hz&MMi%L@oB!i+-#fwOf~wFPHK8{(5A2@J-#P2oIX`LNFFNP_ zxHT_09#|G#*E#?EV>cEHaO1~@dCv-~1I~w=LF2tlk0;OdGrn0qBg7`|%*0j(``OOy zQq9LCa+jWIOsh)jIkwBH>i4hA+!gAQ{stySab2ET!M~)AoYAictm>J-_jIAru?VAI z?yLPDAOF72*`qULlZVB*xJ@n5^7jrjI=9c5H_wTUZGr@&*1QEf^$_#$ch-{Shu*JCz5tJ(MO?fc0Yxlixj|Iel!S1P$xcI}!S zkAghXKg5*237_p%{A%m^^rMejcQ`4vIBX}l~>XDIxadp8x99l&|eM^s+ET}bL)1R(?Tw%Rc2R^@jCmB%6~zTf3vP$$|}(p%phB$iAGTbIfcXVx8L*wb+LH{Zqui+fjfsVGklmT>kw<#jOAfkAK=U8geimKCJxbynp_~%kzKx@7n#_p!M8x zgYzqXcVBp8Suo@Kp7*gK*RPAN_ip?$t3Yp?#yPQqpYr>8&+||4`jj63S7z#Gs{^Gg zi(>x0O0M_LD`Dyr-21r4_u`fcyZL{QsCRO+pU)6F<;Z#R&(-t^{3hQ1agww0e}-JY zKGDx#^w>`4eVQ};?#8W$=9!#UU4nIHeHI7ZA#FW z_c88yR^3xxMLvnRmXn>dq5t9Eep_{x-xg=MpQ_DxbNlFtg|-X#{62DANmKN~wl6j< zUHco7Cr*;7cw@+yTlweaRQ2}a{WCiYxBdAQCjHdi^Iyr0VjaNy_^va%vuz%s_4VvloNaEx^=k|=uEQN_a6V5$9QE7R)>h!+it%eps zXWw*)SsyXu(v*3=HRW7{m9U5lvV*Lz=ceA=mWu;`9N z?^V-3zn)n~e1DM4kzCN~z?A3F6suY=_0g28=^yUx|8Jf5V}1VTdHi(~xb^nUC{gP@ zBBZU%;(M02 zj`_ddyx{WrytF0j<%LnzECQ7z^Cl*~q`|fBwp{WS$gt4-Z!# ztt2nQUEdW>uFCSWe{3SaCj4VZr^?0xHJR8h(^)>tJyn9Q39M02)C*aDJg4l2yjAPY z#Pf&E?Tp^s`_Xv*#SfKz*A~8y%d`{c?@y4>X2~OYh69b$C ze0&p_&Q5Cm{8Cy z3c-Um9ULFzWqwsvR~&VH&ivu?``Z3c?ddlweHqo>M2Pupa8lHaVt-Oxsn*86B7cQ5 zqiuWDjH?muiI+Z*lj7-mkN)+}KCJi3 zXVQkMmr8lD-=mMYubFZ+V}3#w(;u06hAPg+8mvcL1ADxUrap<4uaK|*IdT8RI`WeZQ`Cas;#U^IuCT; z*XduK`}V=KJ2RLMe6F?o^8EcWLxB^suLqVVOt^86S>=6AN8c_hy&X@4KB*}@e(K5D z-ZJ4x>yq``r%&JiN9a+f1WQ;>wOlEfF|%Ep(>NttsovWv;VFb9H{K zZE|=#d(wl7q@+0x(tkeuRX%mk&UdOPkB^`6)R~Kxt>Utuo^CYx@aeR}66*_6Ri8WC zxkqPf|BUHlPQLkA-*SnT$8WPkCtqA(@D;RL;JvztgZH>W)9iOU%#|H%py5?>LZf-ojpJoPhGlYLZ7HWbS~jtSu-jdJ=~>n8KI7`G zo(WCw9x6)BmM&xo2@9JrldrecrSk=+;)kuC0_x%vH`}zHUe}CPF$6J;JsR&9W%ATGxp~Z7S z?K>H}51swRw`OtY1V=|iZZ|ZrG4fHH>?mD*$BM(it^LxL2|nC`F-ycV1h|g(MwVwQ z{+RAxJ8#;#n|nU)+Fo=~Rs2JjcKkWX^!bjfR=s+8zLK+6B;IV{f*TSBjcqmCUaX1j zD5^TTbh?491=qsE8#q+&SF5*WWad4JzW>uq+xofj-a6rT-=~^vqZq&kB}3N^QQ%B%6^UFy+kAQ@$HqJY@>jY+94h zG?m+CiDvDUUsb<4G+o!lI0$$x;N7riVV|w--Yur41|~-5{`8s2)hD@sbZxzuvH0Rn z9wQaW?)0rP-=~!K{`w;J?B?NyEa4m3dUJ$6nz}7&efU3bXLr}CS_{6WOL=OGP?$mN0oy6Z$&JTV2<6dYHQdSq;65?&e3#0 zJv7+$aZ@qJAMrAsOV_OP(u)cNUfLaI6-XBF+VpZ;^a;P7`5!D+aR@32Oh{V~TMGbQ zFDGs?N8z|>_&ym;RsQ?s=HjtMh7~_AbXuPIXnM^vXvGF@wkMl1-PqV)%=R#@FH^sK z`EpNhPhfN?b5P(y88>xx!A&OpTmlIS&&2jG5lnQ;{$a3mj#A}iH)U>rkxAR<)$7^s zd3$d$*WuK;vM*fb>{-3z|HiX9_czbqcT&^sQsk{!(gAECH-r8573kLgJO97`Cb!r^ z!zY4I7?-$syPiKFz?I#!RPaaT{LYP>EmIQJHfg-wFY47S@TB%^iJm`0PfyRMi~Rp> z{YrJ+j&*Hb;L+I{iw`mx#K{RyN?5HdzGchy%}EED)Xd*5yVM&f_)OP- zhE0FZH^b*kL~Gt2w|{Va|Gug6_o}St|M|54@)gV3@9vl!nz~|!))G!-Cg1PV&hGit zb^5>$3H@}{mqCUTzkg^}crvTWM~yj1^mzJKK8@>n(`P5VT+Fed*I%fyKX}G$K9k$u z-Ys6at!vM=mwOiFsEH>yW(!w;lUcNGSKG#tw#$Bz$KHMyE%Ns^zF}p1_L}bOmANa9 zAGLq?a$fA*l=BboUD~PlETlQ4FP2YGLH4MB{?2w!+4TPz&oXPpn9ncXw$yUh=6x=S zyc>mjzUL%wsop<#_EpCU{W>n`vP3US&R@Ibl&$YImn5ARX4E>O)O%_7xnIs*%lAkocPtGm$**my zm6ki`yHx4%Y7Xe?N+!QZqyEFY%L~6gU7v9NUF?-BR~z#cK6Gu~zU`Lzj19)BOE`TS zd771zdwTmW-nr%S{eeJer$yi6ge?nJ86Ev_xNco&b*7U$O); zl4sn$)i!C8?cTk{o_mTS4OcgBeZGES;k_Kaou86ct=7J|t5iLAuJPH9b36Ws?s<0p zzPr-QL&j{%PKPBmKQ2AsyR=|c_5{P}PTZyfO$YxawpIO>l$TZhP_)f}w}wgIKP_w0 z#ea2tZ*O+L|LJO1c7E>uhyQlhJG<7}?p#?i@r1qZqv)^zIm_eWLZ$7(+kW$~ z?LhRpYHj{M-~TUiGEWcpkWrj*p|a|a%%xt#>~}V=q`lRAd{25!yRy|lJJkP9??bKj z>VLnF@A()26R}TMq#`f!1yT?iv$9u^; z_S?_t-R8RSCD?EY`s;o9Tnad|6Nrlce#J)6{RCb5)jHz$Xh`tlzKefO({ zh5p`R-!Cj2JR|)ggXST51(t?o<;R(S%yT)aCFu8RWv)@D@cP86oSuWW{PyiL_xm^A z*v;w2Z+q@Yg8au*R&y%2%;O5LJQLaOH7DX|q4~=&g}Whz!hV~!oMdr2;&{YS#XyCl zgh@Tl_4Fj~4TlZ%_vEeUb@kd*{g?U6+dG{he2vcqS^iDFUvpn8ecAGgKjG$!n;*2^ z{0LcPSHIy$^LfU;&W65cR=1*N?|iuV{^RraKDzasbDY4RZnAdw29CuOS~kX-3tRE} zr*2wu{P@ZaRZEkaj&0Y(Zf_L5a3jKBZMy!o62=(*@v897If&M+pX-@l|JX3c2o z)KodF;lQ@kGL`ws5*|)LSEFCO()*9GhQ}nT?rz++b-IS~X8&m%-9}E*yQHQ^Jzt~~ ze7#}*;fl-xZG%Hn-D@K^w_V}=e{Ny?owFy`?-bEgDKvM>-qgl+{M?+E0aCgxs!I%C z-nyYY$s+RbhXZwdYwA1B|9Nm*B6qjXu?(5S3-j7V1Xz~V+*xZ~UVQ4!xunA7Tlvz{ zyG3S9Ivdr=!ksJ-bStuO=?4P^6UPS^@7o_(wM}eSySsqNLSBu`r!Sm1UsugK9X!{| zz{aRYn`QdCxT9yc-#vHx{y#A$O#!FHrG2+{`RP^NtgQL6*?iIp+p_0d>rbUuS;gAi zJ=8FfN%675)W10yXZP3qjGnM2J>gdMt@+1I)7L&S?|%=Pu}qXmo}lGcwx@j^d;THc zt2d8sTfQYBZTGsF8=EuqdjsBm)~^?35`JR2=ck|1;zXUmn@$OdcK4^;mpc48(CD0Y zZ$n12={0SeJ!irX-J9+8{LG7n0DUGa2QBgBd9N&O6~*NhRrftFJa4|=Yt^o2F9mO0 z_>-MfAfPVSziU6Zpi)#i@N|Zp)Pt?zF~=P0<$vbP3NdPxl-CvwY~>72?(%h4?0Nf$ zX>qf1MsCMZ6phGG2?^y?5=9aP>Fw&IJbBqSbmGyglzpB%Ru*vRy-4G%Rct z%a4aS*^OGQrUxF~Ebch{^^HwMgX-qzBH2sNT{D}L)3>lu@!sz~`)9lF|5Yp&JA1fT zW$IMVO)quC_rKDb6Tzg+!a8f(npG+94!N3`n6-ZNo3-tk+my!-e%q-TsAvVvsd^?E za`oE9t=ZzS)@2KN9X%VP&91+aXqG>BOY~dy-TZgSEAkuKp0SB4dF1mn= z<*J0u@r6ppXT$e@%gy`oXSwH*-0$Wen5SHj;I*>u)hu~`*nUg?`?_g!%gavO&CQvX zx=Qs^^gfn^Q}bSHxIXy#WRK0xHSP}cn61A*eDdkcy7iAAuKRmplU|=d(}7KiQLD8r zZ7iBf-XxuFy1Du1&Gqk;tZm)a>=M-Mow_~!@)gr78=p-%nqyP&=FGj4gb%jsYh;g2 z`jH|urP=Mn>fdrn*Bk40rM@-(W%I4S$G!Y2hbxn{<%X?2Cu~KTvgP%sRwo(N&sW*G zxh+h*k>eVb3wb@QeuSsOZ5m3&zl|7+9lg(Y(`-kC!N z?_U3Cp60MV=Eg~n_l|nIemLdr|Em|K7cW!BSG=?=x6!9lnLldLXSi9^LL+~6(-s%~lj_j@V;iuOrhQ z$^ESORb=|*E0?mmSrr9?E?&6QtRwp04Yr z<*C4usd=*X)5|#`KMv(J3RE~vaxS>+Unh0y^PLIbrna84(+$5;#QAmOlPheGt0nBY z52Xn!^DLiJ#r3}O{_h_TpYL-yT`*1S_(9Pd*=k%*!XI!o3O!H=2zvBv(-*lHkM6Jg zZ^8ZS{O0=Grxkkp4Wu$_woKO*%UA39`r`G=h0AvBs>po$er2+2P5ds?*`;piwQ>9Me(8U&moE`Mud{#q=CzG3 zslFxQy#arCyw&Br>Vo$N^VNJwlh>ben%nDDHjmTJ<5TS9^Naho%YL5mcG(?~Q@ zk^3w=?Hj!F1-u>}NwUa0^Y6E2-l{Vn?ZGL*rGulOqek!Sp`+a%VWFFfPp3uAk}}LZ zFLb2o{S*#f*RHbTt$k}0zbO0Sd`dwd=!KG~T5-plyFGL60GQ!ja_&YUyrn4m$?ihkezd`GR;e3N;L zyVCUx9^O77ks@#*B-ppS-v0CLsF$x_9ye_IeBN&A?RRwobI&^pC@ej8KJCC~%lxyE zU-)@tKTo-)8hdG`j8m5Z+ey7!Cn|bQzU28|ad>;i%>6SS{xMdTI$LULvrTuBz55K$ zmU%M+r&L~)y=-iL#;D%m`oEdEkea~BrJ?`8kqZjpdp~*Q?R=S*c6R3BKi|@NzInMe zX`J~T)unW*I9#=-$A7|_bt?Ha91H4mrW||a)xuLbW6}eQC7W+fFp4f(**N3zg1-SR zYgDA1^}>tJg?_Yf;wZ7GuhHrHvFxwC<4lDVFT zwLY+p|H+kn*-}g=*6scai4%O^7JlNjyB8L_S~tx@<8MH$mMgp z=3AGEZ77gkVwj=qsL>Oc@p8iX%0H*4@AJL3Ht~4CGs*aEy@Ee`Arrq!E*&43j?2H{ z`S2)Gm!~8*?QHAw!o&9ejo-??y%M5wp;7$YZ7FXxm&~-wB0eis7A!1Jm=T%#_07#{ zhV!2%&T}u-N@d-7s;KAJt|+x-Mj`5}yS!o-=N>HJhTsif@9%H}9?(_c&HQV03vVB|e&C~J6`15wn zOffomP&St5n@rkKLB4&)MKcb~UvK%J$@+ZH*yEpqzV*+)Ia=N@j^ zeEvX107|9s+2o7>ypKi?zjU72$KFNbEv>UE3CbDDmxJgUB&*<=W3(*HI@g-L_|0#B zsbB5xJ0G6@@2nSgc;Cts32M+{SwQiSH*@_4*$2;7S*Xw5(lpn)Y~!OXmpO|peHP?S z509|SoG2rpP-d!Y5Diy&_GYuQq`9yIeiv%9={WCI!k`fj-?a-);3@BJKeHe z`@_j6pGB5lJtWjKXS)8}h^NyYB{_cz>L}1X_kru+Rq?s!Z(I@iZo7w3*zQ=V?7GNe zHT!)p{aQ?xtkSA@yn20FS+%vgZq$MA`@i~rx~aUYc4@|~M?RUJ-*h>d&br%w*k1GF z@c#yV5zD7WQ_nqE6V>E*B<a8bGVeXUilBh9|oqgKW=E8EiKL9xs|caW}~i&sPQ$)m~5Ye zOus8W?Rk{QVN^L^VZO4h-N9*VcW3%8yHMw#Gc_S8sq1I&*DpQ(ZDG0BEN2C9={7aE z7N>12J-8$9OcWiN)=Jd0V)gD(wJy4dI z<@NdG|38YgaZS9=btU3G@O&vC_(0ssXmWB)#X+gO-A}K_6#dIuwp^|I$l?iKm7IiP zzAWc*I=u2j`Qqfs7KbLRS(j8(G^uUZETqb!V@~=KN#B5TPK_#zLO0l$*?9a;?>m0|`Hkz>AKq%O&do7+E+HTPTY!g+ z$4S9u1H;ob6HOL(&XU=^y!cLK_|@-o?f2bUnC{llxV4Y{dj8tDySvNZ-U_|{Zl$UJ z-uJ(4nxAKJ1!s3|kY!TT`292>-m7K8kH&c64ksyPotrbtrKO)&o3@@_|7ctEyT!`Wj!YEt z=9rd$Kg(zCl2)g4^BJ%GZ_`+E-8Cl0)9je;N`^m1Q$7crX$oI5Y4)?#^Z(1#e`>Ek zB5waVQtdq7r|bW}CRhBFk*>PEGv{Vfi6Z+_rbRI=UXl+(7tCN^&lA_VV1jG-sVUs9 zR=ceQoF<%4ojGIHG47g_Qr}h=vnb#Af;)@;t@p~-iVFOs{bX5MVASR98>H8YFz2q7 zk(N}J>z}AA^8D_a2~jgElh?jHVN#e@G38l_%-Rs$TQ7ahHV_L zR>|Jx&{B0vD=sPBD$Tj*@2-hK8ZDuw|2(d(J{Xiy^pi=WSD>kLW2V(5O$X%`rR;TqWd8lyAK5y0Hq4q`_fvf4jI)zYT-81)d(y1#<+A9RvX)-u zmzI0(N_!{%B6jbr3Y)x^+6acLy_NgyMSB-|+duiaDsk#J1&u}C#XEK#YQO)vtnTyQ z_YcmR=PtEf_w()d{k*&9D9`novGqfZ%f=2p5k-yzp973H3uu(wRJNb({#!0?ql48v zmbEu`{};%f_Eqpl-HP(V`=x6QFWTAfTbXt5k*4d?5T%)Z8+T~-%C34YI`=J)-&ukF zqaO~*JbT5<+BlPW+m=IoOi3JtHT@{U%V0*gaOV6-c5Hzw8PgvcpCn#;O*D&&xg8q zM{ZxjzmR$H@hK}8bQoFbe6hAOv_xDYjAMYR{Lz(ZTqs8q;4*J>NTm8#sBS{ z-ojaJv)A1^_)+=z&F$&^E4jE1F5`Xu<3#oSqhGG5%>Tdpe_vSLUf&&Je?!WZ_We61 z?Qtw7Y29gF`AYdkYb9r0iuu|$J97I^qqM#`t8`y)?Piy#{a88ex!0SBt&_MI`?hpM zo2{J3ck5P^Q=@udR9pV{%^A&Nr3<68Z}WM7zZ&-Z)t;?k0uqnaYxHg8=3hNM?ZUNN zU14@XUMoZ{9yO}4s}L>O*`zgl#^O^~M3kOMEq_)d=soM+mz^_p3~#&Szqwc6a8)~e zg8mdAamUc--QC^yj=jHnCgJJNim6RH8$9+|D{9*eK*2-n(> zk}1DW-oVDFFZuSvLXLZXpWUu_)0uwK-+y5f!zsB-+ivcA+{OLv>ZK_u87V#c|9qJ) zQF_Z_`P~<%P@=1K;pF8zfBwp@_%<_r=c~5Ymc^ee?#9ZxeOZ*HcW76lo|xj9$5}nS zX8SiUIWno~mzqJt2cFi&hYnbgJ&>|Y2xO>W9p>0bW-7ysp}5k&EGLmzxH3<1-U5afR7c2 z-)=8>AN@Y%{<>J3&nJ`}8aUOA;=le3IeTgA>&U%zvS-)kdhEXU$tv#T=j-!->%4x$ zGu6FJDbD)nLH(NEy6rRVfA9Y<5}$44H%INbD~IEQsTOr_HdN{_oZuAea^T;R7u|2% zV>I-pGKnr|W|+cX#~Q1t_=jPwR@$`fj~e+_JbC7HG1^Vs`^QwHOJ#xc+TT}m9A{kb zv@}RftY2}1rbw5`Qelnr>1kuB$j2EiJfy>Y^OZEzci^+bl6*3+dzQ zSbRd|(UVWAvw}UBeQy0(w5v*aaZuvrO?Bsb{0%LQeHSfd)hTLf~Vws*bz_GOQ=*7Q>{mex*t%1xJ_GTQaZ)ddEaegr+dw%W|l-2CjX)7uv; zZGC&hvig~f7-L$+^$^a(Rr*eCX}(+M_bN_}=lkH5%A`AS+R>b{X%#Q-=tynxSr@Ws z?b_Cb8$Bl<*Ko*m+$?;U-z1_Tc`|RvTHkG5qTO@VtDY;jI4E%l*SyTgPWH^_pI`go z_SUoJ`4Ro$I-mXPzejE{O7pE-c)Hf=RfD(|I=GLSN4a)WYNd3wyEm$ zr)%)}Jz~AJMIbqCMyl_L>oUjdoTQHCmCoN~7addF!na>5HN;N*980*5-TL($n=DH< z_IwbT8Y7q)ZJMkZyG}u7_Rh}2N4dHV4Sc6Eo+`>phaC8E#UxjDtc6a+<7z7>h>(jd8e;gF-v_{ zow6vBBW?Mzl`LG^6OVbSUCh|BrQ-3|@K1Z++j?b|vBhdMw7p)pcUDnh-I9wfWtNY0 z5}rRODLL8=tGqf`J}hl{J-u_c-g;S!hJvI&x8DDiY<(kha!2&)IxfLuvZftIv9kZS z=1jTP0}(+uzT=Q!D>`ghLkd5PZ_I%}+*IPIwQ`+eQ+^0l-6 zuHVz-wzx}m$>V~b-%kI$`u%=)fZVPi7AApH97}E;*WU5)+U*;gQjMQ~lXKu|RQ2h5 zfAEb&RGfRdScwg$b>09Ssd-VL%`#*>dE>n*sbwZOuzZLZhD z>bM#DG7Gd__bg~i^>kU_@OzGR^(@x4xiyci?>~Q)JNskHk zSiQ2tzJD)zac08Ly#`K8cWV0TS#w`XVVmB(z$zgoJ|;8yxG?V_kLx|FGAqk^x;E>+Fe^-jnoH@Iw@#x;}ozMHEf8I&o=MtbN7-FL_vog&4z^8k9e}YbGe2ZG) z7wgZZ`EzxD{hWj1-vur|h!UGNfyFB@fbpoq#PF^?Tqm?$BUjE6+1&cz!e{*t+jhS{ zv}wsor`HRn)!W=(`BUBX%C!amV$DP94j;c{G(XkS;O&`KrXP$>R#TQO-zdY*#6R`) z?AiPoe|B2lnI_hfJ9)O$@|BvcVT@9)I|CHvh>iHcB z*~05nR~PX8Q98c9CDUO##}b=b1#f{8>LQ+2nG0mRHb;=bh>?AuEmabyjxOdNytkZZ#uR~K+8e9 zbe^8jjg=|63$u$4ER?#`AR@GO%1Q$+jY>QHc^0Ru-&JeR|95Qr$_hD-gMHa$7p`7B z*356i(%5f5-Lz@@EZNu7KRjP{Pz(|K8>o-nYIVXFN}+PT<{+TV?+)7tQ;4b0Fl9qI$8eAw6=Ls4Yi9ta;BGBg2S!+cv~p7Bn!a z;0yftN*gt7HFy+mQn&5Ek0UCwGkJo%LQX1+ z{R>{bZMQP(+nH)!M~#f0J*qsF@%oii%ct#Ax4_l{h$gI$P`El}*^}xgn~fDrKKig7 zFANAu+O1c9cSEy&{l~hHYZlS>iyoJ9>=%l?3(HYTN_we`cVsrdh`Qpu;K7*}A`DZ5 zI%94+b8|*5D1Gr^&H4Ffm#ArN*)(IuEN8FA?3)oYxaQmVFHmyOZk5l73exo28M7na z(Od2CnJYdTVJe48IS>83;bxd_X}ICl+Ks#3-Hcg%#VavpRV&wr3mNtaUuT)-+$^)~ zxBuQ`sij$QT6*2{gZXvSA6-!q;d)THHA6vD#Hm_M_?rIpsE*z_CSDbfZ(ZHN|seKw2&~@mH&c+?x8+5jCL?6;!{;yoc- z8=Pi(scDEE=84tpwB(z5VE*!ltKJ^JWVUv9sCibF@cggS!XKOHbnN7FJbHMOO8&mr zVQ%W`mX*JFG90VZ)ve9eK7IY&-ebbqMcPj{aIFdOT4);aV@1%p9ZKdhToS=cU$5WO zRGqi8yTmhzwd=rVh60xvpIB}%ZFxTN)Y*^Us^1@*l=vlJr9@Zk(La^X=bN#6#yt7> zCqr?q$Wo_y%Upy6Dt=nNso;70JK&?hwjQw~b?o=sAY&%Kr^MW$P`& zB)4UAi_W-Ku6v=bVe*D-bB9&wSMT3DlwsywZgte>oMFj^&xx!zu1r#gvtom(Q3xBjLGn|EII(>l^*+{|MWBx>~RJ z^45djFN!#0Pt1IwxVE0H>3hwWqo#$r*CLuPg%njjI=Mx#a-Y*KJ;#+DCAk|G1Zg}_ z30BD6lQc0!saK3Em)+*$pVL!PdKS0$7nD`Z*tjw>sF0npr?+n*H*3;LmhwBL(se&> z`aapz;nLJKfn{6o`x_mv=4=;OczBE9txH#X9&J!sS8^loJ?j+j)Szv(2Q_!C>;5Jh z>+6}uz4Sv|*9z&yt*W8nJ^0J=H4s0JGJJsG=Jcn*{uo* zXJ3Wty!LSq-+@#M1u~ecC;9a8Y)m~Zw&^F+@pE&Gt&VIu{AyLW_l1jFH?7aRaOjz5 zW+aEEMwQ&g2$@co2(d!NK%phMM|$~IA6i+#bN_Ru*D_5}u8yoJzBb2po;*3L!8^?; zrTFG5vsIljOAhoM?VTYQS{`p~ylUn7may3Rr2=2R>aLkv9-VIe{{PnU&wG#0dv@U9 zVUX2u>b!*{vYdk`)|y@#Pl9qxBHNHuk`-iBTJpcpInuyO2s}oyF(|HkKd?!8(Qrb=*lh#e0vIP-0?;n3KbK-^9z7KYAKI&9qDiAJwx9g*p+>cAs1rMY~>m?s;y7qz# z(aF8oP`gs*#Wd5?H!sggI=_1Tq!U{{{n@vefv4a1k%y<{2ak~6^(J2<|ZQX3fY8caOe!q7oa+y&-4zotSm2 znoca4eM0op=dCe6?)n|eetZ6rjsLn?h2a^CpRjhRT|au=&TDqhgM0tt{(YAJ#}@zN z%=HdSzSYz9(?8z|t$8K?uk-%z8}+VMd{@(A6itq;u`rl=BuMO!QG{8=@}-{zcb$~ z_*xmYqcAEgSWC0PS;ONMB`$>%pKKF{^(<=I@HGsSDAM@;3H^%0JnR1~SyGW@Jg2ukd->=V%Z7E_J`AEPCEK?fO`f~j^&v}?fVW!Z zefE1N-#NQietnR==j*fAmc@@u{Qo`(l-gX(dTU0NX6uS$qLr#EL>9)h6!E>Sd=VrV zt7B04O+-DuvU6f`yW;%C`xm#)TgIX_y|sw*Vfckp{Lw2zBVLAZq_z}TFmnG&|GE6i z2TQJ=9aGE>ZTfgB^-YS<1&)Oi&So}wv6|0y^e}#}J%Qu6;i0QdcXxlkY<(d=PvpwC z^v1UeNt{V*-)`a6N&Wdvd*`Fx{KVUH^V9CGE&nw8|5N*5sT&7wrf{coT3DGL`*26( zR9ITTt!*FgN;vBDZIYdm+PFnx_Pj%7xmyHoI0Wb@$5j54RGP9#Q*v>@w-TsW z>l7l^T4IbuA8dSBtP{0sj`;kFIo9v1)%*9Fg;cNGzJLD5iJ4;CwgtbxC~B&nq017L z(X!!!#93p+Wx0YMqx>cYnJtZ?alxfMO49>GJRf3Bx1tz^)r#DZ&o@=4$x-A=O z^h;)31~1LA-=1xI-cjZC@h-LE4@sxw%a$l zID<21C!c)HefMp{KuD=J{vpo&NHJ#aR$a(8B0j3Q^t zai61$m+$0c`7zB^piJ#dek0%WvyIbIns&T4ntoQuQ>+ka^ujY16 z7WNT6^?BasEe}4-ELKR7a1*{3o}K38=AvP8Ym>$fu|wNF)+oC~U-GmPDopc!8elOy z+;iazkL5FFoSu2pM>BH6iuRc&JyoQXOMZ3GvD42FeE-m0`9WKtLge|T z3f0fWy2TN!YLiwxW09>Bw|5hnBxdjOql>$>pt&>B=HaZGM=4w}*K3X@EjZAr?z4L{ z>kcuc#I(l3q&bqOHx`|hn&Wb)HomQ^x~Ec?fZPE7yisG zFL)dMKJEDIcWF06uP?N^b;H!^9JjLb8=Kl$h4GJ%3P12lTB%ZIla@Al>74KT)b4p* zx_Z;gEdJOw*(q#S3+8C;Nqi{!iKQ{=;-Xd_em=81>INTU&(6J@k*a9&=Tmgv)6eza zzaLqulGV2khIYip87p00cenm~F^ePntjWYq%ROISIr{O>bB=f@ z=GLgZ<;k|_b&H?;{&RYJ{ehRo&v(3jrTycG`+xf_Tu#DCvBIl&#kho@@mI-L(&#VfR! z@>=dKHC|PD`?|}<-l;whx0O$NDV=chTlUUhy59?~M!!$Kef!=~Yr9XUK4 z`i-qjQ?pJ*UA{7HVSq-ErdZ^Ki^pa@RzDmfB^^|_M}c8suV+Z8iQ+LkXo z#%-SOyL?B{-y*N0Li6h%B!+Bt4UbY#y|wAZtH=|_N>@wB&QCeHsxHpDY|^xnN%sHu z|LdqR%l@)_!UUgY>2`<3%)XZ9>~xAL05 ztq!Y_{<1DFBQ#HBzgHudMa2sVrtIDJkDO}5!PW`6p9a()i zH)sEIyS(cA>^r}I|KG7Sf6w$YeXlihZX9!Y&+y#JS~4^L=qSJ57OR`X6Yc+MoC zA)Ku`#Vsp$)q$TjyF!vY=Fpb3h#&{8xes2f zG~ODqAjQh9TFX^0oTGHEo2KKky;EntyczIYQgBb=$p z`~MoHZLZuh_1U@VdtP~Eee16A%>Q$`f8y!XiI<$XxnuQauUgyWrPwd3WxGD+SWz-d ztCFEPqm{PeMu{N{!=eCK>ioU#c>y7}O{{cs> z|EDV+7TVXjQD~ZpQv}xrotC!>b0m~RCIop+zWI83;iSx#Etd87X30BGn>{nv&|jtd zLtB^N(@k-b>+GgY6MVW+#cx^fmqT&C%yQFS%a(s?E8jPHd(DT#cRv2(FaBx!eo^IR zF|E1WGcwLjh`r#qaWU`y&Ahv;IE*BlQkb4v{NVc3$~3jBJ;-1~74Ku=#SixaW^S2De3JD+O2Y?bFxVHMfgwd#J4#k-c3h8;?MJ#FLv2c2y>alUGo zTb@_4G>X4-zPNS4>^FC0d^bv@x3w#tY0rK6BB3fx?ToBgDEFFzcp-H`ZsQc`BXd`T zwfe?hoN9K7`^SOY>xOo-A4`9)pB}uteZn*sj@4m-b)R*wCwX`0*ZozTwl?PI-u+*^ zm&^)Mk(urP=jd?>IVqPZpU%v+&SfcI>J#wM!E?&{WJL$U(2$=(kYtG=t8^WMO9KGr-ZxOOkk=0(!`vXmmO$a`~6 zW4Z0Nqi{`#)b6d#KL3N**4;QaZTp?mzVd%~@BN70e|%f{-s$h8^BmXi?|C`z=p0`a zNuTACZ!^^QFPX2Y$dPkdZ|{QT?KwMpgrsu4OU^i27v6c67IR%~#yo`?Gag;H`&75* z4bRe>FJENA`(YpD&T&l*#y1v zstIH$R(!pXy(Z4i!C&p{W%mA$m)6zB6hAe)^wGkj@mg2JnTJ1aI?7d6sh970>1QSW zZ9~r0EU~Zr1;4&X^1Z#+`Zhenb9smQq!2IGn9~P~WQ!gPFPRm6!O>yq1odlIdbFks zUOLoeow4>~ZL4tc;S5EoRkJtUo0NNUSBwbnp`eaRwy@7BPy0hz#lD8Uc5~Lc_`&XK zmw{VCmZHEWEeA)BgC7^WXS|Mb_`S%^MW;=m=w8-&YomjIICOQhmWS?V6u9=Kb%BZ1 zu{-acui%;IW?^=TUtywKi&_q^zQuYcooAhuiPj$1kNPe3EG@aXx5RR9w%LX!pR^

srsc?e(IT-fc2lIubp*7sM(3 zt9bkk&x5&L>ndRL`-1-$?kp*45Z6g5%j=6cv-8F0$cI6zDrD?y#TJTg<%)H_c*#ag zB{;LlYh&tZH@Ui`^j!IweQ8>)O8cHGr*3_v{^Dg$dP&;4G$kE@FQugyrt}p4c#u7% z*!9A!Z`aI@sj01+b^V8H;MHKJ+l2?G*>8Cpmesm~WrF^t>sOBKUU%orjT_?~Q$fh**Z}$_d8{ zA06Az<&$&y4bRGLd>6VDJ`@TSIy_*vTj{dOvEPg<`qkRwpXdEo42@g(I{v>{)}x*O zR0W>xUFy(sHB?tMDk>wfee)$TkAoj}28!|Ww0z$0HbZM^j{u+cm#gI$c6}6adAoP3 zUHq2WGoPK>dHG0E;UnM7Jm z_@#Rr8SL$kzniPSG4buLETO`+vQiFQo~rX(FJznw;eH*OAe#66)IR1frR9%8Yi>O% z6x(XH`S*`ZxjzRd?}*x5b=0V3OJ;8F;}bJC+kAU*dC$*x<`?f=N{d;q+x=8~n&4*D z<^FRQ8Bcc1_SKoGGJW>ZvPTx%e3u3&T$|&V-TKXTiL^OWEGx%#!>jjStyw!EA+mI# z+4@tzm03RcyKLpsIVZeK>CAi6t3@p<&#l_1deGoBz`%Rm=0|k-$&C%amtNQkkZc z{_cR?rEK%ynRAsaHt~n*1zCRJI(Q*-&cD zTQ1+b?*D$3sm}ckjZ>w~FYPYjoF^b-Q8;IBJ6}Q02cC4b<(gWJ%S~)+YjbYyYj)rN zS$ET|-gQ;*yf=~I-}iH&(dGsfPXxNf^%w2kK3%*_c2C0WZO=s7%l02Sdp*`sYbpby zmJi#qX-l(Pj)%+FwngXdZ(cUd#GPL@{qH8m3r+LRh3)(P;&V>S{#Dn~tnJK>-n>|- z7r*xs$D#|or?%>p&6i!YJHO%S>aZYoz98aFWBkUuDgBf%6P>KajgpimdNe6 zJb_pG9J{L;cbK8WAmPh9)FSglTY+oHG{p3QnyG8LIj*l))KFe-~%s6}SjJ=uW zOzREoQ%^eVbhx}Iu0=e+s(8+oXK#Nj?-PvQDp&q9>d$idr8Y(_n==|-=GV8L`jGkM zjL5E#Ls_p~=34i5sGr?+F50{BVCA)2%XGOP?&yeM(!T1lXKV8}*S$KCo2Ol!9)E08 z=;{}5a#)`he!IfSw{OejjS~|~9$cR0XJ8TAv91OsUe9>{?koDdjW0e&mhby1&)LrItNN9bu{oONd2P>N|XS`ojbh(}m|9If~zH@WK^9;`& z3=(2tG!8BKmIfdAr%CNj=sQT`=`fnaaxunU}XhPRTiW+^OgZ+Uatq zQ!)4U3$5#>k-H)~HuOeBFzL!nKBz4%)3g`QrQA5W>B|7=;>l2qmi5jVUy?QTEPRr+IFZ$a!GR@)T*H;Nl{KP~qY z>R12ZzsK#>w%r;w|7y9MCcTMsd9^BfM%|}smFqFbu899*ym{5_%0;~)Px*F@}ZeERzOW%~^?db7hf?%3RV zy6X0e{IU}_X8nnoX1aGS&v~)Ms}o@zz$52vzb!4Zv~2ly^BRN9wli zNrg+2ogbJ=7!r#|- zY}=L=&~^XUiTX$X-rG3bcd+-m#c_H|ID5vDRKbu>OJ*A->WD;ivUucvD$Y55gsm}i z_f{1t>4zp;tlKwl70-(O_{-_reWUNIkGB3^t9Rz-Z^7sGA-rl~lNJiAM{Xq=4X0;oa&K~iZm~${WXW5aB6EoZT_#7+cW7lT3G_}xx9Bbl8Ra8;IM_Wj`9u5^1>;Mui1RyFnPeh}`#!Ml_xu8hz6 zqD$d74&Crr|93Z!&zw8YO(jOiH#cIX$+=gh5i|RCy%c|Fvo%aSvih?nXZS3h3==Qe)Aq&&ry8Q_f4Al$NoGvLX`S`>_solDa`a>}myyL{E%+PH*|~3<{f)` znc4X_l{u^89-q_f{8_Bz3J!YTcZC`OmrhKk_wC53WzR zZN|l`b)eI7QV0`lEr7aXw$NE$Q%6bf<*#$kY@Hb=uuX7Zl!r0D&Jw}zz3YzI>pirL z|6+P|Rr%XLNB>+m;flVrR z-+Jz{W;y+vCFjk;7|t1|!e-1mIaxPEVz%aot?qG4L(W{jHf7OzZBKviIX>y;+*M*q zlYJ-nIAoi1WK=%34N*I$A!qIK@x7M2}meJ7p((+#2`@23q zJ%vRXe@eGkKYWm>7jJrCqO<#swAWQFMprkzs?o?e*W*fgm z{=PZ!@UP0ri@%!1UYO?|pmB9gJ8N1zN8>fAaIQGZf*JR|iEY`kqCzyz&h&)n>0dL? zi90w1pV{*Dm`?XOAK};GydS>&TkPZSx2W{Mwbk3&FFFV*x<<%sJv1$HwO-ZQ4Xd&} zCzx^U&Z|(>4d&#N?beri9$jp-&*5RwMAj9YVZAo*L+!nuc3toOkh`IfFW<-G;J&-n zk()F3W~%2^{J(zn{jP;KY9=Oc(9Q6=QLfx+;nqRK2Fk!iq^p~bu8F!7eS6=|?eo{${x(`V=_mjG zLx(0^*uJ9qUCA8Pzk6jYO2sy08SkBTErIiqSMbV^1KTq5{0j4uW*z&Zy0A2M0i)8h zE3pmP(Om(vvx82m{7e$ez4=1HK~bY(S*lg8^$%5k?%t>DZY|orn% z`HO?jBzFeviQ>Cd+H->U?Ai^!t>T^Cn6?A_{+cSjec2mS%1R48d=}+JAtUd%iLYx@@@8S__WUX`R8N5nWN%U)~+_bbIC2#tH;l$@bFplqDOBE z(8|-YB;PN(Z&JQ)x_ABVlcUPbF?DB4|9n4h*Px#oQ8>l)>E>1CjLFZ>ZA!k(#UOXD zc8+iK_K&^K%N8;Vmxkm9^c~N=rXPJ`<;If+$rf`IrV5Fes6X=Q^?!IvjN3?3EiK*Y zV#*ZHt-MhZrA=>-IZ9oB&fPPw<-n#KFUJO+n&6|k7W(eoo2G8cEEZ+r=JiUhw7bsp zWz&wuqUS$Xe(;XxUA;F=EhJenN3xEyCG_mY(w-kvg&ul5{->i7)Fc%8d9_>kqqaA< z+yW~WYVrCnPs|hT6?n$Y5@fQaBR+)v|BTOvx5mV7o+o_xdBlagoZGDZzrOmgHtXJ{ zMgJl?e%=nz{_N)PYE@nSh3CI)Bs0Ig+F@pxKk4?mn8W#dYOVKI92eV`d)x8(r?+q9 zH~+YDJ^s<-_=-98Kc8*3`F%*wZ=Qu;UK!h3rp@y!xT;@1JyFrrxBZXMuAOt=eXp5u z^RE6R>s|fVN~JyW?zz2OslH+I$_p%OvKAcMQ*4lZmUVx=$k)&3lvXHoRWhk&X1`xx zndlyV0#W{H>z(}n(C*KT%}mcxXY>ClR(bx>=J@Is z{ylGb1%51S2>r6f{9zc^nz%b>xvTq_9+;MX_-m_QaQN3$ot*4--C>;FyR1)4_j*#q zI_uKP3kF`we;O*3&dsy^9kF3U`?Ws5KS`Zk&mZ67+oiU6by|d!qUxp64}TSE`hR^6 znq70d!Y1uj-_(_#!j^~J-QlciF8z#yd7e>{D0jGrUCr6Bf3K?jKiU6(XMCsVdh8b6 zH)d{!EEcRO@VEN&qEv%P)pUEJrensIEj`aCWr(~8WnQ+5;o5rrxUWACg?)Ik*uOC6 ze%!m-^ZFOA+zQP1{_pAXzVg#$nZ=Pyjn(}&6&(!<@YgeyqvDm?C=fmuiENFU2)70k6!WL$NO!! zbv(MHG5w>CfC98-MMZC=GI$-J9;_!J#78=VroElh11xe^vEpPZ%Xt8}CKkBD$% z+VQEk1zVMN&##}T`nNmtZHZ3j+--bFHY>){Qr!=?)W<=&*typHJ`X5``W8N z`K9l!b4AZzJvB};?d-YkTR#KOg^O42OPdjD?NDa_pQ--u_4!F3eiTky8{w55F8+Dd zN&AUEOy3KJ7&lCmsr?rjmVdi#Y8L0>7MBRksfniHEuk;kl&{Q;)_#_;A1(@nSOq*Yx3Vy)bVX! zYR#X^@#z^wYHQfMKCr&Nwr)X$&Y9c)7T#6&)O+{*w*I@dtEEi#O}Mim)3pDsZ9>Vc zRa_dqkB`ilJIi3d@T6rfO|k5JvyMeB%s#E-5*uK3G9~xh^bMOLgilK)bz0mqH{RS= zFo8paD>3p%V}4P`QU|ZV-ln5&ip)nRT@zauyR&8TalcRO`#-(*>F>Evz>v7~x?6Vu zPxK`hc~9*e)oG>|E#gJHuK)a%xGM1aw%bKd`DR`6y!X8^{-Ln^Zx#1%Z~sfy9Aa8~ zxGYQef=5xSQq-|Ci!yrO|Frq~q+H_gEM(m3 zW^N*s9u@82@$K#1<5#c8at9TC)-|7eUi@a^)v3JIA%FhW|E%qkxpDk{%@_ZhzprdB zEN+h3oW>}>Go5|^r@q%a%8t8D%H^(n*7Ky^rl!lk?x&^Pk8hK0e!kKB_WtJK4-W+D zHgZ@kc&LA3i=BC0+E(G2`R|vOHc#Pa3d!tqK7QV4LlLj?;@~@_$7Or`dfdZL!iz!= zhIlWV>Wm3r!*ibZ|Npi5$!R;O&Ph$Lx8)sD-I4HH@czR_TldOG7d%^XgXeyT*`CwT zdGh6~z_3uk)NWO;dHvV8wkS>WGqS4S3s@LGDf8^rtwn1O6g|$^o!8|0R=rW^!nIq6 zVpehlDO`+5OquAic-1M_%q{DC8Uk;f(Oc|k&1bmu=Y`zshDB)|<@YM})xXJQbQn!~ z7O|vN?9v${@6%6IyesFe`y04dOtxN6mzKC|xXzkPJlT|V{xI@>q* zH_xB=u<$^hz~4>ZBxml73KT#1@Nu_g$n|H<&hD%JR)61IdRw$%!Oo?fA3Hg3-LlTw zR8^ET>8kd$jU_*eCNyooTh9NNxpvQ&H^G1Y-v6hYd)Dxpe&)kvy4^o7%)b7a{r&DX z{(X<5s(wv34$6A=^B_xnUC{*pnxB#Tew=+?`E2LjIaY!;eWJcNm-Bd`n%`M<^PD8$M2Pl zzNIp2_Rn9<|GmCQ#N^f|llHyw`i`{UVL8WnzfQ^Um~Xo1l)ebZDLF584^7`d%QY^1 z{k@ZC&sLu7vB1=({0qxK{LhL z)R#r<&H7pS{`=xjZRgMLFg;Xye%;>x-Fv_DZGNot{-6DMW8>xd?_Hx+*H&%J@h&=e zcN*)BBR3it+wVDfR458en$RMkps(N9lE$PsWx@p~PTAWxZtO^io~F7wsy1AE?UJ`o z->ft~|M{O`@hLHB)%|;}f8G4IW=CIm^|>>1W?F83{>b`!ZTHZr}Mme1FpQ$-6CVElzAo-Rq-1 zIpliC=A@@uS+BApuWj$Sw{-83q=}Z&B20@CyH$Nf*SuVrdij%;Uesm3>yyIfMDRKr zi&^*id^j-qc;%~?lYRPo4Q)+b_2#Mx6>ZR!+;Vez=q^`JmDe{l)B4{fhyR!8)xIWF z=47++wdW+u{*9cMnQ{#zc-Wc`CKxdNusnY6vGbZ&ub)0-uREM7p6kNV{kOd@ATs!P zp3yKQ^Xj)zqfQKkJpb3zj*bI zOIps9`*uG?czt-niDhrCPsGd{ze(hn4)01M$s_D8*S1oG_>X}&aZM#-j z-SaC3H$NU=-t+Kke#+5Pc6obVElS7W$T4I z0nSD?A z8ZwV<-`Dd`&)GXeb?)3hAKL979h2U^G5vbpx3|^~Hg629Y@CX-xi?mS?o*OZRRaxga7Vzx`%m&NOzpyQl9p|D7W@w09wG&U>lDa2>6|M{%mKXHrp z&&B-znbVIQ-}&v8_|MO~y9>@M`#&@*FS6nPZoi9r?ZHmB8{57z)qR=mUb}G>i}2>n zYcld5KA5*xVZpYQ6Wc20JpQXb!E0)09rKj+>_) z%khek#(8Ju4_ofPTC?;^_XV%tSt~x||H&$~o9oK-F@WQCY30+@**jJ(<*WUpVIKck zXy2!o)+c@am9{tqWX%rcmP$MA`eyUfkJGlQy-ttYvTb8y*RCkDoLvol?>=d)Zn|H( zq3A-;K84Qh6Ff!ctY)t(6JKBdHkz|l=GJr_#jwbi=gp?)ZY{_wEoia2QTK69_WAqs zwq$0kNk7c`I{JP@yEF`HWe))M#6tMBUAIPO`8Ar ziTIbbQIR$O)#u+iJ56`?glWDifv(~H=F?IyUc7kn!pzNk9?RyZSEaS>t^US(`{U|s zPbcr$^=C)qlZCbdT&IO}GJ8Hw^4?u>nD_3U_fuC_{*T^Xe7JP_#cMau#t9hRF5nR1$=3|i%Ci(1>-+VThr0~XuU~D^o?mQ+4gOo+85THesf0Tf8BHOpKrqVdFJNw z)_?t1uHbAqr()3$IjLtm!(S%lmge=AzI(rD%_SKw>n~r*rpj)1dm78;KR4~m0STw< zMV%}gBYKXtxox{&BJ9pD?^Mb4w94k!ZP}Q@t5Z{tFY7p-)RNj+4tzn{-&c z?Z&0c&PUh%?dk2Ecm`N37 zZs_4?v|8GQ$WRe$_q@1&ib_ttyM1Lty zte{Ns$2V-}y^k;4yu16{JG~2aTQ2>0p>e!l_E@MwYszuq-I+Nnox9~EBlyryqaKqi0O<)1oL zWo-o-XF`gmxkPLzKOZb(UD+p|Fu4OMO4RM^-!O#7UvM{?yx1(wHd)j{rq^Ju&&8|v zywanM+xg`mKiK$qP2{bU&+9)VUpgrg)3C@hU?#i`4NaNxI$6B2;-$eJu+`N7Ausi#YSMl{N{{MfrN9_IS zlvnrk^o}pDv^%d~5sB{NPAboe|PUVdY=>ngMzlC={`ZrBJ`=`;1L+Z<(ugX|@ z;brDAcejjJuO7Wv$h>9i)(yW`{@t?G^m6^FEsoNVMutQWL*2cC`;*%vg5o`O?42*o zjVhVxVsg&KNV0?5@&2c!Yp!rD74e-a`o^Ya4)brmAkjjL4cX?>)51hH?9+jweLvj79jvCS z=iH2_(=rfSYV)Y+h+vSwL^I7lGZUAnO#c31irdpq9&0E5SbNRsx9L8w=%P}8^}m0c z@06TWlY1%uWc~ja=U1#;`{>y0ZH0Gr%{L}pW_3ND8o0umOEN^nb><^2^DRQDR@)5L zM+qFB)Y=yLS!?Dg@iWW&J;`aW$l&s@2r`}Zy{ z5ZPGK^m=>l;*~2Wu3DwF|JAzE2hVty-bvW&ut&T<^2-g{%x{!Mo2 z>g}_GgN47Wy?>zgyM4xy^+-8Gxq0#BE8*%MSB@lA|{Zru^s`_G@Jg%tC_EKaLUbpA@#InyJ zEr%jB_HPV*IjLY8)A4C4iv%BSJKHwRE$rI$Ng@UB`|D4d@BfxNYqs=`mshuMEIMp; zE&r~U%0!LXU$1@^4G)x=_GRHb>)XG1IyPCp6mIYT`1E}3L{Rnpq_{Fn=k=rW_o~=u zhka!$ic(~Ltp70LgvU`P_Lo1e-eqkHdtn(>*0V|d*pwUQukZ0wlbq|LS5f!*mz|M@ z(zad)CD(+IB@T-$Dsmd8J#)J?D=H&D^T{P%X^Y~l32mpmWR5@j(ODNIRLCb|d1zIr zw)nQqT%HHOI_5)TS%cOkV2~m+Yh!3x3J;x_LY+dJ!|P;zVL{y7lz$WramWU3b;l zem+{hzvFqOik8-nACtNx_ZHgf?|qw=B_(}u)9GKG+(q7JiuK}JDlfV{KD_wPlil|p zzpJi08*E+vm{E4E@1B>}rhnR$t#^1^%|q=ipR8A@Rzy8KwrYdZIi})uth@e5vOHue z{E-uypnJ+~mukj|T?Joa`ciHsSA_|d{V~-};+xy6nDuDU8o9Wj>H+vAJ`Po=v$J zWo%&OcxB_qE%y6wZ{9Ln{(i0e^_*KC(XOnApSwlw&63<*Zg+B3XziJ;&fn@iZacQ+ zhMdy25C<^P`(|O7#3qWYPp>W7RrXItyBErbu<(f0yIwS!CuK9P69O z&%)upKtzMn>*pt(>E|Y$PFuOsCxP|q)pw`7tjyLW{+=Z|XU?2QFN>9BD&7>n+yC0m z?)OXU&ZCP=wr$&tIKe7mE+Ssd(X7 z_u=gOjn7ZsJ#!{4fa%(rm}A-b_l|Yz-|xwd&ak<#DnykpPl9L8+yu{Zb0ZnfmbjUL zSLSSdvU5?{#%m83NzBu)I~_f_)&BV0lbQ46P8AgxoIY8cX|wmn{17n)Z>QR&DVduO z@0zD!T9|!tHj@*V&{WYiF`HNINdK8L@8ZS4J{hZ~=bE2(>Rhat^Q+A&D=TY*Z1uw) z{in(Y7U`Vz645!XI9qAz998ARPqr-Cx3QC5{txfh(ycyAeYm$E$|P}-X)QPBEL*fq zYSn6v+h$JAW>Z}m4l6HS^Xf%{+DsLhK7|&QH#Z`-`MSGHxA%S9Tw~^2XLj_+2Z^h^ zy^f7rF4VmV7npmB<))9^!aGhueA5J6loGcDMNI1r=$aCA#bu7GtKY)8kqZt^I~taK zdQw8!t7%DTX;5fn=j`)=u`?Hxr^@^4>Z$~1 z`hDXs`fQ+?qwSwMb&MTbsHfUKhHZ68O98+;n zmE*MLQr@$_b;M^+*X_FNI&H50jP7IcPK&mreE(>||HgOXxtE`R6@L<$GdpC?>@%M} zT#no|+vIxgnuYro`EZEG&VJ6PXZ=t>H+SupEn7v(4W^$qHZwYPnVtXP)7Tc>m8;e* zTDY$M^v<*pXo4EO~$=ZmsE>`~T+0x(dm6{)C>-}L09TSjX z{L|!IAvbf5yM+Nl;3B`njK=ITnXW}PJ^eIm8^#x|E~xt%fd zx(YZLBB$wvWUbQOY&(fbbV?iRgu+-YWx)^w`!(EG&m2fNeW@!#r)_zH(PTxr-XD*` zR~|4qExyRCNk(kj@)e&<_}|?)9bfzCf581KPI}XyKA2}a$D*pGz~szc`=655a@9;z zzMY@Rrdro`Z2^mh;)bc;^j$O~Iu;AghOGs-cJ*Mo-H*Ikvu0m7#QkXDp9%6S|K9)0 zwJiQz$TXLTNpr%EtXg$&)3Z5uDp&64{^X;3f%Ra_o|6K9($$#lD{ChGEB=2!s>Oef zaLvzkhU?#1s`;>t9H$tG0(962ckNO?+6JAogio1 z+~e9^XnUzpz-iKVBOjjrOP6BKKU`RRWR8H=d6t2+>0EG zo0og~`U1$XwP3_zqTlXWu8j2@1U2haIIqtep;wi#1 z=~~313CeGFyQUXaE?OA$d&`8zc}M0;hjC;nDdw#GDAOIF@r2u-^U&3ZOY{A&20h3) zk-YJ9hW%{4o2QnB$9Au-W!#r_SWSRQlePZKa`^|+@qdKkf4&i~Ihg0&aw&tck3n)q z9b?YE0^9k&F59b#@iu>JvS!>DA*@lK?yA`z9xc>zgxSc*#p2BwLy6C~=Zl~FsHfI8 zKhw{G!$xb~_2S8L_iI&7o>}wVzNl6+xA6Qro}YW3T?#dAXrI4*&kFTz^=oy~RK#@R zgX6t@YjX>E*D6>VAAayaGc7$W;85D%UsrDkZJF-w+gG%yzGLmzvqy}UOW2goy8D}7 zSt;~c|9xoH@nMhitl$rCO17C9+uHV~M*iS5l~QE&`t@$FrhlMd{{)|=S;TW9j^3PDIOX-mEh`(3m)k`49MWC(lI_3Xw3bhK5sbX0ThE+XHesWN7snKl z8;RL*w?7}6A=9d`?k|T5t3{u)-D-}biw_p5vOoUBwc_y&3nzsoI=N>rdn}wdFZ|1P ztt%Ss%a=v&uFLgwnl%33vA=5*~OBm*vFX+}>vBzfz4LeLwWH@9ULSI1 zUljSfD}1%nPbo!K(NIyH_>Dci;<-teTVHQ@`{10rUH7@vLfZ*KQqocuh8454x8)h3 zq~-}4N3UElx#+^`#PW7)kWi6~o7(b~>({EutWB_*x@_aRTlxI+D05ES6tc`J^lZb*Nbd>kEyLcta1C%mk$=Q-cbjOxYXAz`2TEH!rAJ5f6_O4={&QG z7q}w4dDi+rS(9c?`Bh)G(so02*TT-2h5Gw0Jhe^V-*tT9^S^O*ds>UdI}&3pI9q!j zIyk<*qO$Uej_lsOPl7$Cv>h}~|FL)a{X<>Tq&{!YhYT2jn>fqsMPJ6)WoYYOcDa<4 zQ8MS)EUhW27wezt4yZKT2kj@$2VeP7b7&MMVj{CIN7 zmv0Sw4VYHW`Q&B(`QP4%@WOx}u8Kb{E;jz}e^md++Y9#fNmA=4Y~Grn|6I=fqj7x7 z%0R$Jzag;HH)A{vHkbXmF@ezv;X6@@I4}mwUgENFN&>ramhcoal?UafNB)qmtaz1V2g ziuD2^$B$O7H@9KEUteI8k$%nf_=it__3hRETC>yz@=V{mZmU~$<(?-j{%`HQytB3a zESwH)Jdw8f&zI@nH>JKlYI3Z{wE?*a$93?<2Ls)+y^eu?i>J1~*7TbzopyB7(j}KX zotzd;{gQ6B)vdZ~-LI^Dwdb2lwwo2ErHHKkQx?K~mjC}->nCaH&-cv~u-IskdifxS zV#MYxvu8f!yf7<6rDsZA^%@a{t+TY7P9KRo@hy7W=XvfHGRHO^k#Xc^Ro1!xV$~K| z$5N$t&)KJ+6%%*&W_+p1av>-fG#L}&q|mZp*REOH_kQfH`8I#w5&rrw$}9fjJPZLsMq|;$8&Fc_moD< z)^FH5ZF}zOv|9fkd$tvRS@Z0{$~EV0JGM28~@?_4bO+0rN1lAocp0Lg(yjJ)4uit-vC_bE>XKKFv!^i&GDa^mW zeVplE&$aUNj+-LeL~`!!n6)mO3RoOYQjg4(ZcAi_C^3jYXtW6sd?u0<PrTO>*@2QA7=9O?CeqfS{bX|r@G@` zlZAQglm#1u6k5c$6jfhQeQ5H=)5z?b-Ts7HY(S$1;%fi z#}W2zlJFC?>UpOWIK2&PTvP&CRGm-83DH4PW~mUebJa(TfuIeBr5Qeex5 zu6aHj-4icz3Uyk{3y_hu@y?ItR+tc_zWjJbT-I@ zXn5_|+?y8O1J}*Dd%0K6{xc%v)E$@DYG(4B7ez<(P z`_i-fET5)!D{^RB4caLw=)=xY;iS4s1a*=T$!pONa zHdZs#t@%LmgEt(pYjtlp8ChDo)`m{i*XL4m<=FD=z{ZWrf_nFh7~Rj!IsDmV-t$LX z-CwnLRVKZ^{HFd(;T@kgC)FFBNB<;V+BEZ;Zg!Y~p{1{ejFUIFX7j&m3uZ;l;N_jw z&Mchacw?i-`DGpvW)}liMC{e=3~g*baP>i@l&FPfbf-jR;=_mO{MmvXQGYm8^lzM6 zw{UaIl9ZgJqP~+s2bV{Ac1Oq6vTxu2(f7}vgU5HKANOks$k6;-yIsYJ{aWH7H*WUa z){7UpGIG?n?BQR%ic9BqeB7@`;T|Wi{9q~N{pzA6D0XV-=B}oJF)0lFn8;={2!sRzwa{rxHBbuTA=E)j^9VqritgizV`Wi zr`z+*DM6m^DogmK_39`7k9&UZlEn6jGd;Jw-c)v1s!z6R)?5AEGkuPQH1a}wW^N4o z6*_J166Q&HK!n0fh&w;6{|c}{sP)Y;O#)NJ8juQyMwn0yuGTq5%2TbY5C zZS$pBIaM&Xp-Ui)36xjRLK*0LTif4?aI^3fX;n;5Uf zG_U@tcY)(=_k+s$8wIR(Y&0zYdwKEm@V`?JEncr1qBi$ASKz7dXU?x!wD;VvxuFky z!UDy(Y}0RZTdz4f=T+IqRKxS4(U~P?C$H=bbZa}lB0IxP^G5vx1?jMFNoSW`_{o#; z<8k@^Zu314bNBpc%ihpx7S9F^bI{=G`xcqmrPlTm@y*Uu+^WRl;=C}SZu^yE zYnJNRO=z0Cyluz-4EwdKt5!x|JgCnn`}p|oZ-sej*TfG5J@S%PRIP4z|M4)GeaDwo zr*Bl86piS6U$Ex1$=v)$OaGQmU9@Ulqkru`Kdq`?JO29HpVF7V*{aUEF7>h7p%u^4 z*34TP(aW0!&wdUhcO!<)#sbYuBQH8SPsG9i?)J|^mo%-kF*{yqi{?gi(+qH3*womfZBa@!~mI~SG zdUM*Jc|Q((SYx8E%VqA}vf#)52U3DlI_sV;oFqKQvS^O4^tGlf4hJ4gY+my|$9;!h zRu$J;k=oPKKegxYYffh8->~Q~VrFOFZ;9^f_YW>qJ|4OAkL-iW2b%VCua(Z6F=yGf zU9*0_zjyLe-?T-yE;@;K=Ph@4i@19GVfve_7q4F>Jb7afd0knGZ}LZ*IU5f5z7E^` z`GDZ7XsMN})*t6;-*D(*(${crMz76fuKe*;e>}s=Onxif4t}voYvVPkB`zL~VY4QD zIl4$$L2RaYrgC@ZK?PNQd27e-x0c3~|NeSop@Hbsz;*l5xDPuow)wF7{-*5rg4cB4 zs>t*feD7p*Q(yif^5XGmyARWMaGAvyaZUR4k{n<-)?~M7-m9Ss@k-h$(J;{m%EekfDTD0-hvnILv z&YstXc5e-5T{$8XyKVBN{9^r`rJ}dbT-35yXS9`ffyk534_dk&g`f9Z*ye9okkY_A zJ-%!9X~9h_f7!nW7oJs(@Otd)n|Rf%VN2!H)$u3S-}_RwEoRHql`Ca={Fa@a-h^nX zKi3Y^aPiGGwVJQH&7r@iH#k1t+ase-#`54-@m!s-do_hGyVtG!m}zxwEtk)H6YVOi zAN_yZJB}|p@+ipZr#qPI9d-u~PE;`W}l z?)AH7)%T-{;65Ief#79oi?eN zAGfZZAY)ZH>8b47Id;}PB28_-W;s0hQF^-R$Emcuxm(32?PHKXoxU z{d&2Sxo+n2MZ0DlnnG!e-AsdG!m0*%8y?v^ic^xXxKMi|f^` z**kxnT3zwr`u=Bo-~TrN4XH%uRdPP`I5EA|$l$~!$JzN0j@jO*pQ9@KHsWH}0@JAJ zCr=!G^5)T@E9M8HcC`J_KeK1rqN3+r4_KY{{MlP_(^6Y!?&(FJE%!X(Sr9lm`N{IM zf^;>(ZAVTo-KZ@1C4@`Td&2qU8(*zjvGZNkgv3kB**d>{QT*^HtcLgI#KaP{UTfoH zH)X$1p6R>!&o1f6>fg5y@)iHNplJ88eEtG0!RO1%@1E`rk9}#~ zr>E<;2DE&eC9zyB=vg-`eQa4K%eQ50e6sJKZ{ohr zDCD1^<7@EoRrkJ#69)_5C~WdjU@h5Z_W44y^@_O5$A3IA>3u!z*RjxPPiAdBy|er} zdCuc_Ya*G`_?FP~j>Qrg1q^|L9Ed76TX&a%&y zue26NOw)NI8Pxn*Q_iMj&bOy?b9UxwpVHsRmb)dXuSVL!_?-Cvx5q&0 zrLz7f7A>3{wSlcTsxgfu5zcveV6k;JWVP{bImNRBwgJj z*Vec#EncDgd*k(-lxNq!3+%5jz8wEw$mLLvyp_k6@OA4HQ@0(al(2E$cMmLS4 zC;!#`+GTBNYjkR<^!0^JUh}xLmPciO+G+DK)G%{6LqHPtrq0z_xr4W|DU9-?c6>8o#hvQz?e>vs#ct(;k4AvQx_R8D9~?*`|Xvb$gZoLz2ra`nBha&74% z$&)=dS@bO5Bx8B){PcZ)O85O;|Nq>Nmy@q-HBro2?z8#dy9~vR9S(ZeU#rTeJL=@j zySD4T&umo*KP=$+uUzSMF38Z)`JT`~NNf z;8%soNxzKetL*=r_{rafYoWoSZF1UDic5-Kc(9mHZi_KG@%mH1X5%Hx-8|IOGwv7Z zKD-sy^3*+p^Q}^=(<7m7*B{5v|7EUyef{Iw-F2-z?<7`iG%UH7&%A!kx@WcZU&=ru zdeyP5KZ{^xq>Z|v=!5iwOjWzAFGMZgEO~*8HDy!e9G8|k%Q;*hbJ*BV+ODw3q{q+a z(v^tt8Yh<4o2w#PCcG|ubVV{uKQrpXylkskmbNCR?tZs%39aSbn>{U&vy&?=@nYBX z_^ngr|NgOy+qQAN%62A0)hY8gW^-<6Y1rd#^JYSLt7Vj<(fsuL4+Pd%d|sPyd!NZ> zo%$mo)vC(c{vS^SyRTfg_9_3p@6RJ1O04qv@k+ruoONre?y0Bq9U>;VC^;@#CUtvT z^KV_L*b;+p=Qla9u01$ye!Y%DTV)$PjU!tw`SkV%hQ=N}dC>UF*Amu6r_42lx{{i_=jfB9}e_$J?LQY%HKiNx&9R6Th!^4-64{t~u@T#6z`859&FuHAH!^VBoHzQi-@ ztvefQkhajqjm~28F1Z%2Yk9UYxp~hM(c2lXvfRA56K}RCU7U1MNNTOAa`I)HO^-F# z?f8}DazcE+7svmKrulWhH|vDei3;=`Uzwe`Z0+jqS8Z-Nw>hsZJacxZiu>Ok%Gwdf zKK+mFaBync;-Q|tFKYCtf-wen7+ilex%2 z+tNvA&K;jPPpSBcM%I$~C%T@7g zSX=R8p?gG7^wEivm+#E^t97WaS>TrWE}^3waecDZp6@@!9cq;fRSXdNCiiZ6xu0a87H1tSQwra)!*IqZJ(cm($Xc1)^*mHwH9sOH%F9dq3Yz5 zCjIX%k7VEbBKD@>Ouxn<@qJH)!dN1=Zj9*p^-OKms_a6ig-PDq#2%GKkc_aa&&sUr;42V^f_s+?}b)PFKJHwt#niV#a!d}*3V^+RK97P@jFH-X=A#A z`?=b0yNb?zja|K4>TtlEEqXOPi)O^{$u~HEPFXT-^DN=RUChmva`uxRJ^8>9oHu7< zkF$+Rrv+1Fr017O-W@R;=bkXVJ+budjg^vjs_XmiZ595$PX6)RKf3caY&4JW>^VAN zYpF^*+l8AVp}DdN?FWh+ZdDxI`Eh-)Y)a_w`Kbppd^miQy@l1;{f!I$aGb8%73ifH z!#{I{gGcwORbG>VgKc*H)_nEqmE=sXS^C`2@yx@;Y{86mY;Nb~CEvXjTDL4OAag25 zpN!q9u6;{WCV6T-7X9awe(;9J>qR$amwpZjR|z;YpZ8l+>IU7kJ2t0xMRh+4-=%kJ z(?qR|&Z`#!q7P2%U2R!Z*1|4V!?RF?sZ~H|t;y@~uSGwu6cpA^ou_@t#9)$7V0fgb zSLU}lvQHz_4u3QME5|E)_MnZHg38L5oO`~k*>4@i`u0v!hJ}}jjGEATF0Io==WL9k z6d7)B%*@MPym4!9fko6d{#_YHU+*7Yzv^A>AH$qXLGJc|dG2=87q40;mix2Nw>4_D zfYee~Pp53JWx=gyS^F)GtUIpj>Ipx%(Uf}jxjFlv2m2)D>}~qQ{5=0;#on2Btx4A1 zi2GXbtt1`kXPxz4ZKklb0E;!>-LyPC*M9z!g?F7#c*v|?$NJ&GQEAM1{M-+%H%`#t8JGMAm1pBQfr*`n(h&9{!@ai_q%Z_$rx&5Jk>eUrcB z=<#xU#^SEuzi*lEpI2S~+hVe@vBugH%Yt7#_;tbQ!!Gkbc8{O8WqMgW>plbulf2C!c0!<{Y^s6{xmsi@?zniwi6sZRhs(atq~HG?C-w z8t>v{<#}I@PTiENvo_Gkqf=DqdfAItIgd|un-$!jT)p%C#k-ByH+))}YH?(hY3-N! z((c@i>bg@VJkf36^YlTK*>Uys$`4O6<)kH5H?C=ZyMEtA^SeS!ogY58Zas8*8CT{Z z4wGr$TFW9bjAr)K3oBUcJG7C*CPwSo8Af z=bGQ$^Pk_6UUytbN|WVg$fSZrT!AZG*f*b;6;v}(@4m-`z0tR11J||w{TUIv&Chdd zk)!{QKmR5yIlO*e(4Q9@IsN=AcC5O>W^1_m$46n$HuXD4`>%E>Z4&md+43zTW6k0{ zinsUv7q77Y)$cI1eS&t_!erIt&8r@_&-i(4Zi;%_%G_*jt=(cyULs+Jv%JLnqPatE z?$=Bc{(W4Qt9|F!zU!aX&i{92|H+3tSG>&J^8DxgYL!FTarNxX&C6G;_nU#7Ym%G3 z`luiC-JE#Wszj~TZ>d0(v7wDmurqUepKSW!O-uj1S%2*x&zgV}4jvgSou@1|zZ6*) z_M`VOlm7cl0ny%Ovk!SKJE<+cQq(CshH)C3e}j|pW6rdq%y}|4XDf`3KL7W4`J9F5y&V6a#vnwYwUQTeX&9}a-ch_T!THl0i@e`LS zRD?`WeDi+2DoYTz$h!Prt=+PlPCohMaa!-3n73xf5v3!-oK6o7E^Tr+HEGJ#{oX&s znkIX-1yniSE)I14Jh%R@RCc(&x?J}IrH*4sOD<=w@h~wsBh;P#Zd&f*guc)kJAsp* zr|bUTTj0E4rP+~Ne(igie}3MT$2X_MvY=>IL`1;k2`NRhHqK1%5BlV^)#9Y`iVStr zi!!I9lSLL!{baf6{=Z%Gzsd9p{(X@?QP#HNrOHbA`sr`(sc)QCGI8~ag&P+u7c_j! zPv~$e3%hV{&D3L;c4bV9JyET<5M8-Z&}m)!HP8UXrnIwK-)w6q z>=HHI=W$6Xmm8ANE17mw1|5$sxZfW7ZU82tm%T5aw zm9ET+t~smkTlC^(^PeZx_a7U}|MrfNbmHv3@wY89M{yde}^ZtLGd@3s_^8KD^Ti-}XK2_R!eCcYTV!wsg>qRV! zuGydB6<4&b{!_XrP-y>mu1nHpll{+M*s|p8eA8=nQ@15#q;WQ0y0qT4dqHU2^m8*D zSamP#((%7p|L<#lwQ>E|^!lTl&hb@QSrxdSSG;ZI80B&LQSSQ+?)Np%|1Vm*clPDU znV*-!nid93KX#sQ&7OWSAo^tezX$DiYR-!8Xk1}Y_lV_s++U@r=;(kTg{|?bXR?oe zum5b2{@HR{+`gICd3XJivp2`fiZ)z2YLlSJdh7FyxigX;e6eIZ&r_UMHtq3CndfOi zd%pPJbG*OG?t{&~f353_zt{3Fexo72=Y^2n-a=dX>i_PUd25#M-YdCOWPASpCjZ*^ z>3{yl*LFns+Fsh`cq?NeXQrrztnZRj;>Eix-bqlm+2E;IAv=so)oRO@kNx^RQ`XWsJ$`+?PF37e%M8Kk z8YWCD|0G|tS}{vIwv4YuK1kIo?pANE?w^m<_s{PC|9Se)!}se&r!u{H6_v6zf6une z!%^$@y^E5odcat9d$*;TP3}G$=wf}I|ND>aaL_;W?5ekTi`?$%{ zPtLlHr~O4n_VH;sM80c&LKTYLmrXAEJY}`wm=E z66p`Tf5+qfro6CqQRilr*5>T|;`C~k)L*XIB3G_n|J=L2cDlCS?uJ*hq!xX&5Rb1D z{Qu|b`wJKEIE1FMPONANc2*8Czjpc3PL|wOriYK+xfS0e@%THw;Z$U5PwNfqdO1;$ ztzS+xF3|ILm))Y!P>aEktZY0-j9FFvpNVkhmmG;j(_^}Vg`y88N>(CTcBT|xeSK98R5Jy01nZJS)qo&3+SFAR9Q zcRT2BTW-qP9qN5(&g_zzek=cf%w88P_vl*g>WwKs_x)J=^q#Fft3&Hyi|{!9C`0R- zwvGRiOZ48mMuc5Fy1K&K;lu*jyZOTUva@tT?{qJF*r+JA^m*w6p1T+BoOtm=W&fV% zae8t4`HCXvtdiQ0!&30@Sm~YLuh}K#q?FR#&rWX#b)P_y!|~v`ROgDLZBtM0e9`oE z$4SjSIn(0*J<2Py**blq&#YT6tnB{$A1_>PuYB=>Gw$!M=!o54o#Hb(7VOe|!W8~+ zlEB4O|LLjkUmP-G(q-wa=y_lF+r8xbmf-ks=QW#}3RF(9M(aJ$j{hfiSGV_wP+-`X zvJZ3R|2289uM`Zr)%bFvPM7^s);K$NySWDoby5`K?v}I}tFz6Jkz82&GHBIo>Ayc8 zHARR_icvehar5Oh_e%s>euu8v@y|T9YrGH(U%5`e|IxGV{ zyM6V=?KWpbY}#hsmCEVY`|RR>=c5l)zlu%2-XDDZW~j)@*5t`kucpY=vsjuoT3emz zne86xB4NE__BGMk8?8Gu15e55asCUkxpHT6{Ie;sTTWf;z9%TaG;QsR$M5Fzuw7J!{w6keR-s*DC3-ny&^B4R-CuK-?TXP-R}R4 z`#$N%r#}DJoU@~Xd85k|cDdUpliB$S&u*RmY0~sK@8g^9E%+2sp!#qBo4u7YVp3;* z|6h47s5-Pf{Odmbo8S3vI(sPSByz6q*wN6X^ypXLVm`h17RKvOcPwgJq$D5^;1F;# zgv=4AiJSX}D$@|wC7DKduAjenc-x_*oD50BM-+qOldSIwP%(WUL*jGyA%iJ^^~msRel zm^VMFY|Pe!zbw{@BrP4H@%xW#DU(lf5Tu4UpJA-+pjZftCSS3jYx^J~kVx{`W^ zqw83|SMEKNJMXOW{yqFx!#f%abZNX|JupbJkiwK|4XZ7 z*>le0|KnI9y5^k!c*Ci2LQ0V4zLLwwBTd%Ne7QMI`N$1J_g}jLj0&^T&$#UPYq{{> zEA910*~ff-{rdgmr+@vqOGmjQHb1LNQdahvZP=W7d3kVPXtN1#pPZ%B>5XE)c2&Q4 z{rdPBi3%Gzk(IlZ0 zDHVUOmY$hsD;iL+yLM;w@-16fl;=KsFmLV=QFYN<2Vp?)K>c@}S+FN>tD7hXIqu#>MrWT!uGOa&N*fGmpPdS;{zP7ws2Pb`M2@bgFjJ$ibeaI6aL<| z&d8YMQRw<~hQT9!@dGy*O6|D9{GZ;xU(UZfzGB{j>qjRQ>nkXWX#ZNZLgwz4#!h23 z!8L1KGm_h4`2W8WTvzvh>lM>0!I5#tywBVFYbAer*dKTPU2OG^uhI9Hty?(lR$G;q zl3>tFo~c(&Ta*Ra+LO1)*!#Ihs~_**YH;Cte*jC~?xT}W%-?r;OF7pLR^!(;XI5Qa z!SR}-Gu9J(){lDJ8Sn^!d&Zcht{S%%( z*GoSc**$Z6ir~_R0{Q#CXjN}}yJXcG7DKBpC6SQz>eE>hd?y@gSvfh=vZf`)$TicE z;p%JW(62GCSMMxN|NJKSe1h6!m6mrl0WvV~@14NrXKN>%Gl)2|PV>nt?Xb`7_BO}A zhR;2IXQuCw_1J=olnVbK7n3*onsHCm5 zI_pivGr?)`d%7I{s$7V@W;vs2ecem3eP8#!XK31Pmh)il+31emo=;1o_jOF+vYjh? zr|k82%j}~?yLRnbxq7v-osmm=xxV?G9~)ytL^VB^8+|D$zj*a-?->b=Sx%0LimIwh zS(x_iVP*JKC1>on;Z%&Sxq@+}*_Fq)wV$3Z|MMX3j;rf}-JZO>lRb}|RB`uM>gM@v z+orc?%U8_0;PUwt_nK^RE)LV}>Wao?T*fIp&CBKLCtZ)L?_S#deDk9}#hRLW65ieC zd^fNt_r7`m{6KX6r#GMVi{7o;ymHm5L-Ap)tFN5OnBa6$RfFg2w~f!*w}1Y(TJP{< z?g#5Lw*)QB-FWBXwPT{I*B^;DooMG=DyIc2sQK!{Ed�w|!Ew>XT1PshHqj`=cn$ zH*>=+_MN37SF?n#)P1ptJ>LJAn{7qb3e}ic&p=mJ)>PFBXV#YP?#Nv^j59-KZC#)9 zpr>+kz?I84wf^qR5?mti=GLCM$?efI?6R5kTpw_<=H5-|G;Th*O22&W3;#Fo$9wq<6RVT%G>M5wet55YOlw( zFWY_m`uTsX*Go>#XVJKnaDCTSo8tF>b+q-DW^1?=mRe2~ULNTb9s1IGL+`R@J2Ms< z+|+pf(E0d_7cUm<-aPy3>uZHC9wdh8*iT-3JbI;${_^F!XIs~mSfAW-aEs>T9j|76 zzjWcsfh8*^2R5qDubE~1OrIfhQ~GngdlBEQVsmr9@bO%-$(Jkr`gKOzlGU5LuRUH{ zvaPh>&ke&z8wK~+&A%!f*n_(5B6&>Gr9WUtHz%Hn?h^;wVl@N z6H%Cu@_4cH-McdPH@7<&IJ}*5lI3tK$KBke7TQd~8+*G&8UsS5X1^+YX{EdNZAf_d zpOaOQr`MP72{`37J7@PI^Z5HN$;rHO+q)eC8Iva+>AEqi%~K`DA-B|0`u>e0+ur{6 zSjzis-p(0^PI-ykom#w7uHH^5Jtx&w=(By0K+u9!Tyt#$7adminQ3UO{^p_O*t+3&m zH03Y2SE;?@_454+0Rbmkr>{x+v}NUst_R2Me;FQ~Xz=}hwLJ4*W{%Lri<6FCxn{m# zcg&V;TME8h5VW%1_2Si=0|q=Mq3-1`6|R1KtmATT%`?~io0A`WeWZJ(Cxuo;s7+vm~fw`*($)%(h>PS-AdqTz0u^xk#=Ka3-okO&ZL)1^*%*4fLqC$ws zvdxRT53}c`wh;?z!zf%}{XoKICx8*Q$ zDmTCT{)m@VGc!XWB(6`6;}Ks=$Cc~GnFnp8o|^@SL^>9xN^U+kqx1IblasH7EuQn| z%k?$JTP;E-H%;+4%D{8#l=n(K{fF;v=c!Kide)h-d+S8awbP%(#$U3VB~vc&`tQo$ z*98JXx>z)v9t4U^YhzjyzgtYxx5{5;ap9+wfUS2tjwUJBd}zM@sAzZb!q+862M;*d zI|cu|;cH&_{rr2j%txOqJNbC#l)U!7bkgKEpKR)>FPd}a{EH2WJN0dCbi}qKNewOD z-rh5r^L*2*-Sg!2_x~`8-}^NFqUqFGx1!R{%=8UR6x^J4KIz*YR*kMh=jQH?{Qv6p zp1;?u-`w0g|KGhjpU+DUKfTLXtEuMLf7%^`^z~??{Kf5 zKhb59@9l326IKYF=@U*^vbJIKqDQ(K53KM1D|g!+o$<-aj2WJN`xyT1KR2~|xzS#m z4u9sEoytoXJ$h0mJ+3Yj*3npyc1mUU{gtXUOBeN9s&G#fF5FqSEosj(PL|p|&u^W+ zv7t~pfA2prr)S<0Kh<+LZu-6J$EDAfHEX6OED>0kt>F|95a?N0%RF(H71P9|mfPK$ zQ}!HrvFGoJH}j_0Ow@a$kpHhTCAr9r+554-eUC-y&bxqrAEz$cexz&>Qw8zOh z!*^3RZks5yq|<=cz}MxQs_Lptg(WF}z4Z;ZD>N9Wu1Z`W#nxLVZ+&fl-@08Aud)t@ z2ebs3ZkqV=P{9oE^?Q0AP4akW!_LOG^Vh7^CztTtDOE zeUIo)`=TEflhu5WnE3AQ-+U(a-DZD#_ZpRB7nR*#zIyRs=koc_8mq4hyzLJPzR$t2 z=x^TI(8O4EAw?GVe!0ib{OhFdE)9%~Jv(RTS)JI8bAEC^H%xsM;+AZ>+`c#=9#m@I2oNUCf0qwkYDlRpu6S!P2QFN zd9Mp{w7!wLzo*)G|Mo3^XP&sn{N(<=%JPK*3o_5d7m68+ojKjR`t5pF4yHPNz4h%C zMy*L+CYN271WDB1t-L9yby@7(bME;&C-ya4XKEB!`bV=vLHqyLe-1BmSU<~trc1u{ zR988xemSKF-xpNdX6Tvc{{9{m5a8e$s_L}4&4cS|*Sx*nw(oa{B>&zXGi&pzg0ov! zS3cTkzaj4}+qC(cSu~Gmc5YZMeE4R|%|oAxd=@6p5(@o&IU<`nuNl{~yUMaaWh?Hnh6o zt~S{%Skz=Y`*v^Vz|xTE>{s8ix^7mQtfe7z`hX|b=_B5O5;^&ar`xvw@F=zHlDY41 zUid;`Wh396U0ns$pRxi^x~hEcUFLP#TT@s6EbpP^_SM4becOXVqmM_X>poQ9{(r{F z;AI70E-;2npY31sO8CyNx$ifYzAl^f{M=bxUm5$dIeT|2y_n?{9xnd-yX>RO^Z)a# zTE;wW#s2s2Oz)I@KEC7qzW9r`%^eCeH4`q~yXJObX>>PpS7>ogiqV}P7o~T;+r@8G z`>UkvZPf8n`F(sX3U)?b>FL(T`(%!Ls2B)4m&n?=9BfpWdUfg&Ukxrc4IS;Y^Yimfzg}ryD4DyaQ*yb_a;tZ8C${-+`oys5Z*%H8(aS%it)i9Zgm2VYdw=gg z2FCsT@reSVO#*6{LMGHQ2L$o0%DX;0JLdDo{*85i-R|AnH`C*B$uFZm<1Nr4yt!Gq z;s3KKqOBiTMStzCz7W#;B*EUvqsp)35&zGXD^{w`^;+z4A!b%+v*xCY&N_lA+^mW2 zD#c0`(Z$-TPP1mTc^XZ8HfOW==Qo?zf4s!~+T#14&3=NHm%kLTnYK`iwfNcDM;{I@ z_L*nZ7?HygAGmO;Qgzqr;(60VlbbB;Z>YCySX}?p&G+VuEvY?IeU4aGec;&GsIf9+ z*1`&={i`lH%<^BmuVdf5IHOLHOD2I!T*B8DUkDMMzU+}EhY$yghOX|yeXF{Dt(=@O z$Fld)EvuTPQy+X&^qs1!zu)1=(#Mu(ZFG59E5Ci;pZcnW?aG?RMc*bZ$z@kPX{j{d zhGW&Tg$fmqd(AD1Z$|3GY?<(Fo8Gkb5qUFR80Y^xbGGK?=l@4k!{ZLRipTrJ$Lp_5 znR9HJ+M%PWYi#mW`~N;GTp}}jVd?sHix)3$PM=pPsOkIYWJ+G3Vv7E}k}c%{fw8ViJzZaQvf=X`v-Vr})+6I=b9 z3U0Lucz?Nd^7FTH)9viB*E?96IIgm$aj{-L#U#M#1q?9#$UlBG{cQ4%*DULE?w@tlo<6~AStnm_P-N`MDYM+#*x52HFE%$d zDzWT3?YqIC#XhJdVAHuXKPPV7_{!&XIkWLxwQKj!7nDqR_)wy)Kv0Kci%eo9A_mtRuzgMY0dAXUO{Go4aRA6fXBoCgLv0~Pw?RPUJ zxV@gQbW4<0x+!R9JbQxfiJra^w;(H=l1*SwHJS6@wfk}!v5{u;$^#Ly;~Qzr_R1x zTtDsev$Jc~ty=Q5f}3$Zf4!sP3afU0xrD1b(>K@ucg&KSU3C5L-v58}4w?LTe*W%} z&HZ*~{>55%e*3l|`+D9Y@p-3ziqGp^^fEGYrubho%cYC%_*rl7YCn2|t7GQImiH&M zmA7?Uew)#IHzaLd+cu?dS`#FCgCm6;cZ3?0oC#r5RB?-!kJ^!O$H}!Y)ztpiN&cU2 zmfN{cwLBph_`;@A7B*5N!}w?WqnV|%EARhti@I%fQ1;Q=v(lOJ5>HPoK5t}UaNv`% zc)`1_qY@u2+Dr_EIE`W#_k1fCfg}w(r4yLgDaPP^V7whG(<$)HCC=X z`u6k9T`olzRkbVs?F_Gc^!7R>1d4}&yj%PV-esoEaI@f1XAFuM#BR)$Fd=Fa*yB=M-YDa^TYrykR#fY96G2Jh}8VX4-+iZX8Ty1q_ z-ea|I+sZG>XfDy8tM=#;W2dGFPpInJRUvKM8d|#U8F{~(j%aG`7dqV+bxX;jp7FtS ze%n(=r^ofIO3g1<-mX>f;s9gbzbEMxUna(HEchrSrWbeQ!v%r3_3aDyF}AfOEAZ;Y z)Ee&p_f>gK?Z3!vZ*QD5eZQMcgmwP?(|=mID@)&=R#1)Jo|F3Mh?SIUx`WeZOgNd~#;#!7^`ZU1QYDk= zQp)hq1qiE05Gtc!eG(5W&cvR&tJZV_4OZcJlHRKyFb!z-*?*|8oZO2Z7O*>Gvw+uLlcRm zTNcfE|NoDm+LiE)CD&YP;&>O%kkH`SvUNh=am`gLH(pw_dFz&ji5-`#9w;nc%;~i{ zn`8R)MI5Pn90ZvZRi4i+7yEwiyF`B8oimG$e%>VXE;hT!F^OY_!OG5U)5>1W&g$gt z4T#8UST@hBR%*?IbxJDBL^QT7*jOibd$;AR2krkq+DbV)?kl=^^o1m|Y4Q#ED7SE> zxk@)LyV^*(N@W@?_e?%}Ov#Yv%obBUO$p;CQc_1m7R;QKw0-twX>HF`pGlXcEDIKa zPV_#Mo;D*?WYK~5=_Zou&ptl-T6yuWV!+kHMc1cXi#Qb%wf#)yp+A?dZau&Mz|`1?`TS@7_`h5ai?Xd1Me2U8jxSuawe{dZ ziKS0dEdyVDt;)2l;%PYdt!$cZbj$hYsTyX7o^3Zb&i_}lsM(oiPo9d_Mv&U2U%p1V zCADc2z;Kj^V^ZA%#myU8*e4P5VqD$K2!4+ndO6Aa=&EcCq?J2&wr_lC#Yys!S zk}gTrr9b{Unw)k0e5v@x{!(LqoBt-ix8*-R^?CY+l7~Jbp~`Y^Su=woLQ{7N&7O4Q z0K?mM{>S`3GUwQd`Ws}dHt{z02#$JrxgjJpgyntx{j9ozD5vQgy=Si4 zqIB)uuIcBVKQ!eJz8~UkC8};X=|J!UtJ2#!xoiGzJ|W!Z<)^A8G1FxKzSnkQVWCEA zH_4Q{DHT1st{^I_V0Xbk%c5&yJ&R%4n#qsPtCy};)t@Ns8+CHmzLYK>t=5oG5!X~d zUqRo-nQyY+r-bLr&$SJlw9GTM)N=Fb)fe_eGV4ste!7@rrgyp8`IAu!#kTpEPl|j@ z>3US~V~Vj&)enuQQ=eAcku%G$njKl3{@l*4q0Bpw+G0o?pw17B1t_O%SLBf?~ufe2k?;hUh_{*wodi&OLrdh|1+kY(lCTnrx;=4SJ6$SGS zAa^9A3l^=NTo<(G|6zI8ufI4d_O3|Eu@DJOz9q>$v+h{Uu0GjE|K$I7e9eFRpx8XF z_xx)$I}3-b5|((4BN;g@7at~Osrw#@4lp?97_Ozh+yCaRz`zgee`~%yQ`X|W9r7hV%Jw&Tf^N9T0>8k%voHv@Tq!+Nn@?Ej3 zS4ifwKS#Q_N~Vc~7++uUaNBh=J^Gz+qeqPr+*7ASe z-rtdXDgV~ks-KleNoAi*;VB7Cez&JG zX4fyJmPHpX6*Xy2R=;%bl2c-$pi}6DyK;SU*{V|wHP)?ByLGww{`17cZQBpLU0QgH zM)(*I$bFIXo^Q92D@1K?I+_^f@2GW-p*k2<-|(-6^U;o|;rYX6-x{CV-srynOidcwA3ie-3m zqorC?D}(FOot0K=b!9`YhZ{?ECrU_)_@3|F_h;UbohEN%PD^V~QWrciQE=P4d*|83 z&$*tL=x~|y<>B8WlQb_iDCTU``Cqa9(dA`v&pGewv@MFzyt%D#nnQ$b%3EKP%&6$q zTu)gQwN81TsEE08?W$7Dyg3Zn?_Vrjq|>x0D)0DC<+&mKy;Jt=dsn)y=KR!#t9=?$ zvQ7#=-X`~7zH{e{aKC-u>8B45G&WDWAi^Xv_p_c&yMFycv32{N+0MzZZG2budG7mr zr`p&37Pz`~>$QkkY|`=fJ#q>ftm{jx%kO;^=28}1lDX;Y+_ih2&-yOF(>meOf(08U z+`A_?uj-TMxtMJtA_vbz8vp#ZegEmX<$q1Kzeti|OG}z!etq95$+|B1OU0v-^+l|C@AQdCU)!xI zGHd;+B~RZ~|M>WK|I;c3Q~!*8f8xQ#b4HYPq}n+ovOw>lf_H(>l&J`P}3iu*u+qf(Pn# zmxa1lWWVjU`Lg?dP*gBygl+!P%n5$WC1rajd#0XPvUW?5qN-%(ri7=iK68zyyTAXb zd0CrV^XpE{{1p!6**$!G54puB^4dog9Tr-rCUt5D%cGpzQr-$#dgkVJPxjV)-(6nx zIo;mN)mPQS+vV0ryWOelMW4oOs1fA<_htGOvyfz|Ot(eOEZxe>_l8Xr-M39)iseZS z!zG;)1Oi1wG$%SU^QZ+s)-pbt`8{*tjjfB8O<3NM;Cd=%eca4g9)|?2rj`jie3ZY- zUhS*W4oct(P`x6?`l6FBC@R=5GL+TnV$tz;uUsA?pe~{bjpM95h}iifAn| zdUV$H4DVs1W4E>xDj$#XdvHm#Ea&dIIhCI|*qCFAZf4znaQex|`!;Uj<@!ri1<&|! zwJa!fVrJ);Nhz^7wsEn$2ABJam1|{<+l92cr|CZY@i18@Y7fKo+o^LG2i(~3(Dzr> zZ_DpZpDVsD-Kw$c+|%$l(`^z;tlZOe5MC`N6kJ$qlP!B%2Ir2G7m2 zCeCVeSm4ol;Knwj`M|NRXvl`^Smr|66~*+rfMOh{D!`0yBNO zGQ!oDX>z)By;-roR7Y4>+xhd7d^5l7|Gt7Ohh1wP3ClltC%^vT=J-7`n;t2(1iX2B zrts3{1xr{~X3c2pT*TG(yNaWYdtz79iEF=axt~7TytMO3-ySdTDO!5Gcb85+BeBDz zdCP{D5Vi?U`?BMcW{O5``%r6svSio$=!>3?K^!KRPqNa)gi zwy3VlYoj{$Y~RQqvVHcknZ`wG=^8iVE>%9fKSy|rZTTgko4>!yE?8sIv`%BmBIk-) zy8x9Ui#8!WH%S?_$$kq|+ywN*Jx+S)^j=@RSS!q}#a`wa^YwW5^#1~~dz-fim&`i` zZ)4P#UfFc&SNRt1{2b+ut!gzHaK{T*mTh3jkM&^;J|ZtRJ$E7Pn^lqwPDMwcSR5RSvkbpSFX}Z|1~8_ z%e$!}WU|Kr-(;7?Uta{yi>vS0{;kaL#`V^hoC{v*NvZoT-L>e7S*Fm8wu7_t_w_m` zS{XQ$=ITE5kmx^u`q)?L7w=ytJ)2{hQVW`CS(=*+7&{oA&gndRI$vt(IS3)9OKrr4_&?&w9wq(9zor0(OY zXE$5D>+L?1w zyZBjj$LzoH=KnF3)h4R5ujd|_ed|4Xvbx1J!KF*>y}bRWY->z>lqq4Ry8CzXn%uWf0!lgxl6fzu z`zkI_dwF|v@3+0y9=$yiy3{?73ZF@Sx$Ugnc<{M_9&yI%a6WAN_Hi=_Ya?oJ60+n9Wu zPjANyA-?zb4b0mWENh$Bod{k$W?9-M zXj=F};ZmOPk{x&ER3F{?rt&whT;(Ipd(}598$A8p*;N~s8>Co%=PF$j+k2uoQ!Fx8 zEBCF6fK$QA>hRB-qw7!o%eBs&Wj8gz)9@#6FN>7idj5Qc2EqQvpI#hc`=zO)?Yd&y z4#BeUIL(75hP;zql>Ch5C6uI0S@^F`Xfdajmy(R-y~NpNjh%lkD{1jx-lDYWV~eME z{*>m}y#zXwdGnD}nWF1f6rdh&DNnF?&`TE#BbN{ zmKv#e_Oti}n|j6t1^=197eAM^PrSYDeNc4t;b+_LKfD&bKl8qh)y`nRA?D|@I3s-Cq$V|~#r}21^w%+r3@_#xO zv-59Ccq!E6%Br9%ygnvs(}WN1dw2eyB4GBJyY*+W`riZdYIoGcbvY~k7BdTMxbne3 zZhD`DoXaof9o=1$S@{P=9>1N zKUSLRl|1WanQPOfQ&L>rT$PVD-Z#!IQtr}{=;d9!T58wvTu#y5dN;iEx4ABxvQy;2 z#;RE1?YCV64Nkn)U%z~jPLGN2o_`Eoi+Y3)?OJzf(|-lk)T18C&4~@ypC9#5_2l6- zx^v%u%j)iR+stnxyn8Po;|Q zzwQ|>Pd(_pJL*Q!p4N;UiNskyOk0cQ``uU?`0#t+!_R^re}2fY((^sOG_%4)_UhZj z6K@|sD3~J`n)uay{ZsDkwbPCDqI&Ivnl@xl5|mmoEA+9n=JGX(Lc(e17VX=}*zdh` z@!F}e`Fos>-@B_)Wi64FfAnpca%yousW-oz zq?EM0(q6zuU)HV`qPQn*P%>#?uXIpUIrF{cj@@yLi>E zuHAK2;=jMYeSYJj7~i|w?nxz6wAWSYpZz>*rfs^|%aXR-=xsrvQD?418oza%B4b%H zWxILqq8&?S#Q%Sl_$oVF@TEwo=+i&nuJ?a>lDywlkZabm$7Q=Ol%5s3rS@c&&-3d) zyDpy<+4=bCtCLG@O3jY$R^8M8_is7BozJrE-Q42yCKi7VGdy@=0c(?n)5aoME+vhi zNnUCf{yJ(u%3gMYhp!=X!LR0T`)yh46+ApuoQgC~J#=n2u=TTrcWDpDvm0jLDQ(IT(o|$2uMlVe+-iv#ryjbIsi{m1% z=D)YiKi^r*|7l^i-m#^tHJpTWG?pw_BNMaE#?~mUQ?)4XWZ9N5uO*2}#**{u{zMuW zov}$)>sl2Q7v6tde8bo7&Y7N{Kk(O|id;P{Ab>)yKW*QW`S=VjU9CICF(;=)^;1f?mF|y^+4;fZCBZ@; z9tVe9n#sfTVaJ{2bGd^xzA#j?w`WR9rQQ6gz2nz1=@oO$q+Kr;n=ZQM==)nn#VKQk z)7h;vf+mEm);fCY*c7RmKMbtnYdf!8P-wh$(nK#V&r+3pV)11;eID05L#5pd8mFiT zY5HxMx1hd2V!FDE(bS~)-v-XgY!f#bsZHC($^>h zX4KjVQ{HIxWa^(v5f2Gj^69wpL8HkJSA|Yrtmgjn=4Yi=W;q28_^gQjh@V zC0l;|^io;ue7NNMmkakVJJ;viuT{SV8dPsSY^Y{()o}UFnKL)12gO9?{EpPz$;!gh zyl`6>&+QeyfuxAfKi?5M3NDpF71w5A7#OFjGMf3G22P$NZPS?VJ- zo4lG(Q;z92fTeyIg)5?pUDubJ~uU8PH)*FPvS@l`aFa8=UO&~+`|t>dhdX=G&KvSsn) z8xI(E1#nCi3AU`{T6NvsEH+$AtNpuN!mT-(5-&yW=H^bhezh@i?(sWIKmRT*qg{-YLUUnFjC&w2b(eV&@7)Z$&sW_8_) zdi83RrY4Vomd1g_D_*QrdFgYeZ;tkgJpO;1gsudzgqXhHXJPp+e?#_hy%wc_kZ2X} zMNUmfm`C*Yf1F%K@!dAD1S5_UV(eaMH5tI{jMN?#lUs`TY)of(o3|MTNap zFYc9F5@6sn`N#{7cTEd)Yu=v7I(I|+wjH~GRuG4>x8oKD1_cIB7srrU({&%5yZv5u zuGi#ATzQG}l$t(gH+?>?Gu4y%ff9j-!BTne-c61@wfr4_DyP1m^hx*la)0maf6faTjFWq*wD^KUWR_L#yL$V^iIfi4b_tmm$rUDjCO*H|**sMr zec2+DetdSm@VB2cY?gLreolKNbtSOYF<|SSZSLy24IU?dnVSd4#&-IsuFVu;Qd9{# zHRoisnpulffuc{N&orE~j@V^6J*6g||%!<~4Q<@jTh zu&|;(4;0OE@15HcdAX34xo7LYleecQCVcrmLB?0sdX) zQkNvvZ)8%NJNUWx84}eVRHYJTxFQ`0SCH#t|Dz81phO-M;Pbn=HHPc<*U> zrn9cw)UI#2yUew$@sP=m&);^>FwZv9J?>xdu_?_&;r2WW=>yX*Ieh*(ahAgj$rkgL zS04?fq>nu``hKNj^xjF6A2WS4En82eMN>6Q8BCq#Y zZc*)KTgzVl`DLhf@vo;2CZ{H8-^-q<`PZD~Lxo}vXK4R<_hTm}_$_nLm=b!`s5sBK ze_iE-PYtslp0o2|c{q!!OIz!r%{xQIylZ^iqYCWggms?yziOtZSDtonGR zk*E8)Z{po^ino4E<~jE0&Fh}WpEERsd^l$@2^|$H+@^6Z^YzABZpBYgK67{p+H;^I#qc^UkHrFn;wV9V|F z<%>@jiYv8rxIz z<->-1778fY@sx=~Di}=WykH{Iudn{@w3qjdjn(q)d~%LidCxuJRmBJUL;pAbY)wBu z^T2_Pe`_kgvSyT>%6GeN$i(Vl_;1sHBk>J}iJ9gBPJtp^-QFKqm^^MjTD4}`#BBTj z`ZmAXc|}aF1l);Wc3Qf9G4thj>NQ2bXa4WsYu?}gc-Q)x{oljB-g8Kf=V(xH5MnqO zddH<}ip$$cYmZJ-y*W*%T155RY?W^*YA0v=O!G9_IQhrX&d-wqg^qu;xF>#d+LMaQ zdVwOEg@WRR_ZY+^kA81l_NvA%h52r8RNmcn{`0Hr_7{Jt zNey=TeM$AomFq<>|17wEe3hi_eg0F50(=uaR8B0}d^GorkMH7~?KR(uEHF-t9H5XYjJ2vX1OIU_&WCB;{AW)XUy>Y*kAv*T;nvGs-tv9 zZiDg#WoL;~POofUu5mTWE-EbOy7-bOG_X0r!0G-{osA9+>3lt(5B*Cl>U(gx|NZg6 zrim+Myu8;tMOV3N-(~GIa*8ow))uM?eDvt3hxYd=B?n7)&S2$r@_Hm%cuQ>C#&@gY z@^-(>lG{_Oy870kD=!qqT9!xdTft}@bo_tKtI~a+KQS6rUjM-TcE{dxw=^e(1WMQ~ zeP%g*YG8FPt_qC%x&6wn zkYBnj-xnYA^J@;uV6>X-dR~pQP3eh|W>BzaN9eBklDvFUFE!q5bPUNlrQIB!vGC{P z`~P(>Z5G~Q67sV=OWv;L$A^c9+xg|~h5sDVI?(N0nHRThhUi&ej@xfVd9Pe6$f#(_ z&Z~Ccc;f4E_WggdJqtQRyfism4@ZQ_-QMJooivqG?EAM*d-LrNt`hZ*Em|Yur{}(9 z(h~8C<#(&q|G(Ynzd7M$kbk6(a-ys2RHd7`b21$r-9(O@ZW76KP-x(2-}&oS z_K$1k`_3M@AfSD{itmzCNgkVR3E#^b9Euy56W3JmKJ=KfC-?GYp~M0uXBC-c+nfx{ z<|Yn0nFmbssWsdyJ)C`-`3-_t$ZWUcp)D^J6rGRx_kiOTG}sbJe4LUIC>kuUE5nywq?VbVn*4sS2Ik0^UYV9y*Xn|mvXC~-h>Pl58>8_ zve!lR!U|kzCTb^VRz~b(xAkZe5?RF!$ug7wq?roA3LP`tHsSzTjz>vl}(O ztj}&0>{Mt{Y!R^7sgstfID?co@`{zsTpTPCO`FcsBZ%^^*wo;DMh2F7CT|!(q*qM*Mx;Ve@&puYg zYY8(LSG{`8d32FR=7QD~$LB$LHRqda9=^7B$qa}xntf`5jP&9qHC4y_&xGc3hiFRl zZhqRPyJzEjj;P(XQ;a81KI7*zX~o)QyY@|c@?^_vqu#WtoI|F2FU{JXkht#m#xl{T z*7vH-)t4{poTbKlk&AEc-UClcR#m8+6MeLZ=jF6X{F-OiEe!lsTxs`prvK*`^XunS zBs*_>vn@f!b>>9jTiuPH`T{GShghsT{Y{Ng)8Me+zYoIoM=qbweLg$>2Uk?&0-YHW zE>V`>^QRu-Yl*ljmHN7iwdTb(xiFo~MavgYbKN@YWzS*jYuf`Pc?-AHck%CCJbnG% zig^JV4xu(Kr-J6l&wHA2U*qG7lh60p^BfP9v9LY5@SkK~+$=TA+3u^2xHP=_lg@o| z^)%J1k2}Bf(!HD0;`P^Zv@z+tjXQKL+pOU6*J#hw+IDZO)xg zaC5kH;nJbj;NyY^H@p^$>q)#eV_U1K6-U@LW6#SqUk?9gbiWzWUTdrai(h_uJH~xH z@Ant##{Ya^{`AzV7*> zp9hszo_cO%@w28gBG&EHhpM<(rOh>$L$8!>F-*LjcP3clP@}Q9M|Pv~6Pagg1T_>n z*qBv5^Bq5SY^KNu@%UdlvDf3@PrWkD*wL_`WA&qm#$zX+p78f`)O&1Y89&Wo&8c6J zrlL~||2&OYPK zzOkv&_~b{!bMNbUO^q4*T0bN$=6aTR^s&aD$GZQ{YEGVK{^Z`{A2(Rk{pY0o?TXW3 z-4+yQy1RN$(z%7Z)?L$@&*)yc?y;1$ZTGyHsv>-brgnWxb+=4-_jJ;`o!(0)?&SG) zB%)AJL5{EJeQbHc)64(v-fD+uUH^vD8xtd~tK;fs?*DN%e(B*VL^HsxA}HTctIG97s`D$4F_q_?Gcgv`*%>|D^ue|MjVae}~BdD74KD!R@)n;m6YQPq=gTi-LCpQrfKAs%=AB@({RPCWmV zq04CgX!!zx*G11WHEoh&x>A^81>&AxWAbQDNL4k>U0afS$1C}|*0EoH2DRS|mQ0q2 zI8h{8%eT08wcqz5^}N6uujx})%iESnB+e>XAJI5LXv(KM^Pi^vechUTJj`OINJj4! zDNU1|Ck2ZpC+oa?m2m$av&X`&ebG<5-K{M9{QP&bM03eiJ&;RFU)DM6AMb7C2=30{ z$;^wne0uHm80WkqnTeZilvW6MJ+zn=bFV7;XTE1a@zs3^8a}zj%0?0no|7{|b@%`5 zw12w!{}{}bPVvD$dbJ_*7bbwO%3kdH>)m-eS2Rge7vm7#eDj_)S{A} zcklep&3Wan8SXi6?kpGUb&GUtxB8uX@1)ChXx6*Z)h}*q_$(hU$%vBUbD7M{;l-k zvK%MI$?I+E=LtU#ma(!vntlA(Mv)A~o7+~k&0ZIE;Mmct5gFHXRzBP=7jg8m{`cVc zxe9@S2WK|&i0k`q-no5h!j`UOvowDD^%p0edB$F?W>Hf&Ywz)P%Yq`AwW^07zdU5b z*1BV1(#euWne0H7gP%KBfAd(y)6RMAicsF$MP*0DbOfLMIDNkO)zG^`7`3tdf8w-~GJ*cxe_t(2JTuqq%+m|4FSE`ryOYJXmVsS|J2TS5 z{qm(tr#?Pbw_RTz?3m2WHlJ8iXL@noH>m7m|=g15ZvYM5%i zKNFo(_gSF--e12BpDiYzw6tB~q%Cu}d)dYO&j&?BgQjz`G%03DNh?YmIJh9SP+b1k z+568{E}!@9Qw8fxpJ`8CXawz63C?;tso5!W%_k3*SzW87tfuQfy>c=5-RpU;ru+E` ztnD#0wd{TP^`6x>*Q%^j!3Vd#7K*vnsKr%z_}1q6lM24K+aIv>@=7|uvta784=amP zbX%2Gk}H4gu2sMB>EHJc|7#u^m*mIvPg}55Bbd#b@1%Vv%k?W)g9X<=;J5!P>9^?#L`UysUK2>)kK*`LYGLOz<+Acut6uo$=rmpRS%sdy0MtZ7gVD zEj7$aR=c=B<#oof^c=lDm7A3*Q~su>{WxTtUitTi#%})a%3IPhy-m{$jyRj^r=(W* zcnC;kYwgIamEL?)=4+wvHBO_sm-f_^w48g!l0E&}rI7g#?s#;q+;VnZvho67yZ_C~ zH@2O+)qr?jG3V5`qYo{^owmqyT*>^+iTEPC>w|k$3*Z)+UB3Yt51=iTMtNHQ6 z{E_$})?KT&PJDBs^51J^{)oMsGX$Q_e*VUhSO|J7gS9KLzdd-|C zPfSjo+PGk+oGx=iqeIbx`Ucg#r#X)=Hn|#hAxL=Ha$U#b+>V@ki3K&&ZtXZJt$uvP znvP3%qfWkTl)RMLee9OjIi9mcXJ@sxEPZf(-=6-pr?V`~Cmq|gaI2k$JEk(UToxfTdK%6$9Gear>?WGWSsTHH0N?tb^S91?=DHW z|5ksQwOVVMEqCG5nI%W>w>ogmkdR0?{w;jRvt!W~#k>0Le?M6sdGn@|vvX{w=)wug zI?r+gV-oeFm}UjH^M8K2zP8(4uCnFUud1Yt3jOu(itp@AU3@#v;C%M#0}DSsTi?^7 zAW*RSk?GN*8cp6;uU=QYyZQEu&f70%wk)~bA2(+1qAmgC#ce@i4i=9(8RZf4QB(c9hPJQk{&-59Ra!)Uv44!l6H(T@b zUyMhaT64dwi$DA7taQZYZPSyF`-yX|y~fqLY;!T=@%uKhDnemq&RUia1&{CKa}TpR zd|;;W9GilMZuP#!n~hDjUAcT^>y*WZAE)g7?ycC-raY%y#6ND=iCX#Jq3?b?Se(Za zXsCBw`R$><=Il`wOIG>t>K*&YF@Y`3m-l_$2gg;}**Eqkr+>6CO%=3dRlQxf!OhK4 zTh0A=2Me=;j|$hyB8gK@%O`PYhnMZ+V%cKq5_xrIg0sJDcIPp0@=E+If=N8xO4<7w! zvi2+Ez1_Kr+jDbL1HDD%_iUUdy?)i=rN<5g@-a`YyjSkbtuHH;>gYTt<=hdI=Hg%b zpKrIH?ti|r?sS8j=Fz49KF^V#yJ*+Gd8@CjQB*Vic7dUK-)G%<{~n2Z_VWhb+VR}t zU)YCFvp!e0tMB`+b9JidmU2Bu2{xyUDc8@{F6~gaeJ`F}Cbgyc8rQ>DPgsc=Kc4KmF+VNmjBHV*MIHRFZ|uiA84SdH7$Jq)SE$-clyLWuZWrX zM$hV@#%CQT4vuvg= zJ7ChQBzd_biM8~nlY>dhh08+AwX!yB+T7NjpZECP*|j}AJ%!ho`RVm8-??o0wB!3q zd-|4nIXN~j)-eA#w<%?@#?)c>& z54xrk?dV=>TmP$l{(~dZ`6AmD>ed)e>+Za0xNZLrA!)PN-b9HL4h=E)4sD#f$^YD* z)_I#wXDJsLRnGa6vvGMe$3s0gORkCAcl_L?Tl4;Bc;K|RUzvAzhvqHZ>SQ5y?uNpW z<(;8n8!|)1ZSQ(_O8h&EXg40;Z_IQjEd1nw1C@2(FSZ-DIy^6qxNLmydPb~@px16e zQ>Dp@QoPB}i;pTjU=kI`U(WRAt0@;to0v*gcE^#&8HyRNUp!gIe((JE`8Q8qd1A7h zZ+>c3&7`(ztXsZ+3%Yx!Lz1g`LdN-79GV9VI<8;YRFP?2yZqdF<*8kwr^P=X&9`me z6sx?UM$Na%h*PS_`0|_^zuBgxZmu|5G|S4mBP6uZ#8E2}`7H>KX&r{W|Y)B9Z3sqxLL)3Ht6T6sGyCkt>W3SL^UZfS4zyZ!V1|Mc6Z zS0r5M7Sa<8dwV0|aI%8QB|#rw|KOP&yY^m?OT4yCNq{eL#xn1HryjQ-sS)#>={d!1 z0Y|&)-MPFbreT*aN-W*Jxy}Cfhp1^+*k{c2G@d*!HP>JI`7xs{IxEs^l)THmd(K5o zF3>o#Oq93gbE{pB_s1W7+%pZ52HMkgRb{w}*8R7c9rmrMD8OmMhOND4_s0G?tNy?1^zQl5+nJF!%KFeD3qr{)1dw)W@?_L`KV&=f?QD z$Lby`+>kyg!+p9@xc3y!PPb>eQCiv(J1&H8VJX_5fG1p_u6b0TzS50-|Zyvq*Pm$|Y zeq#IEwY)xl=Z!4qu`CsEn&9VWU~S`be|CP*?JFk^y<0ltp~fwa1xp{kWxt^2sA#~` zyk~;U*=IWhIzQZ(|DFBls;TQF-c!bVADxHG0;X zr7qG;imJ1>=REtBd;R0h{r_c7ZF`nuW^dQEP$VcjP0eiu58FhRi*Y>bM4Cd>+?TB4 zGnSaK`M>3y@_Aj6e`2SI%ZZ=bX)2oN__|3-%=CD~-N2)lT0>*@FKSEmRXZ$vIVUpC z+eS%prq^OuhGv`R?!j|*%}6ug+-$jGRgagSZvnRjFOIL>WO=Xlu-d=t_iLAlY&A`9e#&y^Z_1my zTf48Zo-HXaRpgoMpwUv6GbM8o&z@8@+vf?V_nx1!J@WXb0-5(xS`Vk5tX9i+D*pOQ z^o?~{)547#wXf9g7G+aPf7sI(AZ#>quFTU__m-NtF0E((4j#D$RR$m5H#6L?y&KBI z%lGl#>~+jf71r8(%efWo?z=?9;%WSsscK6^U+)qte)S>nS@c`0ZJ{;q-YOnsoqAbS z@{-Al%q%Cx36~yB`@U!T!j&RM5=X9e?a4JZHG0&!IIbYDF*YN-!dN-5>7vEQS1iH7 zFNG36Z%WJGl_q+>=GD0^!)X3k_>D`{UYW<9%%bEekZ`DQUjwfCFf zs|s*!etcARUDs;UTc-{lVPTVU)+n>v-+WG$TkulsGmQy5_b&gHk(KMr#x$==Pta+C z?{d%c%e=4O3f|P6788C-bDnTWw1qeOmcvcIxTLZUt$Dd>`AWT0lcsU)n!R|=3+adN z&aO34^_i8m=t-`@#*7~4<4s*k53j_X3H|wO>#{wsf2yxpn{nx+rqe} zu8h9byT((2=cQzTrrDY(*QJ`4d#dm6;aRgumEn5EoI5$QZ1ZKFe6!A5yl4~G7PYxP zlf0H1F1dYvZMR$c=f1nMm$j9N&tsXDWAt|AzNe>o^*G%QD8Ju1`TqaO$7gsh?LPP7 z>2=|y2hS~9zO3T^+;RgG!=p{FR-nXiw|~R-wXYYxe=+;dJLUJz8m%E*sn0iVlH8Kq zoXniS(dnen^6;CSmt%3V^5N%x=ZrHiJ^3uQ`SMB2ny=}n>bqNSs$Mk|=@j}X5^5}x zd^)%MCUAjMb?KAQ%bX^7yk*VUwg&N5VjWJ=FJ@~ zS(k66^7Q*mnB}=xwtb>;GfT2!_)*;nzWyI|a`taX5#W%D@G4AFI(gjwb7s`8-Fx=` zH20HScz2HU(ixs=o_?wm+dRv%_Dp!~yizQ-+Rmqozy67{&A+Mn2BtP0r_LnJw{Bf1 zqr#^(JMsEF^N4L*n00wRT={sp`Eg3p)+^h$D>FHEWwS>WfBO>oZQr)p$M^p!y?5g? zTeCR(jCpeuOlLb)?p^y-CL-H>_VyDV+*&VX%u}bI5#6w1XVblNQB_v2I^CT2yx--P z_r^419d}Wc!O5SED}y9|%vl{Bqr5}u=iWEAQd6cnKfQePhPEcl#R!(gySQ#fJfD=H z$a!4pM8J&S?{|0KUBAyQ%j{`h;XN1q5R>^9SKakYPxIc+bC}_1lJNYKkH3!~58HDU z+v)L-llTe}L$>^Gne3VP{1ng0BX{O~Y&#YuSNC9U&8z(XH($5wy;&IGwqDR{@m!hg z-M4Oj{p5Y8`1sj1k(&s_^4OJsr`KaSZ`Aa{D3 z?Jmw!+NX6TI3`od#2d> znA0w&5_57^t!U`w?XT=wuw3GtU=-`cRZ>k46@KpNeY|3mu@K84#%-~Co90^c8(CTO z2^x5sgiQ8cuK(IxH#cO#QWa6Y!jh~u`=4jxFYPT`yIM?KI^%zDSz=VPh{~(1%6B{8 z-q^N!(W0r#kG!gEi42aN{NUjC{j=-;%-(-|UjdtOcA`e_1-|KeF-x>2F358 z}Sv1($be%Ry~ne|Nh3wZ`0!v z9~@$Mc~j)3&$<(AxiGO3#*A8m|Scx{gM#^;9&M0xkMIxN~4 zw7K~7`sa5#Rj%hop8xU0q`iNh3wNhj+xPWfZVE;<&P`6ep0r9!+oJqePrW!&nceN( zVE^UZ+9k`?e;n|=-uPHSmR+VhIbTLWghR-LX3QwF&qbg2 zHH3$RPMjlg{9Bb@eVA53Wz3n>i-ti#cP}wL)Y#S*E%$@L-}a}Du_Sk|%Ji)>=6Z;E zu03FU<bo32p2*OUTfT4Iw7qAD)Ze_Th$o%~Wk& z#*RlxosSOQUjOvBzx{DvX_Wbw{R>!r+?qOf&yP2oYu@a$cFbOqt3375p_7xB6j@4T zzt&6+ay_)tR$2BX$B9TEzL=!63W1fTPiLhmNGOSP8kpLd9e4e;{AjdR%OT~hmsBoZ z>6kWY)v~Z@Id@K7-~X5SQY1I8PjCO?H%={qil@Ux&zpvYx&{Z!s{4I6wx0Z{O8xG< z8?Rn*?V7%&xF%snff66bl*Kbe;IEHlK1)y;^Fj6Lsm}+VVT6 zer1~l2Zs6@BwVQ9)}LPY#YX&me9H0e^#!kPcqokE`yMUoy7nY!^OyJ?4x!GtQ>T+hy* zZoIcAQ}tx=@*iv6?G8+O#+q?{OIBLZq`&O^8&iK4ov*xhR`Tj12jM;X=cNMpmN5yR z-T8NSL}fJhC1sXd%4t(Wuln@$8O@%fG;f7oMfhKlUCYz*Zf@AYWGmLJl}z zoiFG8zVZ22w$1)z{_=Z!rqc%SQW5o z_5Zi0nNoQdt@WP1;pMOFn_IKZxu>r$G>+d|a&ubH4QBCxEY!sEGZQ%nN4vo-6osqi{*0f$h{I+j7I!yjZ&aKNBx6 z@0BYdLaRLz*nC=a?(bS&B7Q6=<5?^J+3UUaZx(e0@a?>!<0Wxp87IfG^vg3C4=Yc3 z_r&+?vX!}chk8Qe{MNVX>Bd#4@>hS8dopcy{t=G0y~&r3Zujl&6Xa!^(3<(+>vJWA z>E{KzTDq3L`+Ro|E1%YM##N_y9^NspnD;0oOg&=Lj;Z-JUwLMmuTvJ_n)dDC*GTRh zhoZ;7o~EQ8d8=%${b%=1#Hd`n3{yHdU31 zzYO_hbadygb#1d|X`TDVzi~;mpp%ErZ8hWBYLiyzNb$|Jx_SKm-^1cR|Jwg#PWl)z zbN0oU;>9})jHmrC{rZUYvhMYpzuxiNoLK(vLI25HW`Rpq@5*lV>RWu=&0s>t+L>N{ zll_((_DnDj;Y&Zq|KSRM+@q7v%Z1jjdEzYp_k2wC-O?rM?lWcOl}rr}&0D_z^p`6p z+umNdbk+IqAwH*v99w&NujoWLELp{sD6zCd>xhk+mA&4H*b^P$p_}SHUp>lr^105G zWWo6}Qj&@$H8v_UG4f5Ap27o*4b&(uN}&DhoaNs;K~7W;eg|4a7D z<5y4bEcvCf|L29jGlG<4q*t0)$Je&H7`Q|`H@jc*vRxar>)qZcjwQ#slNnW6PEDx! z`||nD-v`?bnkOdZWj?IeR5=*X@$q7ykFyX@tL8=dIp8Z?)9&@D9eOAr)Nv%~s9f;zO()NtF|f5edE|h?PoH@+XPR(FNuSP`pwi3eSF4DKSLY4quI-UOU#|)(5_UXALrs-Y2oVDO#YRuw_(E4Ig1XppO`YEQK9#2@0Kklm+#$k`@N`) z$62V;&5*}3eedJ7*BsZG)P&dU7UOt3Vcv`fAKqOT+{nUhHT}Z%`iZSyLv^yUOV1w; z)HtnVZtc8i<4NTMarWB30nshR=$x-;SiS1PJ=`7-9D@Bb&+}NBm7M@O&iKYg{}Jv-u&=< zx2sTiVZ+O5_SIY)gx)>37V7=*W_5K$K)A1~&A9}lxA!k1C6XH92cojv2Fu)k_J68nzTs;7$If3<2jeW#4IvtWk2jNPeQywWRj zBRe!)m^ioVh%&Zi3URQ_l#x~!;1S}O@>TMm4rf8+&y5ZVGt?HGOe@}^8+Byf^ZFw< zi^XqlSjMeAUtNRs#FbKdlG-}i#&zwh~LO?`AS-~OPu-Sy5@e7?%nR& zk}?tr&%eq3`LO$b`tQ^03o=V&g1xjJ75W_3n3lA7&grG^H{H6|R2G%A?%nIQM1l2d zW;oY%2fKI6dlwvy-rh64?%J%Ejoy3yUE-`f_kXqNc){io)d=P8PCiTB&jKc#S% zVPRLr!HKI}o^-#~U#h$R)1@*oos5M$O9M5vyt(wFrQ+`In=4w%DHd`}Aa!A!UgNbR zj|Kg{@?VOWuc5rR_2rYf+Zm07oIM`ehFhpH>#7_~Xvw$vYxGrjZOp6p$)|UTy8bs% z+>)N9ezC1_EpOSo+R2lhJ##XDm6sqE>e!3@KVF~wX2t3RM-|8Shsw6hb=Pt=vOK!l zy8P2R>2Dsc%=xrlUMuKwk@K>5=feEtES>G%7wr3QviqCt;}a|G zvR=K8*qFt7KL7qv``Vwy3RAKxLR8#$sdRN2O={PZl8%>}ry$rZ(C_ZRF=x+HA^T#v z#BZlEy62s73W^Os{OMlm9E+NkdF%MToCt_qw(d~Trz5L{PE2_1rn6PW-uUd3rHQXz zXBRT$Mji>=VrFvT-jxnR%QLUze``fW*8E;N-Ge*hU8Gy_d7~DQkRyk#m|xlWc3X5n zTFc6tBG2{XlD_xNwfT7V{e+D=hZZu}dQac5C|%Qg*L0<3#g-{~FV~5>*=3Q>}y)DO*8X5`^y|Ti5zFC$o;O=CtK6}{}cOv^QfJE`=YeV_H65ZI#-sZ zS@6xx8bhHIUmtxuvF5sV$CU-oKKU@;*s!Dd{JXoy4@Xs=pK@6&Fl4*ZMTwUlGdeFC zN<~FYa60#q_t(t{@qrJ_TraO(bt{YQ^5#2V@3mWOt=CuA=ec~@_UNX2OHE3*DLXle zYUbIo~;Gtz!|GrF~pIBvf_Uh~K&nNf)F}A9jUi>Xb-dWf) zOIrF)^M!Z!r*y1vKU@-cYWCreud;>zobKP&oO^NiikT}@X5CBm=4fwjc_g}2C_>}) z$uJGoiB20bFISzDyX9`Tfb+&n%kV|@2_5T}&eeE(ERu7r<+k?%rJ{z@O`d*cX$(+v zO)Hx8@`=h~XJ-|k=CadCo#L5CFCKp4C-d0H?D)!)D$g%RE=w-V+y6IhTh7fhS7)0S z-z|-v_>eP+H;-8S(*M9 zqV;<9*Y89;vOFApjn8g6&-BTu3%mWJZt6&?PHgMs^pM$-xZ~z21~0`WM>uB4{hV9< zc1qFXxw3E1Dc#=Y`822LVZ_T*;vTEZ|4zDWyiRM~mfL@I9jZPrO31o;@!FYv%IY_F ztlO^RJTpjt=i>!A?8+G;)m(Q>wYJZ(65>go@vg8)neTrd_h}_h z)Pt#Z#^I)y^YqtWn|}Pl4XK)HS5xTJYoob{5a(L)u}gG z_xfH)U~@jAt#v}U^abAR`3N_?!9wtRW#_3P88_HngjE|{Vu!8!SSB#U#J z;nTFFoJq^;e`p=iu6PnIm*(luzwsI0DlP4UCO>aIzW;RIcRPc0h8V5qlU^^HcyVgQ z?rSV95AJTyTl)S<vPbNDOEA;B$E)(LMozHCXsfxs(Q zLyW@&UC;L|_T8+rHN1G^f1%my?!Wr??1oQo&&OY@*H7eN+qm_ZiLcT^flE9)xKh>H zPef<9D{ghlT%U4n8|O_k+n`Iq(Y+QL2}%iw+BM&Cef%9B4w=)6 zvrh{3xyMu+zn$ig{WLWGwwQocT^HBigHbai+6ww_G77GIFmo>Z&l9!f0(~t4hh(EW z-7=>iUH>ZU`H_#41D*;eAXPKVS$;h0J^j*t*ZliG_uhBQYz^q*et!P**Z2P$;_J@u z=44@B;(pw)z}w>JpFcAm6<3|hX5B2$yCyR`@%`%c8(uEEeQHj_Y0d?=PfKyMu3WV? zEvZDt*-I-sOW^3Gi}MY?>t?I3UA0=--1@X^`TlPE|9|f4*libr0}F`BxO;}&20 z`7fWXrLP4~Qaa7&GG*#nt=Op81GQJS9ZvXf8CP3qJzX#6$>Q(#j{I7uDskw^pA#JY zwV$JHe(#n4WIg|fb5bbhmI)pr7E&_O>1k5wB|KA4CbTB8Fw4EX#&t^PZH};E~S0H#~pY>fPN_Pm2}5|NC9AkLBcfzv2%c zIQMg=p~-Meuaev9ZS2d1Gb&rD6Af_b=7vA|KZJvJM^xzI$5_@R;%pwnN|02=ky(K z&s7IF#cktR66m4mdEQ4^_U+0$a-5<}PgA|PH3c)Kebq~Q-zXfjJJs}-z&fur-m8PP zW*=J7A$s~%x899g2QN(ObA5Ydg#i2SwiTj+`+n)4|LFbwK4ell%Q# zGjHd*$>RKTzrKG3nrwp1I@SH-_|W>;{ii?w9cL8@Cu_4)+kW0EpZDOP_4@^TYXx6k z6x`lFL3_pIr!70~Y`8voK3D$!w3|Wm>VB&BGsJfmOz~RyxKpcWr%dqV$r6l{BV3ny zH~o~H?)-Yv#7R>ob?u5uW4rX{()xc==j)%peq&wHl{-7k*w)T7)!CD^EQh^!!Ln^_ z3m+Q3dYxUF_*>4YGb(TIcez8MU$5xCORPwkVE^;S`p-|-*KjU5X{^8R$lC39IuyOz z{ANvBt^Yviev#C(Pa?niSAB(EZ;>znNw01=2+|~xA%=+uPEis&{T8o+5G)~mGkbF*@l^& zzhCq2^_ervD*yj}mzbE$d_K2+>b`%BeSUt5&1&!aT_&b6JiXD8aKJjJRpgkzT=8*7 zrXWqG14WFdALs2audA5QDQ|bQ@%>@rn=+D`o;qs_`s-ic&WYJOE46#~fk2C&GHomiML0sAq&>A+`@$wV zfp6ZX)QsL%1vw6-W9=7Cxt(}0^=HOK5$}N5@cyaWCFEy2NT^-(xDq_yHS@c@uB4v! z^s7!nYged<_FcMh&2h)7dGDSomc6w>~v8K#r>xcU1%&*Efd zjf1Ay*B8moF3~$3ynfHIlf|_$&2ApdnyQs+C4HB7%y=gXUee4 z&Q?3VjB`U1qs-w0y9(yrZ1n!~VCwXr=}#w2XPmYs%JKQDty{KiEqZ%w^@|?|oR4T} zOV0J!l>OXq-(|mNA)$hOE(XqwO^(8u zvoaJ<@9y4Pq0DY9lJ?*ctJJ+hZ4SqxtXUa4QAwwqrahI2Z~PNB{^Si&w90owv06MbxH_0-Z+_qfWMM)xNp0-2VNZ zOy)iji74^p#esZ%j}vAT<;~oFEo0$|&i0j^Y?5a(*wTtZj=%bO*)B42kec?MRJ__;Q`<`ba zl>0Pbr;f())90UdX>FLE%`)%w8odcNYdI_@2sfp2&$_WY*;;zr-7nMLY;~~XIlN%q z%83uXr_Yd)bTqpn-09MNBs3ssW1SWs&%EF3q+g13g&WP@y5nao|A()~?T)s7-kfuD zL(|QVhC*L?GyE5twm65D&bhf#Q|Y2ayWgDTqiw4@x0f^->@B|j=lcD>wsn6m#y@I% zZFVt6bm^{TTvJ$gnw;8r@KmGGgpVvyUT<=`E*97J%&~O!vB=5ERM@hj&QEPqH7D1t zg^zn@znm58S@GRE@6lG<-!H8zXZ0QRw%MdJAW=E1t% zH+GlX3!QbB|0ytW!%HEJr8ar#0^MpA?{l|*ocaEL$KL9)$t%19B5ykwNTg&&b5C`A zDP<{Ix$wxQ1hd&k3w3h1FWuy+Jbuuz*`PyW(gevJZ+5ZdbT{M*icH#&8`yrE{k2DL z=@*X2?tH~oa}zHF_C$%5?$wUmTBhqgZT*vl-)#?k64jpIRPgMJ=C}9uCuXzr6}&yY`l3<$xAv$5pF^mjq=>NoUUt zJ`@+w^jx1ubp14)eG6Kie9X5ynP2l}ao+rQfBJ(KYB0Jgn4Y%Y7U%nZ65kf)OBX%7fm2&g<7q-T%M4f4AkrhUBLQHNTWs9dk}?3agy25O<{e_o9@F zk}0=tNiCViG9|4tn%n-?*15db^PM>!b3L73ys|(+V9B<1^Cm7-RC9A%nYlt;rca?I z@K2E5mLHm@7kTfU>BPNARP>CGYG+tz@a1cr#Se9s`^78B^ae%-Gdt~iy1CC+Lm_b6 z*-ckZpR9S!zUTRLyPgS+LGM-GqeoHtxBL4(YBH>zZEn?xF1U*z*@JFMla5^I+cY_XXZtwmM|AZW9ff zrE&Pcr%m(j?|f@D@1^|GeG3_Ton1>+t)vz$Q+nmg-W#@nr}N4ztBD$u3?KGxPj)t& zo~$%C(Ztf(YW;@KmQ8IcD!fdrrjgnylAb0q?Fs_SQNEL>3QqPsoRafJNWcE4Kz_;k z16^T3;qmS!La7fIl~qmCeSF>So1xUJ?3tc^#Yz9|;%ZZ^+rPh6n|yw9d4glM_WP>u zcXgsKKJHsqblgH*N{DNclwe^~@4NmrNqc!(?q7O<@7*)M`rVFan|#!BmpZ!I>e)>%4L_3Xb8d;kBcTV)%)xgGzNXoI zKP$f}@$ILil@$x~tM1N9wfT7|Z^g&n4T#0%f9420FkKtk^QHgO2kZ9*oo&gV!{`4^ zm;3wRugWT+b?lQDZwNM4U8La>c_K^F{PUxlEjq3j8y|9HLr%kD4cS1(LGJ7NA@MTzdlO^!Fu_???@DkUQ?Z_&nu^KMNm+w$lB z+qsn!WUkg8w|`%H{>z-|v+K&fP1$m5s)b6+5yh5XY}`34N2XcUFtoA6Sd>|c zXdd_5`KU-zy;U<=J@r6LAFr92#lw;VHyRkY1+MkBY_Td^dUam0fBF9D_Pd@(JqdZE z68h)j{Z%XP&b_toUiICp_wRrFJF9nQ)YGEBzSoNnPnA!|Xiusc%f_*{3efiuKc*I#*_f z%`22*5Egd7X>WJ%#u1D6Z|)pSogT}w%ptQ^bI-p>!Ea5HPF@EbIDH*GHvMFJ=rU)` zTch#>Ipdi&t2FxxY*r>K9=tH`{Kl20UZ<>DlY29>CZ)}oHsh#6H8)d%s83q4kC@k# zE?2c;RWCou(>#K2=kE?xP7$fM(|&Ku&AGp8>hAr& zW6SdHdim$`b6W+~e0lUaGy7vr&GO}GH#XIZ@4x*+%HQ^-W#H+WgvTU-V@2>sQaLf6tjSgG2eq-tTrNZt=&z(bNf! zExWhJt1;x>v|wfS%!^$uuNQr?Ec^RRv~2&znIZYJ?pYSkFyB7E*gy7IWcs{wx2?-Q zZeAY0q~4E9d#1u{%?UYO*B+@eO^J0|y{meM5}%q#?Ax_I&$?7zui5^;_`ON)PRVV1 z%O^a3{yo(7AWPR{_Foc`wr6H-wmY(ZJKNp^j7%&X0tyZd42*UUSSsSQ4qo|px8}cg z{4uUp!Kjaixb*{yMCGljMfv7!=r756Q*%w9bFIMHWQQxCJ^ESROWku%FU}6-@#f&T zX~umk`sdlt=QmW{eY)?(h2NcVx%1=ZXPQi0Fhf5{yZz+GLZ`clX99LivshjA{NG2F z8`BpaGGE}x;aME5ebkwC(%e`b`&`!dIronIe6FKzZP_{XY(d6zxwh}JN-3?Gd0oQX z?HwvY2}k!RG|YcH#Yv&X(>-5)`Mff&^?UxXiO<=*%IntNo)z}nRyk#`mik`hb&BO$ ze3|ZrpCA_1wU`< z&r3Xd!HKU&?vZk~{(}b}9Nqf;jEt;K9o)-)q0d)INO4kD`iC8^F2QdlHd^dHt~T@j zeRrFQ3gH@)-o0G7CAqzP9$RS9y4K|$Isy`2iY6=AL_byutM!{~H#?q@*%!KeV@#0G zlTR{pPa4eCezZexW59}q%Of}rmYht>I4Q&;6<)P>kDJArM@zjWWnvDTmNx&?yZ*0i zr^l4`cRRaFr`PnX*8k73_w%zw&SIaRolkzbDK&$~z^Ch|k~`nKr|#eH9TyFcKYnSc z`oe~jFD0#RP5QUzM6#A=_=)w~=dn1=N@%Hgw=(_4-gN!=osau=MNZRLxL4@Ut_8=> zoZ&HaUNnU}jbo*#pW^X}<=;2tAJ=m$f2(@;s_&ZR&8pshPkt<9z4PI#_0QR_uYEpz zeE#!iyz=WJ1+yNr&wCmjzlU$jms1Z7 zGdzzNE;%^uZ1h1N7XNPy@I)t{!!##vTg2WZ-j~zN7>X_n-zj~6_|E6G>lYZVntANf z7mFKx`P#~>QVtvcTdKBcv8~|BE}jWuA3lA18?*h_o-E4^7o-jc>b!gPLQweCi3G^8sZ!$K2dszIb=c6_nv!0#3 zZl1i`?6Ui@iG9sxzO!_?gKr1R7_dGJU{T#8^g8CG+RaNYn=}vZxBscLyZlY!>pt5T zF^%c+|18fs32f7eS|e~Vh*R7*PO4|h_K$z`=cmSG_C*(3ZU6h&Jj1`-u&`uKlA8Cf z{nMFe-(UAN==a}~i_Z05*RNZbwpN?vg6QUz1-YsW5sA(33MRd~rsCzeEZ|ATvI94+ z@SG|QaGDU_Rdn-P&5G8H8*$px+vO`J@J_F5sjz4&lbNL~s28)bNBY{@qapvyP>3Rb*}c?2n5lb0`-03I}U%`BXFQc$b-%v$sXxsVOI9=N>FD z6*i6xlGXIHt893F|K6c%v4`huSh0WGl9<+_oF$rjqc`R4j9kdEafR!?I~AITD>dHU zJAcDvTHmykua9_?U8=pC{=1jIL!>Q6#((<{ZfZ1{`F-1_cgM2#i03^my3gESaBh|8 znauYtnT-w$r#8<$U9oiiu8+NO91lAkud2q`t`7Yh@#dA&tc6-H|2@uLpl!QV zDpu3;s4#!m(Z^G|T%Rqewn+Twd1Ik~Epu%N?-%7$s+)}Yg0df-w79?f|MELOw#Tnr z%xt<^smYYRoe2Xn~sZs;x(_7a2`B@J{yq#JudZ z$K2~booMbiHkV7)5L@ag4Jsn;EB?9{w<`__qDvx>v!1??7mrMfNKXIs^74c=u7CFN&7 z5Du@ML#9?PWJ*XN(N?YBGLdHm~Q0STw-gN;dyg56gtR_n*9^LlcW zp0Pe+_{iqlmGwIxc5R*KwT&&;qw06njFZnL)g^6iGQ(<2CK=&R%>_a?54Z0q`)jp6 zgssoEG!yYp*Lf~=3(VHG6EkTr@mO}NQ!OdOWNFYuWo6}z>mRFn zzRsW4d&y&q!JpTH91p))N69z|CURn^1F$u5(0 z*Vz0&#P%yU#6yNDcSc7+&*}BQMb7Wr*E%Wtx)S?wmA6e7FCLb$E0}QTiO9-jEZTn2 zXO?DP|M2PD-k8rfvu_qWPQS4uTi^4r!Ya{37R99*TGKhixn*X|_!cuMrt=EZmPdQb z?=RlIcCP%r{~F7WE9vwef5D*hG|8H;wW!lcFO!Oyi#?)>g{D~w~97)E9R(} z39&2Y@GN&(F+*8Z=9*sYk+<`AOv%6ZqcHF1k@la5mfIgooxWz~)`pU+?mNns-t%|P z+GH$g_j_mb&cCPQlis$9H)WdkGz$rA(rL+jlp)UO;&XD}{d~2=Hj5~Y&(A8R`5LoU zUCy+td!;$&mhpNiR}ZyC97`*{AK*|w_tw#)HMOde(mPl zbMLeLpNvZzRr+oJDy_@fbG+?WwWO_ykj+&@f~qOt{P64Q^2;uro5SbuMFpQr|M6>X zdGW!@^vlz{LX8WVdV^10zZ31EyI3rQ_eipCu(_pKhOhe_>MA^IhlfABudv zKIP!c(>G@7Gd$SE*Y;3U(j{m1idePsFB(pq=ck8DKk4uJd?oq+!Gsejel~5Fq?U?q zOAg-RJ>`v&>QWAOr8BQzrM&$lY+3!0>DQ&)FC|MdUS}kKon`<1T8GGtOD=z8>cf~%h+EYu~|Z z*=rwz^6%#sKMT+kwJb^5Vs$(h_a727G%OO_Ztke8F70hfh>KTuJ)T%- z70|>7X}~kFaC~4?Jy3nGX72geT2ZIw-03@C_SGxowOV|CGqv=Icz~YY!WUbY{mNN3 z>#t~OxRT>f{Xb3_Ik(d;Z;REj&RZBR_BQ>eR?8BnPL`$}mvZiZIi}++X4tJ~%5hVP z@i5QDiSr(>7RoN#X(Q}@+~(HOpOZZcmQLT{bYG>ZB3L-1cM4l^yI;a0hKni2s_u(h zPWI3HVJf~R`gl`ow@sGXzYiO?PEhdmiz_vA@0#`TrOrC-zlD?H{%=~LvS{h_!s%>> z3eSbo><7f!FR zf0@B@dt+dq@4koy4<^rF_pK~UC+ff{;b+D-<{skuEu1^6C8=;(pWmf9U%ca5-9Mj= z5L#W!=c-sR>8wPQ$qkcCsm;Hcq&$j}+du#2G~Rq_+3MGxAxDnyH5KD--8eORZhau{ zEsuYX7IptPxw!vVqiC-Qj~L&Vux~GFw?y+U3i00Fdcc%tR@82erB+#gZ!}r0)?UBo zhVs5T$?YOH)}7wIzgGP8`G|wD_xH}uUVrmI{M}ELaevJ-y8a#D|WEnQx4>kgxia!XO{qFb(B27k7unH{}Rox#$gaCfRx zcBjFD<<>{PlgFPgO=&Z#oek?a(}PdcuRY7j>1Yi z&IxW)&uJ)DzAVo#e&>1o_ulniMV9$-o!sskyZcc{-Jc8298Z-@zb-SZ3kx}8x9II=9clLhJrcLdB2(XZ9fa$GWx^dB)c$cN6^F7E{B)t zzE4t(dJ(^)BjzCE}D_vR8h&FXzZ1ac}3;-~axV<=JJc*8fdk z{qv-3{Lwp~_@u?oJpc7{`KBd{g)?VJL?!RkGjtae)KheRoYlC+M`@x&{+pYpSEU{g zpFaQF<^%FkyE@|c?mPNFsL5bM_fofu=4&0QYmbZ1tNdj6JT2dEW9D;4x8v%oiUrMh qd7K~Z(yG|R4jm6*VzE&B$E~Hsym8l2>qZ6!1_n=8KbLh*2~7ZGDGVwA literal 0 HcmV?d00001 diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 908d68e..b049bd7 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,7 +6,7 @@ imports = [ ./common.nix ../foot.nix - ../niri.nix + ../niri ]; home = { username = "yt"; From f26cc9575d65bd4bda09dd7f100cab9784711db5 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 00:15:12 -0500 Subject: [PATCH 097/410] switch to niri --- home/niri/default.nix | 44 ++++++++++++++++++++++++++++++++++++++--- home/yt/ytnix.nix | 1 - hosts/ytnix/default.nix | 5 ----- 3 files changed, 41 insertions(+), 9 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index 889e3b1..c865528 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -5,6 +5,7 @@ let menu = "fuzzel"; browser = "librewolf"; file-manager = "thunar"; + clipboard = "cliphist list | ${menu} --dmenu | cliphist decode | wl-copy"; in { programs.niri.settings = @@ -12,9 +13,32 @@ in prefer-no-csd = true; input.keyboard.xkb.options = "ctrl:nocaps"; spawn-at-startup = [ - { command = [ "waybar" ]; } + { command = [ "${lib.getExe pkgs.waybar}" ]; } { command = [ "${lib.getExe pkgs.swaybg}" "-m" "fill" "-i" wallpaper ]; } ]; + hotkey-overlay.skip-at-startup = true; + + input = { + touchpad = { + tap = true; + dwt = true; + natural-scroll = true; + click-method = "clickfinger"; + }; + warp-mouse-to-focus = true; + focus-follows-mouse.enable = true; + }; + + layout = { + gaps = 4; + focus-ring = { + width = 4; + active.color = "#00000055"; + inactive.color = "#505050"; + }; + always-center-single-column = true; + border.enable = false; + }; }; programs.niri.settings.binds = @@ -43,8 +67,8 @@ in "Mod+Shift+J".action = move-window-down; "Mod+U".action = focus-workspace-up; "Mod+I".action = focus-workspace-down; - "Mod+Shift+U".action = move-workspace-up; - "Mod+Shift+I".action = move-workspace-down; + "Mod+Shift+U".action = move-window-to-workspace-up; + "Mod+Shift+I".action = move-window-to-workspace-down; "Mod+W".action = maximize-column; "Mod+C".action = center-column; "Mod+Shift+Space".action = toggle-window-floating; @@ -68,11 +92,25 @@ in "Mod+3".action = focus-workspace 3; "Mod+4".action = focus-workspace 4; "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+Shift+1".action = move-column-to-workspace 1; + "Mod+Shift+2".action = move-column-to-workspace 2; + "Mod+Shift+3".action = move-column-to-workspace 3; + "Mod+Shift+4".action = move-column-to-workspace 4; + "Mod+Shift+5".action = move-column-to-workspace 5; + "Mod+Shift+6".action = move-column-to-workspace 6; + "Mod+Shift+7".action = move-column-to-workspace 7; + "Mod+Shift+8".action = move-column-to-workspace 8; + "Mod+Shift+9".action = move-column-to-workspace 9; "Mod+Alt+B".action = spawn browser; "Mod+Alt+A".action = spawn "anki"; "Mod+Alt+F".action = spawn file-manager; "Mod+Alt+E".action = spawn "evolution"; "Mod+P".action = spawn "bitwarden"; + "Mod+Comma".action = sh clipboard; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b049bd7..a64bc73 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -123,7 +123,6 @@ }; xdg.configFile = { - sway.source = ../sway; rofi.source = ../rofi; waybar.source = ../waybar; mpv.source = ../mpv; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 36786f4..8912c19 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -188,11 +188,6 @@ }; services.blueman.enable = true; - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - my.backup = { enable = true; jobName = "ytnixRsync"; From afc2e8ea66b2b5016bb7fcd85858d4602f9ae489 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 00:23:46 -0500 Subject: [PATCH 098/410] make fuzzel wider --- home/niri/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index c865528..0249b6f 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -2,10 +2,10 @@ let wallpaper = "${./nixos-c-book.png}"; terminal = "foot"; - menu = "fuzzel"; + menu = [ "fuzzel" "-w" "100" ]; browser = "librewolf"; file-manager = "thunar"; - clipboard = "cliphist list | ${menu} --dmenu | cliphist decode | wl-copy"; + clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; in { programs.niri.settings = From 973993af608aa8ea7667bb2ac86946a2bc7d0471 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 00:57:32 -0500 Subject: [PATCH 099/410] make mouse script work and add window rules --- home/niri/default.nix | 22 ++++++++++++++++++++++ home/niri/scripts/remote.sh | 25 +++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100755 home/niri/scripts/remote.sh diff --git a/home/niri/default.nix b/home/niri/default.nix index 0249b6f..bb9248f 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -39,6 +39,25 @@ in always-center-single-column = true; border.enable = false; }; + + window-rules = [ + { + matches = [{ app-id = "anki"; title = "Add"; }]; + open-floating = true; + } + { + matches = [{ app-id = "foot"; }]; + default-column-width.proportion = .5; + } + { + matches = [{ app-id = "Bitwarden"; }]; + open-floating = true; + } + { + matches = [{ app-id = "mpv"; }]; + open-floating = true; + } + ]; }; programs.niri.settings.binds = @@ -112,5 +131,8 @@ in "Mod+Alt+E".action = spawn "evolution"; "Mod+P".action = spawn "bitwarden"; "Mod+Comma".action = sh clipboard; + + "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1"; + "MouseBack".action = spawn "sh" "${./scripts/remote.sh}"; }; } diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh new file mode 100755 index 0000000..5065980 --- /dev/null +++ b/home/niri/scripts/remote.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +active_window=$(niri msg --json focused-window |jq -r .app_id) + +if [ "$1" = "btn1" ]; then + if [ "$active_window" = "anki" ]; then + wtype " " + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k c -m ctrl -m shift + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P right -p right -m alt + else + wtype -M ctrl -k c -m ctrl + fi +else + if [ "$active_window" = "anki" ]; then + wtype "1" + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k v -m ctrl + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P left -p left -m alt + else + wtype -M ctrl -k v -m ctrl + fi +fi From 929c98faf5d5067155c9fc443ed5e956f9aecf38 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 01:20:01 -0500 Subject: [PATCH 100/410] make xwayland work --- home/niri/default.nix | 8 ++++++-- modules/niri.nix | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index bb9248f..6e3b91c 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -8,13 +8,13 @@ let clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; in { - programs.niri.settings = - { + programs.niri.settings = { prefer-no-csd = true; input.keyboard.xkb.options = "ctrl:nocaps"; spawn-at-startup = [ { command = [ "${lib.getExe pkgs.waybar}" ]; } { command = [ "${lib.getExe pkgs.swaybg}" "-m" "fill" "-i" wallpaper ]; } + { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } ]; hotkey-overlay.skip-at-startup = true; @@ -29,6 +29,10 @@ in focus-follows-mouse.enable = true; }; + environment = { + DISPLAY = ":0"; # for xwayland-satellite + }; + layout = { gaps = 4; focus-ring = { diff --git a/modules/niri.nix b/modules/niri.nix index 5a3666d..b5a6ef4 100644 --- a/modules/niri.nix +++ b/modules/niri.nix @@ -16,5 +16,6 @@ in config = lib.mkIf cfg.enable { programs.niri.package = cfg.package; programs.niri.enable = true; + programs.xwayland.enable = true; }; } From 91c728799b5ac031262a450d984229c94848c72b Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 03:08:04 -0500 Subject: [PATCH 101/410] more key bindings and rules --- home/niri/default.nix | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index 6e3b91c..a2c9f47 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -49,6 +49,10 @@ in matches = [{ app-id = "anki"; title = "Add"; }]; open-floating = true; } + { + matches = [{ app-id = "anki"; }]; + default-column-width.proportion = .25; + } { matches = [{ app-id = "foot"; }]; default-column-width.proportion = .5; @@ -103,12 +107,20 @@ in "Mod+Shift+R".action = switch-preset-window-height; "Mod+Ctrl+R".action = reset-window-height; "Mod+F".action = fullscreen-window; + "Mod+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-column-right; + }; + "Mod+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-column-left; + }; - "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+"; - "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; + "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; + "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; - "XF86MonBrightnessUp".action = sh "brightnessctl set 10%+"; - "XF86MonBrightnessDown".action = sh "brightnessctl set 10%-"; + "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+"; + "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-"; "Mod+1".action = focus-workspace 1; "Mod+2".action = focus-workspace 2; From d07194c5cb832b5f583764ff07c79019064b250b Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 03:54:37 -0500 Subject: [PATCH 102/410] make waybar work with niri --- home/waybar/config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/waybar/config b/home/waybar/config index 13b7819..6038a44 100644 --- a/home/waybar/config +++ b/home/waybar/config @@ -6,8 +6,8 @@ "margin-left": 0, "margin-right": 0, "margin-top": 0, - "modules-left": ["sway/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar - "modules-center": ["sway/window"], // Set modules for the center of the bar + "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar + "modules-center": ["niri/window"], // Set modules for the center of the bar "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar "clock#time": { "format": "{:%H:%M:%S}", @@ -71,7 +71,7 @@ "on-click": "pavucontrol", "interval": 4, }, - "sway/window": { + "niri/window": { "max-length": 64, }, "tray": { From 02c356ec5170d96c533baa5553a5f4b7f6ce3c68 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 03:59:33 -0500 Subject: [PATCH 103/410] flake update and add nix-community cache --- flake.lock | 18 +++++++++--------- flake.nix | 2 ++ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 60b8454..db6dff3 100644 --- a/flake.lock +++ b/flake.lock @@ -266,11 +266,11 @@ ] }, "locked": { - "lastModified": 1737120639, - "narHash": "sha256-p5e/45V41YD3tMELuiNIoVCa25/w4nhOTm0B9MtdHFI=", + "lastModified": 1737221749, + "narHash": "sha256-igllW0yG+UbetvhT11jnt9RppSHXYgMykYhZJeqfHs0=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0046af169ce7b1da503974e1b22c48ef4d71887", + "rev": "97d7946b5e107dd03cc82f21165251d4e0159655", "type": "github" }, "original": { @@ -436,11 +436,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737083351, - "narHash": "sha256-hCddtSuk6m6XROmdOC0te0j2sLeUr28QIzNRk0qF1as=", + "lastModified": 1737241062, + "narHash": "sha256-GM4ZnlsuJWjk+tbespU/DWQsZ2V0u0CS3Hqg0JGMt5M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0993fc268872148cebcd1fac8660a8b8ced49542", + "rev": "b681ff2c9c9163f24ca705d948bb0cee1b3e09f9", "type": "github" }, "original": { @@ -525,11 +525,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1737143193, - "narHash": "sha256-+/BdPFrdJpgmzrMEUZMxsLeND8IvFtjyZbxHX2XrNv4=", + "lastModified": 1737200978, + "narHash": "sha256-QTUx/F8HVjrRIHQxHKrr72aPMj+cDk18WTbvBCCBBdI=", "owner": "nix-community", "repo": "nixvim", - "rev": "aa839cf994f6b9a6b38e755597452087beac0567", + "rev": "cbf960e5659054b2ccf27b67218782e69016bef5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0493875..ca9fcf6 100644 --- a/flake.nix +++ b/flake.nix @@ -38,10 +38,12 @@ extra-substituters = [ "https://cache.cything.io/central" "https://niri.cachix.org" + "https://nix-community.cachix.org" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; builders-use-substitutes = true; }; From 5b163a272176955a934f0e54d1d65d06aa801b07 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 12:46:46 -0500 Subject: [PATCH 104/410] refine window rules --- home/niri/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index a2c9f47..5071256 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -46,7 +46,11 @@ in window-rules = [ { - matches = [{ app-id = "anki"; title = "Add"; }]; + matches = [ + { app-id = "anki"; title = "Add"; } + { app-id = "mpv"; } + { app-id = "Bitwarden"; } + ]; open-floating = true; } { @@ -54,16 +58,15 @@ in default-column-width.proportion = .25; } { - matches = [{ app-id = "foot"; }]; + matches = [ + { app-id = "foot"; } + { app-id = "anki"; title = "^Browse"; } + ]; default-column-width.proportion = .5; } { - matches = [{ app-id = "Bitwarden"; }]; - open-floating = true; - } - { - matches = [{ app-id = "mpv"; }]; - open-floating = true; + matches = [{ app-id = "librewolf"; }]; + default-column-width.proportion = .75; } ]; }; From a53a985158d8060c4a13d5dd7f5c1e80bc797968 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 19:54:35 -0500 Subject: [PATCH 105/410] can we build machines --- .github/workflows/build-and-cache.yml | 35 ++++++++++++++++++++++++++- flake.lock | 18 +++++++------- 2 files changed, 43 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index aca9d1e..a6da635 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: push: jobs: - build: + build-packages: strategy: matrix: package: @@ -25,3 +25,36 @@ jobs: cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - run: nix build -L '${{ matrix.package }}' + build-machines: + strategy: + matrix: + machine: + - chunk + - ytnix + - titan + home: + - yt@ytnix + - yt@chunk + + os: + - ubuntu-latest + # - macos-latest + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + # - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage diff --git a/flake.lock b/flake.lock index db6dff3..25c44cd 100644 --- a/flake.lock +++ b/flake.lock @@ -266,11 +266,11 @@ ] }, "locked": { - "lastModified": 1737221749, - "narHash": "sha256-igllW0yG+UbetvhT11jnt9RppSHXYgMykYhZJeqfHs0=", + "lastModified": 1737299337, + "narHash": "sha256-0NBrY2A7buujKmeCbieopOMSbLxTu8TFcTLqAbTnQDw=", "owner": "nix-community", "repo": "home-manager", - "rev": "97d7946b5e107dd03cc82f21165251d4e0159655", + "rev": "f8ef4541bb8a54a8b52f19b52912119e689529b3", "type": "github" }, "original": { @@ -436,11 +436,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737241062, - "narHash": "sha256-GM4ZnlsuJWjk+tbespU/DWQsZ2V0u0CS3Hqg0JGMt5M=", + "lastModified": 1737274611, + "narHash": "sha256-tmD7875tu1P0UvhI3Q/fXvIe8neJo7H9ZrPQ+QF7Q3E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b681ff2c9c9163f24ca705d948bb0cee1b3e09f9", + "rev": "50165c4f7eb48ce82bd063e1fb8047a0f515f8ce", "type": "github" }, "original": { @@ -525,11 +525,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1737200978, - "narHash": "sha256-QTUx/F8HVjrRIHQxHKrr72aPMj+cDk18WTbvBCCBBdI=", + "lastModified": 1737308837, + "narHash": "sha256-Sro74XNFgGgIIW4uo/YSVGafZhKnZwPLJNBvMsgpl4k=", "owner": "nix-community", "repo": "nixvim", - "rev": "cbf960e5659054b2ccf27b67218782e69016bef5", + "rev": "8fb2fe22c237b25b8af346870e126fdaeaff688b", "type": "github" }, "original": { From 32e8d70d6f7eedfa07050c2253676eb0ecd391d9 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 20:08:27 -0500 Subject: [PATCH 106/410] how about homes --- .github/workflows/build-and-cache.yml | 38 ++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index a6da635..f2ec8f9 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -10,7 +10,7 @@ jobs: - github:cything/nixpkgs/fd06e41125350bc3db5628df49d3b84e4652a59d#lact os: - ubuntu-latest - - macos-latest + # - macos-latest runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -25,6 +25,7 @@ jobs: cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - run: nix build -L '${{ matrix.package }}' + build-machines: strategy: matrix: @@ -32,10 +33,6 @@ jobs: - chunk - ytnix - titan - home: - - yt@ytnix - - yt@chunk - os: - ubuntu-latest # - macos-latest @@ -56,5 +53,32 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - # - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + - run: nix build -L --accept-flake-config .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + + build-homes: + strategy: + matrix: + home: + - yt@ytnix + - yt@chunk + os: + - ubuntu-latest + # - macos-latest + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - run: nix build -L --accept-flake-config .#homeConfigurations."${{ matrix.home }}".activationPackage From 5933a15cd80013ee87182c5fb3c7e1336edc69d2 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 20:37:34 -0500 Subject: [PATCH 107/410] set display variable --- home/niri/default.nix | 8 ++++++++ home/yt/ytnix.nix | 1 + 2 files changed, 9 insertions(+) diff --git a/home/niri/default.nix b/home/niri/default.nix index 5071256..feedd04 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -118,6 +118,14 @@ in cooldown-ms = 150; action = focus-column-left; }; + "Mod+Shift+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-workspace-down; + }; + "Mod+Shift+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-workspace-up; + }; "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index a64bc73..6d34814 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -42,6 +42,7 @@ home.sessionVariables = { ANKI_WAYLAND = "1"; + DISPLAY = ":0"; }; home.packages = with pkgs; [ From 36a8df7aa12cf0accd773e1c3f79c081eaa9d989 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 20:53:31 -0500 Subject: [PATCH 108/410] try lanzaboote from master --- flake.lock | 98 +++++++++++++++--------------------------------------- flake.nix | 2 +- 2 files changed, 28 insertions(+), 72 deletions(-) diff --git a/flake.lock b/flake.lock index 25c44cd..6b93a04 100644 --- a/flake.lock +++ b/flake.lock @@ -1,18 +1,12 @@ { "nodes": { "crane": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1717535930, - "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", "owner": "ipetkov", "repo": "crane", - "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", "type": "github" }, "original": { @@ -119,11 +113,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -157,24 +151,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -333,7 +309,6 @@ "crane": "crane", "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], @@ -341,16 +316,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1718178907, - "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "lastModified": 1737299073, + "narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.1", + "ref": "master", "repo": "lanzaboote", "type": "github" } @@ -367,11 +342,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737231928, - "narHash": "sha256-eOvFTgpFGP8hy6r3O8Ae5jOGc483l4BszwQsPcccbbs=", + "lastModified": 1737325400, + "narHash": "sha256-B8+1x5rDA9GtzX+LWlceIbLBwncKH5uDrGqEN0EoOQw=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "ca748d585a271a512807cd60e5353a9ddb4d1dee", + "rev": "aad9ae8e2b07ed5d37743f3ae87c42528e2d172c", "type": "github" }, "original": { @@ -480,27 +455,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1737165118, - "narHash": "sha256-s40Kk/OulP3J/1JvC3VT16U4r/Xw6Qdi7SRw3LYkPWs=", + "lastModified": 1737299813, + "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a3ae7a5a12fb8cac2d59d7df7cbd95f9b2f0566", + "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", "type": "github" }, "original": { @@ -540,7 +515,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -575,11 +550,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -604,21 +579,17 @@ }, "rust-overlay": { "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], "nixpkgs": [ "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1717813066, - "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", "type": "github" }, "original": { @@ -662,21 +633,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index ca9fcf6..9c91249 100644 --- a/flake.nix +++ b/flake.nix @@ -20,7 +20,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; + url = "github:nix-community/lanzaboote/master"; inputs.nixpkgs.follows = "nixpkgs"; }; nixvim = { From ec4e66c91a08cc7841e1c3f036b30df6a3e3eb7d Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 21:05:49 -0500 Subject: [PATCH 109/410] can we get more space --- .github/workflows/build-and-cache.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index f2ec8f9..4a24858 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -39,6 +39,16 @@ jobs: runs-on: ${{ matrix.os }} continue-on-error: true steps: + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + root-reserve-mb: 512 + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty @@ -67,6 +77,16 @@ jobs: runs-on: ${{ matrix.os }} continue-on-error: true steps: + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + root-reserve-mb: 512 + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty From f8018ab702724f22585a0a493868b35bc1004cbe Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 21:16:55 -0500 Subject: [PATCH 110/410] overprovision lvm and mount to /nix --- .github/workflows/build-and-cache.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 4a24858..5e5f5a4 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -42,13 +42,14 @@ jobs: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 with: - root-reserve-mb: 512 + overprovision-lvm: true swap-size-mb: 1024 remove-dotnet: 'true' remove-android: 'true' remove-haskell: 'true' remove-codeql: 'true' remove-docker-images: 'true' + build-mount-path: /nix - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty @@ -80,13 +81,14 @@ jobs: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 with: - root-reserve-mb: 512 + overprovision-lvm: true swap-size-mb: 1024 remove-dotnet: 'true' remove-android: 'true' remove-haskell: 'true' remove-codeql: 'true' remove-docker-images: 'true' + build-mount-path: /nix - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty From bb0da642193866869127b86793992e49ca00d80c Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 21:20:48 -0500 Subject: [PATCH 111/410] root should own /nix before we install nix --- .github/workflows/build-and-cache.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 5e5f5a4..cc56c9a 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -50,6 +50,7 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + build-mount-path-ownership: 'root:root' - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty @@ -89,6 +90,7 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + build-mount-path-ownership: 'root:root' - uses: DeterminateSystems/nix-installer-action@main with: logger: pretty From 71be5f3545997b64c72a1088731dc13017fc10fc Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 21:45:11 -0500 Subject: [PATCH 112/410] fmt --- .github/workflows/build-and-cache.yml | 2 -- flake.nix | 5 ++- home/niri/default.nix | 45 ++++++++++++++++++++------- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index cc56c9a..520c77e 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -25,7 +25,6 @@ jobs: cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - run: nix build -L '${{ matrix.package }}' - build-machines: strategy: matrix: @@ -66,7 +65,6 @@ jobs: with: persist-credentials: false - run: nix build -L --accept-flake-config .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - build-homes: strategy: matrix: diff --git a/flake.nix b/flake.nix index 9c91249..ce47e6b 100644 --- a/flake.nix +++ b/flake.nix @@ -89,7 +89,10 @@ programs.typos.enable = true; programs.shellcheck.enable = true; - settings.global.excludes = [ "secrets/*" ]; + settings.global.excludes = [ + "secrets/*" + "**/*.png" # tries to format a png file?? + ]; }; }; diff --git a/home/niri/default.nix b/home/niri/default.nix index feedd04..22386df 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -1,8 +1,17 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let wallpaper = "${./nixos-c-book.png}"; terminal = "foot"; - menu = [ "fuzzel" "-w" "100" ]; + menu = [ + "fuzzel" + "-w" + "100" + ]; browser = "librewolf"; file-manager = "thunar"; clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; @@ -13,7 +22,15 @@ in input.keyboard.xkb.options = "ctrl:nocaps"; spawn-at-startup = [ { command = [ "${lib.getExe pkgs.waybar}" ]; } - { command = [ "${lib.getExe pkgs.swaybg}" "-m" "fill" "-i" wallpaper ]; } + { + command = [ + "${lib.getExe pkgs.swaybg}" + "-m" + "fill" + "-i" + wallpaper + ]; + } { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } ]; hotkey-overlay.skip-at-startup = true; @@ -36,10 +53,10 @@ in layout = { gaps = 4; focus-ring = { - width = 4; - active.color = "#00000055"; - inactive.color = "#505050"; - }; + width = 4; + active.color = "#00000055"; + inactive.color = "#505050"; + }; always-center-single-column = true; border.enable = false; }; @@ -47,25 +64,31 @@ in window-rules = [ { matches = [ - { app-id = "anki"; title = "Add"; } + { + app-id = "anki"; + title = "Add"; + } { app-id = "mpv"; } { app-id = "Bitwarden"; } ]; open-floating = true; } { - matches = [{ app-id = "anki"; }]; + matches = [ { app-id = "anki"; } ]; default-column-width.proportion = .25; } { matches = [ { app-id = "foot"; } - { app-id = "anki"; title = "^Browse"; } + { + app-id = "anki"; + title = "^Browse"; + } ]; default-column-width.proportion = .5; } { - matches = [{ app-id = "librewolf"; }]; + matches = [ { app-id = "librewolf"; } ]; default-column-width.proportion = .75; } ]; From 3dd119d3d75ad1ccfc4dd9450ed8534d354728fc Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 22:27:14 -0500 Subject: [PATCH 113/410] niri disable focus follows mouse --- home/niri/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index 22386df..9aa8636 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -43,7 +43,7 @@ in click-method = "clickfinger"; }; warp-mouse-to-focus = true; - focus-follows-mouse.enable = true; + focus-follows-mouse.enable = false; }; environment = { From b01a3fd472d2609599f7542a490e0147d92a0330 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 19 Jan 2025 22:34:36 -0500 Subject: [PATCH 114/410] bump conduwuit and remove the patch --- .github/workflows/build-and-cache.yml | 4 +- overlay/conduwuit/default.nix | 9 ++-- overlay/conduwuit/fix-lint.patch | 74 --------------------------- 3 files changed, 5 insertions(+), 82 deletions(-) delete mode 100644 overlay/conduwuit/fix-lint.patch diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 520c77e..0e2e1df 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -7,10 +7,10 @@ jobs: strategy: matrix: package: - - github:cything/nixpkgs/fd06e41125350bc3db5628df49d3b84e4652a59d#lact + - github:cything/nixpkgs#hello os: - ubuntu-latest - # - macos-latest + - macos-latest runs-on: ${{ matrix.os }} continue-on-error: true steps: diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix index 6ce6e72..e08101c 100644 --- a/overlay/conduwuit/default.nix +++ b/overlay/conduwuit/default.nix @@ -10,14 +10,11 @@ final: prev: { src = final.fetchFromGitHub { owner = "girlbossceo"; repo = "conduwuit"; - rev = "8c74e35e7640a041c1f3496d82585e5240294352"; - hash = "sha256-/2YD3TXT9pQ7oPEm9wDrq35afU88qukMIWqrBX5JyXg="; + rev = "5b8464252c2c03edf65e43153be026dbb768a12a"; + hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U="; }; doCheck = false; - cargoHash = "sha256-ZenMTCEJrALKQnW7/eXqrhFj+BedE9i/rQZMsPHl8K0="; - cargoPatches = [ - ./fix-lint.patch - ]; + cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80="; # unstable has this set to "conduit" meta.mainProgram = "conduwuit"; diff --git a/overlay/conduwuit/fix-lint.patch b/overlay/conduwuit/fix-lint.patch deleted file mode 100644 index 120ec8a..0000000 --- a/overlay/conduwuit/fix-lint.patch +++ /dev/null @@ -1,74 +0,0 @@ -diff --git a/Cargo.lock b/Cargo.lock -index 3f900a114..0d30a3fec 100644 ---- a/Cargo.lock -+++ b/Cargo.lock -@@ -4493,7 +4493,7 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" - [[package]] - name = "tracing" - version = "0.1.41" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "log", - "pin-project-lite", -@@ -4504,7 +4504,7 @@ dependencies = [ - [[package]] - name = "tracing-attributes" - version = "0.1.28" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "proc-macro2", - "quote", -@@ -4514,7 +4514,7 @@ dependencies = [ - [[package]] - name = "tracing-core" - version = "0.1.33" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "once_cell", - "valuable", -@@ -4534,7 +4534,7 @@ dependencies = [ - [[package]] - name = "tracing-log" - version = "0.2.0" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "log", - "once_cell", -@@ -4562,7 +4562,7 @@ dependencies = [ - [[package]] - name = "tracing-subscriber" - version = "0.3.18" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "matchers", - "nu-ansi-term", -diff --git a/Cargo.toml b/Cargo.toml -index 76acda807..a2916a6aa 100644 ---- a/Cargo.toml -+++ b/Cargo.toml -@@ -513,16 +513,16 @@ version = "0.2" - # https://github.com/girlbossceo/tracing/commit/b348dca742af641c47bc390261f60711c2af573c - [patch.crates-io.tracing-subscriber] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - [patch.crates-io.tracing] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - [patch.crates-io.tracing-core] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - [patch.crates-io.tracing-log] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - - # adds a tab completion callback: https://github.com/girlbossceo/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50 - # adds event for CTRL+\: https://github.com/girlbossceo/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b From 6697a8400b42aed34a8bb27acf4d0544c6d2f788 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 00:28:02 -0500 Subject: [PATCH 115/410] use oxalica/rust-overlay to build conduwuit --- flake.lock | 21 ++++++++++++++++++++ flake.nix | 15 +++++++++++--- overlay/conduwuit/default.nix | 14 +++++++++++--- overlay/conduwuit/rust-toolchain.toml | 28 +++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 overlay/conduwuit/rust-toolchain.toml diff --git a/flake.lock b/flake.lock index 6b93a04..b093702 100644 --- a/flake.lock +++ b/flake.lock @@ -573,6 +573,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", + "rust-overlay": "rust-overlay_2", "sops-nix": "sops-nix", "treefmt": "treefmt" } @@ -598,6 +599,26 @@ "type": "github" } }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737340068, + "narHash": "sha256-5UciRckNV+YOZ6y6ASBIb01cySB12whDxgFUK+EqT8g=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "275c824ed9e90e7fd4f96d187bde3670062e721f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index ce47e6b..f75fe1e 100644 --- a/flake.nix +++ b/flake.nix @@ -28,8 +28,14 @@ inputs.nixpkgs.follows = "nixpkgs"; }; flake-parts.url = "github:hercules-ci/flake-parts"; - niri.url = "github:sodiboo/niri-flake"; - niri.inputs.nixpkgs.follows = "nixpkgs"; + niri = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; @@ -101,7 +107,10 @@ pkgs = import nixpkgs { config.allowUnfree = true; system = "x86_64-linux"; - overlays = [ inputs.niri.overlays.niri ] ++ import ./overlay; + overlays = [ + inputs.niri.overlays.niri + inputs.rust-overlay.overlays.default + ] ++ import ./overlay; }; in { diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix index e08101c..1222c83 100644 --- a/overlay/conduwuit/default.nix +++ b/overlay/conduwuit/default.nix @@ -1,9 +1,17 @@ -final: prev: { +final: prev: +let + newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; + newRustPlatform = final.makeRustPlatform { + cargo = newRust; + rustc = newRust; + }; +in +{ conduwuit = prev.conduwuit.override (old: { - rustPlatform = old.rustPlatform // { + rustPlatform = newRustPlatform // { buildRustPackage = args: - old.rustPlatform.buildRustPackage ( + newRustPlatform.buildRustPackage ( args // { version = "0.5.0-rc2"; diff --git a/overlay/conduwuit/rust-toolchain.toml b/overlay/conduwuit/rust-toolchain.toml new file mode 100644 index 0000000..97e33c9 --- /dev/null +++ b/overlay/conduwuit/rust-toolchain.toml @@ -0,0 +1,28 @@ +# This is the authoritiative configuration of this project's Rust toolchain. +# +# Other files that need upkeep when this changes: +# +# * `Cargo.toml` +# * `flake.nix` +# +# Search in those files for `rust-toolchain.toml` to find the relevant places. +# If you're having trouble making the relevant changes, bug a maintainer. + +[toolchain] +channel = "1.84.0" +profile = "minimal" +components = [ + # For rust-analyzer + "rust-src", + "rust-analyzer", + # For CI and editors + "rustfmt", + "clippy", +] +targets = [ + #"x86_64-apple-darwin", + "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "aarch64-unknown-linux-musl", + #"aarch64-apple-darwin", +] From 833a22887016c4f3465b10bcfe2729bc653e9741 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 01:22:36 -0500 Subject: [PATCH 116/410] use -L flag --- home/zsh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/zsh/default.nix b/home/zsh/default.nix index c1df4e8..994fa1f 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -87,9 +87,9 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch --flake ."; - "nrt" = "sudo nixos-rebuild test --flake ."; - "hrs" = "home-manager switch --flake ."; + "nrs" = "sudo nixos-rebuild switch -L --flake ."; + "nrt" = "sudo nixos-rebuild test -L --flake ."; + "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; From d7f51613fddddcfcd3b805c0cfa8e876c733589b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 01:48:04 -0500 Subject: [PATCH 117/410] forgejo: enable repo indexer --- hosts/chunk/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 0b644a2..07d0e69 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -20,6 +20,7 @@ }; actions.ENABLED = false; repository.ENABLE_PUSH_CREATE_USER = true; + indexer.REPO_INDEXER_ENABLED = true; }; database = { type = "postgres"; From 3a621723d1846e8d65ec7ffaed966f8a10e9f560 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 02:59:35 -0500 Subject: [PATCH 118/410] revamp workflow (https://git.cy7.sh/cy/infra/pulls/4) Reviewed-on: https://git.cy7.sh/cy/infra/pulls/4 Co-authored-by: cy Co-committed-by: cy --- .github/workflows/build-and-cache.yml | 108 ++++++++++++++++---------- 1 file changed, 69 insertions(+), 39 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 0e2e1df..217fd43 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -3,28 +3,6 @@ on: workflow_dispatch: push: jobs: - build-packages: - strategy: - matrix: - package: - - github:cything/nixpkgs#hello - os: - - ubuntu-latest - - macos-latest - runs-on: ${{ matrix.os }} - continue-on-error: true - steps: - - uses: DeterminateSystems/nix-installer-action@main - with: - logger: pretty - - uses: DeterminateSystems/magic-nix-cache-action@main - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - - run: nix build -L '${{ matrix.package }}' build-machines: strategy: matrix: @@ -34,7 +12,7 @@ jobs: - titan os: - ubuntu-latest - # - macos-latest + runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -49,22 +27,48 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - build-mount-path-ownership: 'root:root' - - uses: DeterminateSystems/nix-installer-action@main + + - uses: nixbuild/nix-quick-install-action@master + + - name: Sync repository + uses: actions/checkout@v4 with: - logger: pretty - - uses: DeterminateSystems/magic-nix-cache-action@main + persist-credentials: false + + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix + - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Sync repository - uses: actions/checkout@v4 + + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 with: - persist-credentials: false - - run: nix build -L --accept-flake-config .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true + + - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + build-homes: strategy: matrix: @@ -74,6 +78,7 @@ jobs: os: - ubuntu-latest # - macos-latest + runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -88,19 +93,44 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - build-mount-path-ownership: 'root:root' - - uses: DeterminateSystems/nix-installer-action@main + + - uses: nixbuild/nix-quick-install-action@master + + - name: Sync repository + uses: actions/checkout@v4 with: - logger: pretty - - uses: DeterminateSystems/magic-nix-cache-action@main + persist-credentials: false + + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix + - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Sync repository - uses: actions/checkout@v4 + + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 with: - persist-credentials: false - - run: nix build -L --accept-flake-config .#homeConfigurations."${{ matrix.home }}".activationPackage + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true + + - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage From 1d7b20d51d249edfc55422577b0ffbe623da1575 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 03:07:03 -0500 Subject: [PATCH 119/410] use more specific primary-key and prefix-match --- .github/workflows/build-and-cache.yml | 63 +++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml index 217fd43..81a635d 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-and-cache.yml @@ -3,6 +3,61 @@ on: workflow_dispatch: push: jobs: + build-packages: + strategy: + matrix: + package: + - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr + os: + - ubuntu-latest + - macos-latest + - ubuntu-24.04-arm + + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - name: Install Nix + uses: cachix/install-nix-action@v30 + + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 + with: + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true + + - run: nix build -L ${{ matrix.package }} + build-machines: strategy: matrix: @@ -53,9 +108,9 @@ jobs: uses: nix-community/cache-nix-action@v5.1.0 with: # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('flake.lock') }} + primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}- + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- # do purge caches purge: true # purge all versions of the cache @@ -119,9 +174,9 @@ jobs: uses: nix-community/cache-nix-action@v5.1.0 with: # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('flake.lock') }} + primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }} # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}- + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}- # do purge caches purge: true # purge all versions of the cache From e78bda179ef93830f8553ba108d5cd766e053d5c Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 13:10:07 -0500 Subject: [PATCH 120/410] move packages to a separate workflow --- ...cache.yml => build-machines-and-homes.yml} | 57 +----------------- .github/workflows/build-packages.yml | 58 +++++++++++++++++++ 2 files changed, 59 insertions(+), 56 deletions(-) rename .github/workflows/{build-and-cache.yml => build-machines-and-homes.yml} (69%) create mode 100644 .github/workflows/build-packages.yml diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-machines-and-homes.yml similarity index 69% rename from .github/workflows/build-and-cache.yml rename to .github/workflows/build-machines-and-homes.yml index 81a635d..76fcb36 100644 --- a/.github/workflows/build-and-cache.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -1,63 +1,8 @@ -name: build and cache random stuff +name: build and cache machines and homes on: workflow_dispatch: push: jobs: - build-packages: - strategy: - matrix: - package: - - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr - os: - - ubuntu-latest - - macos-latest - - ubuntu-24.04-arm - - runs-on: ${{ matrix.os }} - continue-on-error: true - steps: - - name: Install Nix - uses: cachix/install-nix-action@v30 - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - - - run: nix build -L ${{ matrix.package }} - build-machines: strategy: matrix: diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml new file mode 100644 index 0000000..7531f6e --- /dev/null +++ b/.github/workflows/build-packages.yml @@ -0,0 +1,58 @@ +name: build and cache packages +on: + workflow_dispatch: +jobs: + build-packages: + strategy: + matrix: + package: + - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr + os: + - ubuntu-latest + - macos-latest + - ubuntu-24.04-arm + + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - name: Install Nix + uses: cachix/install-nix-action@v30 + + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 + with: + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true + + - run: nix build -L ${{ matrix.package }} From b2582a051d5068ad0d707ab9955a564150c5d9d4 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 13:36:28 -0500 Subject: [PATCH 121/410] also run workflow on PR --- .github/workflows/build-machines-and-homes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 76fcb36..6ae6746 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -2,6 +2,7 @@ name: build and cache machines and homes on: workflow_dispatch: push: + pull_request: jobs: build-machines: strategy: From 240d8b2820cfe4409f3b2117650bf32a6ee42838 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 20:12:33 -0500 Subject: [PATCH 122/410] add lact package --- .github/workflows/build-packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 7531f6e..203f95b 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -7,6 +7,7 @@ jobs: matrix: package: - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr + - github:cything/nixpkgs/7a6df0d295e2477d88251bd6d80bf25d251e59d2#lact os: - ubuntu-latest - macos-latest From d29d23c3e8398384cfde748e6adae81aadbdc854 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 20:50:13 -0500 Subject: [PATCH 123/410] unbreak element --- hosts/chunk/element.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix index 958666e..81ab246 100644 --- a/hosts/chunk/element.nix +++ b/hosts/chunk/element.nix @@ -7,9 +7,12 @@ virtualisation.oci-containers.containers.element = { image = "vectorim/element-web"; autoStart = true; - ports = [ "127.0.0.1:8089:80" ]; + ports = [ "127.0.0.1:8089:8089" ]; pull = "newer"; networks = [ "element-net" ]; + environment = { + ELEMENT_WEB_PORT = "8089"; + }; }; systemd.services.create-element-net = { From 0cc8d4195fb6fd4164604177d3e0fb82c9dd2351 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 20:50:51 -0500 Subject: [PATCH 124/410] some niri changes --- home/niri/default.nix | 7 ++++--- home/yt/ytnix.nix | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index 9aa8636..f74bcb3 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -32,6 +32,7 @@ in ]; } { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } + { command = [ "wl-paste" "--watch" "cliphist" "store"]; } ]; hotkey-overlay.skip-at-startup = true; @@ -51,11 +52,11 @@ in }; layout = { - gaps = 4; + gaps = 0; focus-ring = { width = 4; - active.color = "#00000055"; - inactive.color = "#505050"; + active.color = "#4c7899"; + inactive.color = "#333333"; }; always-center-single-column = true; border.enable = false; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 6d34814..8624bdf 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ seahorse github-cli fuzzel + nixpkgs-review ]; programs.waybar.enable = true; From 222fc459186b7daa30b79e9f53077634b1f6d9bc Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 20:51:57 -0500 Subject: [PATCH 125/410] flake update --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b093702..8cd1162 100644 --- a/flake.lock +++ b/flake.lock @@ -242,11 +242,11 @@ ] }, "locked": { - "lastModified": 1737299337, - "narHash": "sha256-0NBrY2A7buujKmeCbieopOMSbLxTu8TFcTLqAbTnQDw=", + "lastModified": 1737394973, + "narHash": "sha256-EW4oXMfnfA5sNM9Jqm+y98horWVvN66Gu7YIcEpFYZc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8ef4541bb8a54a8b52f19b52912119e689529b3", + "rev": "9786661d57c476021c8a0c3e53bf9fa2b4f3328b", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737325400, - "narHash": "sha256-B8+1x5rDA9GtzX+LWlceIbLBwncKH5uDrGqEN0EoOQw=", + "lastModified": 1737373716, + "narHash": "sha256-GRI9WugYv8QlnhZlINfY8gHIR+xn/AsEXhQP3+FjUh0=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "aad9ae8e2b07ed5d37743f3ae87c42528e2d172c", + "rev": "5aa5e53601ff1d93ae6b4dc6f833c73fc8de6466", "type": "github" }, "original": { @@ -375,11 +375,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737211438, - "narHash": "sha256-XPcV2rV7Vy7lLeZMhTOwd0t/sRwNquXI7CH7+3Aftt0=", + "lastModified": 1737370409, + "narHash": "sha256-khoHHrpP/yArGEm94H/GtZytGzfJECsAEGmB9DLWb7M=", "owner": "YaLTeR", "repo": "niri", - "rev": "818248457210f5101459ea7d7066d12c456c8a97", + "rev": "7f025da5b6edb1d77e785ba6a6450ab10788ad8f", "type": "github" }, "original": { @@ -411,11 +411,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737274611, - "narHash": "sha256-tmD7875tu1P0UvhI3Q/fXvIe8neJo7H9ZrPQ+QF7Q3E=", + "lastModified": 1737401148, + "narHash": "sha256-8YfoGyE89rWpG6NjCmYrJeV8EPAKvnZf2lN402WbC/A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "50165c4f7eb48ce82bd063e1fb8047a0f515f8ce", + "rev": "7ceed4f800bec4c12c9b21c54bb76cb28a80e259", "type": "github" }, "original": { @@ -500,11 +500,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1737308837, - "narHash": "sha256-Sro74XNFgGgIIW4uo/YSVGafZhKnZwPLJNBvMsgpl4k=", + "lastModified": 1737385899, + "narHash": "sha256-/zyvdstDpPhc5lhFMtKgyQdU2oXGXDb0cg4BY91NKvg=", "owner": "nix-community", "repo": "nixvim", - "rev": "8fb2fe22c237b25b8af346870e126fdaeaff688b", + "rev": "115994f18e439a1cca9cdaaf15c004870256814d", "type": "github" }, "original": { @@ -626,11 +626,11 @@ ] }, "locked": { - "lastModified": 1737107480, - "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=", + "lastModified": 1737411508, + "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6", + "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", "type": "github" }, "original": { From 21fdf27b6c7884613b97d98a64feb98a5b2eed62 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 21:00:49 -0500 Subject: [PATCH 126/410] use input to build packages --- .github/workflows/build-packages.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 203f95b..a177078 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -1,13 +1,20 @@ name: build and cache packages on: workflow_dispatch: + inputs: + package: + description: "package to build" + required: false + type: string + jobs: build-packages: strategy: matrix: package: - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr - - github:cything/nixpkgs/7a6df0d295e2477d88251bd6d80bf25d251e59d2#lact + - github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact + - ${{ inputs.package }} os: - ubuntu-latest - macos-latest From 3a415ccce91f91e24bf792fe61f3f6cab63d4926 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 20 Jan 2025 23:36:46 -0500 Subject: [PATCH 127/410] downgrade kernel to 6.12 --- hosts/ytnix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 8912c19..01a9c97 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -41,7 +41,7 @@ efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_6_12; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; From 40addb8f906650939db5ebfdb2c4fab3563564ae Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 01:09:38 -0500 Subject: [PATCH 128/410] try zen kernel --- hosts/ytnix/default.nix | 2 +- overlay/default.nix | 1 + overlay/kernel.nix | 9 +++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 overlay/kernel.nix diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 01a9c97..2cac680 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -41,7 +41,7 @@ efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; diff --git a/overlay/default.nix b/overlay/default.nix index 99fc17b..123e1f2 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,6 +2,7 @@ let overlays = [ ./conduwuit ./attic + ./kernel.nix ]; importedOverlays = map (m: import m) overlays; in diff --git a/overlay/kernel.nix b/overlay/kernel.nix new file mode 100644 index 0000000..b9a233b --- /dev/null +++ b/overlay/kernel.nix @@ -0,0 +1,9 @@ +final: prev: let + inherit (prev) lib; +in { + linux_zen = prev.linux_zen.override (old: { + extraStructuredConfig = with lib.kernel; { + CONFIG_SCHED_MUQSS = yes; + }; + }); +} From 38b90fd28e4c5623c2cbd198d8c84055468c59e6 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 04:04:08 -0500 Subject: [PATCH 129/410] overlay zen --- hosts/ytnix/default.nix | 2 +- overlay/kernel.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 2cac680..0024c40 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -41,7 +41,7 @@ efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_zen; + kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; diff --git a/overlay/kernel.nix b/overlay/kernel.nix index b9a233b..e845a1e 100644 --- a/overlay/kernel.nix +++ b/overlay/kernel.nix @@ -1,7 +1,7 @@ final: prev: let inherit (prev) lib; in { - linux_zen = prev.linux_zen.override (old: { + linuxKernels.kernels.linux_zen = prev.linuxKernels.kernels.linux_zen.override (old: { extraStructuredConfig = with lib.kernel; { CONFIG_SCHED_MUQSS = yes; }; From 2c2d5a4103f4484deae3eb2b2a0638dfe38732b4 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 04:04:32 -0500 Subject: [PATCH 130/410] niri doesnt start if DISPLAY is set before --- home/niri/default.nix | 1 + home/yt/ytnix.nix | 5 ----- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index f74bcb3..40c53d6 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -49,6 +49,7 @@ in environment = { DISPLAY = ":0"; # for xwayland-satellite + ANKI_WAYLAND = "1"; }; layout = { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8624bdf..2fa8d16 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -40,11 +40,6 @@ }; }; - home.sessionVariables = { - ANKI_WAYLAND = "1"; - DISPLAY = ":0"; - }; - home.packages = with pkgs; [ firefox ungoogled-chromium From 4ceb7f78305e05da7dad175b805dbc9ac6d4780e Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 04:05:32 -0500 Subject: [PATCH 131/410] add garnix.yaml --- garnix.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 garnix.yaml diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..c189664 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,6 @@ +builds: + include: + - 'nixosConfigurations.*' + - 'homeConfigurations.*' + - '*.aarch64-linux.*' + - '*.x86_64-linux.*' From ae71a8a7791b22b88030865d7fc05ec51a829752 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 04:22:58 -0500 Subject: [PATCH 132/410] add garnix and cachix cache --- flake.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/flake.nix b/flake.nix index f75fe1e..6942dfe 100644 --- a/flake.nix +++ b/flake.nix @@ -45,11 +45,15 @@ "https://cache.cything.io/central" "https://niri.cachix.org" "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://cything.cachix.org" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" ]; builders-use-substitutes = true; }; From bbcc1433dedd20b729be32f145ebdefb4f92dae0 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 04:25:30 -0500 Subject: [PATCH 133/410] nix fmt --- .github/workflows/build-machines-and-homes.yml | 15 --------------- .github/workflows/build-packages.yml | 7 ------- home/niri/default.nix | 9 ++++++++- overlay/kernel.nix | 6 ++++-- 4 files changed, 12 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6ae6746..f5de126 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ jobs: - titan os: - ubuntu-latest - runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -28,28 +27,23 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -67,9 +61,7 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - build-homes: strategy: matrix: @@ -79,7 +71,6 @@ jobs: os: - ubuntu-latest # - macos-latest - runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -94,28 +85,23 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -133,5 +119,4 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index a177078..4408d30 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,7 +6,6 @@ on: description: "package to build" required: false type: string - jobs: build-packages: strategy: @@ -19,32 +18,27 @@ jobs: - ubuntu-latest - macos-latest - ubuntu-24.04-arm - runs-on: ${{ matrix.os }} continue-on-error: true steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -62,5 +56,4 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L ${{ matrix.package }} diff --git a/home/niri/default.nix b/home/niri/default.nix index 40c53d6..af7b3ba 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -32,7 +32,14 @@ in ]; } { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } - { command = [ "wl-paste" "--watch" "cliphist" "store"]; } + { + command = [ + "wl-paste" + "--watch" + "cliphist" + "store" + ]; + } ]; hotkey-overlay.skip-at-startup = true; diff --git a/overlay/kernel.nix b/overlay/kernel.nix index e845a1e..be2404e 100644 --- a/overlay/kernel.nix +++ b/overlay/kernel.nix @@ -1,6 +1,8 @@ -final: prev: let +final: prev: +let inherit (prev) lib; -in { +in +{ linuxKernels.kernels.linux_zen = prev.linuxKernels.kernels.linux_zen.override (old: { extraStructuredConfig = with lib.kernel; { CONFIG_SCHED_MUQSS = yes; From 6a2269f5917b86b8e34f8491710715696559aee1 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 12:07:49 -0500 Subject: [PATCH 134/410] add irssi --- home/irssi.nix | 18 ++++++++++++++++++ home/yt/ytnix.nix | 1 + 2 files changed, 19 insertions(+) create mode 100644 home/irssi.nix diff --git a/home/irssi.nix b/home/irssi.nix new file mode 100644 index 0000000..65da469 --- /dev/null +++ b/home/irssi.nix @@ -0,0 +1,18 @@ +{...}: { + programs.irssi = { + enable = true; + networks.liberachat = { + nick = "cy7"; + server = { + address = "irc.libera.chat"; + port = 6697; + autoConnect = true; + }; + channels = { + nixos.autoJoin = true; + linux.autoJoin = true; + rust.autoJoin = true; + }; + }; + }; +} diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 2fa8d16..33a4aed 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -7,6 +7,7 @@ ./common.nix ../foot.nix ../niri + ../irssi.nix ]; home = { username = "yt"; From aca309a9c04984ee4f60be40477026d2043875fd Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 12:23:16 -0500 Subject: [PATCH 135/410] ghostty: init --- flake.lock | 140 ++++++++++++++++++++++++++++++++++++++++-- flake.nix | 2 + home/foot.nix | 32 ++++------ home/ghostty.nix | 18 ++++++ home/niri/default.nix | 3 +- home/yt/ytnix.nix | 1 + 6 files changed, 169 insertions(+), 27 deletions(-) create mode 100644 home/ghostty.nix diff --git a/flake.lock b/flake.lock index 8cd1162..9950639 100644 --- a/flake.lock +++ b/flake.lock @@ -74,6 +74,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -151,6 +167,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -165,6 +199,27 @@ "type": "github" } }, + "ghostty": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-unstable": "nixpkgs-unstable", + "zig": "zig" + }, + "locked": { + "lastModified": 1737430029, + "narHash": "sha256-z55IQogW9z4HhVeT55LlCUFKbYD5O5aLMnU5cX1WTto=", + "owner": "ghostty-org", + "repo": "ghostty", + "rev": "5cb2fa6f7594202b12a2603bf32094aa75b1bf0e", + "type": "github" + }, + "original": { + "owner": "ghostty-org", + "repo": "ghostty", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -307,7 +362,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" @@ -337,7 +392,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs-stable": "nixpkgs-stable_3", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, @@ -454,6 +509,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1733423277, + "narHash": "sha256-TxabjxEgkNbCGFRHgM/b9yZWlBj60gUOUnRT/wbVQR8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e36963a147267afc055f7cf65225958633e536bf", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -469,7 +540,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1737299813, "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", @@ -485,10 +556,26 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1733229606, + "narHash": "sha256-FLYY5M0rpa5C2QAE3CKLYAM6TwbKicdRK6qNrSHlNrE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "566e53c2ad750c84f6d31f9ccb9d00f823165550", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "home-manager": "home-manager_2", @@ -515,7 +602,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -547,7 +634,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1731363552, @@ -567,6 +654,7 @@ "inputs": { "disko": "disko", "flake-parts": "flake-parts", + "ghostty": "ghostty", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "niri": "niri", @@ -654,6 +742,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -727,6 +830,31 @@ "repo": "xwayland-satellite", "type": "github" } + }, + "zig": { + "inputs": { + "flake-compat": [ + "ghostty" + ], + "flake-utils": "flake-utils", + "nixpkgs": [ + "ghostty", + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1717848532, + "narHash": "sha256-d+xIUvSTreHl8pAmU1fnmkfDTGQYCn2Rb/zOwByxS2M=", + "owner": "mitchellh", + "repo": "zig-overlay", + "rev": "02fc5cc555fc14fda40c42d7c3250efa43812b43", + "type": "github" + }, + "original": { + "owner": "mitchellh", + "repo": "zig-overlay", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6942dfe..1ff46a7 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,7 @@ url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; + ghostty.url = "github:ghostty-org/ghostty"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; @@ -114,6 +115,7 @@ overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default + inputs.ghostty.overlays.default ] ++ import ./overlay; }; in diff --git a/home/foot.nix b/home/foot.nix index 2df77bc..ce7cb0c 100644 --- a/home/foot.nix +++ b/home/foot.nix @@ -17,40 +17,32 @@ blink = "yes"; blink-rate = 500; beam-thickness = 1.5; + color = "161821 c6c8d1"; }; mouse = { hide-when-typing = "yes"; }; colors = { - background = "161821"; foreground = "c6c8d1"; - - selection-background = "1e2132"; - selection-foreground = "c6c8d1"; - - regular0 = "161821"; - bright0 = "6b7089"; - + background = "161821"; + regular0 = "1e2132"; regular1 = "e27878"; - bright1 = "e98989"; - regular2 = "b4be82"; - bright2 = "c0ca8e"; - regular3 = "e2a478"; - bright3 = "e9b189"; - regular4 = "84a0c6"; - bright4 = "91acd1"; - regular5 = "a093c7"; - bright5 = "ada0d3"; - regular6 = "89b8c2"; - bright6 = "95c4ce"; - regular7 = "c6c8d1"; + bright0 = "6b7089"; + bright1 = "e98989"; + bright2 = "c0ca8e"; + bright3 = "e9b189"; + bright4 = "91acd1"; + bright5 = "ada0d3"; + bright6 = "95c4ce"; bright7 = "d2d4de"; + selection-foreground = "161821"; + selection-background = "c6c8d1"; }; key-bindings = { diff --git a/home/ghostty.nix b/home/ghostty.nix new file mode 100644 index 0000000..cbde83e --- /dev/null +++ b/home/ghostty.nix @@ -0,0 +1,18 @@ +{ ... }: { + programs.ghostty = { + enable = true; + enableZshIntegration = true; + clearDefaultKeybinds = true; + settings = { + theme = "iceberg-dark"; + font-family = "IBM Plex Mono"; + font-size = "12"; + window-decoration = false; + confirm-close-surface = false; + keybind = [ + "ctrl+q=quit" + "ctrl+shift+c=copy_to_clipboard" + ]; + }; + }; +} diff --git a/home/niri/default.nix b/home/niri/default.nix index af7b3ba..fdc7418 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -6,7 +6,7 @@ }: let wallpaper = "${./nixos-c-book.png}"; - terminal = "foot"; + terminal = "ghostty"; menu = [ "fuzzel" "-w" @@ -93,6 +93,7 @@ in app-id = "anki"; title = "^Browse"; } + { app-id = "com.mitchellh.ghostt"; } ]; default-column-width.proportion = .5; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 33a4aed..cb0e66d 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -8,6 +8,7 @@ ../foot.nix ../niri ../irssi.nix + ../ghostty.nix ]; home = { username = "yt"; From 455b197b7f4fe58169fead8efb8439e933d46e90 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 13:35:44 -0500 Subject: [PATCH 136/410] try to fix cursor issue --- home/yt/ytnix.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index cb0e66d..e200eab 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -42,6 +42,13 @@ }; }; + home.pointerCursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern"; + gtk.enable = true; + x11.enable = true; + }; + home.packages = with pkgs; [ firefox ungoogled-chromium @@ -49,7 +56,6 @@ bitwarden-desktop bitwarden-cli fastfetch - discord nwg-look kdePackages.gwenview kdePackages.okular From 03e1a832ffebf2c33d8bc1e9d5a9028590e3dbae Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 15:36:19 -0500 Subject: [PATCH 137/410] some irssi config --- home/ghostty.nix | 1 + home/irssi.nix | 3 +++ home/yt/ytnix.nix | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/home/ghostty.nix b/home/ghostty.nix index cbde83e..9a08a74 100644 --- a/home/ghostty.nix +++ b/home/ghostty.nix @@ -12,6 +12,7 @@ keybind = [ "ctrl+q=quit" "ctrl+shift+c=copy_to_clipboard" + "ctrl+shift+v=paste_from_clipboard" ]; }; }; diff --git a/home/irssi.nix b/home/irssi.nix index 65da469..91ba914 100644 --- a/home/irssi.nix +++ b/home/irssi.nix @@ -14,5 +14,8 @@ rust.autoJoin = true; }; }; + extraConfig = '' + ignores = ( { level = "JOINS PARTS QUITS MODES NICKS"; } ) + ''; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e200eab..33d6965 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -49,6 +49,12 @@ x11.enable = true; }; + dconf.settings = { + "org/gnome/desktop/interface" = { + cursor-theme = "Bibata-Modern"; + }; + }; + home.packages = with pkgs; [ firefox ungoogled-chromium From 0d8ec05ba669f57590aa116f2eb092813bd8d397 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 16:24:33 -0500 Subject: [PATCH 138/410] how about kitty now --- home/kitty.nix | 46 +++++++++++++++++++++++++++++++++++++ home/niri/default.nix | 2 +- home/niri/scripts/remote.sh | 4 ++-- home/yt/ytnix.nix | 1 + 4 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 home/kitty.nix diff --git a/home/kitty.nix b/home/kitty.nix new file mode 100644 index 0000000..fa8a1ba --- /dev/null +++ b/home/kitty.nix @@ -0,0 +1,46 @@ +{pkgs, ...}: { + programs.kitty = { + enable = true; + font = { + name = "IBM Plex Mono"; + package = pkgs.ibm-plex; + size = 12; + }; + themeFile = "GitHub_Dark"; + settings = { + enable_audio_bell = false; + # how many windows should be open before kitty asks + # for confirmation + confirm_os_window_close = 0; + }; + keybindings = { + # kitty_mod is ctrl+shift by default + "kitty_mod+c" = "copy_to_clipboard"; + "kitty_mod+v" = "paste_from_clipboard"; + "ctrl+q" = "quit"; + + # windows + "kitty_mod+h" = "neighboring_window left"; + "kitty_mod+alt+h" = "move_window left"; + "kitty_mod+l" = "neighboring_window right"; + "kitty_mod+alt+l" = "move_window right"; + "kitty_mod+j" = "neighboring_window down"; + "kitty_mod+alt+j" = "move_window down"; + "kitty_mod+k" = "neighboring_window up"; + "kitty_mod+alt+k" = "move_window up"; + "ctrl+f2" = "detach_tab"; + "ctrl+f3" = "detach_window new-tab"; + "ctrl+f4" = "detach_window prev-tab"; + "ctrl+alt+l" = "next_layout"; + "ctrl+alt+t" = "goto_layout tall"; + "ctrl+alt+s" = "goto_layout stack"; + + # tabs + "kitty_mod+n" = "next_tab"; + "kitty_mod+p" = "previous_tab"; + "kitty_mod+alt+n" = "move_tab_forward"; + "kitty_mod+alt+p" = "move_tab_backward"; + "kitty_mod+w" = "close_tab"; + }; + }; +} diff --git a/home/niri/default.nix b/home/niri/default.nix index fdc7418..5661d44 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -6,7 +6,7 @@ }: let wallpaper = "${./nixos-c-book.png}"; - terminal = "ghostty"; + terminal = "kitty"; menu = [ "fuzzel" "-w" diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh index 5065980..0ef7c0d 100755 --- a/home/niri/scripts/remote.sh +++ b/home/niri/scripts/remote.sh @@ -5,7 +5,7 @@ active_window=$(niri msg --json focused-window |jq -r .app_id) if [ "$1" = "btn1" ]; then if [ "$active_window" = "anki" ]; then wtype " " - elif [ "$active_window" = "foot" ]; then + elif [ "$active_window" = "kitty" ]; then wtype -M ctrl -M shift -k c -m ctrl -m shift elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then wtype -M alt -P right -p right -m alt @@ -15,7 +15,7 @@ if [ "$1" = "btn1" ]; then else if [ "$active_window" = "anki" ]; then wtype "1" - elif [ "$active_window" = "foot" ]; then + elif [ "$active_window" = "kitty" ]; then wtype -M ctrl -M shift -k v -m ctrl elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then wtype -M alt -P left -p left -m alt diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 33d6965..b1af7f5 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -9,6 +9,7 @@ ../niri ../irssi.nix ../ghostty.nix + ../kitty.nix ]; home = { username = "yt"; From cfa298fb6360b023d5f5bd3246bff1cc5dea0d76 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 16:47:47 -0500 Subject: [PATCH 139/410] fix kde apps looking weird --- home/niri/default.nix | 2 ++ home/yt/ytnix.nix | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index 5661d44..92f5701 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -94,6 +94,8 @@ in title = "^Browse"; } { app-id = "com.mitchellh.ghostt"; } + { app-id = "org.kde.okular"; } + { app-id = "kitty"; } ]; default-column-width.proportion = .5; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b1af7f5..4dd56cc 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -22,9 +22,9 @@ qt = { enable = true; - platformTheme.name = "gtk"; - style.name = "adwaita-dark"; - style.package = pkgs.adwaita-qt; + platformTheme.name = "kde"; + style.name = "breeze-dark"; + style.package = pkgs.kdePackages.breeze; }; gtk = { From 0f913101a96f9dfdd6dd60e53aaa9ac8609637f5 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 21:56:26 -0500 Subject: [PATCH 140/410] use conduwuit from flake --- flake.lock | 749 ++++++++++++++++++++++++++++++++++++-- flake.nix | 6 + hosts/chunk/conduwuit.nix | 3 +- 3 files changed, 721 insertions(+), 37 deletions(-) diff --git a/flake.lock b/flake.lock index 9950639..4e23eb9 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,169 @@ { "nodes": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1731270564, + "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "47752427561f1c34debb16728a210d378f0ece36", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "main", + "repo": "attic", + "type": "github" + } + }, + "cachix": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1733424942, + "narHash": "sha256-5t7Sl6EkOaoP4FvzLmH7HFDbdl9SizmLh53RjDQCbWQ=", + "owner": "cachix", + "repo": "cachix", + "rev": "8b6b0e4694b9aa78b2ea4c93bff6e1a222dc7e4a", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": [ + "conduwuit", + "cachix", + "devenv" + ], + "flake-compat": [ + "conduwuit", + "cachix", + "devenv" + ], + "git-hooks": [ + "conduwuit", + "cachix", + "devenv" + ], + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1728672398, + "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", + "owner": "cachix", + "repo": "cachix", + "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "complement": { + "flake": false, + "locked": { + "lastModified": 1734303596, + "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=", + "owner": "girlbossceo", + "repo": "complement", + "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "ref": "main", + "repo": "complement", + "type": "github" + } + }, + "conduwuit": { + "inputs": { + "attic": "attic", + "cachix": "cachix", + "complement": "complement", + "crane": "crane_2", + "fenix": "fenix", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils", + "liburing": "liburing", + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs_5", + "rocksdb": "rocksdb" + }, + "locked": { + "lastModified": 1737153653, + "narHash": "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U=", + "owner": "girlbossceo", + "repo": "conduwuit", + "rev": "5b8464252c2c03edf65e43153be026dbb768a12a", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "repo": "conduwuit", + "type": "github" + } + }, "crane": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { + "lastModified": 1736566337, + "narHash": "sha256-SC0eDcZPqISVt6R0UfGPyQLrI0+BppjjtQ3wcSlk0oI=", + "owner": "ipetkov", + "repo": "crane", + "rev": "9172acc1ee6c7e1cbafc3044ff850c568c75a5a3", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "master", + "repo": "crane", + "type": "github" + } + }, + "crane_3": { "locked": { "lastModified": 1731098351, "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", @@ -15,6 +178,40 @@ "type": "github" } }, + "devenv": { + "inputs": { + "cachix": "cachix_2", + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "git-hooks": [ + "conduwuit", + "cachix", + "git-hooks" + ], + "nix": "nix", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733323168, + "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", + "owner": "cachix", + "repo": "devenv", + "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -57,6 +254,29 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1736836313, + "narHash": "sha256-zdZ7/T6yG0/hzoVOiNpDiR/sW3zR6oSMrfIFJK2BrrE=", + "owner": "nix-community", + "repo": "fenix", + "rev": "056c9393c821a4df356df6ce7f14c722dc8717ec", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -74,6 +294,39 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "master", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -89,7 +342,23 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -104,6 +373,52 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "conduwuit", + "cachix", + "devenv", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -121,7 +436,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -142,7 +457,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -167,6 +482,25 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -181,9 +515,9 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -201,8 +535,8 @@ }, "ghostty": { "inputs": { - "flake-compat": "flake-compat", - "nixpkgs-stable": "nixpkgs-stable", + "flake-compat": "flake-compat_4", + "nixpkgs-stable": "nixpkgs-stable_3", "nixpkgs-unstable": "nixpkgs-unstable", "zig": "zig" }, @@ -221,12 +555,41 @@ } }, "git-hooks": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { "inputs": { "flake-compat": [ "nixvim", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore_3", "nixpkgs": [ "nixvim", "nixpkgs" @@ -247,6 +610,29 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -268,7 +654,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "nixvim", @@ -361,9 +747,9 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "crane": "crane_3", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -385,6 +771,39 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, + "liburing": { + "flake": false, + "locked": { + "lastModified": 1736719310, + "narHash": "sha256-Turvx60THwzTiUHb49WV3upUgsPuktr7tVy2Lwu2xJg=", + "owner": "axboe", + "repo": "liburing", + "rev": "3124a4619e4daf26b06d48ccf0186a947070c415", + "type": "github" + }, + "original": { + "owner": "axboe", + "ref": "master", + "repo": "liburing", + "type": "github" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -392,7 +811,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs-stable": "nixpkgs-stable_5", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, @@ -443,6 +862,47 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "devenv" + ], + "flake-parts": "flake-parts_2", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_3", + "nixpkgs-23-11": [ + "conduwuit", + "cachix", + "devenv" + ], + "nixpkgs-regression": [ + "conduwuit", + "cachix", + "devenv" + ], + "pre-commit-hooks": [ + "conduwuit", + "cachix", + "devenv" + ] + }, + "locked": { + "lastModified": 1727438425, + "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", + "owner": "domenkozar", + "repo": "nix", + "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.24", + "repo": "nix", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -464,18 +924,56 @@ "type": "github" } }, - "nixpkgs": { + "nix-filter": { "locked": { - "lastModified": 1737401148, - "narHash": "sha256-8YfoGyE89rWpG6NjCmYrJeV8EPAKvnZf2lN402WbC/A=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7ceed4f800bec4c12c9b21c54bb76cb28a80e259", + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", + "owner": "numtide", + "ref": "main", + "repo": "nix-filter", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -510,16 +1008,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1733423277, - "narHash": "sha256-TxabjxEgkNbCGFRHgM/b9yZWlBj60gUOUnRT/wbVQR8=", - "owner": "nixos", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "e36963a147267afc055f7cf65225958633e536bf", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { - "owner": "nixos", - "ref": "release-24.11", + "owner": "NixOS", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -541,6 +1039,38 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1733423277, + "narHash": "sha256-TxabjxEgkNbCGFRHgM/b9yZWlBj60gUOUnRT/wbVQR8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e36963a147267afc055f7cf65225958633e536bf", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_5": { "locked": { "lastModified": 1737299813, "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", @@ -572,12 +1102,92 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1736817698, + "narHash": "sha256-1m+JP9RUsbeLVv/tF1DX3Ew9Vl/fatXnlh/g5k3jcSk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2b1fca3296ddd1602d2c4f104a4050e006f4b0cb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1737401148, + "narHash": "sha256-8YfoGyE89rWpG6NjCmYrJeV8EPAKvnZf2lN402WbC/A=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7ceed4f800bec4c12c9b21c54bb76cb28a80e259", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", + "flake-compat": "flake-compat_6", + "flake-parts": "flake-parts_5", + "git-hooks": "git-hooks_2", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", "nixpkgs": [ @@ -602,7 +1212,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -623,18 +1233,34 @@ "type": "github" } }, + "nvim-github-theme": { + "flake": false, + "locked": { + "lastModified": 1735641120, + "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", + "owner": "projekt0n", + "repo": "github-nvim-theme", + "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", + "type": "github" + }, + "original": { + "owner": "projekt0n", + "repo": "github-nvim-theme", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { "lastModified": 1731363552, @@ -650,22 +1276,58 @@ "type": "github" } }, + "rocksdb": { + "flake": false, + "locked": { + "lastModified": 1734469478, + "narHash": "sha256-IcQ4N8xADYal79K+ONmNq4RLlIwdgUqgrVzgNgiIaG8=", + "owner": "girlbossceo", + "repo": "rocksdb", + "rev": "8b4808e7de2fbb5d119d8d72cdca76d8ab84bc47", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "ref": "v9.9.3", + "repo": "rocksdb", + "type": "github" + } + }, "root": { "inputs": { + "conduwuit": "conduwuit", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_3", "ghostty": "ghostty", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "niri": "niri", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_6", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", + "nvim-github-theme": "nvim-github-theme", "rust-overlay": "rust-overlay_2", "sops-nix": "sops-nix", "treefmt": "treefmt" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1736690231, + "narHash": "sha256-g9gyxX+F6CrkT5gRIMKPnCPom0o9ZDzYnzzeNF86D6Q=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "8364ef299790cb6ec22b9e09e873c97dbe9f2cb5", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -757,6 +1419,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -836,7 +1513,7 @@ "flake-compat": [ "ghostty" ], - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "ghostty", "nixpkgs-stable" diff --git a/flake.nix b/flake.nix index 1ff46a7..fdfbbc2 100644 --- a/flake.nix +++ b/flake.nix @@ -37,8 +37,14 @@ inputs.nixpkgs.follows = "nixpkgs"; }; ghostty.url = "github:ghostty-org/ghostty"; + conduwuit.url = "github:girlbossceo/conduwuit"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR + + nvim-github-theme = { + url = "github:projekt0n/github-nvim-theme"; + flake = false; + }; }; nixConfig = { diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 6bada8e..7fa1852 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -1,7 +1,8 @@ -{ ... }: +{ inputs, ... }: { services.conduwuit = { enable = true; + package = inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; settings.global = { port = [ 8448 ]; server_name = "cything.io"; From 2622119933d9e3b2346feaad5476b25631df9218 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 21:59:59 -0500 Subject: [PATCH 141/410] just making then nicer --- home/kitty.nix | 19 ++++++++++++++++--- home/nixvim/default.nix | 13 ++++++++----- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/home/kitty.nix b/home/kitty.nix index fa8a1ba..4799950 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -12,12 +12,13 @@ # how many windows should be open before kitty asks # for confirmation confirm_os_window_close = 0; + clear_all_shortcuts = true; }; keybindings = { # kitty_mod is ctrl+shift by default "kitty_mod+c" = "copy_to_clipboard"; "kitty_mod+v" = "paste_from_clipboard"; - "ctrl+q" = "quit"; + # "ctrl+q" = "quit"; # windows "kitty_mod+h" = "neighboring_window left"; @@ -28,12 +29,14 @@ "kitty_mod+alt+j" = "move_window down"; "kitty_mod+k" = "neighboring_window up"; "kitty_mod+alt+k" = "move_window up"; - "ctrl+f2" = "detach_tab"; "ctrl+f3" = "detach_window new-tab"; - "ctrl+f4" = "detach_window prev-tab"; + "ctrl+f4" = "detach_window tab-left"; + "ctrl+f5" = "load_config_file"; "ctrl+alt+l" = "next_layout"; "ctrl+alt+t" = "goto_layout tall"; "ctrl+alt+s" = "goto_layout stack"; + "kitty_mod+enter" = "new_window_with_cwd"; + "kitty_mod+r" = "resize_window"; # tabs "kitty_mod+n" = "next_tab"; @@ -41,6 +44,16 @@ "kitty_mod+alt+n" = "move_tab_forward"; "kitty_mod+alt+p" = "move_tab_backward"; "kitty_mod+w" = "close_tab"; + "kitty_mod+t" = "new_tab_with_cwd"; + "ctrl+f2" = "detach_tab"; + + # hints + "kitty_mod+o>o" = "open_url_with_hints"; + "kitty_mod+o>p" = "kitten hints --type path --program -"; + "kitty_mod+o>n" = "kitten hints --type line --program -"; + "kitty_mod+o>w" = "kitten hints --type word --program -"; + "kitty_mod+o>h" = "kitten hints --type hash --program -"; + "kitty_mod+o>l" = "kitten hints --type linenum"; }; }; } diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 98a97ee..8a302b0 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, inputs, ... }: { programs.nixvim = { enable = true; @@ -15,15 +15,18 @@ incsearch = true; smartcase = true; }; - colorscheme = "iceberg"; - clipboard.register = "unnamedplus"; + colorscheme = "github_dark_tritanopia"; + clipboard.register = "unnamed"; globals = { mapleader = ","; }; - extraPlugins = with pkgs.vimPlugins; [ - iceberg-vim + extraPlugins = [ + (pkgs.vimUtils.buildVimPlugin { + name = "gitub-theme"; + src = inputs.nvim-github-theme; + }) ]; keymaps = [ From e9e20c15a6d8d4f4012ea10745e3e2aab9546c36 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 21 Jan 2025 23:25:52 -0500 Subject: [PATCH 142/410] kitty: scrollback pager stuff --- home/kitty.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/home/kitty.nix b/home/kitty.nix index 4799950..fc0b577 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -13,6 +13,12 @@ # for confirmation confirm_os_window_close = 0; clear_all_shortcuts = true; + + # will probably lower this later but the max allowed is actually 4GB + # this is NOT stored in memory and can only be viewed wth scrollback_pager + "scrollback_pager_history_size" = "1024"; + # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 + "scrollback_pager" = "bat --pager='less -FR +G'"; }; keybindings = { # kitty_mod is ctrl+shift by default @@ -20,6 +26,8 @@ "kitty_mod+v" = "paste_from_clipboard"; # "ctrl+q" = "quit"; + "kitty_mod+m" = "show_scrollback"; + # windows "kitty_mod+h" = "neighboring_window left"; "kitty_mod+alt+h" = "move_window left"; From b8dcdac94b6da662a817468167e73f60b8431055 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 00:51:17 -0500 Subject: [PATCH 143/410] remove ghostty input and flake update --- flake.lock | 182 +++++++--------------------------------------- flake.nix | 2 - home/yt/ytnix.nix | 1 - 3 files changed, 27 insertions(+), 158 deletions(-) diff --git a/flake.lock b/flake.lock index 4e23eb9..2e9a7dd 100644 --- a/flake.lock +++ b/flake.lock @@ -343,22 +343,6 @@ } }, "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_6": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -501,24 +485,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -533,27 +499,6 @@ "type": "github" } }, - "ghostty": { - "inputs": { - "flake-compat": "flake-compat_4", - "nixpkgs-stable": "nixpkgs-stable_3", - "nixpkgs-unstable": "nixpkgs-unstable", - "zig": "zig" - }, - "locked": { - "lastModified": 1737430029, - "narHash": "sha256-z55IQogW9z4HhVeT55LlCUFKbYD5O5aLMnU5cX1WTto=", - "owner": "ghostty-org", - "repo": "ghostty", - "rev": "5cb2fa6f7594202b12a2603bf32094aa75b1bf0e", - "type": "github" - }, - "original": { - "owner": "ghostty-org", - "repo": "ghostty", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -683,11 +628,11 @@ ] }, "locked": { - "lastModified": 1737394973, - "narHash": "sha256-EW4oXMfnfA5sNM9Jqm+y98horWVvN66Gu7YIcEpFYZc=", + "lastModified": 1737480538, + "narHash": "sha256-rk/cmrvq3In0TegW9qaAxw+5YpJhRWt2p74/6JStrw0=", "owner": "nix-community", "repo": "home-manager", - "rev": "9786661d57c476021c8a0c3e53bf9fa2b4f3328b", + "rev": "4481a16d1ac5bff4a77c608cefe08c9b9efe840d", "type": "github" }, "original": { @@ -748,7 +693,7 @@ "lanzaboote": { "inputs": { "crane": "crane_3", - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" @@ -811,16 +756,16 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_5", + "nixpkgs-stable": "nixpkgs-stable_4", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737373716, - "narHash": "sha256-GRI9WugYv8QlnhZlINfY8gHIR+xn/AsEXhQP3+FjUh0=", + "lastModified": 1737516423, + "narHash": "sha256-S3vmlekDRKgXsOreMMxLwJgvH313x1zU/wYtC8YThLg=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "5aa5e53601ff1d93ae6b4dc6f833c73fc8de6466", + "rev": "8370d2475f0eac1b5dab31a107ee118d96692e31", "type": "github" }, "original": { @@ -849,11 +794,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737370409, - "narHash": "sha256-khoHHrpP/yArGEm94H/GtZytGzfJECsAEGmB9DLWb7M=", + "lastModified": 1737449786, + "narHash": "sha256-G/AK0T41PpxU9hjkK/tnjODigzKcpRayo1o4pi9glqI=", "owner": "YaLTeR", "repo": "niri", - "rev": "7f025da5b6edb1d77e785ba6a6450ab10788ad8f", + "rev": "b01b8afa8c8f9070300243050d9790e38fd19145", "type": "github" }, "original": { @@ -1039,22 +984,6 @@ } }, "nixpkgs-stable_3": { - "locked": { - "lastModified": 1733423277, - "narHash": "sha256-TxabjxEgkNbCGFRHgM/b9yZWlBj60gUOUnRT/wbVQR8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e36963a147267afc055f7cf65225958633e536bf", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "release-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_4": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -1070,7 +999,7 @@ "type": "github" } }, - "nixpkgs-stable_5": { + "nixpkgs-stable_4": { "locked": { "lastModified": 1737299813, "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", @@ -1086,22 +1015,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1733229606, - "narHash": "sha256-FLYY5M0rpa5C2QAE3CKLYAM6TwbKicdRK6qNrSHlNrE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "566e53c2ad750c84f6d31f9ccb9d00f823165550", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1730531603, @@ -1168,11 +1081,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1737401148, - "narHash": "sha256-8YfoGyE89rWpG6NjCmYrJeV8EPAKvnZf2lN402WbC/A=", + "lastModified": 1737469477, + "narHash": "sha256-GG0myEzULU7uiwoNGnwqiclki+Jg8dPG6nv7yKo7lMc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ceed4f800bec4c12c9b21c54bb76cb28a80e259", + "rev": "2582766522e754520bf3f883f06560f89870a5ba", "type": "github" }, "original": { @@ -1185,7 +1098,7 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_5", "git-hooks": "git-hooks_2", "home-manager": "home-manager_2", @@ -1197,11 +1110,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1737385899, - "narHash": "sha256-/zyvdstDpPhc5lhFMtKgyQdU2oXGXDb0cg4BY91NKvg=", + "lastModified": 1737484173, + "narHash": "sha256-bE9pTDqnSIMAwJeIu0MzA8ZR7LEwRbhnRpnImWIBejc=", "owner": "nix-community", "repo": "nixvim", - "rev": "115994f18e439a1cca9cdaaf15c004870256814d", + "rev": "342161bf525dd64eb53fea295a2180f71ed06de1", "type": "github" }, "original": { @@ -1212,7 +1125,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -1260,7 +1173,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1731363552, @@ -1298,7 +1211,6 @@ "conduwuit": "conduwuit", "disko": "disko", "flake-parts": "flake-parts_3", - "ghostty": "ghostty", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "niri": "niri", @@ -1356,11 +1268,11 @@ ] }, "locked": { - "lastModified": 1737340068, - "narHash": "sha256-5UciRckNV+YOZ6y6ASBIb01cySB12whDxgFUK+EqT8g=", + "lastModified": 1737512878, + "narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "275c824ed9e90e7fd4f96d187bde3670062e721f", + "rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c", "type": "github" }, "original": { @@ -1419,21 +1331,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt": { "inputs": { "nixpkgs": [ @@ -1441,11 +1338,11 @@ ] }, "locked": { - "lastModified": 1737103437, - "narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=", + "lastModified": 1737483750, + "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899", + "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", "type": "github" }, "original": { @@ -1507,31 +1404,6 @@ "repo": "xwayland-satellite", "type": "github" } - }, - "zig": { - "inputs": { - "flake-compat": [ - "ghostty" - ], - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "ghostty", - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1717848532, - "narHash": "sha256-d+xIUvSTreHl8pAmU1fnmkfDTGQYCn2Rb/zOwByxS2M=", - "owner": "mitchellh", - "repo": "zig-overlay", - "rev": "02fc5cc555fc14fda40c42d7c3250efa43812b43", - "type": "github" - }, - "original": { - "owner": "mitchellh", - "repo": "zig-overlay", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fdfbbc2..f683266 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,6 @@ url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; - ghostty.url = "github:ghostty-org/ghostty"; conduwuit.url = "github:girlbossceo/conduwuit"; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -121,7 +120,6 @@ overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default - inputs.ghostty.overlays.default ] ++ import ./overlay; }; in diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 4dd56cc..b150993 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -8,7 +8,6 @@ ../foot.nix ../niri ../irssi.nix - ../ghostty.nix ../kitty.nix ]; home = { From f9806ac6368758838082f0e973fbaf8f67547530 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 02:07:37 -0500 Subject: [PATCH 144/410] try lix --- flake.lock | 110 ++++++++++++++++++++++++++++++++++++++++++++--------- flake.nix | 19 +++++---- 2 files changed, 102 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 2e9a7dd..497bb67 100644 --- a/flake.lock +++ b/flake.lock @@ -108,7 +108,9 @@ "flake-utils": "flake-utils", "liburing": "liburing", "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_5", + "nixpkgs": [ + "nixpkgs" + ], "rocksdb": "rocksdb" }, "locked": { @@ -499,6 +501,39 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -749,6 +784,43 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737241037, + "narHash": "sha256-6LIpS3rK1Ch6OXis4tvBTgGBTRb+NptDAfhPNzmgZSE=", + "ref": "refs/heads/main", + "rev": "690f7c0fa2935bf591cccf4d7312b3e0f470298b", + "revCount": 129, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -1064,22 +1136,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1736817698, - "narHash": "sha256-1m+JP9RUsbeLVv/tF1DX3Ew9Vl/fatXnlh/g5k3jcSk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2b1fca3296ddd1602d2c4f104a4050e006f4b0cb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1737469477, "narHash": "sha256-GG0myEzULU7uiwoNGnwqiclki+Jg8dPG6nv7yKo7lMc=", @@ -1125,7 +1181,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -1213,8 +1269,9 @@ "flake-parts": "flake-parts_3", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "lix-module": "lix-module", "niri": "niri", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", @@ -1331,6 +1388,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index f683266..f7a4272 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,14 @@ url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; - conduwuit.url = "github:girlbossceo/conduwuit"; + conduwuit = { + url = "github:girlbossceo/conduwuit"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -85,17 +92,12 @@ ]; perSystem = { - system, + inputs', ... }: { # make pkgs available to `perSystem` - _module.args.pkgs = import inputs.nixpkgs { - inherit system; - config = { - allowUnfree = true; - }; - }; + _module.args.pkgs = inputs'.nixpkgs.legacyPackages; treefmt = { projectRootFile = "flake.nix"; @@ -140,6 +142,7 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri + inputs.lix-module.nixosModules.default ]; }; chunk = lib.nixosSystem { From 7bd2af2396728b042c9b9697c026aea27d0f833f Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 02:45:29 -0500 Subject: [PATCH 145/410] use cachix action to install latest nix --- .github/workflows/build-machines-and-homes.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index f5de126..aa15d09 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -27,7 +27,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master + - name: Install Nix + uses: cachix/install-nix-action@v30 + with: + install_url: https://releases.nixos.org/nix/nix-2.25.4/install - name: Sync repository uses: actions/checkout@v4 with: From 67fd47275d6ec6846b2b5e9be39670fbebae184b Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 03:06:58 -0500 Subject: [PATCH 146/410] cachix donesnt accept-flake-config by default --- .github/workflows/build-machines-and-homes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index aa15d09..e276cbf 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -31,6 +31,7 @@ jobs: uses: cachix/install-nix-action@v30 with: install_url: https://releases.nixos.org/nix/nix-2.25.4/install + extra_nix_config: 'accept-flake-config = true' - name: Sync repository uses: actions/checkout@v4 with: From 7cf2d318c60629076477354312d7aa02db38e9d6 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 03:08:18 -0500 Subject: [PATCH 147/410] nix fmt --- home/ghostty.nix | 3 ++- home/irssi.nix | 3 ++- home/kitty.nix | 5 +++-- hosts/chunk/conduwuit.nix | 3 ++- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/home/ghostty.nix b/home/ghostty.nix index 9a08a74..1c592f5 100644 --- a/home/ghostty.nix +++ b/home/ghostty.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ programs.ghostty = { enable = true; enableZshIntegration = true; diff --git a/home/irssi.nix b/home/irssi.nix index 91ba914..e8133c1 100644 --- a/home/irssi.nix +++ b/home/irssi.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ programs.irssi = { enable = true; networks.liberachat = { diff --git a/home/kitty.nix b/home/kitty.nix index fc0b577..0586556 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.kitty = { enable = true; font = { @@ -15,7 +16,7 @@ clear_all_shortcuts = true; # will probably lower this later but the max allowed is actually 4GB - # this is NOT stored in memory and can only be viewed wth scrollback_pager + # this is NOT stored in memory and can only be viewed with scrollback_pager "scrollback_pager_history_size" = "1024"; # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 7fa1852..25c85ab 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -2,7 +2,8 @@ { services.conduwuit = { enable = true; - package = inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; + package = + inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; settings.global = { port = [ 8448 ]; server_name = "cything.io"; From f9cc197be21a2ea598bb58a041300347155bcb34 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 04:24:43 -0500 Subject: [PATCH 148/410] deduplicate flake inputs --- flake.lock | 278 +++++++++-------------------------------------------- flake.nix | 27 +++++- 2 files changed, 72 insertions(+), 233 deletions(-) diff --git a/flake.lock b/flake.lock index 497bb67..c1cf6ee 100644 --- a/flake.lock +++ b/flake.lock @@ -102,10 +102,16 @@ "attic": "attic", "cachix": "cachix", "complement": "complement", - "crane": "crane_2", + "crane": [ + "crane" + ], "fenix": "fenix", - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils", + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], "liburing": "liburing", "nix-filter": "nix-filter", "nixpkgs": [ @@ -151,27 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1736566337, - "narHash": "sha256-SC0eDcZPqISVt6R0UfGPyQLrI0+BppjjtQ3wcSlk0oI=", + "lastModified": 1737250794, + "narHash": "sha256-bdIPhvsAKyYQzqAIeay4kOxTHGwLGkhM+IlBIsmMYFI=", "owner": "ipetkov", "repo": "crane", - "rev": "9172acc1ee6c7e1cbafc3044ff850c568c75a5a3", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "ref": "master", - "repo": "crane", - "type": "github" - } - }, - "crane_3": { - "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", - "owner": "ipetkov", - "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "c5b7075f4a6d523fe8204618aa9754e56478c0e0", "type": "github" }, "original": { @@ -312,7 +302,6 @@ } }, "flake-compat_3": { - "flake": false, "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -323,41 +312,10 @@ }, "original": { "owner": "edolstra", - "ref": "master", "repo": "flake-compat", "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_5": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -405,48 +363,8 @@ } }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_5": { - "inputs": { - "nixpkgs-lib": [ - "nixvim", "nixpkgs" ] }, @@ -478,7 +396,6 @@ }, "original": { "owner": "numtide", - "ref": "main", "repo": "flake-utils", "type": "github" } @@ -501,24 +418,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -676,27 +575,6 @@ "type": "github" } }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737075266, - "narHash": "sha256-u1gk5I1an975FOAMMdS6oBKnSIsZza5ZKhaeBZAskVo=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "12851ae7467bad8ef422b20806ab4d6d81e12d29", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "ixx": { "inputs": { "flake-utils": [ @@ -727,14 +605,22 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_3", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_4", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { "lastModified": 1737299073, @@ -800,7 +686,9 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": [ + "flake-utils" + ], "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -828,7 +716,9 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4", + "nixpkgs-stable": [ + "nixpkgs" + ], "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, @@ -1011,18 +901,6 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1724316499, @@ -1071,22 +949,6 @@ "type": "github" } }, - "nixpkgs-stable_4": { - "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1730531603, @@ -1154,16 +1016,24 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_5", + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "git-hooks": "git-hooks_2", - "home-manager": "home-manager_2", + "home-manager": [ + "home-manager" + ], "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": [ + "treefmt" + ] }, "locked": { "lastModified": 1737484173, @@ -1181,7 +1051,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -1265,8 +1135,11 @@ "root": { "inputs": { "conduwuit": "conduwuit", + "crane": "crane_2", "disko": "disko", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", + "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix-module": "lix-module", @@ -1275,7 +1148,7 @@ "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", - "rust-overlay": "rust-overlay_2", + "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt" } @@ -1298,27 +1171,6 @@ } }, "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -1388,21 +1240,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt": { "inputs": { "nixpkgs": [ @@ -1423,27 +1260,6 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737054102, - "narHash": "sha256-saLiCRQ5RtdTnznT/fja7GxcYRAzeY3k8S+IF/2s/2A=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "97871d416166803134ba64597a1006f3f670fbde", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "xwayland-satellite-stable": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index f7a4272..da5ee50 100644 --- a/flake.nix +++ b/flake.nix @@ -22,15 +22,27 @@ lanzaboote = { url = "github:nix-community/lanzaboote/master"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.crane.follows = "crane"; + inputs.flake-compat.follows = "flake-compat"; + inputs.flake-parts.follows = "flake-parts"; + inputs.rust-overlay.follows = "rust-overlay"; }; nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + inputs.flake-compat.follows = "flake-compat"; + inputs.home-manager.follows = "home-manager"; + inputs.treefmt-nix.follows = "treefmt"; + }; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; }; - flake-parts.url = "github:hercules-ci/flake-parts"; niri = { url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; }; rust-overlay = { url = "github:oxalica/rust-overlay"; @@ -38,11 +50,17 @@ }; conduwuit = { url = "github:girlbossceo/conduwuit"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs = { + nixpkgs.follows = "nixpkgs"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; }; lix-module = { url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -51,6 +69,11 @@ url = "github:projekt0n/github-nvim-theme"; flake = false; }; + + # deduplication + flake-utils.url = "github:numtide/flake-utils"; + crane.url = "github:ipetkov/crane"; + flake-compat.url = "github:edolstra/flake-compat"; }; nixConfig = { From df3469c7080615cf88513e389ff6f66d09179649 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 13:37:38 -0500 Subject: [PATCH 149/410] apparently that option doesn't exist anymore --- overlay/default.nix | 1 - overlay/kernel.nix | 11 ----------- 2 files changed, 12 deletions(-) delete mode 100644 overlay/kernel.nix diff --git a/overlay/default.nix b/overlay/default.nix index 123e1f2..99fc17b 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,7 +2,6 @@ let overlays = [ ./conduwuit ./attic - ./kernel.nix ]; importedOverlays = map (m: import m) overlays; in diff --git a/overlay/kernel.nix b/overlay/kernel.nix deleted file mode 100644 index be2404e..0000000 --- a/overlay/kernel.nix +++ /dev/null @@ -1,11 +0,0 @@ -final: prev: -let - inherit (prev) lib; -in -{ - linuxKernels.kernels.linux_zen = prev.linuxKernels.kernels.linux_zen.override (old: { - extraStructuredConfig = with lib.kernel; { - CONFIG_SCHED_MUQSS = yes; - }; - }); -} From 62e29061dbb3e22e7d4d9cbe5eeb0bcca4a7747d Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 14:51:00 -0500 Subject: [PATCH 150/410] add lix input --- flake.lock | 81 ++++++++++++++++++++++++++++++++++++++++++++++++------ flake.nix | 6 ++++ 2 files changed, 78 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c1cf6ee..c1dfbce 100644 --- a/flake.lock +++ b/flake.lock @@ -671,17 +671,29 @@ } }, "lix": { - "flake": false, + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "nix2container": "nix2container", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression", + "pre-commit-hooks": "pre-commit-hooks" + }, "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + "lastModified": 1737468268, + "narHash": "sha256-RVR/Wh+iTTmw3IYe9b52Gho3If9iGc6Xxpw+gmJZ50s=", + "ref": "refs/heads/main", + "rev": "9b290081147fb2abf79d2d1e0afd72d1490145f2", + "revCount": 16659, + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" }, "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" } }, "lix-module": { @@ -690,7 +702,9 @@ "flake-utils" ], "flakey-profile": "flakey-profile", - "lix": "lix", + "lix": [ + "lix" + ], "nixpkgs": [ "nixpkgs" ] @@ -869,6 +883,22 @@ "type": "github" } }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1724996935, + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1726042813, @@ -901,6 +931,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1724316499, @@ -1088,6 +1134,22 @@ "type": "github" } }, + "pre-commit-hooks": { + "flake": false, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1142,6 +1204,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "lix": "lix", "lix-module": "lix-module", "niri": "niri", "nixpkgs": "nixpkgs_5", diff --git a/flake.nix b/flake.nix index da5ee50..87eae13 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,12 @@ url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; + inputs.lix.follows = "lix"; + }; + lix = { + url = "git+https://git.lix.systems/lix-project/lix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-compat.follows = "flake-compat"; }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR From 0ca62b620a339bd07eaa9c5e9b4d4370ade68193 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 15:46:01 -0500 Subject: [PATCH 151/410] flake update --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index c1dfbce..88dab9b 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1737250794, - "narHash": "sha256-bdIPhvsAKyYQzqAIeay4kOxTHGwLGkhM+IlBIsmMYFI=", + "lastModified": 1737563566, + "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=", "owner": "ipetkov", "repo": "crane", - "rev": "c5b7075f4a6d523fe8204618aa9754e56478c0e0", + "rev": "849376434956794ebc7a6b487d31aace395392ba", "type": "github" }, "original": { @@ -475,11 +475,11 @@ ] }, "locked": { - "lastModified": 1737043064, - "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737480538, - "narHash": "sha256-rk/cmrvq3In0TegW9qaAxw+5YpJhRWt2p74/6JStrw0=", + "lastModified": 1737575492, + "narHash": "sha256-qa/D3NC1JoApnUuLrq1gseBmIxeg6icm/ojPgggMDVQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "4481a16d1ac5bff4a77c608cefe08c9b9efe840d", + "rev": "cefb1889b96ddd1dac3dd4734e894f4cadab7802", "type": "github" }, "original": { @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737516423, - "narHash": "sha256-S3vmlekDRKgXsOreMMxLwJgvH313x1zU/wYtC8YThLg=", + "lastModified": 1737545000, + "narHash": "sha256-Drl0xZR/N2w3dQtZ3hpx4LA3M34Lev7OKv9qrglncfY=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "8370d2475f0eac1b5dab31a107ee118d96692e31", + "rev": "04e476cb17be7c29c18a6dbcf451321f7c9b1d98", "type": "github" }, "original": { @@ -832,11 +832,11 @@ ] }, "locked": { - "lastModified": 1736819234, - "narHash": "sha256-deQVtIH4UJueELJqluAICUtX7OosD9paTP+5FgbiSwI=", + "lastModified": 1737504076, + "narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bd921223ba7cdac346477d7ea5204d6f4736fcc6", + "rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737469477, - "narHash": "sha256-GG0myEzULU7uiwoNGnwqiclki+Jg8dPG6nv7yKo7lMc=", + "lastModified": 1737556089, + "narHash": "sha256-hToO01UT2ENoQKWVopBuGV78ZprcxjqsPVFdddcynj4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2582766522e754520bf3f883f06560f89870a5ba", + "rev": "2fc5aeb049f44ed4f9e877cda8a1c334612e1d7a", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737484173, - "narHash": "sha256-bE9pTDqnSIMAwJeIu0MzA8ZR7LEwRbhnRpnImWIBejc=", + "lastModified": 1737566024, + "narHash": "sha256-Wm8Dn65ou0h8PiMjtYy2Z7FPewbtdbOL/C6vW4KzE48=", "owner": "nix-community", "repo": "nixvim", - "rev": "342161bf525dd64eb53fea295a2180f71ed06de1", + "rev": "5bd71b247437156df7e644d2f959bdf83fa1dceb", "type": "github" }, "original": { @@ -1105,11 +1105,11 @@ ] }, "locked": { - "lastModified": 1735854821, - "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=", + "lastModified": 1737372689, + "narHash": "sha256-nH3zK2ki0fd5o5qvbGHxukE4qnOLJa1uCzoDObG5vrE=", "owner": "NuschtOS", "repo": "search", - "rev": "836908e3bddd837ae0f13e215dd48767aee355f0", + "rev": "570cc17bbc25650eb7d69e4fcda8cfd2f1656922", "type": "github" }, "original": { From 9b0c02deb9f4fa8b21e5812bbc51ebb2cf923ef5 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 16:28:33 -0500 Subject: [PATCH 152/410] ugprade lix to patch cache 404 bug --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 88dab9b..8f55b02 100644 --- a/flake.lock +++ b/flake.lock @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737468268, - "narHash": "sha256-RVR/Wh+iTTmw3IYe9b52Gho3If9iGc6Xxpw+gmJZ50s=", + "lastModified": 1737579991, + "narHash": "sha256-5IKNJQP+3XWLd/s7SXGvL6ZzFwk8wDDm0QGBTQ6fw9M=", "ref": "refs/heads/main", - "rev": "9b290081147fb2abf79d2d1e0afd72d1490145f2", - "revCount": 16659, + "rev": "1fe6064ceded2a9a81ab1725d545a670d14add28", + "revCount": 16661, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737566024, - "narHash": "sha256-Wm8Dn65ou0h8PiMjtYy2Z7FPewbtdbOL/C6vW4KzE48=", + "lastModified": 1737578990, + "narHash": "sha256-49M9B1nni54cuOH6qPM90U106VSWhAVqpy6f3sz0q4Q=", "owner": "nix-community", "repo": "nixvim", - "rev": "5bd71b247437156df7e644d2f959bdf83fa1dceb", + "rev": "a2a4befdaf825d36a50e2fda4a004682ea6b1a22", "type": "github" }, "original": { From e51f88362645c59c03ed7c926753f518f487803c Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 18:52:34 -0500 Subject: [PATCH 153/410] niri stuff; remove hosts module --- home/niri/default.nix | 5 ++++- hosts/ytnix/default.nix | 7 +++---- modules/default.nix | 1 - modules/niri.nix | 21 --------------------- 4 files changed, 7 insertions(+), 27 deletions(-) delete mode 100644 modules/niri.nix diff --git a/home/niri/default.nix b/home/niri/default.nix index 92f5701..0c72563 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -135,13 +135,16 @@ in "Mod+Shift+U".action = move-window-to-workspace-up; "Mod+Shift+I".action = move-window-to-workspace-down; "Mod+W".action = maximize-column; + "Mod+E".action = set-column-width "50%"; + "Mod+R".action = set-column-width "75%"; + "Mod+Q".action = set-column-width "25%"; "Mod+C".action = center-column; "Mod+Shift+Space".action = toggle-window-floating; "Mod+Space".action = switch-focus-between-floating-and-tiling; "Print".action = screenshot; "Alt+Print".action = screenshot-window; "Ctrl+Print".action = screenshot-screen; - "Mod+R".action = switch-preset-column-width; + # "Mod+R".action = switch-preset-column-width; "Mod+Shift+R".action = switch-preset-window-height; "Mod+Ctrl+R".action = reset-window-height; "Mod+F".action = fullscreen-window; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 0024c40..c2a670a 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -311,8 +311,7 @@ services.trezord.enable = true; - my.niri = { - enable = true; - package = pkgs.niri-unstable; - }; + programs.niri.enable = true; + programs.niri.package = pkgs.niri-unstable; + programs.xwayland.enable = true; } diff --git a/modules/default.nix b/modules/default.nix index bde6e96..2155137 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,6 +2,5 @@ { imports = [ ./backup.nix - ./niri.nix ]; } diff --git a/modules/niri.nix b/modules/niri.nix deleted file mode 100644 index b5a6ef4..0000000 --- a/modules/niri.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - cfg = config.my.niri; -in -{ - options.my.niri = { - enable = lib.mkEnableOption "niri"; - package = lib.mkPackageOption pkgs "niri" { }; - }; - - config = lib.mkIf cfg.enable { - programs.niri.package = cfg.package; - programs.niri.enable = true; - programs.xwayland.enable = true; - }; -} From a29326adf1b4ab7f6f2ba36b454b7920321c19ac Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 18:52:53 -0500 Subject: [PATCH 154/410] nvim: fix fzf --- home/nixvim/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 8a302b0..77586b6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -115,7 +115,8 @@ end end) ''; - "" = '' + # plain tab conflicts with i try to indent + "" = '' cmp.mapping(function(fallback) if require("luasnip").jumpable(1) then require("luasnip").jump(1) @@ -174,6 +175,7 @@ }; plugins.fzf-lua = { enable = true; + profile = "fzf-native"; keymaps = { "ff" = "files"; "fg" = "live_grep"; From 6da74e745eaa32fe3dca816d9f9aa9742943fdbc Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 22 Jan 2025 18:53:05 -0500 Subject: [PATCH 155/410] define flake registry --- hosts/common.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/common.nix b/hosts/common.nix index b334b5f..2e8b31a 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { nix = { settings = { @@ -26,6 +26,7 @@ extraOptions = '' builders-use-substitutes = true ''; + registry.nixpkgs.flake = inputs.nixpkgs; }; time.timeZone = "America/Toronto"; networking.firewall.logRefusedConnections = false; From 9de0b072cd075042dbe8d6a80e8c49b7acc24b58 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 01:32:22 -0500 Subject: [PATCH 156/410] make kitty TERM work on other computers --- home/kitty.nix | 3 ++- home/yt/chunk.nix | 1 - home/yt/ytnix.nix | 6 ------ hosts/chunk/default.nix | 1 + 4 files changed, 3 insertions(+), 8 deletions(-) diff --git a/home/kitty.nix b/home/kitty.nix index 0586556..f47567c 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -9,7 +9,7 @@ }; themeFile = "GitHub_Dark"; settings = { - enable_audio_bell = false; + enable_audio_bell = true; # how many windows should be open before kitty asks # for confirmation confirm_os_window_close = 0; @@ -20,6 +20,7 @@ "scrollback_pager_history_size" = "1024"; # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; + "scrollback_lines" = 20000; }; keybindings = { # kitty_mod is ctrl+shift by default diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index 3285421..ad024cd 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -16,7 +16,6 @@ systemd.user.startServices = "sd-switch"; home.packages = with pkgs; [ - foot.terminfo attic-server ]; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b150993..e542d2b 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -49,12 +49,6 @@ x11.enable = true; }; - dconf.settings = { - "org/gnome/desktop/interface" = { - cursor-theme = "Bibata-Modern"; - }; - }; - home.packages = with pkgs; [ firefox ungoogled-chromium diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index edb153b..7c2b8c6 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -197,4 +197,5 @@ }; }; virtualisation.oci-containers.backend = "podman"; + environment.enableAllTerminfo = true; } From dd15bcb9abc231cc43cccda3bdf0342dec497d17 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 20:24:26 -0500 Subject: [PATCH 157/410] flake update --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 8f55b02..0c81455 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737575492, - "narHash": "sha256-qa/D3NC1JoApnUuLrq1gseBmIxeg6icm/ojPgggMDVQ=", + "lastModified": 1737669579, + "narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=", "owner": "nix-community", "repo": "home-manager", - "rev": "cefb1889b96ddd1dac3dd4734e894f4cadab7802", + "rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9", "type": "github" }, "original": { @@ -623,11 +623,11 @@ ] }, "locked": { - "lastModified": 1737299073, - "narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=", + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737579991, - "narHash": "sha256-5IKNJQP+3XWLd/s7SXGvL6ZzFwk8wDDm0QGBTQ6fw9M=", + "lastModified": 1737655283, + "narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=", "ref": "refs/heads/main", - "rev": "1fe6064ceded2a9a81ab1725d545a670d14add28", - "revCount": 16661, + "rev": "963b687443b44df6c5cbdf3426454d92830d9100", + "revCount": 16671, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -710,11 +710,11 @@ ] }, "locked": { - "lastModified": 1737241037, - "narHash": "sha256-6LIpS3rK1Ch6OXis4tvBTgGBTRb+NptDAfhPNzmgZSE=", + "lastModified": 1737675503, + "narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=", "ref": "refs/heads/main", - "rev": "690f7c0fa2935bf591cccf4d7312b3e0f470298b", - "revCount": 129, + "rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09", + "revCount": 131, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737545000, - "narHash": "sha256-Drl0xZR/N2w3dQtZ3hpx4LA3M34Lev7OKv9qrglncfY=", + "lastModified": 1737627930, + "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "04e476cb17be7c29c18a6dbcf451321f7c9b1d98", + "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737449786, - "narHash": "sha256-G/AK0T41PpxU9hjkK/tnjODigzKcpRayo1o4pi9glqI=", + "lastModified": 1737623252, + "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=", "owner": "YaLTeR", "repo": "niri", - "rev": "b01b8afa8c8f9070300243050d9790e38fd19145", + "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737556089, - "narHash": "sha256-hToO01UT2ENoQKWVopBuGV78ZprcxjqsPVFdddcynj4=", + "lastModified": 1737642748, + "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fc5aeb049f44ed4f9e877cda8a1c334612e1d7a", + "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737578990, - "narHash": "sha256-49M9B1nni54cuOH6qPM90U106VSWhAVqpy6f3sz0q4Q=", + "lastModified": 1737667561, + "narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=", "owner": "nix-community", "repo": "nixvim", - "rev": "a2a4befdaf825d36a50e2fda4a004682ea6b1a22", + "rev": "aab2b81792567237c104b90c3936e073d28a9ac6", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737512878, - "narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=", + "lastModified": 1737599167, + "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c", + "rev": "38374302ae9edf819eac666d1f276d62c712dd06", "type": "github" }, "original": { From caa3b8d0816c00c78cc7d5d4cc1b0172182451a3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 21:18:36 -0500 Subject: [PATCH 158/410] lix broke --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 87eae13..77099f8 100644 --- a/flake.nix +++ b/flake.nix @@ -171,7 +171,7 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri - inputs.lix-module.nixosModules.default + # inputs.lix-module.nixosModules.default # broken ]; }; chunk = lib.nixosSystem { From 76b0dd1a4e6b853cbec84e6bf9c1e95fc7e5e95f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 23 Jan 2025 22:16:34 -0500 Subject: [PATCH 159/410] init none-ls and justfile --- home/nixvim/default.nix | 23 +++++++++++++++++++++++ justfile | 14 ++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 justfile diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 77586b6..21cd5a6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -192,6 +192,28 @@ enable = true; settings.current_line_blame = true; }; + + plugins.none-ls = { + enable = true; + enableLspFormat = true; + sources = { + code_actions.gitsigns.enable = true; + completion = { + luasnip.enable = true; + spell.enable = true; + }; + diagnostics = { + codespell.enable = true; + commitlint.enable = true; + deadnix.enable = true; + markdownlint.enable = true; + pylint.enable = true; + }; + formatting = { + just.enable = true; + }; + }; + }; plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; @@ -205,5 +227,6 @@ plugins.auto-save.enable = true; plugins.indent-blankline.enable = true; plugins.undotree.enable = true; + plugins.lsp-format.enable = true; }; } diff --git a/justfile b/justfile new file mode 100644 index 0000000..e15ec8b --- /dev/null +++ b/justfile @@ -0,0 +1,14 @@ +update: + git switch -c update + git push + git switch main + +upgrade: + git switch update + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes + home-manager -L switch --flake . + git switch main + git merge update + git branch -d update From 947249cc7913929fff772b53f206bfe29fb8c3bc Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 24 Jan 2025 01:10:53 -0500 Subject: [PATCH 160/410] configure tailscale and stuff --- .sops.yaml | 5 +++++ home/nixvim/default.nix | 23 ----------------------- hosts/chunk/default.nix | 5 ++++- hosts/chunk/tailscale.nix | 9 +++++++++ hosts/ytnix/default.nix | 10 ++++++++++ hosts/ytnix/tailscale.nix | 11 +++++++++++ secrets/services/tailscale.yaml | 31 +++++++++++++++++++++++++++++++ 7 files changed, 70 insertions(+), 24 deletions(-) create mode 100644 hosts/chunk/tailscale.nix create mode 100644 hosts/ytnix/tailscale.nix create mode 100644 secrets/services/tailscale.yaml diff --git a/.sops.yaml b/.sops.yaml index 3cfb014..810c6cb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -103,3 +103,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/tailscale.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 21cd5a6..77586b6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -192,28 +192,6 @@ enable = true; settings.current_line_blame = true; }; - - plugins.none-ls = { - enable = true; - enableLspFormat = true; - sources = { - code_actions.gitsigns.enable = true; - completion = { - luasnip.enable = true; - spell.enable = true; - }; - diagnostics = { - codespell.enable = true; - commitlint.enable = true; - deadnix.enable = true; - markdownlint.enable = true; - pylint.enable = true; - }; - formatting = { - just.enable = true; - }; - }; - }; plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; @@ -227,6 +205,5 @@ plugins.auto-save.enable = true; plugins.indent-blankline.enable = true; plugins.undotree.enable = true; - plugins.lsp-format.enable = true; }; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 7c2b8c6..0343084 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -26,6 +26,7 @@ ./attic.nix ./forgejo.nix ./garage.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -66,10 +67,12 @@ "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; - "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; boot.loader.grub.enable = true; diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix new file mode 100644 index 0000000..b33da9c --- /dev/null +++ b/hosts/chunk/tailscale.nix @@ -0,0 +1,9 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + extraUpFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + openFirewall = true; + }; +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c2a670a..54f13da 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -9,6 +9,7 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -32,6 +33,9 @@ sopsFile = ../../secrets/newsboat.yaml; owner = "yt"; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; boot = { @@ -58,6 +62,7 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -128,6 +133,7 @@ "wheel" "libvirtd" "docker" + "disk" ]; environment.systemPackages = with pkgs; [ @@ -314,4 +320,8 @@ programs.niri.enable = true; programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; + + services.udev.extraHwdb = '' + SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" + ''; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix new file mode 100644 index 0000000..71d47c8 --- /dev/null +++ b/hosts/ytnix/tailscale.nix @@ -0,0 +1,11 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + openFirewall = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + "--exit-node=100.122.132.30" + ]; + }; +} diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml new file mode 100644 index 0000000..27997b8 --- /dev/null +++ b/secrets/services/tailscale.yaml @@ -0,0 +1,31 @@ +tailscale: + auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr + c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly + V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx + UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW + 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP + R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r + TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 + em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 + kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-24T05:26:20Z" + mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.3 From 4fa0aed92e30b688a8061c014c7d98109cac239c Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 24 Jan 2025 05:44:35 -0500 Subject: [PATCH 161/410] git enable signoff and change mergetool Signed-off-by: cy --- home/yt/common.nix | 11 ++++++----- home/zsh/default.nix | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index 77c98fe..4d7acca 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -44,7 +44,11 @@ rebase = true; autostash = true; }; - merge.tool = "vimdiff"; + merge = { + tool = "vimdiff"; + keepBackup = false; + prompt = false; + }; rebase = { stat = true; autoStash = true; @@ -52,10 +56,7 @@ updateRefs = true; }; help.autocorrect = 1; - mergetool = { - prompt = false; - path = "nvim-open"; - }; + "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; }; }; programs.ripgrep.enable = true; diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 994fa1f..363efd6 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -94,8 +94,8 @@ "ga" = "git add"; "gaa" = "git add --all"; "gb" = "git branch"; - "gc" = "git commit --verbose"; - "gcmsg" = "git commit --message"; + "gc" = "git commit --verbose -s"; + "gcmsg" = "git commit -s --message"; "gd" = "git diff"; "gdca" = "git diff --cached"; "gds" = "git diff --staged"; From c1cb989017e5abedcfc0004bbf39723e0d9024d0 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 24 Jan 2025 13:34:49 -0500 Subject: [PATCH 162/410] flake update Signed-off-by: cy --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 0c81455..e3203fe 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1737563566, - "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=", + "lastModified": 1737689766, + "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "owner": "ipetkov", "repo": "crane", - "rev": "849376434956794ebc7a6b487d31aace395392ba", + "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737669579, - "narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=", + "lastModified": 1737704314, + "narHash": "sha256-zta8jvOQ2wRCZmiwFEnS5iCulWAh8e+fLUlQxrgOBjM=", "owner": "nix-community", "repo": "home-manager", - "rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9", + "rev": "a0428685572b134f6594e7d7f5db5e1febbab2d7", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737655283, - "narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=", + "lastModified": 1737726524, + "narHash": "sha256-Tw4kY4m5iNkRWCzmZO8ZO0i5iufD2K11leRy3uPR+g0=", "ref": "refs/heads/main", - "rev": "963b687443b44df6c5cbdf3426454d92830d9100", - "revCount": 16671, + "rev": "ca68979174da416f0c3d11beaa19d3965a4654a0", + "revCount": 16681, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737627930, - "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=", + "lastModified": 1737723936, + "narHash": "sha256-7badcmkmjaOeEshFdGnoEofrZO667t/k5jDa0/NINpI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01", + "rev": "84a8590f8196d3fccb1618a153dbd6bac325e3c4", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737623252, - "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=", + "lastModified": 1737697331, + "narHash": "sha256-9k77pFW2ANx8bZc+RcF6YP9McFZsUCWWY+XwBX0P3/Q=", "owner": "YaLTeR", "repo": "niri", - "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0", + "rev": "748d90b443b9f20134020c21760b5b6c2c42a7de", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737642748, - "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=", + "lastModified": 1737706285, + "narHash": "sha256-k/f1rAyCjGkNu4BnlnUGEvQPSnYVG7UHoOeaQQcjQps=", "owner": "nixos", "repo": "nixpkgs", - "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0", + "rev": "dcb7446a099fe1c95b3694fdb7a4dda8f19d6ba8", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737667561, - "narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=", + "lastModified": 1737735875, + "narHash": "sha256-uZpZbT5kH7whiMpaMQjSPxRbRTmH5LaoBat6eQBHHaY=", "owner": "nix-community", "repo": "nixvim", - "rev": "aab2b81792567237c104b90c3936e073d28a9ac6", + "rev": "bd3184f4957d5484bb5ebef4b9bc6f9cc53cfad5", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737599167, - "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", + "lastModified": 1737685583, + "narHash": "sha256-p+NVABRpGi+pT+xxf9HcLcFVxG6L+vEEy+NwzB9T0f8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38374302ae9edf819eac666d1f276d62c712dd06", + "rev": "eb64cbcc8eee0fa87ebded92805280d2ec97415a", "type": "github" }, "original": { From 5e3715f8f70425d5c782869a873d2433a78796aa Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 24 Jan 2025 15:33:52 -0500 Subject: [PATCH 163/410] make justfile work --- justfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/justfile b/justfile index e15ec8b..95b1fda 100644 --- a/justfile +++ b/justfile @@ -1,5 +1,8 @@ update: git switch -c update + nix flake update + git add flake.lock + git commit -s -m "flake update" git push git switch main From 750b202a4278ab8f8168f614c59b66d442c199bf Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 24 Jan 2025 22:41:26 -0500 Subject: [PATCH 164/410] flake update Signed-off-by: cy --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index e3203fe..5bdd825 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737704314, - "narHash": "sha256-zta8jvOQ2wRCZmiwFEnS5iCulWAh8e+fLUlQxrgOBjM=", + "lastModified": 1737762889, + "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0428685572b134f6594e7d7f5db5e1febbab2d7", + "rev": "daf04c5950b676f47a794300657f1d3d14c1a120", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737726524, - "narHash": "sha256-Tw4kY4m5iNkRWCzmZO8ZO0i5iufD2K11leRy3uPR+g0=", + "lastModified": 1737770806, + "narHash": "sha256-mdtBGOkNySRbQ1zkroCdyOHFqMOZSOJCPxjXTpCaWvc=", "ref": "refs/heads/main", - "rev": "ca68979174da416f0c3d11beaa19d3965a4654a0", - "revCount": 16681, + "rev": "5a41803f744822377587f784ded0e6a061b39cd4", + "revCount": 16688, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737723936, - "narHash": "sha256-7badcmkmjaOeEshFdGnoEofrZO667t/k5jDa0/NINpI=", + "lastModified": 1737746480, + "narHash": "sha256-Lccg6b+Sz6TSDj4BpLZhugauwDa/CyCjF7E6W3VvYa0=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "84a8590f8196d3fccb1618a153dbd6bac325e3c4", + "rev": "afeb7877090d50d02c1ecab3159b328b85a44868", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737735875, - "narHash": "sha256-uZpZbT5kH7whiMpaMQjSPxRbRTmH5LaoBat6eQBHHaY=", + "lastModified": 1737747541, + "narHash": "sha256-dA54OnUCUtVZfnSuD1dAEcosZzx/tch9KvtDz/Y3FIo=", "owner": "nix-community", "repo": "nixvim", - "rev": "bd3184f4957d5484bb5ebef4b9bc6f9cc53cfad5", + "rev": "5fda6e093da13f37c63a5577888a668c38f30dc7", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737685583, - "narHash": "sha256-p+NVABRpGi+pT+xxf9HcLcFVxG6L+vEEy+NwzB9T0f8=", + "lastModified": 1737771740, + "narHash": "sha256-lWIdF4qke63TdCHnJ0QaUHfG8YvsDrBqzL4jiHYQd+Y=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "eb64cbcc8eee0fa87ebded92805280d2ec97415a", + "rev": "cfaaa1dddd280af09aca84af84612fbccd986ae2", "type": "github" }, "original": { From 42e66561b728b65c80811a66943fb378cc267b84 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 25 Jan 2025 09:13:58 -0500 Subject: [PATCH 165/410] flake update Signed-off-by: cy --- flake.lock | 64 +++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index 5bdd825..b775756 100644 --- a/flake.lock +++ b/flake.lock @@ -32,11 +32,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1733424942, - "narHash": "sha256-5t7Sl6EkOaoP4FvzLmH7HFDbdl9SizmLh53RjDQCbWQ=", + "lastModified": 1737621947, + "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", "owner": "cachix", "repo": "cachix", - "rev": "8b6b0e4694b9aa78b2ea4c93bff6e1a222dc7e4a", + "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", "type": "github" }, "original": { @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1737153653, - "narHash": "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U=", + "lastModified": 1737792515, + "narHash": "sha256-+mR9BsX2a+RBFMcWXIrRnwHnR8bpPL6vuhaFfSshGJY=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "5b8464252c2c03edf65e43153be026dbb768a12a", + "rev": "cd5d4f48bec719a938f50cb17b667668105a1141", "type": "github" }, "original": { @@ -255,11 +255,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1736836313, - "narHash": "sha256-zdZ7/T6yG0/hzoVOiNpDiR/sW3zR6oSMrfIFJK2BrrE=", + "lastModified": 1737700483, + "narHash": "sha256-1778bR4GDDc51/iZQvcshGLZ4JU87zCzqei8Hn7vU1A=", "owner": "nix-community", "repo": "fenix", - "rev": "056c9393c821a4df356df6ce7f14c722dc8717ec", + "rev": "bab2a2840bc2d5ae7c6a133602185edbe4ca7daa", "type": "github" }, "original": { @@ -656,11 +656,11 @@ "liburing": { "flake": false, "locked": { - "lastModified": 1736719310, - "narHash": "sha256-Turvx60THwzTiUHb49WV3upUgsPuktr7tVy2Lwu2xJg=", + "lastModified": 1737600516, + "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=", "owner": "axboe", "repo": "liburing", - "rev": "3124a4619e4daf26b06d48ccf0186a947070c415", + "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737770806, - "narHash": "sha256-mdtBGOkNySRbQ1zkroCdyOHFqMOZSOJCPxjXTpCaWvc=", + "lastModified": 1737810081, + "narHash": "sha256-WByslFoA16T/o5Fd+ebhSwmXtbL18L3ameJbzfepbI8=", "ref": "refs/heads/main", - "rev": "5a41803f744822377587f784ded0e6a061b39cd4", - "revCount": 16688, + "rev": "0ad79775b6f9800eb00a2870f01eab338befcced", + "revCount": 16689, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737746480, - "narHash": "sha256-Lccg6b+Sz6TSDj4BpLZhugauwDa/CyCjF7E6W3VvYa0=", + "lastModified": 1737797805, + "narHash": "sha256-revbNiDQIhSwkAvGE2IVf3iSHbp1LB52KXu3nukATfE=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "afeb7877090d50d02c1ecab3159b328b85a44868", + "rev": "ab19f1d6bf4b38558c84df4990ec0618ec526eb5", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737697331, - "narHash": "sha256-9k77pFW2ANx8bZc+RcF6YP9McFZsUCWWY+XwBX0P3/Q=", + "lastModified": 1737795105, + "narHash": "sha256-zQSNUKj671I9M4DdMD4iMUnIIWN5oiaWdqDHUSVcaVE=", "owner": "YaLTeR", "repo": "niri", - "rev": "748d90b443b9f20134020c21760b5b6c2c42a7de", + "rev": "78697d1cea20e6b53013e820999b0403c45d9f00", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737706285, - "narHash": "sha256-k/f1rAyCjGkNu4BnlnUGEvQPSnYVG7UHoOeaQQcjQps=", + "lastModified": 1737795611, + "narHash": "sha256-0kGPO515JdDt6gPcR25QTGyNJnT1UFtH1tdkR2QdLAY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dcb7446a099fe1c95b3694fdb7a4dda8f19d6ba8", + "rev": "ed45d51fb4c860e70760a042dd9ff99bd016497e", "type": "github" }, "original": { @@ -1180,16 +1180,16 @@ "rocksdb": { "flake": false, "locked": { - "lastModified": 1734469478, - "narHash": "sha256-IcQ4N8xADYal79K+ONmNq4RLlIwdgUqgrVzgNgiIaG8=", + "lastModified": 1737761947, + "narHash": "sha256-FqpAOeFGuA+luV36jaf5aVz3UB183n6wUrTbFxCwjjQ=", "owner": "girlbossceo", "repo": "rocksdb", - "rev": "8b4808e7de2fbb5d119d8d72cdca76d8ab84bc47", + "rev": "d078ca31e802696b26d972bda7bed86ee1382156", "type": "github" }, "original": { "owner": "girlbossceo", - "ref": "v9.9.3", + "ref": "v9.10.0", "repo": "rocksdb", "type": "github" } @@ -1219,11 +1219,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1736690231, - "narHash": "sha256-g9gyxX+F6CrkT5gRIMKPnCPom0o9ZDzYnzzeNF86D6Q=", + "lastModified": 1737634189, + "narHash": "sha256-AG5G9KDsl0Ngby9EfWvlemma7WWG0KCADTIccPJuzUE=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "8364ef299790cb6ec22b9e09e873c97dbe9f2cb5", + "rev": "84d44d0a574630aa8500ed62b6c01ccd3fae2473", "type": "github" }, "original": { From ca047c1885c76e71ce19ac7022df6c94b5bca9e7 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 25 Jan 2025 09:47:52 -0500 Subject: [PATCH 166/410] add beta nix cache Signed-off-by: cy --- flake.nix | 1 + hosts/chunk/tailscale.nix | 5 ++++- hosts/common.nix | 21 +++++++++++++++++---- hosts/ytnix/tailscale.nix | 1 + 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 77099f8..e27afc9 100644 --- a/flake.nix +++ b/flake.nix @@ -89,6 +89,7 @@ "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix index b33da9c..fefc8e5 100644 --- a/hosts/chunk/tailscale.nix +++ b/hosts/chunk/tailscale.nix @@ -2,7 +2,10 @@ services.tailscale = { enable = true; authKeyFile = config.sops.secrets."tailscale/auth".path; - extraUpFlags = [ "--advertise-exit-node" ]; + extraUpFlags = [ + "--advertise-exit-node" + "--accept-dns=false" + ]; useRoutingFeatures = "server"; openFirewall = true; }; diff --git a/hosts/common.nix b/hosts/common.nix index 2e8b31a..c4bc548 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -9,8 +9,21 @@ "root" "@wheel" ]; - trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; - substituters = [ "https://cache.cything.io/central" ]; + trusted-public-keys = [ + "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + ]; + substituters = [ + "https://aseipp-nix-cache.global.ssl.fastly.net" + "https://cache.cything.io/central" + "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://cything.cachix.org" + ]; }; channel.enable = false; optimise = { @@ -24,8 +37,8 @@ options = "--delete-older-than 14d"; }; extraOptions = '' - builders-use-substitutes = true - ''; + builders-use-substitutes = true + ''; registry.nixpkgs.flake = inputs.nixpkgs; }; time.timeZone = "America/Toronto"; diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix index 71d47c8..91d67bf 100644 --- a/hosts/ytnix/tailscale.nix +++ b/hosts/ytnix/tailscale.nix @@ -6,6 +6,7 @@ useRoutingFeatures = "client"; extraUpFlags = [ "--exit-node=100.122.132.30" + "--accept-dns=false" ]; }; } From 5fc61d955bf52a66befa891582e8d2b4f6fc6b0a Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 25 Jan 2025 17:24:02 -0500 Subject: [PATCH 167/410] flake update Signed-off-by: cy --- flake.lock | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index b775756..bb0643e 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1737792515, - "narHash": "sha256-+mR9BsX2a+RBFMcWXIrRnwHnR8bpPL6vuhaFfSshGJY=", + "lastModified": 1737830431, + "narHash": "sha256-C/tkJeSefIAK9wke33HBvxCoBF/hqa+1+oPaLriOrNE=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "cd5d4f48bec719a938f50cb17b667668105a1141", + "rev": "9514064c1c709dc7c437b1478b224bb0d711ec05", "type": "github" }, "original": { @@ -255,11 +255,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1737700483, - "narHash": "sha256-1778bR4GDDc51/iZQvcshGLZ4JU87zCzqei8Hn7vU1A=", + "lastModified": 1737786656, + "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=", "owner": "nix-community", "repo": "fenix", - "rev": "bab2a2840bc2d5ae7c6a133602185edbe4ca7daa", + "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f", "type": "github" }, "original": { @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737797805, - "narHash": "sha256-revbNiDQIhSwkAvGE2IVf3iSHbp1LB52KXu3nukATfE=", + "lastModified": 1737840481, + "narHash": "sha256-WjW3cdrmh1sGMT3CBqCFzT9BOktTa1u9ldoWEqTj7xk=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "ab19f1d6bf4b38558c84df4990ec0618ec526eb5", + "rev": "8fc9dba8df75d9d004d9369b513b81180788ec15", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737747541, - "narHash": "sha256-dA54OnUCUtVZfnSuD1dAEcosZzx/tch9KvtDz/Y3FIo=", + "lastModified": 1737832569, + "narHash": "sha256-VkK73VRVgvSQOPw9qx9HzvbulvUM9Ae4nNd3xNP+pkI=", "owner": "nix-community", "repo": "nixvim", - "rev": "5fda6e093da13f37c63a5577888a668c38f30dc7", + "rev": "d7df58321110d3b0e12a829bbd110db31ccd34b1", "type": "github" }, "original": { @@ -1180,16 +1180,16 @@ "rocksdb": { "flake": false, "locked": { - "lastModified": 1737761947, - "narHash": "sha256-FqpAOeFGuA+luV36jaf5aVz3UB183n6wUrTbFxCwjjQ=", + "lastModified": 1737828695, + "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=", "owner": "girlbossceo", "repo": "rocksdb", - "rev": "d078ca31e802696b26d972bda7bed86ee1382156", + "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c", "type": "github" }, "original": { "owner": "girlbossceo", - "ref": "v9.10.0", + "ref": "v9.9.3", "repo": "rocksdb", "type": "github" } @@ -1219,11 +1219,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1737634189, - "narHash": "sha256-AG5G9KDsl0Ngby9EfWvlemma7WWG0KCADTIccPJuzUE=", + "lastModified": 1737728869, + "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "84d44d0a574630aa8500ed62b6c01ccd3fae2473", + "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636", "type": "github" }, "original": { @@ -1343,11 +1343,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1736487362, - "narHash": "sha256-4kGoOA7FgK9N2mzS+TFEn41kUUNY6KwdiA/0rqlr868=", + "lastModified": 1737837494, + "narHash": "sha256-wIMowP8Juas4ZwMRcpc+58sZ0kKTDu8fm13THPmv/F8=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "8f55e27f63a749881c4bbfbb6b1da028342a91d1", + "rev": "3944c9a0e40e5629f16ad023bbc90dac80d35a0f", "type": "github" }, "original": { From 6ae187f7c618cfd82fc953cf48507faae72da700 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 25 Jan 2025 19:47:39 -0500 Subject: [PATCH 168/410] forgejo: use forgejo package and forgejo-dark theme Signed-off-by: cy --- hosts/chunk/forgejo.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 07d0e69..fd842ce 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -1,7 +1,8 @@ -{ ... }: +{ pkgs, ... }: { services.forgejo = { enable = true; + package = pkgs.forgejo; # uses forgejo-lts by default user = "git"; group = "git"; settings = { @@ -16,7 +17,7 @@ service.DISABLE_REGISTRATION = true; ui = { AMBIGUOUS_UNICODE_DETECTION = false; - DEFAULT_THEME = "gitea-dark"; + DEFAULT_THEME = "forgejo-dark"; }; actions.ENABLED = false; repository.ENABLE_PUSH_CREATE_USER = true; From 7b48435796d687b3dcfec5153249b636991ae7aa Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 25 Jan 2025 23:48:18 -0500 Subject: [PATCH 169/410] git sign with ssh Signed-off-by: cy --- home/yt/ytnix.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e542d2b..6b9ece5 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -149,4 +149,12 @@ enable = true; nix-direnv.enable = true; }; + + programs.git.extraConfig = { + user = { + signingKey = "~/.ssh/id.key"; + }; + gpg.format = "ssh"; + global.gpgsign = true; + }; } From 84c2b18dfa29333af0eb608406fc7e2e5b04f38f Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 25 Jan 2025 19:49:15 -0500 Subject: [PATCH 170/410] re-enable lix Signed-off-by: cy --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e27afc9..95a0154 100644 --- a/flake.nix +++ b/flake.nix @@ -172,7 +172,7 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri - # inputs.lix-module.nixosModules.default # broken + inputs.lix-module.nixosModules.default # broken ]; }; chunk = lib.nixosSystem { From 80da2cfc708772010467523148e560a11f6e7d61 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 26 Jan 2025 16:55:42 -0500 Subject: [PATCH 171/410] git: specify the ssh key for push to work Signed-off-by: cy --- home/yt/ytnix.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 6b9ece5..b15d8b3 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -155,6 +155,7 @@ signingKey = "~/.ssh/id.key"; }; gpg.format = "ssh"; - global.gpgsign = true; + commit.gpgsign = true; + core.sshCommand = "ssh -i ~/.ssh/id.key"; }; } From b1a19557862cd7784eca183325e752cadcb5d141 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 26 Jan 2025 17:43:18 -0500 Subject: [PATCH 172/410] make mouse cursor better again Signed-off-by: cy --- home/yt/ytnix.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b15d8b3..97cefe9 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -28,10 +28,6 @@ gtk = { enable = true; - cursorTheme = { - package = pkgs.bibata-cursors; - name = "Bibata-Modern"; - }; theme = { package = pkgs.adw-gtk3; name = "adw-gtk3-dark"; @@ -44,7 +40,8 @@ home.pointerCursor = { package = pkgs.bibata-cursors; - name = "Bibata-Modern"; + name = "Bibata-Modern-Classic"; + size = 23; gtk.enable = true; x11.enable = true; }; From 7367b2d1a5f6ec8df5a1d61e4d5552abc10aca74 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 26 Jan 2025 22:35:43 -0500 Subject: [PATCH 173/410] flake update Signed-off-by: cy --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index bb0643e..ee29dc4 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1737830431, - "narHash": "sha256-C/tkJeSefIAK9wke33HBvxCoBF/hqa+1+oPaLriOrNE=", + "lastModified": 1737945015, + "narHash": "sha256-VCa7UAWqP14IC+fmT4P3rxGhkugDlU/4FZqqPyFUs9s=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "9514064c1c709dc7c437b1478b224bb0d711ec05", + "rev": "71a3855af61b0071832c23085f76a8711e32b49c", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737810081, - "narHash": "sha256-WByslFoA16T/o5Fd+ebhSwmXtbL18L3ameJbzfepbI8=", + "lastModified": 1737857294, + "narHash": "sha256-bzC+anLF/NlgolaMoB4uTFgSejLJlTzPcNF1Kbq/BP0=", "ref": "refs/heads/main", - "rev": "0ad79775b6f9800eb00a2870f01eab338befcced", - "revCount": 16689, + "rev": "4af6b5ed9f8f2412bef5331b8e3b93f3ad305ea1", + "revCount": 16694, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737840481, - "narHash": "sha256-WjW3cdrmh1sGMT3CBqCFzT9BOktTa1u9ldoWEqTj7xk=", + "lastModified": 1737924584, + "narHash": "sha256-8XAz2IFUdSN7IblSWgQQVjivlZ0uWn3Y5jN3G6+/jss=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "8fc9dba8df75d9d004d9369b513b81180788ec15", + "rev": "d3682c753abbbc8d41578aa12e6f10508d801f4b", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737795105, - "narHash": "sha256-zQSNUKj671I9M4DdMD4iMUnIIWN5oiaWdqDHUSVcaVE=", + "lastModified": 1737918541, + "narHash": "sha256-NKartmApYTAjteTg78OAIAYGvtl9QCDcKp8tPk3KCuI=", "owner": "YaLTeR", "repo": "niri", - "rev": "78697d1cea20e6b53013e820999b0403c45d9f00", + "rev": "baa051891237054f2d4db86d7bcfe0f17440c35f", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737795611, - "narHash": "sha256-0kGPO515JdDt6gPcR25QTGyNJnT1UFtH1tdkR2QdLAY=", + "lastModified": 1737917096, + "narHash": "sha256-wOo5jWu88VRbm0TTNl9KxE4nIkfnXVKxLvZwpTn75wk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ed45d51fb4c860e70760a042dd9ff99bd016497e", + "rev": "a47cb26bbe26d63321cbb96de6d1981d790d9748", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737832569, - "narHash": "sha256-VkK73VRVgvSQOPw9qx9HzvbulvUM9Ae4nNd3xNP+pkI=", + "lastModified": 1737914312, + "narHash": "sha256-PBF4R+yQt5Sls7CsA9Miwx28XtOP/yqaqejZ3RKSes0=", "owner": "nix-community", "repo": "nixvim", - "rev": "d7df58321110d3b0e12a829bbd110db31ccd34b1", + "rev": "8e5422bf3e76f410b97d2da640d0829e87657de9", "type": "github" }, "original": { @@ -1105,11 +1105,11 @@ ] }, "locked": { - "lastModified": 1737372689, - "narHash": "sha256-nH3zK2ki0fd5o5qvbGHxukE4qnOLJa1uCzoDObG5vrE=", + "lastModified": 1737823349, + "narHash": "sha256-LAppb+sftyvJbPdrBG1uN9GYWHz6q7bUpkpDjljcSRo=", "owner": "NuschtOS", "repo": "search", - "rev": "570cc17bbc25650eb7d69e4fcda8cfd2f1656922", + "rev": "f91a0ac0f4ecf0ad1d1d88140f66520dae6ce4bd", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737771740, - "narHash": "sha256-lWIdF4qke63TdCHnJ0QaUHfG8YvsDrBqzL4jiHYQd+Y=", + "lastModified": 1737944843, + "narHash": "sha256-ZSXR/po/slqpsk3JLVjXbE04Vqrb4k7yCGHjyMj3tOk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "cfaaa1dddd280af09aca84af84612fbccd986ae2", + "rev": "27bb917a41480b6ceee8e42d32dfcc9ecc6fa6c6", "type": "github" }, "original": { From 61b1399131045afb98f4f5f397b9461fd5b29772 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 27 Jan 2025 02:28:39 -0500 Subject: [PATCH 174/410] enable ssh agent Signed-off-by: cy --- hosts/chunk/default.nix | 7 +++++-- hosts/chunk/tailscale.nix | 3 ++- hosts/ytnix/default.nix | 6 ++++++ hosts/ytnix/tailscale.nix | 3 ++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 0343084..6021b41 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -75,8 +75,11 @@ }; }; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + boot = { + loader.grub.enable = true; + loader.grub.device = "/dev/vda"; + kernelPackages = pkgs.linuxPackages_latest; + }; system.stateVersion = "24.05"; diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix index fefc8e5..e170e6b 100644 --- a/hosts/chunk/tailscale.nix +++ b/hosts/chunk/tailscale.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ services.tailscale = { enable = true; authKeyFile = config.sops.secrets."tailscale/auth".path; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 54f13da..6192e43 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -324,4 +324,10 @@ services.udev.extraHwdb = '' SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" ''; + + programs.ssh = { + askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; + startAgent = true; + enableAskPassword = true; + }; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix index 91d67bf..63489ae 100644 --- a/hosts/ytnix/tailscale.nix +++ b/hosts/ytnix/tailscale.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ services.tailscale = { enable = true; authKeyFile = config.sops.secrets."tailscale/auth".path; From a9a3ee84139e743431fc87f94c5fb2ae803feb5f Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 27 Jan 2025 04:02:11 -0500 Subject: [PATCH 175/410] init Signed-off-by: cy --- modules/caddy.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 modules/caddy.nix diff --git a/modules/caddy.nix b/modules/caddy.nix new file mode 100644 index 0000000..9ee9913 --- /dev/null +++ b/modules/caddy.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my.caddy; + commonExtraConfig = '' + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + ''; +in +{ + options.my.caddy = { + enable = lib.mkEnableOption "caddy reverse proxy"; + acmeCa = lib.mkOption { + type = lib.types.str; + }; + }; + + config = lib.mkIf cfg.enable { + services.caddy = { + enable = true; + logFormat = lib.mkForce "level INFO"; + acmeCa = "https://acme-v02.api.letsencrypt.org/directory"; + }; + }; +} From cad577b1931eabc568f7eef6659e5405f20a1eec Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 27 Jan 2025 05:49:00 -0500 Subject: [PATCH 176/410] migrate chunk to caddy module Signed-off-by: cy --- hosts/chunk/Caddyfile | 89 ------------------------------------- hosts/chunk/adguard.nix | 5 +++ hosts/chunk/attic.nix | 5 +++ hosts/chunk/conduwuit.nix | 5 +++ hosts/chunk/default.nix | 12 ++--- hosts/chunk/deluge.nix | 5 +++ hosts/chunk/element.nix | 5 +++ hosts/chunk/forgejo.nix | 16 +++++++ hosts/chunk/garage.nix | 5 +++ hosts/chunk/grafana.nix | 5 +++ hosts/chunk/hedgedoc.nix | 5 +++ hosts/chunk/immich.nix | 5 +++ hosts/chunk/miniflux.nix | 5 +++ hosts/chunk/redlib.nix | 5 +++ hosts/chunk/vaultwarden.nix | 5 +++ modules/caddy.nix | 16 +++---- modules/default.nix | 1 + 17 files changed, 91 insertions(+), 103 deletions(-) delete mode 100644 hosts/chunk/Caddyfile diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile deleted file mode 100644 index 5e56278..0000000 --- a/hosts/chunk/Caddyfile +++ /dev/null @@ -1,89 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -git.cything.io { - import common - - # wrap in route so things are evaluated in the order written - route { - # rewrite gitlab URIs to make it work with forgejo - uri path_regexp /-/ / - uri replace /blob/ /src/ - redir https://git.cy7.sh{uri} permanent - } -} - -git.cy7.sh { - import common - reverse_proxy localhost:3000 -} - -rss.cy7.sh { - import common - reverse_proxy localhost:8080 -} - -photos.cy7.sh { - import common - reverse_proxy localhost:2283 -} - -chat.cything.io { - import common - reverse_proxy localhost:8448 -} - -pass.cy7.sh { - import common - reverse_proxy localhost:8081 -} - -dns.cything.io { - import common - reverse_proxy localhost:8082 -} - -pad.cything.io { - import common - reverse_proxy localhost:8085 -} - -red.cything.io { - import common - reverse_proxy localhost:8087 -} - -grafana.cything.io { - import common - reverse_proxy localhost:8088 -} - -element.cything.io { - import common - reverse_proxy localhost:8089 -} - -cache.cything.io { - import common - reverse_proxy localhost:8090 -} - -s3.cy7.sh { - import common - reverse_proxy localhost:3900 -} - -admin.s3.cy7.sh { - import common - reverse_proxy localhost:3903 -} diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix index fe4b9bb..74207fc 100644 --- a/hosts/chunk/adguard.nix +++ b/hosts/chunk/adguard.nix @@ -21,4 +21,9 @@ ]; }; }; + + services.caddy.virtualHosts."dns.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8082 + ''; } diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index 2f84394..c41e985 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -31,4 +31,9 @@ }; }; }; + + services.caddy.virtualHosts."cache.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8090 + ''; } diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 25c85ab..8aa8998 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -10,4 +10,9 @@ allow_check_for_updates = true; }; }; + + services.caddy.virtualHosts."chat.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8448 + ''; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 6021b41..577e9b5 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -183,11 +183,13 @@ programs.gnupg.agent.enable = true; programs.git.enable = true; - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; + my.caddy.enable = true; + services.caddy.virtualHosts."cy7.sh" = { + serverAliases = [ "www.cy7.sh" ]; + extraConfig = '' + import common + redir https://cything.io temporary + ''; }; # container stuff diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix index 638c728..5dd3fd4 100644 --- a/hosts/chunk/deluge.nix +++ b/hosts/chunk/deluge.nix @@ -7,4 +7,9 @@ port = 8112; }; }; + + services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8112 + ''; } diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix index 81ab246..5a12e1e 100644 --- a/hosts/chunk/element.nix +++ b/hosts/chunk/element.nix @@ -25,4 +25,9 @@ ${pkgs.podman}/bin/podman network create element-net ''; }; + + services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8089 + ''; } diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index fd842ce..26fb541 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -30,4 +30,20 @@ name = "git"; }; }; + + services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3000 + ''; + services.caddy.virtualHosts."git.cything.io".extraConfig = '' + import common + + # wrap in route so things are evaluated in the order written + route { + # rewrite gitlab URIs to make it work with forgejo + uri path_regexp /-/ / + uri replace /blob/ /src/ + redir https://git.cy7.sh{uri} permanent + } + ''; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index fe3ef46..75730a1 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -16,4 +16,9 @@ }; environmentFile = config.sops.secrets."garage/env".path; }; + + services.caddy.virtualHosts."s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3900 + ''; } diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 0575f51..007bcf1 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -31,4 +31,9 @@ } ]; }; + + services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8088 + ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1988520..62505f9 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -16,4 +16,9 @@ protocolUseSSL = true; }; }; + + services.caddy.virtualHosts."pad.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8085 + ''; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 2062330..9661e8c 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -95,4 +95,9 @@ in ${pkgs.podman}/bin/podman network create immich-net ''; }; + + services.caddy.virtualHosts."photos.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:2283 + ''; } diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index f40b2b6..84783f6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -9,4 +9,9 @@ FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; + + services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8080 + ''; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index 39585f1..d095da5 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -10,4 +10,9 @@ REDLIB_ROBOTS_DISABLE_INDEXING = "on"; }; }; + + services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8087 + ''; } diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index b97835e..7529610 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -10,4 +10,9 @@ DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; }; }; + + services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8081 + ''; } diff --git a/modules/caddy.nix b/modules/caddy.nix index 9ee9913..6d38b01 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -1,29 +1,27 @@ { config, lib, - pkgs, ... }: let cfg = config.my.caddy; - commonExtraConfig = '' - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" - ''; in { options.my.caddy = { enable = lib.mkEnableOption "caddy reverse proxy"; - acmeCa = lib.mkOption { - type = lib.types.str; - }; }; config = lib.mkIf cfg.enable { services.caddy = { enable = true; logFormat = lib.mkForce "level INFO"; - acmeCa = "https://acme-v02.api.letsencrypt.org/directory"; + acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + extraConfig = '' + (common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + } + ''; }; }; } diff --git a/modules/default.nix b/modules/default.nix index 2155137..070a96e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,5 +2,6 @@ { imports = [ ./backup.nix + ./caddy.nix ]; } From da557a7b7e16f82f9f3cac33d3aa02ea937b54f4 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 27 Jan 2025 20:07:41 -0500 Subject: [PATCH 177/410] titan: redirect to new website Signed-off-by: cy --- hosts/titan/Caddyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile index 70cc99f..5969134 100644 --- a/hosts/titan/Caddyfile +++ b/hosts/titan/Caddyfile @@ -13,7 +13,7 @@ cything.io { import common - reverse_proxy localhost:8084 + redir https://cy7.sh/posts{uri} permanent header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * From 443ea96d1fb162f07958b58e3c800656d1756186 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 27 Jan 2025 20:23:15 -0500 Subject: [PATCH 178/410] make justfile better and cleanup zsh Signed-off-by: cy --- home/zsh/default.nix | 5 ----- justfile | 3 ++- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 363efd6..eb920d5 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -39,11 +39,6 @@ initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL - # manually integrate fzf cause we need to make sure zsh-vi-mode - # won't override C-r - function zvm_after_init() { - eval "$(${pkgs.fzf}/bin/fzf --zsh)" - } # useful emacs mode bindings bindkey -M viins "^E" end-of-line diff --git a/justfile b/justfile index 95b1fda..e113688 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,10 @@ update: + git branch -D update || true git switch -c update nix flake update git add flake.lock git commit -s -m "flake update" - git push + git push -f git switch main upgrade: From f9837b7cab5fcaec02cbc9c8be9d258bbbeb66e1 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 28 Jan 2025 00:39:23 -0500 Subject: [PATCH 179/410] make treesitter nicer Signed-off-by: cy --- home/nixvim/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 77586b6..89bfd94 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -171,7 +171,11 @@ plugins.treesitter = { enable = true; nixGrammars = true; - settings.indent.enable = true; + settings = { + indent.enable = true; + auto_install = true; + highlight.enable = true; + }; }; plugins.fzf-lua = { enable = true; From 1e55f3901c048163287f205a445a4d246321cba9 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 28 Jan 2025 22:38:24 -0500 Subject: [PATCH 180/410] fix matrix Signed-off-by: cy --- hosts/titan/Caddyfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile index 5969134..c306399 100644 --- a/hosts/titan/Caddyfile +++ b/hosts/titan/Caddyfile @@ -13,14 +13,16 @@ cything.io { import common - redir https://cy7.sh/posts{uri} permanent header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + route { + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + redir https://cy7.sh/posts{uri} permanent + } } www.cything.io { From 0506c6c92fc502e2f42cfb8bfcb1c6649236e550 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 28 Jan 2025 22:38:40 -0500 Subject: [PATCH 181/410] install ghidra and disable mouse warp Signed-off-by: cy --- home/niri/default.nix | 7 ++++++- home/yt/common.nix | 1 + home/yt/ytnix.nix | 9 +++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/home/niri/default.nix b/home/niri/default.nix index 0c72563..ea9acb9 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -50,7 +50,7 @@ in natural-scroll = true; click-method = "clickfinger"; }; - warp-mouse-to-focus = true; + warp-mouse-to-focus = false; focus-follows-mouse.enable = false; }; @@ -79,6 +79,11 @@ in } { app-id = "mpv"; } { app-id = "Bitwarden"; } + { + app-id = "ghidra-Ghidra"; + # pop-up windows + title = "^win(.*)"; + } ]; open-floating = true; } diff --git a/home/yt/common.nix b/home/yt/common.nix index 4d7acca..e919d4b 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -61,4 +61,5 @@ }; programs.ripgrep.enable = true; programs.man.generateCaches = true; + programs.fd.enable = true; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 97cefe9..fa26fd2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -103,6 +103,10 @@ github-cli fuzzel nixpkgs-review + just + hugo + ghidra + sequoia ]; programs.waybar.enable = true; @@ -155,4 +159,9 @@ commit.gpgsign = true; core.sshCommand = "ssh -i ~/.ssh/id.key"; }; + + home.sessionVariables = { + # to make ghidra work on xwayland + _JAVA_AWT_WM_NONREPARENTING = 1; + }; } From d79a34328a9ee28f084ab6dce37d4d45e25b480e Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 28 Jan 2025 22:40:30 -0500 Subject: [PATCH 182/410] flake update Signed-off-by: cy --- flake.lock | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index ee29dc4..fa1bec7 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737762889, - "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=", + "lastModified": 1737968762, + "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", "owner": "nix-community", "repo": "home-manager", - "rev": "daf04c5950b676f47a794300657f1d3d14c1a120", + "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737857294, - "narHash": "sha256-bzC+anLF/NlgolaMoB4uTFgSejLJlTzPcNF1Kbq/BP0=", + "lastModified": 1738097047, + "narHash": "sha256-GcgcCYhAkxU9BtzsUImFRIEFK0WqgjKrMqMySImGLK4=", "ref": "refs/heads/main", - "rev": "4af6b5ed9f8f2412bef5331b8e3b93f3ad305ea1", - "revCount": 16694, + "rev": "3a41bf32a78550f7373b51d39c07a4bb91bb9f2e", + "revCount": 16702, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -710,11 +710,11 @@ ] }, "locked": { - "lastModified": 1737675503, - "narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=", + "lastModified": 1738009885, + "narHash": "sha256-zPch36LSTs8dZJZlIiufXuY7wut06xp4CMdf/oqXoq0=", "ref": "refs/heads/main", - "rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09", - "revCount": 131, + "rev": "cf43eeb6b376cc36f70b0632bc39dc949b9f3b59", + "revCount": 132, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737924584, - "narHash": "sha256-8XAz2IFUdSN7IblSWgQQVjivlZ0uWn3Y5jN3G6+/jss=", + "lastModified": 1737961005, + "narHash": "sha256-b4hqJNgyx8lnngz7NFcJ1W+59xQnMQYF0EK5g0IOy7c=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "d3682c753abbbc8d41578aa12e6f10508d801f4b", + "rev": "e98ae62893568dd31e7a7e4e75e1dbbf23f759a0", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737918541, - "narHash": "sha256-NKartmApYTAjteTg78OAIAYGvtl9QCDcKp8tPk3KCuI=", + "lastModified": 1737956052, + "narHash": "sha256-Gr+tkCSuhQ5NT04hv/PoHExCgbuqRA/GZQv+le40LNY=", "owner": "YaLTeR", "repo": "niri", - "rev": "baa051891237054f2d4db86d7bcfe0f17440c35f", + "rev": "9b4d73f13a6906537faf01b5c5e5e2fee9dd602e", "type": "github" }, "original": { @@ -832,11 +832,11 @@ ] }, "locked": { - "lastModified": 1737504076, - "narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=", + "lastModified": 1738033138, + "narHash": "sha256-qlIM8A3bdL9c6PexhpS+QyZLO9y/8a3V75HVyJgDE5Q=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3", + "rev": "349a74c66c596ef97ee97b4d80a3ca61227b6120", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737917096, - "narHash": "sha256-wOo5jWu88VRbm0TTNl9KxE4nIkfnXVKxLvZwpTn75wk=", + "lastModified": 1738090407, + "narHash": "sha256-X6BvM495ef4Rk+7WFhvYFwJoKteQYgvSaRERLGofZ+s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a47cb26bbe26d63321cbb96de6d1981d790d9748", + "rev": "2c00621e9692affa61da62f82e76648c5a07e6a0", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737914312, - "narHash": "sha256-PBF4R+yQt5Sls7CsA9Miwx28XtOP/yqaqejZ3RKSes0=", + "lastModified": 1738106190, + "narHash": "sha256-woDlUpfK4n1znQfGREKDLMVOQ4JZo7L6YY/sTPZGw0g=", "owner": "nix-community", "repo": "nixvim", - "rev": "8e5422bf3e76f410b97d2da640d0829e87657de9", + "rev": "eeafe2a7153197982ccd6ad6678192bca1df446e", "type": "github" }, "original": { @@ -1105,11 +1105,11 @@ ] }, "locked": { - "lastModified": 1737823349, - "narHash": "sha256-LAppb+sftyvJbPdrBG1uN9GYWHz6q7bUpkpDjljcSRo=", + "lastModified": 1737924095, + "narHash": "sha256-9RO/IlxiE7bpY7GYsdDMNB533PnDOBo9UvYyXXqlN4c=", "owner": "NuschtOS", "repo": "search", - "rev": "f91a0ac0f4ecf0ad1d1d88140f66520dae6ce4bd", + "rev": "5efc9c966bb9bdad07a3c28667eac38b758c6f18", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737944843, - "narHash": "sha256-ZSXR/po/slqpsk3JLVjXbE04Vqrb4k7yCGHjyMj3tOk=", + "lastModified": 1738117527, + "narHash": "sha256-GFviGfaezjGLFUlxdv3zyC7rSZvTXqwcG/YsF6MDkOw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "27bb917a41480b6ceee8e42d32dfcc9ecc6fa6c6", + "rev": "6a3dc6ce4132bd57359214d986db376f2333c14d", "type": "github" }, "original": { @@ -1310,11 +1310,11 @@ ] }, "locked": { - "lastModified": 1737483750, - "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", + "lastModified": 1738070913, + "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", + "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", "type": "github" }, "original": { From b2a67402567092d91808af74d327a5938e850e79 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 29 Jan 2025 15:24:42 -0500 Subject: [PATCH 183/410] vscode goodies Signed-off-by: cy --- home/irssi.nix | 2 +- home/kitty.nix | 1 + home/niri/default.nix | 11 ++++++----- home/vscode.nix | 29 ++++++++++++++++++++++++----- home/yt/ytnix.nix | 1 + 5 files changed, 33 insertions(+), 11 deletions(-) diff --git a/home/irssi.nix b/home/irssi.nix index e8133c1..2221b42 100644 --- a/home/irssi.nix +++ b/home/irssi.nix @@ -1,4 +1,4 @@ -{ ... }: +{... }: { programs.irssi = { enable = true; diff --git a/home/kitty.nix b/home/kitty.nix index f47567c..7134390 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -58,6 +58,7 @@ "ctrl+f2" = "detach_tab"; # hints + # > basically means the preceding key is a prefix (think tmux) "kitty_mod+o>o" = "open_url_with_hints"; "kitty_mod+o>p" = "kitten hints --type path --program -"; "kitty_mod+o>n" = "kitten hints --type line --program -"; diff --git a/home/niri/default.nix b/home/niri/default.nix index ea9acb9..67720cb 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -73,10 +73,6 @@ in window-rules = [ { matches = [ - { - app-id = "anki"; - title = "Add"; - } { app-id = "mpv"; } { app-id = "Bitwarden"; } { @@ -88,7 +84,12 @@ in open-floating = true; } { - matches = [ { app-id = "anki"; } ]; + matches = [ + { + app-id = "anki"; + title = "Add"; + } + ]; default-column-width.proportion = .25; } { diff --git a/home/vscode.nix b/home/vscode.nix index d2b7bb0..b964fa6 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -8,11 +8,30 @@ mutableExtensionsDir = false; extensions = with pkgs.vscode-extensions; [ vscodevim.vim - jnoortheen.nix-ide # nix language support - editorconfig.editorconfig # editorconfig - dracula-theme.theme-dracula # color scheme - tomoki1207.pdf # pdf viewer - yzhang.markdown-all-in-one # markdown tools + jnoortheen.nix-ide + editorconfig.editorconfig + github.github-vscode-theme ]; + userSettings = { + "workbench.colorTheme" = "GitHub Dark Default"; + "files.autoSave" = "afterDelay"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nixd"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 15; + "editor.wordWrap" = "on"; + + # vim mode + "vim.handleKeys" = { + "" = false; # file tree toggle + }; + "vim.normalModeKeyBindings" = [ + { + "before" = [";"]; + "after" = [":"]; + "silent" = true; + } + ]; + }; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index fa26fd2..e0ed53c 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -9,6 +9,7 @@ ../niri ../irssi.nix ../kitty.nix + ../vscode.nix ]; home = { username = "yt"; From 069a65d4c7c11a8a569f16fd026297d937245f39 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 29 Jan 2025 16:23:33 -0500 Subject: [PATCH 184/410] nixvim: add copilot stuff --- home/nixvim/default.nix | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 89bfd94..f123392 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -24,7 +24,7 @@ extraPlugins = [ (pkgs.vimUtils.buildVimPlugin { - name = "gitub-theme"; + name = "github-theme"; src = inputs.nvim-github-theme; }) ]; @@ -71,6 +71,35 @@ key = ""; mode = "i"; } + # quick chat with copilot + { + key = "ccq"; + action.__raw = '' + function() + local input = vim.fn.input("Quick chat: ") + if input ~= "" then + require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer }) + end + end + ''; + mode = [ "n" "v" ]; + } + # ask perplexity a quick question + { + key = "ccs"; + action.__raw = '' + function() + local input = vim.fn.input("Perplexity: ") + if input ~= "" then + require("CopilotChat").ask(input, { + agent = "perplexityai", + selection = false, + }) + end + end + ''; + mode = [ "n" "v" ]; + } ]; plugins.cmp = { @@ -197,6 +226,13 @@ settings.current_line_blame = true; }; + plugins.copilot-chat = { + enable = true; + settings = { + model = "claude-3.5-sonnet"; + }; + }; + plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; plugins.cmp-nvim-lsp.enable = true; From b07c2558694f96b00f4fd006424056d5beb504ed Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 29 Jan 2025 16:48:28 -0500 Subject: [PATCH 185/410] nix fmt and some cleanup Signed-off-by: cy --- flake.nix | 3 --- home/irssi.nix | 2 +- home/nixvim/default.nix | 10 ++++++++-- home/vscode.nix | 4 ++-- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index 95a0154..0f4e96a 100644 --- a/flake.nix +++ b/flake.nix @@ -126,9 +126,6 @@ ... }: { - # make pkgs available to `perSystem` - _module.args.pkgs = inputs'.nixpkgs.legacyPackages; - treefmt = { projectRootFile = "flake.nix"; programs.nixfmt.enable = true; diff --git a/home/irssi.nix b/home/irssi.nix index 2221b42..e8133c1 100644 --- a/home/irssi.nix +++ b/home/irssi.nix @@ -1,4 +1,4 @@ -{... }: +{ ... }: { programs.irssi = { enable = true; diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index f123392..26b8bc6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -82,7 +82,10 @@ end end ''; - mode = [ "n" "v" ]; + mode = [ + "n" + "v" + ]; } # ask perplexity a quick question { @@ -98,7 +101,10 @@ end end ''; - mode = [ "n" "v" ]; + mode = [ + "n" + "v" + ]; } ]; diff --git a/home/vscode.nix b/home/vscode.nix index b964fa6..0c1bf95 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -27,8 +27,8 @@ }; "vim.normalModeKeyBindings" = [ { - "before" = [";"]; - "after" = [":"]; + "before" = [ ";" ]; + "after" = [ ":" ]; "silent" = true; } ]; From 67048909a94a6f8a90307eb16d8d3f36413c4b13 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 29 Jan 2025 16:49:19 -0500 Subject: [PATCH 186/410] flake update Signed-off-by: cy --- flake.lock | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index fa1bec7..6646c08 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1737945015, - "narHash": "sha256-VCa7UAWqP14IC+fmT4P3rxGhkugDlU/4FZqqPyFUs9s=", + "lastModified": 1738132650, + "narHash": "sha256-ryebu2VoopIpr5+DuHIs2/x60u+3EzRJexYRWVJn2AE=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "71a3855af61b0071832c23085f76a8711e32b49c", + "rev": "eb7d893c8675f955fa770c8ae6f1c32a2394284c", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737968762, - "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", + "lastModified": 1738178313, + "narHash": "sha256-/8TLf6LkXGRGERzcWMNDeXjYaHSbexmfV+ofheo7K6k=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", + "rev": "420a0d9506b5dac4d86a68b9ef8e763624ad86c6", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1738097047, - "narHash": "sha256-GcgcCYhAkxU9BtzsUImFRIEFK0WqgjKrMqMySImGLK4=", + "lastModified": 1738174211, + "narHash": "sha256-eYmp1mKM4kULV1W+EBtCPk6LmKWl2REivaYfGRl+AWo=", "ref": "refs/heads/main", - "rev": "3a41bf32a78550f7373b51d39c07a4bb91bb9f2e", - "revCount": 16702, + "rev": "64e33a7e09a0d1faacf2fd3f6ebd647fe4d8346a", + "revCount": 17329, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -710,11 +710,11 @@ ] }, "locked": { - "lastModified": 1738009885, - "narHash": "sha256-zPch36LSTs8dZJZlIiufXuY7wut06xp4CMdf/oqXoq0=", + "lastModified": 1738176840, + "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", "ref": "refs/heads/main", - "rev": "cf43eeb6b376cc36f70b0632bc39dc949b9f3b59", - "revCount": 132, + "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", + "revCount": 133, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737961005, - "narHash": "sha256-b4hqJNgyx8lnngz7NFcJ1W+59xQnMQYF0EK5g0IOy7c=", + "lastModified": 1738156024, + "narHash": "sha256-D3cox2cbtFauXz1skDTkJwSU0272wY6wRwiFNm5TV/c=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "e98ae62893568dd31e7a7e4e75e1dbbf23f759a0", + "rev": "541920ede8b5d48f110c94d858a1ddf283eac3b9", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737956052, - "narHash": "sha256-Gr+tkCSuhQ5NT04hv/PoHExCgbuqRA/GZQv+le40LNY=", + "lastModified": 1738148186, + "narHash": "sha256-Yd2xKbZ8S4LC5sxPleuutlX0RbKnI93LhciVhneNBHQ=", "owner": "YaLTeR", "repo": "niri", - "rev": "9b4d73f13a6906537faf01b5c5e5e2fee9dd602e", + "rev": "1d3820a064f1f3b686eb6e8a1aab155681a96457", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1738090407, - "narHash": "sha256-X6BvM495ef4Rk+7WFhvYFwJoKteQYgvSaRERLGofZ+s=", + "lastModified": 1738178544, + "narHash": "sha256-UbM+zJFlze877N5j2YMLKYFX7t05VvmuNX2M0vJ7RfI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2c00621e9692affa61da62f82e76648c5a07e6a0", + "rev": "975ac0ab33ee7fea64842047a96f5d679d90913c", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1738106190, - "narHash": "sha256-woDlUpfK4n1znQfGREKDLMVOQ4JZo7L6YY/sTPZGw0g=", + "lastModified": 1738184667, + "narHash": "sha256-+pG3UJVAdVCF3nGRpy5n/tbCzGa64DCWOC8hAxnssD0=", "owner": "nix-community", "repo": "nixvim", - "rev": "eeafe2a7153197982ccd6ad6678192bca1df446e", + "rev": "2f5374c3dcd06c750c36798bce6bccdf8a25bc89", "type": "github" }, "original": { From 4f015ecb455827a787003302ab3a785f2f6b8bd4 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 29 Jan 2025 21:48:31 -0500 Subject: [PATCH 187/410] vscode: overlay github codespaces extension Signed-off-by: cy --- home/vscode.nix | 6 ++++-- overlay/default.nix | 1 + overlay/vscode.nix | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 overlay/vscode.nix diff --git a/home/vscode.nix b/home/vscode.nix index 0c1bf95..214a060 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -11,6 +11,7 @@ jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme + github.codespaces ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; @@ -18,10 +19,10 @@ "nix.enableLanguageServer" = true; "nix.serverPath" = "nixd"; "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 15; + "editor.fontSize" = 16; "editor.wordWrap" = "on"; - # vim mode + # vim mode settings "vim.handleKeys" = { "" = false; # file tree toggle }; @@ -32,6 +33,7 @@ "silent" = true; } ]; + "workbench.startupEditor" = "none"; }; }; } diff --git a/overlay/default.nix b/overlay/default.nix index 99fc17b..5b6a9a8 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,6 +2,7 @@ let overlays = [ ./conduwuit ./attic + ./vscode.nix ]; importedOverlays = map (m: import m) overlays; in diff --git a/overlay/vscode.nix b/overlay/vscode.nix new file mode 100644 index 0000000..4de2d90 --- /dev/null +++ b/overlay/vscode.nix @@ -0,0 +1,14 @@ +final: prev: { + vscode-extensions = prev.vscode-extensions // { + github = prev.vscode-extensions.github // { + codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { + mktplcRef = { + publisher = "github"; + name = "codespaces"; + version = "1.17.3"; + hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; + }; + }; + }; + }; +} From 4e0c1fbbb4e2ee46580e2ce7ac07380e541e2aff Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 30 Jan 2025 12:33:03 -0500 Subject: [PATCH 188/410] caddy: use acme_dns for wildcard TLS to work use cloudflare dns plugin to update zone --- modules/caddy.nix | 13 +++++++++++++ secrets/services/caddy.yaml | 8 ++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index 6d38b01..03d7a4a 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let @@ -14,6 +15,14 @@ in config = lib.mkIf cfg.enable { services.caddy = { enable = true; + package = pkgs.caddy.withPlugins { + plugins = [ + # error message will tell you the correct version tag to use + # (still need the @ to pass nix config check) + "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" + ]; + hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; extraConfig = '' @@ -22,6 +31,10 @@ in header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" } ''; + globalConfig = '' + acme_dns cloudflare {$CLOUDFLARE_KEY} + ''; + environmentFile = config.sops.secrets."caddy/env".path; }; }; } diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 9fea4c0..2ff8b4c 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] + env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:37Z" - mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] + lastmodified: "2025-01-30T17:26:39Z" + mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 From d0ba9ca90b2c5447e018145c3427f221ebfd24fe Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 30 Jan 2025 12:35:19 -0500 Subject: [PATCH 189/410] make garage better Signed-off-by: cy --- hosts/chunk/default.nix | 2 -- hosts/chunk/garage.nix | 27 +++++++++++++++++++++++---- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 577e9b5..e149526 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,6 +1,4 @@ { - config, - lib, pkgs, ... }: diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 75730a1..a6f39dd 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -8,6 +8,12 @@ s3_api = { s3_region = "earth"; api_bind_addr = "[::]:3900"; + root_domain = ".s3.cy7.sh"; + }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.s3.cy7.sh"; + index = "index.html"; }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; @@ -17,8 +23,21 @@ environmentFile = config.sops.secrets."garage/env".path; }; - services.caddy.virtualHosts."s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3900 - ''; + services.caddy.virtualHosts = { + "s3.cy7.sh" = { + serverAliases = [ "*.s3.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3900 + ''; + }; + "*.web.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; + "admin.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3903 + ''; + }; } From 30c82dcb4f92f028437e4645d0f40226d329eff5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 30 Jan 2025 12:47:19 -0500 Subject: [PATCH 190/410] add sccache, some vscode changes, use kitten ssh --- .sops.yaml | 5 +++++ home/kitty.nix | 2 ++ home/niri/default.nix | 1 + home/vscode.nix | 3 ++- home/yt/ytnix.nix | 17 +++++++++++++++++ hosts/ytnix/default.nix | 8 ++++++++ secrets/yt/aws.yaml | 32 ++++++++++++++++++++++++++++++++ 7 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 secrets/yt/aws.yaml diff --git a/.sops.yaml b/.sops.yaml index 810c6cb..e067ba9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -108,3 +108,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/yt/(.*).yaml$ + key_groups: + - age: + - *yt + - *cy \ No newline at end of file diff --git a/home/kitty.nix b/home/kitty.nix index 7134390..da676cb 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -67,4 +67,6 @@ "kitty_mod+o>l" = "kitten hints --type linenum"; }; }; + + programs.zsh.shellAliases."ssh" = "kitten ssh"; } diff --git a/home/niri/default.nix b/home/niri/default.nix index 67720cb..f1c8172 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -102,6 +102,7 @@ in { app-id = "com.mitchellh.ghostt"; } { app-id = "org.kde.okular"; } { app-id = "kitty"; } + { app-id = "VSCodium"; } ]; default-column-width.proportion = .5; } diff --git a/home/vscode.nix b/home/vscode.nix index 214a060..2680ffe 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -11,7 +11,8 @@ jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme - github.codespaces + github.copilot + rust-lang.rust-analyzer ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e0ed53c..c047e8f 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -1,5 +1,6 @@ { pkgs, + lib, ... }: { @@ -108,6 +109,8 @@ hugo ghidra sequoia + sccache + awscli2 ]; programs.waybar.enable = true; @@ -164,5 +167,19 @@ home.sessionVariables = { # to make ghidra work on xwayland _JAVA_AWT_WM_NONREPARENTING = 1; + + # sccache stuff + RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; + SCCACHE_BUCKET = "sccache"; + SCCACHE_REGION = "earth"; + SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; + SCCACHE_ALLOW_CORE_DUMPS = "true"; + SCCACHE_S3_USE_SSL = "true"; + SCCACHE_CACHE_MULTIARCH = "true"; + SCCACHE_LOG_LEVEL = "warn"; + AWS_DEFAULT_REGION = "earth"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; + AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 6192e43..0bb554d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -36,6 +36,14 @@ "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; + "aws/key_id" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; + "aws/key_secret" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; }; boot = { diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml new file mode 100644 index 0000000..95bdf7a --- /dev/null +++ b/secrets/yt/aws.yaml @@ -0,0 +1,32 @@ +aws: + key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str] + key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT + T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL + dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R + azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO + HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu + dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv + Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0 + UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe + j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-30T17:45:09Z" + mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 From 1c449848e29aa5c8c0fd6241bc82d530fe9e0007 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 31 Jan 2025 14:27:16 -0500 Subject: [PATCH 191/410] overlay cutter Signed-off-by: cy --- flake.lock | 17 +++++++++++++++++ flake.nix | 8 ++++++-- home/yt/ytnix.nix | 4 ++-- home/zsh/default.nix | 4 ++-- hosts/ytnix/default.nix | 2 ++ 5 files changed, 29 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6646c08..7bd5e59 100644 --- a/flake.lock +++ b/flake.lock @@ -915,6 +915,22 @@ "type": "github" } }, + "nixpkgs-cutter": { + "locked": { + "lastModified": 1738351607, + "narHash": "sha256-jJ9u1dLnhGeAeQdmziihaka33zEwBOIKmlB6YbFcIjs=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "940b291c7c6ad8e999cb34d8d5de7913f6776c26", + "type": "github" + }, + "original": { + "owner": "cything", + "ref": "cutter-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-garage": { "locked": { "lastModified": 1736921030, @@ -1208,6 +1224,7 @@ "lix-module": "lix-module", "niri": "niri", "nixpkgs": "nixpkgs_5", + "nixpkgs-cutter": "nixpkgs-cutter", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", diff --git a/flake.nix b/flake.nix index 0f4e96a..9bf1fff 100644 --- a/flake.nix +++ b/flake.nix @@ -70,6 +70,7 @@ }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR + nixpkgs-cutter.url = "github:cything/nixpkgs/cutter-unstable"; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -136,7 +137,7 @@ settings.global.excludes = [ "secrets/*" - "**/*.png" # tries to format a png file?? + "**/*.png" # tries to format a png file ]; }; }; @@ -149,6 +150,9 @@ overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default + (final: prev: { + cutter = inputs.nixpkgs-cutter.legacyPackages.${prev.system}.cutter; + }) ] ++ import ./overlay; }; in @@ -169,7 +173,7 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri - inputs.lix-module.nixosModules.default # broken + inputs.lix-module.nixosModules.default ]; }; chunk = lib.nixosSystem { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c047e8f..0aa8b30 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -111,6 +111,8 @@ sequoia sccache awscli2 + lldb + (cutter.withPlugins (plugins: [ plugins.rz-ghidra ])) ]; programs.waybar.enable = true; @@ -148,8 +150,6 @@ ''; }; - services.gnome-keyring.enable = true; - programs.direnv = { enable = true; nix-direnv.enable = true; diff --git a/home/zsh/default.nix b/home/zsh/default.nix index eb920d5..52fd38a 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -89,8 +89,8 @@ "ga" = "git add"; "gaa" = "git add --all"; "gb" = "git branch"; - "gc" = "git commit --verbose -s"; - "gcmsg" = "git commit -s --message"; + "gc" = "git commit --verbose"; + "gcmsg" = "git commit --message"; "gd" = "git diff"; "gdca" = "git diff --cached"; "gds" = "git diff --staged"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 0bb554d..ecc2d7e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -282,6 +282,8 @@ xdg.portal = { enable = true; wlr.enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; }; programs.obs-studio = { From a31dbdaf0f02a93e781d5082ffebd110512c117f Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 31 Jan 2025 21:55:47 -0500 Subject: [PATCH 192/410] don't overlay cutter Signed-off-by: cy --- flake.lock | 17 ----------------- flake.nix | 4 ---- home/yt/ytnix.nix | 2 +- 3 files changed, 1 insertion(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 7bd5e59..6646c08 100644 --- a/flake.lock +++ b/flake.lock @@ -915,22 +915,6 @@ "type": "github" } }, - "nixpkgs-cutter": { - "locked": { - "lastModified": 1738351607, - "narHash": "sha256-jJ9u1dLnhGeAeQdmziihaka33zEwBOIKmlB6YbFcIjs=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "940b291c7c6ad8e999cb34d8d5de7913f6776c26", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "cutter-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-garage": { "locked": { "lastModified": 1736921030, @@ -1224,7 +1208,6 @@ "lix-module": "lix-module", "niri": "niri", "nixpkgs": "nixpkgs_5", - "nixpkgs-cutter": "nixpkgs-cutter", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", diff --git a/flake.nix b/flake.nix index 9bf1fff..38609a5 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,6 @@ }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR - nixpkgs-cutter.url = "github:cything/nixpkgs/cutter-unstable"; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -150,9 +149,6 @@ overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default - (final: prev: { - cutter = inputs.nixpkgs-cutter.legacyPackages.${prev.system}.cutter; - }) ] ++ import ./overlay; }; in diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 0aa8b30..c72ead1 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -112,7 +112,7 @@ sccache awscli2 lldb - (cutter.withPlugins (plugins: [ plugins.rz-ghidra ])) + (cutter.withPlugins (plugins: with plugins; [ rz-ghidra jsdec sigdb ])) ]; programs.waybar.enable = true; From 95ff04af253818ac633a7e32860fa920437f620c Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 31 Jan 2025 23:44:15 -0500 Subject: [PATCH 193/410] nix-ld to make binaryninja work --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 5 +++++ hosts/ytnix/default.nix | 39 ++++++++++++++++++++++++++++++++++++++- 3 files changed, 64 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 6646c08..7b3064c 100644 --- a/flake.lock +++ b/flake.lock @@ -883,6 +883,26 @@ "type": "github" } }, + "nix-ld": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737361468, + "narHash": "sha256-+CtIrQZ22MOAOHcpg1zbhX/fVkmEc8A8lYVpXAbXElQ=", + "owner": "nix-community", + "repo": "nix-ld", + "rev": "7f15f8622b63b907fef137689f4528a9447d9377", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-ld", + "type": "github" + } + }, "nix2container": { "flake": false, "locked": { @@ -1207,6 +1227,7 @@ "lix": "lix", "lix-module": "lix-module", "niri": "niri", + "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index 38609a5..66dad85 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,10 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-compat.follows = "flake-compat"; }; + nix-ld = { + url = "github:nix-community/nix-ld"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -170,6 +174,7 @@ inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld ]; }; chunk = lib.nixosSystem { diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ecc2d7e..b748be0 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -276,7 +276,44 @@ programs.virt-manager.enable = true; services.usbmuxd.enable = true; - programs.nix-ld.enable = true; + programs.nix-ld.dev = { + enable = true; + # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ + libraries = with pkgs; [ + mesa + extest + stdenv.cc.cc + libGL + fontconfig + libxkbcommon + zlib + libxml2 + dbus + freetype + egl-wayland + waylandpp + cairo + xcb-util-cursor + xorg.libX11 + xorg.libxcb + xorg.xcbutilwm + xorg.xcbutilimage + xorg.xcbutilkeysyms + xorg.xcbutilrenderutil + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxkbfile + xorg.libxshmfence + ]; + }; programs.evolution.enable = true; xdg.portal = { From 3510da965738ac5570d011cc58e439a43fef8764 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Feb 2025 12:08:57 -0500 Subject: [PATCH 194/410] install ida-free --- home/yt/ytnix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c72ead1..0e43354 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -113,6 +113,7 @@ awscli2 lldb (cutter.withPlugins (plugins: with plugins; [ rz-ghidra jsdec sigdb ])) + ida-free ]; programs.waybar.enable = true; From 258cce19fbf7d46086a8b517cc2c8ad67c700a84 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Feb 2025 12:10:21 -0500 Subject: [PATCH 195/410] flake update Signed-off-by: cy --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 7b3064c..6b42d56 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1738178313, - "narHash": "sha256-/8TLf6LkXGRGERzcWMNDeXjYaHSbexmfV+ofheo7K6k=", + "lastModified": 1738428726, + "narHash": "sha256-OUoEgorFHBVnqQ2lITqs6MGN7MH4t/8hLEO29OKu6CM=", "owner": "nix-community", "repo": "home-manager", - "rev": "420a0d9506b5dac4d86a68b9ef8e763624ad86c6", + "rev": "dae6d3460c8bab3ac9f38a86affe45b32818e764", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1738174211, - "narHash": "sha256-eYmp1mKM4kULV1W+EBtCPk6LmKWl2REivaYfGRl+AWo=", + "lastModified": 1738341980, + "narHash": "sha256-xOpkKwNkpbK6lL/V48xIsONnk8PBzbf7D98EqqGpGGs=", "ref": "refs/heads/main", - "rev": "64e33a7e09a0d1faacf2fd3f6ebd647fe4d8346a", - "revCount": 17329, + "rev": "083c6de22cb306b0f1f7bd8e062ecdd72133e4e2", + "revCount": 17337, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1738156024, - "narHash": "sha256-D3cox2cbtFauXz1skDTkJwSU0272wY6wRwiFNm5TV/c=", + "lastModified": 1738410471, + "narHash": "sha256-j0XZIViI4ZEFwhrEzVKz696/4DZ9pRiWtGfxJogA+MM=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "541920ede8b5d48f110c94d858a1ddf283eac3b9", + "rev": "16f8e14385163479aca7231d8fab0091adac2e56", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1738148186, - "narHash": "sha256-Yd2xKbZ8S4LC5sxPleuutlX0RbKnI93LhciVhneNBHQ=", + "lastModified": 1738404307, + "narHash": "sha256-BFtfL5kZbIsDAMgbVP5E0HbqDapYWw4NBw1xS0AOCCc=", "owner": "YaLTeR", "repo": "niri", - "rev": "1d3820a064f1f3b686eb6e8a1aab155681a96457", + "rev": "32ad545f842f4c176548e30d183d10e0a2bab752", "type": "github" }, "original": { @@ -832,11 +832,11 @@ ] }, "locked": { - "lastModified": 1738033138, - "narHash": "sha256-qlIM8A3bdL9c6PexhpS+QyZLO9y/8a3V75HVyJgDE5Q=", + "lastModified": 1738277753, + "narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "349a74c66c596ef97ee97b4d80a3ca61227b6120", + "rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9", "type": "github" }, "original": { @@ -1065,11 +1065,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1738178544, - "narHash": "sha256-UbM+zJFlze877N5j2YMLKYFX7t05VvmuNX2M0vJ7RfI=", + "lastModified": 1738396600, + "narHash": "sha256-fWpw3MUUidq+GzuQdgpZwk4Vh4MF6MN2HEyyT2PguGI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "975ac0ab33ee7fea64842047a96f5d679d90913c", + "rev": "6eec6bbb933a6dad6cf6afe3d51329f31d22e974", "type": "github" }, "original": { @@ -1102,11 +1102,11 @@ ] }, "locked": { - "lastModified": 1738184667, - "narHash": "sha256-+pG3UJVAdVCF3nGRpy5n/tbCzGa64DCWOC8hAxnssD0=", + "lastModified": 1738428106, + "narHash": "sha256-HpuE7jQnyOXJStEoP2AAsOTTqsdudn6xV1o+EbV8ssc=", "owner": "nix-community", "repo": "nixvim", - "rev": "2f5374c3dcd06c750c36798bce6bccdf8a25bc89", + "rev": "8f8f50243ea803304b1bd04aa56bd736fe2c28eb", "type": "github" }, "original": { @@ -1261,11 +1261,11 @@ ] }, "locked": { - "lastModified": 1738117527, - "narHash": "sha256-GFviGfaezjGLFUlxdv3zyC7rSZvTXqwcG/YsF6MDkOw=", + "lastModified": 1738376888, + "narHash": "sha256-S6ErHxkSm0iA7ZMsjjDaASWxbELYcdfv8BhOkkj1rHw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6a3dc6ce4132bd57359214d986db376f2333c14d", + "rev": "83284068670d5ae4a43641c4afb150f3446be70d", "type": "github" }, "original": { @@ -1281,11 +1281,11 @@ ] }, "locked": { - "lastModified": 1737411508, - "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", + "lastModified": 1738291974, + "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", "owner": "Mic92", "repo": "sops-nix", - "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", + "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", "type": "github" }, "original": { From 81e06a0513922790f1c6e36405f7c3981e5f79e3 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Feb 2025 22:36:56 -0500 Subject: [PATCH 196/410] install plasma and use plasma-manager to configure --- flake.lock | 24 ++++++++++++++++++++++++ flake.nix | 6 ++++++ home/plasma.nix | 25 +++++++++++++++++++++++++ home/yt/ytnix.nix | 2 ++ hosts/ytnix/default.nix | 15 +++++++++++++++ 5 files changed, 72 insertions(+) create mode 100644 home/plasma.nix diff --git a/flake.lock b/flake.lock index 6b42d56..55872fd 100644 --- a/flake.lock +++ b/flake.lock @@ -1154,6 +1154,29 @@ "type": "github" } }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736549395, + "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, "pre-commit-hooks": { "flake": false, "locked": { @@ -1232,6 +1255,7 @@ "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", + "plasma-manager": "plasma-manager", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt" diff --git a/flake.nix b/flake.nix index 66dad85..cb60dbb 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,11 @@ url = "github:nix-community/nix-ld"; inputs.nixpkgs.follows = "nixpkgs"; }; + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR @@ -218,6 +223,7 @@ ./home/yt/ytnix.nix inputs.nixvim.homeManagerModules.nixvim inputs.niri.homeModules.config + inputs.plasma-manager.homeManagerModules.plasma-manager ]; }; diff --git a/home/plasma.nix b/home/plasma.nix new file mode 100644 index 0000000..077b530 --- /dev/null +++ b/home/plasma.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + programs.plasma = { + enable = true; + workspace = { + lookAndFeel = "org.ide.breezedark.desktop"; + cursor = { + theme = "Bibata-Modern-Classic"; + size = 32; + }; + }; + + fonts = { + general = { + family = "IBM Plex Mono"; + pointSize = 12; + }; + }; + + input.keyboard = { + numlockOnStartup = "on"; + options = [ "ctrl:nocaps" ]; + }; + }; +} diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 0e43354..4a8b31e 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -11,6 +11,7 @@ ../irssi.nix ../kitty.nix ../vscode.nix + ../plasma.nix ]; home = { username = "yt"; @@ -114,6 +115,7 @@ lldb (cutter.withPlugins (plugins: with plugins; [ rz-ghidra jsdec sigdb ])) ida-free + patchelf ]; programs.waybar.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b748be0..e0d7c1d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -174,6 +174,8 @@ haskell-language-server ghc sbctl # secure boot + wine-wayland + wine64 ]; environment.sessionVariables = { @@ -187,6 +189,12 @@ services.displayManager = { enable = true; autoLogin.user = "yt"; + defaultSession = "plasma"; + sddm = { + enable = true; + wayland.enable = true; + autoNumlock = true; + }; }; fonts.packages = with pkgs; [ @@ -294,6 +302,8 @@ waylandpp cairo xcb-util-cursor + libplist + p11-kit xorg.libX11 xorg.libxcb xorg.xcbutilwm @@ -377,4 +387,9 @@ startAgent = true; enableAskPassword = true; }; + + services.desktopManager.plasma6 = { + enable = true; + enableQt5Integration = true; + }; } From b131f134bc9f35d2bc3286704176331bf2fb6372 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Feb 2025 23:40:16 -0500 Subject: [PATCH 197/410] add kwin bindings and fix stuff --- home/plasma.nix | 44 +++++++++++++++++++++++++++++++++++++++++++- home/yt/ytnix.nix | 14 ++++++++------ 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/home/plasma.nix b/home/plasma.nix index 077b530..3d919d3 100644 --- a/home/plasma.nix +++ b/home/plasma.nix @@ -2,11 +2,13 @@ { programs.plasma = { enable = true; + overrideConfig = true; + immutableByDefault = true; workspace = { lookAndFeel = "org.ide.breezedark.desktop"; cursor = { theme = "Bibata-Modern-Classic"; - size = 32; + size = 23; }; }; @@ -21,5 +23,45 @@ numlockOnStartup = "on"; options = [ "ctrl:nocaps" ]; }; + + # Meta key is actually the Super key in KDE + + hotkeys.commands = { + "launch-terminal" = { + name = "launch terminal"; + key = "Meta+Return"; + command = "kitty"; + }; + }; + + shortcuts = { + kwin = { + "Switch Window Down" = "Meta+J"; + "Switch Window Left" = "Meta+H"; + "Switch Window Right" = "Meta+L"; + "Switch Window Up" = "Meta+K"; + "Window Quick Tile Down" = "Meta+Shift+J"; + "Window Quick Tile Left" = "Meta+Shift+H"; + "Window Quick Tile Right" = "Meta+Shift+L"; + "Window Quick Tile Up" = "Meta+Shift+K"; + "Window Close" = "Meta+Ctrl+Q"; + "Window Maximize" = "Meta+W"; + "Window Minimize" = "Meta+Shift+-"; + "Window Fullscreen" = "Meta+F"; + "Window Shrink Horizontal" = "Meta+-"; + }; + + ksmserver = { + "Lock Session" = [ + "Screensaver" + "Meta+Ctrl+L" + ]; + }; + }; + + configFile = { + # save RAM + baloofilerc."Basic Settings"."Indexing-Enabled" = false; + }; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 4a8b31e..f409021 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -22,12 +22,14 @@ systemd.user.startServices = "sd-switch"; - qt = { - enable = true; - platformTheme.name = "kde"; - style.name = "breeze-dark"; - style.package = pkgs.kdePackages.breeze; - }; + # keep this commented when using plasma + # otherwise "system settings" in KDE will not function + # qt = { + # enable = true; + # platformTheme.name = "kde"; + # style.name = "breeze-dark"; + # style.package = pkgs.kdePackages.breeze; + # }; gtk = { enable = true; From c9d700390cf37a9f2acfd8ef1d2b298ee9ec3eda Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 2 Feb 2025 10:52:53 -0500 Subject: [PATCH 198/410] manually redirect renamed repo --- hosts/chunk/forgejo.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 26fb541..0abc681 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -33,6 +33,10 @@ services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' import common + + # renamed repo + uri replace /cy/infra /cy/nixos-config + reverse_proxy localhost:3000 ''; services.caddy.virtualHosts."git.cything.io".extraConfig = '' From 11fb3de60c14f06d0834c535a38b1cd16a50779e Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 2 Feb 2025 15:25:04 -0500 Subject: [PATCH 199/410] some more plasma config --- home/plasma.nix | 13 +++++++++++++ hosts/ytnix/default.nix | 3 +++ 2 files changed, 16 insertions(+) diff --git a/home/plasma.nix b/home/plasma.nix index 3d919d3..facdad1 100644 --- a/home/plasma.nix +++ b/home/plasma.nix @@ -32,6 +32,11 @@ key = "Meta+Return"; command = "kitty"; }; + "launch-browser" = { + name = "launch browser"; + key = "Meta+B"; + command = "librewolf"; + }; }; shortcuts = { @@ -63,5 +68,13 @@ # save RAM baloofilerc."Basic Settings"."Indexing-Enabled" = false; }; + + # looks like KDE overrides services.logind settings + powerdevil.AC = { + whenLaptopLidClosed = "hibernate"; + }; + powerdevil.battery = { + whenLaptopLidClosed = "hibernate"; + }; }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index e0d7c1d..bd175eb 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -304,6 +304,9 @@ xcb-util-cursor libplist p11-kit + kdePackages.qtwayland + qt6.qtwayland + libsForQt5.qt5.qtwayland xorg.libX11 xorg.libxcb xorg.xcbutilwm From 78f94a64297c35a92d71fb7161713789d16d9baa Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 2 Feb 2025 15:26:01 -0500 Subject: [PATCH 200/410] flake update Signed-off-by: cy --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 55872fd..df9e697 100644 --- a/flake.lock +++ b/flake.lock @@ -369,11 +369,11 @@ ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1738428726, - "narHash": "sha256-OUoEgorFHBVnqQ2lITqs6MGN7MH4t/8hLEO29OKu6CM=", + "lastModified": 1738448366, + "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", "owner": "nix-community", "repo": "home-manager", - "rev": "dae6d3460c8bab3ac9f38a86affe45b32818e764", + "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1738341980, - "narHash": "sha256-xOpkKwNkpbK6lL/V48xIsONnk8PBzbf7D98EqqGpGGs=", + "lastModified": 1738446528, + "narHash": "sha256-NYL/r7EXSyYP7nXuYGvGYMI9QtztGjVaKKofBt/pCv8=", "ref": "refs/heads/main", - "rev": "083c6de22cb306b0f1f7bd8e062ecdd72133e4e2", - "revCount": 17337, + "rev": "a51380645f61b33d37a536b596d16c481f7b84a6", + "revCount": 17342, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1738410471, - "narHash": "sha256-j0XZIViI4ZEFwhrEzVKz696/4DZ9pRiWtGfxJogA+MM=", + "lastModified": 1738502867, + "narHash": "sha256-92cVHcxV7j00BquLo5I4G8EwKzrq2AlHuD3AQV9r+T8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "16f8e14385163479aca7231d8fab0091adac2e56", + "rev": "cf0be7affb15e21727d137c029146fe7df2bc6d0", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1738404307, - "narHash": "sha256-BFtfL5kZbIsDAMgbVP5E0HbqDapYWw4NBw1xS0AOCCc=", + "lastModified": 1738479340, + "narHash": "sha256-sutel7RKfu9eIJsjswSzptCIvKELbXQCSldt0PtwSd0=", "owner": "YaLTeR", "repo": "niri", - "rev": "32ad545f842f4c176548e30d183d10e0a2bab752", + "rev": "d5592743cb04cef3fe50c987b7ba9349c5090dbd", "type": "github" }, "original": { @@ -1065,11 +1065,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1738396600, - "narHash": "sha256-fWpw3MUUidq+GzuQdgpZwk4Vh4MF6MN2HEyyT2PguGI=", + "lastModified": 1738487426, + "narHash": "sha256-hnB0V0R/aKASnTBeTthFvW60uydv1xswWD4weqSuSfg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6eec6bbb933a6dad6cf6afe3d51329f31d22e974", + "rev": "8ed1fafea6a613d962f6a84c1153d34dc8b06d83", "type": "github" }, "original": { @@ -1102,11 +1102,11 @@ ] }, "locked": { - "lastModified": 1738428106, - "narHash": "sha256-HpuE7jQnyOXJStEoP2AAsOTTqsdudn6xV1o+EbV8ssc=", + "lastModified": 1738517265, + "narHash": "sha256-ZzulGUIHZhvcSHx+1ucCJkIcn27r9H+cSzCCpKxJcls=", "owner": "nix-community", "repo": "nixvim", - "rev": "8f8f50243ea803304b1bd04aa56bd736fe2c28eb", + "rev": "56d0c4579e022b44a3e324f722fa23a6f4295798", "type": "github" }, "original": { @@ -1125,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1737924095, - "narHash": "sha256-9RO/IlxiE7bpY7GYsdDMNB533PnDOBo9UvYyXXqlN4c=", + "lastModified": 1738445998, + "narHash": "sha256-wF2ZcRKF37re161jrXtNyjGMBDsIFtPeDvmIVfp8f7w=", "owner": "NuschtOS", "repo": "search", - "rev": "5efc9c966bb9bdad07a3c28667eac38b758c6f18", + "rev": "381d84a7422a4dbfef6a9c7703dbaf42036ae1c3", "type": "github" }, "original": { @@ -1285,11 +1285,11 @@ ] }, "locked": { - "lastModified": 1738376888, - "narHash": "sha256-S6ErHxkSm0iA7ZMsjjDaASWxbELYcdfv8BhOkkj1rHw=", + "lastModified": 1738463259, + "narHash": "sha256-+5QJpiRpkh1ALvKcMEpPyGwkPZfaynsYF4SFdNW5UfQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "83284068670d5ae4a43641c4afb150f3446be70d", + "rev": "e2bb8c205a069514535f083742c7da8dfb6e02b9", "type": "github" }, "original": { From 0029f8f82218e05ff179983cd642dd4509b39b62 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 2 Feb 2025 16:09:55 -0500 Subject: [PATCH 201/410] comment out gtk config --- home/yt/ytnix.nix | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index f409021..797e9d7 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -31,17 +31,18 @@ # style.package = pkgs.kdePackages.breeze; # }; - gtk = { - enable = true; - theme = { - package = pkgs.adw-gtk3; - name = "adw-gtk3-dark"; - }; - iconTheme = { - package = pkgs.adwaita-icon-theme; - name = "Adwaita"; - }; - }; + # this one too + # gtk = { + # enable = true; + # theme = { + # package = pkgs.adw-gtk3; + # name = "adw-gtk3-dark"; + # }; + # iconTheme = { + # package = pkgs.adwaita-icon-theme; + # name = "Adwaita"; + # }; + # }; home.pointerCursor = { package = pkgs.bibata-cursors; From df2f9668f1f2d7e440eea51b3a5f702d6b24a333 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 4 Feb 2025 10:11:36 -0500 Subject: [PATCH 202/410] use ghidra-bin cause debugger works --- home/yt/ytnix.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 797e9d7..2aa25ae 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -111,14 +111,19 @@ nixpkgs-review just hugo - ghidra + ghidra-bin sequoia sccache awscli2 lldb - (cutter.withPlugins (plugins: with plugins; [ rz-ghidra jsdec sigdb ])) + (cutter.withPlugins (p: with p; [ + rz-ghidra + jsdec + sigdb + ])) ida-free patchelf + radare2 ]; programs.waybar.enable = true; From 579a3ada7725f9906d2afb7b4493391576fd6641 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 5 Feb 2025 14:08:14 -0500 Subject: [PATCH 203/410] bring cything.io to chunk --- home/yt/ytnix.nix | 1 + hosts/chunk/conduwuit.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 2aa25ae..748ba3b 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -124,6 +124,7 @@ ida-free patchelf radare2 + p7zip ]; programs.waybar.enable = true; diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 8aa8998..99d3958 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -15,4 +15,21 @@ import common reverse_proxy localhost:8448 ''; + + services.caddy.virtualHosts."cything.io" = { + serverAliases = [ "www.cything.io" ]; + extraConfig = '' + import common + + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD + header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept + route { + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + redir https://cy7.sh/posts{uri} permanent + } + ''; + }; } From b219d4d5de9fe739dc178856d73faaa3dd3b6669 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 5 Feb 2025 14:12:59 -0500 Subject: [PATCH 204/410] ytnix: downgrade kernel to 6.12 https://github.com/tomaspinho/rtl8821ce/issues/356 --- hosts/ytnix/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index bd175eb..b92493c 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -53,7 +53,8 @@ efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxKernel.packages.linux_zen; + # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed + kernelPackages = pkgs.linuxKernel.packages.linux_6_12; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; From 9d71fdb81f15f10846c6f7dfe65e21c4d43ddee4 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 5 Feb 2025 14:22:11 -0500 Subject: [PATCH 205/410] flake update Signed-off-by: cy --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index df9e697..f84748e 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1738132650, - "narHash": "sha256-ryebu2VoopIpr5+DuHIs2/x60u+3EzRJexYRWVJn2AE=", + "lastModified": 1738740720, + "narHash": "sha256-rE0+UOEfFEGzjjIFdfs1Q4MR/UjVh8Dy6T137Z+ySgo=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "eb7d893c8675f955fa770c8ae6f1c32a2394284c", + "rev": "fda8b3680986dc8e038d51b93f7d36bf5c991ef6", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1737689766, - "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", + "lastModified": 1738652123, + "narHash": "sha256-zdZek5FXK/k95J0vnLF0AMnYuZl4AjARq83blKuJBYY=", "owner": "ipetkov", "repo": "crane", - "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", + "rev": "c7e015a5fcefb070778c7d91734768680188a9cd", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1738448366, - "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", + "lastModified": 1738753876, + "narHash": "sha256-yXT82kERWL4R81hfun9BuT478Q6ut0dJzdQjAxjRS38=", "owner": "nix-community", "repo": "home-manager", - "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", + "rev": "f20b7a8ab527a2482f13754dc00b2deaddc34599", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1738446528, - "narHash": "sha256-NYL/r7EXSyYP7nXuYGvGYMI9QtztGjVaKKofBt/pCv8=", + "lastModified": 1738690832, + "narHash": "sha256-gHJkxfk4ePMx5lhcF12r28lX6WdaH+a4y6GZhlaRQ1I=", "ref": "refs/heads/main", - "rev": "a51380645f61b33d37a536b596d16c481f7b84a6", - "revCount": 17342, + "rev": "8553adbb414167d969ba720cae02ab0694f38bd4", + "revCount": 17359, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1738502867, - "narHash": "sha256-92cVHcxV7j00BquLo5I4G8EwKzrq2AlHuD3AQV9r+T8=", + "lastModified": 1738770770, + "narHash": "sha256-nfapp7C4BbdvHTRA1HSRVYjD5Fk2FCKoyxQLzcL5X50=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "cf0be7affb15e21727d137c029146fe7df2bc6d0", + "rev": "83abbde7c8164ee4b42a8647e4e61015c3f45816", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1738479340, - "narHash": "sha256-sutel7RKfu9eIJsjswSzptCIvKELbXQCSldt0PtwSd0=", + "lastModified": 1738768006, + "narHash": "sha256-56jDYr/vqX4fobMJO2nWLjih03i6UV5bKtxI0nR4ZZA=", "owner": "YaLTeR", "repo": "niri", - "rev": "d5592743cb04cef3fe50c987b7ba9349c5090dbd", + "rev": "690d6355057ebeba03cbd8ce4905145b834c72f8", "type": "github" }, "original": { @@ -832,11 +832,11 @@ ] }, "locked": { - "lastModified": 1738277753, - "narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=", + "lastModified": 1738743987, + "narHash": "sha256-O3bnAfsObto6l2tQOmQlrO6Z2kD6yKwOWfs7pA0CpOc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9", + "rev": "ae406c04577ff9a64087018c79b4fdc02468c87c", "type": "github" }, "original": { @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1737361468, - "narHash": "sha256-+CtIrQZ22MOAOHcpg1zbhX/fVkmEc8A8lYVpXAbXElQ=", + "lastModified": 1738573732, + "narHash": "sha256-cyUaLyn9oQp/ArxVnpyajKXFQhe+xxGCEvscAOt2Kco=", "owner": "nix-community", "repo": "nix-ld", - "rev": "7f15f8622b63b907fef137689f4528a9447d9377", + "rev": "8fed868d17954b09421d2456afccc2e7afdee96f", "type": "github" }, "original": { @@ -1065,11 +1065,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1738487426, - "narHash": "sha256-hnB0V0R/aKASnTBeTthFvW60uydv1xswWD4weqSuSfg=", + "lastModified": 1738758495, + "narHash": "sha256-CZ8T4vP3ag2hwkpSZjatxJb55ouszvmnWw09qxGW9TU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8ed1fafea6a613d962f6a84c1153d34dc8b06d83", + "rev": "ceaea203f3ae1787b1bd13f021f686391696fc5b", "type": "github" }, "original": { @@ -1102,11 +1102,11 @@ ] }, "locked": { - "lastModified": 1738517265, - "narHash": "sha256-ZzulGUIHZhvcSHx+1ucCJkIcn27r9H+cSzCCpKxJcls=", + "lastModified": 1738780056, + "narHash": "sha256-YFzhEMT77o//oQoUivd+huCj6f2L/LmrSfV75+6CCq8=", "owner": "nix-community", "repo": "nixvim", - "rev": "56d0c4579e022b44a3e324f722fa23a6f4295798", + "rev": "2061a9ad95ca320a2bca00de6a9e30dbc5f52d74", "type": "github" }, "original": { @@ -1125,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1738445998, - "narHash": "sha256-wF2ZcRKF37re161jrXtNyjGMBDsIFtPeDvmIVfp8f7w=", + "lastModified": 1738508923, + "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", "owner": "NuschtOS", "repo": "search", - "rev": "381d84a7422a4dbfef6a9c7703dbaf42036ae1c3", + "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", "type": "github" }, "original": { @@ -1285,11 +1285,11 @@ ] }, "locked": { - "lastModified": 1738463259, - "narHash": "sha256-+5QJpiRpkh1ALvKcMEpPyGwkPZfaynsYF4SFdNW5UfQ=", + "lastModified": 1738722444, + "narHash": "sha256-DHVyKCiIQVDqjYoVU2j7UaLNIlOnpB9sP1cPRNRpqvY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e2bb8c205a069514535f083742c7da8dfb6e02b9", + "rev": "347fb01821c3cd8d54e563d244a599c1e27a393d", "type": "github" }, "original": { @@ -1355,11 +1355,11 @@ ] }, "locked": { - "lastModified": 1738070913, - "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", + "lastModified": 1738680491, + "narHash": "sha256-8X7tR3kFGkE7WEF5EXVkt4apgaN85oHZdoTGutCFs6I=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", + "rev": "64dbb922d51a42c0ced6a7668ca008dded61c483", "type": "github" }, "original": { From 947941729c8c74a9ca81b23a2801c2d61cff45dd Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 5 Feb 2025 14:33:40 -0500 Subject: [PATCH 206/410] fix grafana domain --- hosts/chunk/grafana.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 007bcf1..ee5a382 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -7,7 +7,7 @@ http_port = 8088; enforce_domain = true; enable_gzip = true; - domain = "grafana.cything.io"; + domain = "grafana.cy7.sh"; }; settings.analytics.reporting_enabled = false; }; From ad02597200513478825bd7e94caa186c71bc302e Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 5 Feb 2025 14:44:24 -0500 Subject: [PATCH 207/410] rip titan --- justfile | 1 - 1 file changed, 1 deletion(-) diff --git a/justfile b/justfile index e113688..462d283 100644 --- a/justfile +++ b/justfile @@ -11,7 +11,6 @@ upgrade: git switch update sudo nixos-rebuild switch -L --flake . --use-substitutes nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes - nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes home-manager -L switch --flake . git switch main git merge update From 618a6b544fa61a7b790f60e2a6075ed944c865c4 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 7 Feb 2025 20:32:00 -0500 Subject: [PATCH 208/410] add tor, more qt libraries for nix-ld, add qbittorrent --- home/yt/ytnix.nix | 1 + hosts/chunk/default.nix | 1 + hosts/ytnix/default.nix | 4 +++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 748ba3b..f925b36 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -125,6 +125,7 @@ patchelf radare2 p7zip + qbittorrent ]; programs.waybar.enable = true; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index e149526..100486b 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -25,6 +25,7 @@ ./forgejo.nix ./garage.nix ./tailscale.nix + ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b92493c..80768b4 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -306,8 +306,10 @@ libplist p11-kit kdePackages.qtwayland + qt6.full qt6.qtwayland - libsForQt5.qt5.qtwayland + qt5.full + qt5.qtwayland xorg.libX11 xorg.libxcb xorg.xcbutilwm From a1c82ab6f3279cd91e1705e4dea367a981e3c1d4 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Feb 2025 01:30:04 -0500 Subject: [PATCH 209/410] add roundcube --- home/yt/ytnix.nix | 2 +- hosts/chunk/default.nix | 2 ++ modules/default.nix | 1 + modules/roundcube.nix | 48 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 modules/roundcube.nix diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index f925b36..9dccbd4 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -111,7 +111,7 @@ nixpkgs-review just hugo - ghidra-bin + ghidra sequoia sccache awscli2 diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 100486b..9577771 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -205,4 +205,6 @@ }; virtualisation.oci-containers.backend = "podman"; environment.enableAllTerminfo = true; + + my.roundcube.enable = true; } diff --git a/modules/default.nix b/modules/default.nix index 070a96e..810c2f4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -3,5 +3,6 @@ imports = [ ./backup.nix ./caddy.nix + ./roundcube.nix ]; } diff --git a/modules/roundcube.nix b/modules/roundcube.nix new file mode 100644 index 0000000..da0c035 --- /dev/null +++ b/modules/roundcube.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.roundcube; + fpm = config.services.phpfpm.pools.roundcube; + roundcube = config.services.roundcube; +in +{ + options.my.roundcube = { + enable = lib.mkEnableOption "roundcube webmail"; + }; + + config = lib.mkIf cfg.enable { + services.roundcube = { + enable = true; + configureNginx = false; + package = pkgs.roundcube.withPlugins (p: with p; [ + persistent_login + contextmenu + custom_from + thunderbird_labels + ]); + plugins = [ + "persistent_login" + "contextmenu" + "custom_from" + "thunderbird_labels" + ]; + dicts = with pkgs.aspellDicts; [ en ]; + extraConfig = '' + $config['imap_host'] = "ssl://imap.migadu.com:993"; + $config['smtp_host'] = "ssl://smtp.migadu.com:465"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + + services.phpfpm.pools.roundcube.settings = lib.mapAttrs (name: lib.mkForce) { + "listen.owner" = "caddy"; + "listen.group" = "caddy"; + }; + + services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' + import common + root ${roundcube.package} + php_fastcgi unix/${fpm.socket} + ''; + }; +} From 3f68b251334b0c710973a52e050484dedc6860c2 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Feb 2025 12:23:32 -0500 Subject: [PATCH 210/410] fix roundcube static files --- hosts/ytnix/default.nix | 1 + modules/roundcube.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 80768b4..270654d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -177,6 +177,7 @@ sbctl # secure boot wine-wayland wine64 + solaar ]; environment.sessionVariables = { diff --git a/modules/roundcube.nix b/modules/roundcube.nix index da0c035..3f2d8cc 100644 --- a/modules/roundcube.nix +++ b/modules/roundcube.nix @@ -43,6 +43,7 @@ in import common root ${roundcube.package} php_fastcgi unix/${fpm.socket} + file_server ''; }; } From 5e877bd3d04abcfcddf24d03e7f9002847fae24d Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 9 Feb 2025 14:32:46 -0500 Subject: [PATCH 211/410] don't overlay garage and add some stable packages --- flake.lock | 34 +++++++++++++++++----------------- flake.nix | 9 ++------- home/yt/ytnix.nix | 1 - overlay/default.nix | 17 ++++++++++++++++- 4 files changed, 35 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index f84748e..7b66a87 100644 --- a/flake.lock +++ b/flake.lock @@ -935,22 +935,6 @@ "type": "github" } }, - "nixpkgs-garage": { - "locked": { - "lastModified": 1736921030, - "narHash": "sha256-A7knAvBOwoM5X7oNdIOKvuXYtXJpuR4O8iKHIk8EwOI=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "97f27249297bf5fbc563014ae9d4884dee27f1e0", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "garage-module", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -1015,6 +999,22 @@ "type": "github" } }, + "nixpkgs-stable_4": { + "locked": { + "lastModified": 1738843498, + "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1730531603, @@ -1252,7 +1252,7 @@ "niri": "niri", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", - "nixpkgs-garage": "nixpkgs-garage", + "nixpkgs-stable": "nixpkgs-stable_4", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "plasma-manager": "plasma-manager", diff --git a/flake.nix b/flake.nix index cb60dbb..fabc87b 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -78,8 +79,6 @@ inputs.home-manager.follows = "home-manager"; }; - nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR - nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; flake = false; @@ -158,7 +157,7 @@ overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default - ] ++ import ./overlay; + ] ++ (import ./overlay { inherit inputs; }); }; in { @@ -187,14 +186,10 @@ modules = [ { nixpkgs = { inherit pkgs; }; - disabledModules = [ - "services/web-servers/garage.nix" - ]; } ./hosts/chunk inputs.sops-nix.nixosModules.sops ./modules - (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") ]; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9dccbd4..72a0bab 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -66,7 +66,6 @@ mpv yt-dlp signal-desktop - azure-cli pavucontrol btop grim diff --git a/overlay/default.nix b/overlay/default.nix index 5b6a9a8..896258b 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,4 +1,4 @@ -let +{ inputs }: let overlays = [ ./conduwuit ./attic @@ -7,3 +7,18 @@ let importedOverlays = map (m: import m) overlays; in importedOverlays +++ +[ + (final: prev: + let + pkgFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + stable = inputs.nixpkgs-stable; + in + { + bitwarden-cli = pkgFrom stable "bitwarden-cli"; + roundcube = pkgFrom stable "roundcube"; + lldb = pkgFrom stable "lldb"; + calibre = pkgFrom stable "calibre"; + } + ) +] From ee2baa3f1901bdfc0efb9cec2d1d97b2e68f3b50 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 9 Feb 2025 14:40:12 -0500 Subject: [PATCH 212/410] nix fmt --- .sops.yaml | 2 +- home/yt/ytnix.nix | 12 +++++++----- hosts/ytnix/default.nix | 5 ++++- modules/roundcube.nix | 21 ++++++++++++++------- overlay/default.nix | 9 +++++---- 5 files changed, 31 insertions(+), 18 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index e067ba9..0fd042a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -112,4 +112,4 @@ creation_rules: key_groups: - age: - *yt - - *cy \ No newline at end of file + - *cy diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 72a0bab..06cd741 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -115,11 +115,13 @@ sccache awscli2 lldb - (cutter.withPlugins (p: with p; [ - rz-ghidra - jsdec - sigdb - ])) + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) ida-free patchelf radare2 diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 270654d..a0f9d74 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -337,7 +337,10 @@ enable = true; wlr.enable = true; xdgOpenUsePortal = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; }; programs.obs-studio = { diff --git a/modules/roundcube.nix b/modules/roundcube.nix index 3f2d8cc..63b14c5 100644 --- a/modules/roundcube.nix +++ b/modules/roundcube.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.roundcube; fpm = config.services.phpfpm.pools.roundcube; @@ -13,12 +18,14 @@ in services.roundcube = { enable = true; configureNginx = false; - package = pkgs.roundcube.withPlugins (p: with p; [ - persistent_login - contextmenu - custom_from - thunderbird_labels - ]); + package = pkgs.roundcube.withPlugins ( + p: with p; [ + persistent_login + contextmenu + custom_from + thunderbird_labels + ] + ); plugins = [ "persistent_login" "contextmenu" diff --git a/overlay/default.nix b/overlay/default.nix index 896258b..d498f88 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,4 +1,5 @@ -{ inputs }: let +{ inputs }: +let overlays = [ ./conduwuit ./attic @@ -7,9 +8,9 @@ importedOverlays = map (m: import m) overlays; in importedOverlays -++ -[ - (final: prev: +++ [ + ( + final: prev: let pkgFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; stable = inputs.nixpkgs-stable; From 1ca80eb95d028b3113a3f9d9fb0d2c41fc1b90fb Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 9 Feb 2025 16:03:52 -0500 Subject: [PATCH 213/410] flake update Signed-off-by: cy --- flake.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 7b66a87..c5c7e8d 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1738740720, - "narHash": "sha256-rE0+UOEfFEGzjjIFdfs1Q4MR/UjVh8Dy6T137Z+ySgo=", + "lastModified": 1739114248, + "narHash": "sha256-Etzh7m1aZBwKfcS6sa+2zBzdOaZSR+yFn2pwwGTilb4=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "fda8b3680986dc8e038d51b93f7d36bf5c991ef6", + "rev": "b6e9dc3d98704c56027219d3775336910a0136c6", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1738652123, - "narHash": "sha256-zdZek5FXK/k95J0vnLF0AMnYuZl4AjARq83blKuJBYY=", + "lastModified": 1739053031, + "narHash": "sha256-LrMDRuwAlRFD2T4MgBSRd1s2VtOE+Vl1oMCNu3RpPE0=", "owner": "ipetkov", "repo": "crane", - "rev": "c7e015a5fcefb070778c7d91734768680188a9cd", + "rev": "112e6591b2d6313b1bd05a80a754a8ee42432a7e", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1738753876, - "narHash": "sha256-yXT82kERWL4R81hfun9BuT478Q6ut0dJzdQjAxjRS38=", + "lastModified": 1739051380, + "narHash": "sha256-p1QSLO8DJnANY+ppK7fjD8GqfCrEIDjso1CSRHsXL7Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "f20b7a8ab527a2482f13754dc00b2deaddc34599", + "rev": "5af1b9a0f193ab6138b89a8e0af8763c21bbf491", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1738690832, - "narHash": "sha256-gHJkxfk4ePMx5lhcF12r28lX6WdaH+a4y6GZhlaRQ1I=", + "lastModified": 1739035579, + "narHash": "sha256-Zc7KAA3iC5Ak9reV/peqELKXJn6rLcSZptq1Tzcx9Nc=", "ref": "refs/heads/main", - "rev": "8553adbb414167d969ba720cae02ab0694f38bd4", - "revCount": 17359, + "rev": "132d11c2d85425b7d23785ec306acb9b1d1ddba6", + "revCount": 17397, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1738770770, - "narHash": "sha256-nfapp7C4BbdvHTRA1HSRVYjD5Fk2FCKoyxQLzcL5X50=", + "lastModified": 1739042449, + "narHash": "sha256-9zLFUpEebwhjCgtznsI61gTzefI3+fuXATHUOFzJi5w=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "83abbde7c8164ee4b42a8647e4e61015c3f45816", + "rev": "98e3666a9dc4143cbf93d957a15d749b5acef046", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1738768006, - "narHash": "sha256-56jDYr/vqX4fobMJO2nWLjih03i6UV5bKtxI0nR4ZZA=", + "lastModified": 1738911818, + "narHash": "sha256-7bhr9ldHrNP71qOmKI1Hu80uclx+Tco0RNmO+GKtC1Y=", "owner": "YaLTeR", "repo": "niri", - "rev": "690d6355057ebeba03cbd8ce4905145b834c72f8", + "rev": "397e704d644d1bfe7736f2fdacbfe5742c7b2f9f", "type": "github" }, "original": { @@ -1065,11 +1065,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1738758495, - "narHash": "sha256-CZ8T4vP3ag2hwkpSZjatxJb55ouszvmnWw09qxGW9TU=", + "lastModified": 1739097848, + "narHash": "sha256-bbdQB0Y4mB2msqbyQ9QC+YPDZGt1evUK53AwQSyShHM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ceaea203f3ae1787b1bd13f021f686391696fc5b", + "rev": "9a0b855695c31ea653181b742c65e026bada3881", "type": "github" }, "original": { @@ -1102,11 +1102,11 @@ ] }, "locked": { - "lastModified": 1738780056, - "narHash": "sha256-YFzhEMT77o//oQoUivd+huCj6f2L/LmrSfV75+6CCq8=", + "lastModified": 1739121491, + "narHash": "sha256-BEmyAozR3Pc2qwPtC4rgUglzi3cw4nv4fXEY23NxOrQ=", "owner": "nix-community", "repo": "nixvim", - "rev": "2061a9ad95ca320a2bca00de6a9e30dbc5f52d74", + "rev": "13341a4c1238b7974e7bad9c7a6d5c51ca3cf81a", "type": "github" }, "original": { @@ -1285,11 +1285,11 @@ ] }, "locked": { - "lastModified": 1738722444, - "narHash": "sha256-DHVyKCiIQVDqjYoVU2j7UaLNIlOnpB9sP1cPRNRpqvY=", + "lastModified": 1739068147, + "narHash": "sha256-3DtLkjQFlIUOXw3TBH+iP0jglpqO6Lv2KaQc+ADg39I=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "347fb01821c3cd8d54e563d244a599c1e27a393d", + "rev": "f61820fa2c3844d6940cce269a6afdec30aa2e6c", "type": "github" }, "original": { @@ -1355,11 +1355,11 @@ ] }, "locked": { - "lastModified": 1738680491, - "narHash": "sha256-8X7tR3kFGkE7WEF5EXVkt4apgaN85oHZdoTGutCFs6I=", + "lastModified": 1738953846, + "narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "64dbb922d51a42c0ced6a7668ca008dded61c483", + "rev": "4f09b473c936d41582dd744e19f34ec27592c5fd", "type": "github" }, "original": { From ff7354c661dd21b68f345f1d87226f0f116c1cac Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 9 Feb 2025 22:26:24 -0500 Subject: [PATCH 214/410] make codium nicer, disable some stuff --- flake.lock | 27 +++++++++++++++++++++++++++ flake.nix | 6 ++++++ home/{vscode.nix => codium.nix} | 3 +-- home/yt/ytnix.nix | 4 +++- hosts/ytnix/default.nix | 12 ++++++------ overlay/default.nix | 1 + 6 files changed, 44 insertions(+), 9 deletions(-) rename home/{vscode.nix => codium.nix} (94%) diff --git a/flake.lock b/flake.lock index c5c7e8d..b940f4e 100644 --- a/flake.lock +++ b/flake.lock @@ -723,6 +723,32 @@ "url": "https://git.lix.systems/lix-project/nixos-module" } }, + "nil": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1732053863, + "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=", + "owner": "oxalica", + "repo": "nil", + "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "nil", + "type": "github" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -1249,6 +1275,7 @@ "lanzaboote": "lanzaboote", "lix": "lix", "lix-module": "lix-module", + "nil": "nil", "niri": "niri", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", diff --git a/flake.nix b/flake.nix index fabc87b..549faac 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,12 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; + nil = { + url = "github:oxalica/nil"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.rust-overlay.follows = "rust-overlay"; + inputs.flake-utils.follows = "flake-utils"; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/vscode.nix b/home/codium.nix similarity index 94% rename from home/vscode.nix rename to home/codium.nix index 2680ffe..b1b2044 100644 --- a/home/vscode.nix +++ b/home/codium.nix @@ -11,14 +11,13 @@ jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme - github.copilot rust-lang.rust-analyzer ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "afterDelay"; "nix.enableLanguageServer" = true; - "nix.serverPath" = "nixd"; + "nix.serverPath" = "nil"; "editor.fontFamily" = "IBM Plex Mono"; "editor.fontSize" = 16; "editor.wordWrap" = "on"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 06cd741..70f5aef 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -10,7 +10,7 @@ ../niri ../irssi.nix ../kitty.nix - ../vscode.nix + ../codium.nix ../plasma.nix ]; home = { @@ -127,6 +127,8 @@ radare2 p7zip qbittorrent + # vscodium + nil ]; programs.waybar.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a0f9d74..37b8763 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -280,10 +280,10 @@ services.tumbler.enable = true; virtualisation = { - libvirtd.enable = true; - docker.enable = true; + libvirtd.enable = false; + docker.enable = false; }; - programs.virt-manager.enable = true; + programs.virt-manager.enable = false; services.usbmuxd.enable = true; programs.nix-ld.dev = { @@ -358,7 +358,7 @@ ]; }; - services.ollama.enable = true; + services.ollama.enable = false; # wireguard setup networking.wg-quick.interfaces.wg0 = { @@ -382,9 +382,9 @@ ]; }; - services.trezord.enable = true; + services.trezord.enable = false; - programs.niri.enable = true; + programs.niri.enable = false; programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; diff --git a/overlay/default.nix b/overlay/default.nix index d498f88..910a5a4 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -20,6 +20,7 @@ importedOverlays roundcube = pkgFrom stable "roundcube"; lldb = pkgFrom stable "lldb"; calibre = pkgFrom stable "calibre"; + nil = inputs.nil.packages.${prev.system}.nil; } ) ] From 9dad1e07cbf55f430ab6a766dd30ab94908cab00 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 10 Feb 2025 02:35:13 -0500 Subject: [PATCH 215/410] more vscode, plasma stuff, add switch to justfile --- flake.lock | 29 ++++++++++++++++++++++++++++- flake.nix | 7 +++++++ home/codium.nix | 7 +++++-- home/plasma.nix | 7 ++++++- justfile | 5 +++++ overlay/default.nix | 1 - 6 files changed, 51 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index b940f4e..9076bdb 100644 --- a/flake.lock +++ b/flake.lock @@ -1285,7 +1285,8 @@ "plasma-manager": "plasma-manager", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", - "treefmt": "treefmt" + "treefmt": "treefmt", + "vscode-extensions": "vscode-extensions" } }, "rust-analyzer-src": { @@ -1395,6 +1396,32 @@ "type": "github" } }, + "vscode-extensions": { + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739152168, + "narHash": "sha256-Zv6eGe+c5f9Chyw6O3ePJ4hbscetuzZxYShwjn3ACEs=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "bd6b70f681b2561f53c9522be64330c7ff9d08d8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 549faac..9ef5b79 100644 --- a/flake.nix +++ b/flake.nix @@ -84,6 +84,12 @@ inputs.rust-overlay.follows = "rust-overlay"; inputs.flake-utils.follows = "flake-utils"; }; + vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + inputs.flake-compat.follows = "flake-compat"; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -163,6 +169,7 @@ overlays = [ inputs.niri.overlays.niri inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); }; in diff --git a/home/codium.nix b/home/codium.nix index b1b2044..e429959 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -6,13 +6,16 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; mutableExtensionsDir = false; - extensions = with pkgs.vscode-extensions; [ + extensions = (with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme rust-lang.rust-analyzer - ]; + ]) ++ + (with pkgs.vscode-marketplace; [ + github.codespaces + ]); userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "afterDelay"; diff --git a/home/plasma.nix b/home/plasma.nix index facdad1..10f5399 100644 --- a/home/plasma.nix +++ b/home/plasma.nix @@ -35,7 +35,12 @@ "launch-browser" = { name = "launch browser"; key = "Meta+B"; - command = "librewolf"; + command = "chromium"; + }; + "launch-fuzzel" = { + name = "launch-fuzzel"; + key = "Meta+d"; + command = "fuzzel"; }; }; diff --git a/justfile b/justfile index 462d283..68b7e5c 100644 --- a/justfile +++ b/justfile @@ -15,3 +15,8 @@ upgrade: git switch main git merge update git branch -d update + +switch: + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + home-manager -L switch --flake . diff --git a/overlay/default.nix b/overlay/default.nix index 910a5a4..219f1ad 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -3,7 +3,6 @@ let overlays = [ ./conduwuit ./attic - ./vscode.nix ]; importedOverlays = map (m: import m) overlays; in From 84bf3863069871b32a77621b0b6828b82d3970d6 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 10 Feb 2025 09:26:07 -0500 Subject: [PATCH 216/410] flake update Signed-off-by: cy --- flake.lock | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 9076bdb..8218e71 100644 --- a/flake.lock +++ b/flake.lock @@ -623,11 +623,11 @@ ] }, "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "lastModified": 1739186342, + "narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1739035579, - "narHash": "sha256-Zc7KAA3iC5Ak9reV/peqELKXJn6rLcSZptq1Tzcx9Nc=", + "lastModified": 1739137265, + "narHash": "sha256-WejZuOso5ElVYLA/17uVw7Noqi72ZbydPwMrbqNzC0c=", "ref": "refs/heads/main", - "rev": "132d11c2d85425b7d23785ec306acb9b1d1ddba6", - "revCount": 17397, + "rev": "7d4912bcf9028db491fe1061d3efcf2392c4bd76", + "revCount": 17398, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -763,11 +763,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739042449, - "narHash": "sha256-9zLFUpEebwhjCgtznsI61gTzefI3+fuXATHUOFzJi5w=", + "lastModified": 1739136145, + "narHash": "sha256-KgADxpdWMVevqNaxpJzlocRU+DclrFSyzvUiGFsARcQ=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "98e3666a9dc4143cbf93d957a15d749b5acef046", + "rev": "c5a3826e2bf96f3092b79415e17703a7b194e1a8", "type": "github" }, "original": { @@ -916,11 +916,11 @@ ] }, "locked": { - "lastModified": 1738573732, - "narHash": "sha256-cyUaLyn9oQp/ArxVnpyajKXFQhe+xxGCEvscAOt2Kco=", + "lastModified": 1739178399, + "narHash": "sha256-DCe+29pX+CCGCVoYWXXoHUidXI1AAmvpOfu/xHHPGVo=", "owner": "nix-community", "repo": "nix-ld", - "rev": "8fed868d17954b09421d2456afccc2e7afdee96f", + "rev": "530547e81232969a07af94dcfcfa3bfe58371812", "type": "github" }, "original": { @@ -1027,11 +1027,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1738843498, - "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=", + "lastModified": 1739055578, + "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f", + "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739097848, - "narHash": "sha256-bbdQB0Y4mB2msqbyQ9QC+YPDZGt1evUK53AwQSyShHM=", + "lastModified": 1739184465, + "narHash": "sha256-7Z9kNbr6qZwPG1z/6Hn/re4SS9nu1krxyknyNeCBh/o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a0b855695c31ea653181b742c65e026bada3881", + "rev": "58edd1e2acbc9be9fe29964344c6419db013141e", "type": "github" }, "original": { @@ -1313,11 +1313,11 @@ ] }, "locked": { - "lastModified": 1739068147, - "narHash": "sha256-3DtLkjQFlIUOXw3TBH+iP0jglpqO6Lv2KaQc+ADg39I=", + "lastModified": 1739154531, + "narHash": "sha256-QGeN6e0nMJlNLzm3Y2A7P6riXhQXMeCXLZ7yajZYFQM=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "f61820fa2c3844d6940cce269a6afdec30aa2e6c", + "rev": "035dac86ab7ce5c1e8a4d59dfe85e6911a3526ea", "type": "github" }, "original": { From d2b07a1ec15bf1e6982a8a72a3b41466fe139e9b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Feb 2025 22:41:08 -0500 Subject: [PATCH 217/410] chunk: don't limit tor bandwidth --- hosts/chunk/tor.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix index a63db2f..2ad4a89 100644 --- a/hosts/chunk/tor.nix +++ b/hosts/chunk/tor.nix @@ -10,7 +10,7 @@ settings = { ORPort = 9001; Nickname = "chunk"; - MaxAdvertisedBandwidth = "20MBytes"; + # MaxAdvertisedBandwidth = "20MBytes"; }; }; } From ce0b78bace0d6b051529e99aaee758b70f982334 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Feb 2025 22:43:23 -0500 Subject: [PATCH 218/410] flake update Signed-off-by: cy --- flake.lock | 68 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index 8218e71..c45db8f 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1739114248, - "narHash": "sha256-Etzh7m1aZBwKfcS6sa+2zBzdOaZSR+yFn2pwwGTilb4=", + "lastModified": 1739202916, + "narHash": "sha256-QdPUbONWFUdUSagT0pwad5yzOP0+Vxmmb6pM6QjhyFI=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "b6e9dc3d98704c56027219d3775336910a0136c6", + "rev": "e3b81f7b6488b5c483e8b13e3959fe591bf4cb92", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1739051380, - "narHash": "sha256-p1QSLO8DJnANY+ppK7fjD8GqfCrEIDjso1CSRHsXL7Y=", + "lastModified": 1739314552, + "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", "owner": "nix-community", "repo": "home-manager", - "rev": "5af1b9a0f193ab6138b89a8e0af8763c21bbf491", + "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1739137265, - "narHash": "sha256-WejZuOso5ElVYLA/17uVw7Noqi72ZbydPwMrbqNzC0c=", + "lastModified": 1739192059, + "narHash": "sha256-r40TUIL6zij0kWBpqKyI7O2brT3Myaa3aAGamkZEvfc=", "ref": "refs/heads/main", - "rev": "7d4912bcf9028db491fe1061d3efcf2392c4bd76", - "revCount": 17398, + "rev": "3bca42eb0049772d9079f29f25186575f8e5a4ae", + "revCount": 17406, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -763,11 +763,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739136145, - "narHash": "sha256-KgADxpdWMVevqNaxpJzlocRU+DclrFSyzvUiGFsARcQ=", + "lastModified": 1739323398, + "narHash": "sha256-l4qI/sdcSVXUU+djzHA/JXYQTd9ceVEc1YCcC2lUx0E=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "c5a3826e2bf96f3092b79415e17703a7b194e1a8", + "rev": "806fed9aa00adbad0eab8d8f1042ce70ef412cdd", "type": "github" }, "original": { @@ -796,11 +796,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1738911818, - "narHash": "sha256-7bhr9ldHrNP71qOmKI1Hu80uclx+Tco0RNmO+GKtC1Y=", + "lastModified": 1739287457, + "narHash": "sha256-0xpNX8oVKJSKglhfrxQxMhA5UWOu2OAUwNvxNuDmOI8=", "owner": "YaLTeR", "repo": "niri", - "rev": "397e704d644d1bfe7736f2fdacbfe5742c7b2f9f", + "rev": "213eafa2032897e7ce3132f179a135a65d327d9b", "type": "github" }, "original": { @@ -1027,11 +1027,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1739055578, - "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=", + "lastModified": 1739206421, + "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e", + "rev": "44534bc021b85c8d78e465021e21f33b856e2540", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739184465, - "narHash": "sha256-7Z9kNbr6qZwPG1z/6Hn/re4SS9nu1krxyknyNeCBh/o=", + "lastModified": 1739303263, + "narHash": "sha256-c/Z/6gZLN8BIpYh1B3qMzEn0TArjf4F2lmy59lDLVBM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "58edd1e2acbc9be9fe29964344c6419db013141e", + "rev": "6cc4213488e886db863878a1e3dc26cc932d38b8", "type": "github" }, "original": { @@ -1313,11 +1313,11 @@ ] }, "locked": { - "lastModified": 1739154531, - "narHash": "sha256-QGeN6e0nMJlNLzm3Y2A7P6riXhQXMeCXLZ7yajZYFQM=", + "lastModified": 1739327257, + "narHash": "sha256-rlGK8wxz/e50Z+PQRzuP+m03IrGkhcPGmgkBnkEZ9C8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "035dac86ab7ce5c1e8a4d59dfe85e6911a3526ea", + "rev": "e01f2c035b7b8a428c119b183f4cbc55f2eef07c", "type": "github" }, "original": { @@ -1333,11 +1333,11 @@ ] }, "locked": { - "lastModified": 1738291974, - "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { @@ -1409,11 +1409,11 @@ ] }, "locked": { - "lastModified": 1739152168, - "narHash": "sha256-Zv6eGe+c5f9Chyw6O3ePJ4hbscetuzZxYShwjn3ACEs=", + "lastModified": 1739324903, + "narHash": "sha256-VqtzYG8GK1BBaJx/zdxoLdeHSskETlldfYKZHSt6Ew8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "bd6b70f681b2561f53c9522be64330c7ff9d08d8", + "rev": "00d1dbcc3d422c6eabf9285759a4469a5a5a7542", "type": "github" }, "original": { @@ -1442,11 +1442,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1737837494, - "narHash": "sha256-wIMowP8Juas4ZwMRcpc+58sZ0kKTDu8fm13THPmv/F8=", + "lastModified": 1739246919, + "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "3944c9a0e40e5629f16ad023bbc90dac80d35a0f", + "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", "type": "github" }, "original": { From 9567b06957c379f5f77f1746439d76933536da06 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 12 Feb 2025 13:12:23 -0500 Subject: [PATCH 219/410] flake update Signed-off-by: cy --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index c45db8f..b36b229 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1739314552, - "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", + "lastModified": 1739381933, + "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", "owner": "nix-community", "repo": "home-manager", - "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", + "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", "type": "github" }, "original": { @@ -763,11 +763,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739323398, - "narHash": "sha256-l4qI/sdcSVXUU+djzHA/JXYQTd9ceVEc1YCcC2lUx0E=", + "lastModified": 1739339370, + "narHash": "sha256-kvuVhsaVa8j0P9Genf96CLX2cNjForojX5aB1BN+Bwk=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "806fed9aa00adbad0eab8d8f1042ce70ef412cdd", + "rev": "498e8bbc149b38fd14d4ff7fbf31c49fdaa23282", "type": "github" }, "original": { @@ -796,11 +796,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1739287457, - "narHash": "sha256-0xpNX8oVKJSKglhfrxQxMhA5UWOu2OAUwNvxNuDmOI8=", + "lastModified": 1739336386, + "narHash": "sha256-H9E3lfJibzWwqV9C1pI81uhav1RLWRA8JbH3ADv3X/4=", "owner": "YaLTeR", "repo": "niri", - "rev": "213eafa2032897e7ce3132f179a135a65d327d9b", + "rev": "7e552333a993e83a2dba52392109617e486f5f60", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739303263, - "narHash": "sha256-c/Z/6gZLN8BIpYh1B3qMzEn0TArjf4F2lmy59lDLVBM=", + "lastModified": 1739346810, + "narHash": "sha256-RNNghMmVysP8+zpmlFK3fMfrFOK5ZUtPCCi5nW7yZS4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6cc4213488e886db863878a1e3dc26cc932d38b8", + "rev": "696f2000ad7ad6f600159d49647a88bdf0e42f9f", "type": "github" }, "original": { @@ -1128,11 +1128,11 @@ ] }, "locked": { - "lastModified": 1739121491, - "narHash": "sha256-BEmyAozR3Pc2qwPtC4rgUglzi3cw4nv4fXEY23NxOrQ=", + "lastModified": 1739353096, + "narHash": "sha256-w/T2uYCoq4k6K46GX2CMGWsKfMvcqnxC41LIgnvGifE=", "owner": "nix-community", "repo": "nixvim", - "rev": "13341a4c1238b7974e7bad9c7a6d5c51ca3cf81a", + "rev": "78b6f8e1e5b37a7789216e17a96ebc117660f0e7", "type": "github" }, "original": { From 3684b35d596d72e342454e9ad02bbe03ca0a659e Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 12 Feb 2025 20:04:36 -0500 Subject: [PATCH 220/410] nix fmt --- home/codium.nix | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index e429959..accda10 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -6,16 +6,17 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; mutableExtensionsDir = false; - extensions = (with pkgs.open-vsx; [ - vscodevim.vim - jnoortheen.nix-ide - editorconfig.editorconfig - github.github-vscode-theme - rust-lang.rust-analyzer - ]) ++ - (with pkgs.vscode-marketplace; [ - github.codespaces - ]); + extensions = + (with pkgs.open-vsx; [ + vscodevim.vim + jnoortheen.nix-ide + editorconfig.editorconfig + github.github-vscode-theme + rust-lang.rust-analyzer + ]) + ++ (with pkgs.vscode-marketplace; [ + github.codespaces + ]); userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "afterDelay"; From 0992f2f308a2db893c6add6f593bd02e344b5d04 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Feb 2025 21:49:45 -0500 Subject: [PATCH 221/410] enable appimage, overlay anki --- flake.lock | 17 +++++++++++++++++ flake.nix | 3 +++ home/codium.nix | 6 +++--- hosts/ytnix/default.nix | 5 +++++ overlay/default.nix | 1 + 5 files changed, 29 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b36b229..5f4fb3a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "anki": { + "locked": { + "lastModified": 1739471491, + "narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248", + "type": "github" + }, + "original": { + "owner": "cything", + "repo": "nixpkgs", + "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248", + "type": "github" + } + }, "attic": { "inputs": { "crane": "crane", @@ -1265,6 +1281,7 @@ }, "root": { "inputs": { + "anki": "anki", "conduwuit": "conduwuit", "crane": "crane_2", "disko": "disko", diff --git a/flake.nix b/flake.nix index 9ef5b79..b9d76bf 100644 --- a/flake.nix +++ b/flake.nix @@ -100,6 +100,9 @@ flake-utils.url = "github:numtide/flake-utils"; crane.url = "github:ipetkov/crane"; flake-compat.url = "github:edolstra/flake-compat"; + + # unmerged PRs + anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248"; }; nixConfig = { diff --git a/home/codium.nix b/home/codium.nix index accda10..a900df3 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -7,15 +7,15 @@ enableExtensionUpdateCheck = false; mutableExtensionsDir = false; extensions = + # if unfree + # (with pkgs.vscode-marketplace; [ (with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme rust-lang.rust-analyzer - ]) - ++ (with pkgs.vscode-marketplace; [ - github.codespaces + shd101wyy.markdown-preview-enhanced ]); userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 37b8763..cd3a38e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -402,4 +402,9 @@ enable = true; enableQt5Integration = true; }; + + programs.appimage = { + enable = true; + binfmt = true; + }; } diff --git a/overlay/default.nix b/overlay/default.nix index 219f1ad..5695d30 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -20,6 +20,7 @@ importedOverlays lldb = pkgFrom stable "lldb"; calibre = pkgFrom stable "calibre"; nil = inputs.nil.packages.${prev.system}.nil; + anki = pkgFrom inputs.anki "anki-bin"; } ) ] From 9877335f4b35b465fcbb00de1dc882f57ce01e97 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Feb 2025 21:49:52 -0500 Subject: [PATCH 222/410] add zipline --- .sops.yaml | 5 +++++ hosts/chunk/default.nix | 4 ++++ modules/default.nix | 1 + modules/zipline.nix | 38 +++++++++++++++++++++++++++++++++++ secrets/services/zipline.yaml | 31 ++++++++++++++++++++++++++++ 5 files changed, 79 insertions(+) create mode 100644 modules/zipline.nix create mode 100644 secrets/services/zipline.yaml diff --git a/.sops.yaml b/.sops.yaml index 0fd042a..96b61cd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -113,3 +113,8 @@ creation_rules: - age: - *yt - *cy + - path_regex: secrets/services/zipline.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9577771..aeb7906 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -72,6 +72,9 @@ "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; + "zipline/env" = { + sopsFile = ../../secrets/services/zipline.yaml; + }; }; boot = { @@ -207,4 +210,5 @@ environment.enableAllTerminfo = true; my.roundcube.enable = true; + my.zipline.enable = true; } diff --git a/modules/default.nix b/modules/default.nix index 810c2f4..96ea519 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,5 +4,6 @@ ./backup.nix ./caddy.nix ./roundcube.nix + ./zipline.nix ]; } diff --git a/modules/zipline.nix b/modules/zipline.nix new file mode 100644 index 0000000..9647525 --- /dev/null +++ b/modules/zipline.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.zipline; +in +{ + options.my.zipline = { + enable = lib.mkEnableOption "zipline"; + }; + + config = lib.mkIf cfg.enable { + services.zipline = { + enable = true; + settings = { + CORE_PORT = 3001; + DATASOURCE_TYPE = "s3"; + DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + DATASOURCE_S3_BUCKET = "cything"; + DATASOURCE_S3_REGION = "us-east-1"; + DATASOURCE_S3_USE_SSL = "true"; + DATASOURCE_S3_FORCE_S3_PATH = "false"; + FEATURES_THUMBNAILS = "true"; + EXIF_REMOVE_GPS = "true"; + CHUNKS_CHUNKS_SIZE = "50mb"; + CHUNKS_MAX_SIZE = "95mb"; + }; + environmentFiles = [ config.sops.secrets."zipline/env".path ]; + }; + + services.caddy.virtualHosts."host.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:3001 + ''; + }; +} diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml new file mode 100644 index 0000000..21844ab --- /dev/null +++ b/secrets/services/zipline.yaml @@ -0,0 +1,31 @@ +zipline: + env: ENC[AES256_GCM,data:0mWks20tBUtBVhJIqEyW5jm5cIgDPcyYS/Sl1ulCltandGHFOa+A7aP/VbvVp+7FO5VhtC3CtLt3Jtcr8/dEnJoMFWsrliZ0ZcR/Xm3TtJ4yfhmVbuK9lyUrgPP0RahQzFrQZo0ZCOug/f8suySm3mCnMz377L+Gu0+MMZPebVP724k2Xj5zpSyF288cnOG2QDNAo0DCrrFep31a7n8XbOduOupop5PRLax+8lFKRYgZbRSPaaFToFCoSxU8Y+W3tkB+mtwIsOtIeQigAVYEJ/O1kw==,iv:4n7s52m63gQ3fX+eW2jGWC8NXhPuq3nNSmmYYZxqqXg=,tag:FiYn7L7L4O0+nHI4n43Jqw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUDFDSnFEM1NZK0lSMnUx + YkI3MWlpY1VjYXdaKzBCOFc5NWp5NXdBbkdVCmI0Z2tuSXBOSFN2NXJTUWxKQXNu + SGhhTTYzUDFSOFFXdU5aVHlmYnJNa1UKLS0tIGlrUTErQkVRdFBYYWxUcklHaUVY + UkQ3eVlDR2lMOEZGNXRjU3J3RXpwZkUKNJL/dvPsGu0AJiXryR8uSM0jE//cQi0b + AeYUjXLRcouUq5zWL6AsKDOUAo9t//AAFZqv3DGUboR8UzdymYRYMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Wk9ZYkExU3k0ZWpOZEhF + TkswRGxTd1hpcGJaa1pmcUJFQnZMcGV6L0ZFCnp3K05YdU56WUl1TktVSFNQWWZH + bG5COXVuSjFCUWpEYXQweVFPaDAzcTQKLS0tIFgralQ1TWUzajVOM3RyS3RDcnRx + WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW + AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-14T01:48:13Z" + mac: ENC[AES256_GCM,data:kz+8dAnj4cDb/XOU3s1MvSk8W3vRI8vXm7hVVine+Lm4hQg9opZ4Z2w0J4zmLlb23NcRoB06E5bGj2+CmacgptBbz6MlEqw8G8VhR+9oKXZV1fwFHa9YZI9Vxj3tLZC68NrM6FORLD/BLK7geDn5oB1Mfl3zX/AkuixxOJSTXKA=,iv:xEsPexTskougBBFh/9dAW45QKdBGD08g162Tyqnz9LI=,tag:AYqVBq7OajFA1LaOI5MP4w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 From 0c9823a5aaf19e589bc4ce9c7d344eb458d3ddaf Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Feb 2025 21:50:19 -0500 Subject: [PATCH 223/410] fmt --- home/codium.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index a900df3..b35231a 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -9,14 +9,17 @@ extensions = # if unfree # (with pkgs.vscode-marketplace; [ - (with pkgs.open-vsx; [ - vscodevim.vim - jnoortheen.nix-ide - editorconfig.editorconfig - github.github-vscode-theme - rust-lang.rust-analyzer - shd101wyy.markdown-preview-enhanced - ]); + ( + with pkgs.open-vsx; + [ + vscodevim.vim + jnoortheen.nix-ide + editorconfig.editorconfig + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + ] + ); userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "afterDelay"; From d23e73a4bafd0380ea7285d6adb994974b1c2cc2 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Feb 2025 22:40:30 -0500 Subject: [PATCH 224/410] oauth for zipline --- hosts/chunk/garage.nix | 2 +- modules/zipline.nix | 5 +++-- secrets/services/zipline.yaml | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index a6f39dd..e6c8af1 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -8,7 +8,7 @@ s3_api = { s3_region = "earth"; api_bind_addr = "[::]:3900"; - root_domain = ".s3.cy7.sh"; + root_domain = "s3.cy7.sh"; }; s3_web = { bind_addr = "[::]:3902"; diff --git a/modules/zipline.nix b/modules/zipline.nix index 9647525..b66cad6 100644 --- a/modules/zipline.nix +++ b/modules/zipline.nix @@ -18,14 +18,15 @@ in CORE_PORT = 3001; DATASOURCE_TYPE = "s3"; DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; - DATASOURCE_S3_BUCKET = "cything"; - DATASOURCE_S3_REGION = "us-east-1"; + DATASOURCE_S3_BUCKET = "zipline"; + DATASOURCE_S3_REGION = "auto"; DATASOURCE_S3_USE_SSL = "true"; DATASOURCE_S3_FORCE_S3_PATH = "false"; FEATURES_THUMBNAILS = "true"; EXIF_REMOVE_GPS = "true"; CHUNKS_CHUNKS_SIZE = "50mb"; CHUNKS_MAX_SIZE = "95mb"; + FEATURES_OAUTH_REGISTRATION = "true"; }; environmentFiles = [ config.sops.secrets."zipline/env".path ]; }; diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml index 21844ab..b82f9a3 100644 --- a/secrets/services/zipline.yaml +++ b/secrets/services/zipline.yaml @@ -1,5 +1,5 @@ zipline: - env: ENC[AES256_GCM,data:0mWks20tBUtBVhJIqEyW5jm5cIgDPcyYS/Sl1ulCltandGHFOa+A7aP/VbvVp+7FO5VhtC3CtLt3Jtcr8/dEnJoMFWsrliZ0ZcR/Xm3TtJ4yfhmVbuK9lyUrgPP0RahQzFrQZo0ZCOug/f8suySm3mCnMz377L+Gu0+MMZPebVP724k2Xj5zpSyF288cnOG2QDNAo0DCrrFep31a7n8XbOduOupop5PRLax+8lFKRYgZbRSPaaFToFCoSxU8Y+W3tkB+mtwIsOtIeQigAVYEJ/O1kw==,iv:4n7s52m63gQ3fX+eW2jGWC8NXhPuq3nNSmmYYZxqqXg=,tag:FiYn7L7L4O0+nHI4n43Jqw==,type:str] + env: ENC[AES256_GCM,data:lsR/+bET/C7ssik0xv5IBITT+KEnoyqNjSZ9jvkkb7lmNAQzow6dCm1nprfimiJC0EF2LyiEPm0wchdtrLTNEtUkJWkworEJXeWGrGGbHgZW0/HC1BSERqlLmZTPyLWkhsl3rObvuhRoTKlUN5EMwtK8x06aOX6PcxLdwVjps7UxkBXej712IcKPvHVSJIQMvVHP2lqSppJc+sEMt4u3Vnf1ZYGsQS3bWnI7w40sOdGR8LGBadfmWwIj0/3XTaG7S7Lhi4AOFGZtpdyOmxxIH3Vd5qesfiqPHm0nTmu/JxPftYm+F/hDnbJHrbg7cNVlJahDFtQp8QdlVvdMU3ccNptpRXGWIwFOz3JtuzDo7pxkYRqO2dKqYbKhOknrMW0PYuB48XEKj3e4Q+T8tUhFTsOHfqT0J8ati26dQaUO5wvw22o=,iv:QeR8fU9bRVO5OuqjbEeiC1vihbLxrNgnR0k0K/mRmSw=,tag:6x2XELOlJ9JWeOuVBBHNpg==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +24,8 @@ sops: WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-14T01:48:13Z" - mac: ENC[AES256_GCM,data:kz+8dAnj4cDb/XOU3s1MvSk8W3vRI8vXm7hVVine+Lm4hQg9opZ4Z2w0J4zmLlb23NcRoB06E5bGj2+CmacgptBbz6MlEqw8G8VhR+9oKXZV1fwFHa9YZI9Vxj3tLZC68NrM6FORLD/BLK7geDn5oB1Mfl3zX/AkuixxOJSTXKA=,iv:xEsPexTskougBBFh/9dAW45QKdBGD08g162Tyqnz9LI=,tag:AYqVBq7OajFA1LaOI5MP4w==,type:str] + lastmodified: "2025-02-14T03:37:09Z" + mac: ENC[AES256_GCM,data:KViPAUWWpE5UTZOp55f3QeXhHkXBvyl9Np/Tlj5bY7t3qt1U370OLq1yL87WWbvRWa/K/ZYN2gjN16dgfp5o834VniSJM6dnw+vC76QNaXjCfE2HKozRx6NlHFMflzzV8TXvqzJvuPa43E8DRaBctY2a7aIbJ4DJki1dfmrrO3Y=,iv:vPeMWOWQNZX3t4BoYzpuI74tZJ3rCXwbxmqcRAW5ZXY=,tag:i4ZjIXg0JOj2U2jMwurChw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 From 956fae1f04cb7734795aaa2e6ad322cf76e47574 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Feb 2025 22:43:56 -0500 Subject: [PATCH 225/410] flake update Signed-off-by: cy --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 5f4fb3a..33c8825 100644 --- a/flake.lock +++ b/flake.lock @@ -578,11 +578,11 @@ ] }, "locked": { - "lastModified": 1739381933, - "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", + "lastModified": 1739470101, + "narHash": "sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4=", "owner": "nix-community", "repo": "home-manager", - "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", + "rev": "5031c6d2978109336637977c165f82aa49fa16a7", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1739192059, - "narHash": "sha256-r40TUIL6zij0kWBpqKyI7O2brT3Myaa3aAGamkZEvfc=", + "lastModified": 1739445948, + "narHash": "sha256-mmfFqhYjKP7nke1cs3x+bjP6GOG8A82Zxvrc9IfYwEA=", "ref": "refs/heads/main", - "rev": "3bca42eb0049772d9079f29f25186575f8e5a4ae", - "revCount": 17406, + "rev": "406f4fed35fe495457a0f6487a7be3b025cab1c4", + "revCount": 17410, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -779,11 +779,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739339370, - "narHash": "sha256-kvuVhsaVa8j0P9Genf96CLX2cNjForojX5aB1BN+Bwk=", + "lastModified": 1739496005, + "narHash": "sha256-qr7v18JupLdyjUhC3zczdYzUEC4zzsxGjxsVGgYzwYg=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "498e8bbc149b38fd14d4ff7fbf31c49fdaa23282", + "rev": "e072f4a57cad4fb92e656fd69a340c8d372cacac", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1739336386, - "narHash": "sha256-H9E3lfJibzWwqV9C1pI81uhav1RLWRA8JbH3ADv3X/4=", + "lastModified": 1739432365, + "narHash": "sha256-uQm3OhhgUQHA5eV+0v/qAFmFHly8yHg2P+BVVy/3DcY=", "owner": "YaLTeR", "repo": "niri", - "rev": "7e552333a993e83a2dba52392109617e486f5f60", + "rev": "4c98b874862c2e6df7f71bdf36df0ba527690fbb", "type": "github" }, "original": { @@ -1043,11 +1043,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1739206421, - "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", + "lastModified": 1739357830, + "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44534bc021b85c8d78e465021e21f33b856e2540", + "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739346810, - "narHash": "sha256-RNNghMmVysP8+zpmlFK3fMfrFOK5ZUtPCCi5nW7yZS4=", + "lastModified": 1739478914, + "narHash": "sha256-qljqSeAWOFbd6HNg8Ey28RdZYdVN8bMb6HJK7uqCKZ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "696f2000ad7ad6f600159d49647a88bdf0e42f9f", + "rev": "6f9b8ea84c04411c48ab5aab4620ab204936d9fc", "type": "github" }, "original": { @@ -1144,11 +1144,11 @@ ] }, "locked": { - "lastModified": 1739353096, - "narHash": "sha256-w/T2uYCoq4k6K46GX2CMGWsKfMvcqnxC41LIgnvGifE=", + "lastModified": 1739469954, + "narHash": "sha256-faUXxkM3yYm++fpEw02tbAgPJprVB0xOtrU87BEQkuI=", "owner": "nix-community", "repo": "nixvim", - "rev": "78b6f8e1e5b37a7789216e17a96ebc117660f0e7", + "rev": "7f29e4b2ae34c1ba5fe650d74c8f28b0d1fa21ee", "type": "github" }, "original": { @@ -1330,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1739327257, - "narHash": "sha256-rlGK8wxz/e50Z+PQRzuP+m03IrGkhcPGmgkBnkEZ9C8=", + "lastModified": 1739500069, + "narHash": "sha256-eCxWMqMsP2KQkleWWhs9KzFvxgd9v0F0iq7Piw6XDAs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e01f2c035b7b8a428c119b183f4cbc55f2eef07c", + "rev": "cd3e0a87bf9edadb0f311ba1eb677bbae7a08b81", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ ] }, "locked": { - "lastModified": 1739324903, - "narHash": "sha256-VqtzYG8GK1BBaJx/zdxoLdeHSskETlldfYKZHSt6Ew8=", + "lastModified": 1739497746, + "narHash": "sha256-Bfok+AZ/iTOmJNndwR7wOZbsuL5/gks3GH2qvWTxpGs=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "00d1dbcc3d422c6eabf9285759a4469a5a5a7542", + "rev": "6113f471097e12ff293e86b36e74aee21c55204e", "type": "github" }, "original": { From c4aade597a7d20bcd910d5bbcbd1e6983ade17a1 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 15 Feb 2025 14:43:35 -0500 Subject: [PATCH 226/410] add some pkgs and enable adb --- home/yt/ytnix.nix | 13 ++++++++++++- hosts/ytnix/default.nix | 4 ++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 70f5aef..699a60a 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -94,7 +94,6 @@ unzip lm_sensors sshfs - python312Packages.python-lsp-server gopls anki trezorctl @@ -129,6 +128,18 @@ qbittorrent # vscodium nil + pkg-config + gtk2 + gtk2-x11 + android-tools + (python313.withPackages ( + p: with p; [ + python-lsp-server + pip + virtualenv + wxpython + ] + )) ]; programs.waybar.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index cd3a38e..d29295d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -143,6 +143,7 @@ "libvirtd" "docker" "disk" + "adbusers" ]; environment.systemPackages = with pkgs; [ @@ -329,6 +330,7 @@ xorg.libXtst xorg.libxkbfile xorg.libxshmfence + python312Packages.wxpython ]; }; programs.evolution.enable = true; @@ -407,4 +409,6 @@ enable = true; binfmt = true; }; + + programs.adb.enable = true; } From 955c38bc63a8079fd208d5418b4ae7f7991df48e Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Feb 2025 00:02:18 -0500 Subject: [PATCH 227/410] bunch of random stuff --- home/yt/common.nix | 3 ++- home/yt/ytnix.nix | 5 ++++- hosts/chunk/garage.nix | 2 +- hosts/ytnix/default.nix | 19 ++++++++++++++++--- 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index e919d4b..11d8c7c 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -32,11 +32,12 @@ userName = "cy"; userEmail = "cy@cy7.sh"; delta = { - enable = true; + enable = false; options = { navigate = true; }; }; + difftastic.enable = true; extraConfig = { init.defaultBranch = "main"; push.autoSetupRemote = true; # assume -u on first push diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 699a60a..e658e65 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -132,6 +132,9 @@ gtk2 gtk2-x11 android-tools + frida-tools + mitmproxy + openssl (python313.withPackages ( p: with p; [ python-lsp-server @@ -204,7 +207,7 @@ SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG_LEVEL = "warn"; - AWS_DEFAULT_REGION = "earth"; + AWS_DEFAULT_REGION = "us-east-1"; AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index e6c8af1..0dade9f 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -6,7 +6,7 @@ settings = { data_dir = "/mnt/garage"; s3_api = { - s3_region = "earth"; + s3_region = "us-east-1"; api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index d29295d..a7e199c 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -93,8 +93,7 @@ }; resolvconf.enable = true; firewall = { - allowedUDPPorts = [ 51820 ]; # for wireguard - trustedInterfaces = [ "wg0" ]; + allowedTCPPorts = [ 8080 ]; # for mitmproxy }; }; programs.nm-applet.enable = true; @@ -330,7 +329,19 @@ xorg.libXtst xorg.libxkbfile xorg.libxshmfence - python312Packages.wxpython + xorg.libXxf86vm + xorg.libSM + gtk3 + pango + gdk-pixbuf + glib + libnotify + SDL2 + libpng + libjpeg8 + libtiff + curl + pcre2 ]; }; programs.evolution.enable = true; @@ -411,4 +422,6 @@ }; programs.adb.enable = true; + services.envfs.enable = true; + programs.kdeconnect.enable = true; } From 6a2020e24ba26c5e379593b941d5db50f5de949d Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Feb 2025 00:03:56 -0500 Subject: [PATCH 228/410] flake update Signed-off-by: cy --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index 33c8825..77c6ac6 100644 --- a/flake.lock +++ b/flake.lock @@ -173,11 +173,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739053031, - "narHash": "sha256-LrMDRuwAlRFD2T4MgBSRd1s2VtOE+Vl1oMCNu3RpPE0=", + "lastModified": 1739815359, + "narHash": "sha256-mjB72/7Fgk5bsIIKA4G9LkIb/u0Ci+VdOyQSgBuQtjo=", "owner": "ipetkov", "repo": "crane", - "rev": "112e6591b2d6313b1bd05a80a754a8ee42432a7e", + "rev": "282159b2b0588b87a9dbcc40decc91dd5bed5c89", "type": "github" }, "original": { @@ -578,11 +578,11 @@ ] }, "locked": { - "lastModified": 1739470101, - "narHash": "sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4=", + "lastModified": 1739845242, + "narHash": "sha256-rNMXpDubNWGLTs45MuoH9YHtXfXye/fn2u4YMSTPt9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "5031c6d2978109336637977c165f82aa49fa16a7", + "rev": "5cfbf5cc37a3bd1da07ae84eea1b828909c4456b", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1739445948, - "narHash": "sha256-mmfFqhYjKP7nke1cs3x+bjP6GOG8A82Zxvrc9IfYwEA=", + "lastModified": 1739846668, + "narHash": "sha256-B0+90JxZ7m+NVTb82Y8/R5OvKJrJhFDO2LtIxM7JNfw=", "ref": "refs/heads/main", - "rev": "406f4fed35fe495457a0f6487a7be3b025cab1c4", - "revCount": 17410, + "rev": "0069c59eda80e89ef4e42f7629cb15b051b6cadd", + "revCount": 17430, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -779,11 +779,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739496005, - "narHash": "sha256-qr7v18JupLdyjUhC3zczdYzUEC4zzsxGjxsVGgYzwYg=", + "lastModified": 1739852863, + "narHash": "sha256-z26CrSpjFXVVa5RU2ORpfqcUpO1Uow4V7KV+pM/5Gok=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "e072f4a57cad4fb92e656fd69a340c8d372cacac", + "rev": "c045be9425cfdd7769a4e96cab35a7f8b9db7468", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1739432365, - "narHash": "sha256-uQm3OhhgUQHA5eV+0v/qAFmFHly8yHg2P+BVVy/3DcY=", + "lastModified": 1739820990, + "narHash": "sha256-v+MmVqFyjzL9xzyRzfX+1qMIGgoHcW73P9b8RrM922k=", "owner": "YaLTeR", "repo": "niri", - "rev": "4c98b874862c2e6df7f71bdf36df0ba527690fbb", + "rev": "44c9797844ca7ce8a708d5034f1259ce3fc6bd2a", "type": "github" }, "original": { @@ -932,11 +932,11 @@ ] }, "locked": { - "lastModified": 1739178399, - "narHash": "sha256-DCe+29pX+CCGCVoYWXXoHUidXI1AAmvpOfu/xHHPGVo=", + "lastModified": 1739790836, + "narHash": "sha256-ksegG5wSllKmBqId/BtHVje9E5s0I+uCWgiFeLv2RzM=", "owner": "nix-community", "repo": "nix-ld", - "rev": "530547e81232969a07af94dcfcfa3bfe58371812", + "rev": "36420e7b304b5071da5eedd176c0a567fd821861", "type": "github" }, "original": { @@ -1043,11 +1043,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1739357830, - "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", + "lastModified": 1739758141, + "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", + "rev": "c618e28f70257593de75a7044438efc1c1fc0791", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739478914, - "narHash": "sha256-qljqSeAWOFbd6HNg8Ey28RdZYdVN8bMb6HJK7uqCKZ0=", + "lastModified": 1739822428, + "narHash": "sha256-eVH9Ggf0eojNMoRkksP7SfOMpI8ITLNfmoZrKyfQ8hU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f9b8ea84c04411c48ab5aab4620ab204936d9fc", + "rev": "a3a07ac733f5aa4a1b1800d4a4042b65c6a9865f", "type": "github" }, "original": { @@ -1144,11 +1144,11 @@ ] }, "locked": { - "lastModified": 1739469954, - "narHash": "sha256-faUXxkM3yYm++fpEw02tbAgPJprVB0xOtrU87BEQkuI=", + "lastModified": 1739751913, + "narHash": "sha256-H72wNdLOl9CzfimXjDdKWnV0Mr8lpVF4m3HZ2m+fuck=", "owner": "nix-community", "repo": "nixvim", - "rev": "7f29e4b2ae34c1ba5fe650d74c8f28b0d1fa21ee", + "rev": "3a66c8a33001d8bd79388c6b15eb1039f43f4192", "type": "github" }, "original": { @@ -1206,11 +1206,11 @@ ] }, "locked": { - "lastModified": 1736549395, - "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=", + "lastModified": 1739557722, + "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b", + "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522", "type": "github" }, "original": { @@ -1330,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1739500069, - "narHash": "sha256-eCxWMqMsP2KQkleWWhs9KzFvxgd9v0F0iq7Piw6XDAs=", + "lastModified": 1739845646, + "narHash": "sha256-UGQVBU/yDn6u0kAE4z1PYrOaaf3wl+gAAv5rui2TkFQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "cd3e0a87bf9edadb0f311ba1eb677bbae7a08b81", + "rev": "ab2cd2b8b25ab3f65b8ce4aa701a6d69fbb0210f", "type": "github" }, "original": { @@ -1400,11 +1400,11 @@ ] }, "locked": { - "lastModified": 1738953846, - "narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=", + "lastModified": 1739829690, + "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4f09b473c936d41582dd744e19f34ec27592c5fd", + "rev": "3d0579f5cc93436052d94b73925b48973a104204", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ ] }, "locked": { - "lastModified": 1739497746, - "narHash": "sha256-Bfok+AZ/iTOmJNndwR7wOZbsuL5/gks3GH2qvWTxpGs=", + "lastModified": 1739843309, + "narHash": "sha256-BLsy1soiTtyN3nKH3dgpwFJ31a29Njpi6+xD6tsVBo4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6113f471097e12ff293e86b36e74aee21c55204e", + "rev": "6f6ffc8ebcfd2d48477ec2e78d9767a7bfdd9d79", "type": "github" }, "original": { From 5efe1463a3752f96368d3e25f9cca70a4106e522 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Feb 2025 01:36:47 -0500 Subject: [PATCH 229/410] install telegram and jadx, disable mako, re-enable virtualisation stuff --- home/yt/ytnix.nix | 5 +++-- hosts/ytnix/default.nix | 7 +++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e658e65..2f6c6b2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -140,16 +140,17 @@ python-lsp-server pip virtualenv - wxpython ] )) + telegram-desktop + jadx ]; programs.waybar.enable = true; programs.feh.enable = true; services.mako = { - enable = true; + enable = false; backgroundColor = "#1a1a1a"; defaultTimeout = 5000; borderSize = 0; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a7e199c..524804d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -178,6 +178,7 @@ wine-wayland wine64 solaar + gtk3 ]; environment.sessionVariables = { @@ -280,8 +281,8 @@ services.tumbler.enable = true; virtualisation = { - libvirtd.enable = false; - docker.enable = false; + libvirtd.enable = true; + docker.enable = true; }; programs.virt-manager.enable = false; @@ -342,6 +343,7 @@ libtiff curl pcre2 + gsettings-desktop-schemas ]; }; programs.evolution.enable = true; @@ -424,4 +426,5 @@ programs.adb.enable = true; services.envfs.enable = true; programs.kdeconnect.enable = true; + programs.dconf.enable = true; } From 322b594936d8d0e653ab947d420a52bf731f9e03 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Feb 2025 01:39:31 -0500 Subject: [PATCH 230/410] try newer stuff again --- home/codium.nix | 21 +++++++++------------ hosts/ytnix/default.nix | 2 +- overlay/default.nix | 12 ++++++------ 3 files changed, 16 insertions(+), 19 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index b35231a..2da9ffc 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -8,18 +8,15 @@ mutableExtensionsDir = false; extensions = # if unfree - # (with pkgs.vscode-marketplace; [ - ( - with pkgs.open-vsx; - [ - vscodevim.vim - jnoortheen.nix-ide - editorconfig.editorconfig - github.github-vscode-theme - rust-lang.rust-analyzer - shd101wyy.markdown-preview-enhanced - ] - ); + # with pkgs.vscode-marketplace; + with pkgs.open-vsx; [ + vscodevim.vim + jnoortheen.nix-ide + editorconfig.editorconfig + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "afterDelay"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 524804d..a6bf18d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -54,7 +54,7 @@ }; tmp.cleanOnBoot = true; # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed - kernelPackages = pkgs.linuxKernel.packages.linux_6_12; + kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; diff --git a/overlay/default.nix b/overlay/default.nix index 5695d30..6d532cf 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -15,12 +15,12 @@ importedOverlays stable = inputs.nixpkgs-stable; in { - bitwarden-cli = pkgFrom stable "bitwarden-cli"; - roundcube = pkgFrom stable "roundcube"; - lldb = pkgFrom stable "lldb"; - calibre = pkgFrom stable "calibre"; - nil = inputs.nil.packages.${prev.system}.nil; - anki = pkgFrom inputs.anki "anki-bin"; + # bitwarden-cli = pkgFrom stable "bitwarden-cli"; + # roundcube = pkgFrom stable "roundcube"; + # lldb = pkgFrom stable "lldb"; + # calibre = pkgFrom stable "calibre"; + # nil = inputs.nil.packages.${prev.system}.nil; + # anki = pkgFrom inputs.anki "anki-bin"; } ) ] From 2c6963c7bec933323d075c2a6fcc85da519fbd6b Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Feb 2025 15:03:52 -0500 Subject: [PATCH 231/410] flake update Signed-off-by: cy --- flake.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 77c6ac6..7931572 100644 --- a/flake.lock +++ b/flake.lock @@ -173,11 +173,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739815359, - "narHash": "sha256-mjB72/7Fgk5bsIIKA4G9LkIb/u0Ci+VdOyQSgBuQtjo=", + "lastModified": 1739936662, + "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", "owner": "ipetkov", "repo": "crane", - "rev": "282159b2b0588b87a9dbcc40decc91dd5bed5c89", + "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", "type": "github" }, "original": { @@ -578,11 +578,11 @@ ] }, "locked": { - "lastModified": 1739845242, - "narHash": "sha256-rNMXpDubNWGLTs45MuoH9YHtXfXye/fn2u4YMSTPt9I=", + "lastModified": 1740060750, + "narHash": "sha256-FOC9OzJ5Ckh6VjzGSRh4F3UCUOdM8NrzQT19PQcQJ44=", "owner": "nix-community", "repo": "home-manager", - "rev": "5cfbf5cc37a3bd1da07ae84eea1b828909c4456b", + "rev": "0c0b0ac8af6ca76b1fcb514483a9bd73c18f1e8c", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1739846668, - "narHash": "sha256-B0+90JxZ7m+NVTb82Y8/R5OvKJrJhFDO2LtIxM7JNfw=", + "lastModified": 1740025708, + "narHash": "sha256-TQ8EQoulNFD2nP94Aw3W17cjlV3F+fMpDsV6LOrrkbY=", "ref": "refs/heads/main", - "rev": "0069c59eda80e89ef4e42f7629cb15b051b6cadd", - "revCount": 17430, + "rev": "e335a26d5cd8371ea836d1166b627eaf17427299", + "revCount": 17439, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -779,11 +779,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739852863, - "narHash": "sha256-z26CrSpjFXVVa5RU2ORpfqcUpO1Uow4V7KV+pM/5Gok=", + "lastModified": 1740045415, + "narHash": "sha256-dLg4Re8AdmlTYWu6FHR60cem9fErXnWXRJi6/Du5L3M=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "c045be9425cfdd7769a4e96cab35a7f8b9db7468", + "rev": "a622f76d3f97ce289f2103b6999f80a3732d629b", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1739820990, - "narHash": "sha256-v+MmVqFyjzL9xzyRzfX+1qMIGgoHcW73P9b8RrM922k=", + "lastModified": 1740042509, + "narHash": "sha256-Yk1DXv4oRdbi2P8v4b7GV6wXJaAa5jOK0femtfxlGAg=", "owner": "YaLTeR", "repo": "niri", - "rev": "44c9797844ca7ce8a708d5034f1259ce3fc6bd2a", + "rev": "8885233c7e036a1e279c09e4fd96c1a1669156c3", "type": "github" }, "original": { @@ -1043,11 +1043,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1739758141, - "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=", + "lastModified": 1739923778, + "narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c618e28f70257593de75a7044438efc1c1fc0791", + "rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739822428, - "narHash": "sha256-eVH9Ggf0eojNMoRkksP7SfOMpI8ITLNfmoZrKyfQ8hU=", + "lastModified": 1740048735, + "narHash": "sha256-YUXPBZPacnc5IykkIiDN7Lz/Ka0boLM72z+JJV1YUVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a3a07ac733f5aa4a1b1800d4a4042b65c6a9865f", + "rev": "e493a167e1e3b7c1de669ce78dad0bd93295a83f", "type": "github" }, "original": { @@ -1144,11 +1144,11 @@ ] }, "locked": { - "lastModified": 1739751913, - "narHash": "sha256-H72wNdLOl9CzfimXjDdKWnV0Mr8lpVF4m3HZ2m+fuck=", + "lastModified": 1739902813, + "narHash": "sha256-BgOQcKKz7VNvSHIbBllHisv32HvF3W3ALF9sdnC++V8=", "owner": "nix-community", "repo": "nixvim", - "rev": "3a66c8a33001d8bd79388c6b15eb1039f43f4192", + "rev": "0ab9947137cd034ec64eb5cd9ede94e53af21f50", "type": "github" }, "original": { @@ -1330,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1739845646, - "narHash": "sha256-UGQVBU/yDn6u0kAE4z1PYrOaaf3wl+gAAv5rui2TkFQ=", + "lastModified": 1740074384, + "narHash": "sha256-T2eO9ognlph94/TyAu1uILo38fZG1G4S5FQxG+YBDv0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ab2cd2b8b25ab3f65b8ce4aa701a6d69fbb0210f", + "rev": "d291a120b6524911249b198baf3ec3e07ff57e04", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ ] }, "locked": { - "lastModified": 1739843309, - "narHash": "sha256-BLsy1soiTtyN3nKH3dgpwFJ31a29Njpi6+xD6tsVBo4=", + "lastModified": 1740040284, + "narHash": "sha256-srYId+69Z0dltiqdf2hFPZ6MmqVSF+RoHmiW93YIq1E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6f6ffc8ebcfd2d48477ec2e78d9767a7bfdd9d79", + "rev": "5c9a119496c2d56ef2fcd248ea5c5651f3e9a2bf", "type": "github" }, "original": { From 18210f677839174c283cbc0ddc32ddba7ef9e6d2 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 22 Feb 2025 12:52:11 -0500 Subject: [PATCH 232/410] don't use plasma manager --- home/nixvim/default.nix | 1 + home/yt/ytnix.nix | 1 - hosts/ytnix/default.nix | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 26b8bc6..94895c1 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -201,6 +201,7 @@ installRustc = true; installCargo = true; }; + eslint.enable = true; }; }; plugins.treesitter = { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 2f6c6b2..7221f5c 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -11,7 +11,6 @@ ../irssi.nix ../kitty.nix ../codium.nix - ../plasma.nix ]; home = { username = "yt"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a6bf18d..30a6015 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -284,7 +284,7 @@ libvirtd.enable = true; docker.enable = true; }; - programs.virt-manager.enable = false; + programs.virt-manager.enable = true; services.usbmuxd.enable = true; programs.nix-ld.dev = { From 85331ac96be2f571969f58d1a14937843a78548e Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 22 Feb 2025 12:54:33 -0500 Subject: [PATCH 233/410] flake update Signed-off-by: cy --- flake.lock | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 7931572..63155ba 100644 --- a/flake.lock +++ b/flake.lock @@ -578,11 +578,11 @@ ] }, "locked": { - "lastModified": 1740060750, - "narHash": "sha256-FOC9OzJ5Ckh6VjzGSRh4F3UCUOdM8NrzQT19PQcQJ44=", + "lastModified": 1740245535, + "narHash": "sha256-65Jt61DGE5kVMFut8JLH7Zw8FwxiZV3dTHtHbjtf9mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "0c0b0ac8af6ca76b1fcb514483a9bd73c18f1e8c", + "rev": "7ceacd98a9fc99743ae7d9a5c0a4ea7c72314da6", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740025708, - "narHash": "sha256-TQ8EQoulNFD2nP94Aw3W17cjlV3F+fMpDsV6LOrrkbY=", + "lastModified": 1740242292, + "narHash": "sha256-TqB+T5xMpJceNghzPuEG10eo6G+n60J12YOo/xG2kF8=", "ref": "refs/heads/main", - "rev": "e335a26d5cd8371ea836d1166b627eaf17427299", - "revCount": 17439, + "rev": "184922de1915e2920ebd8b59e072dd41f968d52c", + "revCount": 17447, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -779,11 +779,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1740045415, - "narHash": "sha256-dLg4Re8AdmlTYWu6FHR60cem9fErXnWXRJi6/Du5L3M=", + "lastModified": 1740219878, + "narHash": "sha256-t/kNZLTDelJDRAWaLdfeG97IpqaHjnt/oO9priALSa4=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "a622f76d3f97ce289f2103b6999f80a3732d629b", + "rev": "964d99464ac8330927db693f827027c16a3a3b76", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1740042509, - "narHash": "sha256-Yk1DXv4oRdbi2P8v4b7GV6wXJaAa5jOK0femtfxlGAg=", + "lastModified": 1740117926, + "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=", "owner": "YaLTeR", "repo": "niri", - "rev": "8885233c7e036a1e279c09e4fd96c1a1669156c3", + "rev": "b94a5db8790339cf9134873d8b490be69e02ac71", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740048735, - "narHash": "sha256-YUXPBZPacnc5IykkIiDN7Lz/Ka0boLM72z+JJV1YUVc=", + "lastModified": 1740215764, + "narHash": "sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e493a167e1e3b7c1de669ce78dad0bd93295a83f", + "rev": "8465e233b0668cf162c608a92e62e8d78c1ba7e4", "type": "github" }, "original": { @@ -1330,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1740074384, - "narHash": "sha256-T2eO9ognlph94/TyAu1uILo38fZG1G4S5FQxG+YBDv0=", + "lastModified": 1740191166, + "narHash": "sha256-WqRxO1Afx8jPYG4CKwkvDFWFvDLCwCd4mxb97hFGYPg=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "d291a120b6524911249b198baf3ec3e07ff57e04", + "rev": "74a3fb71b0cc67376ab9e7c31abcd68c813fc226", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ ] }, "locked": { - "lastModified": 1740040284, - "narHash": "sha256-srYId+69Z0dltiqdf2hFPZ6MmqVSF+RoHmiW93YIq1E=", + "lastModified": 1740188781, + "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5c9a119496c2d56ef2fcd248ea5c5651f3e9a2bf", + "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", "type": "github" }, "original": { From f0de5bb3fd513c5671bff148ae2a480512c9ee14 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 22 Feb 2025 12:57:00 -0500 Subject: [PATCH 234/410] can't find editorconfig for some reason --- home/codium.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/codium.nix b/home/codium.nix index 2da9ffc..10aaffb 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -12,7 +12,6 @@ with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide - editorconfig.editorconfig github.github-vscode-theme rust-lang.rust-analyzer shd101wyy.markdown-preview-enhanced From 24efa5183a4e82a8118cf6d2ae3097f9643eb852 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 12:47:42 -0500 Subject: [PATCH 235/410] disable mako, add kotlin vscode extension, add ssh alias for github --- home/codium.nix | 65 +++++++++++++++++++++-------------------- home/yt/common.nix | 5 ++++ home/yt/ytnix.nix | 16 ---------- hosts/ytnix/default.nix | 2 +- 4 files changed, 40 insertions(+), 48 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index 10aaffb..f6c9a04 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -3,40 +3,43 @@ programs.vscode = { enable = true; package = pkgs.vscodium; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; mutableExtensionsDir = false; - extensions = - # if unfree - # with pkgs.vscode-marketplace; - with pkgs.open-vsx; [ - vscodevim.vim - jnoortheen.nix-ide - github.github-vscode-theme - rust-lang.rust-analyzer - shd101wyy.markdown-preview-enhanced - ]; - userSettings = { - "workbench.colorTheme" = "GitHub Dark Default"; - "files.autoSave" = "afterDelay"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 16; - "editor.wordWrap" = "on"; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + extensions = + # if unfree + # with pkgs.vscode-marketplace; + with pkgs.open-vsx; [ + vscodevim.vim + jnoortheen.nix-ide + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + fwcd.kotlin + ]; + userSettings = { + "workbench.colorTheme" = "GitHub Dark Default"; + "files.autoSave" = "afterDelay"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 16; + "editor.wordWrap" = "on"; - # vim mode settings - "vim.handleKeys" = { - "" = false; # file tree toggle + # vim mode settings + "vim.handleKeys" = { + "" = false; # file tree toggle + }; + "vim.normalModeKeyBindings" = [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + ]; + "workbench.startupEditor" = "none"; }; - "vim.normalModeKeyBindings" = [ - { - "before" = [ ";" ]; - "after" = [ ":" ]; - "silent" = true; - } - ]; - "workbench.startupEditor" = "none"; }; }; } diff --git a/home/yt/common.nix b/home/yt/common.nix index 11d8c7c..b7c586e 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -58,6 +58,11 @@ }; help.autocorrect = 1; "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; + url = { + "ssh://git@github.com/" = { + insteadOf = "https://github.com/"; + }; + }; }; }; programs.ripgrep.enable = true; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 7221f5c..a7f9e52 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -148,22 +148,6 @@ programs.waybar.enable = true; programs.feh.enable = true; - services.mako = { - enable = false; - backgroundColor = "#1a1a1a"; - defaultTimeout = 5000; - borderSize = 0; - borderRadius = 10; - font = "DejaVu Sans Mono 11"; - padding = "10"; - textColor = "#ffffff"; - extraConfig = '' - [urgency=high] - background-color=#c00000 - border-color=#ff0000 - ''; - }; - xdg.configFile = { rofi.source = ../rofi; waybar.source = ../waybar; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 30a6015..d6bd53e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -153,7 +153,7 @@ git python3 wl-clipboard - mako + # mako # sway config uses this tree kitty borgbackup From 0250624887b1bb3a496a4012b5dd3ca2ad02b67b Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 13:08:07 -0500 Subject: [PATCH 236/410] clean overlays and install java --- home/yt/ytnix.nix | 3 ++- hosts/chunk/conduwuit.nix | 4 +--- hosts/ytnix/default.nix | 5 +++++ overlay/default.nix | 8 +------- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index a7f9e52..2f4374b 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -94,7 +94,7 @@ lm_sensors sshfs gopls - anki + anki-bin trezorctl trezor-agent q @@ -143,6 +143,7 @@ )) telegram-desktop jadx + gradle ]; programs.waybar.enable = true; diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 99d3958..3a6638f 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -1,9 +1,7 @@ -{ inputs, ... }: +{ ... }: { services.conduwuit = { enable = true; - package = - inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; settings.global = { port = [ 8448 ]; server_name = "cything.io"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index d6bd53e..0fd41cf 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -427,4 +427,9 @@ services.envfs.enable = true; programs.kdeconnect.enable = true; programs.dconf.enable = true; + + programs.java = { + enable = true; + binfmt = true; + }; } diff --git a/overlay/default.nix b/overlay/default.nix index 6d532cf..6f577ac 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,7 +1,6 @@ { inputs }: let overlays = [ - ./conduwuit ./attic ]; importedOverlays = map (m: import m) overlays; @@ -15,12 +14,7 @@ importedOverlays stable = inputs.nixpkgs-stable; in { - # bitwarden-cli = pkgFrom stable "bitwarden-cli"; - # roundcube = pkgFrom stable "roundcube"; - # lldb = pkgFrom stable "lldb"; - # calibre = pkgFrom stable "calibre"; - # nil = inputs.nil.packages.${prev.system}.nil; - # anki = pkgFrom inputs.anki "anki-bin"; + conduwuit = inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; } ) ] From 61cff0928063fd0d31c9fdbfaaf4942ff3661813 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 13:17:30 -0500 Subject: [PATCH 237/410] remove legacy computers --- flake.nix | 22 ---------------------- overlay/default.nix | 3 ++- 2 files changed, 2 insertions(+), 23 deletions(-) diff --git a/flake.nix b/flake.nix index b9d76bf..f0989ac 100644 --- a/flake.nix +++ b/flake.nix @@ -208,19 +208,6 @@ ./modules ]; }; - - titan = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/titan - disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - ./modules - ]; - }; }; homeConfigurations = let @@ -246,15 +233,6 @@ inputs.nixvim.homeManagerModules.nixvim ]; }; - - "codespace@codespace" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/codespace.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; }; }; } diff --git a/overlay/default.nix b/overlay/default.nix index 6f577ac..03dab16 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -14,7 +14,8 @@ importedOverlays stable = inputs.nixpkgs-stable; in { - conduwuit = inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; + conduwuit = + inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; } ) ] From ba315d4eb04ada21200199b16416f5c2d8ac341a Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 13:17:49 -0500 Subject: [PATCH 238/410] flake update Signed-off-by: cy --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 63155ba..b808228 100644 --- a/flake.lock +++ b/flake.lock @@ -578,11 +578,11 @@ ] }, "locked": { - "lastModified": 1740245535, - "narHash": "sha256-65Jt61DGE5kVMFut8JLH7Zw8FwxiZV3dTHtHbjtf9mk=", + "lastModified": 1740318342, + "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", "owner": "nix-community", "repo": "home-manager", - "rev": "7ceacd98a9fc99743ae7d9a5c0a4ea7c72314da6", + "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740242292, - "narHash": "sha256-TqB+T5xMpJceNghzPuEG10eo6G+n60J12YOo/xG2kF8=", + "lastModified": 1740318097, + "narHash": "sha256-lCRwHfZqpXO/Q98WCTD0eOWvKpA2J4ANLxrDzd3aWJw=", "ref": "refs/heads/main", - "rev": "184922de1915e2920ebd8b59e072dd41f968d52c", - "revCount": 17447, + "rev": "aaab224bea76cc6882884f9223b4bec2a781ebd4", + "revCount": 17460, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -779,11 +779,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1740219878, - "narHash": "sha256-t/kNZLTDelJDRAWaLdfeG97IpqaHjnt/oO9priALSa4=", + "lastModified": 1740326457, + "narHash": "sha256-C1tiPRIXI6Z5vd3pz26/JQ/p+VaG2eKD6PNk8ZqFW1E=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "964d99464ac8330927db693f827027c16a3a3b76", + "rev": "23b0234ac1b03709a0cec40e84d293f083859dc9", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1740117926, - "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=", + "lastModified": 1740251548, + "narHash": "sha256-53kgDwNYEPIZadX5SEk7+OoTXycHm1QUF7x2XCoo9+U=", "owner": "YaLTeR", "repo": "niri", - "rev": "b94a5db8790339cf9134873d8b490be69e02ac71", + "rev": "bca65452882e1e616045e21a0a9a4a0b7024239b", "type": "github" }, "original": { @@ -1043,11 +1043,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1739923778, - "narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", + "lastModified": 1740162160, + "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", + "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740215764, - "narHash": "sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk=", + "lastModified": 1740301968, + "narHash": "sha256-eDAiNagpMExcLoSIgjdef2ZYyvjuy1VTF8r9OZXCMGc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8465e233b0668cf162c608a92e62e8d78c1ba7e4", + "rev": "b7fe81518095c48a8ba94fc7cfe5c0fc8370851b", "type": "github" }, "original": { @@ -1330,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1740191166, - "narHash": "sha256-WqRxO1Afx8jPYG4CKwkvDFWFvDLCwCd4mxb97hFGYPg=", + "lastModified": 1740277845, + "narHash": "sha256-NNU0CdiaSbAeZ8tpDG4aFi9qtcdlItRvk8Xns9oBrVU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "74a3fb71b0cc67376ab9e7c31abcd68c813fc226", + "rev": "f933070c29f9c1c5457447a51903f27f76ebb519", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ ] }, "locked": { - "lastModified": 1740188781, - "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", + "lastModified": 1740275623, + "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", + "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", "type": "github" }, "original": { From 81d442200baf3dfc226d45ae9ab94ca9fe4dd2f2 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 13:44:49 -0500 Subject: [PATCH 239/410] zsh: enable presto and disable casesensitive --- home/zsh/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 52fd38a..1652219 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -36,6 +36,12 @@ searchUpKey = "^p"; searchDownKey = "^n"; }; + + prezto = { + enable = true; + caseSensitive = false; + }; + initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL From 2e7c178862268649e039b88ae3393e9c66b72214 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 18:07:48 -0500 Subject: [PATCH 240/410] upgrade and patch zipline --- modules/zipline.nix | 10 ++---- overlay/default.nix | 1 + overlay/zipline/default.nix | 8 +++++ overlay/zipline/no-check-bucket.patch | 45 +++++++++++++++++++++++++++ secrets/services/zipline.yaml | 6 ++-- 5 files changed, 59 insertions(+), 11 deletions(-) create mode 100644 overlay/zipline/default.nix create mode 100644 overlay/zipline/no-check-bucket.patch diff --git a/modules/zipline.nix b/modules/zipline.nix index b66cad6..744f3dc 100644 --- a/modules/zipline.nix +++ b/modules/zipline.nix @@ -15,18 +15,12 @@ in services.zipline = { enable = true; settings = { + CORE_HOSTNAME = "127.0.0.1"; CORE_PORT = 3001; DATASOURCE_TYPE = "s3"; - DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + DATASOURCE_S3_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; DATASOURCE_S3_BUCKET = "zipline"; DATASOURCE_S3_REGION = "auto"; - DATASOURCE_S3_USE_SSL = "true"; - DATASOURCE_S3_FORCE_S3_PATH = "false"; - FEATURES_THUMBNAILS = "true"; - EXIF_REMOVE_GPS = "true"; - CHUNKS_CHUNKS_SIZE = "50mb"; - CHUNKS_MAX_SIZE = "95mb"; - FEATURES_OAUTH_REGISTRATION = "true"; }; environmentFiles = [ config.sops.secrets."zipline/env".path ]; }; diff --git a/overlay/default.nix b/overlay/default.nix index 03dab16..6a824d1 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,6 +2,7 @@ let overlays = [ ./attic + ./zipline ]; importedOverlays = map (m: import m) overlays; in diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix new file mode 100644 index 0000000..72ec089 --- /dev/null +++ b/overlay/zipline/default.nix @@ -0,0 +1,8 @@ +final: prev: +{ + zipline = prev.zipline.overrideAttrs { + patches = [ + ./no-check-bucket.patch + ]; + }; +} diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch new file mode 100644 index 0000000..9d1c756 --- /dev/null +++ b/overlay/zipline/no-check-bucket.patch @@ -0,0 +1,45 @@ +diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts +index 089dd64..39dd8f4 100644 +--- a/src/lib/datasource/S3.ts ++++ b/src/lib/datasource/S3.ts +@@ -4,7 +4,6 @@ import { + DeleteObjectCommand, + DeleteObjectsCommand, + GetObjectCommand, +- ListBucketsCommand, + ListObjectsCommand, + PutObjectCommand, + S3Client, +@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource { + endpoint: this.options.endpoint ?? undefined, + forcePathStyle: this.options.forcePathStyle ?? false, + }); +- +- this.ensureBucketExists(); +- } +- +- private async ensureBucketExists() { +- try { +- const res = await this.client.send(new ListBucketsCommand()); +- if (res.$metadata.httpStatusCode !== 200) { +- this.logger +- .error('there was an error while listing buckets', res.$metadata as Record) +- .error('zipline will now exit'); +- process.exit(1); +- } +- +- if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) { +- this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit'); +- process.exit(1); +- } +- } catch (e) { +- this.logger +- .error('there was an error while listing buckets', e as Record) +- .error('zipline will now exit'); +- process.exit(1); +- } finally { +- this.logger.debug(`bucket ${this.options.bucket} exists`); +- } + } + + public async get(file: string): Promise { diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml index b82f9a3..0d233c3 100644 --- a/secrets/services/zipline.yaml +++ b/secrets/services/zipline.yaml @@ -1,5 +1,5 @@ zipline: - env: ENC[AES256_GCM,data:lsR/+bET/C7ssik0xv5IBITT+KEnoyqNjSZ9jvkkb7lmNAQzow6dCm1nprfimiJC0EF2LyiEPm0wchdtrLTNEtUkJWkworEJXeWGrGGbHgZW0/HC1BSERqlLmZTPyLWkhsl3rObvuhRoTKlUN5EMwtK8x06aOX6PcxLdwVjps7UxkBXej712IcKPvHVSJIQMvVHP2lqSppJc+sEMt4u3Vnf1ZYGsQS3bWnI7w40sOdGR8LGBadfmWwIj0/3XTaG7S7Lhi4AOFGZtpdyOmxxIH3Vd5qesfiqPHm0nTmu/JxPftYm+F/hDnbJHrbg7cNVlJahDFtQp8QdlVvdMU3ccNptpRXGWIwFOz3JtuzDo7pxkYRqO2dKqYbKhOknrMW0PYuB48XEKj3e4Q+T8tUhFTsOHfqT0J8ati26dQaUO5wvw22o=,iv:QeR8fU9bRVO5OuqjbEeiC1vihbLxrNgnR0k0K/mRmSw=,tag:6x2XELOlJ9JWeOuVBBHNpg==,type:str] + env: ENC[AES256_GCM,data:5n056AoWvM4PXBCxm+tk2G9qOugRpA/n5YRrxTtB7XBBQmRQNaP2a6AbAnWX665yFGQsB0iHdSER3sY78RqUL0gFKupVq1UAT8A2Wi0HqcFMqUs2drXjIksdmI6hTLk9TCxtPy0VbPieIshO2VEYesUqitTZ01i8Hj5CyF8yFC6t9eQ2L9iKLm5gje80MoqQT4IFx+V5B4ExP3fzhcpfr8StGHKHvG59nc40KQAW38i/95H3nncScOBfSQSNH61wLnDjecr8srxELO/j2iOKD9JzmqYLQr8TLKNw7KIIhDMAmuNeQhG1YXtj7/nj6gHN6cHpcHPgUdWID/Y6MHcndDCIJnyC2Qeod5ShOn53IjL7C8VZ940o9LfwNz22sx1SYZEwRGktIhUY0c4IL/4bUvhxwTcMH9ITYU8eVfG/QSnr8B4=,iv:juf0dRagztirDN89Jj+v8k62BBl9TU12A8TdR/m8qDA=,tag:WakN+bOYfF4YrleIsAg+OQ==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +24,8 @@ sops: WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-14T03:37:09Z" - mac: ENC[AES256_GCM,data:KViPAUWWpE5UTZOp55f3QeXhHkXBvyl9Np/Tlj5bY7t3qt1U370OLq1yL87WWbvRWa/K/ZYN2gjN16dgfp5o834VniSJM6dnw+vC76QNaXjCfE2HKozRx6NlHFMflzzV8TXvqzJvuPa43E8DRaBctY2a7aIbJ4DJki1dfmrrO3Y=,iv:vPeMWOWQNZX3t4BoYzpuI74tZJ3rCXwbxmqcRAW5ZXY=,tag:i4ZjIXg0JOj2U2jMwurChw==,type:str] + lastmodified: "2025-02-23T21:43:15Z" + mac: ENC[AES256_GCM,data:nI7xnLUMtseY9q8XZ3owb6qtRBtaRmmNNK4Z5ELHaI85VowdItZXMFN9faCVuCVTzhKp/4WC8jm96k7eWxytzW6r6KRvKDrUaRV27UweraK2Oe8et7u+oIEPh6HkNuZFB+qPiFYdfc+qQeTIKwayEVLeVWyvQKVDBhBxZd9UArg=,iv:q4hRQVat+LHVbYnF6QLE8iBdBeacJVUBKmMe4tbU8YU=,tag:6m4+SU1BFXMPORqe9vgXAw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 From a82a616f112f1ac788d85172bf6a1d87abb1222d Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 23 Feb 2025 18:11:19 -0500 Subject: [PATCH 241/410] cleanup overlays, don't use prezto, remove wireguard code, some time and network stuff --- flake.lock | 17 ----------------- flake.nix | 3 --- home/zsh/default.nix | 9 +++++---- hosts/chunk/default.nix | 19 +++++-------------- hosts/chunk/rclone.nix | 4 +--- hosts/common.nix | 33 +++++++++++++++++++++++--------- hosts/ytnix/default.nix | 42 ++++++++++------------------------------- 7 files changed, 45 insertions(+), 82 deletions(-) diff --git a/flake.lock b/flake.lock index b808228..2042b1e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "anki": { - "locked": { - "lastModified": 1739471491, - "narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248", - "type": "github" - }, - "original": { - "owner": "cything", - "repo": "nixpkgs", - "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248", - "type": "github" - } - }, "attic": { "inputs": { "crane": "crane", @@ -1281,7 +1265,6 @@ }, "root": { "inputs": { - "anki": "anki", "conduwuit": "conduwuit", "crane": "crane_2", "disko": "disko", diff --git a/flake.nix b/flake.nix index f0989ac..13c9409 100644 --- a/flake.nix +++ b/flake.nix @@ -100,9 +100,6 @@ flake-utils.url = "github:numtide/flake-utils"; crane.url = "github:ipetkov/crane"; flake-compat.url = "github:edolstra/flake-compat"; - - # unmerged PRs - anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248"; }; nixConfig = { diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 1652219..0697fbc 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -37,10 +37,11 @@ searchDownKey = "^n"; }; - prezto = { - enable = true; - caseSensitive = false; - }; + # prezto = { + # enable = true; + # caseSensitive = false; + # editor.keymap = "vi"; + # }; initExtra = '' # disable control+s to pause terminal diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index aeb7906..acae89a 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -10,13 +10,11 @@ ./backup.nix ./rclone.nix ./postgres.nix - ./wireguard.nix ./adguard.nix ./hedgedoc.nix ./miniflux.nix ./redlib.nix ./vaultwarden.nix - ./wireguard.nix ./grafana.nix ./conduwuit.nix ./immich.nix @@ -48,15 +46,6 @@ "hedgedoc/env" = { sopsFile = ../../secrets/services/hedgedoc.yaml; }; - "wireguard/private" = { - sopsFile = ../../secrets/wireguard/chunk.yaml; - }; - "wireguard/psk-yt" = { - sopsFile = ../../secrets/wireguard/chunk.yaml; - }; - "wireguard/psk-phone" = { - sopsFile = ../../secrets/wireguard/chunk.yaml; - }; "miniflux/env" = { sopsFile = ../../secrets/services/miniflux.yaml; }; @@ -100,11 +89,13 @@ ]; allowedUDPPorts = [ 443 - 51820 53 853 - ]; # 51820 is wireguard - trustedInterfaces = [ "wg0" ]; + ]; + extraCommands = '' + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2 + ''; }; networking.interfaces.ens18 = { ipv6.addresses = [ diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index be833af..4b33e34 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -34,7 +34,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic "; + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; }; }; @@ -55,6 +55,4 @@ ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; - - programs.fuse.userAllowOther = true; } diff --git a/hosts/common.nix b/hosts/common.nix index c4bc548..a891665 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -41,15 +41,30 @@ ''; registry.nixpkgs.flake = inputs.nixpkgs; }; - time.timeZone = "America/Toronto"; - networking.firewall.logRefusedConnections = false; - networking.nameservers = [ - # quad9 - "2620:fe::fe" - "2620:fe::9" - "9.9.9.9" - "149.112.112.112" - ]; + + time.timeZone = "America/New_York"; + networking = { + firewall.logRefusedConnections = false; + nameservers = [ + # quad9 + "2620:fe::fe" + "2620:fe::9" + "9.9.9.9" + "149.112.112.112" + ]; + timeServers = [ + "ntppool1.time.nl" + "nts.netnod.se" + "ptbtime1.ptb.de" + "ohio.time.system76.com" + "time.txryan.com" + "time.dfm.dk" + ]; + }; + services.chrony = { + enable = true; + enableNTS = true; + }; # this is true by default and mutually exclusive with # programs.nix-index diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 0fd41cf..b936a8b 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -20,12 +20,6 @@ "services/ntfy" = { sopsFile = ../../secrets/services/ntfy.yaml; }; - "wireguard/private" = { - sopsFile = ../../secrets/wireguard/yt.yaml; - }; - "wireguard/psk" = { - sopsFile = ../../secrets/wireguard/yt.yaml; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; @@ -89,10 +83,14 @@ networkmanager = { enable = true; dns = "none"; - wifi.backend = "iwd"; + wifi = { + backend = "iwd"; + powersave = false; + }; }; resolvconf.enable = true; firewall = { + enable = true; allowedTCPPorts = [ 8080 ]; # for mitmproxy }; }; @@ -105,9 +103,7 @@ alsa.enable = true; alsa.support32Bit = true; wireplumber.extraConfig.bluetoothEnhancements = { - "wireplumber.settings" = { - "bluetooth.autoswitch-to-headset-profile" = false; - }; + # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration "monitor.bluez.properties" = { "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; @@ -115,6 +111,10 @@ "bluez5.roles" = [ "a2dp_sink" "a2dp_source" + "hsp_hs" + "hsp_ag" + "hfp_hf" + "hfp_ag" ]; }; }; @@ -375,28 +375,6 @@ services.ollama.enable = false; - # wireguard setup - networking.wg-quick.interfaces.wg0 = { - autostart = false; - address = [ - "10.0.0.2/24" - "fdc9:281f:04d7:9ee9::2/64" - ]; - privateKeyFile = config.sops.secrets."wireguard/private".path; - peers = [ - { - publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; - allowedIPs = [ - "0.0.0.0/0" - "::/0" - ]; - endpoint = "31.59.129.225:51820"; - persistentKeepalive = 25; - presharedKeyFile = config.sops.secrets."wireguard/psk".path; - } - ]; - }; - services.trezord.enable = false; programs.niri.enable = false; From 131b4b26144d3037219d18e1adda4025191d687a Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 24 Feb 2025 13:23:38 -0500 Subject: [PATCH 242/410] implement traffic control, remove adguard, misc tailscale stuff --- home/yt/ytnix.nix | 3 +++ hosts/chunk/default.nix | 25 ++++++++++++++++++++++--- hosts/chunk/tailscale.nix | 3 +++ hosts/ytnix/default.nix | 6 +++++- hosts/ytnix/tailscale.nix | 7 ++++++- 5 files changed, 39 insertions(+), 5 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 2f4374b..03e3bb9 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -144,6 +144,9 @@ telegram-desktop jadx gradle + localsend + scrcpy + syncthing ]; programs.waybar.enable = true; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index acae89a..2322005 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,5 +1,6 @@ { pkgs, + lib, ... }: { @@ -10,7 +11,6 @@ ./backup.nix ./rclone.nix ./postgres.nix - ./adguard.nix ./hedgedoc.nix ./miniflux.nix ./redlib.nix @@ -92,9 +92,28 @@ 53 853 ]; - extraCommands = '' + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off + + # clear existing rules + ${tc} qdisc del dev ens18 root || true + + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 20 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100% + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100% + + # mark traffic iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2 + + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 ''; }; networking.interfaces.ens18 = { diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix index e170e6b..17ff521 100644 --- a/hosts/chunk/tailscale.nix +++ b/hosts/chunk/tailscale.nix @@ -7,6 +7,9 @@ "--advertise-exit-node" "--accept-dns=false" ]; + extraDaemonFlags = [ + "--no-logs-no-support" + ]; useRoutingFeatures = "server"; openFirewall = true; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b936a8b..a3d4e13 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -91,7 +91,10 @@ resolvconf.enable = true; firewall = { enable = true; - allowedTCPPorts = [ 8080 ]; # for mitmproxy + allowedTCPPorts = [ + 8080 # mitmproxy + 22000 # syncthing + ]; }; }; programs.nm-applet.enable = true; @@ -223,6 +226,7 @@ "/home/yt/.local/share/Steam" "**/.wine" "/home/yt/Games" + "/home/yt/Videos" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix index 63489ae..17db0c5 100644 --- a/hosts/ytnix/tailscale.nix +++ b/hosts/ytnix/tailscale.nix @@ -6,8 +6,13 @@ openFirewall = true; useRoutingFeatures = "client"; extraUpFlags = [ - "--exit-node=100.122.132.30" + "--exit-node=chunk" "--accept-dns=false" + "--operator=yt" + "--exit-node-allow-lan-access" + ]; + extraDaemonFlags = [ + "--no-logs-no-support" ]; }; } From f5096f39175335545e6988ccfee9def3e75e101b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 24 Feb 2025 21:38:02 -0500 Subject: [PATCH 243/410] make attic better --- flake.nix | 2 -- hosts/chunk/attic.nix | 22 ++++++++-------------- hosts/common.nix | 2 -- overlay/attic/concurrent-32.patch | 13 +++++++++++++ overlay/attic/default.nix | 3 +++ secrets/services/attic.yaml | 8 ++++---- 6 files changed, 28 insertions(+), 22 deletions(-) create mode 100644 overlay/attic/concurrent-32.patch diff --git a/flake.nix b/flake.nix index 13c9409..ba2a9ed 100644 --- a/flake.nix +++ b/flake.nix @@ -104,7 +104,6 @@ nixConfig = { extra-substituters = [ - "https://cache.cything.io/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" @@ -112,7 +111,6 @@ "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index c41e985..464c8b7 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -7,32 +7,26 @@ settings = { listen = "[::]:8090"; - api-endpoint = "https://cache.cything.io/"; - allowed-hosts = [ "cache.cything.io" ]; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ "cache.cy7.sh" ]; require-proof-of-possession = false; compression.type = "zstd"; database.url = "postgresql:///atticd?host=/run/postgresql"; storage = { - type = "local"; - path = "/mnt/attic"; + type = "s3"; + region = "auto"; + bucket = "attic"; + endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; }; garbage-collection = { - default-retention-period = "3 months"; - }; - - chunking = { - nar-size-threshold = 0; # disables chunking - min-size = 0; - avg-size = 0; - max-size = 0; - concurrent-chunk-uploads = 32; + default-retention-period = "2 weeks"; }; }; }; - services.caddy.virtualHosts."cache.cything.io".extraConfig = '' + services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' import common reverse_proxy localhost:8090 ''; diff --git a/hosts/common.nix b/hosts/common.nix index a891665..748f6d5 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,7 +10,6 @@ "@wheel" ]; trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" @@ -18,7 +17,6 @@ ]; substituters = [ "https://aseipp-nix-cache.global.ssl.fastly.net" - "https://cache.cything.io/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" diff --git a/overlay/attic/concurrent-32.patch b/overlay/attic/concurrent-32.patch new file mode 100644 index 0000000..639c1ec --- /dev/null +++ b/overlay/attic/concurrent-32.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/config.rs b/server/src/config.rs +index 4412cbf..6dd483a 100644 +--- a/server/src/config.rs ++++ b/server/src/config.rs +@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration { + } + + fn default_concurrent_chunk_uploads() -> usize { +- 10 ++ 32 + } + + fn load_config_from_path(path: &Path) -> Result { diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 5e4161b..ea0cb05 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -16,6 +16,9 @@ final: prev: { cargoLock = null; cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; useFetchCargoVendor = true; + patches = [ + ./concurrent-32.patch + ]; } ); }; diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index 82b0f57..c4ba9a1 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:kwQltWs8MMEJ9SEz/EIKoMNy1DDfz/tCsCVYNkvCy3/m/o8uXtgwc/F3QKBD6Gwc4P27e7Bv1w1ZpBqwHDS5qe+YD5gEg6Z7JSXKaJlG9AAZhOOhg/Qyqib7HTw/bZQH77QVxo/KwEaHzId6IGoUKAS0kimiyqOV2UiAN0O0JZtaWIkC9WmoTcjr+z/2x4mSFJJnRzS7u4wQj6Aqnuc1fmePHcsehy/8hyhD36E9jHm60LG4MgZKC44i5U+FqlidQg1/Jl26pblbGhdWnFu52YdnuguIttumMdGJwgvj9uu6p5bHF7QSbmmx8GlMx9xG0ogq2mi/FClvfd//BRVAOd/5+fcbptt/NRfawCUrxqkUqyj/v3WSym/HtQ9+EZ07vScl4ILnswWQ8nw4UlZSjhDhTuZ1WB5iSANZYmRoB2weSPAKNWqYodwXOR4dFyuj6lJXi7lIBlUzkgA/1q+gsKS+VBhNg8TvuBPpvmN0YlkVPn8xjShM+jcQJF7aeXymW4EjGe8ctraU1cRiC3Hn8dVuODKccSqgJK0AD0SjdCXPjM+drUm5D3BLF/gLNJsEprz+Sirkb0tljapLoR1Zc9CwPeX01wmVKZq8nYqSAEwAiJYYUb0HcO9HMFbWLkw8GNIvKhoKq2NW2zo+Fxc3Wm8vTSieji4TJd8v6cmdFeE4e6i2PPr0m1zxupIvCXCi9ZUT9lvmYlM7kZK3FZYa7rW4i9D5TFsD1K7E1uRRWdqQbnY8vJxpXD7fyRuwz8cqDEyX3me5vT4fNxSbQIr0PS3YW09ijagY9kTn7PkRLDB4Zzswe4yLybWCqHVsuvUlFaOA9M9WQWTxdooHcENtJRADRFdS6fx5QTMcugGMFGYrGt37LDhE/xasGO9GpS6EpoaO81EvSMgobVqHcQlXFjk/+645g+fx9Y9sN3SOB5CBNz9BOsyeTL27coNwAvo+NOCOHZ+3rW2voiU9ybHWgujySyKqxAHZjJ18KEvFv0mWG0thuftL4+hx8sxJ2HfjawlIt/YcXHRP2CpmVICQcJZle7UUYCqDR5On/NTHzAABe4SRBunGJP/2jZ3Qg5dRkxJr0TZStCJT7TzO2R1+YafhOSJIATQN4M9FP0S3GU1e619xKRroupmBducCSDB/fUgiGoN+rGXFadPs7bZc1BmGKwDHBvJ29OrQT2oPsdUTHGo1KR/cWNIvkqJAIsa181hMgz7GiW8DwENkvlY17KOEOnCQcsLHO8Hk1B8g/kWlowPjGnvhK5cI5NvZmej5B77uNPjZy31ZR2Mpt6O/k0wtpdl03ooSdr3MsmR1oChD2oAhpvoYzC7vvhJsd7r1EGUZdo087WZWN0Chmjg/7aFDmcu/dtfkvl6lSAtFog46MgmMcFFjkEMiIIs3SmY00rrhdqWHoT4nARwQkqy3GkrAykyxyu9/WpTf77CVNiKKiLAJNpkEqPmHRYj5tXHDjw1yK/sp+TRe0vn45DJ+ZRfsySmb/5YeME/nioIBNkETh6J1hXj9BMtXyXmz1G+/RlvUDxQMOxW9UqvD3N1sukQ5dHkjiteY0TaJ05OAMSxIk7XRdomljjLA8FF+CvhH5bbpZ5IpkKYxa4IPzxBx4y5JeSpujke8nMGjV5ulqLkFchua8UQPzYABpGoDrOKmWs7ZQoUzQULbsy5INhCOiDKV82Pl6CI5zgBh40d+RKCcOLd8fCaxB3m4NiHio9+nXM7/MEIQFXrpHLrYo8WXgm1L8ik1Gi+8gPP1VcwoX4a4z0tkSID/UnZqWOCVP/URW5D563iG0xl4Mvc55xgyp6Un82higVLWmYkW04ta33pCvu/3RcEAuRAU1Z7a4dq8CacQbqTpHjNw/bArI+hxHODiAPv3DU/jfhhyn/JMDOUnObjNCWxnfpYBJu244Rgmm8CS6YSCxsswnjMmG+rHtPbaOe3FDH2RzdXtRqJ7JxQdPQcV6Pi5bwQAc89vi7WAe94IziFWFQaNDBJc68J/881cGhGikV1mCW4AV26mVbbbrUZo6frKTelBDufD4J/ISPUmCFPppc+uHhCoqdXZ+ONPP00HR1ka4pubzKz+LOQh1G6Rf6PtdfbK/g60RkjhQ/xtA0fRt4O2CIqRZ46Xmyx9jO08zJIW1B+mSpAKWVyZ+ZSqo8x894/sHLWfIsjBIybe6nB9xzLo4hbc3DQpFUNlwWZFpKEFtdNl2/Ww+U4hdjLLZpTQAPbUUjlS/jcAJT2tNMsi7ujy8xgdsbRUp6QpxE9LVl1ChiwQVwwKNHimt5sFlYp8H6j9LUuoL8kIDPRi/9govHrP39GkS294MFjyHeHhZlwfbFrHO1+UowTbl1qTh+YG9/NS3ZN1dAEJs2ZD9AxRH/6m8Cbi1LH+LzZm/0kmM4HgJLqzoTmsB5YjiWA9P6ORbdeM0+4o+6CjuihLOzmc7GMDzeidde4uvoCbKCAsJh8iTEsgGbTHvCys/qo0G5goL+DispSclZwU64tGhJb7SgZCPkl4+2+qFMgjKJ3PO7IodBqETwL3poAEknbwXCuuFNLpDJymwt9G2F86Neky/G1Npsswc6UiKJSzEvyDSR+inxlSuD7MRJu6ujuMdqtBMhTKObHvu/JxE+zVHF3aePYnk78xHTLKl2C7NAVR5/sD3tvo9uxX7SuYWjDcYYIrH/DuWhAIvwBzFEO8tsDGPfg65cF691FOQmuKHWWTJx3tNgoQYelfyoxRI8ao9dIY6Jcwf/FB1NUQr9iw/sfn+w3ojqBqpin46f6xrSc40WgrnQibEoPk1bvK6aZvXYWpdOv/7C29X6amnOBvlCvt+T4/WpXPO9qM/nu1MvFI3ZtNRnJViRRMxjw9wbxxVXPmXD5BqW6SZTI1W03IAu7hNz3aHELB8vZBaAdZ8jGRw+vYsoopjMTFNW/98HVwlRlcz4x0V0FKls5l1FI55rSHjDOLUZdsqyot66TkT5wZ7HHUIFt8MsaXSjZIKRJ166d4Z3435VKWog6LqDrpFiShwRTJpMWNVJNWQLT/7f8clvexqk7v5u6q7C7mq8rOA32UlRFKg3O9ruI8iutyhp2QYdFM6p2l256Tr+Lf3AL7hNA6GSt79Kb9DxXnBl7+IP7vQTZhUDU/hM/z84e+fYagMOMQDSQzfOIC/0H4tnVQk1kQa90pihvvo2A3y98V299kMqc68jw2xMfIIshXLsg/tqpeApSnIKcSrKX6TqHeXn9ZJe4uuzK4tYGhpYfx1ceIFWd25hIjiMrjkb5HjTQqvwrTqrc4gdJ/20J6sSn0p/aAI6BT+UqzRs2cdVMmEK6zTvHmdRnxAMkQ8NAo56UZej9YoGa7fKt5fJMVyll1muZjLp3rRDuZdBpGM4VixLw+OFou/HSdjfcVXQNTlLGIRD+WVyxX662BmvvWjctN5upNhZ3Ale9XrTmQhG2yClM/gQzKSfRi6aLi12N111vdj4Ug2iFxlg9v5KCsRSTQ416BGJFh8a1bAJYFbdd/8yCWvRt1QbdqXWKmpa5S2Ufuivhr7ajX6W+PbEG8XlnIhxAe3xTxsXuGwMhrHBzsBLXDkzZPjSIrMGznBt5+TDy2MCqqiqMepV4YHldyM3jLBPpyFxc5Ut7bT5bF/+01n894Rfi15txJnFV4YWsu2nwECnfLJtJ2iMPlaBwFqT5xyM95B9IuTanSG6UmY3hfcYwHGVdAS1GULnvdVSPFsdSCxR17pyslDARLu7uRNXe3l4z1mdmI5YX10AYphJY0lt5//EFzwNqpRtubYHwxpecaeQXlTHT1fYIz5gwnPny0pBKnqDqF4RZgl7PkSJci3PQS9R2QFNRX+3VzJ13AXE/DPzn7EcJKhajEgVAQN8vDooZ5xLjFPyqgo8hkFbDPF1554eoHm7XC+iw0SSDoLKMSsLPLGwu/jq9bBa5GTCTQ02gx1pVBKVpi/+PjXd+Vl3H7ElvCRNtUErBSNmzKSXFfCRmShZOHB2kJnyuX2IQ+6dEiOBAztx7mBFsmwbC0xvmnBwWx6nn6mbeY+3P82dLrkd8j+uH6bnuMz4rXLc1wonmLSxOQLArUVRDRls6Ng0nDw5VYgX08dMVlJ+NtBL4ra3gbM/CVIddIBRWbgPXttUZs277I2SaZ7KdCrO3pZo7WIApy9akeL2hOGR9kvLBn8uOw6mW77BjjAqH2rVTlfUbb1inAxyrUe6TGHF4uCTavE2Yge37CAFnUwChwN9M84oCfiq2XEM2+CARzhiByAvyFihLvZtrUaUq5le3g1ay67XbCYQ67l+Lrkm9Ktdt1nLEG2lnBuyFDSwnBIPH9KbWw5YGBMq28Gvadjo/3SmKsFaEuh43aiYbB3t9klBi8fpS1Blog0vtPlJC22sLu3u9OkRkeHXwxw5I4ta2E2ii0ZB8DlYmgrYJ2Hn3hwwPQMwdCXiGRBD70PJrDJV2hMitFP9QjW5Gwj5UGnjaPRK7M1x2nai16UAJ2yg7/s6lX9uldEC0JguvvcqRJ1ZlvT4IYRJSlafdb2YaLkEhitMsY3gSEgjkQ+d/qCCv68PdhO8orozBVRqXzAvGuzGAmuD3U54J6/ADZWikKH+5tqhb9DqaD2Q5SGgPkqai1rlkohkS/HBn7cKGKiHHDm1Szv+pUNX3sfFcwV+2H2nfBjZeySd60aU+DFnVGCv09WA4HP+gD/sC8CBuke9pTnGRkzYQICFDac+6eNGNqt16ELVBab6K+ahQNfE1Mpf+saYTpiMVXw/UM+qUvQi23FjMd3bXbNQoiu+KLt4EA2Hx5ZTp0htPrUnDQtcSsdcEbFK/oIDvzZMhSAaO9XA7AjoTqaEFoR/vVWdKaDjI4gVmdogf9b0BHPg/jGM1Pc9mM0RKh93xI4xZwT6PR73raRjRSIkle/uqSyI2Al/pWTXYioPFeUDhsfBmuRzvHXa8Flq+Cjz9XzPi2n3NK7BuM8+ZayNL5K5VtRrL8xPeWy2spIYJCxAqAP/ES5BZ6WmBKxZq2fKMh3Oigt9CStoChjTIZmx8Nn/QZ6QWfh3feQR4VN90LAEjpUn2dVM3R0I/r5gr9hzeh0Tgg4HePcO5U+zhTU4UcBbTVFooyCVxud71EBDs6BdaYzq8mk6ge/kEeyDkOv30dJXyI2039AmwTwvyMaFThUDdAkgfG8UwvYEzrvBfVFsFM9/8NP3w9RPMm4ebvbtgKTloEpIoWUViFT5YhH6bzFJvqJw2czk2EFyzHKfhijMO+6gJX1at21NolNeaFHPvSnD7Arbmv0p1gY60+aSUbx0Cp8DHw5mkRC1r/DC2dJJ1qCwU1Qghyz+/fmrZr0PspTxH8bxJFsVtJ/zdjqi1Ci8YFGOrD8OtIIYpCmQF8cGXx3lyrGKn65xXEegBwRbWh5lQ8WqvRaRWaW+lot0LtpK1vUYJUzPlZTliUYEoujOhTMCPg8LfeUJauvVULo2HT8GTEoWJ8LY+906g/bOqJfukTHHCmwGFaDEtceKyD8kGa2Q1ckHmdh/UnoX/AX0la9ICmCuEDXgbBAoKzMhLEiFpo98Q2XIMpxRRVcDUa6Ovu5gnYYT8xOeyHr2kgsQ2LRjL7fxDGAMMuBkO3szFn4H9f367F0Knbz2vcolt6AlVpfhcMrqPIc0HFVAgLtdxYGm49FWkDiGGGggfRd/pJLX5FD72C7scYTLFP0fxYN13D08U72FcOKcapLLMSETfKrh5u9yp3MNqDqiuhZ+tEnowVkM2ChdE5ce7DdHyS6Sth5MAcs2Z0Nfs2d8wMxQv15dOreLpXGkh3HbEcxZFIZNbpNiJEIp93EgQRJ2viCVJ4CpoMFFzNpARspASxAB/gBS3QsCaiAtv5sEOSSkkNA+P/b/z0iU5gGXyzbGVl2HqW51YxSYvT+gerHwLSLwZoJ/lGGEvI1LwZ9AbxKEIiMp9aSBFea9ZvgLITkZHNpO3QeWXJ5NqdADyRq0d5dSmEzRt8ACEVhCDNxSVrUwHYJokILjjHB0xx5FG2xsB9gaqhB0ZNlA==,iv:cE8zuRVAWVt7sLgnJsiTgwq2CpSsX4cQwIbYAeEv7iQ=,tag:j+VQnlNKapT3eTq4aPebQw==,type:str] + env: ENC[AES256_GCM,data:0qElab1fenlFSuj5GnLIOeSZkj2JX4n+idEg4kwoAoulBG3RxFzHP8zcIW1aDBG3E0trFjdTsrhaIYrfLijgQeDe05kJVJkiLM+wNZGf6w18n90/zDlpbOk9ZKSaqqsqxZ+XItW9Z8VTd2ieTlh75cedBjOaqJkn+DjjxV5YvyqPFJ69xjsbJbt5zWfFeudObiPmTJ1mdto9mMkPAmy2lgUFoXH72tRbkSNqEppylmbuiUF0tO8bpTuAa+o3apcv/tdZkvl6EV7LjTcOWBSkT8OhpGjykdiBLnJmX7yGjPSATbu+RGCkS5ZVCDG0el/RmpgrSZ9uPN6IqZPiop2bHZkAFKM7XBVevOTNmmjMLt+u3yzp5Mk/WdOUEK9vQfMRxperyQhYYtIxGEr/RYpTfV4xO4uW8GQzIg9PLKLrBeHrOrivJ8W83TlzQiBvbTjMLpmh0GFwNHMBNESNrY744PFPYJyumKBTWSzvVtDT6/bWnbmUI4SIbkCPySqu6hqHJDZbwX41oQa1yn3/CnehvAaqelbNbpiOYaYa36HxCpdSZBgiXlAGhQAEgk5VhbqpoKE8OjBdORscB/IT5OXx0dBkiOeYpiCu79LaOkxgnEVWqckwOJLJptvpZGoP81MaYbyLYbxfUHywRKMA74RG4XEJgx6YPmIn1/yRZO4y+BLhNyfTGQY7P6qPVlh9wMwyzXZA2roDLbS3hiJjFaUoOViMmmhxKveBhXQ7BCYspGD0G2L8FkkqZSNRum+LRyI9okMMrRCShz35sIoO4KLcUIq/j/RUdq8tpUy0VPIxjwHVDZ54Ehg7sVdtmJIlO3apCVnSdU+Er8gLwPuOBks6HhdU9u0HXK5Q4xxRcGnmrbdrRlVvauHceyJM/r//1Vgf+0dck75a4I8k6Hh8Pe8uKT3SxQW6Z/xhhq2QN3uE4tKGitpscTVgqVDlUCbMye7b3vjSfXkNiFtp7p9wo9K87osnua0ba3KCgqEzAAT6eRnlVZp/Dq5RaP4IOkYp1F919NkDaZX5t+M2DXvKhIC08nbdqSu6vxRK4KPksUUaYja6w8hjgWsN7VAYH0nKLSOZN8fGF7nNgxLqnh+2bKEQDOQ/Gn3sr/xKONcheKu9RXfoMng0Vd1f+Udg6p6049t9AcHkY2+gd6Cm4fmyZT0Ym50kh63eNI/knDmV/WwOTGld/XcCNwUDbIZl2EHS23rVqoy4XhEHgHIrdN+wh1+zhMW7ZeTBFSIHxYfrziEM33hDQKYYxywWt81tMYjcx2nYKqep1IRuL/9IillZuJ2GTNwidPVFjxgG3/a+0/hghSMr47t/x8EO2YlIoaKkCitkNiRX/4z3t6bfO1UmXxS/hNriFtpXYBVE+v5RHG3ttatbWUxGYU/tSR3at+GJAm22lI7SpEp4kpsLEc7bCNB8m6wqD1rLJ9xQbPqgA6CqTWBCAkVyts1H9QBsRMEJRsleqGZzkjb1p44lAgLUl4YnHCaLWN2En0GmQICetuvl2YecURlXNw6eF166vALvrGB5zGAFFrv7VPIP84okU0yPoxqi/zv0QIl+1p5/avgfYRxhSigeG+caYKs0sqnw5Or7nSh3uwggkt+QvPfXvuzB5P4O2KZOgkziZngeoExLtQSJbZrUuM+qhvt0CiB9m2JyKadSUbBf6mbafSWh6gKTdZRbarWbrvwcEB/b0nBGtNz9QlXcX2msaw8gqu97FVKVtXWAXv7P8Tne/0evb4U7CBCxU3FwsNHIy9VGdbsAWrfHUtYr9NyU9Yhjrncrejbp/0ok08XC2yJ5Lx4fqpibCOD2geHkmTS1EWOMRXqaE1rtroodpzXffzXv/CUXZngH2wc1Jc1NhnTmD/NYA1QviR+wrQGBxrCUz257fER5tYGp7MKNxIEiDPvXBC4SF8XAweoQpMzXof9RHn15CMtNU8+gf9LAltA+H7OZ9N4qyW9R9eXDOOrTW5wNthXqXel+GWSYi2H9H04b+Wf+bG7OwKd2mTpJJ6CREbX7tItBybjH3d7EGU1DGD7IYJhw2IaduqnSywyqgywT1ge07hxziU8E75bpPBDbB4v2+XWBPYItnjAj2BZxBdOIrCTmrMuaewynOAKtHPOn9v/t3wN9pbfEUbFraZGCVytSMJR0lWbhUm28ViO3EHq3DbhVIOLaMimd9Op/IIxjWrcmIvBXT8D/kM+pbYRc4vhfZQXfhFSwmTi5JHTgtaF3wEl8VGMfMLo4fqUz8nrPwJtmvNHP6GvKp9eqrBCtSjvzYD4Z1az9lgQit2rS+fv4XSynNeEZ/IYlDCJDHRCMEKEcJAIxCWRLlXjHMdfWYAMDBCpdrUxFuGuES5/7T0tZS2NbG/n7rMGExJwgAjzbWDe2N0cxegDREJMPJkPq7Q4MzhcmXhvigUYF/qkkpAkaYql5TUIQeWiIu5QsDwdbmED+6X84qKbsPRZ+8vJ9VJSnxMbrV8eU6ao0iWUceRqETiE9f3icg2SsP7n9BlliEUzuGcvW6lhAwHVwaGbhH8t15iggCfbqL+sQ9kTlda+oFC2sxQ8h3gi/kdffsgKCYwSt30RFojlVgWEZ6zMoHS7jo3EItYx+8EUeIfUwkqSRWb+mMb62cBjnWo9M9pK4m7iD85zAnzdLqzTqj6E+tzRhP/SXAo6HW2jIx502tN35MYBBnhmnxlWHGhvlAG/ItP0N2Jq+VuX5XF9HU3teXuaHVZVuo630em0L5YsyyUhyRGRQuLUpTwcvXFO9UXm2p+XpKshCkbCLxO7rgpg06vvJ4/AKrpVbTEDliMr1e4YL28dKc1jDRzjmhGUqDavnCi98x0Z9I4xuC52P1RHhkwEHgGu5ii7LsIpZ2vM4R8vbp+0zWgJzjnimMGZlAqrJlGMhNnqpv3/tk63ADCBkeol10MNxTBAJKrmZXtVXUxEX1GcFUdjFvOEz8vrgm/ide2t9qYfAW2CgJnSnUJdSFiOq8n7EeH70PPpWTwQ7HqncK2J966MmUZom5Flth8rIb8tN+m9WKytDSAhIdBL6z13kaaUiEpw+0TSb3tFSGlkyPyIjgwMuUplrBczQ5r6sfwbF9jt7SLpOU83OhSPepGmCqNTeym5fJK/0h4ypZx+bjvHSM/Wf1l/N5gcq6INLmtsZqPFIFqAqZL3fGCBTRO2ViERAccTHMN8VEEk42vW3PPWx8H6QEkNK/3tHwhdndrnmvq6wBhMbKF7i/Y3n6wy6LnSVWrB17qU1ZpRSGtraQsbUMm4fksuhZBOqPZKsyQAu+7qBs7I4NBn9u2PklZ4BZuhca/hzqWfW8tHtSy6iWIwS6lTwjasC2hZ+LEepINK10bWK9nm7m7fETFukGYgLgKGXgj1lca6G/dYidc1UHE6sLYlgHmLp+GTv1Ajup/jr4oll8AEtp2QEXTQRAVtlPSgqjNXluNL00EVG+YXuOhjh6iuA7xHIq3mg3UR6sDOW6v3h9Iaf5/muVMhJb/2srx1mjRIku0QUzpxyT9jkKQFrzyi4uxqPUJBstIEBToZCQa8ScoGmW5VS7l55M4LPRyMU/JJsa7G/IDD/IbCPLlKh+yUYbCkYupbU/SyVrJoUeiYZHfzrJWXeKKte2/4CQD2MYkV/IY/K8w5T2io0/6gdfhRi2xnMpUoqAMy8ow1wGtpJyDbkXEj+KrX2jk7nSIHGes1gbmN5ayVg2WDiebERJjZBvoLt/aiIwbzSoMKUiJuNzQC9akx7qisOnFhHsKgX1aoefBFw6Q3ChKP/z9cdBpj+jIvN/yjA1fNxpdlmXRitx6Hcum6LJJw129P43MJOVNNgX0if0P7arMJOidxgIg3oB9fEEhan6tCVyLUJUH4saGO3CoVyFA2NLqOZtAQcNzadR9lQaQnqtr3V6iHcv0IgAEYde9AdO1dDkA6OQQY8H8ZiDz0dYtsYR8L+pvqgMiMo2smGFg2pnScyNTypL5PEPJdy4dx8UnMbg8BHgnGMVcXbpTACGe3rvJzwdNyPPzisvn6fJGcSQ8A2G+SUIJLxxxQ5XQMAjeSTmPoWS8DTB7g/vNXD62XoMs24HllzcksUiBJtkbl57FL1BKcwtZesMeoV1Rd+t9lKk5UBiBjqAYYRk+BNWf7LV9ue5y1K0MFPcfB92FPrYPT1LbzZZ1lLRNr260YkBiKVQYhkMmyL1OkCpIGdOKB4fsuUETlA1+KIOcXVuVgWxYkqGcAu49pb0OICjjfXoqM7wuoqttz2GzsQrvyJ+fjzRIIxiEWmVw9v2wrAE2M1aWbA7RAWYAIpy25YrW5MATt9ZWOJdlhqfZOECtwSzn80ohD5+ysmNUqh950EhTvAxqeAO/6PfTXK9EVZM7oMfjrEQ5fJYbJ21HU9kDJjIuDxewr46um8VPrj9oVowhacY0hOo38DpZEd6BvezGL1yWFnZ/s9O7A3I3/6z3Xs/GdZlqPW8pcih7OPeAqEV/E6fQHx4wAAUgIjn72WDcaes/O7SwpM6T2HfRkxfobq1tFeGwf2PNq+74EpVJCZDgjJwqPmFrrwIPxkLWD66/hp0iGEBPtfGRHCFk8PzlccTZeWYZNTOS62g4m+sHugwTMtwk1VCa1C4VNijHa7yJPfxiI1dnmS98CmIHYX3HL+NNk9S9t5w0DG7bJzfbuEgEyOcbBOOq2RhQXyBNT4Pb3avc2CzHKPxxdhiLBKEMBIp9QAQsj9sL3bFxlhU4LmDDsu8ZoTvpfbbTB1YD9gx5yOQamRuyjkErHmGizNYhemMaQszvxJon0u/+tHGMO7vyK3Ex5+apIgEFrMGwvOUTwMFMAY8kSOcoEV09y90BU9oeAjmsUQhZqAvAb3GBLEPhWc7I9cAf7vPXw0/tH+fVUAI3eYdDh5GX1pD8I3Op88LljAk8USu4eBffESKfu7A3s0OoSpQw5ptwkWR5n45TPU60pP+82T98OKQoYJ5BwUuvAjJXwU2gfLikR9SFWoqpYd/5xx3ZKoXh374P8purIDwav7YHf+AWWz2BpsDof81Eplqr5O3F/iKvnBTftOmEXYkJH2ymkUzsCUf1liuafb1kLJ6UWrtR6ieG64MMYPv3E5ok0XEkvKAYqTa4Ux8XWOqBVq9qosuTAKuaYEnaFwK0TRefzJBTJuQCFOZnCmm6erQ/ee9pcXwRNyu/ODWwBh0U5e63PlMbbMrCMwuQtOW95U6ysmJF5Cg1pRsHwRmhOhQfIQpiQx5xQZXEr/xNSFPc7dTzrzPDszOQs9HZM57YDs5hG8gboiG5hLQ1Ly/j6jP5zli0zSd1FTMA1/f8V//emhAKfS5V/J5+N4WEMMf2PZo4/E4fn9qo6q9yv9AbikxsQLmBlf+P8ZS79dJdM6tulMyYutbEhrh2oQyDJiERd+hWI7xgU6RPXmyWGzyc9ksUaPIeZdyD4s13tq9KA0GtfpjFmY2TUxSd2qaAFDqbITkZhGGFaJr0TcJUavrSFpWMpqLGjPaxqefqVdAnPp1yr/CplDVo1amO1Uhbfx9Zhmsvmv5w3kD3s0q4K3sFaW38Chbc1o5U9SiKMhenTxqthsZ/x4AH+kB6FDEH5mLQ/SZb5EMwL3wpwc3EigXiJVZhJWeTOOQyodLQTBZpxK4KIa8j8vJaY8Fk2BxHg23H1JxqP2Ryhhof/Pqt2CAJL0XiUjL13xPqPwNrpthdVZhG/Ty04qvsXUjnrVsmgYb4KuP074EZzylczRllKGANPVNfyh+cDH4HAi6yF4RlZBrOMCSLP1R7f86mFn9x3oA3/7UkjZp502EF7TLa0l7n5rMgl2pbaapKKsw9NmCnbJUqjsjwAYiYPgYa5wVUgP9YJz3Ju8wIxXtezMtFi/IJM50B1f64Q+zvWMi6zlwdOUmCHVaZ0I0u/8Wc4nsIjAZ8kgqUXkmwkBlMoWBgzifvs7EaP4AqPPZlSEh4cAMsrP3WMmnIEasooq/HvtAIsKg+pI7qK/n1aJBKVhQkBNrQQJ+XNKLFQddf7Pv28bZdcCjwDgvOwRig==,iv:XGLs0HSedykhhCR2fB0QdN/LmGkNHwA8pnVGG9ZNNp8=,tag:RRjtMpklT+MCgEDsvwyXhw==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-05T10:45:11Z" - mac: ENC[AES256_GCM,data:iigwuhn4wm2NIRBymwslUKiljbrFzbEsz0UZ9K/YeEX4FU3oy3gY2j8qP+yd7qISdObxOHs6AtdMzx1KcTK4CHhoI3vJ+aYKBwmaNvM91Dgbz71f01IUql/+ZGG/UqqgkWpvac0bERDPW/ypXJM/g9YpzocqWb9bxyfUDRvxkyw=,iv:zI7CsVegQC5STNH3u0hIC/YWXTfNwRyU3JJ1hn5I3AU=,tag:h/+KCpAmnNXORHLcCyldoQ==,type:str] + lastmodified: "2025-02-25T02:25:40Z" + mac: ENC[AES256_GCM,data:LT0NJ2wwGkomokQSQ/iejmhmprS0I5ec3+k2BC0ni7zWFqMCTpNGpSNivOXZ7zVHKJMDgyabDzPU+G8qYIlL7hbY9QP3slt4TqwnF/xJkwIEDwDjV1eDM9QOfBzb5PTqbDpRv3I5oNa9d5viqVggwG7NoZA/j/Y+U5/aE4pVOuQ=,iv:I01C/Y98apE039URvIfnykaHFXOUO2UB6dgJQjj3QH4=,tag:qvVGltx2sE5wdyehF38EhQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 From 066c0a5a740df3d70c9ed1aef52c5340b6e71246 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 24 Feb 2025 21:52:22 -0500 Subject: [PATCH 244/410] update attic cache keys --- flake.nix | 4 ++-- hosts/common.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 13c9409..85063f3 100644 --- a/flake.nix +++ b/flake.nix @@ -104,7 +104,7 @@ nixConfig = { extra-substituters = [ - "https://cache.cything.io/central" + "https://cache.cy7.sh/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" @@ -112,7 +112,7 @@ "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" diff --git a/hosts/common.nix b/hosts/common.nix index a891665..f2fb963 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,7 +10,7 @@ "@wheel" ]; trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" @@ -18,7 +18,7 @@ ]; substituters = [ "https://aseipp-nix-cache.global.ssl.fastly.net" - "https://cache.cything.io/central" + "https://cache.cy7.sh/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" From d76a9f7f3a5839aa59fb88c0e9d6b886db2b821b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 12:39:43 -0500 Subject: [PATCH 245/410] also traffic control caddy --- home/yt/ytnix.nix | 5 +++-- hosts/chunk/default.nix | 37 ++++++++++++++++++++++--------------- hosts/ytnix/default.nix | 2 +- overlay/zipline/default.nix | 3 +-- 4 files changed, 27 insertions(+), 20 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 03e3bb9..c3a0414 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -147,6 +147,7 @@ localsend scrcpy syncthing + obsidian ]; programs.waybar.enable = true; @@ -189,12 +190,12 @@ # sccache stuff RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; - SCCACHE_REGION = "earth"; + SCCACHE_REGION = "us-east-1"; SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; - SCCACHE_LOG_LEVEL = "warn"; + SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2322005..826b128 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -96,25 +96,32 @@ let ethtool = lib.getExe pkgs.ethtool; tc = lib.getExe' pkgs.iproute2 "tc"; - in '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - # clear existing rules - ${tc} qdisc del dev ens18 root || true + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 20 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100% + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ''; + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ''; }; networking.interfaces.ens18 = { ipv6.addresses = [ diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a3d4e13..c329115 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -92,7 +92,7 @@ firewall = { enable = true; allowedTCPPorts = [ - 8080 # mitmproxy + 8080 # mitmproxy 22000 # syncthing ]; }; diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix index 72ec089..b114119 100644 --- a/overlay/zipline/default.nix +++ b/overlay/zipline/default.nix @@ -1,5 +1,4 @@ -final: prev: -{ +final: prev: { zipline = prev.zipline.overrideAttrs { patches = [ ./no-check-bucket.patch From 1cadfda410d3242dc05c3f93fec50633ea902882 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 15:48:18 -0500 Subject: [PATCH 246/410] backup: don't send ntfy notification --- hosts/chunk/default.nix | 3 --- hosts/ytnix/default.nix | 3 --- modules/backup.nix | 18 ------------------ 3 files changed, 24 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 826b128..e565100 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -31,9 +31,6 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/chunk.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rclone/config" = { sopsFile = ../../secrets/rclone.yaml; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c329115..440c30f 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -17,9 +17,6 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/yt.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; diff --git a/modules/backup.nix b/modules/backup.nix index 52913b4..2715deb 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -6,7 +6,6 @@ }: let cfg = config.my.backup; - hostname = config.networking.hostName; defaultPaths = [ "/root" "/home" @@ -97,23 +96,6 @@ in ]; # warnings are often not that serious failOnWarnings = false; - postHook = '' - invocationId=$(systemctl show -p InvocationID --value borgbackup-job-${cfg.jobName}.service) - title="${hostname}: backup completed with exit code: $exitStatus" - msg=$(journalctl -o cat _SYSTEMD_INVOCATION_ID=$invocationId) - - if [ "$exitStatus" -eq 0 ]; then - tag="v" - else - tag="rotating_light" - fi - - ${pkgs.curl}/bin/curl -sL -u $(cat ${config.sops.secrets."services/ntfy".path}) \ - -H "Title: $title" \ - -H "Tags: $tag" \ - -d "$msg" \ - https://ntfy.cything.io/backups > /dev/null - ''; prune.keep = { within = "2d"; From 8b53c43e26392481f432f024df56f01949349fce Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 15:49:07 -0500 Subject: [PATCH 247/410] rm newsboat, add syncthingtray and cleanup unused stuff --- home/yt/ytnix.nix | 46 +---------------------------------------- hosts/ytnix/default.nix | 4 ---- 2 files changed, 1 insertion(+), 49 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c3a0414..ddb2212 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -19,30 +19,6 @@ }; programs.home-manager.enable = true; - systemd.user.startServices = "sd-switch"; - - # keep this commented when using plasma - # otherwise "system settings" in KDE will not function - # qt = { - # enable = true; - # platformTheme.name = "kde"; - # style.name = "breeze-dark"; - # style.package = pkgs.kdePackages.breeze; - # }; - - # this one too - # gtk = { - # enable = true; - # theme = { - # package = pkgs.adw-gtk3; - # name = "adw-gtk3-dark"; - # }; - # iconTheme = { - # package = pkgs.adwaita-icon-theme; - # name = "Adwaita"; - # }; - # }; - home.pointerCursor = { package = pkgs.bibata-cursors; name = "Bibata-Modern-Classic"; @@ -56,7 +32,6 @@ ungoogled-chromium librewolf bitwarden-desktop - bitwarden-cli fastfetch nwg-look kdePackages.gwenview @@ -67,11 +42,6 @@ signal-desktop pavucontrol btop - grim - slurp - rofi-wayland - rofimoji - cliphist jq bash-language-server sqlite @@ -88,7 +58,6 @@ pwgen lua-language-server gnumake - foot minisign unzip lm_sensors @@ -125,7 +94,6 @@ radare2 p7zip qbittorrent - # vscodium nil pkg-config gtk2 @@ -147,28 +115,16 @@ localsend scrcpy syncthing + syncthingtray obsidian ]; - programs.waybar.enable = true; programs.feh.enable = true; xdg.configFile = { - rofi.source = ../rofi; - waybar.source = ../waybar; mpv.source = ../mpv; }; - programs.newsboat = { - enable = true; - extraConfig = '' - urls-source "miniflux" - miniflux-url "https://rss.cything.io/" - miniflux-login "cy" - miniflux-passwordfile /run/secrets/newsboat/miniflux - ''; - }; - programs.direnv = { enable = true; nix-direnv.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 440c30f..296335c 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -20,10 +20,6 @@ "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; - "newsboat/miniflux" = { - sopsFile = ../../secrets/newsboat.yaml; - owner = "yt"; - }; "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; From 87c369e48f7d4aeea7cef2dcd53345fe75605f5a Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 15:58:53 -0500 Subject: [PATCH 248/410] workflow: don't build titan --- .github/workflows/build-machines-and-homes.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index e276cbf..908806f 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -10,7 +10,6 @@ jobs: machine: - chunk - ytnix - - titan os: - ubuntu-latest runs-on: ${{ matrix.os }} From f59a8f3fec6c8957d09b1adb4c2550373d9ffe67 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 16:01:37 -0500 Subject: [PATCH 249/410] flake update Signed-off-by: cy --- flake.lock | 188 ++++++++++++----------------------------------------- 1 file changed, 43 insertions(+), 145 deletions(-) diff --git a/flake.lock b/flake.lock index 2042b1e..0a3fb3c 100644 --- a/flake.lock +++ b/flake.lock @@ -204,27 +204,6 @@ "type": "github" } }, - "devshell": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735644329, - "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", - "owner": "numtide", - "repo": "devshell", - "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -462,32 +441,6 @@ "type": "github" } }, - "git-hooks_2": { - "inputs": { - "flake-compat": [ - "nixvim", - "flake-compat" - ], - "gitignore": "gitignore_3", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -533,28 +486,6 @@ "type": "github" } }, - "gitignore_3": { - "inputs": { - "nixpkgs": [ - "nixvim", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -562,11 +493,11 @@ ] }, "locked": { - "lastModified": 1740318342, - "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", + "lastModified": 1740494361, + "narHash": "sha256-Dd/GhJ9qKmUwuhgt/PAROG8J6YdU2ZjtJI9SQX5sVQI=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", + "rev": "74f0a8546e3f2458c870cf90fc4b38ac1f498b17", "type": "github" }, "original": { @@ -623,11 +554,11 @@ ] }, "locked": { - "lastModified": 1739186342, - "narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=", + "lastModified": 1740440383, + "narHash": "sha256-w8ixbqOGrVWMQZFFs4uAwZpuwuGMzFoKjocMFxTR5Ts=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660", + "rev": "6321bc060d757c137c1fbae2057c7e941483878f", "type": "github" }, "original": { @@ -683,11 +614,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740318097, - "narHash": "sha256-lCRwHfZqpXO/Q98WCTD0eOWvKpA2J4ANLxrDzd3aWJw=", + "lastModified": 1740502011, + "narHash": "sha256-H5itHYNtWHzM1nlZozYfLvN+CHRL3A95uO8qKBNx7Xo=", "ref": "refs/heads/main", - "rev": "aaab224bea76cc6882884f9223b4bec2a781ebd4", - "revCount": 17460, + "rev": "ffe2dd40f4fae2d8f0ff94063c8522efddc2a3e6", + "revCount": 17493, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -763,11 +694,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1740326457, - "narHash": "sha256-C1tiPRIXI6Z5vd3pz26/JQ/p+VaG2eKD6PNk8ZqFW1E=", + "lastModified": 1740480783, + "narHash": "sha256-5l/WnJ4BELbckzTd1rmTlEGbcqBf71K2tx6pCNb2xM8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "23b0234ac1b03709a0cec40e84d293f083859dc9", + "rev": "0da1abb83ef2a37fd885de79730759486a407c41", "type": "github" }, "original": { @@ -779,16 +710,16 @@ "niri-stable": { "flake": false, "locked": { - "lastModified": 1736614405, - "narHash": "sha256-AJ1rlgNOPb3/+DbS5hkhm21t6Oz8IgqLllwmZt0lyzk=", + "lastModified": 1740117926, + "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=", "owner": "YaLTeR", "repo": "niri", - "rev": "e05bc269e678ecf828b96ae79c991c13b00b38a5", + "rev": "b94a5db8790339cf9134873d8b490be69e02ac71", "type": "github" }, "original": { "owner": "YaLTeR", - "ref": "v25.01", + "ref": "v25.02", "repo": "niri", "type": "github" } @@ -796,11 +727,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1740251548, - "narHash": "sha256-53kgDwNYEPIZadX5SEk7+OoTXycHm1QUF7x2XCoo9+U=", + "lastModified": 1740476031, + "narHash": "sha256-8YuYgIzExIAenYMaSQTP7zYBzaJPN83pGRrcwQCochY=", "owner": "YaLTeR", "repo": "niri", - "rev": "bca65452882e1e616045e21a0a9a4a0b7024239b", + "rev": "c153349c62ed44762bf2ae8be6d5812faa9d5c6d", "type": "github" }, "original": { @@ -850,27 +781,6 @@ "type": "github" } }, - "nix-darwin": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1738743987, - "narHash": "sha256-O3bnAfsObto6l2tQOmQlrO6Z2kD6yKwOWfs7pA0CpOc=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "ae406c04577ff9a64087018c79b4fdc02468c87c", - "type": "github" - }, - "original": { - "owner": "lnl7", - "repo": "nix-darwin", - "type": "github" - } - }, "nix-filter": { "locked": { "lastModified": 1731533336, @@ -916,11 +826,11 @@ ] }, "locked": { - "lastModified": 1739790836, - "narHash": "sha256-ksegG5wSllKmBqId/BtHVje9E5s0I+uCWgiFeLv2RzM=", + "lastModified": 1740390822, + "narHash": "sha256-UnMANgi2Zf4gf4p49cXM4fDRrPEpN6oJJMXT4Z2BW/U=", "owner": "nix-community", "repo": "nix-ld", - "rev": "36420e7b304b5071da5eedd176c0a567fd821861", + "rev": "4c86e9f94553bceba004c48be6f2691971d2a6f7", "type": "github" }, "original": { @@ -1027,11 +937,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1740162160, - "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=", + "lastModified": 1740339700, + "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9", + "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", "type": "github" }, "original": { @@ -1091,11 +1001,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740301968, - "narHash": "sha256-eDAiNagpMExcLoSIgjdef2ZYyvjuy1VTF8r9OZXCMGc=", + "lastModified": 1740500346, + "narHash": "sha256-4fO8s2ptZODefFbdyCuxR3MaqZs7U9A+Q1wak0SkJ4o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b7fe81518095c48a8ba94fc7cfe5c0fc8370851b", + "rev": "d4d7eaf04bb369b178ad6eab68e356056aeaa952", "type": "github" }, "original": { @@ -1107,32 +1017,20 @@ }, "nixvim": { "inputs": { - "devshell": "devshell", - "flake-compat": [ - "flake-compat" - ], "flake-parts": [ "flake-parts" ], - "git-hooks": "git-hooks_2", - "home-manager": [ - "home-manager" - ], - "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], - "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": [ - "treefmt" - ] + "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1739902813, - "narHash": "sha256-BgOQcKKz7VNvSHIbBllHisv32HvF3W3ALF9sdnC++V8=", + "lastModified": 1740432393, + "narHash": "sha256-uXlB7bTlrl0q2jryKMSRlU+GptkVJN7PTsqdKkaFg1M=", "owner": "nix-community", "repo": "nixvim", - "rev": "0ab9947137cd034ec64eb5cd9ede94e53af21f50", + "rev": "53f9d242ffdf0997109d0b5b8bbbcc67a4296077", "type": "github" }, "original": { @@ -1313,11 +1211,11 @@ ] }, "locked": { - "lastModified": 1740277845, - "narHash": "sha256-NNU0CdiaSbAeZ8tpDG4aFi9qtcdlItRvk8Xns9oBrVU=", + "lastModified": 1740450604, + "narHash": "sha256-T/lqASXzCzp5lJISCUw+qwfRmImVUnhKgAhn8ymRClI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "f933070c29f9c1c5457447a51903f27f76ebb519", + "rev": "5961ca311c85c31fc5f51925b4356899eed36221", "type": "github" }, "original": { @@ -1409,11 +1307,11 @@ ] }, "locked": { - "lastModified": 1740275623, - "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", + "lastModified": 1740448507, + "narHash": "sha256-4NsNG5lxS+r5LQ9QmT8xC2VQCN6BeMBnWzxTF/0r14U=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", + "rev": "b0bb3351351155e341033b05fffe0a0c9b342ee4", "type": "github" }, "original": { @@ -1425,16 +1323,16 @@ "xwayland-satellite-stable": { "flake": false, "locked": { - "lastModified": 1730166465, - "narHash": "sha256-nq7bouXQXaaPPo/E+Jbq+wNHnatD4dY8OxSrRqzvy6s=", + "lastModified": 1739246919, + "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "a713cf46cb7db84a0d1b57c3a397c610cad3cf98", + "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", "type": "github" }, "original": { "owner": "Supreeeme", - "ref": "v0.5", + "ref": "v0.5.1", "repo": "xwayland-satellite", "type": "github" } From a4d1e70c5deabc834279173a552c5499bacb7d42 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Feb 2025 17:17:10 -0500 Subject: [PATCH 250/410] kitty change close tab shortcut --- home/kitty.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/home/kitty.nix b/home/kitty.nix index da676cb..463b10a 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -47,13 +47,16 @@ "ctrl+alt+s" = "goto_layout stack"; "kitty_mod+enter" = "new_window_with_cwd"; "kitty_mod+r" = "resize_window"; + # this closes the *current* window, not the *OS* window + # https://sw.kovidgoyal.net/kitty/overview/#tabs-and-windows + "kitty_mod+w" = "close_window"; # tabs "kitty_mod+n" = "next_tab"; "kitty_mod+p" = "previous_tab"; "kitty_mod+alt+n" = "move_tab_forward"; "kitty_mod+alt+p" = "move_tab_backward"; - "kitty_mod+w" = "close_tab"; + "kitty_mod+q" = "close_tab"; "kitty_mod+t" = "new_tab_with_cwd"; "ctrl+f2" = "detach_tab"; From b59e5929674d89320029dd6db66d2c47eef5f332 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Feb 2025 17:18:53 -0500 Subject: [PATCH 251/410] flake update Signed-off-by: cy --- flake.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 0a3fb3c..e4d276f 100644 --- a/flake.lock +++ b/flake.lock @@ -493,11 +493,11 @@ ] }, "locked": { - "lastModified": 1740494361, - "narHash": "sha256-Dd/GhJ9qKmUwuhgt/PAROG8J6YdU2ZjtJI9SQX5sVQI=", + "lastModified": 1740606115, + "narHash": "sha256-GKe3vrIWcei4gSTckEzHr5Zf/g9NSofmsAnbkNYU+lM=", "owner": "nix-community", "repo": "home-manager", - "rev": "74f0a8546e3f2458c870cf90fc4b38ac1f498b17", + "rev": "6be185eb76295e7562f5bf2da42afe374b8beb15", "type": "github" }, "original": { @@ -614,11 +614,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740502011, - "narHash": "sha256-H5itHYNtWHzM1nlZozYfLvN+CHRL3A95uO8qKBNx7Xo=", + "lastModified": 1740601249, + "narHash": "sha256-ruwhgVCS3c2kWhNVlgfNX/y4zAtonPqfUMJvC6Ha254=", "ref": "refs/heads/main", - "rev": "ffe2dd40f4fae2d8f0ff94063c8522efddc2a3e6", - "revCount": 17493, + "rev": "5d055896bccdad6ebb135ebf7cb80eafb217ad67", + "revCount": 17508, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -694,11 +694,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1740480783, - "narHash": "sha256-5l/WnJ4BELbckzTd1rmTlEGbcqBf71K2tx6pCNb2xM8=", + "lastModified": 1740592142, + "narHash": "sha256-v+Qg8V0UHkXCDSgqKowqMyJR2LGKIJGA0HbwCRgZN/0=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "0da1abb83ef2a37fd885de79730759486a407c41", + "rev": "259a8cc3e351d0a34063ae857d3c730b1ae4ad56", "type": "github" }, "original": { @@ -727,11 +727,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1740476031, - "narHash": "sha256-8YuYgIzExIAenYMaSQTP7zYBzaJPN83pGRrcwQCochY=", + "lastModified": 1740587638, + "narHash": "sha256-/BQ67VCF0ZpqCvxmVR18HdnqFy81ABWaKjz1FFwL65g=", "owner": "YaLTeR", "repo": "niri", - "rev": "c153349c62ed44762bf2ae8be6d5812faa9d5c6d", + "rev": "693d9355386c6217bb9cca5cb30c2b4248f19d8c", "type": "github" }, "original": { @@ -937,11 +937,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1740463929, + "narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "5d7db4668d7a0c6cc5fc8cf6ef33b008b2b1ed8b", "type": "github" }, "original": { @@ -1001,11 +1001,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740500346, - "narHash": "sha256-4fO8s2ptZODefFbdyCuxR3MaqZs7U9A+Q1wak0SkJ4o=", + "lastModified": 1740557110, + "narHash": "sha256-D2waFyJkaepTchTrGVAIfCd/YP+37bgXWg9cXwuxuT0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d4d7eaf04bb369b178ad6eab68e356056aeaa952", + "rev": "b89a821293c3872992137114d0db9a791243a41b", "type": "github" }, "original": { @@ -1026,11 +1026,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1740432393, - "narHash": "sha256-uXlB7bTlrl0q2jryKMSRlU+GptkVJN7PTsqdKkaFg1M=", + "lastModified": 1740520037, + "narHash": "sha256-TpZMYjOre+6GhKDVHFwoW2iBWqpNQppQTuqIAo+OBV8=", "owner": "nix-community", "repo": "nixvim", - "rev": "53f9d242ffdf0997109d0b5b8bbbcc67a4296077", + "rev": "6f8d8f7aee84f377f52c8bb58385015f9168a666", "type": "github" }, "original": { @@ -1088,11 +1088,11 @@ ] }, "locked": { - "lastModified": 1739557722, - "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=", + "lastModified": 1740569341, + "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522", + "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", "type": "github" }, "original": { @@ -1211,11 +1211,11 @@ ] }, "locked": { - "lastModified": 1740450604, - "narHash": "sha256-T/lqASXzCzp5lJISCUw+qwfRmImVUnhKgAhn8ymRClI=", + "lastModified": 1740536993, + "narHash": "sha256-3YI+1ONZ28chM19Hep9Z+TSyiybYf/1VC/gwImVZKUw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "5961ca311c85c31fc5f51925b4356899eed36221", + "rev": "9f05c0655de9dc2c7b60b689447c48abb9190bf8", "type": "github" }, "original": { @@ -1307,11 +1307,11 @@ ] }, "locked": { - "lastModified": 1740448507, - "narHash": "sha256-4NsNG5lxS+r5LQ9QmT8xC2VQCN6BeMBnWzxTF/0r14U=", + "lastModified": 1740534654, + "narHash": "sha256-NYHxfMVMy1ehRTlkinUdAG+iw7mWyWNcSRcRpCgTDVk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0bb3351351155e341033b05fffe0a0c9b342ee4", + "rev": "4283e3e25d5c82e96fe3b575175b33abe66c5031", "type": "github" }, "original": { From 94e3b7dc93c6bb5bec5d50fcbcb58bc4ecdad0e2 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Feb 2025 22:10:51 -0500 Subject: [PATCH 252/410] workflow: don't use attic --- .github/workflows/build-machines-and-homes.yml | 12 ------------ .github/workflows/build-packages.yml | 6 ------ 2 files changed, 18 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 908806f..b8a1d2e 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -41,12 +41,6 @@ jobs: authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -99,12 +93,6 @@ jobs: authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4408d30..1fb55fd 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -33,12 +33,6 @@ jobs: authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: From bf9eb5bec2fcf503563a11295a7b284dfcb7d5b3 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Feb 2025 22:25:55 -0500 Subject: [PATCH 253/410] remove attic; use r2 for sccache --- flake.nix | 6 ------ home/yt/ytnix.nix | 4 ++-- hosts/chunk/default.nix | 1 - hosts/common.nix | 3 --- secrets/yt/aws.yaml | 10 ++++++---- 5 files changed, 8 insertions(+), 16 deletions(-) diff --git a/flake.nix b/flake.nix index 85063f3..710d889 100644 --- a/flake.nix +++ b/flake.nix @@ -32,9 +32,6 @@ url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-parts.follows = "flake-parts"; - inputs.flake-compat.follows = "flake-compat"; - inputs.home-manager.follows = "home-manager"; - inputs.treefmt-nix.follows = "treefmt"; }; flake-parts = { url = "github:hercules-ci/flake-parts"; @@ -104,15 +101,12 @@ nixConfig = { extra-substituters = [ - "https://cache.cy7.sh/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" - "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ - "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index ddb2212..d16cd5f 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -147,13 +147,13 @@ RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; + SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; }; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index e565100..ec85850 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -19,7 +19,6 @@ ./conduwuit.nix ./immich.nix ./element.nix - ./attic.nix ./forgejo.nix ./garage.nix ./tailscale.nix diff --git a/hosts/common.nix b/hosts/common.nix index f2fb963..e59c314 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,15 +10,12 @@ "@wheel" ]; trusted-public-keys = [ - "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" ]; substituters = [ - "https://aseipp-nix-cache.global.ssl.fastly.net" - "https://cache.cy7.sh/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 95bdf7a..40f828a 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,6 +1,8 @@ aws: - key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str] - key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str] + key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str] + key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str] + _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] + _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: kms: [] gcp_kms: [] @@ -25,8 +27,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-30T17:45:09Z" - mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str] + lastmodified: "2025-02-27T02:50:27Z" + mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 From f31e941d6c7a89a8f959e37ed6d11a6ac0955bd5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Feb 2025 09:21:54 -0500 Subject: [PATCH 254/410] flake update Signed-off-by: cy --- flake.lock | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index e4d276f..6aefae5 100644 --- a/flake.lock +++ b/flake.lock @@ -493,11 +493,11 @@ ] }, "locked": { - "lastModified": 1740606115, - "narHash": "sha256-GKe3vrIWcei4gSTckEzHr5Zf/g9NSofmsAnbkNYU+lM=", + "lastModified": 1740624780, + "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", "owner": "nix-community", "repo": "home-manager", - "rev": "6be185eb76295e7562f5bf2da42afe374b8beb15", + "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", "type": "github" }, "original": { @@ -614,11 +614,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740601249, - "narHash": "sha256-ruwhgVCS3c2kWhNVlgfNX/y4zAtonPqfUMJvC6Ha254=", + "lastModified": 1740647693, + "narHash": "sha256-pYxhtDAOmlbP4XqgjIvbpi7CFtX8USH6DlRybS2Jxu4=", "ref": "refs/heads/main", - "rev": "5d055896bccdad6ebb135ebf7cb80eafb217ad67", - "revCount": 17508, + "rev": "03ade5e6d75cb7705900cf696505b836fc831be0", + "revCount": 17515, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -694,11 +694,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1740592142, - "narHash": "sha256-v+Qg8V0UHkXCDSgqKowqMyJR2LGKIJGA0HbwCRgZN/0=", + "lastModified": 1740655457, + "narHash": "sha256-brpdF7wEdGDZWuV8T5axwzHr5gnGfB7Dua2QVAjSSL4=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "259a8cc3e351d0a34063ae857d3c730b1ae4ad56", + "rev": "2a098dfa179b6d89c962908df0e4840308db04df", "type": "github" }, "original": { @@ -727,11 +727,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1740587638, - "narHash": "sha256-/BQ67VCF0ZpqCvxmVR18HdnqFy81ABWaKjz1FFwL65g=", + "lastModified": 1740641916, + "narHash": "sha256-aYAYvdKnmmlkN7t4VbPfPbAtWHHADKHL8bPlNYZ2bZY=", "owner": "YaLTeR", "repo": "niri", - "rev": "693d9355386c6217bb9cca5cb30c2b4248f19d8c", + "rev": "70dcd229cfaa54946163ccf0a1ea0ce595a35cc4", "type": "github" }, "original": { @@ -1001,11 +1001,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740557110, - "narHash": "sha256-D2waFyJkaepTchTrGVAIfCd/YP+37bgXWg9cXwuxuT0=", + "lastModified": 1740642522, + "narHash": "sha256-t6VfQs+u3CiVASTVkjQhBh5u8NcEo/VDWEYagCIwVCk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b89a821293c3872992137114d0db9a791243a41b", + "rev": "d6fde23c7a50cf47485e28fa0c51b8ed4cfdf1d7", "type": "github" }, "original": { @@ -1211,11 +1211,11 @@ ] }, "locked": { - "lastModified": 1740536993, - "narHash": "sha256-3YI+1ONZ28chM19Hep9Z+TSyiybYf/1VC/gwImVZKUw=", + "lastModified": 1740623427, + "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "9f05c0655de9dc2c7b60b689447c48abb9190bf8", + "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab", "type": "github" }, "original": { @@ -1307,11 +1307,11 @@ ] }, "locked": { - "lastModified": 1740534654, - "narHash": "sha256-NYHxfMVMy1ehRTlkinUdAG+iw7mWyWNcSRcRpCgTDVk=", + "lastModified": 1740655383, + "narHash": "sha256-HHb6wtlHWy/CW3oCtOyOQrNnzgtsvwvwM6wAlDvfTec=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4283e3e25d5c82e96fe3b575175b33abe66c5031", + "rev": "bcf7577daac02aa1a7dfaddc79324b7c6ca4af81", "type": "github" }, "original": { From 8a75f0e7de8c65225f3c52ca8d943471e6e195f4 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Feb 2025 12:46:39 -0500 Subject: [PATCH 255/410] make vscode nicer --- home/codium.nix | 76 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 70 insertions(+), 6 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index f6c9a04..945087f 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -17,28 +17,92 @@ rust-lang.rust-analyzer shd101wyy.markdown-preview-enhanced fwcd.kotlin + alefragnani.bookmarks + tomrijndorp.find-it-faster ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; - "files.autoSave" = "afterDelay"; + "files.autoSave" = "onFocusChange"; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 16; - "editor.wordWrap" = "on"; + "editor.fontSize" = 15; + "window.zoomLevel" = 0.5; # vim mode settings - "vim.handleKeys" = { - "" = false; # file tree toggle - }; + "vim.leader" = ","; "vim.normalModeKeyBindings" = [ { "before" = [ ";" ]; "after" = [ ":" ]; "silent" = true; } + { + "before" = [ "" "m" ]; + "commands" = [ "bookmarks.toggle" ]; + } + { + "before" = [ "" "l" ]; + "commands" = [ "bookmarks.toggleLabeled" ]; + } + { + "before" = [ "" "b" ]; + "commands" = [ "bookmarks.list" ]; + } + { + "before" = [ "" "s" ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ "" "f" "f" ]; + "commands" = [ "find-it-faster.findFiles" ]; + } + { + "before" = [ "" "f" "g"]; + "commands" = [ "find-it-faster.findWithinFiles"]; + } + { + "before" = [ "" "f" "t"]; + "commands" = [ "find-it-faster.findWithinFilesWithType"]; + } ]; + "vim.insertModeKeyBindings" = [ + { + "before" = [ "C-a" ]; + "commands" = [ "cursorHome" ]; + } + { + "before" = [ "C-e" ]; + "commands" = [ "cursorEnd" ]; + } + ]; + "vim.visualModeKeyBindings" = [ + { + "before" = [ ">" ]; + "commands" = [ "editor.action.indentLines" ]; + } + { + "before" = [ "<" ]; + "commands" = [ "editor.action.outdentLines" ]; + } + ]; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; "workbench.startupEditor" = "none"; + "git.openRepositoryInParentFolders" = "never"; + + # terminal stuff + "terminal.integrated.cursorBlinking" = true; + "terminal.integrated.cursorStyle" = "line"; + "terminal.integrated.customGlyphs" = false; + "terminal.integrated.env.linux" = { + # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 + FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + }; + # don't let the workbench handle terminal keys like ctrl+n and friends + "terminal.integrated.sendKeybindingsToShell" = true; + "terminal.integrated.allowChords" = false; }; }; }; From 6519ab7f062b380b836f8b5d3d54c90cb5f5c114 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Feb 2025 12:48:18 -0500 Subject: [PATCH 256/410] use rust nightly; disable man cache; some zsh nicieties --- home/yt/common.nix | 3 ++- home/yt/ytnix.nix | 2 +- home/zsh/default.nix | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/home/yt/common.nix b/home/yt/common.nix index b7c586e..28f3457 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -66,6 +66,7 @@ }; }; programs.ripgrep.enable = true; - programs.man.generateCaches = true; + # programs.man.generateCaches = true; # slows down eval programs.fd.enable = true; + news.display = "silent"; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index d16cd5f..67625f6 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -54,7 +54,7 @@ yarn rclone go - rustup + (rust-bin.selectLatestNightlyWith (toolchain: toolchain.default)) pwgen lua-language-server gnumake diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 0697fbc..311def5 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -51,6 +51,7 @@ bindkey -M viins "^E" end-of-line bindkey -M viins "^A" beginning-of-line bindkey -M viins "^B" backward-char + bindkey -M viins "^F" forward-char # accept one word completion bindkey -M viins "^S" forward-word @@ -111,6 +112,7 @@ "grv" = "git remote --verbose"; "gs" = "git status --short"; "gss" = "git status"; + "code" = "codium"; }; }; From bba29fa1ea28859a938df24dfe1c577217562ab5 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Feb 2025 02:25:51 -0500 Subject: [PATCH 257/410] make vscode nicer; install rust-src; change btrbk stuff --- home/codium.nix | 19 ++++++++++++++++++- home/yt/ytnix.nix | 4 +++- hosts/ytnix/default.nix | 6 +++--- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index 945087f..9d9b479 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -29,7 +29,7 @@ "editor.fontSize" = 15; "window.zoomLevel" = 0.5; - # vim mode settings + # vim stuff "vim.leader" = ","; "vim.normalModeKeyBindings" = [ { @@ -65,6 +65,20 @@ "before" = [ "" "f" "t"]; "commands" = [ "find-it-faster.findWithinFilesWithType"]; } + # "gd" for definitions is by default + { + "before" = [ "g" "r" ]; + "commands" = [ "editor.action.goToReferences" ]; + } + # the default is weird when you need to go back within a file + { + "before" = [ "C-o" ]; + "commands" = [ "workbench.action.navigateBack" ]; + } + { + "before" = [ "C-i" ]; + "commands" = [ "workbench.action.navigateForward" ]; + } ]; "vim.insertModeKeyBindings" = [ { @@ -103,6 +117,9 @@ # don't let the workbench handle terminal keys like ctrl+n and friends "terminal.integrated.sendKeybindingsToShell" = true; "terminal.integrated.allowChords" = false; + + "security.promptForLocalFileProtocolHandling" = false; + "security.promptForRemoteFileProtocolHandling" = false; }; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 67625f6..e9b8738 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -54,7 +54,9 @@ yarn rclone go - (rust-bin.selectLatestNightlyWith (toolchain: toolchain.default)) + (rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override { + extensions = [ "rust-src" ]; + })) pwgen lua-language-server gnumake diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 296335c..42d9217 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -232,9 +232,9 @@ snapshotOnly = true; settings = { snapshot_preserve_min = "latest"; - target_preserve = "*d"; - target_preserve_min = "no"; - target = "/mnt/external/btr_backup/ytnix"; + target_preserve = "30d"; + target_preserve_min = "2d"; + target = "/mnt/target/btr_backup/ytnix"; stream_compress = "zstd"; stream_compress_level = "8"; snapshot_dir = "/snapshots"; From a1dd96a68bab04bfc6b5af4e277372033cdf1c7c Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Mar 2025 10:11:34 -0500 Subject: [PATCH 258/410] vscode: add spell cheker and some settings --- home/codium.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/codium.nix b/home/codium.nix index 9d9b479..792f880 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -19,6 +19,7 @@ fwcd.kotlin alefragnani.bookmarks tomrijndorp.find-it-faster + streetsidesoftware.code-spell-checker ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; @@ -120,6 +121,10 @@ "security.promptForLocalFileProtocolHandling" = false; "security.promptForRemoteFileProtocolHandling" = false; + "markdown-preview-enhanced.previewTheme" = "github-dark.css"; + "editor.minimap.enabled" = false; + "explorer.confirmDelete" = false; + "explorer.confirmDragAndDrop" = false; }; }; }; From 44bf0ca489ccde694a1352726a598698e9d42fd9 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Mar 2025 10:16:38 -0500 Subject: [PATCH 259/410] flake update Signed-off-by: cy --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 6aefae5..7fd9b1e 100644 --- a/flake.lock +++ b/flake.lock @@ -493,11 +493,11 @@ ] }, "locked": { - "lastModified": 1740624780, - "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", + "lastModified": 1740840901, + "narHash": "sha256-nAHSkQJ2J5W8rGSReohh4xZ1b2edkG2UIj/4tF+ARAQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", + "rev": "30da4310935450ea38931abf775ffe1dfab15355", "type": "github" }, "original": { @@ -614,11 +614,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740647693, - "narHash": "sha256-pYxhtDAOmlbP4XqgjIvbpi7CFtX8USH6DlRybS2Jxu4=", + "lastModified": 1740781229, + "narHash": "sha256-H8i+LhDQr6PbAxFt37TXYoRkwHvGlSTuNJUrlE5bb0w=", "ref": "refs/heads/main", - "rev": "03ade5e6d75cb7705900cf696505b836fc831be0", - "revCount": 17515, + "rev": "99bc6867e8913ad8f5fa7d63fefd885743eac4c1", + "revCount": 17539, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -694,11 +694,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1740655457, - "narHash": "sha256-brpdF7wEdGDZWuV8T5axwzHr5gnGfB7Dua2QVAjSSL4=", + "lastModified": 1740817768, + "narHash": "sha256-NFu4LhDHkc4xonmpknh2cI/0ozeXjFmoMxVz1HecqxI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "2a098dfa179b6d89c962908df0e4840308db04df", + "rev": "f3dde1ed6d76545ac637a80a356d50f6a7089a2a", "type": "github" }, "original": { @@ -727,11 +727,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1740641916, - "narHash": "sha256-aYAYvdKnmmlkN7t4VbPfPbAtWHHADKHL8bPlNYZ2bZY=", + "lastModified": 1740749946, + "narHash": "sha256-uA03y5H8XI00ZxOIAAj3RGGOBOQCFjLyjLc79NH01oI=", "owner": "YaLTeR", "repo": "niri", - "rev": "70dcd229cfaa54946163ccf0a1ea0ce595a35cc4", + "rev": "66113d7d76f6cf7d06e2ccde9281ff9bafab126c", "type": "github" }, "original": { @@ -937,11 +937,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1740463929, - "narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=", + "lastModified": 1740743217, + "narHash": "sha256-brsCRzLqimpyhORma84c3W2xPbIidZlIc3JGIuQVSNI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5d7db4668d7a0c6cc5fc8cf6ef33b008b2b1ed8b", + "rev": "b27ba4eb322d9d2bf2dc9ada9fd59442f50c8d7c", "type": "github" }, "original": { @@ -1001,11 +1001,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740642522, - "narHash": "sha256-t6VfQs+u3CiVASTVkjQhBh5u8NcEo/VDWEYagCIwVCk=", + "lastModified": 1740804553, + "narHash": "sha256-1vP/NaV+Ps+kFqfVBJ5yxYahML9Vk6VwLndtU9bDvUE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d6fde23c7a50cf47485e28fa0c51b8ed4cfdf1d7", + "rev": "9114ab05304c83c930673fee79948b3fb14acd9a", "type": "github" }, "original": { @@ -1211,11 +1211,11 @@ ] }, "locked": { - "lastModified": 1740623427, - "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=", + "lastModified": 1740796337, + "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab", + "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", "type": "github" }, "original": { @@ -1307,11 +1307,11 @@ ] }, "locked": { - "lastModified": 1740655383, - "narHash": "sha256-HHb6wtlHWy/CW3oCtOyOQrNnzgtsvwvwM6wAlDvfTec=", + "lastModified": 1740827838, + "narHash": "sha256-xHWVg/CgaJqID4BUxqqJ47ESXRzWOxRNhJ9+jBXKuLc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "bcf7577daac02aa1a7dfaddc79324b7c6ca4af81", + "rev": "02d071ae1fadb1a63c6122d307ca5eb7e6b4feb9", "type": "github" }, "original": { From faa35e268ed83627220da2ccd83cf714f0d5e2b6 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 1 Mar 2025 14:09:24 -0500 Subject: [PATCH 260/410] install nix-index-database and comma; refactoring --- flake.lock | 21 +++++++++ flake.nix | 5 +++ home/codium.nix | 102 ++++++++++++++++++++++++++++--------------- home/yt/ytnix.nix | 11 +++-- home/zsh/default.nix | 4 +- hosts/common.nix | 5 --- 6 files changed, 104 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index 7fd9b1e..e23b7b6 100644 --- a/flake.lock +++ b/flake.lock @@ -819,6 +819,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740281615, + "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nix-ld": { "inputs": { "nixpkgs": [ @@ -1175,6 +1195,7 @@ "lix-module": "lix-module", "nil": "nil", "niri": "niri", + "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_4", diff --git a/flake.nix b/flake.nix index 710d889..e1a6338 100644 --- a/flake.nix +++ b/flake.nix @@ -87,6 +87,10 @@ inputs.flake-utils.follows = "flake-utils"; inputs.flake-compat.follows = "flake-compat"; }; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -213,6 +217,7 @@ inputs.nixvim.homeManagerModules.nixvim inputs.niri.homeModules.config inputs.plasma-manager.homeManagerModules.plasma-manager + inputs.nix-index-database.hmModules.nix-index ]; }; diff --git a/home/codium.nix b/home/codium.nix index 792f880..1844269 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -24,11 +24,39 @@ userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "onFocusChange"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; "editor.fontFamily" = "IBM Plex Mono"; "editor.fontSize" = 15; "window.zoomLevel" = 0.5; + "security.promptForLocalFileProtocolHandling" = false; + "security.promptForRemoteFileProtocolHandling" = false; + "markdown-preview-enhanced.previewTheme" = "github-dark.css"; + "editor.minimap.enabled" = false; + "explorer.confirmDelete" = false; + "explorer.confirmDragAndDrop" = false; + "editor.acceptSuggestionOnEnter" = "off"; + "editor.acceptSuggestionOnCommitCharacter" = false; + "workbench.startupEditor" = "none"; + "git.openRepositoryInParentFolders" = "never"; + + # terminal stuff + "terminal.integrated.cursorBlinking" = true; + "terminal.integrated.cursorStyle" = "line"; + "terminal.integrated.customGlyphs" = false; + "terminal.integrated.env.linux" = { + # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 + FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + }; + # don't let the workbench handle terminal keys like ctrl+n and friends + "terminal.integrated.sendKeybindingsToShell" = true; + "terminal.integrated.allowChords" = false; + + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + + "cSpell.enabledFileTypes" = { + "markdown" = true; + "*" = false; + }; # vim stuff "vim.leader" = ","; @@ -39,36 +67,63 @@ "silent" = true; } { - "before" = [ "" "m" ]; + "before" = [ + "" + "m" + ]; "commands" = [ "bookmarks.toggle" ]; } { - "before" = [ "" "l" ]; + "before" = [ + "" + "l" + ]; "commands" = [ "bookmarks.toggleLabeled" ]; } { - "before" = [ "" "b" ]; + "before" = [ + "" + "b" + ]; "commands" = [ "bookmarks.list" ]; } { - "before" = [ "" "s" ]; + "before" = [ + "" + "s" + ]; "commands" = [ "workbench.action.toggleSidebarVisibility" ]; } { - "before" = [ "" "f" "f" ]; + "before" = [ + "" + "f" + "f" + ]; "commands" = [ "find-it-faster.findFiles" ]; } { - "before" = [ "" "f" "g"]; - "commands" = [ "find-it-faster.findWithinFiles"]; + "before" = [ + "" + "f" + "g" + ]; + "commands" = [ "find-it-faster.findWithinFiles" ]; } { - "before" = [ "" "f" "t"]; - "commands" = [ "find-it-faster.findWithinFilesWithType"]; + "before" = [ + "" + "f" + "t" + ]; + "commands" = [ "find-it-faster.findWithinFilesWithType" ]; } # "gd" for definitions is by default { - "before" = [ "g" "r" ]; + "before" = [ + "g" + "r" + ]; "commands" = [ "editor.action.goToReferences" ]; } # the default is weird when you need to go back within a file @@ -84,7 +139,7 @@ "vim.insertModeKeyBindings" = [ { "before" = [ "C-a" ]; - "commands" = [ "cursorHome" ]; + "commands" = [ "cursorHome" ]; } { "before" = [ "C-e" ]; @@ -104,27 +159,6 @@ "extensions.experimental.affinity" = { "vscodevim.vim" = 1; }; - "workbench.startupEditor" = "none"; - "git.openRepositoryInParentFolders" = "never"; - - # terminal stuff - "terminal.integrated.cursorBlinking" = true; - "terminal.integrated.cursorStyle" = "line"; - "terminal.integrated.customGlyphs" = false; - "terminal.integrated.env.linux" = { - # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 - FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; - }; - # don't let the workbench handle terminal keys like ctrl+n and friends - "terminal.integrated.sendKeybindingsToShell" = true; - "terminal.integrated.allowChords" = false; - - "security.promptForLocalFileProtocolHandling" = false; - "security.promptForRemoteFileProtocolHandling" = false; - "markdown-preview-enhanced.previewTheme" = "github-dark.css"; - "editor.minimap.enabled" = false; - "explorer.confirmDelete" = false; - "explorer.confirmDragAndDrop" = false; }; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e9b8738..9ac7635 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -54,9 +54,12 @@ yarn rclone go - (rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override { - extensions = [ "rust-src" ]; - })) + (rust-bin.selectLatestNightlyWith ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) pwgen lua-language-server gnumake @@ -159,4 +162,6 @@ AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; }; + + programs.nix-index-database.comma.enable = true; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 311def5..29a7ef9 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -119,6 +119,6 @@ programs.fzf.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; - programs.nix-index.enableZshIntegration = false; - programs.direnv.enableZshIntegration = false; + programs.nix-index.enableZshIntegration = true; + programs.direnv.enableZshIntegration = true; } diff --git a/hosts/common.nix b/hosts/common.nix index e59c314..96317b8 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -63,11 +63,6 @@ enableNTS = true; }; - # this is true by default and mutually exclusive with - # programs.nix-index - programs.command-not-found.enable = false; - programs.nix-index.enable = false; # set above to false to use this - # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; } From 471434366baa0ea0a6ad9019e97b3cbf01e519fc Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 3 Mar 2025 09:26:57 -0500 Subject: [PATCH 261/410] vscode stuff and ccache --- flake.lock | 6 +- home/codium.nix | 330 ++++++++++++++++++++++------------------ hosts/ytnix/default.nix | 3 + 3 files changed, 188 insertions(+), 151 deletions(-) diff --git a/flake.lock b/flake.lock index e23b7b6..1550e29 100644 --- a/flake.lock +++ b/flake.lock @@ -1328,11 +1328,11 @@ ] }, "locked": { - "lastModified": 1740827838, - "narHash": "sha256-xHWVg/CgaJqID4BUxqqJ47ESXRzWOxRNhJ9+jBXKuLc=", + "lastModified": 1740924345, + "narHash": "sha256-TO8Ttb+7PeKBkUe8vUrBt6Vxg3RMeQp4ARmlWQfcWrs=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "02d071ae1fadb1a63c6122d307ca5eb7e6b4feb9", + "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" }, "original": { diff --git a/home/codium.nix b/home/codium.nix index 1844269..ee1b67e 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,156 +10,190 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; [ - vscodevim.vim - jnoortheen.nix-ide - github.github-vscode-theme - rust-lang.rust-analyzer - shd101wyy.markdown-preview-enhanced - fwcd.kotlin - alefragnani.bookmarks - tomrijndorp.find-it-faster - streetsidesoftware.code-spell-checker - ]; - userSettings = { - "workbench.colorTheme" = "GitHub Dark Default"; - "files.autoSave" = "onFocusChange"; - "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 15; - "window.zoomLevel" = 0.5; - "security.promptForLocalFileProtocolHandling" = false; - "security.promptForRemoteFileProtocolHandling" = false; - "markdown-preview-enhanced.previewTheme" = "github-dark.css"; - "editor.minimap.enabled" = false; - "explorer.confirmDelete" = false; - "explorer.confirmDragAndDrop" = false; - "editor.acceptSuggestionOnEnter" = "off"; - "editor.acceptSuggestionOnCommitCharacter" = false; - "workbench.startupEditor" = "none"; - "git.openRepositoryInParentFolders" = "never"; + ( + with pkgs.open-vsx; + [ + vscodevim.vim + jnoortheen.nix-ide + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + alefragnani.bookmarks + tomrijndorp.find-it-faster + streetsidesoftware.code-spell-checker + emilast.logfilehighlighter + ] + ); + userSettings = + let + vimCommonKeyBindings = [ + { + "before" = [ "C-a" ]; + "commands" = [ "cursorHome" ]; + } + { + "before" = [ "C-e" ]; + "commands" = [ "cursorEnd" ]; + } + ]; + in + { + "workbench.colorTheme" = "GitHub Dark Default"; + "workbench.startupEditor" = "none"; + "workbench.enableExperiments" = false; + "files.autoSave" = "onFocusChange"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 15; + "editor.minimap.enabled" = false; + "window.zoomLevel" = 0.5; + "security.promptForLocalFileProtocolHandling" = false; + "security.promptForRemoteFileProtocolHandling" = false; + "explorer.confirmDelete" = false; + "explorer.confirmDragAndDrop" = false; + "editor.acceptSuggestionOnEnter" = "off"; + "editor.acceptSuggestionOnCommitCharacter" = false; + "git.openRepositoryInParentFolders" = "never"; + "git.ignoreLimitWarning" = true; + "extensions.ignoreRecommendations" = true; + "telemetry.enableTelemetry" = false; + "telemetry.telemetryLevel" = "off"; + "window.titleBarStyle" = "custom"; - # terminal stuff - "terminal.integrated.cursorBlinking" = true; - "terminal.integrated.cursorStyle" = "line"; - "terminal.integrated.customGlyphs" = false; - "terminal.integrated.env.linux" = { - # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 - FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + # terminal stuff + "terminal.integrated.cursorBlinking" = true; + "terminal.integrated.cursorStyle" = "line"; + "terminal.integrated.customGlyphs" = false; + "terminal.integrated.env.linux" = { + # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 + FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + }; + # don't let the workbench handle terminal keys like ctrl+n and friends + "terminal.integrated.sendKeybindingsToShell" = true; + "terminal.integrated.allowChords" = false; + + "markdown-preview-enhanced.previewTheme" = "github-dark.css"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "bookmarks.saveBookmarksInProject" = true; + + "cSpell.enabledFileTypes" = { + "markdown" = true; + "*" = false; + }; + + # vim stuff + "vim.leader" = ","; + "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + { + "before" = [ + "" + "m" + ]; + "commands" = [ "bookmarks.toggle" ]; + } + { + "before" = [ + "" + "l" + ]; + "commands" = [ "bookmarks.toggleLabeled" ]; + } + { + "before" = [ + "" + "b" + ]; + "commands" = [ "bookmarks.list" ]; + } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ + "" + "f" + "f" + ]; + "commands" = [ "find-it-faster.findFiles" ]; + } + { + "before" = [ + "" + "f" + "g" + ]; + "commands" = [ "find-it-faster.findWithinFiles" ]; + } + { + "before" = [ + "" + "f" + "t" + ]; + "commands" = [ "find-it-faster.findWithinFilesWithType" ]; + } + # "gd" for definitions is by default + { + "before" = [ + "g" + "r" + ]; + "commands" = [ "editor.action.goToReferences" ]; + } + # the default is weird when you need to go back within a file + { + "before" = [ "C-o" ]; + "commands" = [ "workbench.action.navigateBack" ]; + } + { + "before" = [ "C-i" ]; + "commands" = [ "workbench.action.navigateForward" ]; + } + # insert line without leaving normal mode + { + "before" = [ + "" + "o" + ]; + "commands" = [ "editor.action.insertLineAfter" ]; + } + { + "before" = [ + "" + "O" + ]; + "commands" = [ "editor.action.insertLineBefore" ]; + } + ]; + "vim.insertModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ "C-k" ]; + "commands" = [ "acceptSelectedSuggestion" ]; + } + ]; + "vim.visualModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ">" ]; + "commands" = [ "editor.action.indentLines" ]; + } + { + "before" = [ "<" ]; + "commands" = [ "editor.action.outdentLines" ]; + } + ]; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; }; - # don't let the workbench handle terminal keys like ctrl+n and friends - "terminal.integrated.sendKeybindingsToShell" = true; - "terminal.integrated.allowChords" = false; - - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - - "cSpell.enabledFileTypes" = { - "markdown" = true; - "*" = false; - }; - - # vim stuff - "vim.leader" = ","; - "vim.normalModeKeyBindings" = [ - { - "before" = [ ";" ]; - "after" = [ ":" ]; - "silent" = true; - } - { - "before" = [ - "" - "m" - ]; - "commands" = [ "bookmarks.toggle" ]; - } - { - "before" = [ - "" - "l" - ]; - "commands" = [ "bookmarks.toggleLabeled" ]; - } - { - "before" = [ - "" - "b" - ]; - "commands" = [ "bookmarks.list" ]; - } - { - "before" = [ - "" - "s" - ]; - "commands" = [ "workbench.action.toggleSidebarVisibility" ]; - } - { - "before" = [ - "" - "f" - "f" - ]; - "commands" = [ "find-it-faster.findFiles" ]; - } - { - "before" = [ - "" - "f" - "g" - ]; - "commands" = [ "find-it-faster.findWithinFiles" ]; - } - { - "before" = [ - "" - "f" - "t" - ]; - "commands" = [ "find-it-faster.findWithinFilesWithType" ]; - } - # "gd" for definitions is by default - { - "before" = [ - "g" - "r" - ]; - "commands" = [ "editor.action.goToReferences" ]; - } - # the default is weird when you need to go back within a file - { - "before" = [ "C-o" ]; - "commands" = [ "workbench.action.navigateBack" ]; - } - { - "before" = [ "C-i" ]; - "commands" = [ "workbench.action.navigateForward" ]; - } - ]; - "vim.insertModeKeyBindings" = [ - { - "before" = [ "C-a" ]; - "commands" = [ "cursorHome" ]; - } - { - "before" = [ "C-e" ]; - "commands" = [ "cursorEnd" ]; - } - ]; - "vim.visualModeKeyBindings" = [ - { - "before" = [ ">" ]; - "commands" = [ "editor.action.indentLines" ]; - } - { - "before" = [ "<" ]; - "commands" = [ "editor.action.outdentLines" ]; - } - ]; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; - }; }; }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 42d9217..cd321c4 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -407,4 +407,7 @@ enable = true; binfmt = true; }; + + programs.ccache.enable = true; + nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; } From 7f7223d85fafd9ffe530d06a9501f660eb7d23a7 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 3 Mar 2025 15:26:01 -0500 Subject: [PATCH 262/410] remove lots of dead code and refactor --- home/fish.nix | 80 ---------- home/foot.nix | 55 ------- home/ghostty.nix | 20 --- home/kitty.nix | 2 +- home/niri/default.nix | 210 ------------------------- home/niri/nixos-c-book.png | Bin 153705 -> 0 bytes home/niri/scripts/remote.sh | 25 --- home/rofi/config.rasi | 156 ------------------ home/rofi/scripts/cliphist.sh | 22 --- home/sway/config | 156 ------------------ home/sway/scripts/remote.sh | 27 ---- home/sway/scripts/terminal.sh | 14 -- home/waybar/config | 81 ---------- home/waybar/style.css | 70 --------- home/yt/common.nix | 6 +- home/yt/ytnix.nix | 175 +++++++++------------ hosts/chunk/adguard.nix | 29 ---- hosts/chunk/attic.nix | 33 ---- hosts/chunk/conduit.nix | 40 ----- hosts/chunk/default.nix | 157 ++++++++---------- hosts/chunk/deluge.nix | 15 -- hosts/chunk/gitlab.nix | 35 ----- hosts/chunk/jellyfin.nix | 8 - hosts/common.nix | 36 +++-- hosts/titan/Caddyfile | 41 ----- hosts/titan/backup.nix | 13 -- hosts/titan/default.nix | 98 ------------ hosts/titan/disk-config.nix | 33 ---- hosts/titan/ghost.nix | 52 ------ hosts/titan/hardware-configuration.nix | 26 --- hosts/titan/ntfy.nix | 13 -- hosts/titan/uptime-kuma.nix | 9 -- hosts/ytnix/default.nix | 70 +++------ modules/containerization.nix | 35 +++++ modules/default.nix | 1 + 35 files changed, 227 insertions(+), 1616 deletions(-) delete mode 100644 home/fish.nix delete mode 100644 home/foot.nix delete mode 100644 home/ghostty.nix delete mode 100644 home/niri/default.nix delete mode 100644 home/niri/nixos-c-book.png delete mode 100755 home/niri/scripts/remote.sh delete mode 100644 home/rofi/config.rasi delete mode 100755 home/rofi/scripts/cliphist.sh delete mode 100644 home/sway/config delete mode 100755 home/sway/scripts/remote.sh delete mode 100755 home/sway/scripts/terminal.sh delete mode 100644 home/waybar/config delete mode 100644 home/waybar/style.css delete mode 100644 hosts/chunk/adguard.nix delete mode 100644 hosts/chunk/attic.nix delete mode 100644 hosts/chunk/conduit.nix delete mode 100644 hosts/chunk/deluge.nix delete mode 100644 hosts/chunk/gitlab.nix delete mode 100644 hosts/chunk/jellyfin.nix delete mode 100644 hosts/titan/Caddyfile delete mode 100644 hosts/titan/backup.nix delete mode 100644 hosts/titan/default.nix delete mode 100644 hosts/titan/disk-config.nix delete mode 100644 hosts/titan/ghost.nix delete mode 100644 hosts/titan/hardware-configuration.nix delete mode 100644 hosts/titan/ntfy.nix delete mode 100644 hosts/titan/uptime-kuma.nix create mode 100644 modules/containerization.nix diff --git a/home/fish.nix b/home/fish.nix deleted file mode 100644 index 3bb9d84..0000000 --- a/home/fish.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ ... }: -{ - programs.fish = { - enable = true; - shellAliases = { - "vi" = "nvim"; - "vim" = "nvim"; - "t" = "tmux"; - "tl" = "tmux list-sessions"; - "ta" = "tmux new-session -A -s"; - "se" = "sudoedit"; - "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch --flake ."; - "nrt" = "sudo nixos-rebuild test --flake ."; - "hrs" = "home-manager switch --flake ."; - "g" = "git"; - "ga" = "git add"; - "gaa" = "git add --all"; - "gb" = "git branch"; - "gc" = "git commit --verbose"; - "gcmsg" = "git commit --message"; - "gd" = "git diff"; - "gdca" = "git diff --cached"; - "gds" = "git diff --staged"; - "gl" = "git log --stat"; - "glg" = "git log --graph"; - "glga" = "git log --graph --decorate --all"; - "glo" = "git log --oneline --decorate"; - "gp" = "git push"; - "gr" = "git remote"; - "gra" = "git remote add"; - "grv" = "git remote --verbose"; - "gs" = "git status --short"; - "gss" = "git status"; - }; - - shellInit = '' - set fish_greeting - ''; - - functions = { - fish_prompt = '' - set -l last_status $status - set -l normal (set_color normal) - set -l status_color (set_color brgreen) - set -l cwd_color (set_color $fish_color_cwd) - set -l vcs_color (set_color brpurple) - set -l prompt_status "" - - # Since we display the prompt on a new line allow the directory names to be longer. - set -q fish_prompt_pwd_dir_length - or set -lx fish_prompt_pwd_dir_length 0 - - # Color the prompt differently when we're root - set -l suffix '❯' - if functions -q fish_is_root_user; and fish_is_root_user - if set -q fish_color_cwd_root - set cwd_color (set_color $fish_color_cwd_root) - end - set suffix '#' - end - - # Color the prompt in red on error - if test $last_status -ne 0 - set status_color (set_color $fish_color_error) - set prompt_status $status_color "[" $last_status "]" $normal - end - - echo -s (prompt_login) ' ' $cwd_color (prompt_pwd) $vcs_color (fish_vcs_prompt) $normal ' ' $prompt_status - echo -n -s $status_color $suffix ' ' $normal - ''; - - }; - }; - - programs.fzf.enableFishIntegration = true; - programs.zoxide.enableFishIntegration = true; - programs.eza.enableFishIntegration = true; - programs.nix-index.enableFishIntegration = true; -} diff --git a/home/foot.nix b/home/foot.nix deleted file mode 100644 index ce7cb0c..0000000 --- a/home/foot.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ ... }: -{ - programs.foot = { - enable = true; - settings = { - main = { - font = "IBM Plex Mono:size=8"; - dpi-aware = "yes"; - }; - bell = { - urgent = "no"; - notify = "no"; - visual = "no"; - }; - cursor = { - style = "beam"; - blink = "yes"; - blink-rate = 500; - beam-thickness = 1.5; - color = "161821 c6c8d1"; - }; - mouse = { - hide-when-typing = "yes"; - }; - colors = { - foreground = "c6c8d1"; - background = "161821"; - regular0 = "1e2132"; - regular1 = "e27878"; - regular2 = "b4be82"; - regular3 = "e2a478"; - regular4 = "84a0c6"; - regular5 = "a093c7"; - regular6 = "89b8c2"; - regular7 = "c6c8d1"; - bright0 = "6b7089"; - bright1 = "e98989"; - bright2 = "c0ca8e"; - bright3 = "e9b189"; - bright4 = "91acd1"; - bright5 = "ada0d3"; - bright6 = "95c4ce"; - bright7 = "d2d4de"; - selection-foreground = "161821"; - selection-background = "c6c8d1"; - }; - - key-bindings = { - clipboard-copy = "Control+Shift+c XF86Copy"; - clipboard-paste = "Control+Shift+v XF86Paste"; - quit = "Control+q"; - }; - }; - }; -} diff --git a/home/ghostty.nix b/home/ghostty.nix deleted file mode 100644 index 1c592f5..0000000 --- a/home/ghostty.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -{ - programs.ghostty = { - enable = true; - enableZshIntegration = true; - clearDefaultKeybinds = true; - settings = { - theme = "iceberg-dark"; - font-family = "IBM Plex Mono"; - font-size = "12"; - window-decoration = false; - confirm-close-surface = false; - keybind = [ - "ctrl+q=quit" - "ctrl+shift+c=copy_to_clipboard" - "ctrl+shift+v=paste_from_clipboard" - ]; - }; - }; -} diff --git a/home/kitty.nix b/home/kitty.nix index 463b10a..ea7047f 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -71,5 +71,5 @@ }; }; - programs.zsh.shellAliases."ssh" = "kitten ssh"; + # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( } diff --git a/home/niri/default.nix b/home/niri/default.nix deleted file mode 100644 index f1c8172..0000000 --- a/home/niri/default.nix +++ /dev/null @@ -1,210 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - wallpaper = "${./nixos-c-book.png}"; - terminal = "kitty"; - menu = [ - "fuzzel" - "-w" - "100" - ]; - browser = "librewolf"; - file-manager = "thunar"; - clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; -in -{ - programs.niri.settings = { - prefer-no-csd = true; - input.keyboard.xkb.options = "ctrl:nocaps"; - spawn-at-startup = [ - { command = [ "${lib.getExe pkgs.waybar}" ]; } - { - command = [ - "${lib.getExe pkgs.swaybg}" - "-m" - "fill" - "-i" - wallpaper - ]; - } - { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } - { - command = [ - "wl-paste" - "--watch" - "cliphist" - "store" - ]; - } - ]; - hotkey-overlay.skip-at-startup = true; - - input = { - touchpad = { - tap = true; - dwt = true; - natural-scroll = true; - click-method = "clickfinger"; - }; - warp-mouse-to-focus = false; - focus-follows-mouse.enable = false; - }; - - environment = { - DISPLAY = ":0"; # for xwayland-satellite - ANKI_WAYLAND = "1"; - }; - - layout = { - gaps = 0; - focus-ring = { - width = 4; - active.color = "#4c7899"; - inactive.color = "#333333"; - }; - always-center-single-column = true; - border.enable = false; - }; - - window-rules = [ - { - matches = [ - { app-id = "mpv"; } - { app-id = "Bitwarden"; } - { - app-id = "ghidra-Ghidra"; - # pop-up windows - title = "^win(.*)"; - } - ]; - open-floating = true; - } - { - matches = [ - { - app-id = "anki"; - title = "Add"; - } - ]; - default-column-width.proportion = .25; - } - { - matches = [ - { app-id = "foot"; } - { - app-id = "anki"; - title = "^Browse"; - } - { app-id = "com.mitchellh.ghostt"; } - { app-id = "org.kde.okular"; } - { app-id = "kitty"; } - { app-id = "VSCodium"; } - ]; - default-column-width.proportion = .5; - } - { - matches = [ { app-id = "librewolf"; } ]; - default-column-width.proportion = .75; - } - ]; - }; - - programs.niri.settings.binds = - with config.lib.niri.actions; - let - sh = spawn "sh" "-c"; - in - { - "Mod+Return".action = spawn terminal; - "Mod+D".action = spawn menu; - - "Mod+Shift+E".action = quit; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - "Mod+Shift+Equal".action = set-window-height "+10%"; - "Mod+Shift+Minus".action = set-window-height "-10%"; - "Super+Alt+L".action = spawn "swaylock"; - "Mod+Ctrl+Q".action = close-window; - "Mod+H".action = focus-column-left; - "Mod+L".action = focus-column-right; - "Mod+K".action = focus-window-up; - "Mod+J".action = focus-window-down; - "Mod+Shift+H".action = move-column-left; - "Mod+Shift+L".action = move-column-right; - "Mod+Shift+K".action = move-window-up; - "Mod+Shift+J".action = move-window-down; - "Mod+U".action = focus-workspace-up; - "Mod+I".action = focus-workspace-down; - "Mod+Shift+U".action = move-window-to-workspace-up; - "Mod+Shift+I".action = move-window-to-workspace-down; - "Mod+W".action = maximize-column; - "Mod+E".action = set-column-width "50%"; - "Mod+R".action = set-column-width "75%"; - "Mod+Q".action = set-column-width "25%"; - "Mod+C".action = center-column; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Space".action = switch-focus-between-floating-and-tiling; - "Print".action = screenshot; - "Alt+Print".action = screenshot-window; - "Ctrl+Print".action = screenshot-screen; - # "Mod+R".action = switch-preset-column-width; - "Mod+Shift+R".action = switch-preset-window-height; - "Mod+Ctrl+R".action = reset-window-height; - "Mod+F".action = fullscreen-window; - "Mod+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-column-right; - }; - "Mod+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-column-left; - }; - "Mod+Shift+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-workspace-down; - }; - "Mod+Shift+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-workspace-up; - }; - - "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; - "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; - "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; - "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+"; - "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-"; - - "Mod+1".action = focus-workspace 1; - "Mod+2".action = focus-workspace 2; - "Mod+3".action = focus-workspace 3; - "Mod+4".action = focus-workspace 4; - "Mod+5".action = focus-workspace 5; - "Mod+6".action = focus-workspace 6; - "Mod+7".action = focus-workspace 7; - "Mod+8".action = focus-workspace 8; - "Mod+9".action = focus-workspace 9; - "Mod+Shift+1".action = move-column-to-workspace 1; - "Mod+Shift+2".action = move-column-to-workspace 2; - "Mod+Shift+3".action = move-column-to-workspace 3; - "Mod+Shift+4".action = move-column-to-workspace 4; - "Mod+Shift+5".action = move-column-to-workspace 5; - "Mod+Shift+6".action = move-column-to-workspace 6; - "Mod+Shift+7".action = move-column-to-workspace 7; - "Mod+Shift+8".action = move-column-to-workspace 8; - "Mod+Shift+9".action = move-column-to-workspace 9; - - "Mod+Alt+B".action = spawn browser; - "Mod+Alt+A".action = spawn "anki"; - "Mod+Alt+F".action = spawn file-manager; - "Mod+Alt+E".action = spawn "evolution"; - "Mod+P".action = spawn "bitwarden"; - "Mod+Comma".action = sh clipboard; - - "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1"; - "MouseBack".action = spawn "sh" "${./scripts/remote.sh}"; - }; -} diff --git a/home/niri/nixos-c-book.png b/home/niri/nixos-c-book.png deleted file mode 100644 index 96abf8feecbfbc9534742ba3e39c73c594db875d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 153705 zcmeAS@N?(olHy`uVBq!ia0y~yU_QXWz$C-L#=yW}8GF2%fkF6SRY*ihP-3}4K~a8M zW=^U?No7H*LTW{38UsVct-G@#i=LQ?x&GhS6~`o(ro*1>@_xbe`_GMnUrmY;eY)ZA z)k&($G=*616|ir(^Yi@v^}ogASI#ciydGAiIdA=yVE$(Qv-|fQ`+U2ms?I+C^zR>b zzn|{e{Pgf=%>u9Kd-Oi9-P8B2@L%oW;}_ZHf8uA}`t{%8Kfl`N#T~z}kM~Q}n*Lc6 z?cRTP_-h-$v)=wjb;HM~Y5IGw%1<{q|N6(i|DtSlbLy6UE4@|!pA@_6&v$>mD|2i19YVqH|Pdvjaj^>f8B+h!zjsZW?B za7Zc8>bgfDzjl>--lTnR+oY=RY@E2!wMset@bj2Am3j4Y+t+-2kQ*b}bFjy{>GJye zN57{t-(5XP{lHt#y|zC$E?AZzb!tvsu_))p-+}HwIX@i#{$2m6>7;{yT6P+~`|#QH z$eC~Jbgu^12+8g=D6aWB>*`;*27!-n&ZOu}VvN^G(|(rCaka<7?31y?ii;+RlbB9h z=A=mm^|U_OvLLx{Y+O^-TqHyY-$Mzb#YW&gpU0ulM#JbY@rPezGHmWc?C(+W6N*X_9wRoS-pG`>}UJ-i?QC) zvd6yW_lsWVZomI=rfKo|E&m?=KA(QpZj;zNpO=Sz%{0wh`!$(EcuvaGo}Si}ls#I^ zA|(OmYBo=43Vt=k_&#&&MCQ$Byv~`W_V6rAR*e6B=I(!^@2dHFOZQLR{$Zl!@+*IZ zXBK}s1el6NO7Ze7^)O8IShvdqF>1Mi-HKV9zs`}X4Bo7VrwnZG7& z{!(lsl(y76q+IuL$SY&#BgZ4>?hX8wy!~R2)C}!w-cx(3-sG)gjb}=|s66%hF`13| zUE8-!)bL)IX`QU&p8sSEx8|Y~*CMY3-fZMoZkxij_1c?lG3RpkF57*5LEDjv)%_7{PYRqolfO*8)p6%d{xh#v{cTp;LMDH^l4rTL*Esn0N*#eu z#|n>WsYmSI_*V9X`2KArbKXCl;`HprK2I6Gu>O2;=uGw(>C1aepI*Kl`?W9T_ub5i zI=}iFF7{0P82oJimHYB4@9p~E{qEdfvcyA%KjeY&&o`bsE-d=$b9d_QXR+5mJyBNu zx`2IwDU+qcwVR9nM~7zqIOA|ckvTfO>ecD(Q}WM+++(#(TY2)?O$PQx%|bV=UFkDQ zRF3d?7(ZeOY1{wcqRhcV8n$zk`FgGIyEqzp3+?ah(VRQs=~C%iqGu{TeXEHw_qFqx zR4cpEquk)q7Umz*wrW3mc59xQpVCuRIj$X{%e;2Ggh`&dV(@&;isab8am5bFeQQ7E zxJhPSx6HbGJj#FOJ7$ZCMN4C^J?<6}@$mdmw(5jvR$&nL^R^ddHriJ#s~3Gz;Or7=R>rSoDCTb}$8ivf~2^Z#C*VdYd?lpbl%6i$lTe?=M=G_u*^)Fiw%W}J!XmyihGYvGmvB+WRhn zcc<)FIVGBHh5X-l9W&&()ub*K&syCZ^W3qz&w5v*>-Ot=f1C@ynd5&?pynqdU;M|^ z1wT(*&%YEtq2kWIw(J*HzxF+s)Dzvmd=jh2B$>P==U)}Ox4S)f<^6TVwrK5^PCbhR zC5Ot%&9Mj8oOXV}yOwvy8=b8k4_4Y3Ofy?v$>2M0;qvJVdM?kIX*J`5c}z~v|g7P5GChdUR3@s-tm>n5}a+kBd`IXgq^s(Pd=Shuv z3l0bFkc$&zn)~20UqXbFN0If>2_CXezs#cV#j3tkl2CW>KHzv^T_WS+!t|)zd!7@W zG&5%Xwb^EqYy81xvU}Bz&FkNMv-)hnT=nRK!3O4MZ1=Ck8`P*@bF+$+V^GQY{zv|x zpLBt~@2iU9@=}|Ov=g;T?ME3J4e||ktXGiSn$_F$;Y=f+lJ+UV|K@^Q`)j056d$<# zHqV>IIQy|vhs@5#yL#q%tN8!sajZ9${<^Bi^h5FF`*)MSZB}ZTDUYuj^pBFwe|CSV3x`c7!Be4zZnmAABDGGjd4V7E}RgtqjMd4MqXH#f~;eyn)b2J&> zaMrC(WzM@)x@fECy$o*twt%t*{Zjr9mACbij&&XgT|7x4Y3<94mn>8wSlPo}P48_j zHVtW8@LA!2kHg$&xoqnaw(N4d8Q$6(aJRd{DU!S3aglOp=HybFT*+Lq+`ItqHKNnm ztn!u=9GK4YMe4)j02h zqV44v@t+=I6H>Z19Ig*IdyqT7ptfJ$S`s$MbjvXCeUlQO7vPtn)YL8Wbms!4IUADar?368DbmC}Tp=Uw3RmVP z_8i8<-e#@lnudZCy#fpV>pCBuv!vj8ip`gM1%jrVGzDTjGLB5Tb@zt;L4n*DhTXa= z7Hh2hr@FU)HsjqD5-q|LZuGgU_%6T7aalA$K>2*Hja9mtpZ0quEo-@OF`?yqlQYinG!^#cI4H>odiyd^8cCSAk zC|$JAbyB;V=B=60aRF(Ki?nV@p5i>jG=u}n97R&g5T-bi%1E+Nfh zT(vLRM4zMO?t#?uGf-z^OS9OGdbt8 z-8tSKFSB&ci~AZI`~QmtnqFCyxbs7yXr-jvksmScT_1gZPTgoA^_=gTQbIz2y{>V` z!G*rH>-4r4Fj}4tGTqlb#`5#y=84~vpJUgW>x z_04Y3apD(twq#^Ww3I1d>=e*^A|QgB!=LwYd^xLcVT8wLcJJyFJGPyEyFK0V(weg? zPieGC%$<=uukp}grWH&*J5zMOF6_D{*TFa~`GevF8ezq3TJ(|)bR89xlc-K zHqR)S`G?o$`+_g#0yot7%LSApayBSFx_sTYXM)oMfg-q$npV*!xK} z;9ns76P6hgH$xxw`zE>uERXTDD?EE~%W_Yqz=labQrN^qK2BzQur}dJfOf6V45?M; z&j!A{?)^*g(dmQ#N||p+Qwbh3DVx7v1bTN!7+SABf_ zlC$uM`?~o3}6YosklHBovA@upRXEIAY&Ro&i!C7%x&%$eG+S!iD_nA~#x>>ZYb16MBy#P2ZOD?j(W?EAcRe_rPD{1Uyx#;TxG%6Fb=!Uvg^ z=SAn3wX`~yCvp{ww=9w_()0*P^PRcoa?d0OqpwXRTu<4o=I9-J6tFR9UZiy3fyyau zoJYjXH*MASnw)d3UCmEbxP&WOnz{4YQIpq4dEQEjhg$7nlFBd4Ei0*GyRw;h&zRP1cJBVJ5TU_z&~!-*3&#TWTlEsz?6Z9O zYV(^r9VgE5UNntT_^DeM@9?jA8B@S9gWX$-t2(-!+$+pCwVjBt>CZe|vcO8HM3hHG zO4RExcfy6nLo8vZvmd;hXzQ@m{YUm^CjW+mxAGbyPds_c?!;K2r1Hw-? zK0UI63jO%YMnmTIn$nCuKw|SGVuD_5~T*pT@^F6{(isgE@EOoe*A0p!ZeK+?$ znMwwyFg5Wj&ZotFcuGp-<&)NSj zvu|qdqf?%o{EI$+vEJ1ZvN7UK+D$p_on}=|)vrR|n>RdJAYMK7Om)pKgPkEBe4fkp zim6z5U%nl*Vtr<}oULH|Z-p7}*t{0iRmyC3o#y!J<-;v%Z&^aOc4h}$bx*h(m|d9c zY!Jl$^TN}J304m6{|a4fIRt;%oyb4T&pF}Mua$}$mvw|Jx}wL$V|5~ny#AkvrhROT^zf2C_G10ihpJ3c_PU-|p3+JJIcT0r+ zEp%Aq!8J=y^_r#a3C;;k$}gf+J_%jAG{@uI zyED9Rj!ypaYM$BAK>bdG+@)e1d{asmXsK+EbQJZ_WKvk8$akDk=kdfve2Iy_UhwpY zx_DM?`P|7>CnUV3_(4YOYH5awZ*%uN*`TwVzctLz$Z*C{Bv_h0^K67iHUj}1AiviKcM7c9#T z;TPQ8vpc1cb?erxnO6)Vn{OqD7+m(OQM_X9wr)>j`;otC-S5@izhAZw(ECyM{vUVK zb>-Q+zyE7wU|?*?baoE#basXf<}ol-%&DDd>v7mY=4gDdtLD^2VFHCG0_N&;bXjDH zb_FcF!nM|FM$9i(U#UqV;_e5xK6r3E>FU9wk>Tv&jskxe3X6+_N+t^ZpDq%0q@v(X zfBAR0^7jl2!=A=Rk4I-NVPP@76f~ z$?p5}7lB1;%r#0MbuROES2R~tUA|=bUbsCnFsS2v=W(803LllPr%u0bAuc0Uk#@sl z`LoW$N0JuyJ~c~obyl6H)Tgn^?WfbR)Yi{p>04t`&sKjDXDhyS%IJC~pK_n8jv}X^ z(JGCFJlug%ra?YSGVGr{lrQ?@S#okH0W_1c!G@KX@P@p&RgR*YVxEZ&&~R?z4Hnyt#i- z|L(3j83qPksmzdwk_cZPtK|G#y~LFKq*T3%+yVv=u(7WwNKDR7Em25HP0!4;ReHaB zzmh^`img((sjq==fpcm`rbks#YH*cbNODznvSo^ry&acLg;hmvL2hbEqC!P(PF}H9 zg{>0UT&uidE0D0hk^)#sNw%$0gl~X?bAC~(f{C7qo`J4wMP`|ik{y?VO;JjkRgjAt z)QF;#G+U*Nl9B=|ef{$Ca=mh6z5JqdeM3u2OML?)eIp~?qLeh<;>x^|#0uTKVr7sK z5Hnm-i<65o3raHc^Atd4CMM;Vme?vOaVaP$Kn<_RE%5b)8=qGU4Ta?VT>Xl~0)0b0 z1O41wePkWQC9Y*9_;nPAR2HP_2c;J0mlh?bx|XHpl_(<{k&+D8Ur<_<1NKfzvVLk# zYHn&?NwL16o*{~r?w-B@a2=o^NYBhI0PCvAEkIFOl9`4GEEL~>WWe4*c1T5T0o+^^ z)iA$<6@$ab$|XO!6y!Wl7h5He{Z=XY$(bouV5YfwN@}X5L85M2ilK$BiDhD{ZlbAC zvTlm8MUr`PQi_?8xfzmCo_WP3iFwJXAfqaB3-mHGQ>;u3lamuo%u;ks6H`reO^hs( zbuG*iO?6XJ%~DblO;VCfjgpXz@Gr_t&&*5AL3S0$sFchUt3-2ilN93=6Wt_30|Q+X z(~>?3o}ClbAu#9h*2rYR&M!4xrrsVN}0Kd>8bh!dFfy~Kml&$7~pBE zWTa<+5DCahEJ@2R%C%MU$;>OQKuCmS=B5UhB!WWI(9GDx#M0E%*uucj(9*&Pp(rf1 zs5mn}4`imHfu4~GSOyd=R{lkqsd*)dpmb`hWC#|o$StsPE=o--$uA1Y&(E<{0y#;+ zNYBs!oV*omAd%vcSzMA|RA~oJ(cpX&oLUIsL9#$jCRj>A0i0~D5|bg86epIYrhqL{ zfJr51B<7{3rr0V$6BJB56H8?gxw*c%L1r2aeYNEQOJR=npP6kGXx`qb2hUOtg z23E#KR)!YZ21Zr}21@!6FWTsXay87yHu@N00#Sfe4A^lgK*WMv-0Zk)^uc8js9b^= z2r3t7iJ@^pODhxQL70(Y)*J~21_t&LPhVH| zr(A+U3W6u@RktuOC@^@sIEGZ*dUH3tAm;h(=il#F2bC+cD;cp1BrMYi6j}M@di=ym zX=TSvjZJrN)!QA@7rL+HXI0HZ>G0g2r}k}%-51%uO1J;|X`jHzMJ}pLXClwAcnWkn zv z6Bf3qOzh7bH>0#)`|iE}dwu=B)~#V~Zr9W{g_g}(_ISn(m507844|M&W6Tz974DZ~ zTsyVU)-o>OtD=RL=v0-H`ogc`ZPI^R%WwK#x8l?KZJ)N*{oH8%Klk0egbmkDoo4y; zXF-gqB9T-57b-?)aiCYot;ul-m)=w&wTga8OR_6Nk zBNr-rV<(WGSzyFT; ze46Ril}(RMC2sIkvY#B7e!l4KpX>jdg=SCL|BXjZJ-Tw9{=d8S84rIw7ZKy)-zjp> z>zGET(%WD1|F^E2Yo}>HJJr&JA>q~z*}L8UCLU&Bn9=q{Te|g>Sy}eQ;{21xguNb3 znq;x&&u2z?PtU>`;S)}u)LJ}I`}oscS1b2lE0p1l-LqibKG9XVSz$8MP8sU;rA~G+ z^PF#oU7YEJ$}5a>d}rp3D2hWNFNWJ zF+b$|v*}xZtt}7TVH@}J=i>H?BVFFAl{0&?qN7T_?Plh$XJ%z+`2F|pSw#j0A8&@B zorb~b@5O#b#$WR~w!`RH<%{;m6rS! z+}Z3>`6}_<_kua>br$P>cOSnZ^wNR{Wa*U)_tshPq^lW(t=hKpnA+Of{M9)^)92rp z|NCeE$AXyfM7#CxM76i3JXULM{j*qiDLXg@D~x^~50nuLy?=A{w4bN7yywer=H9aP zQ_bRY_jD%}sz%qIPRO04apGyo!w3GmF4S*`+3Hug^WBw6pMO~vZ~3*hT%`Tsma-*v zGoA~Ic1Qg@HaqLxywxj0s`e=4_2kH8->r_Gnw_KdUUiue4>)J6QsTH3aqRSp)%o2r zlTX|_&aZt;!Zk7Q>|O4wSM~-KhOF7A^&uo;@|FF?yS*k)E(*%KlhPA76X&4Y1;nb5r#%xS8nc(%nMM@PPUB+e<*UOeyQZu-p%PHk522K@|}I@ zPJ4FGBrnyfyT9d6NldOX&&XbTE%&d(&0TD&g*LiZZ>>z&|LCjv6{Grni-M-!V_*bV z=;wWYP4#tRH9h+(Vqc(_m(gX3fYZjQ&R4f@Syg(m%}aC#mv-Z|Q@l*FKQp$wv9mw@ zRkupC$ zJ^%iS%GK9bxH#*81J6MD;dP6y#f!3LiLa>rD0MXO;YppqxvN;NJ-f26X7eMJFw=Kz zTd!%Icv_P6KU~VDRO{={t-;lWx5aeB-mhNodphpU@A+bjgX)4#Z{M@3Z>g<+&ijp9 z!}?xl-Mz;Dgx&Gyj7{k+#J?nLXL{_a^`t@X=>nfH9SM&ET{tnA7;z9}{8-zV*rAt}qX&h^U5Mt!|z-Q}%14I05FOw*6=!*J*nI8s+I9md;O~1mqx8enRqus>JQ=m3ZuT&zqb7}>I&w&Uq1cExyV0Fk2Zu% z^-f&7^^>ur?BA66ZR=yEiL<=ych!1gTK_dlx8~i?OzCcut5Yjae%8IkoV2KnZJx)tbCrZ_Uf+h_rkZWTW2Kp(vUeLRqy?*wem}%ukH&^ zGA;RNb9VvQUTp$Q>T1<7@XCiJh$N`I9Xo_UTpiU*4_f;uoxl@G0fo`m`nt_Bb(h!u zkyh5uOn7cK_0!LpD_24Ca=Ia7v}N9cLoY&k=hA>RUU&P+kW=t zsmbo8&koeF-Yi*tz{t&0WaYZ0uG#nM{5>UXZ*59UPI(;h`d)SXR$gDPMH*M19yjxR z^1R6E|7B1~9pHHCY6&jt#pnd&w>Ek!wXGzFSd;ROBS=Fi@*Q|GQ)<4_1TGaLE zE1B+)oBTBy=kbI-2ub(bdf&JNLf z61+aedfnQI#`$+SbQhoY?>U%jF&|TXo=b*t(04o||jUnNzbsYn`Fn(wex_X8B>)KkaK@C+C0t zZ1cp`;UzyF?=>#^%mB9G!MzgI*)6-O{=7aFv1H2ry)vqWfwHIP1ut8;+3L8`$~`^X z3#xto?k+nM;j!K9;;i!RTG8?U+mk20o4a$*v$x+x+7o{r-@2)$CgHrE?;R<>+MgES zRCOS}MeF+c7vFk~cU3+-!qew^YSrfS&6AFVy^mND(_8oNV|A>J$%HE9FY3)V6|C$^A0!g(9o!k8dmbQMMxmQnQ6lY&e}fu`4;;wBnb#<-0RIu0^&h zi;s#)E}wN=Db=*%*A%~Z|2M^4^(pquPt^&^E#7=>&*!*Q$t^#7lOyZ=UT?2k;p6-E zecipuHhzv~%Z=~9yZ$uU{Ymg&R&e=zb!y|<82!bw)AwJ0J27!*+^^(`k2b7W)>oM| zYr9)u#NOnIG54=O+`HSf?(wo1`=^ghOvN%Ur-Ni8Ute22#lP}R zVCwz%M^0>D`}Sta;eGMogdfm)((hQI=+tAT6_27ljV;7h=1<;}<9xNxwWu~e`8s=P z#eKP*juWa5Z1z+#|Dc^b@ttIDO3x&Vuw~1_UT>?bP@k|&b7NSY+G1t-`Xv{&!=JJ; z&Yce_jzrxOW}o=rNC(fF+x>{$_)=$NzRzI(b@2Y#&^T)^RYg+`U z-L)??YSTy8*4Cn_*CiHj2ncwey?%A>#U$6GNxPE!C%M$AEtY;>f9>OW`>E5<3e`ca zFz!onjO)TSGXXRpcm<+%6KgzUGwqo=OT zpVFIrG;zhUb9!s*KEJ)6JK^h+`I8OZn60<1uK2x8=6dQ+V{lSj5qC|kXz!Z5`!>sG zKkr{|FXs8Z$2H2%RBRs|JH7j6id)SJAv zHhpzgbd-pD;IH2GTE`zhpI^7&qbS(m8LEmAVSULa6-oQMgnxdDSQ0W@HvE{9?u*da z+d)UK-V!)1aZ=*z`#b9%9dUUj>Yv6T#Ljd?NQ+xErXt<@Hp8f4>l?8LE+Mqj^j6tkn6-01P}$&zV#HJ*31!!><&{<6L*T3u2Q;BGf-=DHh@;h=u$T&?7Zd9Po6 z%vY_PHF2YdSxEZ(?oUR%n>?4SlIec(bC<2j66fmjlVAUSVP0V9^~l51ggN%~vS&)~ zZ!Z0~aN(7F1_n@*kHIH+n`XbO)Xt)a!{PcTW_ND%C|q%CS=v_JyDKcXR+s4nO*sAX z%fG+7%09LH$uaw@dSL3`6D$AS@l>*(ef8>O^^#Y!*NZ$UYJp@4gKkOpO%vD2{f`RF zNKerTvN07~xv}cFlH~Eg5Up1a`f|M<{g|1-lq$1WrSIzgMVn>-OztHR@a3 zc-J~aLfW@hCuo-a^2e2@`g^kyzWdEw{`ENvxX?JC#I&s_CjRKh*SpGIxm)JBnLTZb zxF%(}E;Rgpnxy%JoS@eBlc%_iq;^#V9=H3uWRLg{O`f)EQ9oz)fMR{SUi>6+mN(E6 z$Upo=;oqLNx_^$_^Y6}CxY0w^wCqgi=Rc)gi=9IITz3ic+1FYfUg#?Xs=D-IE^PF- zugh|_1E=8hF8%G#IRSFOcXUQ&2< zrZK>7^sw?%K^~{fGt*AX| zl`6e^b+OK*Wo|64Qa5(S7Opf>$_QJ2zo>crhJcX&=W@L!J((%-6*^L3P%|sD>ckA| ze)iwSZpS1dBX`z?O?G}>`uPuMI`DZ0he;CgF zSGK>SM6tLm{KXj#86SDlIR%L+0#?E^Z&O%t-|2? zV|GuT`?p^32=A*|bnIK@sVi4bs1;^Sy|GfO;PfB4yEgk{7Ek~E^vBKLI&t^L4L3+>0%$onN~joar8P zE)%#~zINK{=XIiAde-!6|37c@V7gb`N7Hw^r(Bhgytz9xZn3rKLlwTM^0GnO*6ovN z2)31RTPL0U?p64dl`Gfl7;fAD!XszxJC?2S&$ccRdNkQO)aQ4%|0ezk@BjVS@!VbS z6nBr?y11(o`@g?Dy8o}WsJdF({Y#12Pk%M?y}i43qqO;ym1~#&;s#gD^B5j$aDL8u z5wkEg`rpi+I{gg03fFZq@7~x3`hDj;Flq1am(QllZ!TP-!WX=QLygK9f4*sO#lEj3BYbHlFc`EH+=9XUn!%v()^ylYo zhWjC7OEZps3^(h1@_g2ni=UgOOwl^K-XJ?K&V_ZW&Wpg>=S4>Y12++C~`<{N9RD68>+|sj08NeNrxeTcy?h9{C+q+`cF}9j}0wK}~|nVt>(J!xy#VkYsgn?IRI9S!v4&7GSSyTLJVrGoy6 z7a#7~O6@OnUiUscm1EnrQ`}5f`UolcQm#jE^}9{)#9rsrtlL+%{$Xux4KzI;yW&~pYmrvhJPAh7u!w;+)8s;t zcGs)h^@CskN$pbBdzSu_GgRpKsjJslCjU%xP4sm1?e(ksx^&%qTV?y%Ygb9jfIAku zYMyL3S6A-fxNVtM{s9TkLZQ{QKgCjCXH7X0cC78yt7^}!S?{k1e_$du;9P&5HkaNmx>x4IKK*ejc*x;>wz}-_3XK zXOVVSy+`wfuBm;hai3eOuf1{7{IjnfIqa|d_mcf*s8QUBsMQM7FTea7|MJ#J;n488 z`+mC!pR9QG>bBB(^YT0)$;TRf+*$Fv!genE*|k`x_c6GPUUBJ%_H36=O>Cul^?{of zMjZMnGB@_I23L31%eWQG-i3B8ZhEpq>c-aCqn(_V>$J}%Y`q_)ef_(sT}g2Jw>PV9 z{XO|~wu`H2>H4tX>rJQX;*0&w{6tc0O4nAnCKX74tFo(76HduCKi9drV%M^?X$5w3 z(<6hHtlM|C=ucE-<8tZe=U*QYpFef=TC;g4S#-=fN}epuR6efM;`7DqVhEjPYj zvv#$5-}#8gn#T*TT)4PS@@_}X{_mYyn>SXQ-QVk(^6y72$T>IL@>C6ZH-h7KM&;DL zZF5hXpZ?sl#@9m4f9I!&B~8zCUWC^EHc~BIp}}+2zIk!`B#Udaw%-p<4xhd#Xyq!c zWx>fyUfr6OdG63X_IuZ}Cr3Ey1*G3U{j@N6&liZP54nG@Sh4Kg)U0=L5ic`Num6_b zxOLLwNKhfuqi#R@;?u?Mpn+hnO{Ocu8hZ`94hNX}`bPc!7N%Ml6MHpiwnyLkb)vJM z+8ojPxKf&TEq7JO{hRL2I^dvAGx&GvRzzR?>T~z*zsu-e{^O1GVhf#>8 z-niDZ$Y;?`?QJJMW@U7+f(uC>wguN*r9wA{E_r=P zRrc?fia+TqL^~GZ%Y4vaokjyG(9&c{Jol{rfo^ZTq*r9`{mAS zyXS?=Oskj=E_Wsrfd)x`Ze9E8#mxmOn$r#o%-eb0QO12$W=_cOO}<@+7B$8A9k=`K z;yhjN6n9gI^9IPE!|$-nlgE6uL_ZlvvCez-?9RTD$yrj;qQ@^Pw}vYRzuR;7_a39t zT(3tH+9JT+_a$YC`im{Pu58SiTvWRC>h|YCnr$}jg&_gACz+lyJvUuswSn2P#=F*O zYBf^IvyVjmeiwGt#6+ue@yyCxsl_Ti!GZEc-7b78hhWcJmae^P%+{@>VtFvNMywpQ(s>)Tpjju$Ccku3d| zJ5fI5u$}jrEi1JOKJQV@dJ(nILhGbj=dbd-@CdD?ahztyG<3waKI%2UYE&NgDtY3v zLs_-y>!Y6O*Y0`se(!r5?Va;NuXlx~+*xoZRtg*}HYd4%FOssVx@uGYaZButWV|^_e$jSx^lLwsfH>x8`zva%m#$A1;F8FSj^s_B1OD}SF zd9hYDu0LE|{_@*}33ntVx<$m)wthM4`zmguSEAkAwuq;*T~xQ~#jO9e&F|>NlJNQO z%kF*4j!F@hN@6^a^Qf#u|Cc)-GsBs-hQ}IuPp|I!z*@TM&JIb~S^&N1#TGgR4}0$m zXy3lE@Zss@OP8$Zyl7~-ZZ)X6=vCR$@4IG?kK5L>x>n!+Hk#a12}*r)anbYbr#|~y ze(`^NK1YjpqmgN;*P7)Qv(=yMlGC?ln4$WkmzQC)@;@z4rPNo}CgopG7sYt0dCT9D zOj-RYR7uq=FgJMavvq$apZovey-3PttB*&YgSz)y&&*!GBEl!v|HIvl9@<;JEIn)W z@8|MUSFYG?e0sypEl_6V>h#G)yro@UKh-z6RA%)T{(f{-YF|aj&xzbcdwX=Mo4_UB zjCm=^k3DuCD|_m`K09fJLfOVM3dci!O2{Z5|N8W~)RdO(p>uYu{Wtga*JJhH;+O8v zTChpJ;_U7BFCRJV@0vWhD5m_@^yK?*`}PIoc3-#o`0mBEsGp6C*NLuw@y7hWIjsCU zwmR1`Z^6gc%T3GPrdSFV2Pa7Nz2>QVAF^rr#1zOVV*joS|0j#(R>UnmdGgDu15-D8 z_};x6^>exT*Sq$Aqf@i8QAY%6no^5d!U#|oeR+BYYCN##Vy z$nSjH)sy4v^z5hCGKt>!JGNEujSfSR2$!Je`|5;`P=~CxEy!qvcFNF%FkiJ|TH zfALelFMjs9U*wS7)~3wKE;DaM{r&L&pS{%n%EdB=<~3eO(q^pq^UPQF-tOqx|Bvnu zl38Yb_*#_q@zSk%ui1B%eLC`3ztPOiQ${QJ`ZCZ|(vhQIW>1#X?6Zxv|GG9OX2QqK zEs$6YSjRL?O?_*|;m=VU>YCNu-7dZL%2^v@f8p!q^pcG8d6kYIa_*LG2y@h19vol4 zQdNK7l5a=7MZ~yX_PJ__T-muN{IpsA#f$!Sdge!}jws}$h^TM8H9bFU+q$qo&AYGG zZ|$_PU;X;|`OKOR8)EE#``qziY`EEDdw`)~%BA&Fj%+kCHI4fJuia?s+5P;R`@a{; z2UTi*Iq+_-R!{%Qk9*R!H$+75;|$bTQGeX*riy1S=a;+J8v}*hqW*rXUX`62D&yK; zBD}=r+lmFdt{u&a-V#(e!{79eAM39m#cK~b^;MHIYr!=k!!oAs)f)mXdyl>=F|btMGCVoA9ZF1b!ndXAGW*GUM)N2 zIJ;?SS=QD0_k%*T?4mffcc#>ouB&jJH~rtLb6pfCpsDEB2ns;B%oYC8G zkMCWcm$hF@x9Y|$d7+r!Ch=IKt1D~XcDJ*0KZ~>;Ejhn@Yf-GfaPs3_g=zcmr01$a z#&mboKj=E_k$tby|LfYdUWbBKH6B&l*c9Wp{QLXsTPLeON#A@vG_U7z##_*onRfNW_u^^2fkM-#s@7kv~TWEk^_q~za{W9#QndYyji><&nWb@RNs-bork>lOxP-@mIReSD?)KCOED#s6Y&ht8R? zBE-_tbU)w1LQPQe5OEJ&Wv;R8T%b%_)Zc5?tMaphW&VAel$I=WG%@h2tSxAa%|d5M z^xv(M9`Dfd6DxiDB)mxGus0_-)O=XQ7H@z|44mFm+2xgKzE3OMT%S+o%Fp?AKDBqw z=NOvGy*jmVvDNRpjI1}m99KG;xT5VF-`cv*vPYNRe<_eBENLDP{$9*-op1e{i9(in zZq3WcdR-CEQ6}xIxzc1|1OWxL2r&q~YGRH$Ri-P`IZ$Ej;?sjs& z+=B{GH};+EED70(lRqWICifhwi8~!%=la%rnwE}OU0|nPzpd7a)PGf`WhL5vySsmc zC~tijy{qz_^-j6pC%{$bfxAbPW~)T~zQ=yb%tXtx^5^EQVRd@TC&$;We4T#&#QBt! z|Nb5P_^HX^@O1r`Hi55PBcty%^~$qdK5ahx>P;sPDq3k;E(UKq1+njARLPJm|bJoW9y$prM2*;weG0?}O{^KG~Y^)=D>G`#-x_?nHkR616sJ6$@APM*9$Ro@lVMlz&##*!*ZzO7{>cu%U*4|Tj6Y7?y9*go*c|hf zv48gCU8nkcGZU_V`!YK*bY8OxNbQuBtEc)3sTO+fTvquiVv}28$c)B~?m;4IyQ&^} zdkQA^gH!W?kO%{*__VZzv8CN|CpZ8R#N%qV(+Q{i`i_g5|4Iv_xP0n|oVStn29qUxvCD$uo{@{8gS49HA51m*{o>cA-e? z!n!}-|N8}MhRC#My?7J+dC$_9;q}_09}m5~EoJj_Ys~rN>-yj%wPW%ek@kgQd%yNc z-MU?0KJT^gX>Cs>`|!oZ_Wu@ix3itP8ZQ-Zd#mtFTIt&>o^$^_TkR!k>-Y3G+s--X zYCdmWH`hwhe)h!2DOav;ckSy;&D~`lyk?Dz`r_5<`@=IIE$ew)Y|ILd>M7dgi5pjZ zQ}w?3`&2g9=hiF7`KGQeo%(lmk4@E?FX>Nz&EtD}bM424ik5XBQl?Le);|8(r114L zzPERE&-05+=gNxQ;mBKjOVr)i@SDbk8)qGP|NfaAGk>EyxLN*S-hl*_wYPsYHpTdP zPWp6XvBk9cXI~w8KL6#jpPxS&Nv_)8FU|0`$Bljc%M<(deri^~?Rh&&+kW!JiT>X* zzq|^y?3);VdC|Fh;!{+PUO6r&nLIVZJ-okOSK9ZK#4$N=$BQ9!)&8G*Kn*$WYiq+- z8tqd%yWv@?k<`8-S9iOAD`e_cUh_R%sCz%e;^)!yU4`%72=88*Fxe$eZSidJbFYs) zpMUE7QxW%tR#j%&;o;WI#!G~E)`e}?n|txbR^g(*I=$<`X~`i{==iB?*D~*3<3Dw< znC+OH<-Fz2)#aHdUT-tSkg)`RV`f3v(?xCc*pW&cZ`STGsSV&5m60 z?dWRJ_M=~p%USjva$1qCzHgQl54erPFsU%swY8}#zCN~COfM)z=iGrCi|4G9v0i3; z|IPe~8*Tkd+5Cil?woT@{*R~lFMhx3!)p}5+ zJ9)A4uEJ;0JLjDbf{ex#s7q>gDy^-3ZhO^it48OdlJ8kztM;e!)hs@Jyzf-{n~RgJ z&&}*vH{W)#FsMN~d+xM^jJ2Vlsh#cd*&ohiR!YYAg|9xh@2pXm%2NAp9)1h5)%S%) zNK7rX*~lOTPN;WQ-YH!lv2v+?ZrI8Rd5>4GtlbY;X<=C#>iOs0$FgPz_it}6-uUXc z^WWo8_tVL3HFxEtE-kd({q*O)ML~hZV)pBQO$$33IOE?9W&6b&4|?w^O>~&&{#YAa zl^cjkOmbQGJoE2w`Dup(CVh)L`{~A<#q-}>{xJ3Qr>2IdtNd*geo5`O1Wjt4{`&X$ z?uQ9$_b6PLSX*scRU2^3@YI#9D>tV%PgMK*_+gQXv=ZA&|}YdVs|V^o?mN}>s|EmxS|Doz0s2**$t$PESt{sAE!Sq@S&P^=#xK z%kEzy?X8j$)lXJUIsf|B$-hN0(_{C8v+;sY)7uQWx?R^+ebzNCE7#VVdg<=!%JVno z6yL8`-@mNwSa@dI1C_uDr>FM+@4tWgyzQNj^M8F7=llBl`TV+&31>a7g@)f3JA35E zvz4#je>G+gmDnFAR~^Fn()ibehez2M{5y^-GBl`5OPmtlvVY&E`Tw}@wEybr7l`Tw zEs`=#f2j0z-#2yFR;OLb{mZl_9Cg~sG*hLhH}U6Z9)n{qF07NCwLNRA&Hd@VZ{+tg zXg^;+<$QL+^Rkl?M*{=Tex4s5{Jh5X;S-)7+fSvxpNYm=|67_O?7H+1^S+s9gsbbL zJdatFECl!S&n$bAt(sg{U%zTAe_3Ys*8{1B+P@#n|Gi-0#ao}In@oBXF=6pD=$v$x4-mYWiZ!@f9KA4|2`-8=Cjqmo9b2X4(|^ue6+2nQ2xaq z*?$@9+0M@in{e98&n>oA-^=VuPl#>r;zLJfNLf{<$i$mOAW7WeJ19J|O|4L+aDb7*Bt+@$KQsPWbM(_nZ7*^`MnseyRh3~J)+9=|>|J0^u^XfPA|Cwj<{qNlm3(l(t#THKn&5&rfe>=f# zGwmlcXu4pPiMUE<%>C=TzS~cEY@sE}Rn#-{?pNvPoA)!d586ImcOJBs&}diTw;sQm zpRCFKt6prCODVRheju%T`^%(VRpA;sf1Y}*S^2sA@147!r@JiNRkdAXGOtLhv2??G z@r?f#*X-`xesR#E>u{6Rv^7^h99^u{6Fc?s#z%|{%eZ3~FedC;xA6Vk{@b^gZwQ$1 z*rMF&@tRr-zonY}ldFErwO#Bby(>A#NTpZ%E>~d>u)F>KRxxk7I-M11`u+dvqY_60J--%PUD@=(@@V2jEl4h_ayl>zylijZrav>2KkYbv`D<-2 zAKxo*8>OLke`xK#q@OqE^wods%$sMgug~$MV&1WJ@z+6ZV^&GkM9;UNcJD&RLYcs` z^%DeilvQ0zzwJ@jzbw>@(=rcKq&7(IaVV9U`f2j4{Z-I4u|`*a?(i>MH0kwkt3Bz{ zkF~cw`C&JA{_0;fo_()Z8Q86BylbtJeCql8#j(3;KQHT46OFv#MtUD-i zv~W#~^WIz2_b##MTQP_EKyng~&qX<{iJY{@Kgd^j z5N`GC{N;+EeK*Xs`rps!GVWaBWEiq--$(KKWfoS8uFlQ< zyZY8$*-~6Ee;0S~;vl>A^QLcGv3R+A;zEb7<+J*-g^q(3GA3>ev0KLS;AY{wkhp#S zE^qtqfB*mG{h=~#UXKEL=hkM;+}-l({o^|^95JQe_US~rZ?4&7!64AkxQgq*-M6zm z)^u%5@wH^xy>9u1s8+LyCo67keE-^d{{Q%YpRa#;YtH`V)uOz}WDzmt-aB&PDNA1; z4Op(mwJQ3`>f142Y)ch&`JAtA-IDe7_IoY9o3qVh#eX^a_MZFuVXvO7-H{uMZf{^Bs*rIZ-|G`*M9LU zmoBb6oM+4a?d5Kz&=8%htI_$ZH!cn?l-Ts;=f}&FWv++T<@hk~E(_3{b5!xhN1Muh z>vx0%yne*HDnB<|=A&HYp2t~FW_ZY+-hSfaYZdA4ylPM~mb?AnZNSc1YurAm-aK{G z)l7Ir##*nyH9o#)_3ieDoXCDVXW6HEl}l$I8j7yHdVaEM>!hgg_0JdB<=)(G^lioF z?f!e$?+J_hb*A<278Z5;*_Su^+h4qJl)J}v*3(HlmMqxjJJ>3woeP!Ok895>CPutx4@uv-||?0?A&*B zS3!k??ONVROALBU=Ez^KNGdgp54zoS^jFdcGxo2VBF866SzAq6xpr-j?IWizg@@OR zvq3bb^;!5-f6SD}zl5qAK|MjA z_IIk@rL{#)Q|E;l^*xbZ>?vt#W_I`Io;N>q@5;$to^xxC%FACTRF3TgtuPie%k}3)hs^oKpFijDW*!TanHq9? zS43`im=<4Vjj3(^M3=tlSHBwDYueX1_MOhjVW<%4ah%0=UVr|2@mpC-oE$$}-!A$5 zi+8Slag_4n?WsnQGjCO;itAkbChu3YA+7V_?aHenr$rNzmnxh%H8Di1ZCByfT}wV0 zz3B1WlH}Jdb6vx;NAJGG#i=JJwJrAO4qtcu-^t(Yi&WqCt_odZ+jm;c<>H2?HV=(x(yn^LNUDknE=sVSQm z;JMB!e2>m~^R5^C=DZKDpZaR!%hUhj+0OS*elePNFf=gO6i-tV{`KnrkMFNycLgNJ z_ny9^mr;-taxBW%t#h4P*z5nhW-^<0UopM*I!bZR=lgxHH9yq2wk~ozuC_GBlHvBF zB~{N&Jg;Sy>{)Soak5pQ#;Rr2o!^dc-T!l|xLIoH?`socqAwj;`a0{yyGz%mhppVV zF6@|^)ZR+ppBrD#X^9lL)fD3w-YYdpO7iCO(_5RDBV-rPQyz1;16+Qms zr{z6i1_y>ZBeO4hm!@W4-?FECr=7jQ2XXoT)9b&g`__G4d9S*3^0vH))vxVqmw(*I z`L|-x3eVXYN`|`(OxE@N{JbRCeBQ3dpXdK?uU{-ZUGLS2gN&)n{@T-Yt}I=Bz2xyV zUD0mVlRJu1RF!vb+7#!OXSRCREUBw$n@{~{%zE{@^u-6myHb1C?pykKYtB=tzq8-Y zKl9@J)`EvhbALPuK6-3o^5Y^7v%W`1RxJxURq=c(@2_|B|M~xYdnrp3A4beRpM#Y4&O5>Km_rTrd|h+Pc;1-_7N_iXQD~$_cx+ z>(#rvD&{9L-+1kxR1jk{@5cLxub?$DpoIW$ZtE;A$eJc2_xgIz)Ys`IMPC=W>B&xd zp2`90pv;S_-&;A=&2N6tH5IFmNA+~;|FQNyuea{_bG-h4_^=G8XX;NYAPB){tpQ+O%+>PAkJwM6Mlv)$t_gYIw%*4=e;f9DSONIabdUm;g z>yGFD)8C(c{CLMZ?fdWdhVET(@kaRs21f=Jj(66sUP`WSXQ!UrCStkqk!Q~FBDKDp z^pDcNBnH!lB_4@yq%;Pt?e1eUEah}&Y<#b@AXx?zW)up z+MCBP#iNrcb@jRD&P*8#R;|tpFTG!U{(ZThwrHqniJX0_+oeq_rZyeoSo-yI<)fXl z?|=UMcJvXCdhik%gC!@9>9Vz`NfewvE+?-j(j6?tInm4N&C9oo@0SIX=6-oL;r`Lm z)FbN0C0<(|?3Ld&Q~&=xW)s~UCKe5LTdN+wBLc2RJ3Is*W^}OI{g3{0HNKAb)T}?! zpK9$4O`9Fv&X*OxNI$>n-@5)ueMkRny4xM$FkzWzPD;yPfBT2Wo<(@B63bt{!GtSg zRn+=tZ~o0sU}LU3`TY0Xe_V~ZOIKv>?aHWR^|N}mdjIs4n1h82wm%l#vgrUvb?P&_ znjaq?9#%i_Ug-Lotc5COrzX0~w|(Tya$>xt%*sz?>|6W%~3* zZEO>xCT|MLF!AEBI;J-B{~VQuU_lqty#MHv&GibR-3KSbom3^vv@szMB!NIY#}>1u zZ96KU<1$d74; zTnk0cz0h#;);`2h_&C@6yh+o@NtHwJ6& z7x~3>Tu*}Qk#GS}^ODYj&U(YgF*nJv|fO?Ok$gm%y_8U!UvJGEaF5 zYpq&Zb}?(qTj}`NS=BCyY}_xb%Q`v_3eRZVu>Rk#4-XHw`#0RTHQS=UK*i4KdH4AX zQXC&XZcDS`mvvz_)ZCafIYjjQz4JfM^VdyYbt%c`@&OMu!z~9k#e7Xaa*;>-=&q~T z6*=!Get-KjKW^)clAK8&7cwrnVDtO^eRZ+!!epy{U?8yQ62^ z-_daG8S52uvr8K`%q&n_AFO%ZDAMb~t>R;)$DK7!|K3{=zJ6-iY1hJP21B3k{;ev( zuQDRdPNsBy?Brzo_1mKKlZowLW|=$N=ZD8vPhPy9FDN|RJup&q(S{kVzT7vfpFG(u zH+lL!3y;*#Ovf%~W;wBXtXdUfIcrzCWFC~Ztz|jwJws!4+mge3 zE;0Q&CzJkp*3&;1~7izAO-lyEIHamqH4(shW`lz4S~O{Rm_#Oaudy+MK-v7{lpyB)Wk#37p;+v8~ z>IdHcQe)KQ4f@DZ>t3#~v_N|eICp_!jdxw_MW^%Y#5E0M-o@B4GruUEPH@O?|p z=sp)dFEzuaZK~hm9BFn(M~wrYo_a^_tI>>JcjwHksoENvT1^fIR5y6-o`0@P>g|%i z$(b8uzduhorMj)}tzc~HwwwU2g(6H(CnbOIl44yD`%cgY;)ONDFf~a2bp%U9lw9^$DXne zEb_6JPR%^WCnhSoKyZqf_@Z2PcaL=uduRL;pSLJ6le>AcCLb?v^49f>&0k)KNGYiK zpI!6spZ~|``8(Kc4I3|4vIJ=^3DPjRWS!4x5!XG(A*sJ7AtXeZDRJG-k81mV+3)v@ zvhc|`T)(|){^XqwDu+&*mtEeJY0Rq~Ho;G&M)ZfShGTPvt8u9B z+sciWeN&gz#0eiRJuPX!Tl}#3|4R9NQ-qFt39Zdqx@hIue%oCsf5HttuI2~JkGl`wWncSv?6CcV@G$+yuV!(%RaYCxvUe^rkw~+d%J5WxLn=&V6#PR-H1Gbyb?`q$%O=GilnSy3>i5XO-IQ`F`W~qnhoy@h2u8mc0@#cJcnk z_Kd`qeg7EQez9?~^ITgWeYEXscI4hH)oimol?1Qwyg;tpr58VXmS}bQExqt^i+7$Z z>o(qPtrt!$-RPvyQgVG|s{{ALX}Vdgw+eqNZ)H=QaO-mW)-v8!8R@BB$^tjv=4v`} zO%RF{Xmk(=6mV-fWD*j3so?qBJAWtge-8hD_gSy`_fKCY`+t`2xAD`--JEsQOX${; zO?7hlWifM%YRVE=Y%M!4Eafnn7$A|$v2K5&w)?JjiCGOv^QmwSr9fYwkQW-NK+4$h7701iSKS7yhU%G5OK! zUpt9?|JPbICeeSpul}CL!ZBs>jn79GU(w4eKDoYp?(Z2p69jZR3exV&`R)B^b+AC< zc;THJGQrP}KFiQGaGAABHG0My`?hOhKcYVTe#`25f}zxVTY|)c9~<4@*LiF`X29&z z$75LW$+XAe#QVnY4-dEV&u7?Q{pRjZF7DN*cjg{7+A=k5&vxmTYuAa1iy2Mon(TAL z@^+=r^A~R<_qp@SKWkgYy5gkglE(tuWpzwEbtOG+hv;XuE}nk=Z{^`fY;#h2egx>V zm+f`2kXiKm2*dJS=P%i;pSCtU|Kb0CkMF0yy>(Th(cqTf;>n(067>DF-ugYz<<8lD zKfJ;vETh+9hkdnct9xguqBULIw}RBM%-?isv`3=Ylo{Jm+;?Mt(i zoWgpNch5WSwYx2J@EO5_UqvhMLDJ>2e6Eu#U`+C9J;>6C4oVRApinwv3L8R@sqJGPE{l)`p z*~Ml?C@i#{r(<)_J$=7dOtw#Mqt_9^BoSRz4`xB0O)Hmn`tJYFQ2+11-#=fD&aL_U z+dk!avi-AJUtf2c={&hO{rkSB5^P;uFa3@MIw{yrii#3B>azKNulbB{nbh+u^R%>2 zNxXQQRI*|I+we7swaK>LT3UCDKTLUhCPVU;qj&xamUZXe>auZ|EMrQIv~YGlG0Esq zYwMkg*SdSYyoytJvp@MS(*$c}fd>aJ`(N5oWcn~e@YKdyp*iL*vjS8OHKxyB`2L5X zxs?~ois(&}TaM<;v}EcG@_Z$>HhIr;g|H%tM3x%oHK)&Cx^PNOKyT@~TxE^Zwfy^e zu3yo={kubw$M8<^tc&xSCFH&nLO;EF!LoIt!L=I#Tpl;_{=d(-m2`Dhsm;$n?<{SXPkWWb zG}(F1jlW8rDN?=5QtNEZ@0T!_$L{a_^hjuWfEN4f9Da?~5X-K2TlgPp7MZ!$Obyff zc|>{H&ZQmmM089euLdiuoO|8j?H{+WY>R?5ljUtbNi-Hr*m`=}<&gOH32IRWOL@Gv zpN~k1Zn52@+p=0HeV)93<+0b^*SOYhiJm6gzj%p?f{OY2_|s=!U*C}ZzV6@s_kX07 z^YDLiq@n=iJbISUqr^?Pc!=ZUNR^-E?iF;XDCR$g#^Y3KIDiT_}rKj4ij^E$zrwF(B z`o~XpD*lgsUF-L*$Dv{4K0CgDUnJM<`2Kjw<8x=?9(2!I|N8qA3;pLme0cbZ9?V>B z(5xtw#@LS+~rDG;6!B zzu!CW1WQwXeDU9TF`s`at^3P;f4M-y?WST`edfN|jcgJKJXV-!C)Pp04Y`IbzEYhH}~u5 z>s2JUb}l_TOGfnOYkskJf>KJxZ@+SE`hMiyA9sJ- zRn|aLOJ~8>Wlh%W_V!K4-1T>#(*EGUjK+XTF@J5mAKQ9bY%X~4-~rFq3%52 z?OS)zC6OuDg70qPdTw-7E>lpLUr?B88&bI*>5=+?G_weu1 z{KDHS#5*%%>4qRq7JH9(- z$&zVzcE%em^oZi%QV!gfd+$ux)=uWR?mwru|C_7o%YAc08ZYZX0Y0gx5h{;4bB;5L z1kDl=6-%1IxV=Bjc&pJoTeD9d8-DMRY`y)r@^aVHKQFTDPxjBRomc}->rXS z;T~Vr>9B+$b?M5;J*@#2ExCJZbNa3&u$gT2Uiaik-{pN;WtKnn7fe}J_Hio9Va7L> zWp(GCJpMNS#e*mB+9$Ssyq3R8eB+0bgQ<7KH_s>y{632%SJ8L>nfvXasAc*irw|)< zc1fneB)>pOy#)()wEVch;CNXlRrvK-pG0G>$gchDjljq5vLaJS<>^2wO6E#dqU8z z^Rqj}g5K?v$k=irm__cwr3dR?Z!iA)jMwJNm*PJkR=V#j{F~<1eynp7y{0&y%XUbe+?>lUK`%MG|aJt9YNcYCNUm zWl{UwVA0W>osYPd{F3T^7JlL8~nORjtV9opwzwr1_;RV#R;-_-pQlsWz|`1{?{^}F8Z@nkM?Yuo5A z+n#dj?5(qk(Km%2eXb4bo_Rlg%V{0k(@!&Z-tVpnTm5y)q1ooH0>PR4Zw6&gbe^}> zjidQ#u6N|MYv&I39sYB8`+xqcpPv{1F1^jk;w&QOs;Scz6dnBhn*z6aab-fmgt^t< zjBE@W=lUeE9X7do^+H6nuWu=@Mtg`>tC&!tRNhZ@g{^Mh&5IHy#Q(pbd#Cj6)jxOr z=P8(3oZ)>v{ll4TS&{Se{g*R(HLetGUC1CTT$mK~Fylho6aV-BeZ{VX`0L7~oZ6Ni zYf;gC@cXv&Hc1&5K1x&-&2iW=gTMBL*}U4q>HpV#?Pl`l6kGPwtlP8LA!3P&X!piX z$D&un-S8b)*u(R$&v zLNOVVtNOi5Gp#v{eQJM;EeWyMHY0f7w3El*zOH#Ht|5P2eG7O?dHG0LASVdS=PA-&q%l+yzM?qqugtOO_#hd&N_7w$OTChXI$@Q?) zgS)~HwzYl@Y2!U7XMO11J2|_$?{jP3ZLgc`VbLHbe^^qA@%Fh%>(<S$_V8^05w|`)d+@Zc5dO-!|v*a=*{L^}ob! zZ_i0O+ZAdtFEA`D(bOj^D=T)<>xs8c-jGn=RaNo$g5WOs>Pa6Xnhs?sN>ATrSRc1H zdq?Wh2~i0g2ELtQLOzrIP~g-rLMO-5R?%`a8|khB-e^jojqIoB`X>ZX~CR^77fw>@?CxU9v_+vkse z1$7JM?HKFSHz*zb(&PIeqftmeM@z}h%*ivbh3T-%O|wMJ%D+daf8Hi7FLlUM^)pBJ z+Z!sfzOl*7|9@NC*IhqecJ|lOId(hR9}5eEy3~cIzpY-edNrf_!#OXVmQM=qJ3Zm; zOV*g1M)`|ozdU*M@`-nErkK2+{zy0N{h?aFx!0dszvaJ|cIy4M<5g+_Gu7gF&-(h- zJls70;mzmq4`$#0FIRr2Liy>`sq6NKEo+I=-14PoGmqnzEj?3JQ`h9gzp`|;=IQVG zaBN=fo*y@ieQt>9UJcF3$X>Q>jY#Tk4W2h!dfCFRT@RMx`uOAC-#^>^@4Hquo;)edebIesWJZnroOG!uGyLT+$ z&a*Z3w}0&@IMx)_HP!sS*Nz=6B|2u?U#)*E(Bo$LS3w9MF?8#>nKQ)Vd~P&iRGR)e-kDow?j^bF%GN){+MEDmF=v zB|ko?+aLS0D@&>M=)6zb%jSMQ>VNF$mX75;2e%0+aCd9=x>bByIbUdUo!W+e?j7@% zsLb`au%X8CwcQ`VIU!kjC)Zz_aZuqgGxMHLck>rdb-J0EH9cqPqJ^x-{q`n*4ajyi z5Mf(9VdK2Rc~ATLzt8yZC8O>8_tM)b=d-KA*Wb6UJ$u%njU#2Pt@P3CM*wpUKMcH*1)c-K!?XYF(bTI%u8{~ zEXO+5%`?KE)`@Q35VH2Xb0TZy9>4kNzccUn$8-D?jms~%$5?G&A^dI9q#(P$tG^5N zx%@c(zGnKqe{n2QFC{1J>}Gsd;!&-7(!Ns4dtmW_Q=*LEwUF5GjJ zf8ydp`@1#MzSXOqOk=Ztym*1ES?)e2YtiLQVP7btqGuT7wA;;Z^Viq&>fOBJJU?xjcYmh!%%gv`CV$la6q&1caPGSw zHHyMdeKbqc;@4GqPdl+oC3sWnUn?=)oJR}Q=Pz2eYL@i+yIv|1=lYm~buZ*)ZaY(= z;r;$fG0!R{weD&9$rn$lKFH{kvpnR?Z|_>DapJ6bOm|?2OL@3{Zt7A7i){-`q?T32 z**dyE)M(vwDbB}t-TKeF)unFgq?jzpEivko)O&Jmc7DSDgM9y&ef_vCMNzbW^P63- zS4M8>D6z47ek{DPU`DZfUqQ}s?G`Ssf;A>vbHjyrSoJl&y>Pl`#&db$y1!a|ymLP# zPrP?KTtwiC-c2Wkl!WDLPYYCwJbW{8?~ykDM7BRX8IZs}_dtJs)s5O8Cfs7%KYy70 z+rgu$HPECfL#08J*K6s)lg;cAdn+8vq+3sKn(}ti+$mEJISTmS4!L?Y?u%i}WxM_# zH-&4S>i_S_&cD$o_u{BksZ3kDU|(|xSEo}3tK834pPM?DuLRHite+osrpM^T_IYlT z-`APGjV}DR_TJ4kcYo{eUv%Sd+>Rqr-j1QAqVs=VtzNl$wWv@Ui*Jc<~2XWRQBMvTQ=c$&i0Nb7aJG4(1sBVdZyKJLRdtZfeGKp#A-h-q`$iOLy8l zy1&EjoOhk<=|w9xO%gS~(~}%oEVo)|iGw9ywR}Cx?M(rGvlh*Aono%HE9KR~>Uo)7 zt6pnl#}r3~oa8_D^~o{0saJHD?x|DkGrhjiT`F^iikjNX_jei-XVg914C-wB01Xj1 zIC<7xD-^L7X<6Z2u%u3{GkO=#)mo|D&vle$I%V}<>59n>OqZCG;3g8dkMnYgk6`xTcdOc~gXfkC^|y@rASco1%Zbsju1E*u(4Z{}ufAmEHc)i;c-Q&)zx8Iajyd z?8uZ&b5yV2WMye|V7jGxh(m14mV*E9>-tW8GCIe{7bs>H=(LE}^TdQ3eZ3+=jm}zf z?%BPcu5c_2{b$8ud00;`hf#5J?Ix#k77uk5k&Ge%w)i|9E2hyv2_rmftp;Q`j-hIJh%L zHDc#}VXO8(-aHEfqIMN)D@JUt6TY;GQ!3bU@l#g8W5Ho%Oliw6XDk)Czwt3X{rHE0Ro(tO)Y+HJO6#=?)+ntuO5aRPu%y- zyx#NoqO>=c)h|AN?6FkfRA`-QmRhIHc@~#$8Qt&~H-$TwO@I2VR&?`!of%0BUX-hC zcp~^&MoA~_r+KcmqN9Xl(;J_e@tNjjD_8Amy8rXb`pwDTrEUHm>P|_y7sI^fW=p=J zQ8%a1!)xKyEYS*Ej!bA0Sa4aaujJ~(PfY^LtIsuttt)$TBjTjXx2>8Q9R@~5k2r5> z{kQCu398wr^;I%k?A@W3Furp~BsALj>!0|wY}%RRy1M@HuNjUKEE`@;;}_J?aL`Qm zJ3W8vHI_q)eE+g6S&$f=dyl=w#`mfqori(r- zDP8!uu>Z=-HLEwCo_}xO9dBdNkFO`~k2zFcS5)a3Z+zsp?Ae5S^LCuyH<#@t!zt74 z7f=0-^D*?88~jL?tNq85^>>>u%zFR-NnlByX3;YXmAv>3M?wp>TAyostRUN3CSo&yJK&Bgv_)8Y0Fxu;9(k3Bt?(Hh3}_J)eO`b-Ilq($rdFK$kkd}np` z$I4)zlDUbWV)&DvS4r62_ASjdweBk~{Ba_)>X*Cc@yi_{v;O^yD_^wMsz4b=|7|JvNJ*kAMbZYJOBK z|ByT(&9Ttg*x&ZIh4eIi#eg8EUG|=-shpyB1%+yv|J>U9{o`EqxI-Lm9$Kwm&McOB zx#jZPji2pHx^*zkd&AMzpBbFtuI4_)&pPLR-&4G) zd2i$8piMPLgSx!DDnC@)KUf!?=aS*;A8xLk{8;6fy2NaWbR{w6xjxD=t}?z^N`6{1 z)lxjfOwTQ@4Ky~LDr#bCR`6o0?Hp;@h3ORn4Ot5-7C% zm%gcrNX(jbNTGIe=Ko`V7YK_TR=K^t$}IW8wEa-sMGgL+)`)C5Py zzNw3r<#IO`Fj)V+C#SHa+V4iUt~8|Q=)ZSGy&INke4Ns-X8HM$3vJ)U>RSq^i`1xO<+8}uE2`Sd79WC*@&+lJQX;(h&&cX8i|DCtR?(7VGeN7?t z*y|{Tt<4t>Men(waawU|kFd1-^CKUP_mq6#SblDwkAY(PZGEQC|f9q`T z?R5?w!kM#j?r)hW9#_+9{eG9QyMyoHns09^S~C(^W|m3F%PrfnsL8>=qW8+{HB)py z#e1E%@J`<^-r%PaI5}BDb!yD!w^?%4A9)oX+}|Oe@=2SeOv^R$ug$dBYT2-?chw24 zQ*OL8sg|$jSu4^vdC`h0Ls8!DXFk26P7iKmc4@ED%#S+n@SJeSNw0FA7=AVyFtUqSJbi~d5rTsSU!#q1gdBFo>hmWf^#LJh-v8>Med0V{P@SVmK zNr#MxfLNzWjRQ{(FfbgwsB!8d$4enGVMnEz%hoK(IQH+Fes)@*NKi6!&AaRGQWBL^DUN^;-$+CxMt@4tqcwk@r=?=s1zA^=#_nliDIE7VN zC4>$eaJDeHc%NF4m-DDAd)>3`^}mh(T#f%DUibcVe9Fm3VO5vjSfOgWXjOKJU{>ZsWpzFVb> z$t?-G;q1I1C-25S(V#lXE$1UxZf%ULyu4Oq+O)+v)p^yXQ=K;~Xn1TL|1c(POe|8*zKIZ@1Xem-Lsz@P)I$h>Y^-oOx^9JP0M|Dz2@O!j^oOt%VgwLG@fOPk>|HDubw``4e_6`!ly;vN$l^hPLM@eV7;bdyzYia8$& z`MkBz;4Hse%I@P`kA=5MCKOe4{PnkgdF*&4TU}r7qNy{Y|7kjCwilQ>6uhW)f%P*7sBw7P&v+g|bFFAJ2&SzHhZk4yRNV-U}d7S)J zX)0q~ILZIsuA{2Ewkf^!=&$$6S^7fy#QF5S$zPf7)%;A|_a$52b$O1LmzN>$+1J+P z7m7cb_;SzA%!>5T5Sg>>#M<+p^Q8pm&HMZM;g^q(=e&BgXvG$t_P@^z5)GrLefX(n zCC520@6wZ%JJ0H#eRFsB^ot)2&8G_=Ha>hx@oLhv+N!?mJNr3VT2)2LB+4c4Hk1OtZk0W$i-4>gKu=pl*irlaNQTRQ7spFOv9iJ8{@x8nMzABH?H`$rl zNZ{Fzm&Ok)JfbJgn2}JF!7z6<%j?X;z31MSUX%NIRY8_LJw@R1gq&MjCf-|@_kY>n z1}E)SL7ol2uH82Dxx9DTvo8!W&!0D+w>zAXukWVNa7`#x{iXFMnLgo^byuwwRr;nb zSXC+6D(X9rak_t#e!_zQzgYo=vZiZS2l{2b>s=qS-u|3y9qZaPGRvJI(F0mgYx(bM zXShcEjZ+K%Dat5r@SWV$uwbu()9t3JY1{POxH_`AId8P7O!P6dG7Ozm^?&Ydi!Gm3 z?TXLGUYRm2Fed2C%g4tnzAe`eiVO6-eQBHKquI}|tZ~rte>vyd-hj;(sZY-<96NUG z#>RC0+uL$JT0EL^@+zy3<1)dGGx?u?Ho5-u>#?=bl`lT37vykfG8{UwOKSI{w7yw0 zf2!MVPk;GjZgQcg;-Q9r7X_DPH7ytXu;=5fWeME8J2tv#v=+#0nfgq4{-4mYxi6l5 zXyjWmA;Z0LiTPoNxia2btX{jdHY@%(QTx5<>bKP|x|S9$DF}U#F=PH)%Ol(Cz9c`| z=$Z52SN8g6x9$HJ9@kt(DcDIj8uswy{XkgDakW zdwwuA7Tnl<{_c-iHxk&J)B6<8?tFjvsua_*1?&E19hgz={wDs&Yt8_#;N2D63q5X} zoiOk6^)q|(*!;^4EGrK6+d@k@#(gp?ax)%vDyzpTJ-3KxJNfIUsZ2$w`O%9SLLRsH zINdLsnzZP$EPZ;EAt!I`)06r2-LJ2&PkVVtt>y8DE0517a7S#-(){{4%YeCYrl6~v z-on|-7AYM%hhpdu8Yl=6N_{1SBYLSxFcH9&+=R<;-yYu%B)qh50@RieP-H` zDVw4rWS-u78~*V`u>azz%U5$foS3j@#{AE@>o-3=9mU{u>B@xz2X0tQ+q8G}Ro(a3 zg3g^$pJue)zADQjSA{R==86=dobK~~&b|L|Id*;VmluZm^E`d6Q%$EH)iL7Q>NIOs zfBie*E$iY>uRLi|$nvx`aaI>s<)^84@BB}%KYLyNPq^Q_cgq&;nX-IdC10mQb}v)j z&c9{Hk_zYD-+H_FSy{dLg{!VPB`IFK^X(p9)_W<+)N*Ma*P01^%~EnnUuRvl=qwaF zzy4$X4StbmL5pp^TlUNmHNX33UfP>|R}DE>e$T6!6Qc8M-~Eiawe=H&F4TWvom9xJ z`8>)~%H9+keSi&pHKdWyCCdEFipkIV^OsxPd6aRqhVoTC9= z1J>SO&bxTozL)3!BwE<_eeDYnyD~*}(iIW+2~mL(Tpv$J|K9O(nsmjx-~Sz>Q&pFr zFEO?-Jh*Yn;r9B+!X@SNkG``#`OB62#|_@=7q4GG&b>SC>9^VI7w_9PZR5p6E$!8x zye4ct@iIg>va4#|&8{U;|mY#MDEe3&U1S4Ch@UsdYsFo6F>Z`YtJ|}m}uzhKTde=nWe40r}%1R z{N1XAWmV0~KUcU+vr%$fn%m^6y5{D#sqFv%$!D%vyI_fmRcNaEmn*lL#s919`IoB8 za!6p!?M>4Pb~L2lw>h$NqeSY_z*F9fdVG&q+%-S3dH1~qk3+=Wt@<|Aey&oQ$l>I* z#3W)(`AfRT#bR?lf4<$P^xW;%WW6`;;p^=-&OD1Uc-AR;oz;?8X8(ImRWh#^??#;jJEA% zMrGdw+!Wrd{swLZKHfW1`iJv}Zy8zH&lf&U-xKERI8jm4YkBAQlHdq|M_*T`eSJJzE53Ay89;WW9KKJS5Z#%!tO3UR{=M3xXn%!@tJiA=4_He4P zRL$}gv2MCwL@x6j^gfbg^YxHl-raq~S*j4%4sd`oi__>)ooQJDno$ls%tY zGRN-l>Gki+IG2cUERhbJGMiIp=E8qndoEv{(dOuxDym*x9ee!w9p+Oz9J9kk%N|ef z$#h<}nI$GGoYSwLFEAkD40HXz<$vz-*Bv_WLc&XX%a$dlX>Ht*opW``!l zn{~&(*8F`PpLlfD(l>AApH#e82vv1837@)g$)YK)M+2pr9RJ-8-*@WAgNEm4-pZZ+ zy8WJ0z0uK!%I=&0?ho?tQI)iT)y!21pgUI8aNw+;uNreRl1@|W}eSYu9DINnun-dRCUN>ZNwEuPj z()DHeQS@l$xjGHK<;591s;al9tXZq|d}n%{Uv8?T@Jo|v-xFg)LQY&*nXIzQZ^PfN zuYVqY|JQr$S!>OUbNq=j*fy4M-S$eHmA1_!()&VCig(LamfQxu)(dTOx)>+PC7#n* zV);ZbIOa%pY$ncsU)2^eb%aPj1R zK5G9{Snl6TZXVwLhD*Vz7kq9{pOMz5x=d+u%%_(d3KDf?msbT?Z4WnJKE?X*tfkkV z&j~J?E9k#9V8`FRVpfJt#)dAQuB!2W^#6;;*M6w>@jG@gOKX+pZhu{Yp!Cg4?@aep zGSFD1^R)cm2gX~|w-~H5HJ$o&iEjJGjh?&IlVs%OmVQ1HsdnsGaa({w55xC6)#mJe zbC-QSvU1JGX>JK#!r4ZSYgV@(aj=iF{Q2;}%r(#FI9`4%oD;RbP3iLVdV7Nl@AmF` zb?r8%sMw-8JKtTs!otO6@#|Cfm-!a&zWqCwwQs55p(9?s7pqg)J1)$bzLiTcu&isA zYc{8AcA(#_e%Dj-id!}r9!|ZoEthF(+PUO@mJFYBrEeS}4O`mW}7s~dL$n4JRR1Rg%G<_{3mQ?RsjG)Q>B(cEHi@8dM%T6wAVP@yQeC<+?q`~J~Ijz@%_wHgUQD~U4U%=L`E8sGxQf2D#ire46fBSUd zvi)Q8cRwSxsfRuBnX%RVk;}0fuh(;ga^{||+N^r=$&8H7Ih#@qomsEVYg*l^5+Js; z&{6sShX?yN{5{pXZk9r;c<7Oy7mM$7UYIg}YWbf_OO|YFlhuE_U~8tFM*AG6g#0_p z&M9u6b5r%$&ZkeMm_3#z&zPvxrM+t9s?|?l|9}1d#)d_`0UB?(ySlRzrQQskiv{50_q7@2LB2#=@l9qFp1+ zc6z$r!~64UW;tD6vT9AvtEdk~^`Tn5re=*|T*e~jjQsYUS`1FfcqOcPjpzR8qL&5*yz%5>Z-@b=8dVkrnWlYYySgv|5_go&-a%f@B9)Gu8SA!}xI?j`diDGo#D_3}SuI>}zz=x8i zH~nVW|2TDh$M=^lGaN+Getdn?foRhxF=JkxF61( zwj?;ga?AQS@27jBvMyH?fWlINy|u4xzA{AeoV9d z&8{Z}r*yoz=7tuv7I0XIU3;NmvEf(O**m{)p8xn@d!2{X)S_5-U z?%2xZhoqW9->warK3zzUN3oaTsp!)?J4%ITu*vUztoE&3=CRB3jcl^SIdbgR8wCMR;n7 zZxLLZHM4lqce}Lx7G<-VF8#b>vi{4XMbB=m@$p(S#X0}@=_j-8z&o_~M;y-O4XX zQjOWL+e^kRDD#rn;zLOFtBHQizc<-&()uo$K%$yzS|2!$yiNAAb)>Z8jqHfE7C2UonQnh!7rHZ+? z!cy~@V((V%aVvgw=B3Ob%iaTA%btYw|KW<6o|Ii6(emIQyWM$y`RcZXjSn>+ElZz& zpViUup+;`WW;0kw)3y44M@t(mv zC-VIN?`z*zygho$ny=AGpu^?IUiNp-KZeIApTDSlFCcBvVw>}MO9MWtbQ<4PY5Nt} zH&s>1DZ3yi#O7q_>}!UGcJKDD{u}gJlv#Ub%Ezm>SLEd#o0a`FT$AacLGAIr!Y@y! zbBKw=2ryocN}Qpn#@1(eqg3QDPyDn9mBTH&mWDTSoGFR^pRjH@L%{AQUQ7#jo}W;* zzT4oh`gdV@%jU$kKR1*iojTAw(Xm-YVpCdY%6k-4Jmh!N=-{rOsv*(MF@f@r9?rMviwrw7vH0+um#>z29NJURFypC# zlz)-Zyd^6W!!b2Wz;{{cVfa^)x}KF)?fPi7pWgxc4E$% znJYW)NGON<`rOW}`*Y;;pKs~!oM+6lE=dd0Ir&mD?UaSrlV=~TQhw+0Za;tH?Li@p z+YeL1%cnhg7HerVpM`tvW|{CCW-7rhTC0A%VV?hZb^ZVKdG^}B{wzIz^RsZU&duLp zs*goP-8;j=iog8GEDu;RM`=f7vhGCZ6MH|-U1sIo&%xfRW_qtbIkMr&D(m-)7HpX$ zYhAW`@BUkb+s|&u)Vw41YR*S@k7rk}OehjrBAfGc)p4(b$DZcyDf+=NJ8W&j`Gd+b zuPo-6zZP*)nAoBeSoi+({HL9^>^BNuB=Fr7{Q2|Pwq9Ekzdv6xCpp(<9Cy-qI_W{l ztXGdTR^Oier+jOC)FbStCE9^Dkq+>!}rwT({;MV(=7uWE{blEwx9H}&FN(dqSZDp^jNHcLg;RaC<}KO&TgEnh z*Uy{hjN)ouimFvraV)vyQ}TV&Mgxx<0wylaEsvX=lP8Bv6Z!bm{-@GJ50(DIjcFMf z6IPuHdVg|HT;%$G)5mYKvyZNeUBCHd-|dSZ4LAAipZWN7fTChi$C4*2pOIz& z#Pwj{f|l9Iv#WWMX1UBN4Zg(lg;!9wCn!MTo7a-%9FOXOf| zRok7i|J%QR;nt;CHozGXtHodV82#Ijf$Y{z`U|edVkU7`9U*7gF(^>QT4!8eA{d+in z|LN=hj@O^v$H%l?|IUR;hc*TM`_TBi^26=>k0bK+zsKyI8lW)Yd(qCP*ZFR-Wf!ni zm&k11)02>Cd5dSkBTlzAwwoJP%)C3-_TTQ?`tr$+k!IR?J7#9MvaURN(z3L!EV-Y{ z^5ZMNb8l`xU$tL+u|!s{Nz;;J=PzFWsn)B#Jz;rrv5yn$3KP%@&NbgPZuuQxzf|D4 zU~97p_lo@6O(I4hp8EID(Ldkk|6{rT|NMXT`VYJJd*-J%Ud-x!7{w5k9K-*zx+mkTe(k%- zXJ%MxD@L2F)IGG}{{z7=o!A3kxK?CtoyBEQ^@SzQpMM@R%g2)GPty3cFZXQVnN@%1 z2haDr_1C{>ZLC;(@9ybEQzorH&&xaUWa=%CwTufdaun@5-+jA$(W4cqPCC*x0Sj(R zPw8z)2|TEv;J2to=486v|I>e-udkh5Rr<*oFc^uJC#ndg?q?tn{iGt9!? z;DHndOba#E_LfiG2PqqPibZkS6A%ZnxEbKJr^#Y zz5n06!<{mFL;vL;vr#>sl;mn*bnMDY<0Df&Lv}XxDV53C%(J_>&V1LTlz)7B@#ijC zzgJpwbzR;YK?T|Ns+~vH_4fa{!4}pVvE<_8+nWA8k1g(nzD*Q!S`gy1Z*}*~?(2&m zeaMyUzOth2`?-4dqci`8*UCtJKltPW>oLFgM?P-S{OLPU$+b&Fld*1b!RJ4bEnB7H z|6N+Iu!T)DIZO1*3xii@JRc>uclys$kdtfsq++y2Im^^#Z=W!0$BkJ^o=bmxV1EDX z{l9PPUz|;w(II;5dAc^b4^QqfySQxWy|S%` zOifo!e!O5Uttsb%JKi zT2z0`Cojfg`v1q-_f^(hpJePSvvBDFQKn{>G@H7Y`+w_bUt9C!y}4bV(Js+eSEcrR zYyX9&N*pWVcX$|B9^1ugZm?f{zTM4r#u95MUV6BUzeeKt_w{w_mj&&(slz_My6s}{ z@&eGW~sO!b@EVQI+n3 zWs>Vt?>+HdaM7#i;R7)rnJtmumwQ0t_g`n=TAxolcf352x-2v&%JeO z_r2eGJ%xg9TRT>mYzxxfsbsZsZhBvD|Ha4?lV?QSUZIpYYgtT`_9L&}UVq#BD?+!W z{%G>+nV(~8y0TLJ>hp-Bo>RRV9)Enj|GV{{?fLcxue?~g?9ZQ1k26oLzkSTZ#HjJH zz+#iXpPxM}KmX{(%gy0_^KQ>sGMn$><#!d9x=N>vyXLHXeC7Cs#H;`M9)G%7|I@nW z_e0;F-hT7mgK^!<%vB!W{i!4D$h%#cd*1DyIZ+!wu=UB=ox0V^{o>TKg2Nr}?Y^aW z%U;;A@8sHsOA@+2ZY-~xSeYI6>G}OX?ymw{rtzIBoyB*_S4hVpi}|Y6#R~?1Wi8c? z=`Ho&_PT35$0CJ6$S(x=uYltA76b*(cNgAD#Z=m%U9>r*iexlI+06fqzV$6qYW$aj|n6U*BxS>sK57 z)?K~iYF_Z`4(qdXvI$#)9vjQoO=y?9?ILhR_;`---VHep#{|{7ex6XToA=x9kMWb~6?enj!F{#}Y>z{H|VvkQ->i2u!!(w1+xS!>CGjMnL|RWDyW z{N#e^|_M;I>)Gyw1Bo_S znYT}zbmo!0clN@n|9;|u(iyiWDqoxB{8VcD`iMia-|r=MFFLd(Dqni$zKmmD zqFu3b*VfLO=4^QE!;8nWBezzm9=&Jxdv5VFi&t;w zw>7(VPE}B1%i|lJscWM4?#*@c`|359nVsKw@r3kqf241zoL;MQ%v*W-iL{!$$lbHt z=hw}f|M$S}iIbLmzdp%H(O3KY46(w}7SCe_lJS~9&))y9`|pi*{h3{*s|#)Uw=Z6- zD<7f$?wlEySH{&l(>N;F-vIv}AYrKd*CJ7RUw<*uoBKD?5XtE~~1|NDXcqLbS9#H5b2H-%hFFI=_a zuY1A#!#4JhfBon3KiAyt4$O(%{HF9OoBQj`s};vHuAQ0ZDxe+4S62Mskjt-@-Etb; zQ(U%6smI^+`+w-@w3;~8V;NhHoqlRj|AFE7w!IDW&+b+H^x91)sPc=2@^U_-4Jo39 z5xZBlMVN_s8t?cdcWSZv`ZZ2*%Qs~-x*Qkv+w;LU%1?CqZh?K@On)o7mEM~Etn{xW zPmtG=$Ex$E+doat4U(D6gN-FAQ9`dM~@x>A#m0DU(%t{Jp>^tYQ`PPk; zmd=p!lA1~H^KKn-xBF+U3~le0B3i6)M^53Kub&!4Y-(|qk~fyo6aN=h1{oiGJGSp*Y5XzzoXgpwD{)A-+Zr@8tsbn?hD+$siUFa?R;0(q$P<^@ zJubw*abU1~^yOvQ+yfHLuYb$be3R6Zv+kOHHg2n2f+DL`-_5NL6GKGyF1+;GP3O{4 z=V;DVr7e4QEsMLxp|zwq&A#^Y^@X>RCiWP?$(8Y~GWX`y%YjAJN$k(#^a4j(y4c{shuGn9p;)oF^#Y;j^jbY9AH1wgp@ll28=r z4cd@7(dDwiJR!4xZW*s1?S8rPxh6y9alZ+EVN7G_)^ zm)d7E=|xTSkZAVP+SOa3;@+^*$HARHgR^g;MRvpYx@>H{hj+i%Zi>3` zm3Ot$hNv=k%@7G8e%|88Yqx(`UjKP|&DZj}{_l4;O|uSPyUB7ENA*3ohQ^*LUw$_| z6x3_dg%)-=WpFxA(^4!?Wi<{?qukV&@%c>x=nEl&0zz zeSER{&W3M!k2X|=u0Fujc#)C$bbk7yLy9F4Y;TgLPCvVF>%Mnf2X$-xyUbH`S{+;` zmZpinJh2SaSoCVRpEPB;TI9Z>nX2hqtGb_?D-B)15(e4Wr0WK(cnR$}Rdb=^6qpNVo_Totlvj%{gMr138u!>PL@7c(=Zvgp6J zJW>DaZ+#~JjFOx^@)@pce`8zFGCM!YdtZdh{P`QQVvhftWu~x6vU<_R zEUz9{C3oYKA7$-p=Iq;-_ly14jUAcB`#w#ukWSn*Z(@7sgPcuc>KD` zYxy!C7Nr%pT{-T1c5HmIuD_;Zt-sAlZvB0yY`@=Wntbx+i^XY|H!EJ6<>apSGIvYR z+njLqgCUaV3p*ZnMAq(|V_7(FsrlDW_jX_Zy!O5AsoL**g&+Prd*|7=4i!d^wSk2` zHSctcpX)z4|L@)UpWEaAh3_eOU@-sxhu<$hZn~y$Ym3?!ZT4R?PyL#syOe*&>$F8{ zP3!cI-?Xi^`1q+?XYXgZrmUxDjSqYMs>_}%{HE?rV0PMfwG%eEGJb6rAK!jCcl#u# zbit*MR=caTIB2`Bi%7Y4$=Y)J@4zJ`A3s;h{ducDSzGL)*WSG`i-P~0(B}02`!&As zec&b{ZoR_@XCxSNOF?|*kNUUl3=W^(J> z!rIFFig~+V^R>+1dSqkN%yq((FWaXGZsT7arn|ZHx81$(2fyFgf0?m&Ri1H_dia4B zLAKX6cW-%kta^6kW%rMnJm%};j(M+tr?QScdS}k@)NE|^_QYapTqp{lXv_tQMt-*u6**gt$j?7qVCG=zc!7> zO>u?5MC~LQbHxKfsmtQEUhb&*5WN3D`M&Q@`VAbnKh~bbt)S5BvC7eKndWIfkL}Mt zuhjo*_5aHYHNW{bm*1?+`{KpzkWwpieX;6%wwY%ih;RB*Qfg>q=~|vIp01t~|8DK- za3dSDgWCH0n*?~p6>h40Q&K$4YiZ)>Q1Xf8r_;px@8>K=_fqbyXK6KD zcWvj~+&p`sa(mFH*`S7jCS%=eLrc59*Sk`RDy4SCEe~9hyTRe}tssMBo@E!CEiDfo zy__ESmEri;6_N*MTv`*molBQzrqe;MZ$8~yq}EKo+$p?#=i6wgM^nwf`!BttG~=Sf{Zks0lgIq`u{xVmxG?wK0l z6AoN?qT=KwbNy*;`Mp!-`~KFp6l7FnZr9l}`R;{l!ZKGbDl1zYdN_Ihf2R1K-~ad7 z|Npl*$GT2N*Y)$BcX9istn}ioFS4mU6dV5M`ZuQj`PQG?jtK63_c}wmy5!}VOg@{> zCV6Jxm-)Ss-smCx{F_1H!z|PkN{pRzTc`wtZ zIBB;EG<~|ET9$vOq2Q9tV{jjV^Mh$aa(kb_4g1ZKD;GC${FGX5eYSDaU-`8i%e-D_ zJh>Fo+1Jx=)b=oI?##cnKX&r$5W0Te=vK&`juzLv|Vpr#;z^7p~!rSbHz2nC;i|b5H-gG*(cV|8ws7;zws#^?LgjKkC?#!@1_d zG>&eKh7D<}4|raUY5%(I|=YmI8wwuK-neJd(tGuXcZmhK2wziIyELKOiR9}7Y zv`D7rUF5Oz^SxK^2lWOg3O&eX-u(ObjQt6A8QQ64U#)t7L?3?o?$Fzu8(}IX5`tH? z7c7igJMnbI1B;$3%-8O1?3-y^bu!I(ho84pM(RPK#s>!$3ZI#6e*4&a6W?u7Ejg#V zt#>?+{ch6l#By~>xcKa=+6OA~PIKOD=o8(V)jGXQ_SwAeckcHXXStZ){Fm5#LM15X z@~cd-padhy6BS`yvaEBgYUf%0-E2|#i^u%T>*YbK3qD@S>f&B z26y(P*xj%FQE0vG>>TA}|6mT6Z4J}-4oyB1<=Y)6bj-k_UQWGF?r?E&%@=XIBmcK2 z8Z$Mo3cr|mMd_eK$=a5J%^c_5r7zq{c%&`ccmMy#{!d3H&(;iYzOKGM*JVzQn6m8a zX}YW}rBX&ki<1HZS7+UuP+4s^|HmWoij>QrryNtu-6|2VQEl>h)9O>V^|zUx5jwK* z;AFk88ZH^Ty^M<8bLWFV?!(*pXWmKg zJy!j_;L+2!6+i!k7Va=T_FzY()?#%D%Swjhr~ggZXr2GWkfWtTGNw>GDD9(>-SYCc zPoA6$zhA+;LB#%QcR*NYAt?XU3-#L6i5WYzpg z=HK*n>fbA?8DB`muJx5x7d$?rN^;`+96viB5tHLfCf>E&kYPCUoKicVtn2ZrU4L%I zl6Yt|0Gyg9|tyc6Qa%ocpy66CY007E8Ysp623go1nv~#&tnlZ-M^2#St$a z*#BF;|G;e9>Gr>Fna@}g7P&J^Qn-{TOlb}wjz$Yo=`SS@$HqbnoF!F9a+!Xa9osy2K7Uou~? z*Z;fCzKOS<{Fr^K8{Dtg3}X7D{P4?7#b;m7=Lq`Dj{f}XBY$t_Ji`|XDr>@p52qdO zk+dx-FDb~{bcS7iNB_fznpV}^9_Kgz&Y2*6Q=zG8;zREcZU(v!>VhnmOl%4wL)J_Z8*7-i#zQ8jheNm*DorJ-O?qnEbydn zpW}`NN+y$v1dK1(Pi9v44?dAHW7eEU(@eE@Rur}@ZtvUTvAr?Lol%ozU$XCtn(I$( z%kQ3(|Ephr^2ySVW|P-FaXB5_(WhkedU4N|wywLRWv_{@*S`Pr8=KAjr~k_D zAKa|}hAFw@wWyDX?|iXvb-}*w*SkF!)p#<@m}j@Ja34Hh^Q774;}^42PftzV^!%GG zmt({_1*4s5^;>6umj3pj?BIg1xp8~*-yAReaWnp}PQUH;-d8D{!bfGStEX-C7K=BW zoByYG^49|sGm;CI_`Gxf{duYRnbfq62fmxzcrMo5tGIN3PU^Cy1^!h{OE13gPF_)* zUO4g3!|?wz%J;qB`{(%j`pN(9=_Mt6dbIM3X1T4>&gJEP%IWquRqjYM&p%yQayzW8 zPiEh$%EP)z4~3_+Nm~8k>YKguRcJz^%WEs<(|JcvpFdD2>*hE2$%SX>Z!1h}go5_u ziqGGZGmX2Qzwpme@sFEU8Y#GTiD(8f)$l4#FMRoO>qRRy9zmyn2YxQhc&zKVv*#k4 zvgk2Eoj9ZUN$KoX(-ZGn=N&3^w2+*mBDcaZLioFunz!nvojM-NkJin0x$)u9x!OB* zx2;;{Z~VK$O=0OAyGGw{cc(mbGgRxlS^q@E{QeH9m+7yG+$FVs z_DLt1{&ScttzsmUV;>R);H95Z&tQ>T*@P!{XUF_IJ;Zu3i7( zBERi{@AGe@b*>3JGS#ctNvDTxsX?Nw`fO&!j>)fddOO=UO}vR zv5zmYh^h3Sj>L~Q;`&8?XE>4!$&>)6=Jl?-b|ZaVcfrj{>! z#GyYq@&06g14EOR*Gr48Z~wk)^4FdldkdKZCH7Ssrhsd7CDjA=d~9s&8e-NtD*h>) z8!BQSWh+-7NLVyuL(s8_Vc%Bu9{6h9@>9oLFUsSZhmoZG2EToaB<+)ZXZ1Af-OXS4 zc$Mljo^8*$RG;~t-@9dY_5ITPq**G4R!0hF{gF_XDfp|l@vy|BBFWCQ_xBd>dHk*1 zN4>;vlJK1$)3&TzDijs;AV+SIz~Z$+HAzKH@7DRfi`d_%tbRUVUC4#PBcD>a4HAz$ zxuC(YZ-b#C!@3PBwzns$zph*pzq#kJy5Cko`|O)4EeC!2lxxq26)xK0X=6Cyq{S7r z<1_5*8#<%TIMmDEHU4c;^+bljYQ>@~UCC_*Y)wXo&OY3w=kjsO$(`$b83Se*c8h9H zE6BL7m^HQQ@9xa2@zuSp7k2~+gr1t6j#-RZq;8VsW5PcJRIo8hzT&!7B1TKzV= zTdTIZiMa3R^QhZC_3`bBT>HtciJs;`+ib4$lsx5n!d)45X7<@-&$s)jGp}{dJEj*o zwSh@8IY46J1gm2{K8yV3vxt5^&~A4m{Qu$kmoDD)RC{b(^GxIOZ>vko?|yY_n!I9B z?d*98kN)hOue0jJ4U6ry{&okS995J#Uwyh`o&cZLnxcmXxNofZwOv6>bCq%OK`*Oc zVhR^Rjvc@G`G?z*>8E1vpX>IEvpat>JpS36dwcU^UOR&F`VtS$57Mn0yTwnW=Pp~a z;;K%&!Geiv?Yt8WGI%`K&%SuY`|*w_#jU0HrV4FgX7``>6tojleX`+83(wZ+W}lU{ zx8AFMVWAzalO=db%wDBOxlGpX?5^8+xf9oEO#GsDbBmjY%QlX}hK}S8(N%Fr1G|FN z&uz?l8`ZOc&CjgbJTW*ZAx8e;(}{sS=^}?zBsbTw39M+j(A(E{`R?VDvqZZsE1sxq zUlV!i-(PowsKWPi%|E|+CVoN7rA2UEw)(Zc=R((%jehFPm{EFq`o}-hrVE_f@@`4n zCv!f-sa$pY8n_Nki#C-y-neF+V4T#mbzjXteR&rC^8ow%=ewiJOw=FmGHDA~rRi-J zn6cXVC*PuFCO5xjuYMI$yzxP^e2u<;{@q?qrV@$xM4wd8jT_z6GJFD@MRrBa*}5@a z)JeuWw^{uFm!xxS}$`O?C@ zI>OJt85cfGN$N;l_wB-?s;0)N<%@d{oKCacm8&hzC+Cy8KL7gnS&s##c)bCQ?aY}0 z?w|)T)vR3@vTnlJ=Z?}LA}VipzUAB9dudi)-P+QYS+ktD=FTvb-qQA1T+g5+v&qu< zw?f|wA)(`)x!>kzoXp8pTeHx_&NJNIy<22!%^HiMS2o4Z&Zx79L3!mx5UQ-Fz?OW?8^`TfIX3vg3m)mv;ng`D&Z8@OPZgA<1 zeZh=(=lHfvu_?Hp%M&k?SWzV8?jd%5{_z(VG##BV)lAOZw(6XddY`O2eo<_;Jv0uKQSK(pilefF{=^fLdEY`(2I-<8!LK7K} zIX*C1{fe!ir_HPL!xKZFH7{PgdgTBAPyMs&_P;%kwVgA(F*&Sp{qD-0*D7|}9N)hG z#Le3355@Lv*~QiNgpvr3CXA5#_E^UKERyiu($EYhC0 zwdcHc(WIah`ay2zkfo+wOEhpSfqoRlwD>SW%(l1{q$J>tlN zF6+WQOzYkk{+n^(b_;ARz=68H+>35(kE`uiGR!I9r^rc3%`vksA6EM zdHZm){r|eGL>I-`64Nr~iX{1No?aA{zi#Onm!+?^URoJFQ079oM^9kb91%*>g#u1c3V!HIc=hfz)YV>-m_&Q1)9R< zNK2&`+{=k^kD9EP8-KXt$Q4fxgG*tx!sRKK(+;Qxev4Nu?3Vq}*BmIM$nrWbrm>56 zH=nFBpOTnv)Pa4<>VlUZ{FL*O+_cX7+(!Y^X61t{hTrdOYCC(o%t_{A()4NFl9~of zHB;OdK4s}W=+W$;6x+WcD*bEM(>J%bcK?1KcYfO3b^{BOqSny0w|aP;j;>hHH2>_4 zj#X-cCN5W3*|I6_O#Q3-#hVdkZwRJI$_Y7W`TEQDR!tVkyxF z*XKyzF8+Dpd~JvLcbNrY>lbD}{8D!GNw)4J6CEDeyRj)&*0V!XmZV&K<9IG^$BA2_ z-Zy`p(ra39uS4b7*UeY7r!G^Rp0Rswl)hqAx0#ij)P$*02QN0iSXsEF9-atw_EOcYU!O+KZCPM={3*l(6Zc`Biq_KvfXcGCQpoMLmniK3lrmU7%O>2!X~>^oyyzJzbgD&`0UuJQ}sIM%_>@n(mUD~oP`sA0luk)WBz3c99^vG8R!IrWWvEq|=%}E~e6{pswx)MRFXO`o0S}c!pB4FpGE2G* zBvlozaU>SBF7;~npS#WGKF6k=HnqmPKH7+jx_U5YPuE=-v`**>(<6;#5jqO2XXae& z)n<*26wg)pzBc}N@cCTtRp)xUC-n4ga=GL&%h0{|)b@gyJu&kVlIDEBQ?0JvH-ABX zn!bA9eD{YDe3I!K{T71-qMeeL&cuAS@BFy&S3 zy4LTH&Gzv+k)m;xd6#uJ$MK`*pHKQ0+xU2ghU`O$gPUBrf3&~POZanX=`o%;IU6Te z?d=Nun0@xb?Yx?5^IcAg1{H1(TLeG83=Wv3H2LhO{k31?jaSb|JvryzmzU+SALFB! zYW4PQdcM*9|4oU-Ws%SK`T9Tj@y|5os!@jMzNIP}lg}FLc#~Hm^Z4l|nVM&rZvJz< zsvXytb2J{@@OmR}%hg*`3tM45zUy4`ZtdaC6^fENKEo|_`$QjQ*GCMwo{=#t7cLf< zxnbK9yN<`+X7V;?WV5F|vRb!xmDQw~#=A79uHIs@j%%UmtqdpTTN7OpE!O4>Ke%u) z`A*U8vte1<3nH^bt|f6Q3e1#Q7Up$kI*%4lZkYh`KP&O*WWrJuX8f=YSCrZNGaDCDd%06`kF6#B&)An7RMy|@JD3c z&c|Wj&X zGSC0TYPNTac;})Rt*w4`ic;&8Ki0GttvxnpXR`uJUAp?EjgKFzu-u;5w6$A&LZM2( z&AyeTk3HIRwl#ZIYFR#)H;6aZwKO^QV1Zy^hgGpq;QB|uCI9`o|A*1mvR$-z_e}G} z#SHM@A}j$PdHb$Z8V+U~a8TfBVjzh&LB-~=J` zAX`*={@uK@lNV$zxMCnCUj=XOZjVFJ@Afy=EE8 zYea6Hj$+nXoclg|ibs3$;U6KbGmF{YRGKO`xg@<)5tx^Lx34rv)bHG#U7@#s$hb?W zFbTWq#MUrZ^T};|oOIy)Pn(MSxjj97%Duh+W?HW159hF9*_qUME{UC^-6Qi)PM<;B zyvWTnOf9;@%irfs+?Mud^0AOrCqJsCrQBK|#dmGp+ugjU9zXdM`7Ubj9N*jDgI2Mu zJuQCSFmcX|CP|;YJX%>{QL-kHD+^omb~)bP_)m7vrt_yZg$5jEQM}^S(I@GtzavwK z@pWsO!BrupaE6yE%Yv9L@0)P(Pi=3fQuIu*Niq5Ivdn+y$jdDZTO|?~{J z^@IZ_4|N^mXg1_Ju8|@mG}o$crO%{~wg2Am*H2gFel}55kemJYCH0424>kw}3AHO) z%hz#ywaPo%JMUq)J700i>uK`)(toTH_HPVQ+&t}`-?qiVOOxW3%RkKG(Y<8Ivu=-c zbNBqSMW3!tx7?dvK8w9tcK`H4QN4Hj?V1eLV&8zq`n#qu#Q(k!v`FgQ3C@R^UlvFu zuCbhQ@yJyzHI7NImZ&Owu&Ym273n(Z#d`eg#Pb#3@@t&S{l%9Cv9iQinYRQopGMmuZvC0?0bGmq=r8|x#z=4&g@a;|h#*}Jw+wLB{M5Xa(N)}o9Q8O;S3 zE@z)t=ab&-GNJEn?$mXE>ywSrgwiwLe7_YNQYv!sX6TX$XN}Cv5<6E3o|zG-GX3+1 z8g|XZZ*w9u6b<^EmrYQOe{0>DQAJgoJuFx!gG7A^dnHL+v}B zs-m7XQ)-@a&wrNwZZC6rmP)Nqoc`yswI7Qt&&l36zEM2B!nf#JLGQhvFAlpT{!rfO z79aXay8TJ@bEE8wQ6Vx4Ej8Kw>Rc~h&38U;Q*Fbr+swu%Wc~6>H(vMsk1{=aQG8p` z#~T;r*ML{}fR_93OIt9dl*>%&roq9iC-)_U!V_H$EITh`&DwM>q2M#C+1?H9v#+gF z>fxOk!>76CXYj&+1g#aqt%BD4GK;s@vpI3a-70OEeSO`6xV7q=t}TgE8Dm1>qztFBl@TO*C^7PwZj^o+v|4&(hH3r+enTSKN~J z@qkaCyydyw_bR3R_iUNn{M-LV(sHpCStsM{mKOFng)W=5?!4N>7Hf$|QKHR?hlW6rFZ3lC16v?FM% zTcp#5SKoGXWC@D9yR8ggp5qhT#NetJe&DO|wCPgSv3FwjO+0?2XPw_M{ocu+jdkL; z31mK4*z3Q|Xc=qD=gMVjYWk-o^X4x#j*V4_V!WcZQ>?G^!gRM2*G^6GpZ`Eu{;$IK zJDcatD^RMHinHHbzU1+y>c@+x96vT;-R(6Wq}G1?ROz?pmr?rncRR~gPd~ZWcE=;V znDe{U`T`Xk+IiMR^gk|tRHb+LcpqrIV5Q}y(r^C?WBNbcQ2l22^N0Oyf7nD(&DjGJ zn>6|i3wv@R9L#-Z@i<97iaP5RGuwDhOHPI5oS13i-`_l6ruun8-=WETZV}~={zcYK zITiX%-s0G+Q18j}4<6+{{N?L;g|LeyO-U@z&+!=+KjYc7GiJ5ZY=KfuRVS|{(>MM- z#mf}EKB@I$*TjuNo728VD6KYK7L!${;eCDclxw9q_g9&9{+=@RyjjW?rI*@fZpmAY z2{Il3Jkxml{Ds_$Ra%o;rdZg{eGwxzweZC}>+U}Z_Ip1+zqm0)P_}!TQS#ljXCmv> zSHIiWyYHy>i#UV%Q(xyjT6&i~dg{qz5wj&?b6vP@_9RXIa*~Vj()lRW?FKV8oZGdu z`{lbA5A^qKZ2Y*U@ ze`ee4Pv+;F^y-JjF%6zB10KOXf3@kkOVn@HrhJlcU(~8F{e1Ac>w?D&>c25ul9+dI z-{i^Z=WnbsXR@E~-maLq_Efex6Sq(E3iBo3-%h&t58v zwpJ>KvtY&y6UM>>-*pCa_J=ImzB*y<($F40WsbEkr+g?r;_=~gS$&{nVu;dbwUzHy zy<~o}OTs-VW`^PBeuw5R(?i7p`}lw6ZOYDD^n6?SrSkK;HSg7^%f65BPy6TeXC|}7 z-n}R8#c>sjH%@0f{xsSCyP{mxx1%aeCy!~HrapJ{7VA--AfXc0rB^Hd@~6bhqRX3D zV`StMxt!{L9)AC9e_i$DSoH%NBljOunBsIyaG6!#N`K$iXFsvd_+-$MDyA2GV%=f& z8#`XA8ni74a_jF;3h6i@KFLC5d8noDv6EMpP58;DU3>0{0>>0YkX}Hl3lvQ?2NpG!!AC(Ch_m` zS-P(*^o(8y&6=~tEh(lhx%-Li-2izGZyA@{|9jn%k|!hxzFTr*<=(-Rfd1 z^<+=|Mc)+b=L#*$YF-Le%h&6y6^Y}2FTJ+VSW<7U-O+{5=N&zp77SY__D@skz&`h_ zQMpr0Zl{M!tmRbqo{?p$IZ3U}-DyFrym|bSI~QE7j3n98&M8bk8Nkat<>FbHn;$o7 zhOLk466AB^SoKtB?oXRSk%c99o*l|ry>5Bm{M3t+TpJYlUgiGXaI&>Pw&ii6)TPL! z23A=@>pMF&H_hz%n=hjjnsRo5k5kPb8Kud`T^OCNM*rS6D>|ArkFQa28k7Cwhn12> zvX;+uW;AQ0oc#9f!bSTA>teBgZ&)pi+1IGtIIFNE|9Ftf&O=NodfC1^mK?Tzx2IYB zyNp7}Eun(s(qm0G!U7jp1uZO_H8EHy*Y=PM`(uy1m|YFwWp7e{PIA>)eDL#)`X@YG zx4pBIvX`iCabhW5;hWIo_;Ojjq}rNAt5w5vXZC-v*_LZLcDfbo0Ubb&gWaT}iKR>9XvYbaeZ@V>cfPwp?oo zjb7P1_0glFfzQs*y=ym>jm7BkO;_IQiXmJJc~3t(o9vd(Zr8Sa`}++ykDRT#-3&wT6C|CXCaeyaABiuVi=F-U%Bt#MAm;pjutbh{MaBQb1Y zcY6CwtmWZFuG}-`Xat@RUsk^$$)fU;NcVI-mbDi)W`)+Z9*}4*$^E~MWAdu?h8(hH zQ*TfHx*;?%V591_tz2hw)XmdZ_JwgQT`pL+&^K5q=X?78GMo8M;p{(?)Q`^G`=n}D zVN5imNS}FcjG~HL*S4cAE^)aVLPJ!3I`Ny|-P1Sy+Z%tG?US#Yvb9UdMm^G>T-&iM zahij*UXW9My!mszzJlMn*+0Gs>wn0WuhWnJ|Lt+c+Q6uVO&coXGFmy6d{QQyG?Z}A zXzg&$i!hkJ@uX1s-D>uJ+uvMVIVwRrQ_i3Nd~35DV}Mb9(y|2&-j@~Wtj(%dh9w=5QYylL{}^?Q7_-8i|ih_w!UW5x_9KZWK#Nr-e=q2of9`wt^wWj^4%qqa*(9q! z-(TDqJVK>holxpv~_ISzk_C9;_L8JKBE=hT5<>}{r=U-u5?$2vzQOzKH?1-c8$&aQA zDpAehFSgvjZ1&FG{p0`h_hz@BF1%WPZ+`Krs=dGWd57;#&7Ibod(+75Sc7=jWP=Yz z&K!xKQmQB0a7NzqNjs_X(6h})%*azgv0HeOfC48^f`M7wM$-@z53OhRqO2T-~aUY+7B&;%R6PJI-L}nb3rIM zRMRQp>eTF((Cn)l!n?E|?1ZUi_Qn&t zXRJ7K?TWtYVe9)p&ED0QupjeyeZtwLX{y^4-Nf=Kwg#6&{B&g57qd87Em2()XLabE zv%BZk?Hj6&2FfzxvG%ai@sB2vMHnQ%Q{at7Mqd(sLnAMnY z|1kfjOTzueAOGkHt<*O5*4$vbt$B66%H2y%VXumI%Kg2aaH~&f7+1GD3ohkJ2?38C|cy#gY`J&@*w?EpE7yIJn zlOvj8y7G%-bS__;)GN~F8_SWsEo9m5{pZt6LrMjAnjCXfxg@x8tL=U#)`?epYp-9q zDXHbS#A8jbZ&Vvs@VVxT+j_(lc*Hw>x@X1qaVqhe2^p(C2FDyu!^nKrJzJEWp`5#YT-O}h3&V1pLP)6#k6Z10G_$~e^EBi_{euaUJ z*_nT}?wo%nT;N|2jPIsDp>j=)85hG`Hjx_o`=^zA8c*$sRlTt}Y9=ijJ0ik#}71!v*2nYuSsAG+my_ z!?a?W*NX%3e_G3A{&a=jFF)J@8N2P@DZzce%8pC_*z%qCf^nU$ z)`tmwhu{6)-xYr1_|nbmx4rM&w)D;MGMmFUo!K7;eUmUuI?}=UVYTp0pGie4I|8*H zl}}p}`uut3w^eJqT{sVZJo$M^FlP_r`d1gP-i%dW`7(q_#xvrp<}|I6k}Z!_CJ8PS zJahKkrEAwbcSfmB_KMiO@I?By5S_$JnVWKRC7wQBkri@GMse=eBi1X-KCUq+IxV_@ zcb?&rsA%1b!3xTIm1DO>9&pi0>?~Nzaz5bw?03ZMAO zWb{%FEQ-_0Q`#i+)sHzyqGw9V?OPEWvsC--KG#fP+?H(MmQa&wzqs^p^Y(4|niKuF zSa`mDE&TK)^4`B+vnw9$tS$M@_u*Hr`G*JQ^Ns~Bu$32V5!`tFYrU(4l2hu*ZQFiJ z#TuRZczN=jO<&pMZtj$hY2>Ua*_dn~Y~@%*!{*hxzyd)EC`5?45T`o#KnvUo~PYkcg@_?$eGJJ><;P7#7NQ zJ*Iv3%R_~-&-~^;Ie9wzx8zutE_%9m;?^GB|Ez0G8_hV(8|7O>yi-k>BvUuS(L_*0H>F^Gtp1*nLSO_k&mJq?0YG<%iOg($DE%xOzF&yZ{%JnRja9etG*~HJ?MvK%= zJ@m?vTpRyY`qgodS*@E@#M2sl=lWfp&vp8cl+@t`vD3HjdFuP;YWly<+j+ahTAB@+ zba@YP_$+N%S@rGisa=fM`wn_~Z1K5p^VXq_!ISTNTQ+;=|A+ZSIgdmhA8!8h^8O#; zsYR_d5*O~xIyzOzrRl;{mC1UXCYMSJE_n*AYo0LakxyTH+56N5yC)w$?*IAAt$P{ZNeC>ai%sZQF7~qr~5BpbIZJT!au#=o1yby&8V&6#0!{=^Lp1&-SJK}WN{oZ>n-D^%Ok-1O|Z=ifhn zw*N02`0Ym8-BVAEJQ|H=Wi9Z$%DQCD+cP*9Ym24g_qq60cFQ~O-ajbI_7oYIf_S=jtU;mpjEis$+M1nO+@Dz(z zNMWn9+T>+Xry07JMZNa;|LDd~*jfO?AF1Blj#JFm*sh-~6Te|a!H#!d%|E~X|91Nf zi{d_2<>ZXxlj3z*)3Ue(1xvL=mx(>IFfN@}v+lsm&dV})%V!jSw)7MAezH8>a<+cK zlOKV<*mv*zd`)_Ww#d(o|G&teC|h>2q|D@0*HY$73O%dj`#BSz-bmc{?Z)LhC9ieQ zJnMe)Nj2|gm9ExYRrAtWn=U;`PoJ>QU2X0%<;zY+6BV{kSiE#~Q_kj@#diyM^LlQY zG>I_v&YJCBvQ612a#F0VMsmQhIQiVUxgAFqrH0quk}-E&VS4h!=E#H>S^3Vt6<03l z7HM)XfAi>W`Ta)6sD*2$iS5afTPw0KTxsH~j&r*eC;AELi3BV>HOX@VrkDa-oHM0{`|ze*W0dnF5LFmSZz_x zF}@&HLCLZU61%LUS62OVjnKQ zfzz(CZCjq~e7n2i!NcR0#W_tYKO3vuj=HfaRd}^~`;M%mMtS$P^i7*4R`<96|D^f< zx6Xe&x&9x&PV}ahr`pptRXsJb`!e}|>-V$gC+0;r2`EVgUpcd?lVj1@b=;XJwrvYo z`Ag)K>$aSz^Yd$8y|4J4Yd+a4dz0GPBeOJV-iAktQ=Z*;`1s4${s(P} zOD^^Hgq#h({$kmsWcJQ&g>9`edCR8in&+mz|CrpfgKufg#CaPT=cGJJ{S(RHcj+j< ziEd}hStoCHMU_j15qnE!Tz>xCV&jD5yt;Yo*5yr@6ymLYFotjK0c{b_En9Ear6oE` zyqspz`jaV^Ikx+J{x$p`_rgqz^(Z`$HEi+)D>eZ)7kK4CBlU!5N5+<;!ZNk(>r*$q&8X>0wzB*_|-Z1E=fso!IyOam%b0mR7~N=YqcMIeKKpPvNisF4T8(Twk_Pvs>q3t^6-R zx!e1=Ctb^XdeD9TBVYMHmUiDd_p9BW^izL#J95WA$6I?7E8M4`9v6hgz^QC*& zyp$e3c*>;{y|2aTXmVW|-%_4UA+25Qe#->RayaFD{O6x5fnbedp-XAW_G?uR(i*#E(zw0X1e=g(Yo{7W_t+C61YBb zV%e;(5_#`mE!e+z?$4Tu8`ts4-TvCdYsS%7GWo=k?9hFCwGx-+FzX0znrX5xUiHi2 zZWg_)YO}9zOd0wP_uh^>9xh+8sZLSiVbSetx@%-#Jy^AG+K)cT$G=b3T|A|J*Y3oD zQ)gFPsJ=S!KHJ7GFXZCfo`1L+CUAPIqy6HqkJ>M3h}PxzEBug?v)jGDOg>Jr{A6`( zt3b|p$^Aj)j9IUWed>}y9VWE{>(lOR zddrrUo~FRTq2(H48MK9$_m;_@^os=_Zg3u(uDe!v<>cV!lCNI(y>Pnn@D)ebQZDV| z$Ca8SbDcH&_LR)o_)u_3$qKF1&69Z99PQ$jX8J@u5@eaSpjA=h{v@%?xBVX$$NA&rOcYOTOGWGxN-8&yd`IS&v1wJ~HYxXv1I82y_e4Xq})C%(-NX?O~?Fe^!286SZr~<>%*>dflWBTEDAP zw*Dq_9E}VX0}OJ(yP(mXlBamXT3Iiv-xj*4s2{H5}kR< z$*6TgUug3*zSGlm9zO79=RCc%Bjfe5l|nNvWY6N4{mRc=CptNP!RFoVbKWl&=CrzX z+cC4mv`1u%ba7gX!bG1&Ba4$PP8=mup2pw2@85CIQ$^zS%SRW}%M^PyGKy#lcDneg z@#ZV~7q^95@y)%-bG7DS)93V8dtXir*;%W{EEY4FgZlq|RL``j znXvKRw;$^yAOCjl*l>%xIeXj0GfR{n?h5~$!Nhj`UW?Bbm*ka^$8_sDPJdzWSY|vi z;JUKPrJ3H*@1(!_sBexmyZiN9mF~5rbH#stYM&CGQ(ptCv9z74)79NtHO?z*OuMl4 zUsPsoa<5^aTKK0cjmmdw?uu<`xWJK?E++B%ZKR8o*t6m#Mwyd3L-u~ZE}`uaIzxX# z-=CP$kYh2y*G-)sv7ege;O??Atv{tH=*oQQ%HLVLB?1#0jD#8$LYk7(&l%pjcj`|J z-(sf=if-Iptwxs`E-;0jiVRw7>Nb1V*5Ka952hCOteXENM9J~wcS9$4(IdTe0XB~#=4~E{QrOT&!?@u-lRNhTlj0UK91ETI-FCR z&gD$|^F}9m@nRoe-)KgC#+TE?^6qTvbDwvsF`iHA=IL4IH?FKyxc$KGlJBH*OFr7j zwE11_M2GBcqJdXi0uMMAC%%tnYB|tbbt|j;>c(|^T->Z}*0&{PWD@>+y9Xpj z_@8>cqAg0g`IFWRg$46k#hJ`!9{M4tmNUm(T6p90OC8U6Zwl_n>uQ`>r>1`1<<*O@ zC2Q7ipZ&k!_v;mB{EnBOmAKEYrxMucUj1LIYTBB8k8=C}z5U1$B5~o`Rp<9Vre)ZK z%dNb0Y=Xzq8~{n6H|?CZ|}?qi`*qn_D_nXRkZBK1455vJ4XSA7`l@xVfZT z+2N`92k)sT4!JLGb#ZU;&F;J~L0{zMo43avD77vL&@i$w^6{0tDRJ;!E&GiRrK^61 zn>2P+o%K>X@3(lW;s@s0rt78%u6=8=eE}!4m$uK+rjMt5XLfaPWQXb(=AQ`;2?@|j zTBSOzr`Irc-Gri;fVK@0jUNsPW$dmn^V2A`eVqISn@`8}oVe5v*76(KU2>^dzDJDReu$DjQstFI7p zcGao4?eBN~HoMhweAB{tKh8-$u5P}_p?>tj)!P&LDt$xdaj8UwOUCSN4av55`xzdW zc2Q!<>!6dmA09Es@3xs{AGo0Oa%{fp%(IK8b{TH~jhhH6s~xz{Z_&w;JJV!p4d24U zY?-UScX{;)$k$NGH)@GbPt{-aP zIQ7v?$t_b-Hc7HD-RIZg6b>w0C9vbzgtEoV7Xme9m_$RQB)#_s2Ccr>(Q-t?Q9$d{ zPNwbmwus*6=d6`q;wIs{@QrIXXLEp5;0eV;3+DY4eX&CKiozBrjo!r~OwRe~;@n4r zj>sy1O3UfrVz4YQ?9P^i-nf`8Pon?)f5v{N=(VrSwhW zEcSM@G$}l!H8G2KsgO$Ux5z719gQhUo^^?A!FsptC1pEvXYNY4`KWa6*E%z=M6Swd z`ts>{RebIdfhNIg7p=OdbSg)mwNsw0)G7A%8fjMlX=^3Yzk9pi+>|NnZ?k{5+=LTb zwi;V+4yfNhUq8b1W7HleuM{KC01a2k+RH92Z|C_OzB5y!=+L$6xsO)PJ^yg3Hiw9k zl|OUs-8~Q9 z`|6g77xntg&AA~pQ^Wn&S@Ca0udik6J~U1^G@;qOZ?fOAz+01Ucx~*s)b($nU5~(= zxw8&^_hJ$4|0}#)Qu2kPi;BDUU6(H#R8M+6v|>7xb=O$jVan=>9^nluD|nS8STa~| zWvo)=*AL<0;hT_`uNr?wd5iAiwLhM!nI^^RU)-v6!piH|s}o5lr^QFV%Y2cWue^Q2 zag)!Nekr+_O}zYT)z(VRub-~JKAgo--K!Jpv@k$retgHK)4onYTZ^wk6~HUCTR`vs$G7><=F8Re9D2jE$dl*vxBq6_a(kBPPF9Rx>1O6P zDSBP>`N!wqA8qL}2J&KYy7k9kaIYnqKukzo&GIo`-USEqp zy7>IQ3mi5aoSfn%8IyN3Dy@licWXA;vCrjTY21DJKdD|xl)!pHidAvKV)2&^_=q^ueDYM(pa23x#aVPe2*;F0Be(Bck zH(jFNgn|||HQbHg%`eI}eIHLGN63TC@4lH|zIVN!t7!(y@eV;{x1Jdc_3Hx`CKW8` zzZ`6Qag(>p-u{FFrN)&Lia&Gr=tgG!>~5O5)ACg4{1mO=?8m9Ui>q&Js#I1GWb>Ol zYsu2Btp`?rx^yJ-*l{-<$%$bZhhId!U%Nr_;DvAUvoGXNu;+1ecZy)^@QTb{a`l_| z^Zp_1xrWznT|Bq*v+;>rix%J8 z9#dVHxa|9*x=r_!N?F~MWZKu7$DLni+wO4nM`7;oMS-zvrT3olyHsVWHknf^uJy1x z-=+K4UH3&Sc~;EbboF)EL|?Uv2mjgw7KU1h?Mlnk$sdX|6{j4UG5vhYfg6^5&Q-sD zzb)jx5VYVT%hF9-mvlYbGwrjfgVx-2=WBaexD_Kd)@ZIwY08P#PJjMP^I7rNyMCa>E->Y#isqf<~fK=O@AHJIzaO%!fX)W5>Imcz0exUq^ zbIk2Gwq!E*_C-4DO;=Y|JsD!86xt?x{!P;9w$-_9<{=_otlqn}B)<9*dFxixYp-cm zLaM6_Ws+6gq$eFpP`a(?9I|MQ$+9<&zJIS=aoOacv3tTKrj~0OK|J5T7XA3K(#rDf z+t*JYEPNdJvZ#5-&7#N4-o*J@?ugr`^CBZVIZsi3s#o{2eQ~on#Z0^B&#HP^zUxyo zOS|;8xbxqhe^XeJcWYXN%eD-qhwDm|y)~R~c@}(mp*fA0zv$PU$QAQd1)@G3eqX^o z|Mx59IkRn&bvv>oZ?4dn$~~WxuI3mJ++);qZ(-dQ!!uL8T0-rGT+9MixoDj>^LWVN z8Sv2{u|rcN_gR>9$WobDPo-CmV!WTCrDLx;htx8yzSCEO8Fr zTA}KDoj9}{MZ+5&@95E&eR|`GO8EMybH=~FCoehT;Ti7F|2!@2^}HFYf;vU^D+d~j z&uQs?|5L)gM`Ug8%{{zqo;^Dsm?`jt$8T+lbyr(aCEDbr`fIc8{_lH!s6z*GJk5$b&0>HukX*w?cX=Ku+4Gmxr2sQ?q&jUE1BYtDaf?j#{buvdZ%e?-mW9t zJnEJnS~Yu{;fAE8x~+Yz8$l!Aph>R%)o*J4x$cUd6f(6-?AJtt&?%Cp#|r)z@2>ou zyWZWsc7mJqvtrk%%`bN~gi8FFGk@;V@&tjN#HwdDZ`bOEc!!3VE{Rxo>H7WX_eEbn7jRmarL4jKO-*RdKJ`r(K$qlE}G2TQ&1|;?o~Oesir- zJ7+X*J69%Gms4%Ka*gkkH(FVI>x(8jZ4T|ZCczsUYx^T^YhHP>K5OLiLbuF+XMOa= zH@jz@QsO@NI&S;S=ln8}Dq*R${nC;Nr_JB)Yb`On_3maN%Vc9?ok*iIPoDf-R_oED zyz}9%YzgT%j~m<-SwABwq4C&k_l z*W`JTm7SYX*J!|#;k%rpdBVJFWgnck<=#7SS^v$}=MfxteA=9@=3kOCZaErta@*W| z^Qlg=FHCcvz3XD=Vy^{hvqd`-B^4t!mGpGJto*Y{Eqq8Jfz^S9< z7bMm<6x__tD|mZ$hv#*+@;(PXgqlBEa?3#N58u1x(`Wscx|1?#=gG@56<-pC z0vX;389k^{tGXPU@9I&Q`CVQaG_sS#^e4($?Y2{Vy7=;Q^Ln*xrEmHqCZr|yZMw$8 z$9LgPa`d{8jQ8)h#I0xJleIcCD^z=t%iJe7@BWV1oTGYmQ~!JRIkv@p{~G@tYmw6a z5cvM<)mdAVIc-)S$hq($%6yH{j4am88!mjvmT0viHqd zp|9rt``69-Cl;qTwiGJ$s(F9m6+C#QOr}x3;Li&d>-qN&GvBZ1N#FMVh<2z(_0{Q? zGM!S4X5IfPKDyr9u5$R>)_DsBQ;bgjso5tdlA+eKtkXc+<;hX)m2HZ1^Q4}(r$if_ z@zuYv_S&ZD4O95`f4FRaYP$SwzXzep6Lp$9jAkimZT_~(?qthtl{DR*d8e!R=FT|q zeN~Irt3uP>#E9$|$MSOX%b$%|T5XPLCvS245xQjM%^1^KH+!oM&efN7e66uTS=K5l zYR38Jf`__FTAyawRx}Chkn}b?@iv8D*E8_c(2aeb2P6m3Xz?4*D2ta;*G7sfyN@7ZN*Xy_=Y-@qepsjY^Bd%7$s{{C-W3 zuRqFFE1B%E*r&SjyzIh^{q5ni#QE@d_Y;=l;eM^vJ&H8yg#-}DFPf0YJ zzI^+7@zw>47f)tzGz@o&ULPX3L2m_o0swe&-45i?Vort@z<}anRDkU1t|9NlpgNOtobSNI!x#BY=4{J?`3LA z>k}@peY(nZ(`C^_Uhxf2Uzys}zmO1W{#NU~rgUvd)OF8alP(JS$=UY?GEUK6V4@Us zX`SyJ2bYv+6OXDXg>n0GIG3M0Z!+n=Q_>bS9Z~VKxo%!dO2i|b&Ysb~aQS+(z@(|p z%`$eC)Bf#qlwoY|lUteI*gmbd_{$SbX$J$gr_~wuYt+BWnm208Zh60WuZFN{mRLx4 z?#wp^DsEOWWJv`ey*bXnVey?`*lF)6Xqp;@N zb_;7;_iQ!qh_9SIn<5Xc(Es-55a^te>9@DvjZhafy|`fK&d6O+(K?-+&T&>%Q&LY) zYizsu)6(kp?Td*WMh2$V$Ge_-7fhDCE#I?X>)zg&g#usiMlsDS6Mpi%Xd>%6M{mi{ z*={N>*)9uSKicb-J>{YV&(2mQ-IpPI7kxc;R{F-?bbF2F36oS$Py29Iy}V(Xhho6K zXGfXYe;m30$5#I5i}xS5s?U4&&iu}y_Y*_dDdi~V@-?I0gS^xKy`;LFJ zzWU6YnJI7~qps&*+V58^p(blev!48jUjIu^;Y`z7^ScN7#J}ruaa}RLe5E)$t8Smu zgD4oH~U-nf8VQQ|NpBuzbWXVL{{}Q59Nn+8!GW=>Zz}v?mgR-(vrAi|MXyWe`Tj;PG+AM%6nGnisYYii{G(ewXV|Tb>2&3 z9J!hWc>SMVSZyYttj*+P4|-mGYOaBlYc#mh|v@4F`dx$R=G;?nj%R#CgF*S`AjRKa5U!adhA ze2pe26`VCIS@N&$D69GwwTb77N{$=*$lY*PDxR4$@!0f@&%SQd4T81#%6re(Jr#^% zYo8c3S%1m}rvOUB_;2>&ov**%uBf=)J?)If*<+^Km3i+OcT zuR`@VX>I<$Wy>~0>+KB}PAz-(w@dWsqLpXH($DS$yf2!apoIEPcme*cs#w* zFYd{ZHHu$1;pCEnhHpOHc8YoV{MYkt9%%M|za@35L{wDtNpbH|MpK>@L9C0Nwf8Bj z`h~=;-LpV%y6&smXKJr1#lN0txi)L!!aA;n3(GSmx6g zl~~=r`>}OqPrjsp@hSDIx6U7UrTgN85vLPpqU$_^=@r|riLFdOnRV+|_`)Xbt74uD zLQizZ@8*9RUlpyQ$+GbM=6AjM%aRiewz+nJx_c6ajQ{cqbE?|Iq0`6PE+k5}EO-%` z`95o{u>3+^3%;MNPDd8LDYLe=UNNOM<%zaVR@~lW3Kw{dGF3Dh!vZDO3yAE|nz>C( zCegu)hyRzlss`KmWfFScuqZc>l! z)vb0J?6W%~49yPhTp1~)bB-&WGuc3GL+bt*j~e};Pch1K#5a0@4t29R;Uw_Lz07La z%<`)?J)K??7-#wfe6fj&z8$%*gtNVG&XVnmMUzdo8oh8ez1{b~*L-i^|KAUUdq1TM zPiv*h=Vf)}jRw;VrYfviX`j6LYU0);V@oFm*-n9oub(y)cD+));C3aS{n!kRWM1j( z>z}?@S-gcu|LNrUd;44OI89z4vFHD}>%t<>A6aMibPH=cXr4VVD|gAJ%-g%`PVQW< zvL-BI#w?c;PgKvdNHbr$$P-&?e8@9)=QfL9KAy0(03I)S()r{byy$zYqQ6mBXrgUc zwm-l0J>+`i`i$=)&42gWd^y7B#51p?;^7a@Z8J}X|krmnrQu-@*mE<(<^#vRD5ah9m4#jas1DKAxMb;xMFcH!>bv;Tif??2sV%f9pXH}g%2UoAF2Pd}+5 zTq;$q=x;i4ZQ$DGumlO&7mvSOnWEZy@#8JCn=AOkTEDW+iRIqACh&*Sk?oRY^Nl7Z z)ZDaa_nVUw!hU_pJYVIC1fM4hdzQTVUGnYgg&a#d$)#Y zDNb!l;#}O6!8cpBCNn~R=F#q5vvh+OhGep^E^3Vx_{!+-KQD2~a{eWE=Lt0}PCsX8 zX5tW@uDd zVWMa(uhj9F-Ep&y?peXA?v%IlWmOR8!6P-Tts&<1zxd<(Y8rD3lD`JXC(CA9J@$Gb zA+9)2Yt5xw+ne@%T&?H*?XpC#kIGEDU9*$V*UUWdUB9yIa@DvvCH`BL(aN8!$yH9AoVSEf#qNqORHGhP4UM9<=PXC&?Z{?z|) zTmHZBwRI7Px*j^({diZtvFN3R`MnQTWp8hvKPjxf=uPhBZ%W^^Ou8jD9@vnwVE$zF z^KL9VIxk3i-`TRM$ixr`dw;+7jL0>)>ecFW^04QU zoSi$TE#P%>{(pcWai`OR-!^|PDA&9?|9{fq_WlPcMiU=xOl@5^*+sm&qlop@!QN#& zAGSva@8YwXxFACBHiOHPkK6(xr!&^BoZ`J@+g7u4eb;1c>YDyF#<~6e{c3T{{xn|p zemV7vm(KB;=Oups$Nbg8A>N-~IQa9G$IJ~Ye`(y`{MdH~M|hO$2d|g6^<6fa#Y&ug z7JAws)O*S9Hn$!BXEw{&SZ#ctmvq{5)waQ}Jct>GbX?UYkCy z+pZ)liD+T&5Bf8|`v25#69a1=Tsb2%FYJe-$N38$&VN?T6ya(%Yn$?V!|MZz@2Vb~ z6|7NzKlyff;ooPyEshDA(=R?LV*OQBJvwgS!WN~}l-2?gcPtq&i-+q6 z7L`o-|8c*a--~L&gC<{fGHf?57w_M`cCqYYk=B@XfwN@xK4WlO={A4$PL79vr~NHC zJ2RItsNn6iUfxG3V%IsOFIspo`pmO+Ul;ML|Non~f4_?3m*rP<df!EM6F z#$IsY(8E7Yjqkph{d;kFzH|2c3mPVENh@1SW>wq&mHhYaz1`t&$LBrxa`3Rt?<;!$ zKHfY3DAZ=&{k_wV%l}jRe&;jay8SPgt#H|xc+up_^}{uK{Q-)Lc0}ym8E9Mg@#q@m z*qEi7VOm@NRM{phT5V^=Q?TXO%39IIYYLY}EL**}x8&3}25Zjg7fnxFnpIBo(K>tf zc3w)-ClfA%pbPgdo?E%{rP~QdjuHu>5F70o&p4KBv7NB$jj67VzE1k~Fh8aVOjWlp zZAqKV;B!VyGIn2+{l4$<98CMy-LtxP|LC!g`+np}Eq)oN#o4TNH(C0njEpPmRqy+k zHP@8heR5BoW3}p?kZCiM&j-z!eXLM;`kXtOqLbccEU&*B7E-}_TPbyo?xi;?gLj;~ zqRK0FC3oVr{DeQZt_y~oDipH-cSvjQKiqeXy<%6uQXQ7!xYqS{KY702skL_MP+J(k z`@#CDo3ie!PxadL{igVjwef#lvkMoCrY~QXk)OSM(rk9!f+fxxEGKicdF53-)MB)z zc0Jv2X&OiRX59s*PhK`X_sB{CyyCU(x?&3qK~_DSM3C`(@Ifb64M}|G?4i z?^l$THZMTh$W#3Mch9s*4GHTesCPb??f>S9recO@(~`y|0zWP?Riy1Zb2q<=*>>+< zGv>QjxU(C+P2<_jUD@XDpwXKt<^1+bXZ}VeaR;l33M+oim~}k=t+SVK*r_c`E=y>x zF`H^|=FEBJ-i5pO%1WNy8`w2`J&?H z(PHw|q#$6`gsjZ1qFn159TGTnKl-Ws3|oF>+C}MG)|;kqTb@W^uy|w1qbKt7*kkLR zufOGf+pWwK-uuPq^=_MLt!=JdiUw9H6Z6tvtXjL^uj|42-p)@<@{A6jIl?G*ZePo6 zk4AwP3(m}J_TT*K*mgyi153{wx|TEXS9ng!zbkgDej0O_S4Li0x&Q1DMOk+J`OlB8 zub&!i|K;)Y-j4h|pYzndzg6X7Y7vnP(@h{$;c2b7kJ% zzhwm}e~-`W_|w&KMZ!JktFxA9|Gar|EdoCCW~G#*u!#Q1NEKMfwlvUh?PIf3Wn8y+ ztZww$dFMl`Xw$lLWkuYTQ{rR4D93NMTlMv{-(1_n>HB`9s-5@y=v;pP+@(GbWU6tHZk9j0;LxN5@fkLSUF)`)E#s4CT&(P$kgLsP zuw&t}2pxT{pqLl)v!9n2w#gotI4Q);dBLnr8kh2}CwzD&ej+XU_1--a2bKM855Fj| z*FJvyb#UgEg^Tx2z4J%Ljq6TdUYlE+McpG7MMc}ccc<9)Uk(nIxILxs3X>qqw)E?Q z7VEkvm^}~<+tZzXV9|+Afdw1A&c9=oQM9!=xA%XI{Hd0&=W}*enX;>&J5qi{V%u}m zFE68aPR(&=_iCLUbHT%-eL>K}HwTwbFyd0m?0vlKy z&aY>#|9G=LFXG#^f9ZM(8v4nm-HXMuFE}1uYaa~qv~$y9Lw5ip{J)YJeYb~#=fYB zxxN4M>HnX<|7`y)m-gt6PUza#?#kI_z862*eEG6DuzKTzA0IhGMB-NHK6G-B3_j1` zFK64xv8v|H_J8K}Ke+$5s{i}REpvPC?8Upkf4uW;uFc;+a?hSUmooENW?0{w&~~;( ziZSZNuRl9Dr{{QcFXWT{6V$bQi>41Yq#YHilC|Hr_}Ck9*)Y%YzDxU)gthkA z918E7{pila=PRC^Q=Gd@XZ41I$BNnKtMGhL6_?r;`GD*0V(kp+4Tln9I=6W^EtvY~ z=i5Un4B*?A%gkis&QPsanil|KaRi_KNe>_nR-WEmYROBQ-N~QEjJ7 z)8Xak3;r(S{rcvBvGx4q$Gc3gIjJe_-uHfTp)g14EU~z00s69Uo}c*GStW14HceOd z;f<4?hgOM4UN-5=&r1ZYCOY>i_4JO~+hcmBiC`k!3&->l`I3-ABjUi0ws{KeXHw=kuheRWG; zx;XjWtlXx8m`R;1sq33oRVz0?_L#!ASg5$#Y0E{M@0Yww(l)D1($tO&0l$~qRVqxr7 zOAoxfL-%?a4^L_Ng=uj*pYK?2>#4S{-(T7;)YLLN>83|`jr(86=ld_FnrwOYRps)# zrCTp8^!$-k*Y2^Qu;GnX-ofjv`vqv<>I0!ug(IMxD^3jrZr8mog#iB z6D~+-R{XobXcZOpLiU9!PmWor`^?0LRxbjI?>^(T+56ej$Lj2*)$5WzovE}DRccZB zuu4WNfz3p zT$h(lczgcs_U(c%FI=}jQL5ekc=s!Qt)HSoq7_?s*DbBi`I)-Wc9XfqbYu2;POMM6 zr=64Hxm0Lb{v%WCsL-WCz0CT|wJv-1Zl6EzW43bR2JNe2Clk*ze-EBD|M1Q$+dL*J zTE{=(0* zDf4aAov4|c4JUd`b<=Ksy^F(LPi@xLp4Q1Kw=bUkaq8(Di_%%S+wYzE=iDAy{WXfM zYIkML@5>h#Mk>Vx?_F1JbNh(q<78zYnfY7lSO5OS#o_cjuXZEPdsnYz;)0L4=X1AB z>n;BG#$;iT&5sj@Yd-9K|8Sl4dk2rsi(OeO4;*xE|JaqyFPX z^ZSL;|6lXloeGz$p3q)yb5{NTNBJKI+Ut9^|Nmf{vop;Wbo_pDb)_j=uENDxsee{I zjVXUFz4K@Ly`#^}_cPwS+LzCBn}5H{^%DvVw#>DEE*-C%Y`*_{yJza=ma7cP8(TKs zi;2D78Rt@yUC6XJw|~9xO}U?r9xIqi*7jS>?C@I1%Xae4AsP0*`3Z+#h0btkTHxoJ z8)iMxZ{cb=?Xb0vUVIGZPJuW)jkSl3daL!u(980(DA&g;C~t1NtIQ%0z(1!vC` ziOkK1kF7ZNbG2Y~VDRH>rAl)=ta^ifsHIe~|GcE^pSW$uU8J0$iv z?U2l_R#_weed*o($4W1snQwXQ(35{Fj)%w3xnarKbV(;z-?n>7rgXucDK@f=fuU^S z@$O2uo39-do&M0|*n?$3PtMIt{ePJMVO&~}ql*Gs4A>U) zsF}3nomF_QWdBESXVvA~_YbDq|MX;QXM6GH-IF_Kc;su|+y1$C{QsP_*Ygx7pH1>{ z+19e+w(v}i-MiCHYP9#yPkMW7>({>=$rr4)Jf1pfmTBaM1^Y24) z&Da0;j&FRdKEuY`b*YrXR>jW5qmu;1iayVoW8)Wgsn+dD+HB@I2Br@h zG(9;4COIguI0>B)=ixjmz`N9Uf-eQlckaUB4^u{o5@wZ~p$Bd|or0 zH6}IreAT?do!{qFFPmfhJob0&`=~Q<+oq(H=Kh#B!NdKb%f>x6&$2PW^vREy|0y9`T?Enc~C z-n+x?Z{G)rp2^Eh%*dE=?ONG~+Bq&=zPtGgUf#NV`0jSGtBz*<(%woc9M&woAB!G3 zo-k@QNvv0MDmLGu`u4cPs)ZBT<>JmiIbsodwRFzb9L}vDe@k?~Tdi-&q4@E0<}9&! z?xo4bjpnt7cF%J1+Ox<1{I*h&;$3Gyp4?RQnCE@{l(w6vSFTyVRr0-hR|{9;HO7;x zxT3`7o_^@N|48S~qb5z_Je+(?b6lEazu!H*$N2oBb$glZr&}k^jZjpLQ*%DvHF-w) zv6&@n1Xi-k12vSpnJ7qcL~_be|zE-`T4*RmflcNRpTWAYB@be3S(Xgak5oab-%lG zvZCkJE3aSd>?fap@(@{>QuHif-NiEDYbx3k8cX^0<}cN~WhvS6nxQFTQ&ac4U0uK5 zMIUDspLcrw`{?tBesWvnpUv9$BXz^>3Z%VK@X0|h8Q(Y5mJBHB*c+<;_0P3f4XPCeDPvQ_Upb!o99ko z;eN2_bJ*vd`f=wA^5ygEKi{r+EWQ5m{(rxJ=hW0_3ky#U30tya%^C*xiQ-MWFh zw=Yi3c&Adh?EE>;?%RFLY-?-hoWsJ{b!%GLxyq+gd#da@U3v}#uCaOjrRaCg7RIMu zJ?~{#Pnu`xoXsP2;_2r^_s~hFpYJIDTqbvOkF0Rn;;qX$O;Y~KY`<5^Kh<#htyNhv zD<#YsCC_g@&;NImpp@{BkZU2z22YG4Q&LSoPuE?zJ^zB<42iRf=RX`cAhORq_}se9 znF2z|DTU#s4_cG&re1n}fp?F^Go82jpLQR-~ZvluF{e% z=8LzaJwN#FQQgmFDn2pW-wFPEVS4@J+4p}K{H4>*&U6m0X8*d@_ll``(EU4S)_hYF zJCmtCwd3MlbC>TA6fVzmPvCKk;OY1GDSBLABWrK+`I3iUU-0e|EyYsgoah93-8%#>&xi*{0)V6?u8N&)c`(J$vJX z1YgtUX=l3Lt5a-v zGKx+u9D+(rH90!57fw3F^S}Q$d3(^^0REjNk~euyEH_>evF8g*?v3&tvoD9u?J=A6 zwLd4}=AE0DAZrU%WvSv!A! ziRSMrHUTCz_qLbTH8YCO$98{AaK7J1IImdr?3vUqT6k+G;$`7?+dh^cf=kMm0X+L+=TjJb}*0~29 z(u!s|sO~5}z3$Q>=O5Fq@6@>@cvL=mvT>{#n@(4^rP=MM1)?tw2o(3tJ-oBj>2lD_ zNArGPZ@l*7r%y?Et>(mdMb1AuE8BjWoQ-yTknUIWMvzT0`OCWs34Pxpp zxc!kKZe788+lkNp1%5=ny7fHp^1eTnoxN3?ey?OcyDYl?>z<=Zl{;ll>sQU3n)v*) zAZMQdIDIhMiMP{5Gw026O0+(>G@WzHgqVVFk~UikjgN|zHx@kK2Wu3$W61S|ZB%~y^ zJ-*nOcJfqc&h1YuGjpc(-Y%bD%oZAZa_RNGGxz^IqyF>6{@N~=JFc3Zp}C@$0zHHm zY?RH?wwNX%7{{)7;`ycuDKpzY95?s$8wzAJ^QCw8n%()fd45ul;#98-micyT->#LB zl6lyqt*3dKN7wqkl>$fV+5Oo&F0`Eg{AWSMovBkr7l@pl`!?ox7x&Ju=SoZD-#rcI zw>flmwg1slS(${aEU9Fk+^?liE=#^{Rb%n!4C0b)IQKkqW0K_louB<2E*h5e{pOcx zso_)PdHGUjD{pDe{o)JfYQ%kaI{dawIm4@ZwMF*zrW=cees6t0so+>mQqinmZI9h$ zcIp=I{5g-^fFsRx`-ZH%;F9#(l?O5ex~{1{f4obzexLBSPsbMAkq~CS+apsWbKKWv zX@qhz&!x`Ea<(TP>|1->{9Kh^zoWv3jOa4GQ)_2r`h9QOdB#j^W&U-)U2-x1_Z(5m zyssV^eEQ`29X693-8(>urGr79e{u8QJuknm-}L`+<%<%vClen2S#4$<_UCt7TSit6 z)8d&D(vKhJ?vC7;pl3B(_mr#e3h#NRo^%|YqvR=|_QpdiIz&~NvuLM{b2D?tfmw-` zeTSRQMZUSUTikxS`uy{)b5n!m_H%JeDOz)Ul1NxvR6&~9qAAzCGa^FfUG7dicPiK- z`D_;7_wvW7o6o$8Iyt}(&>6s@H z!V;aFdz4>KNDn!(WxJ`7(cFWkO}B2j^<4b(qrU#!9aZj~k0&1A`DWMl4;R_iLSfWwmAG?RM(F` zb#S5JE`GTsYm3d;fB!mASg=Ip!mQ?GNw?aA3olN*(5(Ar%J0gSkfSr6C5Z(6e8*iK zeSxWG$^zEf$B)mvw5i*3v2JooMa`Uf_wr`VmbzKJzpz1Y?`SdrU|ZqTv&F~IT zkTGv+&)XuYl>+OyPH!(_N?v+HJoZ=7ww&AN{{MM#{LYW7`GxmuUq|jQ6u$oNDf`Vm z+19ho@}Et!e)s6WJ-re$Z`W8`H_kTp->1%OV9>WeEbwaPqU3KmzmBON^4ppCH+H|` zJF61@-lB)9;+vj*(sr=gc34}r`kSnRLE9X&9^Re^A(o|~q|=6zOF&;Q%>ZDOA2TJLL0 zsn_}%=LFcL^{#K@dy`VM;q}Y%{9Z?o=`~d|_Qm!$bj>d?Piu7f9T_Dy*KN%vR@o=< zGd6nU&DprmZri!JXyu#}yjJk!vGI+{^w=%aTx=L`J@EHW+Sxd_ z^2$z|OQolu$(lxQdz8FO`&0X32>GL<;5mVeZFY|A-$^V3b8oh4Pv(hT1G<5JA|w?0HwX_@QCue?l) zLo%9R#Xb+5bm3e_exr{Y&FNAJXrqUY)u8^Uwc3)VRgZr5nwD zeEI)J-+N!L%RhW?_w9U4!K;&hzWe7X`mEeiyy&=5ozbE#wyq&puRhH5Rw)(uaG`mB z>RWBSq`!-2TRy*}J)zHAfo0yc6y}3BZd7RGo2A(FcRoxkn*6wjpRXX}eB8I(`zIS? zcT37jFrC+aH;+y2Z$m=bncPC=gUtME_^t0Wxwx_lKc4)gucV64`h0@2V_o>c<%d@@ zZ;Q5`d$vj7$Q=pC1&&%Rk2e+gsW)GKxoI`0m*+CK;|^R>t6!gZy2({od!@`4POY< zKg?&+Wx3^1ty?qy`1Z2D=UzuehaW$7Haasi(?RrKT8p^(|EqSq+X$L&s^B?f)TOBb;o z&DO|tJ#gn**pkIJwk5ZxN(U`!dGIFKKke|dwLf;+%ybg}ae{lXNTWc;+S3+AH!`O& zDa%eccZO@#l0;T@w>4XNLxY=3l33Px|K2q9&*kTKhj)t4IWE5MPib8BQ_(-apW7c5 zxBKt8Zr3j_p^p;%IXBO>+m+d}@A{^+l&3Q|;F@SH+fg?S(eRaAH9YLQc6nS2EBssEZ+V*9 z!7a}7r#Wz{w`OG=TD#UwRcPB{9o6^0PTUW?7;s#C|1aJp6PB#Xim3e-8B_H#bCZbks zwf>F?o3G6|zQ(e6#hQGjz{taQCWn34%l_{9-|O|Wg0IDRWx6aN#uVl*I>TgkpBEtI%W!;Xc_v`uemj1ssul~-u34&(V zRwfuMi+ zg3%r>cI;LOCoj43@b)KtvJ6_ub?mtM%emin);{)Qs8TCFGuwE&`}X(zv4?WE-~17G zabc8)ba$&pbPQ+e7blOF7Tw+amu!vxR_njr_K+tubSe)YpOM|%-gj&C898{GW4}*4 zKQ|&gA(`h?;Y=yn#EkRG8s8%)JrYZrSXFLxX|MVjA-juh5f3abY|GK*cz$Gem+i{S zOA04zezV;*(K*^o*n62@hIoXQYgyK$-17U0;v9?k3P4?9mx`6b55nVW%*yXnaj&nv zYZ|7O!}D{ZqRd-y>nb<)1g02sv009sYRlDDtXp+tV%NNVbyEawEVH8gp&+4x4)@dG>q-j+!MQ7JV+7?X1OCmK8q)tfp^wdD-E#JRo2f z$DTRu23%Y2hAWDkaCzBn|0aojr_Jx(--=J4&wqC8{QVR5d;TAe`F<;V=bu;Rg)djH zd%9|R{K4w`-ZPVZI?2oC8UBLwZyB|{j1X%S1?fG?e{jz$k)35IrSgxHrcgb?K zH~U2IE<7vvv+Zg_FDgv{Ca zEN0)=?%9zgm%NzPI#+Hkz5DLg-tO1=KXl}OoM_kK;(!3_swstt@hi&VhwJZ z?6G*T=LTQKn)U4yPiE@v{gQN>m*T+An9ac0grK9gB* zcYin7zjNNig^ow|{G5`R<9&4gfpY@Zew{L0nX$8dHQG%l^r*hf$xM8{?ygS!Hl9WY zsk5%>a}WBz-!*+_@iPNUGr!#6;FqON>6z|atEQ+-KRs#98V=rVZ*rDR;PZ(7@%HA% z?)UZIkKg&y9dBr4({$zdgplMHk`hVJ*X_Mid%bo?kig`oH_u{o>!IWn|%ER=x-M@L^V&^)q3m2~(I6QlM z!KcdSg2kdUChY5)H0Add)91+?7oyr_d=*+BJS=@(k@B}{-R^g~JiUDjCwtZ?3a;(# zIK_3RLS~cYrr-RN4Hz$d{_t7O?RMX4W!;0ed+P0-w8Z8YS%va`?eX=ME7dv1FOa8W zvd}8bGB1?n+nJ7}ITPlepMGxt<3~p(U*olT7IZtnJuI6^MQh3P+)~pV+ky$kS=pH@ z)+bjKO*)XVL|WNL$&Iu3W9^cQb2im*&X&LHqN8S6vSa$eKW9{R1Mi>cdndcl=s?7* zx#ty98_de;Vz^BodvM9-v?vPj?cej_E=BE4Am9uZ(zOgY~-(@J-j9Bnqy);$$i=mNrzgu~nXqzULBKt1Ka5Su+^@&^&AaNRHrqMLX|m?-lLlocPA&5;bebmM)$&;E|26@pTods%G3VCu z=WUql7_QW-_-==akfG5$_d2Uyaj8^MkEJ1Iua+AL9{+B8fo&mgBcpOMhxxfa-{>DN z;%hpx*Htjz|M#q1QdY|C<)+L%hfWk6oN-bjMdR_eEs3|TXC&X)lgyw0|AP7pX~~BV zd-;RIo>Y4ZGCZOaR_R(n=2OKE%h`(a&M-?OKD&mKPN z`@20Qzg)i3ULiF2_Y%F_DCuwVRz9IxMU8cx0SPSyABu&)y!)Yh;zqIGr51+!m%qG? za6fqAgQeoPzS9TZ-Jdjbj*FfAMvq2!*I3!!&*8!qKS3o>QS7`OkFWdi@h_J7zSGwK zn1XD(?*4tfD<>vi;p|K70u8)y2r||=KDu&rv*e4n4`uVKwK*1certc*tCgk z^VVGIz;$xf&*F-L*JVuik9VpI9#Uw1aB1_ol)sN>3$AlcOH%styXgSOlAsd)Z^kB5 zL4D(g)3@I}=l}2h^qS|p|DXOk|1VR1<>Bbc&!PEG{@2wA?|f-uxVCVs>JHZQ#7v&h zP6@-M1xpugT-bLigh_Ml%jp`%9j|01p6!+YrOwCS8+`kM!|gwnIk&b+KR&`)v{TY8 z;k?M);^&ucn;*&jZhzv`)zzJ#N`XFgwd^z_p{r7u4fI6O5nY%h!6KC@uI@u?e0Q@S{7S{_HtOqg-_$+5>CniFR% zY78(EOs+`aXy}`k)>P4>`smCOuM#h@wcSs z32ldylT~NdC20ITFE}?Zw`<~MH;;EQ+Z$QA#V%j9{jp@->pzuqQJmk*5vZr^uS=r&K_i%VW>Yq9b9Im_J_3g6w`*=)PNc0z=ar00Ba*XhvZW8Gd%xt}EU ztlrCHWoaG!@un_Gd-JO-gF{@_z1u#e?|<>dd*g~1FJC`5ogT{*Wo%*N6&x(Q*Y-tlN zc=^rIw^w}GTKeZ|Se8xsy&9|MXOx!n+VB2p_U$|G#N%Cowz((Rx9Ln?Hm6MVa)u#? z(N3Gf>kt2QpMQL2Yj$9t^O=bnIY%xm^S!;}d!O~ky*AB{C&&ChnqPEn)zd$BtM47G z<^MlTb@?2xYupxDtAcI*IxSzha;7!g@rsh)b^pF{zdxkGko!HN+BLK4>T~=>J!H`zDvJ@c)PJ8~na=_0Er9)$W8M0+^zRJZv$7AF7yWo=z*N|>CbFgZikrs-zVfxVJ661Hc&WZTeP8Wq zMzOHaNyZP`)edqyz3Hz&MMi%L@oB!i+-#fwOf~wFPHK8{(5A2@J-#P2oIX`LNFFNP_ zxHT_09#|G#*E#?EV>cEHaO1~@dCv-~1I~w=LF2tlk0;OdGrn0qBg7`|%*0j(``OOy zQq9LCa+jWIOsh)jIkwBH>i4hA+!gAQ{stySab2ET!M~)AoYAictm>J-_jIAru?VAI z?yLPDAOF72*`qULlZVB*xJ@n5^7jrjI=9c5H_wTUZGr@&*1QEf^$_#$ch-{Shu*JCz5tJ(MO?fc0Yxlixj|Iel!S1P$xcI}!S zkAghXKg5*237_p%{A%m^^rMejcQ`4vIBX}l~>XDIxadp8x99l&|eM^s+ET}bL)1R(?Tw%Rc2R^@jCmB%6~zTf3vP$$|}(p%phB$iAGTbIfcXVx8L*wb+LH{Zqui+fjfsVGklmT>kw<#jOAfkAK=U8geimKCJxbynp_~%kzKx@7n#_p!M8x zgYzqXcVBp8Suo@Kp7*gK*RPAN_ip?$t3Yp?#yPQqpYr>8&+||4`jj63S7z#Gs{^Gg zi(>x0O0M_LD`Dyr-21r4_u`fcyZL{QsCRO+pU)6F<;Z#R&(-t^{3hQ1agww0e}-JY zKGDx#^w>`4eVQ};?#8W$=9!#UU4nIHeHI7ZA#FW z_c88yR^3xxMLvnRmXn>dq5t9Eep_{x-xg=MpQ_DxbNlFtg|-X#{62DANmKN~wl6j< zUHco7Cr*;7cw@+yTlweaRQ2}a{WCiYxBdAQCjHdi^Iyr0VjaNy_^va%vuz%s_4VvloNaEx^=k|=uEQN_a6V5$9QE7R)>h!+it%eps zXWw*)SsyXu(v*3=HRW7{m9U5lvV*Lz=ceA=mWu;`9N z?^V-3zn)n~e1DM4kzCN~z?A3F6suY=_0g28=^yUx|8Jf5V}1VTdHi(~xb^nUC{gP@ zBBZU%;(M02 zj`_ddyx{WrytF0j<%LnzECQ7z^Cl*~q`|fBwp{WS$gt4-Z!# ztt2nQUEdW>uFCSWe{3SaCj4VZr^?0xHJR8h(^)>tJyn9Q39M02)C*aDJg4l2yjAPY z#Pf&E?Tp^s`_Xv*#SfKz*A~8y%d`{c?@y4>X2~OYh69b$C ze0&p_&Q5Cm{8Cy z3c-Um9ULFzWqwsvR~&VH&ivu?``Z3c?ddlweHqo>M2Pupa8lHaVt-Oxsn*86B7cQ5 zqiuWDjH?muiI+Z*lj7-mkN)+}KCJi3 zXVQkMmr8lD-=mMYubFZ+V}3#w(;u06hAPg+8mvcL1ADxUrap<4uaK|*IdT8RI`WeZQ`Cas;#U^IuCT; z*XduK`}V=KJ2RLMe6F?o^8EcWLxB^suLqVVOt^86S>=6AN8c_hy&X@4KB*}@e(K5D z-ZJ4x>yq``r%&JiN9a+f1WQ;>wOlEfF|%Ep(>NttsovWv;VFb9H{K zZE|=#d(wl7q@+0x(tkeuRX%mk&UdOPkB^`6)R~Kxt>Utuo^CYx@aeR}66*_6Ri8WC zxkqPf|BUHlPQLkA-*SnT$8WPkCtqA(@D;RL;JvztgZH>W)9iOU%#|H%py5?>LZf-ojpJoPhGlYLZ7HWbS~jtSu-jdJ=~>n8KI7`G zo(WCw9x6)BmM&xo2@9JrldrecrSk=+;)kuC0_x%vH`}zHUe}CPF$6J;JsR&9W%ATGxp~Z7S z?K>H}51swRw`OtY1V=|iZZ|ZrG4fHH>?mD*$BM(it^LxL2|nC`F-ycV1h|g(MwVwQ z{+RAxJ8#;#n|nU)+Fo=~Rs2JjcKkWX^!bjfR=s+8zLK+6B;IV{f*TSBjcqmCUaX1j zD5^TTbh?491=qsE8#q+&SF5*WWad4JzW>uq+xofj-a6rT-=~^vqZq&kB}3N^QQ%B%6^UFy+kAQ@$HqJY@>jY+94h zG?m+CiDvDUUsb<4G+o!lI0$$x;N7riVV|w--Yur41|~-5{`8s2)hD@sbZxzuvH0Rn z9wQaW?)0rP-=~!K{`w;J?B?NyEa4m3dUJ$6nz}7&efU3bXLr}CS_{6WOL=OGP?$mN0oy6Z$&JTV2<6dYHQdSq;65?&e3#0 zJv7+$aZ@qJAMrAsOV_OP(u)cNUfLaI6-XBF+VpZ;^a;P7`5!D+aR@32Oh{V~TMGbQ zFDGs?N8z|>_&ym;RsQ?s=HjtMh7~_AbXuPIXnM^vXvGF@wkMl1-PqV)%=R#@FH^sK z`EpNhPhfN?b5P(y88>xx!A&OpTmlIS&&2jG5lnQ;{$a3mj#A}iH)U>rkxAR<)$7^s zd3$d$*WuK;vM*fb>{-3z|HiX9_czbqcT&^sQsk{!(gAECH-r8573kLgJO97`Cb!r^ z!zY4I7?-$syPiKFz?I#!RPaaT{LYP>EmIQJHfg-wFY47S@TB%^iJm`0PfyRMi~Rp> z{YrJ+j&*Hb;L+I{iw`mx#K{RyN?5HdzGchy%}EED)Xd*5yVM&f_)OP- zhE0FZH^b*kL~Gt2w|{Va|Gug6_o}St|M|54@)gV3@9vl!nz~|!))G!-Cg1PV&hGit zb^5>$3H@}{mqCUTzkg^}crvTWM~yj1^mzJKK8@>n(`P5VT+Fed*I%fyKX}G$K9k$u z-Ys6at!vM=mwOiFsEH>yW(!w;lUcNGSKG#tw#$Bz$KHMyE%Ns^zF}p1_L}bOmANa9 zAGLq?a$fA*l=BboUD~PlETlQ4FP2YGLH4MB{?2w!+4TPz&oXPpn9ncXw$yUh=6x=S zyc>mjzUL%wsop<#_EpCU{W>n`vP3US&R@Ibl&$YImn5ARX4E>O)O%_7xnIs*%lAkocPtGm$**my zm6ki`yHx4%Y7Xe?N+!QZqyEFY%L~6gU7v9NUF?-BR~z#cK6Gu~zU`Lzj19)BOE`TS zd771zdwTmW-nr%S{eeJer$yi6ge?nJ86Ev_xNco&b*7U$O); zl4sn$)i!C8?cTk{o_mTS4OcgBeZGES;k_Kaou86ct=7J|t5iLAuJPH9b36Ws?s<0p zzPr-QL&j{%PKPBmKQ2AsyR=|c_5{P}PTZyfO$YxawpIO>l$TZhP_)f}w}wgIKP_w0 z#ea2tZ*O+L|LJO1c7E>uhyQlhJG<7}?p#?i@r1qZqv)^zIm_eWLZ$7(+kW$~ z?LhRpYHj{M-~TUiGEWcpkWrj*p|a|a%%xt#>~}V=q`lRAd{25!yRy|lJJkP9??bKj z>VLnF@A()26R}TMq#`f!1yT?iv$9u^; z_S?_t-R8RSCD?EY`s;o9Tnad|6Nrlce#J)6{RCb5)jHz$Xh`tlzKefO({ zh5p`R-!Cj2JR|)ggXST51(t?o<;R(S%yT)aCFu8RWv)@D@cP86oSuWW{PyiL_xm^A z*v;w2Z+q@Yg8au*R&y%2%;O5LJQLaOH7DX|q4~=&g}Whz!hV~!oMdr2;&{YS#XyCl zgh@Tl_4Fj~4TlZ%_vEeUb@kd*{g?U6+dG{he2vcqS^iDFUvpn8ecAGgKjG$!n;*2^ z{0LcPSHIy$^LfU;&W65cR=1*N?|iuV{^RraKDzasbDY4RZnAdw29CuOS~kX-3tRE} zr*2wu{P@ZaRZEkaj&0Y(Zf_L5a3jKBZMy!o62=(*@v897If&M+pX-@l|JX3c2o z)KodF;lQ@kGL`ws5*|)LSEFCO()*9GhQ}nT?rz++b-IS~X8&m%-9}E*yQHQ^Jzt~~ ze7#}*;fl-xZG%Hn-D@K^w_V}=e{Ny?owFy`?-bEgDKvM>-qgl+{M?+E0aCgxs!I%C z-nyYY$s+RbhXZwdYwA1B|9Nm*B6qjXu?(5S3-j7V1Xz~V+*xZ~UVQ4!xunA7Tlvz{ zyG3S9Ivdr=!ksJ-bStuO=?4P^6UPS^@7o_(wM}eSySsqNLSBu`r!Sm1UsugK9X!{| zz{aRYn`QdCxT9yc-#vHx{y#A$O#!FHrG2+{`RP^NtgQL6*?iIp+p_0d>rbUuS;gAi zJ=8FfN%675)W10yXZP3qjGnM2J>gdMt@+1I)7L&S?|%=Pu}qXmo}lGcwx@j^d;THc zt2d8sTfQYBZTGsF8=EuqdjsBm)~^?35`JR2=ck|1;zXUmn@$OdcK4^;mpc48(CD0Y zZ$n12={0SeJ!irX-J9+8{LG7n0DUGa2QBgBd9N&O6~*NhRrftFJa4|=Yt^o2F9mO0 z_>-MfAfPVSziU6Zpi)#i@N|Zp)Pt?zF~=P0<$vbP3NdPxl-CvwY~>72?(%h4?0Nf$ zX>qf1MsCMZ6phGG2?^y?5=9aP>Fw&IJbBqSbmGyglzpB%Ru*vRy-4G%Rct z%a4aS*^OGQrUxF~Ebch{^^HwMgX-qzBH2sNT{D}L)3>lu@!sz~`)9lF|5Yp&JA1fT zW$IMVO)quC_rKDb6Tzg+!a8f(npG+94!N3`n6-ZNo3-tk+my!-e%q-TsAvVvsd^?E za`oE9t=ZzS)@2KN9X%VP&91+aXqG>BOY~dy-TZgSEAkuKp0SB4dF1mn= z<*J0u@r6ppXT$e@%gy`oXSwH*-0$Wen5SHj;I*>u)hu~`*nUg?`?_g!%gavO&CQvX zx=Qs^^gfn^Q}bSHxIXy#WRK0xHSP}cn61A*eDdkcy7iAAuKRmplU|=d(}7KiQLD8r zZ7iBf-XxuFy1Du1&Gqk;tZm)a>=M-Mow_~!@)gr78=p-%nqyP&=FGj4gb%jsYh;g2 z`jH|urP=Mn>fdrn*Bk40rM@-(W%I4S$G!Y2hbxn{<%X?2Cu~KTvgP%sRwo(N&sW*G zxh+h*k>eVb3wb@QeuSsOZ5m3&zl|7+9lg(Y(`-kC!N z?_U3Cp60MV=Eg~n_l|nIemLdr|Em|K7cW!BSG=?=x6!9lnLldLXSi9^LL+~6(-s%~lj_j@V;iuOrhQ z$^ESORb=|*E0?mmSrr9?E?&6QtRwp04Yr z<*C4usd=*X)5|#`KMv(J3RE~vaxS>+Unh0y^PLIbrna84(+$5;#QAmOlPheGt0nBY z52Xn!^DLiJ#r3}O{_h_TpYL-yT`*1S_(9Pd*=k%*!XI!o3O!H=2zvBv(-*lHkM6Jg zZ^8ZS{O0=Grxkkp4Wu$_woKO*%UA39`r`G=h0AvBs>po$er2+2P5ds?*`;piwQ>9Me(8U&moE`Mud{#q=CzG3 zslFxQy#arCyw&Br>Vo$N^VNJwlh>ben%nDDHjmTJ<5TS9^Naho%YL5mcG(?~Q@ zk^3w=?Hj!F1-u>}NwUa0^Y6E2-l{Vn?ZGL*rGulOqek!Sp`+a%VWFFfPp3uAk}}LZ zFLb2o{S*#f*RHbTt$k}0zbO0Sd`dwd=!KG~T5-plyFGL60GQ!ja_&YUyrn4m$?ihkezd`GR;e3N;L zyVCUx9^O77ks@#*B-ppS-v0CLsF$x_9ye_IeBN&A?RRwobI&^pC@ej8KJCC~%lxyE zU-)@tKTo-)8hdG`j8m5Z+ey7!Cn|bQzU28|ad>;i%>6SS{xMdTI$LULvrTuBz55K$ zmU%M+r&L~)y=-iL#;D%m`oEdEkea~BrJ?`8kqZjpdp~*Q?R=S*c6R3BKi|@NzInMe zX`J~T)unW*I9#=-$A7|_bt?Ha91H4mrW||a)xuLbW6}eQC7W+fFp4f(**N3zg1-SR zYgDA1^}>tJg?_Yf;wZ7GuhHrHvFxwC<4lDVFT zwLY+p|H+kn*-}g=*6scai4%O^7JlNjyB8L_S~tx@<8MH$mMgp z=3AGEZ77gkVwj=qsL>Oc@p8iX%0H*4@AJL3Ht~4CGs*aEy@Ee`Arrq!E*&43j?2H{ z`S2)Gm!~8*?QHAw!o&9ejo-??y%M5wp;7$YZ7FXxm&~-wB0eis7A!1Jm=T%#_07#{ zhV!2%&T}u-N@d-7s;KAJt|+x-Mj`5}yS!o-=N>HJhTsif@9%H}9?(_c&HQV03vVB|e&C~J6`15wn zOffomP&St5n@rkKLB4&)MKcb~UvK%J$@+ZH*yEpqzV*+)Ia=N@j^ zeEvX107|9s+2o7>ypKi?zjU72$KFNbEv>UE3CbDDmxJgUB&*<=W3(*HI@g-L_|0#B zsbB5xJ0G6@@2nSgc;Cts32M+{SwQiSH*@_4*$2;7S*Xw5(lpn)Y~!OXmpO|peHP?S z509|SoG2rpP-d!Y5Diy&_GYuQq`9yIeiv%9={WCI!k`fj-?a-);3@BJKeHe z`@_j6pGB5lJtWjKXS)8}h^NyYB{_cz>L}1X_kru+Rq?s!Z(I@iZo7w3*zQ=V?7GNe zHT!)p{aQ?xtkSA@yn20FS+%vgZq$MA`@i~rx~aUYc4@|~M?RUJ-*h>d&br%w*k1GF z@c#yV5zD7WQ_nqE6V>E*B<a8bGVeXUilBh9|oqgKW=E8EiKL9xs|caW}~i&sPQ$)m~5Ye zOus8W?Rk{QVN^L^VZO4h-N9*VcW3%8yHMw#Gc_S8sq1I&*DpQ(ZDG0BEN2C9={7aE z7N>12J-8$9OcWiN)=Jd0V)gD(wJy4dI z<@NdG|38YgaZS9=btU3G@O&vC_(0ssXmWB)#X+gO-A}K_6#dIuwp^|I$l?iKm7IiP zzAWc*I=u2j`Qqfs7KbLRS(j8(G^uUZETqb!V@~=KN#B5TPK_#zLO0l$*?9a;?>m0|`Hkz>AKq%O&do7+E+HTPTY!g+ z$4S9u1H;ob6HOL(&XU=^y!cLK_|@-o?f2bUnC{llxV4Y{dj8tDySvNZ-U_|{Zl$UJ z-uJ(4nxAKJ1!s3|kY!TT`292>-m7K8kH&c64ksyPotrbtrKO)&o3@@_|7ctEyT!`Wj!YEt z=9rd$Kg(zCl2)g4^BJ%GZ_`+E-8Cl0)9je;N`^m1Q$7crX$oI5Y4)?#^Z(1#e`>Ek zB5waVQtdq7r|bW}CRhBFk*>PEGv{Vfi6Z+_rbRI=UXl+(7tCN^&lA_VV1jG-sVUs9 zR=ceQoF<%4ojGIHG47g_Qr}h=vnb#Af;)@;t@p~-iVFOs{bX5MVASR98>H8YFz2q7 zk(N}J>z}AA^8D_a2~jgElh?jHVN#e@G38l_%-Rs$TQ7ahHV_L zR>|Jx&{B0vD=sPBD$Tj*@2-hK8ZDuw|2(d(J{Xiy^pi=WSD>kLW2V(5O$X%`rR;TqWd8lyAK5y0Hq4q`_fvf4jI)zYT-81)d(y1#<+A9RvX)-u zmzI0(N_!{%B6jbr3Y)x^+6acLy_NgyMSB-|+duiaDsk#J1&u}C#XEK#YQO)vtnTyQ z_YcmR=PtEf_w()d{k*&9D9`novGqfZ%f=2p5k-yzp973H3uu(wRJNb({#!0?ql48v zmbEu`{};%f_Eqpl-HP(V`=x6QFWTAfTbXt5k*4d?5T%)Z8+T~-%C34YI`=J)-&ukF zqaO~*JbT5<+BlPW+m=IoOi3JtHT@{U%V0*gaOV6-c5Hzw8PgvcpCn#;O*D&&xg8q zM{ZxjzmR$H@hK}8bQoFbe6hAOv_xDYjAMYR{Lz(ZTqs8q;4*J>NTm8#sBS{ z-ojaJv)A1^_)+=z&F$&^E4jE1F5`Xu<3#oSqhGG5%>Tdpe_vSLUf&&Je?!WZ_We61 z?Qtw7Y29gF`AYdkYb9r0iuu|$J97I^qqM#`t8`y)?Piy#{a88ex!0SBt&_MI`?hpM zo2{J3ck5P^Q=@udR9pV{%^A&Nr3<68Z}WM7zZ&-Z)t;?k0uqnaYxHg8=3hNM?ZUNN zU14@XUMoZ{9yO}4s}L>O*`zgl#^O^~M3kOMEq_)d=soM+mz^_p3~#&Szqwc6a8)~e zg8mdAamUc--QC^yj=jHnCgJJNim6RH8$9+|D{9*eK*2-n(> zk}1DW-oVDFFZuSvLXLZXpWUu_)0uwK-+y5f!zsB-+ivcA+{OLv>ZK_u87V#c|9qJ) zQF_Z_`P~<%P@=1K;pF8zfBwp@_%<_r=c~5Ymc^ee?#9ZxeOZ*HcW76lo|xj9$5}nS zX8SiUIWno~mzqJt2cFi&hYnbgJ&>|Y2xO>W9p>0bW-7ysp}5k&EGLmzxH3<1-U5afR7c2 z-)=8>AN@Y%{<>J3&nJ`}8aUOA;=le3IeTgA>&U%zvS-)kdhEXU$tv#T=j-!->%4x$ zGu6FJDbD)nLH(NEy6rRVfA9Y<5}$44H%INbD~IEQsTOr_HdN{_oZuAea^T;R7u|2% zV>I-pGKnr|W|+cX#~Q1t_=jPwR@$`fj~e+_JbC7HG1^Vs`^QwHOJ#xc+TT}m9A{kb zv@}RftY2}1rbw5`Qelnr>1kuB$j2EiJfy>Y^OZEzci^+bl6*3+dzQ zSbRd|(UVWAvw}UBeQy0(w5v*aaZuvrO?Bsb{0%LQeHSfd)hTLf~Vws*bz_GOQ=*7Q>{mex*t%1xJ_GTQaZ)ddEaegr+dw%W|l-2CjX)7uv; zZGC&hvig~f7-L$+^$^a(Rr*eCX}(+M_bN_}=lkH5%A`AS+R>b{X%#Q-=tynxSr@Ws z?b_Cb8$Bl<*Ko*m+$?;U-z1_Tc`|RvTHkG5qTO@VtDY;jI4E%l*SyTgPWH^_pI`go z_SUoJ`4Ro$I-mXPzejE{O7pE-c)Hf=RfD(|I=GLSN4a)WYNd3wyEm$ zr)%)}Jz~AJMIbqCMyl_L>oUjdoTQHCmCoN~7addF!na>5HN;N*980*5-TL($n=DH< z_IwbT8Y7q)ZJMkZyG}u7_Rh}2N4dHV4Sc6Eo+`>phaC8E#UxjDtc6a+<7z7>h>(jd8e;gF-v_{ zow6vBBW?Mzl`LG^6OVbSUCh|BrQ-3|@K1Z++j?b|vBhdMw7p)pcUDnh-I9wfWtNY0 z5}rRODLL8=tGqf`J}hl{J-u_c-g;S!hJvI&x8DDiY<(kha!2&)IxfLuvZftIv9kZS z=1jTP0}(+uzT=Q!D>`ghLkd5PZ_I%}+*IPIwQ`+eQ+^0l-6 zuHVz-wzx}m$>V~b-%kI$`u%=)fZVPi7AApH97}E;*WU5)+U*;gQjMQ~lXKu|RQ2h5 zfAEb&RGfRdScwg$b>09Ssd-VL%`#*>dE>n*sbwZOuzZLZhD z>bM#DG7Gd__bg~i^>kU_@OzGR^(@x4xiyci?>~Q)JNskHk zSiQ2tzJD)zac08Ly#`K8cWV0TS#w`XVVmB(z$zgoJ|;8yxG?V_kLx|FGAqk^x;E>+Fe^-jnoH@Iw@#x;}ozMHEf8I&o=MtbN7-FL_vog&4z^8k9e}YbGe2ZG) z7wgZZ`EzxD{hWj1-vur|h!UGNfyFB@fbpoq#PF^?Tqm?$BUjE6+1&cz!e{*t+jhS{ zv}wsor`HRn)!W=(`BUBX%C!amV$DP94j;c{G(XkS;O&`KrXP$>R#TQO-zdY*#6R`) z?AiPoe|B2lnI_hfJ9)O$@|BvcVT@9)I|CHvh>iHcB z*~05nR~PX8Q98c9CDUO##}b=b1#f{8>LQ+2nG0mRHb;=bh>?AuEmabyjxOdNytkZZ#uR~K+8e9 zbe^8jjg=|63$u$4ER?#`AR@GO%1Q$+jY>QHc^0Ru-&JeR|95Qr$_hD-gMHa$7p`7B z*356i(%5f5-Lz@@EZNu7KRjP{Pz(|K8>o-nYIVXFN}+PT<{+TV?+)7tQ;4b0Fl9qI$8eAw6=Ls4Yi9ta;BGBg2S!+cv~p7Bn!a z;0yftN*gt7HFy+mQn&5Ek0UCwGkJo%LQX1+ z{R>{bZMQP(+nH)!M~#f0J*qsF@%oii%ct#Ax4_l{h$gI$P`El}*^}xgn~fDrKKig7 zFANAu+O1c9cSEy&{l~hHYZlS>iyoJ9>=%l?3(HYTN_we`cVsrdh`Qpu;K7*}A`DZ5 zI%94+b8|*5D1Gr^&H4Ffm#ArN*)(IuEN8FA?3)oYxaQmVFHmyOZk5l73exo28M7na z(Od2CnJYdTVJe48IS>83;bxd_X}ICl+Ks#3-Hcg%#VavpRV&wr3mNtaUuT)-+$^)~ zxBuQ`sij$QT6*2{gZXvSA6-!q;d)THHA6vD#Hm_M_?rIpsE*z_CSDbfZ(ZHN|seKw2&~@mH&c+?x8+5jCL?6;!{;yoc- z8=Pi(scDEE=84tpwB(z5VE*!ltKJ^JWVUv9sCibF@cggS!XKOHbnN7FJbHMOO8&mr zVQ%W`mX*JFG90VZ)ve9eK7IY&-ebbqMcPj{aIFdOT4);aV@1%p9ZKdhToS=cU$5WO zRGqi8yTmhzwd=rVh60xvpIB}%ZFxTN)Y*^Us^1@*l=vlJr9@Zk(La^X=bN#6#yt7> zCqr?q$Wo_y%Upy6Dt=nNso;70JK&?hwjQw~b?o=sAY&%Kr^MW$P`& zB)4UAi_W-Ku6v=bVe*D-bB9&wSMT3DlwsywZgte>oMFj^&xx!zu1r#gvtom(Q3xBjLGn|EII(>l^*+{|MWBx>~RJ z^45djFN!#0Pt1IwxVE0H>3hwWqo#$r*CLuPg%njjI=Mx#a-Y*KJ;#+DCAk|G1Zg}_ z30BD6lQc0!saK3Em)+*$pVL!PdKS0$7nD`Z*tjw>sF0npr?+n*H*3;LmhwBL(se&> z`aapz;nLJKfn{6o`x_mv=4=;OczBE9txH#X9&J!sS8^loJ?j+j)Szv(2Q_!C>;5Jh z>+6}uz4Sv|*9z&yt*W8nJ^0J=H4s0JGJJsG=Jcn*{uo* zXJ3Wty!LSq-+@#M1u~ecC;9a8Y)m~Zw&^F+@pE&Gt&VIu{AyLW_l1jFH?7aRaOjz5 zW+aEEMwQ&g2$@co2(d!NK%phMM|$~IA6i+#bN_Ru*D_5}u8yoJzBb2po;*3L!8^?; zrTFG5vsIljOAhoM?VTYQS{`p~ylUn7may3Rr2=2R>aLkv9-VIe{{PnU&wG#0dv@U9 zVUX2u>b!*{vYdk`)|y@#Pl9qxBHNHuk`-iBTJpcpInuyO2s}oyF(|HkKd?!8(Qrb=*lh#e0vIP-0?;n3KbK-^9z7KYAKI&9qDiAJwx9g*p+>cAs1rMY~>m?s;y7qz# z(aF8oP`gs*#Wd5?H!sggI=_1Tq!U{{{n@vefv4a1k%y<{2ak~6^(J2<|ZQX3fY8caOe!q7oa+y&-4zotSm2 znoca4eM0op=dCe6?)n|eetZ6rjsLn?h2a^CpRjhRT|au=&TDqhgM0tt{(YAJ#}@zN z%=HdSzSYz9(?8z|t$8K?uk-%z8}+VMd{@(A6itq;u`rl=BuMO!QG{8=@}-{zcb$~ z_*xmYqcAEgSWC0PS;ONMB`$>%pKKF{^(<=I@HGsSDAM@;3H^%0JnR1~SyGW@Jg2ukd->=V%Z7E_J`AEPCEK?fO`f~j^&v}?fVW!Z zefE1N-#NQietnR==j*fAmc@@u{Qo`(l-gX(dTU0NX6uS$qLr#EL>9)h6!E>Sd=VrV zt7B04O+-DuvU6f`yW;%C`xm#)TgIX_y|sw*Vfckp{Lw2zBVLAZq_z}TFmnG&|GE6i z2TQJ=9aGE>ZTfgB^-YS<1&)Oi&So}wv6|0y^e}#}J%Qu6;i0QdcXxlkY<(d=PvpwC z^v1UeNt{V*-)`a6N&Wdvd*`Fx{KVUH^V9CGE&nw8|5N*5sT&7wrf{coT3DGL`*26( zR9ITTt!*FgN;vBDZIYdm+PFnx_Pj%7xmyHoI0Wb@$5j54RGP9#Q*v>@w-TsW z>l7l^T4IbuA8dSBtP{0sj`;kFIo9v1)%*9Fg;cNGzJLD5iJ4;CwgtbxC~B&nq017L z(X!!!#93p+Wx0YMqx>cYnJtZ?alxfMO49>GJRf3Bx1tz^)r#DZ&o@=4$x-A=O z^h;)31~1LA-=1xI-cjZC@h-LE4@sxw%a$l zID<21C!c)HefMp{KuD=J{vpo&NHJ#aR$a(8B0j3Q^t zai61$m+$0c`7zB^piJ#dek0%WvyIbIns&T4ntoQuQ>+ka^ujY16 z7WNT6^?BasEe}4-ELKR7a1*{3o}K38=AvP8Ym>$fu|wNF)+oC~U-GmPDopc!8elOy z+;iazkL5FFoSu2pM>BH6iuRc&JyoQXOMZ3GvD42FeE-m0`9WKtLge|T z3f0fWy2TN!YLiwxW09>Bw|5hnBxdjOql>$>pt&>B=HaZGM=4w}*K3X@EjZAr?z4L{ z>kcuc#I(l3q&bqOHx`|hn&Wb)HomQ^x~Ec?fZPE7yisG zFL)dMKJEDIcWF06uP?N^b;H!^9JjLb8=Kl$h4GJ%3P12lTB%ZIla@Al>74KT)b4p* zx_Z;gEdJOw*(q#S3+8C;Nqi{!iKQ{=;-Xd_em=81>INTU&(6J@k*a9&=Tmgv)6eza zzaLqulGV2khIYip87p00cenm~F^ePntjWYq%ROISIr{O>bB=f@ z=GLgZ<;k|_b&H?;{&RYJ{ehRo&v(3jrTycG`+xf_Tu#DCvBIl&#kho@@mI-L(&#VfR! z@>=dKHC|PD`?|}<-l;whx0O$NDV=chTlUUhy59?~M!!$Kef!=~Yr9XUK4 z`i-qjQ?pJ*UA{7HVSq-ErdZ^Ki^pa@RzDmfB^^|_M}c8suV+Z8iQ+LkXo z#%-SOyL?B{-y*N0Li6h%B!+Bt4UbY#y|wAZtH=|_N>@wB&QCeHsxHpDY|^xnN%sHu z|LdqR%l@)_!UUgY>2`<3%)XZ9>~xAL05 ztq!Y_{<1DFBQ#HBzgHudMa2sVrtIDJkDO}5!PW`6p9a()i zH)sEIyS(cA>^r}I|KG7Sf6w$YeXlihZX9!Y&+y#JS~4^L=qSJ57OR`X6Yc+MoC zA)Ku`#Vsp$)q$TjyF!vY=Fpb3h#&{8xes2f zG~ODqAjQh9TFX^0oTGHEo2KKky;EntyczIYQgBb=$p z`~MoHZLZuh_1U@VdtP~Eee16A%>Q$`f8y!XiI<$XxnuQauUgyWrPwd3WxGD+SWz-d ztCFEPqm{PeMu{N{!=eCK>ioU#c>y7}O{{cs> z|EDV+7TVXjQD~ZpQv}xrotC!>b0m~RCIop+zWI83;iSx#Etd87X30BGn>{nv&|jtd zLtB^N(@k-b>+GgY6MVW+#cx^fmqT&C%yQFS%a(s?E8jPHd(DT#cRv2(FaBx!eo^IR zF|E1WGcwLjh`r#qaWU`y&Ahv;IE*BlQkb4v{NVc3$~3jBJ;-1~74Ku=#SixaW^S2De3JD+O2Y?bFxVHMfgwd#J4#k-c3h8;?MJ#FLv2c2y>alUGo zTb@_4G>X4-zPNS4>^FC0d^bv@x3w#tY0rK6BB3fx?ToBgDEFFzcp-H`ZsQc`BXd`T zwfe?hoN9K7`^SOY>xOo-A4`9)pB}uteZn*sj@4m-b)R*wCwX`0*ZozTwl?PI-u+*^ zm&^)Mk(urP=jd?>IVqPZpU%v+&SfcI>J#wM!E?&{WJL$U(2$=(kYtG=t8^WMO9KGr-ZxOOkk=0(!`vXmmO$a`~6 zW4Z0Nqi{`#)b6d#KL3N**4;QaZTp?mzVd%~@BN70e|%f{-s$h8^BmXi?|C`z=p0`a zNuTACZ!^^QFPX2Y$dPkdZ|{QT?KwMpgrsu4OU^i27v6c67IR%~#yo`?Gag;H`&75* z4bRe>FJENA`(YpD&T&l*#y1v zstIH$R(!pXy(Z4i!C&p{W%mA$m)6zB6hAe)^wGkj@mg2JnTJ1aI?7d6sh970>1QSW zZ9~r0EU~Zr1;4&X^1Z#+`Zhenb9smQq!2IGn9~P~WQ!gPFPRm6!O>yq1odlIdbFks zUOLoeow4>~ZL4tc;S5EoRkJtUo0NNUSBwbnp`eaRwy@7BPy0hz#lD8Uc5~Lc_`&XK zmw{VCmZHEWEeA)BgC7^WXS|Mb_`S%^MW;=m=w8-&YomjIICOQhmWS?V6u9=Kb%BZ1 zu{-acui%;IW?^=TUtywKi&_q^zQuYcooAhuiPj$1kNPe3EG@aXx5RR9w%LX!pR^

srsc?e(IT-fc2lIubp*7sM(3 zt9bkk&x5&L>ndRL`-1-$?kp*45Z6g5%j=6cv-8F0$cI6zDrD?y#TJTg<%)H_c*#ag zB{;LlYh&tZH@Ui`^j!IweQ8>)O8cHGr*3_v{^Dg$dP&;4G$kE@FQugyrt}p4c#u7% z*!9A!Z`aI@sj01+b^V8H;MHKJ+l2?G*>8Cpmesm~WrF^t>sOBKUU%orjT_?~Q$fh**Z}$_d8{ zA06Az<&$&y4bRGLd>6VDJ`@TSIy_*vTj{dOvEPg<`qkRwpXdEo42@g(I{v>{)}x*O zR0W>xUFy(sHB?tMDk>wfee)$TkAoj}28!|Ww0z$0HbZM^j{u+cm#gI$c6}6adAoP3 zUHq2WGoPK>dHG0E;UnM7Jm z_@#Rr8SL$kzniPSG4buLETO`+vQiFQo~rX(FJznw;eH*OAe#66)IR1frR9%8Yi>O% z6x(XH`S*`ZxjzRd?}*x5b=0V3OJ;8F;}bJC+kAU*dC$*x<`?f=N{d;q+x=8~n&4*D z<^FRQ8Bcc1_SKoGGJW>ZvPTx%e3u3&T$|&V-TKXTiL^OWEGx%#!>jjStyw!EA+mI# z+4@tzm03RcyKLpsIVZeK>CAi6t3@p<&#l_1deGoBz`%Rm=0|k-$&C%amtNQkkZc z{_cR?rEK%ynRAsaHt~n*1zCRJI(Q*-&cD zTQ1+b?*D$3sm}ckjZ>w~FYPYjoF^b-Q8;IBJ6}Q02cC4b<(gWJ%S~)+YjbYyYj)rN zS$ET|-gQ;*yf=~I-}iH&(dGsfPXxNf^%w2kK3%*_c2C0WZO=s7%l02Sdp*`sYbpby zmJi#qX-l(Pj)%+FwngXdZ(cUd#GPL@{qH8m3r+LRh3)(P;&V>S{#Dn~tnJK>-n>|- z7r*xs$D#|or?%>p&6i!YJHO%S>aZYoz98aFWBkUuDgBf%6P>KajgpimdNe6 zJb_pG9J{L;cbK8WAmPh9)FSglTY+oHG{p3QnyG8LIj*l))KFe-~%s6}SjJ=uW zOzREoQ%^eVbhx}Iu0=e+s(8+oXK#Nj?-PvQDp&q9>d$idr8Y(_n==|-=GV8L`jGkM zjL5E#Ls_p~=34i5sGr?+F50{BVCA)2%XGOP?&yeM(!T1lXKV8}*S$KCo2Ol!9)E08 z=;{}5a#)`he!IfSw{OejjS~|~9$cR0XJ8TAv91OsUe9>{?koDdjW0e&mhby1&)LrItNN9bu{oONd2P>N|XS`ojbh(}m|9If~zH@WK^9;`& z3=(2tG!8BKmIfdAr%CNj=sQT`=`fnaaxunU}XhPRTiW+^OgZ+Uatq zQ!)4U3$5#>k-H)~HuOeBFzL!nKBz4%)3g`QrQA5W>B|7=;>l2qmi5jVUy?QTEPRr+IFZ$a!GR@)T*H;Nl{KP~qY z>R12ZzsK#>w%r;w|7y9MCcTMsd9^BfM%|}smFqFbu899*ym{5_%0;~)Px*F@}ZeERzOW%~^?db7hf?%3RV zy6X0e{IU}_X8nnoX1aGS&v~)Ms}o@zz$52vzb!4Zv~2ly^BRN9wli zNrg+2ogbJ=7!r#|- zY}=L=&~^XUiTX$X-rG3bcd+-m#c_H|ID5vDRKbu>OJ*A->WD;ivUucvD$Y55gsm}i z_f{1t>4zp;tlKwl70-(O_{-_reWUNIkGB3^t9Rz-Z^7sGA-rl~lNJiAM{Xq=4X0;oa&K~iZm~${WXW5aB6EoZT_#7+cW7lT3G_}xx9Bbl8Ra8;IM_Wj`9u5^1>;Mui1RyFnPeh}`#!Ml_xu8hz6 zqD$d74&Crr|93Z!&zw8YO(jOiH#cIX$+=gh5i|RCy%c|Fvo%aSvih?nXZS3h3==Qe)Aq&&ry8Q_f4Al$NoGvLX`S`>_solDa`a>}myyL{E%+PH*|~3<{f)` znc4X_l{u^89-q_f{8_Bz3J!YTcZC`OmrhKk_wC53WzR zZN|l`b)eI7QV0`lEr7aXw$NE$Q%6bf<*#$kY@Hb=uuX7Zl!r0D&Jw}zz3YzI>pirL z|6+P|Rr%XLNB>+m;flVrR z-+Jz{W;y+vCFjk;7|t1|!e-1mIaxPEVz%aot?qG4L(W{jHf7OzZBKviIX>y;+*M*q zlYJ-nIAoi1WK=%34N*I$A!qIK@x7M2}meJ7p((+#2`@23q zJ%vRXe@eGkKYWm>7jJrCqO<#swAWQFMprkzs?o?e*W*fgm z{=PZ!@UP0ri@%!1UYO?|pmB9gJ8N1zN8>fAaIQGZf*JR|iEY`kqCzyz&h&)n>0dL? zi90w1pV{*Dm`?XOAK};GydS>&TkPZSx2W{Mwbk3&FFFV*x<<%sJv1$HwO-ZQ4Xd&} zCzx^U&Z|(>4d&#N?beri9$jp-&*5RwMAj9YVZAo*L+!nuc3toOkh`IfFW<-G;J&-n zk()F3W~%2^{J(zn{jP;KY9=Oc(9Q6=QLfx+;nqRK2Fk!iq^p~bu8F!7eS6=|?eo{${x(`V=_mjG zLx(0^*uJ9qUCA8Pzk6jYO2sy08SkBTErIiqSMbV^1KTq5{0j4uW*z&Zy0A2M0i)8h zE3pmP(Om(vvx82m{7e$ez4=1HK~bY(S*lg8^$%5k?%t>DZY|orn% z`HO?jBzFeviQ>Cd+H->U?Ai^!t>T^Cn6?A_{+cSjec2mS%1R48d=}+JAtUd%iLYx@@@8S__WUX`R8N5nWN%U)~+_bbIC2#tH;l$@bFplqDOBE z(8|-YB;PN(Z&JQ)x_ABVlcUPbF?DB4|9n4h*Px#oQ8>l)>E>1CjLFZ>ZA!k(#UOXD zc8+iK_K&^K%N8;Vmxkm9^c~N=rXPJ`<;If+$rf`IrV5Fes6X=Q^?!IvjN3?3EiK*Y zV#*ZHt-MhZrA=>-IZ9oB&fPPw<-n#KFUJO+n&6|k7W(eoo2G8cEEZ+r=JiUhw7bsp zWz&wuqUS$Xe(;XxUA;F=EhJenN3xEyCG_mY(w-kvg&ul5{->i7)Fc%8d9_>kqqaA< z+yW~WYVrCnPs|hT6?n$Y5@fQaBR+)v|BTOvx5mV7o+o_xdBlagoZGDZzrOmgHtXJ{ zMgJl?e%=nz{_N)PYE@nSh3CI)Bs0Ig+F@pxKk4?mn8W#dYOVKI92eV`d)x8(r?+q9 zH~+YDJ^s<-_=-98Kc8*3`F%*wZ=Qu;UK!h3rp@y!xT;@1JyFrrxBZXMuAOt=eXp5u z^RE6R>s|fVN~JyW?zz2OslH+I$_p%OvKAcMQ*4lZmUVx=$k)&3lvXHoRWhk&X1`xx zndlyV0#W{H>z(}n(C*KT%}mcxXY>ClR(bx>=J@Is z{ylGb1%51S2>r6f{9zc^nz%b>xvTq_9+;MX_-m_QaQN3$ot*4--C>;FyR1)4_j*#q zI_uKP3kF`we;O*3&dsy^9kF3U`?Ws5KS`Zk&mZ67+oiU6by|d!qUxp64}TSE`hR^6 znq70d!Y1uj-_(_#!j^~J-QlciF8z#yd7e>{D0jGrUCr6Bf3K?jKiU6(XMCsVdh8b6 zH)d{!EEcRO@VEN&qEv%P)pUEJrensIEj`aCWr(~8WnQ+5;o5rrxUWACg?)Ik*uOC6 ze%!m-^ZFOA+zQP1{_pAXzVg#$nZ=Pyjn(}&6&(!<@YgeyqvDm?C=fmuiENFU2)70k6!WL$NO!! zbv(MHG5w>CfC98-MMZC=GI$-J9;_!J#78=VroElh11xe^vEpPZ%Xt8}CKkBD$% z+VQEk1zVMN&##}T`nNmtZHZ3j+--bFHY>){Qr!=?)W<=&*typHJ`X5``W8N z`K9l!b4AZzJvB};?d-YkTR#KOg^O42OPdjD?NDa_pQ--u_4!F3eiTky8{w55F8+Dd zN&AUEOy3KJ7&lCmsr?rjmVdi#Y8L0>7MBRksfniHEuk;kl&{Q;)_#_;A1(@nSOq*Yx3Vy)bVX! zYR#X^@#z^wYHQfMKCr&Nwr)X$&Y9c)7T#6&)O+{*w*I@dtEEi#O}Mim)3pDsZ9>Vc zRa_dqkB`ilJIi3d@T6rfO|k5JvyMeB%s#E-5*uK3G9~xh^bMOLgilK)bz0mqH{RS= zFo8paD>3p%V}4P`QU|ZV-ln5&ip)nRT@zauyR&8TalcRO`#-(*>F>Evz>v7~x?6Vu zPxK`hc~9*e)oG>|E#gJHuK)a%xGM1aw%bKd`DR`6y!X8^{-Ln^Zx#1%Z~sfy9Aa8~ zxGYQef=5xSQq-|Ci!yrO|Frq~q+H_gEM(m3 zW^N*s9u@82@$K#1<5#c8at9TC)-|7eUi@a^)v3JIA%FhW|E%qkxpDk{%@_ZhzprdB zEN+h3oW>}>Go5|^r@q%a%8t8D%H^(n*7Ky^rl!lk?x&^Pk8hK0e!kKB_WtJK4-W+D zHgZ@kc&LA3i=BC0+E(G2`R|vOHc#Pa3d!tqK7QV4LlLj?;@~@_$7Or`dfdZL!iz!= zhIlWV>Wm3r!*ibZ|Npi5$!R;O&Ph$Lx8)sD-I4HH@czR_TldOG7d%^XgXeyT*`CwT zdGh6~z_3uk)NWO;dHvV8wkS>WGqS4S3s@LGDf8^rtwn1O6g|$^o!8|0R=rW^!nIq6 zVpehlDO`+5OquAic-1M_%q{DC8Uk;f(Oc|k&1bmu=Y`zshDB)|<@YM})xXJQbQn!~ z7O|vN?9v${@6%6IyesFe`y04dOtxN6mzKC|xXzkPJlT|V{xI@>q* zH_xB=u<$^hz~4>ZBxml73KT#1@Nu_g$n|H<&hD%JR)61IdRw$%!Oo?fA3Hg3-LlTw zR8^ET>8kd$jU_*eCNyooTh9NNxpvQ&H^G1Y-v6hYd)Dxpe&)kvy4^o7%)b7a{r&DX z{(X<5s(wv34$6A=^B_xnUC{*pnxB#Tew=+?`E2LjIaY!;eWJcNm-Bd`n%`M<^PD8$M2Pl zzNIp2_Rn9<|GmCQ#N^f|llHyw`i`{UVL8WnzfQ^Um~Xo1l)ebZDLF584^7`d%QY^1 z{k@ZC&sLu7vB1=({0qxK{LhL z)R#r<&H7pS{`=xjZRgMLFg;Xye%;>x-Fv_DZGNot{-6DMW8>xd?_Hx+*H&%J@h&=e zcN*)BBR3it+wVDfR458en$RMkps(N9lE$PsWx@p~PTAWxZtO^io~F7wsy1AE?UJ`o z->ft~|M{O`@hLHB)%|;}f8G4IW=CIm^|>>1W?F83{>b`!ZTHZr}Mme1FpQ$-6CVElzAo-Rq-1 zIpliC=A@@uS+BApuWj$Sw{-83q=}Z&B20@CyH$Nf*SuVrdij%;Uesm3>yyIfMDRKr zi&^*id^j-qc;%~?lYRPo4Q)+b_2#Mx6>ZR!+;Vez=q^`JmDe{l)B4{fhyR!8)xIWF z=47++wdW+u{*9cMnQ{#zc-Wc`CKxdNusnY6vGbZ&ub)0-uREM7p6kNV{kOd@ATs!P zp3yKQ^Xj)zqfQKkJpb3zj*bI zOIps9`*uG?czt-niDhrCPsGd{ze(hn4)01M$s_D8*S1oG_>X}&aZM#-j z-SaC3H$NU=-t+Kke#+5Pc6obVElS7W$T4I z0nSD?A z8ZwV<-`Dd`&)GXeb?)3hAKL979h2U^G5vbpx3|^~Hg629Y@CX-xi?mS?o*OZRRaxga7Vzx`%m&NOzpyQl9p|D7W@w09wG&U>lDa2>6|M{%mKXHrp z&&B-znbVIQ-}&v8_|MO~y9>@M`#&@*FS6nPZoi9r?ZHmB8{57z)qR=mUb}G>i}2>n zYcld5KA5*xVZpYQ6Wc20JpQXb!E0)09rKj+>_) z%khek#(8Ju4_ofPTC?;^_XV%tSt~x||H&$~o9oK-F@WQCY30+@**jJ(<*WUpVIKck zXy2!o)+c@am9{tqWX%rcmP$MA`eyUfkJGlQy-ttYvTb8y*RCkDoLvol?>=d)Zn|H( zq3A-;K84Qh6Ff!ctY)t(6JKBdHkz|l=GJr_#jwbi=gp?)ZY{_wEoia2QTK69_WAqs zwq$0kNk7c`I{JP@yEF`HWe))M#6tMBUAIPO`8Ar ziTIbbQIR$O)#u+iJ56`?glWDifv(~H=F?IyUc7kn!pzNk9?RyZSEaS>t^US(`{U|s zPbcr$^=C)qlZCbdT&IO}GJ8Hw^4?u>nD_3U_fuC_{*T^Xe7JP_#cMau#t9hRF5nR1$=3|i%Ci(1>-+VThr0~XuU~D^o?mQ+4gOo+85THesf0Tf8BHOpKrqVdFJNw z)_?t1uHbAqr()3$IjLtm!(S%lmge=AzI(rD%_SKw>n~r*rpj)1dm78;KR4~m0STw< zMV%}gBYKXtxox{&BJ9pD?^Mb4w94k!ZP}Q@t5Z{tFY7p-)RNj+4tzn{-&c z?Z&0c&PUh%?dk2Ecm`N37 zZs_4?v|8GQ$WRe$_q@1&ib_ttyM1Lty zte{Ns$2V-}y^k;4yu16{JG~2aTQ2>0p>e!l_E@MwYszuq-I+Nnox9~EBlyryqaKqi0O<)1oL zWo-o-XF`gmxkPLzKOZb(UD+p|Fu4OMO4RM^-!O#7UvM{?yx1(wHd)j{rq^Ju&&8|v zywanM+xg`mKiK$qP2{bU&+9)VUpgrg)3C@hU?#i`4NaNxI$6B2;-$eJu+`N7Ausi#YSMl{N{{MfrN9_IS zlvnrk^o}pDv^%d~5sB{NPAboe|PUVdY=>ngMzlC={`ZrBJ`=`;1L+Z<(ugX|@ z;brDAcejjJuO7Wv$h>9i)(yW`{@t?G^m6^FEsoNVMutQWL*2cC`;*%vg5o`O?42*o zjVhVxVsg&KNV0?5@&2c!Yp!rD74e-a`o^Ya4)brmAkjjL4cX?>)51hH?9+jweLvj79jvCS z=iH2_(=rfSYV)Y+h+vSwL^I7lGZUAnO#c31irdpq9&0E5SbNRsx9L8w=%P}8^}m0c z@06TWlY1%uWc~ja=U1#;`{>y0ZH0Gr%{L}pW_3ND8o0umOEN^nb><^2^DRQDR@)5L zM+qFB)Y=yLS!?Dg@iWW&J;`aW$l&s@2r`}Zy{ z5ZPGK^m=>l;*~2Wu3DwF|JAzE2hVty-bvW&ut&T<^2-g{%x{!Mo2 z>g}_GgN47Wy?>zgyM4xy^+-8Gxq0#BE8*%MSB@lA|{Zru^s`_G@Jg%tC_EKaLUbpA@#InyJ zEr%jB_HPV*IjLY8)A4C4iv%BSJKHwRE$rI$Ng@UB`|D4d@BfxNYqs=`mshuMEIMp; zE&r~U%0!LXU$1@^4G)x=_GRHb>)XG1IyPCp6mIYT`1E}3L{Rnpq_{Fn=k=rW_o~=u zhka!$ic(~Ltp70LgvU`P_Lo1e-eqkHdtn(>*0V|d*pwUQukZ0wlbq|LS5f!*mz|M@ z(zad)CD(+IB@T-$Dsmd8J#)J?D=H&D^T{P%X^Y~l32mpmWR5@j(ODNIRLCb|d1zIr zw)nQqT%HHOI_5)TS%cOkV2~m+Yh!3x3J;x_LY+dJ!|P;zVL{y7lz$WramWU3b;l zem+{hzvFqOik8-nACtNx_ZHgf?|qw=B_(}u)9GKG+(q7JiuK}JDlfV{KD_wPlil|p zzpJi08*E+vm{E4E@1B>}rhnR$t#^1^%|q=ipR8A@Rzy8KwrYdZIi})uth@e5vOHue z{E-uypnJ+~mukj|T?Joa`ciHsSA_|d{V~-};+xy6nDuDU8o9Wj>H+vAJ`Po=v$J zWo%&OcxB_qE%y6wZ{9Ln{(i0e^_*KC(XOnApSwlw&63<*Zg+B3XziJ;&fn@iZacQ+ zhMdy25C<^P`(|O7#3qWYPp>W7RrXItyBErbu<(f0yIwS!CuK9P69O z&%)upKtzMn>*pt(>E|Y$PFuOsCxP|q)pw`7tjyLW{+=Z|XU?2QFN>9BD&7>n+yC0m z?)OXU&ZCP=wr$&tIKe7mE+Ssd(X7 z_u=gOjn7ZsJ#!{4fa%(rm}A-b_l|Yz-|xwd&ak<#DnykpPl9L8+yu{Zb0ZnfmbjUL zSLSSdvU5?{#%m83NzBu)I~_f_)&BV0lbQ46P8AgxoIY8cX|wmn{17n)Z>QR&DVduO z@0zD!T9|!tHj@*V&{WYiF`HNINdK8L@8ZS4J{hZ~=bE2(>Rhat^Q+A&D=TY*Z1uw) z{in(Y7U`Vz645!XI9qAz998ARPqr-Cx3QC5{txfh(ycyAeYm$E$|P}-X)QPBEL*fq zYSn6v+h$JAW>Z}m4l6HS^Xf%{+DsLhK7|&QH#Z`-`MSGHxA%S9Tw~^2XLj_+2Z^h^ zy^f7rF4VmV7npmB<))9^!aGhueA5J6loGcDMNI1r=$aCA#bu7GtKY)8kqZt^I~taK zdQw8!t7%DTX;5fn=j`)=u`?Hxr^@^4>Z$~1 z`hDXs`fQ+?qwSwMb&MTbsHfUKhHZ68O98+;n zmE*MLQr@$_b;M^+*X_FNI&H50jP7IcPK&mreE(>||HgOXxtE`R6@L<$GdpC?>@%M} zT#no|+vIxgnuYro`EZEG&VJ6PXZ=t>H+SupEn7v(4W^$qHZwYPnVtXP)7Tc>m8;e* zTDY$M^v<*pXo4EO~$=ZmsE>`~T+0x(dm6{)C>-}L09TSjX z{L|!IAvbf5yM+Nl;3B`njK=ITnXW}PJ^eIm8^#x|E~xt%fd zx(YZLBB$wvWUbQOY&(fbbV?iRgu+-YWx)^w`!(EG&m2fNeW@!#r)_zH(PTxr-XD*` zR~|4qExyRCNk(kj@)e&<_}|?)9bfzCf581KPI}XyKA2}a$D*pGz~szc`=655a@9;z zzMY@Rrdro`Z2^mh;)bc;^j$O~Iu;AghOGs-cJ*Mo-H*Ikvu0m7#QkXDp9%6S|K9)0 zwJiQz$TXLTNpr%EtXg$&)3Z5uDp&64{^X;3f%Ra_o|6K9($$#lD{ChGEB=2!s>Oef zaLvzkhU?#1s`;>t9H$tG0(962ckNO?+6JAogio1 z+~e9^XnUzpz-iKVBOjjrOP6BKKU`RRWR8H=d6t2+>0EG zo0og~`U1$XwP3_zqTlXWu8j2@1U2haIIqtep;wi#1 z=~~313CeGFyQUXaE?OA$d&`8zc}M0;hjC;nDdw#GDAOIF@r2u-^U&3ZOY{A&20h3) zk-YJ9hW%{4o2QnB$9Au-W!#r_SWSRQlePZKa`^|+@qdKkf4&i~Ihg0&aw&tck3n)q z9b?YE0^9k&F59b#@iu>JvS!>DA*@lK?yA`z9xc>zgxSc*#p2BwLy6C~=Zl~FsHfI8 zKhw{G!$xb~_2S8L_iI&7o>}wVzNl6+xA6Qro}YW3T?#dAXrI4*&kFTz^=oy~RK#@R zgX6t@YjX>E*D6>VAAayaGc7$W;85D%UsrDkZJF-w+gG%yzGLmzvqy}UOW2goy8D}7 zSt;~c|9xoH@nMhitl$rCO17C9+uHV~M*iS5l~QE&`t@$FrhlMd{{)|=S;TW9j^3PDIOX-mEh`(3m)k`49MWC(lI_3Xw3bhK5sbX0ThE+XHesWN7snKl z8;RL*w?7}6A=9d`?k|T5t3{u)-D-}biw_p5vOoUBwc_y&3nzsoI=N>rdn}wdFZ|1P ztt%Ss%a=v&uFLgwnl%33vA=5*~OBm*vFX+}>vBzfz4LeLwWH@9ULSI1 zUljSfD}1%nPbo!K(NIyH_>Dci;<-teTVHQ@`{10rUH7@vLfZ*KQqocuh8454x8)h3 zq~-}4N3UElx#+^`#PW7)kWi6~o7(b~>({EutWB_*x@_aRTlxI+D05ES6tc`J^lZb*Nbd>kEyLcta1C%mk$=Q-cbjOxYXAz`2TEH!rAJ5f6_O4={&QG z7q}w4dDi+rS(9c?`Bh)G(so02*TT-2h5Gw0Jhe^V-*tT9^S^O*ds>UdI}&3pI9q!j zIyk<*qO$Uej_lsOPl7$Cv>h}~|FL)a{X<>Tq&{!YhYT2jn>fqsMPJ6)WoYYOcDa<4 zQ8MS)EUhW27wezt4yZKT2kj@$2VeP7b7&MMVj{CIN7 zmv0Sw4VYHW`Q&B(`QP4%@WOx}u8Kb{E;jz}e^md++Y9#fNmA=4Y~Grn|6I=fqj7x7 z%0R$Jzag;HH)A{vHkbXmF@ezv;X6@@I4}mwUgENFN&>ramhcoal?UafNB)qmtaz1V2g ziuD2^$B$O7H@9KEUteI8k$%nf_=it__3hRETC>yz@=V{mZmU~$<(?-j{%`HQytB3a zESwH)Jdw8f&zI@nH>JKlYI3Z{wE?*a$93?<2Ls)+y^eu?i>J1~*7TbzopyB7(j}KX zotzd;{gQ6B)vdZ~-LI^Dwdb2lwwo2ErHHKkQx?K~mjC}->nCaH&-cv~u-IskdifxS zV#MYxvu8f!yf7<6rDsZA^%@a{t+TY7P9KRo@hy7W=XvfHGRHO^k#Xc^Ro1!xV$~K| z$5N$t&)KJ+6%%*&W_+p1av>-fG#L}&q|mZp*REOH_kQfH`8I#w5&rrw$}9fjJPZLsMq|;$8&Fc_moD< z)^FH5ZF}zOv|9fkd$tvRS@Z0{$~EV0JGM28~@?_4bO+0rN1lAocp0Lg(yjJ)4uit-vC_bE>XKKFv!^i&GDa^mW zeVplE&$aUNj+-LeL~`!!n6)mO3RoOYQjg4(ZcAi_C^3jYXtW6sd?u0<PrTO>*@2QA7=9O?CeqfS{bX|r@G@` zlZAQglm#1u6k5c$6jfhQeQ5H=)5z?b-Ts7HY(S$1;%fi z#}W2zlJFC?>UpOWIK2&PTvP&CRGm-83DH4PW~mUebJa(TfuIeBr5Qeex5 zu6aHj-4icz3Uyk{3y_hu@y?ItR+tc_zWjJbT-I@ zXn5_|+?y8O1J}*Dd%0K6{xc%v)E$@DYG(4B7ez<(P z`_i-fET5)!D{^RB4caLw=)=xY;iS4s1a*=T$!pONa zHdZs#t@%LmgEt(pYjtlp8ChDo)`m{i*XL4m<=FD=z{ZWrf_nFh7~Rj!IsDmV-t$LX z-CwnLRVKZ^{HFd(;T@kgC)FFBNB<;V+BEZ;Zg!Y~p{1{ejFUIFX7j&m3uZ;l;N_jw z&Mchacw?i-`DGpvW)}liMC{e=3~g*baP>i@l&FPfbf-jR;=_mO{MmvXQGYm8^lzM6 zw{UaIl9ZgJqP~+s2bV{Ac1Oq6vTxu2(f7}vgU5HKANOks$k6;-yIsYJ{aWH7H*WUa z){7UpGIG?n?BQR%ic9BqeB7@`;T|Wi{9q~N{pzA6D0XV-=B}oJF)0lFn8;={2!sRzwa{rxHBbuTA=E)j^9VqritgizV`Wi zr`z+*DM6m^DogmK_39`7k9&UZlEn6jGd;Jw-c)v1s!z6R)?5AEGkuPQH1a}wW^N4o z6*_J166Q&HK!n0fh&w;6{|c}{sP)Y;O#)NJ8juQyMwn0yuGTq5%2TbY5C zZS$pBIaM&Xp-Ui)36xjRLK*0LTif4?aI^3fX;n;5Uf zG_U@tcY)(=_k+s$8wIR(Y&0zYdwKEm@V`?JEncr1qBi$ASKz7dXU?x!wD;VvxuFky z!UDy(Y}0RZTdz4f=T+IqRKxS4(U~P?C$H=bbZa}lB0IxP^G5vx1?jMFNoSW`_{o#; z<8k@^Zu314bNBpc%ihpx7S9F^bI{=G`xcqmrPlTm@y*Uu+^WRl;=C}SZu^yE zYnJNRO=z0Cyluz-4EwdKt5!x|JgCnn`}p|oZ-sej*TfG5J@S%PRIP4z|M4)GeaDwo zr*Bl86piS6U$Ex1$=v)$OaGQmU9@Ulqkru`Kdq`?JO29HpVF7V*{aUEF7>h7p%u^4 z*34TP(aW0!&wdUhcO!<)#sbYuBQH8SPsG9i?)J|^mo%-kF*{yqi{?gi(+qH3*womfZBa@!~mI~SG zdUM*Jc|Q((SYx8E%VqA}vf#)52U3DlI_sV;oFqKQvS^O4^tGlf4hJ4gY+my|$9;!h zRu$J;k=oPKKegxYYffh8->~Q~VrFOFZ;9^f_YW>qJ|4OAkL-iW2b%VCua(Z6F=yGf zU9*0_zjyLe-?T-yE;@;K=Ph@4i@19GVfve_7q4F>Jb7afd0knGZ}LZ*IU5f5z7E^` z`GDZ7XsMN})*t6;-*D(*(${crMz76fuKe*;e>}s=Onxif4t}voYvVPkB`zL~VY4QD zIl4$$L2RaYrgC@ZK?PNQd27e-x0c3~|NeSop@Hbsz;*l5xDPuow)wF7{-*5rg4cB4 zs>t*feD7p*Q(yif^5XGmyARWMaGAvyaZUR4k{n<-)?~M7-m9Ss@k-h$(J;{m%EekfDTD0-hvnILv z&YstXc5e-5T{$8XyKVBN{9^r`rJ}dbT-35yXS9`ffyk534_dk&g`f9Z*ye9okkY_A zJ-%!9X~9h_f7!nW7oJs(@Otd)n|Rf%VN2!H)$u3S-}_RwEoRHql`Ca={Fa@a-h^nX zKi3Y^aPiGGwVJQH&7r@iH#k1t+ase-#`54-@m!s-do_hGyVtG!m}zxwEtk)H6YVOi zAN_yZJB}|p@+ipZr#qPI9d-u~PE;`W}l z?)AH7)%T-{;65Ief#79oi?eN zAGfZZAY)ZH>8b47Id;}PB28_-W;s0hQF^-R$Emcuxm(32?PHKXoxU z{d&2Sxo+n2MZ0DlnnG!e-AsdG!m0*%8y?v^ic^xXxKMi|f^` z**kxnT3zwr`u=Bo-~TrN4XH%uRdPP`I5EA|$l$~!$JzN0j@jO*pQ9@KHsWH}0@JAJ zCr=!G^5)T@E9M8HcC`J_KeK1rqN3+r4_KY{{MlP_(^6Y!?&(FJE%!X(Sr9lm`N{IM zf^;>(ZAVTo-KZ@1C4@`Td&2qU8(*zjvGZNkgv3kB**d>{QT*^HtcLgI#KaP{UTfoH zH)X$1p6R>!&o1f6>fg5y@)iHNplJ88eEtG0!RO1%@1E`rk9}#~ zr>E<;2DE&eC9zyB=vg-`eQa4K%eQ50e6sJKZ{ohr zDCD1^<7@EoRrkJ#69)_5C~WdjU@h5Z_W44y^@_O5$A3IA>3u!z*RjxPPiAdBy|er} zdCuc_Ya*G`_?FP~j>Qrg1q^|L9Ed76TX&a%&y zue26NOw)NI8Pxn*Q_iMj&bOy?b9UxwpVHsRmb)dXuSVL!_?-Cvx5q&0 zrLz7f7A>3{wSlcTsxgfu5zcveV6k;JWVP{bImNRBwgJj z*Vec#EncDgd*k(-lxNq!3+%5jz8wEw$mLLvyp_k6@OA4HQ@0(al(2E$cMmLS4 zC;!#`+GTBNYjkR<^!0^JUh}xLmPciO+G+DK)G%{6LqHPtrq0z_xr4W|DU9-?c6>8o#hvQz?e>vs#ct(;k4AvQx_R8D9~?*`|Xvb$gZoLz2ra`nBha&74% z$&)=dS@bO5Bx8B){PcZ)O85O;|Nq>Nmy@q-HBro2?z8#dy9~vR9S(ZeU#rTeJL=@j zySD4T&umo*KP=$+uUzSMF38Z)`JT`~NNf z;8%soNxzKetL*=r_{rafYoWoSZF1UDic5-Kc(9mHZi_KG@%mH1X5%Hx-8|IOGwv7Z zKD-sy^3*+p^Q}^=(<7m7*B{5v|7EUyef{Iw-F2-z?<7`iG%UH7&%A!kx@WcZU&=ru zdeyP5KZ{^xq>Z|v=!5iwOjWzAFGMZgEO~*8HDy!e9G8|k%Q;*hbJ*BV+ODw3q{q+a z(v^tt8Yh<4o2w#PCcG|ubVV{uKQrpXylkskmbNCR?tZs%39aSbn>{U&vy&?=@nYBX z_^ngr|NgOy+qQAN%62A0)hY8gW^-<6Y1rd#^JYSLt7Vj<(fsuL4+Pd%d|sPyd!NZ> zo%$mo)vC(c{vS^SyRTfg_9_3p@6RJ1O04qv@k+ruoONre?y0Bq9U>;VC^;@#CUtvT z^KV_L*b;+p=Qla9u01$ye!Y%DTV)$PjU!tw`SkV%hQ=N}dC>UF*Amu6r_42lx{{i_=jfB9}e_$J?LQY%HKiNx&9R6Th!^4-64{t~u@T#6z`859&FuHAH!^VBoHzQi-@ ztvefQkhajqjm~28F1Z%2Yk9UYxp~hM(c2lXvfRA56K}RCU7U1MNNTOAa`I)HO^-F# z?f8}DazcE+7svmKrulWhH|vDei3;=`Uzwe`Z0+jqS8Z-Nw>hsZJacxZiu>Ok%Gwdf zKK+mFaBync;-Q|tFKYCtf-wen7+ilex%2 z+tNvA&K;jPPpSBcM%I$~C%T@7g zSX=R8p?gG7^wEivm+#E^t97WaS>TrWE}^3waecDZp6@@!9cq;fRSXdNCiiZ6xu0a87H1tSQwra)!*IqZJ(cm($Xc1)^*mHwH9sOH%F9dq3Yz5 zCjIX%k7VEbBKD@>Ouxn<@qJH)!dN1=Zj9*p^-OKms_a6ig-PDq#2%GKkc_aa&&sUr;42V^f_s+?}b)PFKJHwt#niV#a!d}*3V^+RK97P@jFH-X=A#A z`?=b0yNb?zja|K4>TtlEEqXOPi)O^{$u~HEPFXT-^DN=RUChmva`uxRJ^8>9oHu7< zkF$+Rrv+1Fr017O-W@R;=bkXVJ+budjg^vjs_XmiZ595$PX6)RKf3caY&4JW>^VAN zYpF^*+l8AVp}DdN?FWh+ZdDxI`Eh-)Y)a_w`Kbppd^miQy@l1;{f!I$aGb8%73ifH z!#{I{gGcwORbG>VgKc*H)_nEqmE=sXS^C`2@yx@;Y{86mY;Nb~CEvXjTDL4OAag25 zpN!q9u6;{WCV6T-7X9awe(;9J>qR$amwpZjR|z;YpZ8l+>IU7kJ2t0xMRh+4-=%kJ z(?qR|&Z`#!q7P2%U2R!Z*1|4V!?RF?sZ~H|t;y@~uSGwu6cpA^ou_@t#9)$7V0fgb zSLU}lvQHz_4u3QME5|E)_MnZHg38L5oO`~k*>4@i`u0v!hJ}}jjGEATF0Io==WL9k z6d7)B%*@MPym4!9fko6d{#_YHU+*7Yzv^A>AH$qXLGJc|dG2=87q40;mix2Nw>4_D zfYee~Pp53JWx=gyS^F)GtUIpj>Ipx%(Uf}jxjFlv2m2)D>}~qQ{5=0;#on2Btx4A1 zi2GXbtt1`kXPxz4ZKklb0E;!>-LyPC*M9z!g?F7#c*v|?$NJ&GQEAM1{M-+%H%`#t8JGMAm1pBQfr*`n(h&9{!@ai_q%Z_$rx&5Jk>eUrcB z=<#xU#^SEuzi*lEpI2S~+hVe@vBugH%Yt7#_;tbQ!!Gkbc8{O8WqMgW>plbulf2C!c0!<{Y^s6{xmsi@?zniwi6sZRhs(atq~HG?C-w z8t>v{<#}I@PTiENvo_Gkqf=DqdfAItIgd|un-$!jT)p%C#k-ByH+))}YH?(hY3-N! z((c@i>bg@VJkf36^YlTK*>Uys$`4O6<)kH5H?C=ZyMEtA^SeS!ogY58Zas8*8CT{Z z4wGr$TFW9bjAr)K3oBUcJG7C*CPwSo8Af z=bGQ$^Pk_6UUytbN|WVg$fSZrT!AZG*f*b;6;v}(@4m-`z0tR11J||w{TUIv&Chdd zk)!{QKmR5yIlO*e(4Q9@IsN=AcC5O>W^1_m$46n$HuXD4`>%E>Z4&md+43zTW6k0{ zinsUv7q77Y)$cI1eS&t_!erIt&8r@_&-i(4Zi;%_%G_*jt=(cyULs+Jv%JLnqPatE z?$=Bc{(W4Qt9|F!zU!aX&i{92|H+3tSG>&J^8DxgYL!FTarNxX&C6G;_nU#7Ym%G3 z`luiC-JE#Wszj~TZ>d0(v7wDmurqUepKSW!O-uj1S%2*x&zgV}4jvgSou@1|zZ6*) z_M`VOlm7cl0ny%Ovk!SKJE<+cQq(CshH)C3e}j|pW6rdq%y}|4XDf`3KL7W4`J9F5y&V6a#vnwYwUQTeX&9}a-ch_T!THl0i@e`LS zRD?`WeDi+2DoYTz$h!Prt=+PlPCohMaa!-3n73xf5v3!-oK6o7E^Tr+HEGJ#{oX&s znkIX-1yniSE)I14Jh%R@RCc(&x?J}IrH*4sOD<=w@h~wsBh;P#Zd&f*guc)kJAsp* zr|bUTTj0E4rP+~Ne(igie}3MT$2X_MvY=>IL`1;k2`NRhHqK1%5BlV^)#9Y`iVStr zi!!I9lSLL!{baf6{=Z%Gzsd9p{(X@?QP#HNrOHbA`sr`(sc)QCGI8~ag&P+u7c_j! zPv~$e3%hV{&D3L;c4bV9JyET<5M8-Z&}m)!HP8UXrnIwK-)w6q z>=HHI=W$6Xmm8ANE17mw1|5$sxZfW7ZU82tm%T5aw zm9ET+t~smkTlC^(^PeZx_a7U}|MrfNbmHv3@wY89M{yde}^ZtLGd@3s_^8KD^Ti-}XK2_R!eCcYTV!wsg>qRV! zuGydB6<4&b{!_XrP-y>mu1nHpll{+M*s|p8eA8=nQ@15#q;WQ0y0qT4dqHU2^m8*D zSamP#((%7p|L<#lwQ>E|^!lTl&hb@QSrxdSSG;ZI80B&LQSSQ+?)Np%|1Vm*clPDU znV*-!nid93KX#sQ&7OWSAo^tezX$DiYR-!8Xk1}Y_lV_s++U@r=;(kTg{|?bXR?oe zum5b2{@HR{+`gICd3XJivp2`fiZ)z2YLlSJdh7FyxigX;e6eIZ&r_UMHtq3CndfOi zd%pPJbG*OG?t{&~f353_zt{3Fexo72=Y^2n-a=dX>i_PUd25#M-YdCOWPASpCjZ*^ z>3{yl*LFns+Fsh`cq?NeXQrrztnZRj;>Eix-bqlm+2E;IAv=so)oRO@kNx^RQ`XWsJ$`+?PF37e%M8Kk z8YWCD|0G|tS}{vIwv4YuK1kIo?pANE?w^m<_s{PC|9Se)!}se&r!u{H6_v6zf6une z!%^$@y^E5odcat9d$*;TP3}G$=wf}I|ND>aaL_;W?5ekTi`?$%{ zPtLlHr~O4n_VH;sM80c&LKTYLmrXAEJY}`wm=E z66p`Tf5+qfro6CqQRilr*5>T|;`C~k)L*XIB3G_n|J=L2cDlCS?uJ*hq!xX&5Rb1D z{Qu|b`wJKEIE1FMPONANc2*8Czjpc3PL|wOriYK+xfS0e@%THw;Z$U5PwNfqdO1;$ ztzS+xF3|ILm))Y!P>aEktZY0-j9FFvpNVkhmmG;j(_^}Vg`y88N>(CTcBT|xeSK98R5Jy01nZJS)qo&3+SFAR9Q zcRT2BTW-qP9qN5(&g_zzek=cf%w88P_vl*g>WwKs_x)J=^q#Fft3&Hyi|{!9C`0R- zwvGRiOZ48mMuc5Fy1K&K;lu*jyZOTUva@tT?{qJF*r+JA^m*w6p1T+BoOtm=W&fV% zae8t4`HCXvtdiQ0!&30@Sm~YLuh}K#q?FR#&rWX#b)P_y!|~v`ROgDLZBtM0e9`oE z$4SjSIn(0*J<2Py**blq&#YT6tnB{$A1_>PuYB=>Gw$!M=!o54o#Hb(7VOe|!W8~+ zlEB4O|LLjkUmP-G(q-wa=y_lF+r8xbmf-ks=QW#}3RF(9M(aJ$j{hfiSGV_wP+-`X zvJZ3R|2289uM`Zr)%bFvPM7^s);K$NySWDoby5`K?v}I}tFz6Jkz82&GHBIo>Ayc8 zHARR_icvehar5Oh_e%s>euu8v@y|T9YrGH(U%5`e|IxGV{ zyM6V=?KWpbY}#hsmCEVY`|RR>=c5l)zlu%2-XDDZW~j)@*5t`kucpY=vsjuoT3emz zne86xB4NE__BGMk8?8Gu15e55asCUkxpHT6{Ie;sTTWf;z9%TaG;QsR$M5Fzuw7J!{w6keR-s*DC3-ny&^B4R-CuK-?TXP-R}R4 z`#$N%r#}DJoU@~Xd85k|cDdUpliB$S&u*RmY0~sK@8g^9E%+2sp!#qBo4u7YVp3;* z|6h47s5-Pf{Odmbo8S3vI(sPSByz6q*wN6X^ypXLVm`h17RKvOcPwgJq$D5^;1F;# zgv=4AiJSX}D$@|wC7DKduAjenc-x_*oD50BM-+qOldSIwP%(WUL*jGyA%iJ^^~msRel zm^VMFY|Pe!zbw{@BrP4H@%xW#DU(lf5Tu4UpJA-+pjZftCSS3jYx^J~kVx{`W^ zqw83|SMEKNJMXOW{yqFx!#f%abZNX|JupbJkiwK|4XZ7 z*>le0|KnI9y5^k!c*Ci2LQ0V4zLLwwBTd%Ne7QMI`N$1J_g}jLj0&^T&$#UPYq{{> zEA910*~ff-{rdgmr+@vqOGmjQHb1LNQdahvZP=W7d3kVPXtN1#pPZ%B>5XE)c2&Q4 z{rdPBi3%Gzk(IlZ0 zDHVUOmY$hsD;iL+yLM;w@-16fl;=KsFmLV=QFYN<2Vp?)K>c@}S+FN>tD7hXIqu#>MrWT!uGOa&N*fGmpPdS;{zP7ws2Pb`M2@bgFjJ$ibeaI6aL<| z&d8YMQRw<~hQT9!@dGy*O6|D9{GZ;xU(UZfzGB{j>qjRQ>nkXWX#ZNZLgwz4#!h23 z!8L1KGm_h4`2W8WTvzvh>lM>0!I5#tywBVFYbAer*dKTPU2OG^uhI9Hty?(lR$G;q zl3>tFo~c(&Ta*Ra+LO1)*!#Ihs~_**YH;Cte*jC~?xT}W%-?r;OF7pLR^!(;XI5Qa z!SR}-Gu9J(){lDJ8Sn^!d&Zcht{S%%( z*GoSc**$Z6ir~_R0{Q#CXjN}}yJXcG7DKBpC6SQz>eE>hd?y@gSvfh=vZf`)$TicE z;p%JW(62GCSMMxN|NJKSe1h6!m6mrl0WvV~@14NrXKN>%Gl)2|PV>nt?Xb`7_BO}A zhR;2IXQuCw_1J=olnVbK7n3*onsHCm5 zI_pivGr?)`d%7I{s$7V@W;vs2ecem3eP8#!XK31Pmh)il+31emo=;1o_jOF+vYjh? zr|k82%j}~?yLRnbxq7v-osmm=xxV?G9~)ytL^VB^8+|D$zj*a-?->b=Sx%0LimIwh zS(x_iVP*JKC1>on;Z%&Sxq@+}*_Fq)wV$3Z|MMX3j;rf}-JZO>lRb}|RB`uM>gM@v z+orc?%U8_0;PUwt_nK^RE)LV}>Wao?T*fIp&CBKLCtZ)L?_S#deDk9}#hRLW65ieC zd^fNt_r7`m{6KX6r#GMVi{7o;ymHm5L-Ap)tFN5OnBa6$RfFg2w~f!*w}1Y(TJP{< z?g#5Lw*)QB-FWBXwPT{I*B^;DooMG=DyIc2sQK!{Ed�w|!Ew>XT1PshHqj`=cn$ zH*>=+_MN37SF?n#)P1ptJ>LJAn{7qb3e}ic&p=mJ)>PFBXV#YP?#Nv^j59-KZC#)9 zpr>+kz?I84wf^qR5?mti=GLCM$?efI?6R5kTpw_<=H5-|G;Th*O22&W3;#Fo$9wq<6RVT%G>M5wet55YOlw( zFWY_m`uTsX*Go>#XVJKnaDCTSo8tF>b+q-DW^1?=mRe2~ULNTb9s1IGL+`R@J2Ms< z+|+pf(E0d_7cUm<-aPy3>uZHC9wdh8*iT-3JbI;${_^F!XIs~mSfAW-aEs>T9j|76 zzjWcsfh8*^2R5qDubE~1OrIfhQ~GngdlBEQVsmr9@bO%-$(Jkr`gKOzlGU5LuRUH{ zvaPh>&ke&z8wK~+&A%!f*n_(5B6&>Gr9WUtHz%Hn?h^;wVl@N z6H%Cu@_4cH-McdPH@7<&IJ}*5lI3tK$KBke7TQd~8+*G&8UsS5X1^+YX{EdNZAf_d zpOaOQr`MP72{`37J7@PI^Z5HN$;rHO+q)eC8Iva+>AEqi%~K`DA-B|0`u>e0+ur{6 zSjzis-p(0^PI-ykom#w7uHH^5Jtx&w=(By0K+u9!Tyt#$7adminQ3UO{^p_O*t+3&m zH03Y2SE;?@_454+0Rbmkr>{x+v}NUst_R2Me;FQ~Xz=}hwLJ4*W{%Lri<6FCxn{m# zcg&V;TME8h5VW%1_2Si=0|q=Mq3-1`6|R1KtmATT%`?~io0A`WeWZJ(Cxuo;s7+vm~fw`*($)%(h>PS-AdqTz0u^xk#=Ka3-okO&ZL)1^*%*4fLqC$ws zvdxRT53}c`wh;?z!zf%}{XoKICx8*Q$ zDmTCT{)m@VGc!XWB(6`6;}Ks=$Cc~GnFnp8o|^@SL^>9xN^U+kqx1IblasH7EuQn| z%k?$JTP;E-H%;+4%D{8#l=n(K{fF;v=c!Kide)h-d+S8awbP%(#$U3VB~vc&`tQo$ z*98JXx>z)v9t4U^YhzjyzgtYxx5{5;ap9+wfUS2tjwUJBd}zM@sAzZb!q+862M;*d zI|cu|;cH&_{rr2j%txOqJNbC#l)U!7bkgKEpKR)>FPd}a{EH2WJN0dCbi}qKNewOD z-rh5r^L*2*-Sg!2_x~`8-}^NFqUqFGx1!R{%=8UR6x^J4KIz*YR*kMh=jQH?{Qv6p zp1;?u-`w0g|KGhjpU+DUKfTLXtEuMLf7%^`^z~??{Kf5 zKhb59@9l326IKYF=@U*^vbJIKqDQ(K53KM1D|g!+o$<-aj2WJN`xyT1KR2~|xzS#m z4u9sEoytoXJ$h0mJ+3Yj*3npyc1mUU{gtXUOBeN9s&G#fF5FqSEosj(PL|p|&u^W+ zv7t~pfA2prr)S<0Kh<+LZu-6J$EDAfHEX6OED>0kt>F|95a?N0%RF(H71P9|mfPK$ zQ}!HrvFGoJH}j_0Ow@a$kpHhTCAr9r+554-eUC-y&bxqrAEz$cexz&>Qw8zOh z!*^3RZks5yq|<=cz}MxQs_Lptg(WF}z4Z;ZD>N9Wu1Z`W#nxLVZ+&fl-@08Aud)t@ z2ebs3ZkqV=P{9oE^?Q0AP4akW!_LOG^Vh7^CztTtDOE zeUIo)`=TEflhu5WnE3AQ-+U(a-DZD#_ZpRB7nR*#zIyRs=koc_8mq4hyzLJPzR$t2 z=x^TI(8O4EAw?GVe!0ib{OhFdE)9%~Jv(RTS)JI8bAEC^H%xsM;+AZ>+`c#=9#m@I2oNUCf0qwkYDlRpu6S!P2QFN zd9Mp{w7!wLzo*)G|Mo3^XP&sn{N(<=%JPK*3o_5d7m68+ojKjR`t5pF4yHPNz4h%C zMy*L+CYN271WDB1t-L9yby@7(bME;&C-ya4XKEB!`bV=vLHqyLe-1BmSU<~trc1u{ zR988xemSKF-xpNdX6Tvc{{9{m5a8e$s_L}4&4cS|*Sx*nw(oa{B>&zXGi&pzg0ov! zS3cTkzaj4}+qC(cSu~Gmc5YZMeE4R|%|oAxd=@6p5(@o&IU<`nuNl{~yUMaaWh?Hnh6o zt~S{%Skz=Y`*v^Vz|xTE>{s8ix^7mQtfe7z`hX|b=_B5O5;^&ar`xvw@F=zHlDY41 zUid;`Wh396U0ns$pRxi^x~hEcUFLP#TT@s6EbpP^_SM4becOXVqmM_X>poQ9{(r{F z;AI70E-;2npY31sO8CyNx$ifYzAl^f{M=bxUm5$dIeT|2y_n?{9xnd-yX>RO^Z)a# zTE;wW#s2s2Oz)I@KEC7qzW9r`%^eCeH4`q~yXJObX>>PpS7>ogiqV}P7o~T;+r@8G z`>UkvZPf8n`F(sX3U)?b>FL(T`(%!Ls2B)4m&n?=9BfpWdUfg&Ukxrc4IS;Y^Yimfzg}ryD4DyaQ*yb_a;tZ8C${-+`oys5Z*%H8(aS%it)i9Zgm2VYdw=gg z2FCsT@reSVO#*6{LMGHQ2L$o0%DX;0JLdDo{*85i-R|AnH`C*B$uFZm<1Nr4yt!Gq z;s3KKqOBiTMStzCz7W#;B*EUvqsp)35&zGXD^{w`^;+z4A!b%+v*xCY&N_lA+^mW2 zD#c0`(Z$-TPP1mTc^XZ8HfOW==Qo?zf4s!~+T#14&3=NHm%kLTnYK`iwfNcDM;{I@ z_L*nZ7?HygAGmO;Qgzqr;(60VlbbB;Z>YCySX}?p&G+VuEvY?IeU4aGec;&GsIf9+ z*1`&={i`lH%<^BmuVdf5IHOLHOD2I!T*B8DUkDMMzU+}EhY$yghOX|yeXF{Dt(=@O z$Fld)EvuTPQy+X&^qs1!zu)1=(#Mu(ZFG59E5Ci;pZcnW?aG?RMc*bZ$z@kPX{j{d zhGW&Tg$fmqd(AD1Z$|3GY?<(Fo8Gkb5qUFR80Y^xbGGK?=l@4k!{ZLRipTrJ$Lp_5 znR9HJ+M%PWYi#mW`~N;GTp}}jVd?sHix)3$PM=pPsOkIYWJ+G3Vv7E}k}c%{fw8ViJzZaQvf=X`v-Vr})+6I=b9 z3U0Lucz?Nd^7FTH)9viB*E?96IIgm$aj{-L#U#M#1q?9#$UlBG{cQ4%*DULE?w@tlo<6~AStnm_P-N`MDYM+#*x52HFE%$d zDzWT3?YqIC#XhJdVAHuXKPPV7_{!&XIkWLxwQKj!7nDqR_)wy)Kv0Kci%eo9A_mtRuzgMY0dAXUO{Go4aRA6fXBoCgLv0~Pw?RPUJ zxV@gQbW4<0x+!R9JbQxfiJra^w;(H=l1*SwHJS6@wfk}!v5{u;$^#Ly;~Qzr_R1x zTtDsev$Jc~ty=Q5f}3$Zf4!sP3afU0xrD1b(>K@ucg&KSU3C5L-v58}4w?LTe*W%} z&HZ*~{>55%e*3l|`+D9Y@p-3ziqGp^^fEGYrubho%cYC%_*rl7YCn2|t7GQImiH&M zmA7?Uew)#IHzaLd+cu?dS`#FCgCm6;cZ3?0oC#r5RB?-!kJ^!O$H}!Y)ztpiN&cU2 zmfN{cwLBph_`;@A7B*5N!}w?WqnV|%EARhti@I%fQ1;Q=v(lOJ5>HPoK5t}UaNv`% zc)`1_qY@u2+Dr_EIE`W#_k1fCfg}w(r4yLgDaPP^V7whG(<$)HCC=X z`u6k9T`olzRkbVs?F_Gc^!7R>1d4}&yj%PV-esoEaI@f1XAFuM#BR)$Fd=Fa*yB=M-YDa^TYrykR#fY96G2Jh}8VX4-+iZX8Ty1q_ z-ea|I+sZG>XfDy8tM=#;W2dGFPpInJRUvKM8d|#U8F{~(j%aG`7dqV+bxX;jp7FtS ze%n(=r^ofIO3g1<-mX>f;s9gbzbEMxUna(HEchrSrWbeQ!v%r3_3aDyF}AfOEAZ;Y z)Ee&p_f>gK?Z3!vZ*QD5eZQMcgmwP?(|=mID@)&=R#1)Jo|F3Mh?SIUx`WeZOgNd~#;#!7^`ZU1QYDk= zQp)hq1qiE05Gtc!eG(5W&cvR&tJZV_4OZcJlHRKyFb!z-*?*|8oZO2Z7O*>Gvw+uLlcRm zTNcfE|NoDm+LiE)CD&YP;&>O%kkH`SvUNh=am`gLH(pw_dFz&ji5-`#9w;nc%;~i{ zn`8R)MI5Pn90ZvZRi4i+7yEwiyF`B8oimG$e%>VXE;hT!F^OY_!OG5U)5>1W&g$gt z4T#8UST@hBR%*?IbxJDBL^QT7*jOibd$;AR2krkq+DbV)?kl=^^o1m|Y4Q#ED7SE> zxk@)LyV^*(N@W@?_e?%}Ov#Yv%obBUO$p;CQc_1m7R;QKw0-twX>HF`pGlXcEDIKa zPV_#Mo;D*?WYK~5=_Zou&ptl-T6yuWV!+kHMc1cXi#Qb%wf#)yp+A?dZau&Mz|`1?`TS@7_`h5ai?Xd1Me2U8jxSuawe{dZ ziKS0dEdyVDt;)2l;%PYdt!$cZbj$hYsTyX7o^3Zb&i_}lsM(oiPo9d_Mv&U2U%p1V zCADc2z;Kj^V^ZA%#myU8*e4P5VqD$K2!4+ndO6Aa=&EcCq?J2&wr_lC#Yys!S zk}gTrr9b{Unw)k0e5v@x{!(LqoBt-ix8*-R^?CY+l7~Jbp~`Y^Su=woLQ{7N&7O4Q z0K?mM{>S`3GUwQd`Ws}dHt{z02#$JrxgjJpgyntx{j9ozD5vQgy=Si4 zqIB)uuIcBVKQ!eJz8~UkC8};X=|J!UtJ2#!xoiGzJ|W!Z<)^A8G1FxKzSnkQVWCEA zH_4Q{DHT1st{^I_V0Xbk%c5&yJ&R%4n#qsPtCy};)t@Ns8+CHmzLYK>t=5oG5!X~d zUqRo-nQyY+r-bLr&$SJlw9GTM)N=Fb)fe_eGV4ste!7@rrgyp8`IAu!#kTpEPl|j@ z>3US~V~Vj&)enuQQ=eAcku%G$njKl3{@l*4q0Bpw+G0o?pw17B1t_O%SLBf?~ufe2k?;hUh_{*wodi&OLrdh|1+kY(lCTnrx;=4SJ6$SGS zAa^9A3l^=NTo<(G|6zI8ufI4d_O3|Eu@DJOz9q>$v+h{Uu0GjE|K$I7e9eFRpx8XF z_xx)$I}3-b5|((4BN;g@7at~Osrw#@4lp?97_Ozh+yCaRz`zgee`~%yQ`X|W9r7hV%Jw&Tf^N9T0>8k%voHv@Tq!+Nn@?Ej3 zS4ifwKS#Q_N~Vc~7++uUaNBh=J^Gz+qeqPr+*7ASe z-rtdXDgV~ks-KleNoAi*;VB7Cez&JG zX4fyJmPHpX6*Xy2R=;%bl2c-$pi}6DyK;SU*{V|wHP)?ByLGww{`17cZQBpLU0QgH zM)(*I$bFIXo^Q92D@1K?I+_^f@2GW-p*k2<-|(-6^U;o|;rYX6-x{CV-srynOidcwA3ie-3m zqorC?D}(FOot0K=b!9`YhZ{?ECrU_)_@3|F_h;UbohEN%PD^V~QWrciQE=P4d*|83 z&$*tL=x~|y<>B8WlQb_iDCTU``Cqa9(dA`v&pGewv@MFzyt%D#nnQ$b%3EKP%&6$q zTu)gQwN81TsEE08?W$7Dyg3Zn?_Vrjq|>x0D)0DC<+&mKy;Jt=dsn)y=KR!#t9=?$ zvQ7#=-X`~7zH{e{aKC-u>8B45G&WDWAi^Xv_p_c&yMFycv32{N+0MzZZG2budG7mr zr`p&37Pz`~>$QkkY|`=fJ#q>ftm{jx%kO;^=28}1lDX;Y+_ih2&-yOF(>meOf(08U z+`A_?uj-TMxtMJtA_vbz8vp#ZegEmX<$q1Kzeti|OG}z!etq95$+|B1OU0v-^+l|C@AQdCU)!xI zGHd;+B~RZ~|M>WK|I;c3Q~!*8f8xQ#b4HYPq}n+ovOw>lf_H(>l&J`P}3iu*u+qf(Pn# zmxa1lWWVjU`Lg?dP*gBygl+!P%n5$WC1rajd#0XPvUW?5qN-%(ri7=iK68zyyTAXb zd0CrV^XpE{{1p!6**$!G54puB^4dog9Tr-rCUt5D%cGpzQr-$#dgkVJPxjV)-(6nx zIo;mN)mPQS+vV0ryWOelMW4oOs1fA<_htGOvyfz|Ot(eOEZxe>_l8Xr-M39)iseZS z!zG;)1Oi1wG$%SU^QZ+s)-pbt`8{*tjjfB8O<3NM;Cd=%eca4g9)|?2rj`jie3ZY- zUhS*W4oct(P`x6?`l6FBC@R=5GL+TnV$tz;uUsA?pe~{bjpM95h}iifAn| zdUV$H4DVs1W4E>xDj$#XdvHm#Ea&dIIhCI|*qCFAZf4znaQex|`!;Uj<@!ri1<&|! zwJa!fVrJ);Nhz^7wsEn$2ABJam1|{<+l92cr|CZY@i18@Y7fKo+o^LG2i(~3(Dzr> zZ_DpZpDVsD-Kw$c+|%$l(`^z;tlZOe5MC`N6kJ$qlP!B%2Ir2G7m2 zCeCVeSm4ol;Knwj`M|NRXvl`^Smr|66~*+rfMOh{D!`0yBNO zGQ!oDX>z)By;-roR7Y4>+xhd7d^5l7|Gt7Ohh1wP3ClltC%^vT=J-7`n;t2(1iX2B zrts3{1xr{~X3c2pT*TG(yNaWYdtz79iEF=axt~7TytMO3-ySdTDO!5Gcb85+BeBDz zdCP{D5Vi?U`?BMcW{O5``%r6svSio$=!>3?K^!KRPqNa)gi zwy3VlYoj{$Y~RQqvVHcknZ`wG=^8iVE>%9fKSy|rZTTgko4>!yE?8sIv`%BmBIk-) zy8x9Ui#8!WH%S?_$$kq|+ywN*Jx+S)^j=@RSS!q}#a`wa^YwW5^#1~~dz-fim&`i` zZ)4P#UfFc&SNRt1{2b+ut!gzHaK{T*mTh3jkM&^;J|ZtRJ$E7Pn^lqwPDMwcSR5RSvkbpSFX}Z|1~8_ z%e$!}WU|Kr-(;7?Uta{yi>vS0{;kaL#`V^hoC{v*NvZoT-L>e7S*Fm8wu7_t_w_m` zS{XQ$=ITE5kmx^u`q)?L7w=ytJ)2{hQVW`CS(=*+7&{oA&gndRI$vt(IS3)9OKrr4_&?&w9wq(9zor0(OY zXE$5D>+L?1w zyZBjj$LzoH=KnF3)h4R5ujd|_ed|4Xvbx1J!KF*>y}bRWY->z>lqq4Ry8CzXn%uWf0!lgxl6fzu z`zkI_dwF|v@3+0y9=$yiy3{?73ZF@Sx$Ugnc<{M_9&yI%a6WAN_Hi=_Ya?oJ60+n9Wu zPjANyA-?zb4b0mWENh$Bod{k$W?9-M zXj=F};ZmOPk{x&ER3F{?rt&whT;(Ipd(}598$A8p*;N~s8>Co%=PF$j+k2uoQ!Fx8 zEBCF6fK$QA>hRB-qw7!o%eBs&Wj8gz)9@#6FN>7idj5Qc2EqQvpI#hc`=zO)?Yd&y z4#BeUIL(75hP;zql>Ch5C6uI0S@^F`Xfdajmy(R-y~NpNjh%lkD{1jx-lDYWV~eME z{*>m}y#zXwdGnD}nWF1f6rdh&DNnF?&`TE#BbN{ zmKv#e_Oti}n|j6t1^=197eAM^PrSYDeNc4t;b+_LKfD&bKl8qh)y`nRA?D|@I3s-Cq$V|~#r}21^w%+r3@_#xO zv-59Ccq!E6%Br9%ygnvs(}WN1dw2eyB4GBJyY*+W`riZdYIoGcbvY~k7BdTMxbne3 zZhD`DoXaof9o=1$S@{P=9>1N zKUSLRl|1WanQPOfQ&L>rT$PVD-Z#!IQtr}{=;d9!T58wvTu#y5dN;iEx4ABxvQy;2 z#;RE1?YCV64Nkn)U%z~jPLGN2o_`Eoi+Y3)?OJzf(|-lk)T18C&4~@ypC9#5_2l6- zx^v%u%j)iR+stnxyn8Po;|Q zzwQ|>Pd(_pJL*Q!p4N;UiNskyOk0cQ``uU?`0#t+!_R^re}2fY((^sOG_%4)_UhZj z6K@|sD3~J`n)uay{ZsDkwbPCDqI&Ivnl@xl5|mmoEA+9n=JGX(Lc(e17VX=}*zdh` z@!F}e`Fos>-@B_)Wi64FfAnpca%yousW-oz zq?EM0(q6zuU)HV`qPQn*P%>#?uXIpUIrF{cj@@yLi>E zuHAK2;=jMYeSYJj7~i|w?nxz6wAWSYpZz>*rfs^|%aXR-=xsrvQD?418oza%B4b%H zWxILqq8&?S#Q%Sl_$oVF@TEwo=+i&nuJ?a>lDywlkZabm$7Q=Ol%5s3rS@c&&-3d) zyDpy<+4=bCtCLG@O3jY$R^8M8_is7BozJrE-Q42yCKi7VGdy@=0c(?n)5aoME+vhi zNnUCf{yJ(u%3gMYhp!=X!LR0T`)yh46+ApuoQgC~J#=n2u=TTrcWDpDvm0jLDQ(IT(o|$2uMlVe+-iv#ryjbIsi{m1% z=D)YiKi^r*|7l^i-m#^tHJpTWG?pw_BNMaE#?~mUQ?)4XWZ9N5uO*2}#**{u{zMuW zov}$)>sl2Q7v6tde8bo7&Y7N{Kk(O|id;P{Ab>)yKW*QW`S=VjU9CICF(;=)^;1f?mF|y^+4;fZCBZ@; z9tVe9n#sfTVaJ{2bGd^xzA#j?w`WR9rQQ6gz2nz1=@oO$q+Kr;n=ZQM==)nn#VKQk z)7h;vf+mEm);fCY*c7RmKMbtnYdf!8P-wh$(nK#V&r+3pV)11;eID05L#5pd8mFiT zY5HxMx1hd2V!FDE(bS~)-v-XgY!f#bsZHC($^>h zX4KjVQ{HIxWa^(v5f2Gj^69wpL8HkJSA|Yrtmgjn=4Yi=W;q28_^gQjh@V zC0l;|^io;ue7NNMmkakVJJ;viuT{SV8dPsSY^Y{()o}UFnKL)12gO9?{EpPz$;!gh zyl`6>&+QeyfuxAfKi?5M3NDpF71w5A7#OFjGMf3G22P$NZPS?VJ- zo4lG(Q;z92fTeyIg)5?pUDubJ~uU8PH)*FPvS@l`aFa8=UO&~+`|t>dhdX=G&KvSsn) z8xI(E1#nCi3AU`{T6NvsEH+$AtNpuN!mT-(5-&yW=H^bhezh@i?(sWIKmRT*qg{-YLUUnFjC&w2b(eV&@7)Z$&sW_8_) zdi83RrY4Vomd1g_D_*QrdFgYeZ;tkgJpO;1gsudzgqXhHXJPp+e?#_hy%wc_kZ2X} zMNUmfm`C*Yf1F%K@!dAD1S5_UV(eaMH5tI{jMN?#lUs`TY)of(o3|MTNap zFYc9F5@6sn`N#{7cTEd)Yu=v7I(I|+wjH~GRuG4>x8oKD1_cIB7srrU({&%5yZv5u zuGi#ATzQG}l$t(gH+?>?Gu4y%ff9j-!BTne-c61@wfr4_DyP1m^hx*la)0maf6faTjFWq*wD^KUWR_L#yL$V^iIfi4b_tmm$rUDjCO*H|**sMr zec2+DetdSm@VB2cY?gLreolKNbtSOYF<|SSZSLy24IU?dnVSd4#&-IsuFVu;Qd9{# zHRoisnpulffuc{N&orE~j@V^6J*6g||%!<~4Q<@jTh zu&|;(4;0OE@15HcdAX34xo7LYleecQCVcrmLB?0sdX) zQkNvvZ)8%NJNUWx84}eVRHYJTxFQ`0SCH#t|Dz81phO-M;Pbn=HHPc<*U> zrn9cw)UI#2yUew$@sP=m&);^>FwZv9J?>xdu_?_&;r2WW=>yX*Ieh*(ahAgj$rkgL zS04?fq>nu``hKNj^xjF6A2WS4En82eMN>6Q8BCq#Y zZc*)KTgzVl`DLhf@vo;2CZ{H8-^-q<`PZD~Lxo}vXK4R<_hTm}_$_nLm=b!`s5sBK ze_iE-PYtslp0o2|c{q!!OIz!r%{xQIylZ^iqYCWggms?yziOtZSDtonGR zk*E8)Z{po^ino4E<~jE0&Fh}WpEERsd^l$@2^|$H+@^6Z^YzABZpBYgK67{p+H;^I#qc^UkHrFn;wV9V|F z<%>@jiYv8rxIz z<->-1778fY@sx=~Di}=WykH{Iudn{@w3qjdjn(q)d~%LidCxuJRmBJUL;pAbY)wBu z^T2_Pe`_kgvSyT>%6GeN$i(Vl_;1sHBk>J}iJ9gBPJtp^-QFKqm^^MjTD4}`#BBTj z`ZmAXc|}aF1l);Wc3Qf9G4thj>NQ2bXa4WsYu?}gc-Q)x{oljB-g8Kf=V(xH5MnqO zddH<}ip$$cYmZJ-y*W*%T155RY?W^*YA0v=O!G9_IQhrX&d-wqg^qu;xF>#d+LMaQ zdVwOEg@WRR_ZY+^kA81l_NvA%h52r8RNmcn{`0Hr_7{Jt zNey=TeM$AomFq<>|17wEe3hi_eg0F50(=uaR8B0}d^GorkMH7~?KR(uEHF-t9H5XYjJ2vX1OIU_&WCB;{AW)XUy>Y*kAv*T;nvGs-tv9 zZiDg#WoL;~POofUu5mTWE-EbOy7-bOG_X0r!0G-{osA9+>3lt(5B*Cl>U(gx|NZg6 zrim+Myu8;tMOV3N-(~GIa*8ow))uM?eDvt3hxYd=B?n7)&S2$r@_Hm%cuQ>C#&@gY z@^-(>lG{_Oy870kD=!qqT9!xdTft}@bo_tKtI~a+KQS6rUjM-TcE{dxw=^e(1WMQ~ zeP%g*YG8FPt_qC%x&6wn zkYBnj-xnYA^J@;uV6>X-dR~pQP3eh|W>BzaN9eBklDvFUFE!q5bPUNlrQIB!vGC{P z`~P(>Z5G~Q67sV=OWv;L$A^c9+xg|~h5sDVI?(N0nHRThhUi&ej@xfVd9Pe6$f#(_ z&Z~Ccc;f4E_WggdJqtQRyfism4@ZQ_-QMJooivqG?EAM*d-LrNt`hZ*Em|Yur{}(9 z(h~8C<#(&q|G(Ynzd7M$kbk6(a-ys2RHd7`b21$r-9(O@ZW76KP-x(2-}&oS z_K$1k`_3M@AfSD{itmzCNgkVR3E#^b9Euy56W3JmKJ=KfC-?GYp~M0uXBC-c+nfx{ z<|Yn0nFmbssWsdyJ)C`-`3-_t$ZWUcp)D^J6rGRx_kiOTG}sbJe4LUIC>kuUE5nywq?VbVn*4sS2Ik0^UYV9y*Xn|mvXC~-h>Pl58>8_ zve!lR!U|kzCTb^VRz~b(xAkZe5?RF!$ug7wq?roA3LP`tHsSzTjz>vl}(O ztj}&0>{Mt{Y!R^7sgstfID?co@`{zsTpTPCO`FcsBZ%^^*wo;DMh2F7CT|!(q*qM*Mx;Ve@&puYg zYY8(LSG{`8d32FR=7QD~$LB$LHRqda9=^7B$qa}xntf`5jP&9qHC4y_&xGc3hiFRl zZhqRPyJzEjj;P(XQ;a81KI7*zX~o)QyY@|c@?^_vqu#WtoI|F2FU{JXkht#m#xl{T z*7vH-)t4{poTbKlk&AEc-UClcR#m8+6MeLZ=jF6X{F-OiEe!lsTxs`prvK*`^XunS zBs*_>vn@f!b>>9jTiuPH`T{GShghsT{Y{Ng)8Me+zYoIoM=qbweLg$>2Uk?&0-YHW zE>V`>^QRu-Yl*ljmHN7iwdTb(xiFo~MavgYbKN@YWzS*jYuf`Pc?-AHck%CCJbnG% zig^JV4xu(Kr-J6l&wHA2U*qG7lh60p^BfP9v9LY5@SkK~+$=TA+3u^2xHP=_lg@o| z^)%J1k2}Bf(!HD0;`P^Zv@z+tjXQKL+pOU6*J#hw+IDZO)xg zaC5kH;nJbj;NyY^H@p^$>q)#eV_U1K6-U@LW6#SqUk?9gbiWzWUTdrai(h_uJH~xH z@Ant##{Ya^{`AzV7*> zp9hszo_cO%@w28gBG&EHhpM<(rOh>$L$8!>F-*LjcP3clP@}Q9M|Pv~6Pagg1T_>n z*qBv5^Bq5SY^KNu@%UdlvDf3@PrWkD*wL_`WA&qm#$zX+p78f`)O&1Y89&Wo&8c6J zrlL~||2&OYPK zzOkv&_~b{!bMNbUO^q4*T0bN$=6aTR^s&aD$GZQ{YEGVK{^Z`{A2(Rk{pY0o?TXW3 z-4+yQy1RN$(z%7Z)?L$@&*)yc?y;1$ZTGyHsv>-brgnWxb+=4-_jJ;`o!(0)?&SG) zB%)AJL5{EJeQbHc)64(v-fD+uUH^vD8xtd~tK;fs?*DN%e(B*VL^HsxA}HTctIG97s`D$4F_q_?Gcgv`*%>|D^ue|MjVae}~BdD74KD!R@)n;m6YQPq=gTi-LCpQrfKAs%=AB@({RPCWmV zq04CgX!!zx*G11WHEoh&x>A^81>&AxWAbQDNL4k>U0afS$1C}|*0EoH2DRS|mQ0q2 zI8h{8%eT08wcqz5^}N6uujx})%iESnB+e>XAJI5LXv(KM^Pi^vechUTJj`OINJj4! zDNU1|Ck2ZpC+oa?m2m$av&X`&ebG<5-K{M9{QP&bM03eiJ&;RFU)DM6AMb7C2=30{ z$;^wne0uHm80WkqnTeZilvW6MJ+zn=bFV7;XTE1a@zs3^8a}zj%0?0no|7{|b@%`5 zw12w!{}{}bPVvD$dbJ_*7bbwO%3kdH>)m-eS2Rge7vm7#eDj_)S{A} zcklep&3Wan8SXi6?kpGUb&GUtxB8uX@1)ChXx6*Z)h}*q_$(hU$%vBUbD7M{;l-k zvK%MI$?I+E=LtU#ma(!vntlA(Mv)A~o7+~k&0ZIE;Mmct5gFHXRzBP=7jg8m{`cVc zxe9@S2WK|&i0k`q-no5h!j`UOvowDD^%p0edB$F?W>Hf&Ywz)P%Yq`AwW^07zdU5b z*1BV1(#euWne0H7gP%KBfAd(y)6RMAicsF$MP*0DbOfLMIDNkO)zG^`7`3tdf8w-~GJ*cxe_t(2JTuqq%+m|4FSE`ryOYJXmVsS|J2TS5 z{qm(tr#?Pbw_RTz?3m2WHlJ8iXL@noH>m7m|=g15ZvYM5%i zKNFo(_gSF--e12BpDiYzw6tB~q%Cu}d)dYO&j&?BgQjz`G%03DNh?YmIJh9SP+b1k z+568{E}!@9Qw8fxpJ`8CXawz63C?;tso5!W%_k3*SzW87tfuQfy>c=5-RpU;ru+E` ztnD#0wd{TP^`6x>*Q%^j!3Vd#7K*vnsKr%z_}1q6lM24K+aIv>@=7|uvta784=amP zbX%2Gk}H4gu2sMB>EHJc|7#u^m*mIvPg}55Bbd#b@1%Vv%k?W)g9X<=;J5!P>9^?#L`UysUK2>)kK*`LYGLOz<+Acut6uo$=rmpRS%sdy0MtZ7gVD zEj7$aR=c=B<#oof^c=lDm7A3*Q~su>{WxTtUitTi#%})a%3IPhy-m{$jyRj^r=(W* zcnC;kYwgIamEL?)=4+wvHBO_sm-f_^w48g!l0E&}rI7g#?s#;q+;VnZvho67yZ_C~ zH@2O+)qr?jG3V5`qYo{^owmqyT*>^+iTEPC>w|k$3*Z)+UB3Yt51=iTMtNHQ6 z{E_$})?KT&PJDBs^51J^{)oMsGX$Q_e*VUhSO|J7gS9KLzdd-|C zPfSjo+PGk+oGx=iqeIbx`Ucg#r#X)=Hn|#hAxL=Ha$U#b+>V@ki3K&&ZtXZJt$uvP znvP3%qfWkTl)RMLee9OjIi9mcXJ@sxEPZf(-=6-pr?V`~Cmq|gaI2k$JEk(UToxfTdK%6$9Gear>?WGWSsTHH0N?tb^S91?=DHW z|5ksQwOVVMEqCG5nI%W>w>ogmkdR0?{w;jRvt!W~#k>0Le?M6sdGn@|vvX{w=)wug zI?r+gV-oeFm}UjH^M8K2zP8(4uCnFUud1Yt3jOu(itp@AU3@#v;C%M#0}DSsTi?^7 zAW*RSk?GN*8cp6;uU=QYyZQEu&f70%wk)~bA2(+1qAmgC#ce@i4i=9(8RZf4QB(c9hPJQk{&-59Ra!)Uv44!l6H(T@b zUyMhaT64dwi$DA7taQZYZPSyF`-yX|y~fqLY;!T=@%uKhDnemq&RUia1&{CKa}TpR zd|;;W9GilMZuP#!n~hDjUAcT^>y*WZAE)g7?ycC-raY%y#6ND=iCX#Jq3?b?Se(Za zXsCBw`R$><=Il`wOIG>t>K*&YF@Y`3m-l_$2gg;}**Eqkr+>6CO%=3dRlQxf!OhK4 zTh0A=2Me=;j|$hyB8gK@%O`PYhnMZ+V%cKq5_xrIg0sJDcIPp0@=E+If=N8xO4<7w! zvi2+Ez1_Kr+jDbL1HDD%_iUUdy?)i=rN<5g@-a`YyjSkbtuHH;>gYTt<=hdI=Hg%b zpKrIH?ti|r?sS8j=Fz49KF^V#yJ*+Gd8@CjQB*Vic7dUK-)G%<{~n2Z_VWhb+VR}t zU)YCFvp!e0tMB`+b9JidmU2Bu2{xyUDc8@{F6~gaeJ`F}Cbgyc8rQ>DPgsc=Kc4KmF+VNmjBHV*MIHRFZ|uiA84SdH7$Jq)SE$-clyLWuZWrX zM$hV@#%CQT4vuvg= zJ7ChQBzd_biM8~nlY>dhh08+AwX!yB+T7NjpZECP*|j}AJ%!ho`RVm8-??o0wB!3q zd-|4nIXN~j)-eA#w<%?@#?)c>& z54xrk?dV=>TmP$l{(~dZ`6AmD>ed)e>+Za0xNZLrA!)PN-b9HL4h=E)4sD#f$^YD* z)_I#wXDJsLRnGa6vvGMe$3s0gORkCAcl_L?Tl4;Bc;K|RUzvAzhvqHZ>SQ5y?uNpW z<(;8n8!|)1ZSQ(_O8h&EXg40;Z_IQjEd1nw1C@2(FSZ-DIy^6qxNLmydPb~@px16e zQ>Dp@QoPB}i;pTjU=kI`U(WRAt0@;to0v*gcE^#&8HyRNUp!gIe((JE`8Q8qd1A7h zZ+>c3&7`(ztXsZ+3%Yx!Lz1g`LdN-79GV9VI<8;YRFP?2yZqdF<*8kwr^P=X&9`me z6sx?UM$Na%h*PS_`0|_^zuBgxZmu|5G|S4mBP6uZ#8E2}`7H>KX&r{W|Y)B9Z3sqxLL)3Ht6T6sGyCkt>W3SL^UZfS4zyZ!V1|Mc6Z zS0r5M7Sa<8dwV0|aI%8QB|#rw|KOP&yY^m?OT4yCNq{eL#xn1HryjQ-sS)#>={d!1 z0Y|&)-MPFbreT*aN-W*Jxy}Cfhp1^+*k{c2G@d*!HP>JI`7xs{IxEs^l)THmd(K5o zF3>o#Oq93gbE{pB_s1W7+%pZ52HMkgRb{w}*8R7c9rmrMD8OmMhOND4_s0G?tNy?1^zQl5+nJF!%KFeD3qr{)1dw)W@?_L`KV&=f?QD z$Lby`+>kyg!+p9@xc3y!PPb>eQCiv(J1&H8VJX_5fG1p_u6b0TzS50-|Zyvq*Pm$|Y zeq#IEwY)xl=Z!4qu`CsEn&9VWU~S`be|CP*?JFk^y<0ltp~fwa1xp{kWxt^2sA#~` zyk~;U*=IWhIzQZ(|DFBls;TQF-c!bVADxHG0;X zr7qG;imJ1>=REtBd;R0h{r_c7ZF`nuW^dQEP$VcjP0eiu58FhRi*Y>bM4Cd>+?TB4 zGnSaK`M>3y@_Aj6e`2SI%ZZ=bX)2oN__|3-%=CD~-N2)lT0>*@FKSEmRXZ$vIVUpC z+eS%prq^OuhGv`R?!j|*%}6ug+-$jGRgagSZvnRjFOIL>WO=Xlu-d=t_iLAlY&A`9e#&y^Z_1my zTf48Zo-HXaRpgoMpwUv6GbM8o&z@8@+vf?V_nx1!J@WXb0-5(xS`Vk5tX9i+D*pOQ z^o?~{)547#wXf9g7G+aPf7sI(AZ#>quFTU__m-NtF0E((4j#D$RR$m5H#6L?y&KBI z%lGl#>~+jf71r8(%efWo?z=?9;%WSsscK6^U+)qte)S>nS@c`0ZJ{;q-YOnsoqAbS z@{-Al%q%Cx36~yB`@U!T!j&RM5=X9e?a4JZHG0&!IIbYDF*YN-!dN-5>7vEQS1iH7 zFNG36Z%WJGl_q+>=GD0^!)X3k_>D`{UYW<9%%bEekZ`DQUjwfCFf zs|s*!etcARUDs;UTc-{lVPTVU)+n>v-+WG$TkulsGmQy5_b&gHk(KMr#x$==Pta+C z?{d%c%e=4O3f|P6788C-bDnTWw1qeOmcvcIxTLZUt$Dd>`AWT0lcsU)n!R|=3+adN z&aO34^_i8m=t-`@#*7~4<4s*k53j_X3H|wO>#{wsf2yxpn{nx+rqe} zu8h9byT((2=cQzTrrDY(*QJ`4d#dm6;aRgumEn5EoI5$QZ1ZKFe6!A5yl4~G7PYxP zlf0H1F1dYvZMR$c=f1nMm$j9N&tsXDWAt|AzNe>o^*G%QD8Ju1`TqaO$7gsh?LPP7 z>2=|y2hS~9zO3T^+;RgG!=p{FR-nXiw|~R-wXYYxe=+;dJLUJz8m%E*sn0iVlH8Kq zoXniS(dnen^6;CSmt%3V^5N%x=ZrHiJ^3uQ`SMB2ny=}n>bqNSs$Mk|=@j}X5^5}x zd^)%MCUAjMb?KAQ%bX^7yk*VUwg&N5VjWJ=FJ@~ zS(k66^7Q*mnB}=xwtb>;GfT2!_)*;nzWyI|a`taX5#W%D@G4AFI(gjwb7s`8-Fx=` zH20HScz2HU(ixs=o_?wm+dRv%_Dp!~yizQ-+Rmqozy67{&A+Mn2BtP0r_LnJw{Bf1 zqr#^(JMsEF^N4L*n00wRT={sp`Eg3p)+^h$D>FHEWwS>WfBO>oZQr)p$M^p!y?5g? zTeCR(jCpeuOlLb)?p^y-CL-H>_VyDV+*&VX%u}bI5#6w1XVblNQB_v2I^CT2yx--P z_r^419d}Wc!O5SED}y9|%vl{Bqr5}u=iWEAQd6cnKfQePhPEcl#R!(gySQ#fJfD=H z$a!4pM8J&S?{|0KUBAyQ%j{`h;XN1q5R>^9SKakYPxIc+bC}_1lJNYKkH3!~58HDU z+v)L-llTe}L$>^Gne3VP{1ng0BX{O~Y&#YuSNC9U&8z(XH($5wy;&IGwqDR{@m!hg z-M4Oj{p5Y8`1sj1k(&s_^4OJsr`KaSZ`Aa{D3 z?Jmw!+NX6TI3`od#2d> znA0w&5_57^t!U`w?XT=wuw3GtU=-`cRZ>k46@KpNeY|3mu@K84#%-~Co90^c8(CTO z2^x5sgiQ8cuK(IxH#cO#QWa6Y!jh~u`=4jxFYPT`yIM?KI^%zDSz=VPh{~(1%6B{8 z-q^N!(W0r#kG!gEi42aN{NUjC{j=-;%-(-|UjdtOcA`e_1-|KeF-x>2F358 z}Sv1($be%Ry~ne|Nh3wZ`0!v z9~@$Mc~j)3&$<(AxiGO3#*A8m|Scx{gM#^;9&M0xkMIxN~4 zw7K~7`sa5#Rj%hop8xU0q`iNh3wNhj+xPWfZVE;<&P`6ep0r9!+oJqePrW!&nceN( zVE^UZ+9k`?e;n|=-uPHSmR+VhIbTLWghR-LX3QwF&qbg2 zHH3$RPMjlg{9Bb@eVA53Wz3n>i-ti#cP}wL)Y#S*E%$@L-}a}Du_Sk|%Ji)>=6Z;E zu03FU<bo32p2*OUTfT4Iw7qAD)Ze_Th$o%~Wk& z#*RlxosSOQUjOvBzx{DvX_Wbw{R>!r+?qOf&yP2oYu@a$cFbOqt3375p_7xB6j@4T zzt&6+ay_)tR$2BX$B9TEzL=!63W1fTPiLhmNGOSP8kpLd9e4e;{AjdR%OT~hmsBoZ z>6kWY)v~Z@Id@K7-~X5SQY1I8PjCO?H%={qil@Ux&zpvYx&{Z!s{4I6wx0Z{O8xG< z8?Rn*?V7%&xF%snff66bl*Kbe;IEHlK1)y;^Fj6Lsm}+VVT6 zer1~l2Zs6@BwVQ9)}LPY#YX&me9H0e^#!kPcqokE`yMUoy7nY!^OyJ?4x!GtQ>T+hy* zZoIcAQ}tx=@*iv6?G8+O#+q?{OIBLZq`&O^8&iK4ov*xhR`Tj12jM;X=cNMpmN5yR z-T8NSL}fJhC1sXd%4t(Wuln@$8O@%fG;f7oMfhKlUCYz*Zf@AYWGmLJl}z zoiFG8zVZ22w$1)z{_=Z!rqc%SQW5o z_5Zi0nNoQdt@WP1;pMOFn_IKZxu>r$G>+d|a&ubH4QBCxEY!sEGZQ%nN4vo-6osqi{*0f$h{I+j7I!yjZ&aKNBx6 z@0BYdLaRLz*nC=a?(bS&B7Q6=<5?^J+3UUaZx(e0@a?>!<0Wxp87IfG^vg3C4=Yc3 z_r&+?vX!}chk8Qe{MNVX>Bd#4@>hS8dopcy{t=G0y~&r3Zujl&6Xa!^(3<(+>vJWA z>E{KzTDq3L`+Ro|E1%YM##N_y9^NspnD;0oOg&=Lj;Z-JUwLMmuTvJ_n)dDC*GTRh zhoZ;7o~EQ8d8=%${b%=1#Hd`n3{yHdU31 zzYO_hbadygb#1d|X`TDVzi~;mpp%ErZ8hWBYLiyzNb$|Jx_SKm-^1cR|Jwg#PWl)z zbN0oU;>9})jHmrC{rZUYvhMYpzuxiNoLK(vLI25HW`Rpq@5*lV>RWu=&0s>t+L>N{ zll_((_DnDj;Y&Zq|KSRM+@q7v%Z1jjdEzYp_k2wC-O?rM?lWcOl}rr}&0D_z^p`6p z+umNdbk+IqAwH*v99w&NujoWLELp{sD6zCd>xhk+mA&4H*b^P$p_}SHUp>lr^105G zWWo6}Qj&@$H8v_UG4f5Ap27o*4b&(uN}&DhoaNs;K~7W;eg|4a7D z<5y4bEcvCf|L29jGlG<4q*t0)$Je&H7`Q|`H@jc*vRxar>)qZcjwQ#slNnW6PEDx! z`||nD-v`?bnkOdZWj?IeR5=*X@$q7ykFyX@tL8=dIp8Z?)9&@D9eOAr)Nv%~s9f;zO()NtF|f5edE|h?PoH@+XPR(FNuSP`pwi3eSF4DKSLY4quI-UOU#|)(5_UXALrs-Y2oVDO#YRuw_(E4Ig1XppO`YEQK9#2@0Kklm+#$k`@N`) z$62V;&5*}3eedJ7*BsZG)P&dU7UOt3Vcv`fAKqOT+{nUhHT}Z%`iZSyLv^yUOV1w; z)HtnVZtc8i<4NTMarWB30nshR=$x-;SiS1PJ=`7-9D@Bb&+}NBm7M@O&iKYg{}Jv-u&=< zx2sTiVZ+O5_SIY)gx)>37V7=*W_5K$K)A1~&A9}lxA!k1C6XH92cojv2Fu)k_J68nzTs;7$If3<2jeW#4IvtWk2jNPeQywWRj zBRe!)m^ioVh%&Zi3URQ_l#x~!;1S}O@>TMm4rf8+&y5ZVGt?HGOe@}^8+Byf^ZFw< zi^XqlSjMeAUtNRs#FbKdlG-}i#&zwh~LO?`AS-~OPu-Sy5@e7?%nR& zk}?tr&%eq3`LO$b`tQ^03o=V&g1xjJ75W_3n3lA7&grG^H{H6|R2G%A?%nIQM1l2d zW;oY%2fKI6dlwvy-rh64?%J%Ejoy3yUE-`f_kXqNc){io)d=P8PCiTB&jKc#S% zVPRLr!HKI}o^-#~U#h$R)1@*oos5M$O9M5vyt(wFrQ+`In=4w%DHd`}Aa!A!UgNbR zj|Kg{@?VOWuc5rR_2rYf+Zm07oIM`ehFhpH>#7_~Xvw$vYxGrjZOp6p$)|UTy8bs% z+>)N9ezC1_EpOSo+R2lhJ##XDm6sqE>e!3@KVF~wX2t3RM-|8Shsw6hb=Pt=vOK!l zy8P2R>2Dsc%=xrlUMuKwk@K>5=feEtES>G%7wr3QviqCt;}a|G zvR=K8*qFt7KL7qv``Vwy3RAKxLR8#$sdRN2O={PZl8%>}ry$rZ(C_ZRF=x+HA^T#v z#BZlEy62s73W^Os{OMlm9E+NkdF%MToCt_qw(d~Trz5L{PE2_1rn6PW-uUd3rHQXz zXBRT$Mji>=VrFvT-jxnR%QLUze``fW*8E;N-Ge*hU8Gy_d7~DQkRyk#m|xlWc3X5n zTFc6tBG2{XlD_xNwfT7V{e+D=hZZu}dQac5C|%Qg*L0<3#g-{~FV~5>*=3Q>}y)DO*8X5`^y|Ti5zFC$o;O=CtK6}{}cOv^QfJE`=YeV_H65ZI#-sZ zS@6xx8bhHIUmtxuvF5sV$CU-oKKU@;*s!Dd{JXoy4@Xs=pK@6&Fl4*ZMTwUlGdeFC zN<~FYa60#q_t(t{@qrJ_TraO(bt{YQ^5#2V@3mWOt=CuA=ec~@_UNX2OHE3*DLXle zYUbIo~;Gtz!|GrF~pIBvf_Uh~K&nNf)F}A9jUi>Xb-dWf) zOIrF)^M!Z!r*y1vKU@-cYWCreud;>zobKP&oO^NiikT}@X5CBm=4fwjc_g}2C_>}) z$uJGoiB20bFISzDyX9`Tfb+&n%kV|@2_5T}&eeE(ERu7r<+k?%rJ{z@O`d*cX$(+v zO)Hx8@`=h~XJ-|k=CadCo#L5CFCKp4C-d0H?D)!)D$g%RE=w-V+y6IhTh7fhS7)0S z-z|-v_>eP+H;-8S(*M9 zqV;<9*Y89;vOFApjn8g6&-BTu3%mWJZt6&?PHgMs^pM$-xZ~z21~0`WM>uB4{hV9< zc1qFXxw3E1Dc#=Y`822LVZ_T*;vTEZ|4zDWyiRM~mfL@I9jZPrO31o;@!FYv%IY_F ztlO^RJTpjt=i>!A?8+G;)m(Q>wYJZ(65>go@vg8)neTrd_h}_h z)Pt#Z#^I)y^YqtWn|}Pl4XK)HS5xTJYoob{5a(L)u}gG z_xfH)U~@jAt#v}U^abAR`3N_?!9wtRW#_3P88_HngjE|{Vu!8!SSB#U#J z;nTFFoJq^;e`p=iu6PnIm*(luzwsI0DlP4UCO>aIzW;RIcRPc0h8V5qlU^^HcyVgQ z?rSV95AJTyTl)S<vPbNDOEA;B$E)(LMozHCXsfxs(Q zLyW@&UC;L|_T8+rHN1G^f1%my?!Wr??1oQo&&OY@*H7eN+qm_ZiLcT^flE9)xKh>H zPef<9D{ghlT%U4n8|O_k+n`Iq(Y+QL2}%iw+BM&Cef%9B4w=)6 zvrh{3xyMu+zn$ig{WLWGwwQocT^HBigHbai+6ww_G77GIFmo>Z&l9!f0(~t4hh(EW z-7=>iUH>ZU`H_#41D*;eAXPKVS$;h0J^j*t*ZliG_uhBQYz^q*et!P**Z2P$;_J@u z=44@B;(pw)z}w>JpFcAm6<3|hX5B2$yCyR`@%`%c8(uEEeQHj_Y0d?=PfKyMu3WV? zEvZDt*-I-sOW^3Gi}MY?>t?I3UA0=--1@X^`TlPE|9|f4*libr0}F`BxO;}&20 z`7fWXrLP4~Qaa7&GG*#nt=Op81GQJS9ZvXf8CP3qJzX#6$>Q(#j{I7uDskw^pA#JY zwV$JHe(#n4WIg|fb5bbhmI)pr7E&_O>1k5wB|KA4CbTB8Fw4EX#&t^PZH};E~S0H#~pY>fPN_Pm2}5|NC9AkLBcfzv2%c zIQMg=p~-Meuaev9ZS2d1Gb&rD6Af_b=7vA|KZJvJM^xzI$5_@R;%pwnN|02=ky(K z&s7IF#cktR66m4mdEQ4^_U+0$a-5<}PgA|PH3c)Kebq~Q-zXfjJJs}-z&fur-m8PP zW*=J7A$s~%x899g2QN(ObA5Ydg#i2SwiTj+`+n)4|LFbwK4ell%Q# zGjHd*$>RKTzrKG3nrwp1I@SH-_|W>;{ii?w9cL8@Cu_4)+kW0EpZDOP_4@^TYXx6k z6x`lFL3_pIr!70~Y`8voK3D$!w3|Wm>VB&BGsJfmOz~RyxKpcWr%dqV$r6l{BV3ny zH~o~H?)-Yv#7R>ob?u5uW4rX{()xc==j)%peq&wHl{-7k*w)T7)!CD^EQh^!!Ln^_ z3m+Q3dYxUF_*>4YGb(TIcez8MU$5xCORPwkVE^;S`p-|-*KjU5X{^8R$lC39IuyOz z{ANvBt^Yviev#C(Pa?niSAB(EZ;>znNw01=2+|~xA%=+uPEis&{T8o+5G)~mGkbF*@l^& zzhCq2^_ervD*yj}mzbE$d_K2+>b`%BeSUt5&1&!aT_&b6JiXD8aKJjJRpgkzT=8*7 zrXWqG14WFdALs2audA5QDQ|bQ@%>@rn=+D`o;qs_`s-ic&WYJOE46#~fk2C&GHomiML0sAq&>A+`@$wV zfp6ZX)QsL%1vw6-W9=7Cxt(}0^=HOK5$}N5@cyaWCFEy2NT^-(xDq_yHS@c@uB4v! z^s7!nYged<_FcMh&2h)7dGDSomc6w>~v8K#r>xcU1%&*Efd zjf1Ay*B8moF3~$3ynfHIlf|_$&2ApdnyQs+C4HB7%y=gXUee4 z&Q?3VjB`U1qs-w0y9(yrZ1n!~VCwXr=}#w2XPmYs%JKQDty{KiEqZ%w^@|?|oR4T} zOV0J!l>OXq-(|mNA)$hOE(XqwO^(8u zvoaJ<@9y4Pq0DY9lJ?*ctJJ+hZ4SqxtXUa4QAwwqrahI2Z~PNB{^Si&w90owv06MbxH_0-Z+_qfWMM)xNp0-2VNZ zOy)iji74^p#esZ%j}vAT<;~oFEo0$|&i0j^Y?5a(*wTtZj=%bO*)B42kec?MRJ__;Q`<`ba zl>0Pbr;f())90UdX>FLE%`)%w8odcNYdI_@2sfp2&$_WY*;;zr-7nMLY;~~XIlN%q z%83uXr_Yd)bTqpn-09MNBs3ssW1SWs&%EF3q+g13g&WP@y5nao|A()~?T)s7-kfuD zL(|QVhC*L?GyE5twm65D&bhf#Q|Y2ayWgDTqiw4@x0f^->@B|j=lcD>wsn6m#y@I% zZFVt6bm^{TTvJ$gnw;8r@KmGGgpVvyUT<=`E*97J%&~O!vB=5ERM@hj&QEPqH7D1t zg^zn@znm58S@GRE@6lG<-!H8zXZ0QRw%MdJAW=E1t% zH+GlX3!QbB|0ytW!%HEJr8ar#0^MpA?{l|*ocaEL$KL9)$t%19B5ykwNTg&&b5C`A zDP<{Ix$wxQ1hd&k3w3h1FWuy+Jbuuz*`PyW(gevJZ+5ZdbT{M*icH#&8`yrE{k2DL z=@*X2?tH~oa}zHF_C$%5?$wUmTBhqgZT*vl-)#?k64jpIRPgMJ=C}9uCuXzr6}&yY`l3<$xAv$5pF^mjq=>NoUUt zJ`@+w^jx1ubp14)eG6Kie9X5ynP2l}ao+rQfBJ(KYB0Jgn4Y%Y7U%nZ65kf)OBX%7fm2&g<7q-T%M4f4AkrhUBLQHNTWs9dk}?3agy25O<{e_o9@F zk}0=tNiCViG9|4tn%n-?*15db^PM>!b3L73ys|(+V9B<1^Cm7-RC9A%nYlt;rca?I z@K2E5mLHm@7kTfU>BPNARP>CGYG+tz@a1cr#Se9s`^78B^ae%-Gdt~iy1CC+Lm_b6 z*-ckZpR9S!zUTRLyPgS+LGM-GqeoHtxBL4(YBH>zZEn?xF1U*z*@JFMla5^I+cY_XXZtwmM|AZW9ff zrE&Pcr%m(j?|f@D@1^|GeG3_Ton1>+t)vz$Q+nmg-W#@nr}N4ztBD$u3?KGxPj)t& zo~$%C(Ztf(YW;@KmQ8IcD!fdrrjgnylAb0q?Fs_SQNEL>3QqPsoRafJNWcE4Kz_;k z16^T3;qmS!La7fIl~qmCeSF>So1xUJ?3tc^#Yz9|;%ZZ^+rPh6n|yw9d4glM_WP>u zcXgsKKJHsqblgH*N{DNclwe^~@4NmrNqc!(?q7O<@7*)M`rVFan|#!BmpZ!I>e)>%4L_3Xb8d;kBcTV)%)xgGzNXoI zKP$f}@$ILil@$x~tM1N9wfT7|Z^g&n4T#0%f9420FkKtk^QHgO2kZ9*oo&gV!{`4^ zm;3wRugWT+b?lQDZwNM4U8La>c_K^F{PUxlEjq3j8y|9HLr%kD4cS1(LGJ7NA@MTzdlO^!Fu_???@DkUQ?Z_&nu^KMNm+w$lB z+qsn!WUkg8w|`%H{>z-|v+K&fP1$m5s)b6+5yh5XY}`34N2XcUFtoA6Sd>|c zXdd_5`KU-zy;U<=J@r6LAFr92#lw;VHyRkY1+MkBY_Td^dUam0fBF9D_Pd@(JqdZE z68h)j{Z%XP&b_toUiICp_wRrFJF9nQ)YGEBzSoNnPnA!|Xiusc%f_*{3efiuKc*I#*_f z%`22*5Egd7X>WJ%#u1D6Z|)pSogT}w%ptQ^bI-p>!Ea5HPF@EbIDH*GHvMFJ=rU)` zTch#>Ipdi&t2FxxY*r>K9=tH`{Kl20UZ<>DlY29>CZ)}oHsh#6H8)d%s83q4kC@k# zE?2c;RWCou(>#K2=kE?xP7$fM(|&Ku&AGp8>hAr& zW6SdHdim$`b6W+~e0lUaGy7vr&GO}GH#XIZ@4x*+%HQ^-W#H+WgvTU-V@2>sQaLf6tjSgG2eq-tTrNZt=&z(bNf! zExWhJt1;x>v|wfS%!^$uuNQr?Ec^RRv~2&znIZYJ?pYSkFyB7E*gy7IWcs{wx2?-Q zZeAY0q~4E9d#1u{%?UYO*B+@eO^J0|y{meM5}%q#?Ax_I&$?7zui5^;_`ON)PRVV1 z%O^a3{yo(7AWPR{_Foc`wr6H-wmY(ZJKNp^j7%&X0tyZd42*UUSSsSQ4qo|px8}cg z{4uUp!Kjaixb*{yMCGljMfv7!=r756Q*%w9bFIMHWQQxCJ^ESROWku%FU}6-@#f&T zX~umk`sdlt=QmW{eY)?(h2NcVx%1=ZXPQi0Fhf5{yZz+GLZ`clX99LivshjA{NG2F z8`BpaGGE}x;aME5ebkwC(%e`b`&`!dIronIe6FKzZP_{XY(d6zxwh}JN-3?Gd0oQX z?HwvY2}k!RG|YcH#Yv&X(>-5)`Mff&^?UxXiO<=*%IntNo)z}nRyk#`mik`hb&BO$ ze3|ZrpCA_1wU`< z&r3Xd!HKU&?vZk~{(}b}9Nqf;jEt;K9o)-)q0d)INO4kD`iC8^F2QdlHd^dHt~T@j zeRrFQ3gH@)-o0G7CAqzP9$RS9y4K|$Isy`2iY6=AL_byutM!{~H#?q@*%!KeV@#0G zlTR{pPa4eCezZexW59}q%Of}rmYht>I4Q&;6<)P>kDJArM@zjWWnvDTmNx&?yZ*0i zr^l4`cRRaFr`PnX*8k73_w%zw&SIaRolkzbDK&$~z^Ch|k~`nKr|#eH9TyFcKYnSc z`oe~jFD0#RP5QUzM6#A=_=)w~=dn1=N@%Hgw=(_4-gN!=osau=MNZRLxL4@Ut_8=> zoZ&HaUNnU}jbo*#pW^X}<=;2tAJ=m$f2(@;s_&ZR&8pshPkt<9z4PI#_0QR_uYEpz zeE#!iyz=WJ1+yNr&wCmjzlU$jms1Z7 zGdzzNE;%^uZ1h1N7XNPy@I)t{!!##vTg2WZ-j~zN7>X_n-zj~6_|E6G>lYZVntANf z7mFKx`P#~>QVtvcTdKBcv8~|BE}jWuA3lA18?*h_o-E4^7o-jc>b!gPLQweCi3G^8sZ!$K2dszIb=c6_nv!0#3 zZl1i`?6Ui@iG9sxzO!_?gKr1R7_dGJU{T#8^g8CG+RaNYn=}vZxBscLyZlY!>pt5T zF^%c+|18fs32f7eS|e~Vh*R7*PO4|h_K$z`=cmSG_C*(3ZU6h&Jj1`-u&`uKlA8Cf z{nMFe-(UAN==a}~i_Z05*RNZbwpN?vg6QUz1-YsW5sA(33MRd~rsCzeEZ|ATvI94+ z@SG|QaGDU_Rdn-P&5G8H8*$px+vO`J@J_F5sjz4&lbNL~s28)bNBY{@qapvyP>3Rb*}c?2n5lb0`-03I}U%`BXFQc$b-%v$sXxsVOI9=N>FD z6*i6xlGXIHt893F|K6c%v4`huSh0WGl9<+_oF$rjqc`R4j9kdEafR!?I~AITD>dHU zJAcDvTHmykua9_?U8=pC{=1jIL!>Q6#((<{ZfZ1{`F-1_cgM2#i03^my3gESaBh|8 znauYtnT-w$r#8<$U9oiiu8+NO91lAkud2q`t`7Yh@#dA&tc6-H|2@uLpl!QV zDpu3;s4#!m(Z^G|T%Rqewn+Twd1Ik~Epu%N?-%7$s+)}Yg0df-w79?f|MELOw#Tnr z%xt<^smYYRoe2Xn~sZs;x(_7a2`B@J{yq#JudZ z$K2~booMbiHkV7)5L@ag4Jsn;EB?9{w<`__qDvx>v!1??7mrMfNKXIs^74c=u7CFN&7 z5Du@ML#9?PWJ*XN(N?YBGLdHm~Q0STw-gN;dyg56gtR_n*9^LlcW zp0Pe+_{iqlmGwIxc5R*KwT&&;qw06njFZnL)g^6iGQ(<2CK=&R%>_a?54Z0q`)jp6 zgssoEG!yYp*Lf~=3(VHG6EkTr@mO}NQ!OdOWNFYuWo6}z>mRFn zzRsW4d&y&q!JpTH91p))N69z|CURn^1F$u5(0 z*Vz0&#P%yU#6yNDcSc7+&*}BQMb7Wr*E%Wtx)S?wmA6e7FCLb$E0}QTiO9-jEZTn2 zXO?DP|M2PD-k8rfvu_qWPQS4uTi^4r!Ya{37R99*TGKhixn*X|_!cuMrt=EZmPdQb z?=RlIcCP%r{~F7WE9vwef5D*hG|8H;wW!lcFO!Oyi#?)>g{D~w~97)E9R(} z39&2Y@GN&(F+*8Z=9*sYk+<`AOv%6ZqcHF1k@la5mfIgooxWz~)`pU+?mNns-t%|P z+GH$g_j_mb&cCPQlis$9H)WdkGz$rA(rL+jlp)UO;&XD}{d~2=Hj5~Y&(A8R`5LoU zUCy+td!;$&mhpNiR}ZyC97`*{AK*|w_tw#)HMOde(mPl zbMLeLpNvZzRr+oJDy_@fbG+?WwWO_ykj+&@f~qOt{P64Q^2;uro5SbuMFpQr|M6>X zdGW!@^vlz{LX8WVdV^10zZ31EyI3rQ_eipCu(_pKhOhe_>MA^IhlfABudv zKIP!c(>G@7Gd$SE*Y;3U(j{m1idePsFB(pq=ck8DKk4uJd?oq+!Gsejel~5Fq?U?q zOAg-RJ>`v&>QWAOr8BQzrM&$lY+3!0>DQ&)FC|MdUS}kKon`<1T8GGtOD=z8>cf~%h+EYu~|Z z*=rwz^6%#sKMT+kwJb^5Vs$(h_a727G%OO_Ztke8F70hfh>KTuJ)T%- z70|>7X}~kFaC~4?Jy3nGX72geT2ZIw-03@C_SGxowOV|CGqv=Icz~YY!WUbY{mNN3 z>#t~OxRT>f{Xb3_Ik(d;Z;REj&RZBR_BQ>eR?8BnPL`$}mvZiZIi}++X4tJ~%5hVP z@i5QDiSr(>7RoN#X(Q}@+~(HOpOZZcmQLT{bYG>ZB3L-1cM4l^yI;a0hKni2s_u(h zPWI3HVJf~R`gl`ow@sGXzYiO?PEhdmiz_vA@0#`TrOrC-zlD?H{%=~LvS{h_!s%>> z3eSbo><7f!FR zf0@B@dt+dq@4koy4<^rF_pK~UC+ff{;b+D-<{skuEu1^6C8=;(pWmf9U%ca5-9Mj= z5L#W!=c-sR>8wPQ$qkcCsm;Hcq&$j}+du#2G~Rq_+3MGxAxDnyH5KD--8eORZhau{ zEsuYX7IptPxw!vVqiC-Qj~L&Vux~GFw?y+U3i00Fdcc%tR@82erB+#gZ!}r0)?UBo zhVs5T$?YOH)}7wIzgGP8`G|wD_xH}uUVrmI{M}ELaevJ-y8a#D|WEnQx4>kgxia!XO{qFb(B27k7unH{}Rox#$gaCfRx zcBjFD<<>{PlgFPgO=&Z#oek?a(}PdcuRY7j>1Yi z&IxW)&uJ)DzAVo#e&>1o_ulniMV9$-o!sskyZcc{-Jc8298Z-@zb-SZ3kx}8x9II=9clLhJrcLdB2(XZ9fa$GWx^dB)c$cN6^F7E{B)t zzE4t(dJ(^)BjzCE}D_vR8h&FXzZ1ac}3;-~axV<=JJc*8fdk z{qv-3{Lwp~_@u?oJpc7{`KBd{g)?VJL?!RkGjtae)KheRoYlC+M`@x&{+pYpSEU{g zpFaQF<^%FkyE@|c?mPNFsL5bM_fofu=4&0QYmbZ1tNdj6JT2dEW9D;4x8v%oiUrMh qd7K~Z(yG|R4jm6*VzE&B$E~Hsym8l2>qZ6!1_n=8KbLh*2~7ZGDGVwA diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh deleted file mode 100755 index 0ef7c0d..0000000 --- a/home/niri/scripts/remote.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(niri msg --json focused-window |jq -r .app_id) - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "kitty" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "kitty" ]; then - wtype -M ctrl -M shift -k v -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v -m ctrl - fi -fi diff --git a/home/rofi/config.rasi b/home/rofi/config.rasi deleted file mode 100644 index ae76aeb..0000000 --- a/home/rofi/config.rasi +++ /dev/null @@ -1,156 +0,0 @@ -configuration { - modes: "drun,run,emoji:rofimoji,clipboard:/home/yt/.config/rofi/scripts/cliphist.sh"; - font: "hack 12"; -/* location: 0;*/ -/* yoffset: 0;*/ -/* xoffset: 0;*/ -/* fixed-num-lines: true;*/ - show-icons: true; - terminal: "kitty"; -/* ssh-client: "ssh";*/ -/* ssh-command: "{terminal} -e {ssh-client} {host} [-p {port}]";*/ -/* run-command: "{cmd}";*/ -/* run-list-command: "";*/ -/* run-shell-command: "{terminal} -e {cmd}";*/ -/* window-command: "wmctrl -i -R {window}";*/ -/* window-match-fields: "all";*/ - icon-theme: "Papirus"; -/* drun-match-fields: "name,generic,exec,categories,keywords";*/ -/* drun-categories: ;*/ -/* drun-show-actions: false;*/ -/* drun-display-format: "{name} [({generic})]";*/ -/* drun-url-launcher: "xdg-open";*/ -/* disable-history: false;*/ -/* ignored-prefixes: "";*/ -/* sort: false;*/ -/* sorting-method: "normal";*/ -/* case-sensitive: false;*/ -/* cycle: true;*/ -/* sidebar-mode: false;*/ -/* hover-select: false;*/ -/* eh: 1;*/ -/* auto-select: false;*/ -/* parse-hosts: false;*/ -/* parse-known-hosts: true;*/ - combi-modes: "window,run,calc,filebrowser"; -/* matching: "normal";*/ -/* tokenize: true;*/ -/* m: "-5";*/ -/* filter: ;*/ -/* dpi: -1;*/ -/* threads: 0;*/ -/* scroll-method: 0;*/ -/* window-format: "{w} {c} {t}";*/ -/* click-to-exit: true;*/ -/* global-kb: false;*/ -/* max-history-size: 25;*/ -/* combi-hide-mode-prefix: false;*/ -/* combi-display-format: "{mode} {text}";*/ -/* matching-negate-char: '-' /* unsupported */;*/ -/* cache-dir: ;*/ -/* window-thumbnail: false;*/ -/* drun-use-desktop-cache: false;*/ -/* drun-reload-desktop-cache: false;*/ -/* normalize-match: false;*/ -/* steal-focus: false;*/ -/* application-fallback-icon: ;*/ -/* refilter-timeout-limit: 300;*/ -/* xserver-i300-workaround: false;*/ -/* completer-mode: "recursivebrowser";*/ -/* pid: "/run/user/1000/rofi.pid";*/ -/* display-window: ;*/ -/* display-run: ;*/ -/* display-ssh: ;*/ -/* display-drun: ;*/ -/* display-combi: ;*/ -/* display-keys: ;*/ -/* display-filebrowser: ;*/ -/* display-recursivebrowser: ;*/ -/* kb-primary-paste: "Control+V,Shift+Insert";*/ -/* kb-secondary-paste: "Control+v,Insert";*/ -/* kb-secondary-copy: "Control+c";*/ -/* kb-clear-line: "Control+w";*/ -/* kb-move-front: "Control+a";*/ -/* kb-move-end: "Control+e";*/ -/* kb-move-word-back: "Alt+b,Control+Left";*/ -/* kb-move-word-forward: "Alt+f,Control+Right";*/ -/* kb-move-char-back: "Left,Control+b";*/ -/* kb-move-char-forward: "Right,Control+f";*/ -/* kb-remove-word-back: "Control+Alt+h,Control+BackSpace";*/ -/* kb-remove-word-forward: "Control+Alt+d";*/ -/* kb-remove-char-forward: "Delete,Control+d";*/ -/* kb-remove-char-back: "BackSpace,Shift+BackSpace,Control+h";*/ -/* kb-remove-to-eol: "Control+k";*/ -/* kb-remove-to-sol: "Control+u";*/ -/* kb-accept-entry: "Control+j,Control+m,Return,KP_Enter";*/ -/* kb-accept-custom: "Control+Return";*/ -/* kb-accept-custom-alt: "Control+Shift+Return";*/ -/* kb-accept-alt: "Shift+Return";*/ -/* kb-delete-entry: "Shift+Delete";*/ -/* kb-mode-next: "Shift+Right,Control+Tab";*/ -/* kb-mode-previous: "Shift+Left,Control+ISO_Left_Tab";*/ -/* kb-mode-complete: "Control+l";*/ -/* kb-row-left: "Control+Page_Up";*/ -/* kb-row-right: "Control+Page_Down";*/ -/* kb-row-up: "Up,Control+p";*/ -/* kb-row-down: "Down,Control+n";*/ -/* kb-row-tab: "";*/ -/* kb-element-next: "Tab";*/ -/* kb-element-prev: "ISO_Left_Tab";*/ -/* kb-page-prev: "Page_Up";*/ -/* kb-page-next: "Page_Down";*/ -/* kb-row-first: "Home,KP_Home";*/ -/* kb-row-last: "End,KP_End";*/ -/* kb-row-select: "Control+space";*/ -/* kb-screenshot: "Alt+S";*/ -/* kb-ellipsize: "Alt+period";*/ -/* kb-toggle-case-sensitivity: "grave,dead_grave";*/ -/* kb-toggle-sort: "Alt+grave";*/ -/* kb-cancel: "Escape,Control+g,Control+bracketleft";*/ -/* kb-custom-1: "Alt+1";*/ -/* kb-custom-2: "Alt+2";*/ -/* kb-custom-3: "Alt+3";*/ -/* kb-custom-4: "Alt+4";*/ -/* kb-custom-5: "Alt+5";*/ -/* kb-custom-6: "Alt+6";*/ -/* kb-custom-7: "Alt+7";*/ -/* kb-custom-8: "Alt+8";*/ -/* kb-custom-9: "Alt+9";*/ -/* kb-custom-10: "Alt+0";*/ -/* kb-custom-11: "Alt+exclam";*/ -/* kb-custom-12: "Alt+at";*/ -/* kb-custom-13: "Alt+numbersign";*/ -/* kb-custom-14: "Alt+dollar";*/ -/* kb-custom-15: "Alt+percent";*/ -/* kb-custom-16: "Alt+dead_circumflex";*/ -/* kb-custom-17: "Alt+ampersand";*/ -/* kb-custom-18: "Alt+asterisk";*/ -/* kb-custom-19: "Alt+parenleft";*/ -/* kb-select-1: "Super+1";*/ -/* kb-select-2: "Super+2";*/ -/* kb-select-3: "Super+3";*/ -/* kb-select-4: "Super+4";*/ -/* kb-select-5: "Super+5";*/ -/* kb-select-6: "Super+6";*/ -/* kb-select-7: "Super+7";*/ -/* kb-select-8: "Super+8";*/ -/* kb-select-9: "Super+9";*/ -/* kb-select-10: "Super+0";*/ -/* kb-entry-history-up: "Control+Up";*/ -/* kb-entry-history-down: "Control+Down";*/ -/* ml-row-left: "ScrollLeft";*/ -/* ml-row-right: "ScrollRight";*/ -/* ml-row-up: "ScrollUp";*/ -/* ml-row-down: "ScrollDown";*/ -/* me-select-entry: "MousePrimary";*/ -/* me-accept-entry: "MouseDPrimary";*/ -/* me-accept-custom: "Control+MouseDPrimary";*/ - timeout { - action: "kb-cancel"; - delay: 0; - } - filebrowser { - directories-first: true; - sorting-method: "name"; - } -} diff --git a/home/rofi/scripts/cliphist.sh b/home/rofi/scripts/cliphist.sh deleted file mode 100755 index d11fadf..0000000 --- a/home/rofi/scripts/cliphist.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -tmp_dir="/tmp/cliphist" -rm -rf "$tmp_dir" - -if [[ -n "$1" ]]; then - cliphist decode <<<"$1" | wl-copy - exit -fi - -mkdir -p "$tmp_dir" - -read -r -d '' prog <$tmp_dir/"grp[1]"."grp[3]) - print \$0"\0icon\x1f$tmp_dir/"grp[1]"."grp[3] - next -} -1 -EOF -cliphist list | gawk "$prog" diff --git a/home/sway/config b/home/sway/config deleted file mode 100644 index 1005b61..0000000 --- a/home/sway/config +++ /dev/null @@ -1,156 +0,0 @@ -set $mod Mod4 -set $alt Mod1 -set $left h -set $down j -set $up k -set $right l - -set $term $HOME/.config/sway/scripts/terminal.sh -set $menu rofi -show run -set $screenshot grim -g "$(slurp)" - | wl-copy -set $browser librewolf -set $clipboard rofi -show clipboard -show-icons -set $emoji rofi -show emoji - -set $font_family DejaVu Sans Mono -set $font_size 11 -set $bg #000000 -set $fg #ffffff -set $fgi #888888 - -set $wallpaper $HOME/wallpapers/nixos-c-book-large.png -set $lock swaylock -f -i $wallpaper -output * bg $wallpaper fill - -floating_modifier $mod normal -default_border pixel -smart_borders on -focus_follows_mouse always -# mouse_warping container - -bindsym $mod+Return exec $term -bindsym $mod+Ctrl+q kill -bindsym $mod+d exec $menu -bindsym $mod+Shift+c reload -bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' -bindsym Print exec $screenshot -bindsym $mod+comma exec $clipboard -bindsym $mod+period exec $emoji - -bindsym $mod+$alt+b exec $browser -bindsym $mod+$alt+a exec anki -bindsym $mod+$alt+f exec thunar -bindsym $mod+$alt+e exec evolution -bindsym $mod+p exec bitwarden -bindsym $mod+$alt+m exec element-desktop - -bindsym $mod+$left focus left -bindsym $mod+$down focus down -bindsym $mod+$up focus up -bindsym $mod+$right focus right - -bindsym $mod+Shift+$left move left -bindsym $mod+Shift+$down move down -bindsym $mod+Shift+$up move up -bindsym $mod+Shift+$right move right - -bindsym $mod+1 workspace number 1 -bindsym $mod+2 workspace number 2 -bindsym $mod+3 workspace number 3 -bindsym $mod+4 workspace number 4 -bindsym $mod+5 workspace number 5 -bindsym $mod+6 workspace number 6 -bindsym $mod+7 workspace number 7 -bindsym $mod+8 workspace number 8 -bindsym $mod+9 workspace number 9 -bindsym $mod+0 workspace number 10 - -bindsym $mod+Shift+1 move container to workspace number 1 -bindsym $mod+Shift+2 move container to workspace number 2 -bindsym $mod+Shift+3 move container to workspace number 3 -bindsym $mod+Shift+4 move container to workspace number 4 -bindsym $mod+Shift+5 move container to workspace number 5 -bindsym $mod+Shift+6 move container to workspace number 6 -bindsym $mod+Shift+7 move container to workspace number 7 -bindsym $mod+Shift+8 move container to workspace number 8 -bindsym $mod+Shift+9 move container to workspace number 9 -bindsym $mod+Shift+0 move container to workspace number 10 - -# mouse side buttons -bindsym --whole-window BTN_EXTRA exec ~/.config/sway/scripts/remote.sh btn1 -bindsym --whole-window BTN_SIDE exec ~/.config/sway/scripts/remote.sh - -bindsym $mod+b splith -bindsym $mod+v splitv - -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -bindsym $mod+f fullscreen - -bindsym $mod+Shift+space floating toggle - -bindsym $mod+space focus mode_toggle - -bindsym $mod+a focus parent -bindsym $mod+Shift+a focus child - -bindsym $mod+Shift+minus move scratchpad -bindsym $mod+minus scratchpad show - -mode "resize" { - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# keys to adjust volue and brightness -bindsym --locked XF86AudioMute exec "amixer -q sset Master,0 toggle" -bindsym --locked XF86AudioLowerVolume exec "amixer -q set Master 1%-" -bindsym --locked XF86AudioRaiseVolume exec "amixer -q sset Master 1%+" -bindsym --locked XF86MonBrightnessDown exec brightnessctl set 1%- -bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+ - -# lockscreen -bindsym $mod+Control+l exec $lock - -font pango:$font_family $font_size - -for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable -for_window [app_id="LibreWolf" title="^Extension"] floating enable -for_window [floating] border csd -for_window [app_id="Bitwarden"] floating enable -for_window [app_id=anki title="Add"] floating enable - -bar { - swaybar_command waybar -} - -input "type:touchpad" { - dwt enabled - tap enabled - natural_scroll enabled -} - -input "type:keyboard" { - xkb_layout us - xkb_options ctrl:nocaps - xkb_numlock enabled -} - -exec wl-paste --watch cliphist store -exec mako >> $HOME/mako.log 2>&1 -exec dbus-update-activation-environment --all - -exec swayidle -w \ - timeout 300 'swaymsg "output * power off"' \ - timeout 305 $lock \ - resume 'swaymsg "output * power on"' \ - before-sleep 'playerctl pause; swaylock -f' - -exec system-dnotify --ready diff --git a/home/sway/scripts/remote.sh b/home/sway/scripts/remote.sh deleted file mode 100755 index 741c26d..0000000 --- a/home/sway/scripts/remote.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(swaymsg -t get_tree |jq -r '..|try select(.focused == true) |.app_id') - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k v - wtype -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v - wtype -m ctrl - fi -fi diff --git a/home/sway/scripts/terminal.sh b/home/sway/scripts/terminal.sh deleted file mode 100755 index 42653c6..0000000 --- a/home/sway/scripts/terminal.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -focused_workspace=$(swaymsg -t get_workspaces | jq '.[] | select(.focused == true) | .num') - -foot_window_count=$(swaymsg -t get_tree | jq --argjson workspace "$focused_workspace" '[recurse(.nodes[]?) | select(.type == "workspace" and .num == $workspace) | recurse(.nodes[]?) | select(.app_id == "foot")] | length') - -next_session=$((focused_workspace * 10)) - -if [ "$foot_window_count" -gt 0 ] -then - next_session=$((next_session + foot_window_count)) -fi - -foot tmux new-session -A -s ${next_session} diff --git a/home/waybar/config b/home/waybar/config deleted file mode 100644 index 6038a44..0000000 --- a/home/waybar/config +++ /dev/null @@ -1,81 +0,0 @@ -{ - "layer": "top", // Waybar on highest layer so tooltips go over windows - "output": "eDP-1", // Set output to primary monitor - "height": 40, // Set height to avoid jumping due to active workspace indicator - - "margin-left": 0, - "margin-right": 0, - "margin-top": 0, - "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar - "modules-center": ["niri/window"], // Set modules for the center of the bar - "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar - "clock#time": { - "format": "{:%H:%M:%S}", - "interval": 1, - }, - "clock#date": { - "format": "{:%Y/%m/%d}", - "tooltip-format": "{calendar}", - "interval": 360, - "calendar": { - "mode": "month", - "mode-mon-col": 4, - "weeks-pos": "right", - "on-scroll": 1, - "on-click-right": "mode", - "format": { - "months": "{}", - "days": "{}", - "weeks": "W{}", - "weekdays": "{}", - "today": "{}", - }, - }, - }, - "battery": { - "interval": 60, - "states": { - "warning": 40, - "critical": 20, - }, - "format": "{icon} {capacity}%", - "format-icons": [ - "", - "", - "", - "", - "", - ], - "format-charging": "󱐌 {capacity}%", - }, - "cpu": { - "format": "{usage}%", - "interval": 4, - }, - "memory": { - "format": "{used}GiB", - "interval": 4, - }, - "temperature": { - "hwmon-path": "/sys/class/hwmon/hwmon4/temp1_input", - "critical-threshold": 80, - "format": "{temperatureC}°C", - "format-critical": "{temperatureC}°C", - "interval": 4, - }, - "wireplumber": { - "scroll-step": 1, // %, can be a float - "format": "{icon} {volume}%", - "format-muted": "󰝟 Muted", - "format-icons": ["", "", ""], - "on-click": "pavucontrol", - "interval": 4, - }, - "niri/window": { - "max-length": 64, - }, - "tray": { - "icon-size": 22, - "spacing": 6, - } -} diff --git a/home/waybar/style.css b/home/waybar/style.css deleted file mode 100644 index 438d892..0000000 --- a/home/waybar/style.css +++ /dev/null @@ -1,70 +0,0 @@ -.module, -#clock.date, -#clock.time, -#workspaces button { - background: transparent; - padding: 0 10px; - font-family: RobotoMono Nerd Font; - font-weight: 900; - font-size: 13pt; - color: #c0caf5; -} - -/* main waybar */ -window#waybar { - background: rgba(26, 27, 38, 1); - border: 2px solid #414868; -} - -/* when hovering over modules */ -tooltip { - background: #1e1e2e; - border-radius: 0; -} - -#workspaces { - padding-right: 0; -} - -#workspaces button { - padding: 2px; -} - -#clock { - padding-right: 100px; -} - - -/* Sets active workspace to have a solid line on the bottom */ -#workspaces button.focused { - border-bottom: 2px solid #7aa2f7; - border-radius: 0; - margin-top: 0px; - transition: none; -} - -/* More workspace stuff for highlighting on hover */ -#workspaces button.focused { - color: #a6adc8; -} - -#workspaces button.urgent { - color: #f7768e; -} - -#workspaces button:hover { - background: #11111b; - color: #cdd6f4; -} - -/* Hide window module when not focused on window or empty workspace */ -window#waybar.empty #window { - padding: 0; - margin: 0; - opacity: 0; -} - -/* Set up rounding to make these modules look like separate pills */ -#tray { - margin-right: 4px; -} diff --git a/home/yt/common.nix b/home/yt/common.nix index 28f3457..a8c9467 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -60,7 +60,11 @@ "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; url = { "ssh://git@github.com/" = { - insteadOf = "https://github.com/"; + insteadOf = [ + "https://github.com/" + "github:" + "gh:" + ]; }; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9ac7635..9910d78 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,8 +6,6 @@ { imports = [ ./common.nix - ../foot.nix - ../niri ../irssi.nix ../kitty.nix ../codium.nix @@ -27,102 +25,77 @@ x11.enable = true; }; - home.packages = with pkgs; [ - firefox - ungoogled-chromium - librewolf - bitwarden-desktop - fastfetch - nwg-look - kdePackages.gwenview - kdePackages.okular - kdePackages.qtwayland - mpv - yt-dlp - signal-desktop - pavucontrol - btop - jq - bash-language-server - sqlite - usbutils - clang-tools - calibre - tor-browser - wtype - bat - yarn - rclone - go - (rust-bin.selectLatestNightlyWith ( - toolchain: - toolchain.default.override { - extensions = [ "rust-src" ]; - } - )) - pwgen - lua-language-server - gnumake - minisign - unzip - lm_sensors - sshfs - gopls - anki-bin - trezorctl - trezor-agent - q - opentofu - terraform-ls - gdb - clang - seahorse - github-cli - fuzzel - nixpkgs-review - just - hugo - ghidra - sequoia - sccache - awscli2 - lldb - (cutter.withPlugins ( - p: with p; [ - rz-ghidra - jsdec - sigdb - ] - )) - ida-free - patchelf - radare2 - p7zip - qbittorrent - nil - pkg-config - gtk2 - gtk2-x11 - android-tools - frida-tools - mitmproxy - openssl - (python313.withPackages ( - p: with p; [ - python-lsp-server - pip - virtualenv - ] - )) - telegram-desktop - jadx - gradle - localsend - scrcpy - syncthing - syncthingtray - obsidian - ]; + home.packages = + with pkgs; + lib.flatten [ + ungoogled-chromium + librewolf + bitwarden-desktop + fastfetch + (with kdePackages; [ + gwenview + okular + ]) + mpv + signal-desktop + btop + jq + sqlite + usbutils + calibre + tor-browser + wtype + bat + rclone + go + (rust-bin.selectLatestNightlyWith ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) + pwgen + gnumake + unzip + anki-bin + trezorctl + trezor-agent + q + gdb + fuzzel + hugo + ghidra + sccache + awscli2 + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) + p7zip + qbittorrent + nil + android-tools + frida-tools + mitmproxy + (python313.withPackages ( + p: with p; [ + python-lsp-server + pip + virtualenv + ] + )) + jadx + scrcpy + syncthing + syncthingtray + (with llvmPackages; [ + clang + clang-tools + ]) + ]; programs.feh.enable = true; @@ -137,11 +110,10 @@ programs.git.extraConfig = { user = { - signingKey = "~/.ssh/id.key"; + signingKey = "~/.ssh/id_ed25519"; }; gpg.format = "ssh"; commit.gpgsign = true; - core.sshCommand = "ssh -i ~/.ssh/id.key"; }; home.sessionVariables = { @@ -161,6 +133,9 @@ AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + + # bitwarden ssh agent + SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; programs.nix-index-database.comma.enable = true; diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix deleted file mode 100644 index 74207fc..0000000 --- a/hosts/chunk/adguard.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: -{ - services.adguardhome = { - enable = true; - host = "127.0.0.1"; - port = 8082; - settings = { - http.port = "8083"; - users = [ - { - name = "cy"; - password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; - } - ]; - # do not listen eveywhere cause podman runs it's own DNS - dns.bind_hosts = [ - "127.0.0.1" - "::1" - "31.59.129.225" - "2a0f:85c1:840:2bfb::1" - ]; - }; - }; - - services.caddy.virtualHosts."dns.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8082 - ''; -} diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix deleted file mode 100644 index 464c8b7..0000000 --- a/hosts/chunk/attic.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: -{ - services.atticd = { - enable = true; - - environmentFile = config.sops.secrets."attic/env".path; - - settings = { - listen = "[::]:8090"; - api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" ]; - require-proof-of-possession = false; - compression.type = "zstd"; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = { - type = "s3"; - region = "auto"; - bucket = "attic"; - endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; - }; - - garbage-collection = { - default-retention-period = "2 weeks"; - }; - }; - }; - - services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8090 - ''; -} diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix deleted file mode 100644 index 48025e1..0000000 --- a/hosts/chunk/conduit.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.conduit = { - image = "ghcr.io/girlbossceo/conduwuit:main"; - autoStart = true; - ports = [ "127.0.0.1:8448:8448" ]; - pull = "newer"; - environment = { - CONDUWUIT_SERVER_NAME = "cything.io"; - CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit"; - CONDUWUIT_PORT = "8448"; - CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB - CONDUWUIT_ALLOW_REGISTRATION = "false"; - CONDUWUIT_ALLOW_FEDERATION = "true"; - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true"; - CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]''; - CONDUWUIT_ADDRESS = "0.0.0.0"; - # CONDUIT_CONFIG = ""; - }; - volumes = [ - "/opt/conduit/db:/var/lib/conduwuit/" - ]; - networks = [ "conduit-net" ]; - }; - - systemd.services.create-conduit-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-conduit.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists conduit-net || \ - ${pkgs.podman}/bin/podman network create conduit-net - ''; - }; -} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index ec85850..4a25cce 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -71,81 +71,74 @@ system.stateVersion = "24.05"; # network stuff + networking = { + hostName = "chunk"; + networkmanager.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + 53 + 853 + ]; + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - networking.hostName = "chunk"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - 53 - 853 - ]; - allowedUDPPorts = [ - 443 - 53 - 853 - ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in - '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # clear existing rules - ${tc} qdisc del dev ens18 root || true + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 30 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # tailscale - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 - ''; - }; - networking.interfaces.ens18 = { - ipv6.addresses = [ - { - address = "2a0f:85c1:840:2bfb::1"; - prefixLength = 64; - } - ]; - ipv4.addresses = [ - { - address = "31.59.129.225"; - prefixLength = 24; - } - ]; - }; - networking.defaultGateway6 = { - address = "2a0f:85c1:840::1"; - interface = "ens18"; - }; - networking.defaultGateway = { - address = "31.59.129.1"; - interface = "ens18"; - }; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ''; + }; + interfaces.ens18 = { + ipv6.addresses = [ + { + address = "2a0f:85c1:840:2bfb::1"; + prefixLength = 64; + } + ]; + ipv4.addresses = [ + { + address = "31.59.129.225"; + prefixLength = 24; + } + ]; + }; + defaultGateway6 = { + address = "2a0f:85c1:840::1"; + interface = "ens18"; + }; + defaultGateway = { + address = "31.59.129.1"; + interface = "ens18"; + }; }; users.users.yt = { @@ -179,7 +172,6 @@ tmux file sops - attic-server ]; environment.variables = { @@ -199,28 +191,9 @@ programs.git.enable = true; my.caddy.enable = true; - services.caddy.virtualHosts."cy7.sh" = { - serverAliases = [ "www.cy7.sh" ]; - extraConfig = '' - import common - redir https://cything.io temporary - ''; - }; # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - environment.enableAllTerminfo = true; + my.containerization.enable = true; my.roundcube.enable = true; my.zipline.enable = true; diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix deleted file mode 100644 index 5dd3fd4..0000000 --- a/hosts/chunk/deluge.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - services.deluge = { - enable = true; - web = { - enable = true; - port = 8112; - }; - }; - - services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8112 - ''; -} diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix deleted file mode 100644 index 753bcbd..0000000 --- a/hosts/chunk/gitlab.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, ... }: -{ - services.gitlab = { - enable = true; - https = true; - host = "git.cything.io"; - user = "git"; # so that you can ssh with git@git.cything.io - group = "git"; - port = 443; # this *not* the port gitlab will run on - puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma - sidekiq.concurrency = 5; - databaseUsername = "git"; # needs to be same as user - initialRootEmail = "hi@cything.io"; - initialRootPasswordFile = config.sops.secrets."gitlab/root".path; - secrets = { - secretFile = config.sops.secrets."gitlab/secret".path; - otpFile = config.sops.secrets."gitlab/otp".path; - jwsFile = config.sops.secrets."gitlab/jws".path; - dbFile = config.sops.secrets."gitlab/db".path; - }; - backup = { - startAt = "daily"; - # we already postgresqlbackup.service - skip = [ "db" ]; - keepTime = 48; # hours - }; - extraConfig = { - gitlab = { - # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database - default_color_mode = 2; - }; - prometheus.enabled = false; - }; - }; -} diff --git a/hosts/chunk/jellyfin.nix b/hosts/chunk/jellyfin.nix deleted file mode 100644 index c6e0dec..0000000 --- a/hosts/chunk/jellyfin.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.jellyfin = { - enable = true; - dataDir = "/mnt/jellyfin"; - configDir = "/var/lib/jellyfin/config"; - }; -} diff --git a/hosts/common.nix b/hosts/common.nix index 96317b8..80707cb 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -39,30 +39,46 @@ registry.nixpkgs.flake = inputs.nixpkgs; }; + i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { firewall.logRefusedConnections = false; nameservers = [ - # quad9 - "2620:fe::fe" - "2620:fe::9" - "9.9.9.9" - "149.112.112.112" + # quad9 (unfiltered) + "2620:fe::10" + "2620:fe::fe:10" + "9.9.9.10" + "149.112.112.110" ]; timeServers = [ + # https://github.com/jauderho/nts-servers + "ntp3.fau.de" "ntppool1.time.nl" - "nts.netnod.se" - "ptbtime1.ptb.de" - "ohio.time.system76.com" - "time.txryan.com" - "time.dfm.dk" + "time.signorini.ch" + "stratum1.time.cifelli.xyz" + "nts.teambelgium.net" + "c.st1.ntp.br" ]; }; services.chrony = { enable = true; enableNTS = true; + enableMemoryLocking = true; + extraConfig = '' + # Expedited Forwarding + dscp 46 + # disable command port + cmdport 0 + # only allow NTS + authselectmode require + # update the clock only when at least 3 sources agree on the correct time + minsources 3 + ''; }; # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; + + services.thermald.enable = true; + environment.enableAllTerminfo = true; } diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile deleted file mode 100644 index c306399..0000000 --- a/hosts/titan/Caddyfile +++ /dev/null @@ -1,41 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -cything.io { - import common - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD - header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - route { - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} - redir https://cy7.sh/posts{uri} permanent - } -} - -www.cything.io { - import common - redir https://cything.io{uri} permanent -} - -ntfy.cything.io { - import common - reverse_proxy localhost:8083 -} - -status.cything.io { - import common - reverse_proxy localhost:3001 -} diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix deleted file mode 100644 index ad09978..0000000 --- a/hosts/titan/backup.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - ... -}: -{ - my.backup = { - enable = true; - jobName = "titanRsync"; - repo = "titan"; - passFile = config.sops.secrets."borg/rsyncnet".path; - sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; - }; -} diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix deleted file mode 100644 index e8b03f0..0000000 --- a/hosts/titan/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ../common.nix - ./disk-config.nix - ./hardware-configuration.nix - ./ghost.nix - ./ntfy.nix - ./uptime-kuma.nix - ./backup.nix - ]; - - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; - sops.secrets = { - "caddy/env" = { - sopsFile = ../../secrets/services/caddy.yaml; - }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; - "borg/rsyncnet" = { - sopsFile = ../../secrets/borg/titan.yaml; - }; - "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/zh5061/titan.yaml; - }; - }; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" - ]; - - system.stateVersion = "24.05"; - - environment.systemPackages = with pkgs; [ - curl - git - ]; - - # network stuff - networking.hostName = "titan"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ - 443 - ]; - }; - - # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; - }; -} diff --git a/hosts/titan/disk-config.nix b/hosts/titan/disk-config.nix deleted file mode 100644 index 7c67624..0000000 --- a/hosts/titan/disk-config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/titan/ghost.nix b/hosts/titan/ghost.nix deleted file mode 100644 index a9f8293..0000000 --- a/hosts/titan/ghost.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.ghost = { - image = "ghost:5-alpine"; - autoStart = true; - ports = [ "127.0.0.1:8084:2368" ]; - pull = "newer"; - environment = { - database__client = "mysql"; - database__connection__host = "ghost-db"; - database__connection__user = "root"; - database__connection__password = "example"; - database__connection__database = "ghost"; - url = "https://cything.io"; - NODE_ENV = "production"; - }; - volumes = [ - "/opt/ghost/data:/var/lib/ghost/content" - ]; - networks = [ "ghost-net" ]; - dependsOn = [ "ghost-db" ]; - }; - - virtualisation.oci-containers.containers.ghost-db = { - image = "mysql:8.0"; - autoStart = true; - pull = "newer"; - environment = { - MYSQL_ROOT_PASSWORD = "example"; - }; - volumes = [ - "/opt/ghost/db:/var/lib/mysql" - ]; - networks = [ "ghost-net" ]; - }; - - systemd.services.create-ghost-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-ghost.service" - "${backend}-ghost-db.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists ghost-net || \ - ${pkgs.podman}/bin/podman network create ghost-net - ''; - }; -} diff --git a/hosts/titan/hardware-configuration.nix b/hosts/titan/hardware-configuration.nix deleted file mode 100644 index 2730f0c..0000000 --- a/hosts/titan/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - ... -}: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - virtualisation.hypervGuest.enable = true; -} diff --git a/hosts/titan/ntfy.nix b/hosts/titan/ntfy.nix deleted file mode 100644 index cc2cb47..0000000 --- a/hosts/titan/ntfy.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - services.ntfy-sh = { - enable = true; - settings = { - listen-http = "127.0.0.1:8083"; - base-url = "https://ntfy.cything.io"; - upstream-base-url = "https://ntfy.sh"; - auth-default-access = "deny-all"; - behind-proxy = true; - }; - }; -} diff --git a/hosts/titan/uptime-kuma.nix b/hosts/titan/uptime-kuma.nix deleted file mode 100644 index 8bc0251..0000000 --- a/hosts/titan/uptime-kuma.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - # data stored at /var/lib/uptime-kuma/ but does not expose - # an option to change it - services.uptime-kuma = { - enable = true; - settings.PORT = "3001"; - }; -} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index cd321c4..a187fa1 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -37,10 +37,9 @@ loader = { # lanzaboote replaces systemd-boot systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = false; # toggle when installing + efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce @@ -145,36 +144,25 @@ tmux vim wget - neovim - git - python3 - wl-clipboard - # mako # sway config uses this tree kitty borgbackup - brightnessctl - alsa-utils - nixd - bluetuith - libimobiledevice - pass-wayland htop file dnsutils + q age compsize wireguard-tools traceroute sops - restic - haskell-language-server - ghc sbctl # secure boot wine-wayland wine64 - solaar - gtk3 + lm_sensors + sshfs + openssl + just ]; environment.sessionVariables = { @@ -196,11 +184,13 @@ }; }; - fonts.packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; - fonts.enableDefaultPackages = true; + fonts = { + packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; + enableDefaultPackages = true; + }; hardware.enableAllFirmware = true; hardware.bluetooth = { @@ -253,8 +243,9 @@ hardware.steam-hardware.enable = true; services.logind = { - lidSwitch = "hibernate"; - powerKey = "hibernate"; + lidSwitch = "suspend"; + powerKey = "poweroff"; + suspendKey = "hibernate"; }; xdg.mime.defaultApplications = { @@ -263,31 +254,18 @@ "*/html" = "chromium-browser.desktop"; }; - programs.thunar = { - enable = true; - plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - }; - # preference changes don't work in thunar without this - programs.xfconf.enable = true; - # mount, trash and stuff in thunar - services.gvfs.enable = true; - # thumbnails in thunar - services.tumbler.enable = true; - virtualisation = { libvirtd.enable = true; - docker.enable = true; }; programs.virt-manager.enable = true; + my.containerization.enable = true; services.usbmuxd.enable = true; programs.nix-ld.dev = { enable = true; # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ libraries = with pkgs; [ + # TODO: revisit what we actually need mesa extest stdenv.cc.cc @@ -359,6 +337,7 @@ enable = true; plugins = with pkgs.obs-studio-plugins; [ wlrobs + obs-pipewire-audio-capture ]; }; @@ -382,12 +361,6 @@ SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" ''; - programs.ssh = { - askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; - startAgent = true; - enableAskPassword = true; - }; - services.desktopManager.plasma6 = { enable = true; enableQt5Integration = true; @@ -403,11 +376,6 @@ programs.kdeconnect.enable = true; programs.dconf.enable = true; - programs.java = { - enable = true; - binfmt = true; - }; - programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; } diff --git a/modules/containerization.nix b/modules/containerization.nix new file mode 100644 index 0000000..416d2bf --- /dev/null +++ b/modules/containerization.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.containerization; +in +{ + options.my.containerization = { + enable = lib.mkEnableOption "containerization"; + usePodman = lib.mkOption { + type = lib.types.bool; + default = true; + description = "whether to use podman instead of docker"; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + containers.enable = true; + podman = lib.mkIf cfg.usePodman { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + }; + oci-containers.backend = lib.mkIf cfg.usePodman "podman"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 96ea519..0fec850 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,5 +5,6 @@ ./caddy.nix ./roundcube.nix ./zipline.nix + ./containerization.nix ]; } From 646836d08da8c699aa3c43fcec678496884272c6 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 3 Mar 2025 15:50:57 -0500 Subject: [PATCH 263/410] clean up flake --- flake.lock | 140 ----------------------------------------------------- flake.nix | 26 ++-------- 2 files changed, 3 insertions(+), 163 deletions(-) diff --git a/flake.lock b/flake.lock index 1550e29..d7443e2 100644 --- a/flake.lock +++ b/flake.lock @@ -204,27 +204,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", - "owner": "nix-community", - "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "latest", - "repo": "disko", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -680,66 +659,6 @@ "type": "github" } }, - "niri": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ], - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1740817768, - "narHash": "sha256-NFu4LhDHkc4xonmpknh2cI/0ozeXjFmoMxVz1HecqxI=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "f3dde1ed6d76545ac637a80a356d50f6a7089a2a", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1740117926, - "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "b94a5db8790339cf9134873d8b490be69e02ac71", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.02", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1740749946, - "narHash": "sha256-uA03y5H8XI00ZxOIAAj3RGGOBOQCFjLyjLc79NH01oI=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "66113d7d76f6cf7d06e2ccde9281ff9bafab126c", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, "nix": { "inputs": { "flake-compat": [ @@ -1098,29 +1017,6 @@ "type": "github" } }, - "plasma-manager": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740569341, - "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", - "owner": "nix-community", - "repo": "plasma-manager", - "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "plasma-manager", - "type": "github" - } - }, "pre-commit-hooks": { "flake": false, "locked": { @@ -1185,7 +1081,6 @@ "inputs": { "conduwuit": "conduwuit", "crane": "crane_2", - "disko": "disko", "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "flake-utils": "flake-utils", @@ -1194,14 +1089,12 @@ "lix": "lix", "lix-module": "lix-module", "nil": "nil", - "niri": "niri", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_4", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", - "plasma-manager": "plasma-manager", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", @@ -1340,39 +1233,6 @@ "repo": "nix-vscode-extensions", "type": "github" } - }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1739246919, - "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.5.1", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1739246919, - "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e1a6338..821bc80 100644 --- a/flake.nix +++ b/flake.nix @@ -16,10 +16,6 @@ url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko/latest"; - inputs.nixpkgs.follows = "nixpkgs"; - }; lanzaboote = { url = "github:nix-community/lanzaboote/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -37,11 +33,6 @@ url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; - niri = { - url = "github:sodiboo/niri-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; - }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -70,11 +61,6 @@ url = "github:nix-community/nix-ld"; inputs.nixpkgs.follows = "nixpkgs"; }; - plasma-manager = { - url = "github:nix-community/plasma-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; nil = { url = "github:oxalica/nil"; inputs.nixpkgs.follows = "nixpkgs"; @@ -105,13 +91,11 @@ nixConfig = { extra-substituters = [ - "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" ]; extra-trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" @@ -124,7 +108,6 @@ self, nixpkgs, home-manager, - disko, flake-parts, ... }@inputs: @@ -165,7 +148,6 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ - inputs.niri.overlays.niri inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); @@ -184,10 +166,9 @@ nixpkgs = { inherit pkgs; }; } ./hosts/ytnix - inputs.sops-nix.nixosModules.sops ./modules + inputs.sops-nix.nixosModules.sops inputs.lanzaboote.nixosModules.lanzaboote - inputs.niri.nixosModules.niri inputs.lix-module.nixosModules.default inputs.nix-ld.nixosModules.nix-ld ]; @@ -199,8 +180,9 @@ nixpkgs = { inherit pkgs; }; } ./hosts/chunk - inputs.sops-nix.nixosModules.sops ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default ]; }; }; @@ -215,8 +197,6 @@ modules = [ ./home/yt/ytnix.nix inputs.nixvim.homeManagerModules.nixvim - inputs.niri.homeModules.config - inputs.plasma-manager.homeManagerModules.plasma-manager inputs.nix-index-database.hmModules.nix-index ]; }; From 5efbd424b0be971dd36b0c7dd1fbc091c9d522b0 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 3 Mar 2025 16:16:47 -0500 Subject: [PATCH 264/410] remove some more dead code and install clang and stuff --- home/yt/codespace.nix | 22 ---------------------- home/yt/ytnix.nix | 9 +++++++-- hosts/ytnix/default.nix | 2 ++ 3 files changed, 9 insertions(+), 24 deletions(-) delete mode 100644 home/yt/codespace.nix diff --git a/home/yt/codespace.nix b/home/yt/codespace.nix deleted file mode 100644 index 6720c17..0000000 --- a/home/yt/codespace.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - ... -}: -{ - imports = [ - ./common.nix - ]; - home = { - username = "codespace"; - homeDirectory = "/home/codespace"; - stateVersion = "24.05"; - }; - programs.home-manager.enable = true; - - systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - foot.terminfo - attic-client - ]; -} diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9910d78..0f8322f 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -92,9 +92,14 @@ syncthing syncthingtray (with llvmPackages; [ - clang - clang-tools + clangUseLLVM + libcxxClang + stdenv + libcxx + libcxxStdenv + compiler-rt ]) + nix-output-monitor ]; programs.feh.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a187fa1..66607a3 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -163,6 +163,8 @@ sshfs openssl just + killall + lshw ]; environment.sessionVariables = { From a6db9e3b8aa511fadbffcee41381fc94d7e3eeee Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 4 Mar 2025 00:37:22 -0500 Subject: [PATCH 265/410] bring vaultwarden home and play "games" --- home/codium.nix | 27 ++++++++++++------------- home/yt/ytnix.nix | 6 ++---- home/zsh/default.nix | 6 +++--- hosts/ytnix/default.nix | 44 +++++++++++++++++++++++++++++++++++++---- 4 files changed, 58 insertions(+), 25 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index ee1b67e..2d7bb9d 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,20 +10,18 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - ( - with pkgs.open-vsx; - [ - vscodevim.vim - jnoortheen.nix-ide - github.github-vscode-theme - rust-lang.rust-analyzer - shd101wyy.markdown-preview-enhanced - alefragnani.bookmarks - tomrijndorp.find-it-faster - streetsidesoftware.code-spell-checker - emilast.logfilehighlighter - ] - ); + with pkgs.open-vsx; + [ + vscodevim.vim + jnoortheen.nix-ide + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + alefragnani.bookmarks + tomrijndorp.find-it-faster + streetsidesoftware.code-spell-checker + emilast.logfilehighlighter + ]; userSettings = let vimCommonKeyBindings = [ @@ -54,6 +52,7 @@ "editor.acceptSuggestionOnCommitCharacter" = false; "git.openRepositoryInParentFolders" = "never"; "git.ignoreLimitWarning" = true; + "git.blame.editorDecoration.enabled" = true; "extensions.ignoreRecommendations" = true; "telemetry.enableTelemetry" = false; "telemetry.telemetryLevel" = "off"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 0f8322f..b368bae 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -31,6 +31,7 @@ ungoogled-chromium librewolf bitwarden-desktop + bitwarden-cli fastfetch (with kdePackages; [ gwenview @@ -93,11 +94,8 @@ syncthingtray (with llvmPackages; [ clangUseLLVM - libcxxClang - stdenv - libcxx - libcxxStdenv compiler-rt + libllvm ]) nix-output-monitor ]; diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 29a7ef9..9b5bcc6 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -90,9 +90,9 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake ."; - "nrt" = "sudo nixos-rebuild test -L --flake ."; - "hrs" = "home-manager switch -L --flake ."; + "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; + "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; + "hrs" = "home-manager switch -L --flake . |& nom --json"; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 66607a3..7fd9309 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -31,6 +31,9 @@ sopsFile = ../../secrets/yt/aws.yaml; owner = "yt"; }; + "vaultwarden/env" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + }; }; boot = { @@ -140,7 +143,7 @@ "adbusers" ]; - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs; lib.flatten [ tmux vim wget @@ -157,14 +160,29 @@ traceroute sops sbctl # secure boot - wine-wayland - wine64 lm_sensors sshfs openssl just killall lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) ]; environment.sessionVariables = { @@ -242,7 +260,7 @@ extest.enable = true; extraCompatPackages = with pkgs; [ proton-ge-bin ]; }; - hardware.steam-hardware.enable = true; + programs.gamescope.enable = true; services.logind = { lidSwitch = "suspend"; @@ -380,4 +398,22 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + + services.postgresql = { + enable = true; + settings.port = 5432; + package = pkgs.postgresql_17; + enableTCPIP = true; + }; + + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + }; + }; } From b5e3bf8e54140f380db80eb2958e3263cd143d77 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 4 Mar 2025 13:00:48 -0500 Subject: [PATCH 266/410] make vaultwarden a module and enable ssh-agent feature --- hosts/chunk/vaultwarden.nix | 13 ++----------- hosts/common.nix | 2 +- hosts/ytnix/default.nix | 11 +---------- modules/default.nix | 1 + modules/vaultwarden.nix | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 37 insertions(+), 22 deletions(-) create mode 100644 modules/vaultwarden.nix diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index 7529610..cedece2 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,15 +1,6 @@ -{ config, ... }: +{ ... }: { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - }; - }; + my.vaultwarden.enable = true; services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' import common diff --git a/hosts/common.nix b/hosts/common.nix index 80707cb..feafd17 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -54,7 +54,7 @@ # https://github.com/jauderho/nts-servers "ntp3.fau.de" "ntppool1.time.nl" - "time.signorini.ch" + "ntpmon.dcs1.biz" "stratum1.time.cifelli.xyz" "nts.teambelgium.net" "c.st1.ntp.br" diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 7fd9309..7873c92 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -406,14 +406,5 @@ enableTCPIP = true; }; - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "0.0.0.0"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - }; - }; + my.vaultwarden.enable = true; } diff --git a/modules/default.nix b/modules/default.nix index 0fec850..489ec66 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -6,5 +6,6 @@ ./roundcube.nix ./zipline.nix ./containerization.nix + ./vaultwarden.nix ]; } diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix new file mode 100644 index 0000000..8fda611 --- /dev/null +++ b/modules/vaultwarden.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vaultwarden; +in +{ + options.my.vaultwarden = { + enable = lib.mkEnableOption "vaultwarden"; + domain = lib.mkOption { + type = lib.types.str; + default = "https://pass.cy7.sh"; + }; + }; + + config = lib.mkIf cfg.enable { + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2"; + DOMAIN = cfg.domain; + }; + }; + }; +} \ No newline at end of file From a5635bc948904d81a49ed5b2bd44177ba4721928 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 4 Mar 2025 14:43:27 -0500 Subject: [PATCH 267/410] yt: enable postgresql backup --- hosts/ytnix/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 7873c92..630afce 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -405,6 +405,10 @@ package = pkgs.postgresql_17; enableTCPIP = true; }; + services.postgresqlBackup = { + enable = true; + startAt = "hourly"; + }; my.vaultwarden.enable = true; } From cf125f8cd20dbc300c1283cc128787020803ba03 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 4 Mar 2025 14:54:55 -0500 Subject: [PATCH 268/410] pin vscode-extensions --- flake.lock | 1 + flake.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index d7443e2..c6ca2b9 100644 --- a/flake.lock +++ b/flake.lock @@ -1231,6 +1231,7 @@ "original": { "owner": "nix-community", "repo": "nix-vscode-extensions", + "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" } } diff --git a/flake.nix b/flake.nix index 821bc80..12de664 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,8 @@ inputs.flake-utils.follows = "flake-utils"; }; vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions"; + # https://github.com/nix-community/nix-vscode-extensions/issues/102 + url = "github:nix-community/nix-vscode-extensions/1fc267a10f46200e32f0850caa396bd1ba4ba08e"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; inputs.flake-compat.follows = "flake-compat"; From 6cc04504a4d851bd16845e45834e27d0a7015fba Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 4 Mar 2025 14:56:28 -0500 Subject: [PATCH 269/410] flake update Signed-off-by: cy --- flake.lock | 101 ++++++++++++++++++++++------------------------------- 1 file changed, 42 insertions(+), 59 deletions(-) diff --git a/flake.lock b/flake.lock index c6ca2b9..be8d519 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", + "lastModified": 1741021986, + "narHash": "sha256-VX8M6arxQU05mipDmLjk0TJVRNzu+VQx3w1gVmyPkO4=", "owner": "ipetkov", "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", + "rev": "5245473d6638a96da540e44372da96eebb97735a", "type": "github" }, "original": { @@ -327,11 +327,11 @@ ] }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1740840901, - "narHash": "sha256-nAHSkQJ2J5W8rGSReohh4xZ1b2edkG2UIj/4tF+ARAQ=", + "lastModified": 1741056285, + "narHash": "sha256-/JKDMVqq8PIqcGonBVKbKq1SooV3kzGmv+cp3rKAgPA=", "owner": "nix-community", "repo": "home-manager", - "rev": "30da4310935450ea38931abf775ffe1dfab15355", + "rev": "70fbbf05a5594b0a72124ab211bff1d502c89e3f", "type": "github" }, "original": { @@ -533,11 +533,11 @@ ] }, "locked": { - "lastModified": 1740440383, - "narHash": "sha256-w8ixbqOGrVWMQZFFs4uAwZpuwuGMzFoKjocMFxTR5Ts=", + "lastModified": 1741001137, + "narHash": "sha256-XxWib5eI3rgMPA4VzDHOx89WT76IN/ZNb+votz5gakw=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "6321bc060d757c137c1fbae2057c7e941483878f", + "rev": "cc9786aa8158437facead0d8e21ac0c03be91dc8", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740781229, - "narHash": "sha256-H8i+LhDQr6PbAxFt37TXYoRkwHvGlSTuNJUrlE5bb0w=", + "lastModified": 1741082941, + "narHash": "sha256-mxMbmNSXLZ0G+4uPEXCodjRJffqh/Jq4X5pgFuQFZB0=", "ref": "refs/heads/main", - "rev": "99bc6867e8913ad8f5fa7d63fefd885743eac4c1", - "revCount": 17539, + "rev": "ca89e431a31527a014bfd0d529da2a8099027a5f", + "revCount": 17577, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -745,11 +745,11 @@ ] }, "locked": { - "lastModified": 1740281615, - "narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=", + "lastModified": 1740886574, + "narHash": "sha256-jN6kJ41B6jUVDTebIWeebTvrKP6YiLd1/wMej4uq4Sk=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023", + "rev": "26a0f969549cf4d56f6e9046b9e0418b3f3b94a5", "type": "github" }, "original": { @@ -765,11 +765,11 @@ ] }, "locked": { - "lastModified": 1740390822, - "narHash": "sha256-UnMANgi2Zf4gf4p49cXM4fDRrPEpN6oJJMXT4Z2BW/U=", + "lastModified": 1740995332, + "narHash": "sha256-SELnZZg9LOhw+kz60yEAr3l1plu70rBLInMRszLHtuc=", "owner": "nix-community", "repo": "nix-ld", - "rev": "4c86e9f94553bceba004c48be6f2691971d2a6f7", + "rev": "090c2003e3faa739e5a94e0a3cd782a1ccc40964", "type": "github" }, "original": { @@ -860,27 +860,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_4": { - "locked": { - "lastModified": 1740743217, - "narHash": "sha256-brsCRzLqimpyhORma84c3W2xPbIidZlIc3JGIuQVSNI=", + "lastModified": 1740932899, + "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b27ba4eb322d9d2bf2dc9ada9fd59442f50c8d7c", + "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", "type": "github" }, "original": { @@ -940,11 +924,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740804553, - "narHash": "sha256-1vP/NaV+Ps+kFqfVBJ5yxYahML9Vk6VwLndtU9bDvUE=", + "lastModified": 1741073343, + "narHash": "sha256-8qmLpDUmaiBGLZkFfVyK5/T5fyTXXGdzCRdqAtO0gf4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9114ab05304c83c930673fee79948b3fb14acd9a", + "rev": "72bccb2960235fd31de456566789c324a251f297", "type": "github" }, "original": { @@ -965,11 +949,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1740520037, - "narHash": "sha256-TpZMYjOre+6GhKDVHFwoW2iBWqpNQppQTuqIAo+OBV8=", + "lastModified": 1741098523, + "narHash": "sha256-gXDSXDr6tAb+JgxGMvcEjKC9YO8tVOd8hMMZHJLyQ6Q=", "owner": "nix-community", "repo": "nixvim", - "rev": "6f8d8f7aee84f377f52c8bb58385015f9168a666", + "rev": "03065fd4708bfdf47dd541d655392a60daa25ded", "type": "github" }, "original": { @@ -1043,15 +1027,14 @@ "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_3" + ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { @@ -1092,7 +1075,7 @@ "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_4", + "nixpkgs-stable": "nixpkgs-stable_3", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "rust-overlay": "rust-overlay", @@ -1125,11 +1108,11 @@ ] }, "locked": { - "lastModified": 1740796337, - "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", + "rev": "aefb7017d710f150970299685e8d8b549d653649", "type": "github" }, "original": { @@ -1145,11 +1128,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1741043164, + "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", "type": "github" }, "original": { From 91165ea5630ceeeb8618260f650c12a6680ff461 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 6 Mar 2025 11:29:53 -0500 Subject: [PATCH 270/410] disable btrbk; install pixelflasher from my flake --- flake.lock | 24 ++++++++++++++++++++++++ flake.nix | 5 +++++ home/yt/ytnix.nix | 2 ++ hosts/ytnix/default.nix | 21 +-------------------- overlay/default.nix | 10 ++++++---- 5 files changed, 38 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index be8d519..e0b240d 100644 --- a/flake.lock +++ b/flake.lock @@ -1001,6 +1001,29 @@ "type": "github" } }, + "pixelflasher": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741157109, + "narHash": "sha256-yoOMkH0n7e3UQSEAHHDuoBRDbJhnSymjt3gtoA8mMkI=", + "owner": "cything", + "repo": "pixelflasher-flake", + "rev": "400c423071a4807ac01152a1060b75df4a11cc2d", + "type": "github" + }, + "original": { + "owner": "cything", + "repo": "pixelflasher-flake", + "type": "github" + } + }, "pre-commit-hooks": { "flake": false, "locked": { @@ -1078,6 +1101,7 @@ "nixpkgs-stable": "nixpkgs-stable_3", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", + "pixelflasher": "pixelflasher", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", diff --git a/flake.nix b/flake.nix index 12de664..a6b7f75 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,11 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + pixelflasher = { + url = "github:cything/pixelflasher-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index b368bae..75c3ba0 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -98,6 +98,8 @@ libllvm ]) nix-output-monitor + wl-clipboard-rs + pixelflasher ]; programs.feh.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 630afce..d367021 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -217,7 +217,6 @@ enable = true; powerOnBoot = true; }; - services.blueman.enable = true; my.backup = { enable = true; @@ -236,25 +235,6 @@ sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; }; - services.btrbk.instances.local = { - onCalendar = "hourly"; - # only create snapshots automatically. backups are triggered manually with `btrbk resume` - snapshotOnly = true; - settings = { - snapshot_preserve_min = "latest"; - target_preserve = "30d"; - target_preserve_min = "2d"; - target = "/mnt/target/btr_backup/ytnix"; - stream_compress = "zstd"; - stream_compress_level = "8"; - snapshot_dir = "/snapshots"; - subvolume = { - "/home" = { }; - "/" = { }; - }; - }; - }; - programs.steam = { enable = true; extest.enable = true; @@ -293,6 +273,7 @@ fontconfig libxkbcommon zlib + libz libxml2 dbus freetype diff --git a/overlay/default.nix b/overlay/default.nix index 6a824d1..cf1e97a 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -11,12 +11,14 @@ importedOverlays ( final: prev: let - pkgFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - stable = inputs.nixpkgs-stable; + # nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + pkgFrom = flake: pkgFrom' flake "default"; + pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; in { conduwuit = - inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; + pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + pixelflasher = pkgFrom inputs.pixelflasher; } ) -] +] \ No newline at end of file From 8f22c8a77d2dfd78a4697d548bf5c40e7797c3d9 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 6 Mar 2025 12:59:07 -0500 Subject: [PATCH 271/410] workflow: don't continue on error --- .github/workflows/build-machines-and-homes.yml | 2 -- .github/workflows/build-packages.yml | 3 --- 2 files changed, 5 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index b8a1d2e..2e8073c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} - continue-on-error: true steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -69,7 +68,6 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} - continue-on-error: true steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 1fb55fd..408dd76 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -11,15 +11,12 @@ jobs: strategy: matrix: package: - - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr - - github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact - ${{ inputs.package }} os: - ubuntu-latest - macos-latest - ubuntu-24.04-arm runs-on: ${{ matrix.os }} - continue-on-error: true steps: - name: Install Nix uses: cachix/install-nix-action@v30 From 9f92e1665ed4a1665140d7b8e6a87fb73b6dd50a Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 6 Mar 2025 15:03:54 -0500 Subject: [PATCH 272/410] don't cache nix store when building packages --- .github/workflows/build-packages.yml | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 408dd76..74b04ac 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -20,31 +20,17 @@ jobs: steps: - name: Install Nix uses: cachix/install-nix-action@v30 + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true + - run: nix build -L ${{ matrix.package }} From 1448566c38356a85382ed747896907171f3de52c Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 6 Mar 2025 15:08:57 -0500 Subject: [PATCH 273/410] workflow: also build packages on intel mac --- .github/workflows/build-packages.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 74b04ac..c6e8298 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -14,8 +14,9 @@ jobs: - ${{ inputs.package }} os: - ubuntu-latest - - macos-latest - ubuntu-24.04-arm + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - name: Install Nix @@ -32,5 +33,5 @@ jobs: authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - + - run: nix build -L ${{ matrix.package }} From 09754dbaa8a5041eb7030ef59fa50d37eee8fc78 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 6 Mar 2025 15:20:26 -0500 Subject: [PATCH 274/410] workflow: disable fail-fast when building packages --- .github/workflows/build-packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index c6e8298..72fc72c 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -9,6 +9,7 @@ on: jobs: build-packages: strategy: + fail-fast: false matrix: package: - ${{ inputs.package }} From 72303fd21ce0a9442f9d319225dcf108f32bec11 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Mar 2025 14:59:43 -0500 Subject: [PATCH 275/410] use pixelflasher from my nixpkgs pr --- flake.lock | 19 ++++++------------- flake.nix | 6 +----- home/yt/ytnix.nix | 1 + hosts/ytnix/default.nix | 1 + overlay/default.nix | 4 ++-- 5 files changed, 11 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index e0b240d..87450d3 100644 --- a/flake.lock +++ b/flake.lock @@ -1002,25 +1002,18 @@ } }, "pixelflasher": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1741157109, - "narHash": "sha256-yoOMkH0n7e3UQSEAHHDuoBRDbJhnSymjt3gtoA8mMkI=", + "lastModified": 1741302870, + "narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=", "owner": "cything", - "repo": "pixelflasher-flake", - "rev": "400c423071a4807ac01152a1060b75df4a11cc2d", + "repo": "nixpkgs", + "rev": "5ef8b274bb7f939104295a22cec3382268ed73cc", "type": "github" }, "original": { "owner": "cything", - "repo": "pixelflasher-flake", + "ref": "pixelflasher", + "repo": "nixpkgs", "type": "github" } }, diff --git a/flake.nix b/flake.nix index a6b7f75..cdb829e 100644 --- a/flake.nix +++ b/flake.nix @@ -78,11 +78,7 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; - pixelflasher = { - url = "github:cything/pixelflasher-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; + pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 75c3ba0..c0182e7 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -100,6 +100,7 @@ nix-output-monitor wl-clipboard-rs pixelflasher + element-desktop ]; programs.feh.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index d367021..7f41acb 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -229,6 +229,7 @@ "**/.wine" "/home/yt/Games" "/home/yt/Videos" + "/home/yt/.bitmonero" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; diff --git a/overlay/default.nix b/overlay/default.nix index cf1e97a..d617b17 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -11,14 +11,14 @@ importedOverlays ( final: prev: let - # nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; pkgFrom = flake: pkgFrom' flake "default"; pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; in { conduwuit = pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; - pixelflasher = pkgFrom inputs.pixelflasher; + pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; } ) ] \ No newline at end of file From f8ac4c667d6c523330827c03c1fe31fbe3b260d2 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Mar 2025 17:23:27 -0500 Subject: [PATCH 276/410] add searx and fix caddy cloudflare stuff --- .sops.yaml | 6 ++++++ hosts/chunk/default.nix | 4 ++++ hosts/ytnix/default.nix | 2 +- modules/caddy.nix | 7 ++++--- modules/default.nix | 1 + modules/searx.nix | 35 +++++++++++++++++++++++++++++++++++ secrets/services/caddy.yaml | 6 +++--- secrets/services/searx.yaml | 31 +++++++++++++++++++++++++++++++ 8 files changed, 85 insertions(+), 7 deletions(-) create mode 100644 modules/searx.nix create mode 100644 secrets/services/searx.yaml diff --git a/.sops.yaml b/.sops.yaml index 96b61cd..6276e76 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,3 +118,9 @@ creation_rules: - age: - *chunk - *cy + + - path_regex: secrets/services/searx.yaml + key_groups: + - age: + - *chunk + - *cy \ No newline at end of file diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 4a25cce..48d7d84 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -60,6 +60,9 @@ "zipline/env" = { sopsFile = ../../secrets/services/zipline.yaml; }; + "searx/env" = { + sopsFile = ../../secrets/services/searx.yaml; + }; }; boot = { @@ -197,4 +200,5 @@ my.roundcube.enable = true; my.zipline.enable = true; + my.searx.enable = true; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 7f41acb..cfbfc09 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -353,7 +353,7 @@ services.ollama.enable = false; - services.trezord.enable = false; + services.trezord.enable = true; programs.niri.enable = false; programs.niri.package = pkgs.niri-unstable; diff --git a/modules/caddy.nix b/modules/caddy.nix index 03d7a4a..6b46cb5 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -29,11 +29,12 @@ in (common) { encode zstd gzip header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + tls { + dns cloudflare {$CLOUDFLARE_KEY} + resolvers 1.1.1.1 8.8.8.8 + } } ''; - globalConfig = '' - acme_dns cloudflare {$CLOUDFLARE_KEY} - ''; environmentFile = config.sops.secrets."caddy/env".path; }; }; diff --git a/modules/default.nix b/modules/default.nix index 489ec66..b93f89f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -7,5 +7,6 @@ ./zipline.nix ./containerization.nix ./vaultwarden.nix + ./searx.nix ]; } diff --git a/modules/searx.nix b/modules/searx.nix new file mode 100644 index 0000000..3eb178a --- /dev/null +++ b/modules/searx.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.searx; + sockPath = "/run/searx/searx.sock"; +in +{ + options.my.searx = { + enable = lib.mkEnableOption "searx"; + }; + + config = lib.mkIf cfg.enable { + services.searx = { + enable = true; + runInUwsgi = true; + uwsgiConfig = { + disable-logging = true; + http = "127.0.0.1:8090"; + }; + settings = { + # get secret from env + server.secret_key = "@SEARX_SECRET_KEY@"; + }; + environmentFile = config.sops.secrets."searx/env".path; + }; + + services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:8090 + ''; + }; +} \ No newline at end of file diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 2ff8b4c..5f3ea62 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] + env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-30T17:26:39Z" - mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] + lastmodified: "2025-03-08T21:05:07Z" + mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/services/searx.yaml b/secrets/services/searx.yaml new file mode 100644 index 0000000..46df77e --- /dev/null +++ b/secrets/services/searx.yaml @@ -0,0 +1,31 @@ +searx: + env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD + Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP + WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR + d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg + XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx + cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy + OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3 + ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL + W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-08T20:52:15Z" + mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 From 4b458e7cd89315c21ccc9ff9d7d9811fe3408178 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Mar 2025 17:48:35 -0500 Subject: [PATCH 277/410] remove vaultwarden from ytnix --- hosts/ytnix/default.nix | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index cfbfc09..c097165 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -380,17 +380,4 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; - - services.postgresql = { - enable = true; - settings.port = 5432; - package = pkgs.postgresql_17; - enableTCPIP = true; - }; - services.postgresqlBackup = { - enable = true; - startAt = "hourly"; - }; - - my.vaultwarden.enable = true; } From 2f7429a2c8f9752f92ed1456a3b0cd54236578c3 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Mar 2025 20:39:17 -0500 Subject: [PATCH 278/410] searx: use limiter --- modules/searx.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/searx.nix b/modules/searx.nix index 3eb178a..9e23955 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -5,7 +5,6 @@ }: let cfg = config.my.searx; - sockPath = "/run/searx/searx.sock"; in { options.my.searx = { @@ -25,6 +24,19 @@ in server.secret_key = "@SEARX_SECRET_KEY@"; }; environmentFile = config.sops.secrets."searx/env".path; + redisCreateLocally = true; # required for limiter + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + botdetection.ip_lists.pass_ip = [ + "100.121.152.86" + "100.66.32.54" + ]; + link_token = true; + }; }; services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' From 59de12e8920926e689822270a60cb6de835ebdb1 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 8 Mar 2025 17:50:21 -0500 Subject: [PATCH 279/410] flake update Signed-off-by: cy --- flake.lock | 68 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index 87450d3..8916bfc 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741021986, - "narHash": "sha256-VX8M6arxQU05mipDmLjk0TJVRNzu+VQx3w1gVmyPkO4=", + "lastModified": 1741396358, + "narHash": "sha256-js4c6tqxluo4Fysn8gloLnlZ6ZjQkuWMgGjHN8+WssE=", "owner": "ipetkov", "repo": "crane", - "rev": "5245473d6638a96da540e44372da96eebb97735a", + "rev": "aaebfb7ce7e13c691aea178aff7621906f466662", "type": "github" }, "original": { @@ -327,11 +327,11 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1741056285, - "narHash": "sha256-/JKDMVqq8PIqcGonBVKbKq1SooV3kzGmv+cp3rKAgPA=", + "lastModified": 1741461731, + "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=", "owner": "nix-community", "repo": "home-manager", - "rev": "70fbbf05a5594b0a72124ab211bff1d502c89e3f", + "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44", "type": "github" }, "original": { @@ -533,11 +533,11 @@ ] }, "locked": { - "lastModified": 1741001137, - "narHash": "sha256-XxWib5eI3rgMPA4VzDHOx89WT76IN/ZNb+votz5gakw=", + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "cc9786aa8158437facead0d8e21ac0c03be91dc8", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1741082941, - "narHash": "sha256-mxMbmNSXLZ0G+4uPEXCodjRJffqh/Jq4X5pgFuQFZB0=", + "lastModified": 1741358751, + "narHash": "sha256-cDPg74UirjlGcVjB9qI/8ImkdEJ9p2y8Y2FQBfU8KzY=", "ref": "refs/heads/main", - "rev": "ca89e431a31527a014bfd0d529da2a8099027a5f", - "revCount": 17577, + "rev": "93c3ca4e92b8cd1a129498f4c3f4c48558032d46", + "revCount": 17620, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -646,11 +646,11 @@ ] }, "locked": { - "lastModified": 1732053863, - "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=", + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", "owner": "oxalica", "repo": "nil", - "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", "type": "github" }, "original": { @@ -745,11 +745,11 @@ ] }, "locked": { - "lastModified": 1740886574, - "narHash": "sha256-jN6kJ41B6jUVDTebIWeebTvrKP6YiLd1/wMej4uq4Sk=", + "lastModified": 1741446546, + "narHash": "sha256-0z0GiUsUhjhZWa24bcAxqmlI3Ch8QvEeh42wghc6oVw=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "26a0f969549cf4d56f6e9046b9e0418b3f3b94a5", + "rev": "eeaf10849c3a0435323216885c0df7569dc95cb9", "type": "github" }, "original": { @@ -860,11 +860,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1740932899, - "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { @@ -924,11 +924,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741073343, - "narHash": "sha256-8qmLpDUmaiBGLZkFfVyK5/T5fyTXXGdzCRdqAtO0gf4=", + "lastModified": 1741455743, + "narHash": "sha256-raXtjhD9mmNrVdCoJkYoUo0X2lhEyIZYQ6M7uUp/Uuc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "72bccb2960235fd31de456566789c324a251f297", + "rev": "c1ee2620296430ac1e3ee72583ad0191463a9d60", "type": "github" }, "original": { @@ -1046,11 +1046,11 @@ ] }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", "type": "github" }, "original": { @@ -1125,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1741055476, - "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "aefb7017d710f150970299685e8d8b549d653649", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", "type": "github" }, "original": { From 553a07f0a92fcc5ebaf89fa478cc528acafceafa Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 9 Mar 2025 22:23:58 -0400 Subject: [PATCH 280/410] run immich-ml from ytnix and add tailscale0 to trustedInterfaces --- home/yt/ytnix.nix | 1 + hosts/chunk/default.nix | 3 +-- hosts/chunk/immich.nix | 21 +++++---------------- hosts/ytnix/containers.nix | 36 ++++++++++++++++++++++++++++++++++++ hosts/ytnix/default.nix | 12 +++++++----- 5 files changed, 50 insertions(+), 23 deletions(-) create mode 100644 hosts/ytnix/containers.nix diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c0182e7..214b4af 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -101,6 +101,7 @@ wl-clipboard-rs pixelflasher element-desktop + freetube ]; programs.feh.enable = true; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 48d7d84..465e0b9 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -79,6 +79,7 @@ networkmanager.enable = true; firewall = { enable = true; + trustedInterfaces = [ "tailscale0" ]; allowedTCPPorts = [ 22 80 @@ -86,8 +87,6 @@ ]; allowedUDPPorts = [ 443 - 53 - 853 ]; extraCommands = let diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 9661e8c..6541770 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,6 +1,7 @@ { pkgs, config, + lib, ... }: let @@ -67,21 +68,9 @@ in ]; networks = [ "immich-net" ]; }; - - # immich-ml = { - # image = "ghcr.io/immich-app/immich-machine-learning:release"; - # autoStart = true; - # pull = "newer"; - # environment = { - # REDIS_HOSTNAME = "immich-redis"; - # DB_HOSTNAME = "immich-db"; - # }; - # volumes = [ "${modelCache}:/cache" ]; - # networks = [ "immich-net" ]; - # }; }; - systemd.services.create-immich-net = { + systemd.services.create-immich-net = rec { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -89,10 +78,10 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = config.systemd.services.create-immich-net.requiredBy; + before = requiredBy; script = '' - ${pkgs.podman}/bin/podman network exists immich-net || \ - ${pkgs.podman}/bin/podman network create immich-net + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net ''; }; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix new file mode 100644 index 0000000..a2aa405 --- /dev/null +++ b/hosts/ytnix/containers.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.oci-containers.containers = { + immich-ml = let + modelCache = "/opt/immich-ml"; + in { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; + }; + + systemd.services.create-immich-net = rec { + serviceConfig.Type = "oneshot"; + requiredBy = with config.virtualisation.oci-containers; [ + "${backend}-immich-ml.service" + ]; + before = requiredBy; + script = '' + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net + ''; + }; +} \ No newline at end of file diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c097165..5aa406a 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -10,6 +10,7 @@ ../common.nix ../zsh.nix ./tailscale.nix + ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -86,10 +87,12 @@ resolvconf.enable = true; firewall = { enable = true; - allowedTCPPorts = [ - 8080 # mitmproxy - 22000 # syncthing - ]; + trustedInterfaces = [ "tailscale0" ]; + # allowedTCPPorts = [ + # 8080 # mitmproxy + # 22000 # syncthing + # 3003 # immich-ml + # ]; }; }; programs.nm-applet.enable = true; @@ -252,7 +255,6 @@ xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; - "*/html" = "chromium-browser.desktop"; }; virtualisation = { From ab0dfe08c7a1129cc3c9fa84effde75f2f4cb07f Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Mar 2025 11:18:21 -0400 Subject: [PATCH 281/410] unpin vscode-extensions --- flake.lock | 10 +++------- flake.nix | 4 +--- home/yt/ytnix.nix | 43 +++++++++++++++++++++++------------------ hosts/ytnix/default.nix | 6 ++++-- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 8916bfc..129ff5f 100644 --- a/flake.lock +++ b/flake.lock @@ -1210,9 +1210,6 @@ }, "vscode-extensions": { "inputs": { - "flake-compat": [ - "flake-compat" - ], "flake-utils": [ "flake-utils" ], @@ -1221,17 +1218,16 @@ ] }, "locked": { - "lastModified": 1740924345, - "narHash": "sha256-TO8Ttb+7PeKBkUe8vUrBt6Vxg3RMeQp4ARmlWQfcWrs=", + "lastModified": 1741693734, + "narHash": "sha256-Df0jzarVCkwJttnITExjsbSN20FOOuenGhpKvOj49hk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", + "rev": "6d444be7edf281b8df98235d911d176beaa31510", "type": "github" }, "original": { "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" } } diff --git a/flake.nix b/flake.nix index cdb829e..29fc0ab 100644 --- a/flake.nix +++ b/flake.nix @@ -68,11 +68,9 @@ inputs.flake-utils.follows = "flake-utils"; }; vscode-extensions = { - # https://github.com/nix-community/nix-vscode-extensions/issues/102 - url = "github:nix-community/nix-vscode-extensions/1fc267a10f46200e32f0850caa396bd1ba4ba08e"; + url = "github:nix-community/nix-vscode-extensions/"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; - inputs.flake-compat.follows = "flake-compat"; }; nix-index-database = { url = "github:nix-community/nix-index-database"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 214b4af..9b20a66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -104,25 +104,6 @@ freetube ]; - programs.feh.enable = true; - - xdg.configFile = { - mpv.source = ../mpv; - }; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - - programs.git.extraConfig = { - user = { - signingKey = "~/.ssh/id_ed25519"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - home.sessionVariables = { # to make ghidra work on xwayland _JAVA_AWT_WM_NONREPARENTING = 1; @@ -145,5 +126,29 @@ SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; + home.sessionPath = [ + "$HOME/.cargo/bin" + "$HOME/go/bin" + ]; + + programs.feh.enable = true; + + xdg.configFile = { + mpv.source = ../mpv; + }; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + + programs.git.extraConfig = { + user = { + signingKey = "~/.ssh/id_ed25519"; + }; + gpg.format = "ssh"; + commit.gpgsign = true; + }; + programs.nix-index-database.comma.enable = true; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 5aa406a..c185991 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -257,8 +257,9 @@ "image/*" = "gwenview.desktop"; }; - virtualisation = { - libvirtd.enable = true; + virtualisation.libvirtd = { + enable = true; + qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; programs.virt-manager.enable = true; my.containerization.enable = true; @@ -382,4 +383,5 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + programs.fuse.userAllowOther = true; } From 8406723988ac7400ccef788768cdd409a023ccd4 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Mar 2025 12:21:38 -0400 Subject: [PATCH 282/410] workflow: disable fail-fast when building machines --- .github/workflows/build-machines-and-homes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2e8073c..413b892 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -6,6 +6,7 @@ on: jobs: build-machines: strategy: + fail-fast: false matrix: machine: - chunk From 826146df9dcc73393e7dea7ab8c8650d5d804991 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Mar 2025 11:19:47 -0400 Subject: [PATCH 283/410] flake update Signed-off-by: cy --- flake.lock | 112 ++++++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/flake.lock b/flake.lock index 129ff5f..7696580 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", + "lastModified": 1738524606, + "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", "owner": "zhaofengli", "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", + "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", "type": "github" }, "original": { @@ -83,11 +83,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1734303596, - "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=", + "lastModified": 1741378155, + "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", "owner": "girlbossceo", "repo": "complement", - "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8", + "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", "type": "github" }, "original": { @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1739202916, - "narHash": "sha256-QdPUbONWFUdUSagT0pwad5yzOP0+Vxmmb6pM6QjhyFI=", + "lastModified": 1741642109, + "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "e3b81f7b6488b5c483e8b13e3959fe591bf4cb92", + "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741396358, - "narHash": "sha256-js4c6tqxluo4Fysn8gloLnlZ6ZjQkuWMgGjHN8+WssE=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "aaebfb7ce7e13c691aea178aff7621906f466662", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -213,11 +213,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1737786656, - "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=", + "lastModified": 1740724364, + "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", "owner": "nix-community", "repo": "fenix", - "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f", + "rev": "edf7d9e431cda8782e729253835f178a356d3aab", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1741461731, - "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=", + "lastModified": 1741701235, + "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44", + "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "liburing": { "flake": false, "locked": { - "lastModified": 1737600516, - "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=", + "lastModified": 1740613216, + "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", "owner": "axboe", "repo": "liburing", - "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681", + "rev": "e1003e496e66f9b0ae06674869795edf772d5500", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1741358751, - "narHash": "sha256-cDPg74UirjlGcVjB9qI/8ImkdEJ9p2y8Y2FQBfU8KzY=", + "lastModified": 1741700536, + "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", "ref": "refs/heads/main", - "rev": "93c3ca4e92b8cd1a129498f4c3f4c48558032d46", - "revCount": 17620, + "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", + "revCount": 17635, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -745,11 +745,11 @@ ] }, "locked": { - "lastModified": 1741446546, - "narHash": "sha256-0z0GiUsUhjhZWa24bcAxqmlI3Ch8QvEeh42wghc6oVw=", + "lastModified": 1741619381, + "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "eeaf10849c3a0435323216885c0df7569dc95cb9", + "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", "type": "github" }, "original": { @@ -765,11 +765,11 @@ ] }, "locked": { - "lastModified": 1740995332, - "narHash": "sha256-SELnZZg9LOhw+kz60yEAr3l1plu70rBLInMRszLHtuc=", + "lastModified": 1741597901, + "narHash": "sha256-nLUTgXXcFFz+3pd3Khz1H4jUECqX5+OapNPGioPJRQs=", "owner": "nix-community", "repo": "nix-ld", - "rev": "090c2003e3faa739e5a94e0a3cd782a1ccc40964", + "rev": "8e0308dd7dd9cd3656866fb2387bc29052fd6d3a", "type": "github" }, "original": { @@ -860,11 +860,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1741600792, + "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "type": "github" }, "original": { @@ -924,11 +924,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741455743, - "narHash": "sha256-raXtjhD9mmNrVdCoJkYoUo0X2lhEyIZYQ6M7uUp/Uuc=", + "lastModified": 1741692589, + "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c1ee2620296430ac1e3ee72583ad0191463a9d60", + "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", "type": "github" }, "original": { @@ -949,11 +949,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741098523, - "narHash": "sha256-gXDSXDr6tAb+JgxGMvcEjKC9YO8tVOd8hMMZHJLyQ6Q=", + "lastModified": 1741637833, + "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", "owner": "nix-community", "repo": "nixvim", - "rev": "03065fd4708bfdf47dd541d655392a60daa25ded", + "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", "type": "github" }, "original": { @@ -1062,16 +1062,16 @@ "rocksdb": { "flake": false, "locked": { - "lastModified": 1737828695, - "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=", + "lastModified": 1741308171, + "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", "owner": "girlbossceo", "repo": "rocksdb", - "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c", + "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", "type": "github" }, "original": { "owner": "girlbossceo", - "ref": "v9.9.3", + "ref": "v9.11.1", "repo": "rocksdb", "type": "github" } @@ -1104,11 +1104,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1737728869, - "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=", + "lastModified": 1740691488, + "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636", + "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", "type": "github" }, "original": { @@ -1125,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1741400194, - "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "lastModified": 1741660300, + "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", "type": "github" }, "original": { @@ -1145,11 +1145,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { @@ -1218,11 +1218,11 @@ ] }, "locked": { - "lastModified": 1741693734, - "narHash": "sha256-Df0jzarVCkwJttnITExjsbSN20FOOuenGhpKvOj49hk=", + "lastModified": 1741704640, + "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6d444be7edf281b8df98235d911d176beaa31510", + "rev": "27f37976beb94100b18ab8407ff056654db68506", "type": "github" }, "original": { From f4f0691647e60974aaab63cf5c0c978ca663bcc2 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Mar 2025 14:52:31 -0400 Subject: [PATCH 284/410] patch bitwarden to disable annoying ssh-agent confirmation and clean dead overlays --- overlay/bitwarden/default.nix | 7 ++++ overlay/bitwarden/ssh-agent-no-confirm.patch | 34 +++++++++++++++ overlay/conduwuit/default.nix | 44 -------------------- overlay/conduwuit/rust-toolchain.toml | 28 ------------- overlay/default.nix | 6 +-- 5 files changed, 44 insertions(+), 75 deletions(-) create mode 100644 overlay/bitwarden/default.nix create mode 100644 overlay/bitwarden/ssh-agent-no-confirm.patch delete mode 100644 overlay/conduwuit/default.nix delete mode 100644 overlay/conduwuit/rust-toolchain.toml diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix new file mode 100644 index 0000000..bcbabea --- /dev/null +++ b/overlay/bitwarden/default.nix @@ -0,0 +1,7 @@ +final: prev: { + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + }); +} \ No newline at end of file diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch new file mode 100644 index 0000000..3e8e023 --- /dev/null +++ b/overlay/bitwarden/ssh-agent-no-confirm.patch @@ -0,0 +1,34 @@ +diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs +index 4e304cc..8203dca 100644 +--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs ++++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs +@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { + return false; + } + +- let request_id = self.get_request_id().await; +- println!( +- "[SSH Agent] Confirming request from application: {}", +- info.process_name() +- ); +- +- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); +- self.show_ui_request_tx +- .send(SshAgentUIRequest { +- request_id, +- cipher_id: Some(ssh_key.cipher_uuid.clone()), +- process_name: info.process_name().to_string(), +- is_list: false, +- }) +- .await +- .expect("Should send request to ui"); +- while let Ok((id, response)) = rx_channel.recv().await { +- if id == request_id { +- return response; +- } +- } +- false ++ true + } + + async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix deleted file mode 100644 index 1222c83..0000000 --- a/overlay/conduwuit/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -final: prev: -let - newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - newRustPlatform = final.makeRustPlatform { - cargo = newRust; - rustc = newRust; - }; -in -{ - conduwuit = prev.conduwuit.override (old: { - rustPlatform = newRustPlatform // { - buildRustPackage = - args: - newRustPlatform.buildRustPackage ( - args - // { - version = "0.5.0-rc2"; - src = final.fetchFromGitHub { - owner = "girlbossceo"; - repo = "conduwuit"; - rev = "5b8464252c2c03edf65e43153be026dbb768a12a"; - hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U="; - }; - doCheck = false; - cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80="; - # unstable has this set to "conduit" - meta.mainProgram = "conduwuit"; - - buildFeatures = [ - "brotli_compression" - "element_hacks" - "gzip_compression" - "release_max_log_level" # without this feature to enable debug logging - "sentry_telemetry" - "systemd" - "zstd_compression" - "jemalloc" - "io_uring" - ]; - } - ); - }; - }); -} diff --git a/overlay/conduwuit/rust-toolchain.toml b/overlay/conduwuit/rust-toolchain.toml deleted file mode 100644 index 97e33c9..0000000 --- a/overlay/conduwuit/rust-toolchain.toml +++ /dev/null @@ -1,28 +0,0 @@ -# This is the authoritiative configuration of this project's Rust toolchain. -# -# Other files that need upkeep when this changes: -# -# * `Cargo.toml` -# * `flake.nix` -# -# Search in those files for `rust-toolchain.toml` to find the relevant places. -# If you're having trouble making the relevant changes, bug a maintainer. - -[toolchain] -channel = "1.84.0" -profile = "minimal" -components = [ - # For rust-analyzer - "rust-src", - "rust-analyzer", - # For CI and editors - "rustfmt", - "clippy", -] -targets = [ - #"x86_64-apple-darwin", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-linux-musl", - "aarch64-unknown-linux-musl", - #"aarch64-apple-darwin", -] diff --git a/overlay/default.nix b/overlay/default.nix index d617b17..6d60897 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -3,6 +3,7 @@ let overlays = [ ./attic ./zipline + ./bitwarden ]; importedOverlays = map (m: import m) overlays; in @@ -12,12 +13,11 @@ importedOverlays final: prev: let nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - pkgFrom = flake: pkgFrom' flake "default"; - pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; + pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { conduwuit = - pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; } ) From f4c7243b69d0855e6a4b73db8275cae21ca84519 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 13:25:28 -0400 Subject: [PATCH 285/410] bring back attic. this time with garage backend --- flake.lock | 159 ++++++++---------------------- flake.nix | 11 +++ hosts/chunk/default.nix | 1 + hosts/chunk/rclone.nix | 17 ---- modules/attic.nix | 47 +++++++++ modules/default.nix | 1 + overlay/attic/concurrent-32.patch | 13 --- overlay/attic/default.nix | 26 ----- overlay/default.nix | 9 +- secrets/services/attic.yaml | 6 +- 10 files changed, 107 insertions(+), 183 deletions(-) create mode 100644 modules/attic.nix delete mode 100644 overlay/attic/concurrent-32.patch delete mode 100644 overlay/attic/default.nix diff --git a/flake.lock b/flake.lock index 7696580..e40aeed 100644 --- a/flake.lock +++ b/flake.lock @@ -2,12 +2,22 @@ "nodes": { "attic": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" + ] }, "locked": { "lastModified": 1738524606, @@ -19,7 +29,6 @@ }, "original": { "owner": "zhaofengli", - "ref": "main", "repo": "attic", "type": "github" } @@ -27,9 +36,9 @@ "cachix": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1737621947, @@ -63,7 +72,7 @@ "cachix", "devenv" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1728672398, @@ -99,7 +108,9 @@ }, "conduwuit": { "inputs": { - "attic": "attic", + "attic": [ + "attic" + ], "cachix": "cachix", "complement": "complement", "crane": [ @@ -134,28 +145,6 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "locked": { "lastModified": 1741481578, "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", @@ -228,22 +217,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -259,7 +232,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -275,28 +248,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "conduwuit", @@ -320,7 +271,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixpkgs" @@ -404,7 +355,7 @@ "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1733318908, @@ -666,9 +617,9 @@ "cachix", "devenv" ], - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-23-11": [ "conduwuit", "cachix", @@ -719,7 +670,6 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ - "conduwuit", "attic", "nixpkgs" ] @@ -796,16 +746,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -827,22 +777,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -858,7 +792,7 @@ "type": "github" } }, - "nixpkgs-stable_3": { + "nixpkgs-stable_2": { "locked": { "lastModified": 1741600792, "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", @@ -875,22 +809,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -906,7 +824,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -922,7 +840,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1741692589, "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", @@ -1078,10 +996,11 @@ }, "root": { "inputs": { + "attic": "attic", "conduwuit": "conduwuit", - "crane": "crane_2", - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_3", + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -1090,8 +1009,8 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "pixelflasher": "pixelflasher", diff --git a/flake.nix b/flake.nix index 29fc0ab..a07ce00 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ crane.follows = "crane"; flake-compat.follows = "flake-compat"; flake-utils.follows = "flake-utils"; + attic.follows = "attic"; }; }; lix-module = { @@ -77,6 +78,16 @@ inputs.nixpkgs.follows = "nixpkgs"; }; pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; + attic = { + url = "github:zhaofengli/attic"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + flake-compat.follows = "flake-compat"; + flake-parts.follows = "flake-parts"; + crane.follows = "crane"; + }; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 465e0b9..2fee98c 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -200,4 +200,5 @@ my.roundcube.enable = true; my.zipline.enable = true; my.searx.enable = true; + my.attic.enable = true; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 4b33e34..59a02e1 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -22,23 +22,6 @@ }; }; - systemd.services.attic-mount = { - enable = true; - description = "Mount the attic data remote"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - requiredBy = [ "atticd.service" ]; - before = [ "atticd.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; - }; - }; - systemd.services.garage-mount = { enable = true; description = "Mount the garage data remote"; diff --git a/modules/attic.nix b/modules/attic.nix new file mode 100644 index 0000000..e7fbe8d --- /dev/null +++ b/modules/attic.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.attic; +in +{ + options.my.attic = { + enable = lib.mkEnableOption "attic"; + }; + + config = lib.mkIf cfg.enable { + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."attic/env".path; + settings = { + listen = "[::]:8091"; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ "cache.cy7.sh" ]; + require-proof-of-possession = false; + compression = { + type = "zstd"; + level = 3; + }; + database.url = "postgresql:///atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "us-east-1"; + bucket = "attic"; + endpoint = "https://s3.cy7.sh"; + }; + + garbage-collection = { + default-retention-period = "1 month"; + }; + }; + }; + + services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; + }; +} \ No newline at end of file diff --git a/modules/default.nix b/modules/default.nix index b93f89f..640d56b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,5 +8,6 @@ ./containerization.nix ./vaultwarden.nix ./searx.nix + ./attic.nix ]; } diff --git a/overlay/attic/concurrent-32.patch b/overlay/attic/concurrent-32.patch deleted file mode 100644 index 639c1ec..0000000 --- a/overlay/attic/concurrent-32.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/server/src/config.rs b/server/src/config.rs -index 4412cbf..6dd483a 100644 ---- a/server/src/config.rs -+++ b/server/src/config.rs -@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration { - } - - fn default_concurrent_chunk_uploads() -> usize { -- 10 -+ 32 - } - - fn load_config_from_path(path: &Path) -> Result { diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix deleted file mode 100644 index ea0cb05..0000000 --- a/overlay/attic/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -final: prev: { - attic-client = prev.attic-client.override (old: { - rustPlatform = old.rustPlatform // { - buildRustPackage = - args: - old.rustPlatform.buildRustPackage ( - args - // { - version = "0.1.1"; - src = final.fetchFromGitHub { - owner = "cything"; - repo = "attic"; - rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; - hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; - }; - cargoLock = null; - cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; - useFetchCargoVendor = true; - patches = [ - ./concurrent-32.patch - ]; - } - ); - }; - }); -} diff --git a/overlay/default.nix b/overlay/default.nix index 6d60897..b3cdb56 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,14 +1,12 @@ { inputs }: let overlays = [ - ./attic ./zipline ./bitwarden ]; importedOverlays = map (m: import m) overlays; in -importedOverlays -++ [ +[ ( final: prev: let @@ -19,6 +17,9 @@ importedOverlays conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; + attic-server = pkgFrom inputs.attic "attic-server"; + attic = pkgFrom inputs.attic "attic"; } ) -] \ No newline at end of file +] +++ importedOverlays \ No newline at end of file diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index c4ba9a1..2c42101 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:0qElab1fenlFSuj5GnLIOeSZkj2JX4n+idEg4kwoAoulBG3RxFzHP8zcIW1aDBG3E0trFjdTsrhaIYrfLijgQeDe05kJVJkiLM+wNZGf6w18n90/zDlpbOk9ZKSaqqsqxZ+XItW9Z8VTd2ieTlh75cedBjOaqJkn+DjjxV5YvyqPFJ69xjsbJbt5zWfFeudObiPmTJ1mdto9mMkPAmy2lgUFoXH72tRbkSNqEppylmbuiUF0tO8bpTuAa+o3apcv/tdZkvl6EV7LjTcOWBSkT8OhpGjykdiBLnJmX7yGjPSATbu+RGCkS5ZVCDG0el/RmpgrSZ9uPN6IqZPiop2bHZkAFKM7XBVevOTNmmjMLt+u3yzp5Mk/WdOUEK9vQfMRxperyQhYYtIxGEr/RYpTfV4xO4uW8GQzIg9PLKLrBeHrOrivJ8W83TlzQiBvbTjMLpmh0GFwNHMBNESNrY744PFPYJyumKBTWSzvVtDT6/bWnbmUI4SIbkCPySqu6hqHJDZbwX41oQa1yn3/CnehvAaqelbNbpiOYaYa36HxCpdSZBgiXlAGhQAEgk5VhbqpoKE8OjBdORscB/IT5OXx0dBkiOeYpiCu79LaOkxgnEVWqckwOJLJptvpZGoP81MaYbyLYbxfUHywRKMA74RG4XEJgx6YPmIn1/yRZO4y+BLhNyfTGQY7P6qPVlh9wMwyzXZA2roDLbS3hiJjFaUoOViMmmhxKveBhXQ7BCYspGD0G2L8FkkqZSNRum+LRyI9okMMrRCShz35sIoO4KLcUIq/j/RUdq8tpUy0VPIxjwHVDZ54Ehg7sVdtmJIlO3apCVnSdU+Er8gLwPuOBks6HhdU9u0HXK5Q4xxRcGnmrbdrRlVvauHceyJM/r//1Vgf+0dck75a4I8k6Hh8Pe8uKT3SxQW6Z/xhhq2QN3uE4tKGitpscTVgqVDlUCbMye7b3vjSfXkNiFtp7p9wo9K87osnua0ba3KCgqEzAAT6eRnlVZp/Dq5RaP4IOkYp1F919NkDaZX5t+M2DXvKhIC08nbdqSu6vxRK4KPksUUaYja6w8hjgWsN7VAYH0nKLSOZN8fGF7nNgxLqnh+2bKEQDOQ/Gn3sr/xKONcheKu9RXfoMng0Vd1f+Udg6p6049t9AcHkY2+gd6Cm4fmyZT0Ym50kh63eNI/knDmV/WwOTGld/XcCNwUDbIZl2EHS23rVqoy4XhEHgHIrdN+wh1+zhMW7ZeTBFSIHxYfrziEM33hDQKYYxywWt81tMYjcx2nYKqep1IRuL/9IillZuJ2GTNwidPVFjxgG3/a+0/hghSMr47t/x8EO2YlIoaKkCitkNiRX/4z3t6bfO1UmXxS/hNriFtpXYBVE+v5RHG3ttatbWUxGYU/tSR3at+GJAm22lI7SpEp4kpsLEc7bCNB8m6wqD1rLJ9xQbPqgA6CqTWBCAkVyts1H9QBsRMEJRsleqGZzkjb1p44lAgLUl4YnHCaLWN2En0GmQICetuvl2YecURlXNw6eF166vALvrGB5zGAFFrv7VPIP84okU0yPoxqi/zv0QIl+1p5/avgfYRxhSigeG+caYKs0sqnw5Or7nSh3uwggkt+QvPfXvuzB5P4O2KZOgkziZngeoExLtQSJbZrUuM+qhvt0CiB9m2JyKadSUbBf6mbafSWh6gKTdZRbarWbrvwcEB/b0nBGtNz9QlXcX2msaw8gqu97FVKVtXWAXv7P8Tne/0evb4U7CBCxU3FwsNHIy9VGdbsAWrfHUtYr9NyU9Yhjrncrejbp/0ok08XC2yJ5Lx4fqpibCOD2geHkmTS1EWOMRXqaE1rtroodpzXffzXv/CUXZngH2wc1Jc1NhnTmD/NYA1QviR+wrQGBxrCUz257fER5tYGp7MKNxIEiDPvXBC4SF8XAweoQpMzXof9RHn15CMtNU8+gf9LAltA+H7OZ9N4qyW9R9eXDOOrTW5wNthXqXel+GWSYi2H9H04b+Wf+bG7OwKd2mTpJJ6CREbX7tItBybjH3d7EGU1DGD7IYJhw2IaduqnSywyqgywT1ge07hxziU8E75bpPBDbB4v2+XWBPYItnjAj2BZxBdOIrCTmrMuaewynOAKtHPOn9v/t3wN9pbfEUbFraZGCVytSMJR0lWbhUm28ViO3EHq3DbhVIOLaMimd9Op/IIxjWrcmIvBXT8D/kM+pbYRc4vhfZQXfhFSwmTi5JHTgtaF3wEl8VGMfMLo4fqUz8nrPwJtmvNHP6GvKp9eqrBCtSjvzYD4Z1az9lgQit2rS+fv4XSynNeEZ/IYlDCJDHRCMEKEcJAIxCWRLlXjHMdfWYAMDBCpdrUxFuGuES5/7T0tZS2NbG/n7rMGExJwgAjzbWDe2N0cxegDREJMPJkPq7Q4MzhcmXhvigUYF/qkkpAkaYql5TUIQeWiIu5QsDwdbmED+6X84qKbsPRZ+8vJ9VJSnxMbrV8eU6ao0iWUceRqETiE9f3icg2SsP7n9BlliEUzuGcvW6lhAwHVwaGbhH8t15iggCfbqL+sQ9kTlda+oFC2sxQ8h3gi/kdffsgKCYwSt30RFojlVgWEZ6zMoHS7jo3EItYx+8EUeIfUwkqSRWb+mMb62cBjnWo9M9pK4m7iD85zAnzdLqzTqj6E+tzRhP/SXAo6HW2jIx502tN35MYBBnhmnxlWHGhvlAG/ItP0N2Jq+VuX5XF9HU3teXuaHVZVuo630em0L5YsyyUhyRGRQuLUpTwcvXFO9UXm2p+XpKshCkbCLxO7rgpg06vvJ4/AKrpVbTEDliMr1e4YL28dKc1jDRzjmhGUqDavnCi98x0Z9I4xuC52P1RHhkwEHgGu5ii7LsIpZ2vM4R8vbp+0zWgJzjnimMGZlAqrJlGMhNnqpv3/tk63ADCBkeol10MNxTBAJKrmZXtVXUxEX1GcFUdjFvOEz8vrgm/ide2t9qYfAW2CgJnSnUJdSFiOq8n7EeH70PPpWTwQ7HqncK2J966MmUZom5Flth8rIb8tN+m9WKytDSAhIdBL6z13kaaUiEpw+0TSb3tFSGlkyPyIjgwMuUplrBczQ5r6sfwbF9jt7SLpOU83OhSPepGmCqNTeym5fJK/0h4ypZx+bjvHSM/Wf1l/N5gcq6INLmtsZqPFIFqAqZL3fGCBTRO2ViERAccTHMN8VEEk42vW3PPWx8H6QEkNK/3tHwhdndrnmvq6wBhMbKF7i/Y3n6wy6LnSVWrB17qU1ZpRSGtraQsbUMm4fksuhZBOqPZKsyQAu+7qBs7I4NBn9u2PklZ4BZuhca/hzqWfW8tHtSy6iWIwS6lTwjasC2hZ+LEepINK10bWK9nm7m7fETFukGYgLgKGXgj1lca6G/dYidc1UHE6sLYlgHmLp+GTv1Ajup/jr4oll8AEtp2QEXTQRAVtlPSgqjNXluNL00EVG+YXuOhjh6iuA7xHIq3mg3UR6sDOW6v3h9Iaf5/muVMhJb/2srx1mjRIku0QUzpxyT9jkKQFrzyi4uxqPUJBstIEBToZCQa8ScoGmW5VS7l55M4LPRyMU/JJsa7G/IDD/IbCPLlKh+yUYbCkYupbU/SyVrJoUeiYZHfzrJWXeKKte2/4CQD2MYkV/IY/K8w5T2io0/6gdfhRi2xnMpUoqAMy8ow1wGtpJyDbkXEj+KrX2jk7nSIHGes1gbmN5ayVg2WDiebERJjZBvoLt/aiIwbzSoMKUiJuNzQC9akx7qisOnFhHsKgX1aoefBFw6Q3ChKP/z9cdBpj+jIvN/yjA1fNxpdlmXRitx6Hcum6LJJw129P43MJOVNNgX0if0P7arMJOidxgIg3oB9fEEhan6tCVyLUJUH4saGO3CoVyFA2NLqOZtAQcNzadR9lQaQnqtr3V6iHcv0IgAEYde9AdO1dDkA6OQQY8H8ZiDz0dYtsYR8L+pvqgMiMo2smGFg2pnScyNTypL5PEPJdy4dx8UnMbg8BHgnGMVcXbpTACGe3rvJzwdNyPPzisvn6fJGcSQ8A2G+SUIJLxxxQ5XQMAjeSTmPoWS8DTB7g/vNXD62XoMs24HllzcksUiBJtkbl57FL1BKcwtZesMeoV1Rd+t9lKk5UBiBjqAYYRk+BNWf7LV9ue5y1K0MFPcfB92FPrYPT1LbzZZ1lLRNr260YkBiKVQYhkMmyL1OkCpIGdOKB4fsuUETlA1+KIOcXVuVgWxYkqGcAu49pb0OICjjfXoqM7wuoqttz2GzsQrvyJ+fjzRIIxiEWmVw9v2wrAE2M1aWbA7RAWYAIpy25YrW5MATt9ZWOJdlhqfZOECtwSzn80ohD5+ysmNUqh950EhTvAxqeAO/6PfTXK9EVZM7oMfjrEQ5fJYbJ21HU9kDJjIuDxewr46um8VPrj9oVowhacY0hOo38DpZEd6BvezGL1yWFnZ/s9O7A3I3/6z3Xs/GdZlqPW8pcih7OPeAqEV/E6fQHx4wAAUgIjn72WDcaes/O7SwpM6T2HfRkxfobq1tFeGwf2PNq+74EpVJCZDgjJwqPmFrrwIPxkLWD66/hp0iGEBPtfGRHCFk8PzlccTZeWYZNTOS62g4m+sHugwTMtwk1VCa1C4VNijHa7yJPfxiI1dnmS98CmIHYX3HL+NNk9S9t5w0DG7bJzfbuEgEyOcbBOOq2RhQXyBNT4Pb3avc2CzHKPxxdhiLBKEMBIp9QAQsj9sL3bFxlhU4LmDDsu8ZoTvpfbbTB1YD9gx5yOQamRuyjkErHmGizNYhemMaQszvxJon0u/+tHGMO7vyK3Ex5+apIgEFrMGwvOUTwMFMAY8kSOcoEV09y90BU9oeAjmsUQhZqAvAb3GBLEPhWc7I9cAf7vPXw0/tH+fVUAI3eYdDh5GX1pD8I3Op88LljAk8USu4eBffESKfu7A3s0OoSpQw5ptwkWR5n45TPU60pP+82T98OKQoYJ5BwUuvAjJXwU2gfLikR9SFWoqpYd/5xx3ZKoXh374P8purIDwav7YHf+AWWz2BpsDof81Eplqr5O3F/iKvnBTftOmEXYkJH2ymkUzsCUf1liuafb1kLJ6UWrtR6ieG64MMYPv3E5ok0XEkvKAYqTa4Ux8XWOqBVq9qosuTAKuaYEnaFwK0TRefzJBTJuQCFOZnCmm6erQ/ee9pcXwRNyu/ODWwBh0U5e63PlMbbMrCMwuQtOW95U6ysmJF5Cg1pRsHwRmhOhQfIQpiQx5xQZXEr/xNSFPc7dTzrzPDszOQs9HZM57YDs5hG8gboiG5hLQ1Ly/j6jP5zli0zSd1FTMA1/f8V//emhAKfS5V/J5+N4WEMMf2PZo4/E4fn9qo6q9yv9AbikxsQLmBlf+P8ZS79dJdM6tulMyYutbEhrh2oQyDJiERd+hWI7xgU6RPXmyWGzyc9ksUaPIeZdyD4s13tq9KA0GtfpjFmY2TUxSd2qaAFDqbITkZhGGFaJr0TcJUavrSFpWMpqLGjPaxqefqVdAnPp1yr/CplDVo1amO1Uhbfx9Zhmsvmv5w3kD3s0q4K3sFaW38Chbc1o5U9SiKMhenTxqthsZ/x4AH+kB6FDEH5mLQ/SZb5EMwL3wpwc3EigXiJVZhJWeTOOQyodLQTBZpxK4KIa8j8vJaY8Fk2BxHg23H1JxqP2Ryhhof/Pqt2CAJL0XiUjL13xPqPwNrpthdVZhG/Ty04qvsXUjnrVsmgYb4KuP074EZzylczRllKGANPVNfyh+cDH4HAi6yF4RlZBrOMCSLP1R7f86mFn9x3oA3/7UkjZp502EF7TLa0l7n5rMgl2pbaapKKsw9NmCnbJUqjsjwAYiYPgYa5wVUgP9YJz3Ju8wIxXtezMtFi/IJM50B1f64Q+zvWMi6zlwdOUmCHVaZ0I0u/8Wc4nsIjAZ8kgqUXkmwkBlMoWBgzifvs7EaP4AqPPZlSEh4cAMsrP3WMmnIEasooq/HvtAIsKg+pI7qK/n1aJBKVhQkBNrQQJ+XNKLFQddf7Pv28bZdcCjwDgvOwRig==,iv:XGLs0HSedykhhCR2fB0QdN/LmGkNHwA8pnVGG9ZNNp8=,tag:RRjtMpklT+MCgEDsvwyXhw==,type:str] + env: ENC[AES256_GCM,data:zaaavLrMO4pkwgt8ua32movvyeGLsqf/KBxBh17+lwIFSgrFtJ0SNEuedw1OpmjWNjjBbA3gmd2RvoYA7Ry/sSAA7cDgykr01g853c0vcr4H7u20J7gTJwSQaHVtuPwXO8VWE+xWEBJ7Gdq+fArxbHB1gW2aYtZk1w/Z40Tii6XVOuCS5YTpg+dkCuJ18q4p6o7K67W365Oq8JfcPNJ+uuOyG6UuCmoRo4iJYa+Zn53fz6soHUuC+m1G3qOB0lehbENUEapacqISz46IN1edR3+E1mcEk38q6VwbkYKBy/rycMSO9LaLeCDOD7UnxUa7Ks8Bk9BnJmI7N3IUfSHD2K+1qQuJsB1JcEnkXo+UbbSf+SG8nR/rIxj1GIJKxrJ2w1SGL1cyDw92xMJtK+kIDdvWHTsc+TwwZSL3/1pxivMIKVDhj2L2NGeIU7vBBxt0PYwgaFHA9JEH1k0c9U04Ug6P4TCOlv5C2GTL08IEnRh9ybJVHSbe8uzyofRiPjvPA8wTHwk0IPPUNKnN1Mm8MvQFNCIo3Cqnebar5r+dOY+E72Z7qNLPPM7kUWxpACwLFxDQyU9qvKeKovdmDyhpc5lC0IJbRJN84fNj50WsFI7k8txQMHkzF+GW4hRwzGnAmiZPvbYjzK+dmV0Qhk4Euiu2r5mBJNQqbHIYkwD18gk2Iz0nztLpsJLJcC9oztj+FewMNtntImYrMtv5ATYybeTuUT8wHQszOks+1EfWnISt9pU8Bn7YWmbcyD0btEjJy4BqCas5QBPamrNG3IVxT4GDqzJw8jJYmg1HF8RcGXm3wzgL0KznC8+Cd41jw1RJ6ejxkPSvZJ++rtbYg5OKQYx3Xxyl0zNSs93Agdejaqhm6twnqsan9SS1dTVJARtVYOQAN0ionHsZItKUt7zIcwm5kXxvHwvt3f9aQi8E+PxE2kfaJJdN8vnEAJOkVqUeK2zYf3X4/DSDVDB+0lPIvr5cU/Tq8P71KFgE0XtogMc7kXg8Ka4q0Ji6HIr2aY+4E4ejMVyyGH+C7/eMnTdL8BU2uZXPPbMwm7pE+3ScBaIhvtlgJtbzOW8+5xIXnPrI7k5ihTjcyPWXKghp6K2f8gTx4Ol2McJdy6zzdYvHrkKm0QplY/VnivDAUGmoimc1fdqCNq2p7iyj6+6//GIJWnzCpQP0bTs9xzZ/rfG6PLh3Y4uTETpnoyO3dZwGEWwrmsGVt03r02eY4jKEh9cARdyTfJJsoKb2403zxCUL7Gr5mA3FagA2zJuFQCuks2/HxRQyGmnd9IYde6CwXMJLUtCnoW2U0s4jscflEvfzXEPtlvuxpMX0r6aBUh4ryNryJtxCwV2Hqhcbuy73PTJT+/hSxD22HXNoNxnTb0A08mTRvXhwuciGkRr+TazPk38WzMDRV2SPIGmWTQJrsd2l1PQmo2d+aeaX2mH8Z9CQmU7l+WjzZHS3H+/LiG/Wi1TJBWLx2/MwFkFhfpCj0x9Scm9nQ5JFI3YBAc1cG2Q1uAjyCTnhY3oySfV7CrVdaF1sectScCVv2fJPFWPH3rI9noWqMh6tzaHcinB5aPnTtqoLo2p+Nu+RVwC0gKa8NZX2Py2SjsN8FBMq/EbVeUBN2pA7mEN3LEBED3qV8PzKMctZ3H8Dcwj8tuMyzxyqVMgbhyMwtE51cyg8GGi0KjFenJerI00RRnSz0MfI38PVz483i3APFrWT20/Cgcvhn+L98oZktsqzDb3qOOKVqRDv57MFT8GIlPUmgCx3T23L1SyvTetVASGdu9bE2Iv9xljikM6J/fqqs+i2d3sk+ulHZrP8OSSd/rTwhU0R1TF38PSaUvY0vj8VCKWqTDpz5zZpsWPrEXTuERcJJcPv3VMT/jXLXafj7CfxLzb/n7hp2oAXdMLdnUO6esaTFnPPm4ky8/B4uK2LB3nf3sB36aQAWKiUDk7BhNBIsGSvEf5ZT8W5EoGfZiLFVCFA4svYtbyMRyRLoofBls6FUbqzpVaQijb7coMnPdM+bPFdvNq0WhOVlhmvXGpCQejMV7SToj5tIWAz2+kSdsm/ekBu81VduCrK99lH6XX6fgkBBRcXOVnz765zD+iTIlL4ytkZ2sLq9VOunQmVD91l4/0T0Dx0L1u7jpNhvZmTW6qLEDH7SRl63mEYsXbPiIG19aK7jDQMGY58PyGPUx3q7JClbIj+2L3rro02WNf+6+RWO+ayzcHdydBPCVo4eRZb8IxwhqsRVWW57wNy37kbmWBRBq5z/O3cEaVasBHx7gTmCpfJSad+Pawizrd2+1OYPKfTls9ZOting/1lL3peT/thIjZVmw3nkISfRPayOGASqB2j80Fn5jM1em0vv3YMaQophg2JDs9AVmGr0OOOqLld9hlX3XseRPL7R9r7Q4UQ+b/v8hBGrKWAp23iTWp9kcbatzSsZ1K9LKRxRcqpNVBv0aaMun2q3NA78msQPe7nPZLoW/R3Lm7UJUqv3xRzgFgSenkuL2RaP7bg2LtHjsb9se03LslXh/spzMHjv7EX+w2NNMUChJ+eyXw5XEYXLEZzv+oiRkT13EaAKxFRHjscEXao484irI17/XYErZevsS4vIRAWjRouWTk5Em7bX1ISretbmMj2SF3N8BU+MC7uySat+FoxolN/tmtcrv7mRBVQY2sw/lYphAnydllgU7o0HFaBAGPzMvdQSf2U5kTbIXdtUiSm7/sCJXaD2X5zxvwWEKLvy4/PnGFFTgA4xnxXFPuiSA2mJhShp1DEESeJKYF+blornYiLI1Nhc6iFHOFuD2WCTeTifC46Sb3p97QqpNnbhZ8heuJVgfJ2eEjmu6dbhPX/htzPoy1mk6CUsmvg8zOCKntyuAuJW5dRusrCPhcnW2CEhY9Mmdp4B6ow4Kapb+eNmLngIqfWIea54c0BLM0U70dq6+cTeoVFdTcv8jvkn6xsj+8+V9GjMr7P4x69e+CZYAV7EA79l/xFmyVxuUyDlF6GIuk1gcR8BaANjhS7t47+pm6J/GOoKKQfQZhuqXW5bSWKXFyqr9vZZMQ3w5UWcJujCEu4f7zbL8PKTx3JamR/Rj07rZ10VdMpZpFG9JxVHUx5a46dO0xfNjshG2sFGOrSbjqLC77XG30JP5LpIKWlQe9e5yl8/2ANLgNcoErA8DS9NNvYV6IK52/eUybEl6pdjCLvEplvoMz3TdCJj2l88BtryoMU4OothUFwyAAqVE2YwINdn4JaT8Xmm/p0EyHDxZ4a1XpwjjOxHTlixPv9SPRpIPuQpyoz3nKldq21z84ZvjfWAl/RVMVzz9wyrS/xOCWzhm31tyfeQu/DbA6QQRiyKU6HuA1s2eo6pmbXQqNcUC137ruyAO+NzVzxwuGJOKyx0YIDl1AJZD7j/du3HTyMUu6Wvhx5imDdT+x1I6oM333l5ugICxK+cLgGDmkeYYVspUYqpTC24ntkmg6d8Ah0zuZG4JNXeatGRUsy3zqwkW4AQ+KWyXEFLqlfA58kGs0O4re5LOKGPg0YZtO0oGs3Iq9nE2qSx4oewzm4FWpoG7o9SrnxZvVB4HGNblc2DBHAh93Sych9tS4jRPx17giJ6NPXbkpisr27vRZuoVDE2EctpSxC9EgSdPC3RF1d4VblPmE5ki6pc2wCxtrPGiSJ7hbj4RMzPm7BCG8xL1B1CfiMHU8xdFZaov4zUfRpgtLX3XX51X8OR3kOGVZHnXP2YsqMdh+RVzm0AMETTdCzN0CAWzsqs8wFp8UtrBV8I1qLdEoKNUNN7giVGCzlsQOWl31At1axEVHdM9S/k82ZjpYatAlQyUoH5jYJrh/0D6xiyZcophD8jS21tuKU5Y5OtXmFBrzsgpa/zLXzbn8yvohHi+wXViopJLEiZ81C09zrrLxPoz0W54RaEV8EukU1XPfK56BFWdO7D55hT9wlQiQ+PlKnJj1NTDirCiHQnl1kD0xDX9sN7spOb4AXYFf7gGLUOE9z0/xU6IgYPvjiH8TYf+UqLsy09IPa4vsbc+kIrmjWFKXWru8UlMkLzBiIgS+/DWkA7pSr/scyiHFibwe4DYHkit8lUUyjZhZW+RpEr+vzYcCFrYaVycPnaoHp/c3W3nVfzhFP2rHifMC+AKMh8OBNn7J7X9KwXExtx+q/+mmPs/xkfIrHFes7km38SHSJ9dJmxaJcoJFIpldZjRMI8Qnn8LWYOoK6Mhx5ZEtXt1pAhtg7aRpJPT8olV3EPVqzFrySoz1iZay7bDYZp4TsvjVIYDS6wKKPArDDHLIR6XPYeJn41//g4TtViz2SJA4QhRttdvCAUfRzC23uGrJ3lBjJCF4rEufatZ1ohF4BV2CiWFClnKxTs92ku+Dc1hd1jda+USq+7DavojQkbgh4yQVeAZQqLPd596eoXqOog/4IVyh8fSSzMDAln6TiMPWT3XuKbSUOZDNmyvpcWtUJnpFihsVznUmjmz7NnS75d6rZsvHbEIENpgEEGjcuJy06WZa7tQ9qVazmzMXFyFGkiI1xCH3/1n/35XQSXsmtBxARzdJUXvRcsbKScGaAGzpA074qW6mFRoQDjLs8hcS+BAQpAcwMupNvMHUL6wpL4fUXqXXlEVPQ4wNG9XTqOSa0jVGWZDsm7VXh1jpkpNpckR3cxUuZ68/gr9qFPX6XlI+IBLWJfmKDYESM6vjWfQegPifOZXSdcMrtK9FnXw8SMGLdUX5XB1pm9pwS0L2h+1ePvL2lyiG/ViaUYrGFtbzYUJwy6tHne1OUATxCdLSh0EbV7zxc8XEy245Vt6PLJvbQYeZaIsu/SOrTZbnHKB0zQ70/N79D1lSPPxqR3xIJPoBoBF42oE90mXGoXdh6qQR6zZuat6+gVpuvJBWjlAff05p9xJRzKOKUm4Nzw7/zCCxx2Ah2QadW35rlrupUPZ6C2E56fKTlFnga0v1pXwEgeb4nX+AAarB7rqDqffdMRgmQHrrd0we5p9E74Eo80aBH8ETMhOOA8bJ4FRxwar8oDoNcFQfFCCYc07ZmIYzeOKdab8Uk8Fp2ZLqqCjosgv8PXAXA7RZn3krVNVCYmVzCkIq4VMc7ZtxZXO+7H3Ilnmp4ajhRBI/vzLal0eeOi70VoKIwt/uLheeqjb54HPXFq7vIsY61k3bbi+lNd3QnQUYp1+e/53d0JCNayLNNb71dUoC3RtkLrelnPXWDWkgpF3n3dZLcECZdkvbLys0CO4y2s8gMMVHDK2z19bclzglK+eKwnu/gA/k7GaTtbeKD/hm4UctIGlKERgUIHt8oGPJmxtQtEX/JcWVVi1TlSwxoRGjeNgRy7CcGISDHGn/ZwefXb2SuTQqwb0Yt9G4Ou0EmEsS5YJDsZ7WRbY2Hz47HChdB1g+6P8BC82dhkXR0/q7hljXi6mzGIUxMS5C2kyX0cqhhQJjr0kfAktcAo70O/6lKl4XDOmKeK7EGibglEmsAZmG1tQsAvir5F+SGakgjFbMlJzFde9d4fFtf8XA293MuQOAXTMlU+7SCKaG83jaebRZmxltzhX8/DXPv0T8smag7Y5KfLweyqI9sGtVAh3mknV8ZcGb5l06A2kkdmGgoKbeBD5/CSgppmDUMJAflDBLSL3K84iko2f1T7mRRyM/KKsRX4lzjXlb6ZUBYiuXbCsRMKuf/BLw1E6HPAbqUtTemPWfuBTunp/s+L4bNOLNUIScFZ5PkrM5pzNn4qz83XTTuWHZpfl1Gv4pKFCAbw4ZHdWkal8yA3tqrBXEyqxTDSMNh27/7qhY+uRTUIDzczSFuuY861gifARvg/v2ZB7fDwhLu4eI0KD33Rchgi88HV7YYS4eAoBZadZZnq5N/AcApDTLHau33pzaRIbuacPH2gjF39AiSO5cokkcfqnfXogjTtHwIzHby3x2nqAr6i6TjytEPhGHWSw9JWhmoH8gHFCzdsFpTkQQBEzawtUONC1anAtKR8buQq3/OHDzaaYp5sbI+xDlw71RXZiULrqA8LdIec+P+g4MstA==,iv:O+0WWj3qcMA+/U7jD6svoZhfk3SjtHXqgsDCdI67mCQ=,tag:HDfjSbBfNlDZniYU0L98NA==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-25T02:25:40Z" - mac: ENC[AES256_GCM,data:LT0NJ2wwGkomokQSQ/iejmhmprS0I5ec3+k2BC0ni7zWFqMCTpNGpSNivOXZ7zVHKJMDgyabDzPU+G8qYIlL7hbY9QP3slt4TqwnF/xJkwIEDwDjV1eDM9QOfBzb5PTqbDpRv3I5oNa9d5viqVggwG7NoZA/j/Y+U5/aE4pVOuQ=,iv:I01C/Y98apE039URvIfnykaHFXOUO2UB6dgJQjj3QH4=,tag:qvVGltx2sE5wdyehF38EhQ==,type:str] + lastmodified: "2025-03-13T17:03:36Z" + mac: ENC[AES256_GCM,data:ZOCXTpjiySU1zfysnJm8u3BMFYVeI95sfEUVgep1WAvy/8RpoIgXq60hUPHSwp2+Z9u+PdTzenimlqdnVgAtfmHYO/xwOsiKuVVtBkBFuYE54U/jugr43D1mD3lHbm/0IQ+e+pCCmIp66BC6PV70lZMDzMDhf0PmxHU1hQZhgNI=,iv:4jRrIaswY2tEcx/fQrgN+DAxhLcM14DMV1et6m2W+SY=,tag:ak8/1MjIrqcgaUeKw6u6uA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 From 25c7eb865a0680d60847b4c1e596e995658b7f9f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 13:43:35 -0400 Subject: [PATCH 286/410] workflow: use attic --- .../workflows/build-machines-and-homes.yml | 83 +++++++++++++++---- .github/workflows/build-packages.yml | 40 +++++++-- 2 files changed, 98 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 413b892..429a454 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,17 @@ on: workflow_dispatch: push: pull_request: +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-machines: strategy: @@ -26,21 +37,15 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - install_url: https://releases.nixos.org/nix/nix-2.25.4/install - extra_nix_config: 'accept-flake-config = true' + uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -58,7 +63,30 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - name: build and cache + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.machine }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error + build-homes: strategy: matrix: @@ -81,17 +109,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -109,4 +134,26 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - name: build and cache + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.home }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 72fc72c..5bb8b29 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,17 @@ on: description: "package to build" required: false type: string +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-packages: strategy: @@ -18,6 +29,7 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 + runs-on: ${{ matrix.os }} steps: - name: Install Nix @@ -27,12 +39,26 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} + + - name: cache result + run: | + derivation="$(nix path-info --derivation "${{ matrix.package }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }} + path: result.tar + if-no-files-found: error From 386cf05f4246c4b5f74836dd9f0f657b943979e4 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 21:09:04 -0400 Subject: [PATCH 287/410] overlay garage --- flake.lock | 33 +++++++++++++++++++++++++++++++++ flake.nix | 12 ++++++++++++ overlay/default.nix | 5 ++++- 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index e40aeed..bd1a4e5 100644 --- a/flake.lock +++ b/flake.lock @@ -342,6 +342,38 @@ "type": "github" } }, + "garage": { + "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1741360584, + "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "type": "github" + }, + "original": { + "owner": "deuxfleurs-org", + "repo": "garage", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -1002,6 +1034,7 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", diff --git a/flake.nix b/flake.nix index a07ce00..494ce4f 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,16 @@ crane.follows = "crane"; }; }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -105,11 +115,13 @@ "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; }; diff --git a/overlay/default.nix b/overlay/default.nix index b3cdb56..1df98bd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -19,7 +19,10 @@ in pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; + garage = ((pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + }); } ) ] -++ importedOverlays \ No newline at end of file +++ importedOverlays From 60727812b81ea956b6c323979ef3df0fc8ae6d03 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:55:53 -0400 Subject: [PATCH 288/410] rm tor and update firewall stuff --- hosts/chunk/default.nix | 15 +++++---------- hosts/chunk/tor.nix | 16 ---------------- 2 files changed, 5 insertions(+), 26 deletions(-) delete mode 100644 hosts/chunk/tor.nix diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2fee98c..9a621c4 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,7 +22,6 @@ ./forgejo.nix ./garage.nix ./tailscale.nix - ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -101,22 +100,18 @@ ${tc} qdisc del dev ens18 root || true # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} qdisc add dev ens18 root handle 1: htb default 10 ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # tailscale - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% # rest + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # caddy ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 ''; }; interfaces.ens18 = { diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix deleted file mode 100644 index 2ad4a89..0000000 --- a/hosts/chunk/tor.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - services.tor = { - enable = true; - openFirewall = true; - relay = { - enable = true; - role = "relay"; - }; - settings = { - ORPort = 9001; - Nickname = "chunk"; - # MaxAdvertisedBandwidth = "20MBytes"; - }; - }; -} From 1f3b9983d63f8896932f268d12b24167e962494a Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:56:29 -0400 Subject: [PATCH 289/410] vscode: add toml and go --- home/codium.nix | 2 ++ home/yt/ytnix.nix | 1 + 2 files changed, 3 insertions(+) diff --git a/home/codium.nix b/home/codium.nix index 2d7bb9d..dcdf4ea 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -21,6 +21,8 @@ tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker emilast.logfilehighlighter + tamasfe.even-better-toml + golang.go ]; userSettings = let diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9b20a66..5d60a6d 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ pixelflasher element-desktop freetube + gopls ]; home.sessionVariables = { From f1e4d7834f3799bb041fae3b32c7edfcadf9572b Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:57:10 -0400 Subject: [PATCH 290/410] better docker support --- modules/containerization.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/containerization.nix b/modules/containerization.nix index 416d2bf..fd39da9 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -28,8 +28,11 @@ in dns_enabled = true; ipv6_enabled = true; }; + # answer on /var/run/docker.sock + dockerSocket.enable = true; }; - oci-containers.backend = lib.mkIf cfg.usePodman "podman"; + docker.enable = lib.mkIf (!cfg.usePodman) true; + oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; }; }; } From fcd42883eab918036b22e85c40701edc1034f726 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:57:38 -0400 Subject: [PATCH 291/410] add attic cache to nix.conf --- hosts/common.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/common.nix b/hosts/common.nix index feafd17..0fb2fc6 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -14,12 +14,14 @@ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; substituters = [ "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; }; channel.enable = false; From 5dd8b87f38049f3ee6ffd60a8fc76e4da6654771 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:58:59 -0400 Subject: [PATCH 292/410] ytnix: disable nix sandbox --- hosts/ytnix/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c185991..15ccf21 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -144,6 +144,7 @@ "docker" "disk" "adbusers" + "podman" ]; environment.systemPackages = with pkgs; lib.flatten [ @@ -384,4 +385,5 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; + nix.settings.sandbox = false; } From 16788bc7b2228ea50e86f00df560edc3ed3f1e29 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 01:01:18 -0400 Subject: [PATCH 293/410] workflow: upload artifact only for packages --- .../workflows/build-machines-and-homes.yml | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 429a454..2e9a593 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -77,16 +77,6 @@ jobs: cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.machine }}-${{ matrix.os }} - path: result.tar - if-no-files-found: error - build-homes: strategy: matrix: @@ -147,13 +137,3 @@ jobs: derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.home }}-${{ matrix.os }} - path: result.tar - if-no-files-found: error From 9c72baf1c0a5eec2962a50e16b72b59ec1b6c5a7 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 02:09:30 -0400 Subject: [PATCH 294/410] make garage and rclone better --- hosts/chunk/garage.nix | 12 +++--------- hosts/chunk/grafana.nix | 8 ++++++++ hosts/chunk/rclone.nix | 14 +++++++++++--- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 0dade9f..1620a67 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,15 +10,13 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.s3.cy7.sh"; - index = "index.html"; - }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; + disable_scrub = true; + block_size = "10M"; + compression_level = 3; }; environmentFile = config.sops.secrets."garage/env".path; }; @@ -31,10 +29,6 @@ reverse_proxy localhost:3900 ''; }; - "*.web.s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3902 - ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index ee5a382..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,6 +29,14 @@ } ]; } + { + job_name = "garage"; + static_configs = [ + { + targets = [ "127.0.0.1:3903" ]; + } + ]; + } ]; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 59a02e1..a3faaa2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -32,9 +32,17 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers=32 --checkers=32 \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 5G \ + --dir-cache-time 30d \ + rsyncnet:garage /mnt/garage + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; From 00a8ac69cf0ca6d9e09e9603202a051cd0e1deee Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 02:10:11 -0400 Subject: [PATCH 295/410] nix fmt --- .../workflows/build-machines-and-homes.yml | 12 --- .github/workflows/build-packages.yml | 8 -- .sops.yaml | 3 +- home/codium.nix | 3 +- hosts/ytnix/containers.nix | 32 +++---- hosts/ytnix/default.nix | 84 ++++++++++--------- modules/attic.nix | 2 +- modules/searx.nix | 2 +- modules/vaultwarden.nix | 2 +- overlay/bitwarden/default.nix | 14 ++-- overlay/default.nix | 9 +- 11 files changed, 78 insertions(+), 93 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2e9a593..eded224 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi - jobs: build-machines: strategy: @@ -37,15 +36,12 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -63,12 +59,10 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" @@ -76,7 +70,6 @@ jobs: derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - build-homes: strategy: matrix: @@ -99,14 +92,11 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -124,12 +114,10 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5bb8b29..d23da13 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -16,7 +16,6 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi - jobs: build-packages: strategy: @@ -29,33 +28,26 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 - runs-on: ${{ matrix.os }} steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - run: nix build -L ${{ matrix.package }} - - name: cache result run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - name: upload result uses: actions/upload-artifact@v4 with: diff --git a/.sops.yaml b/.sops.yaml index 6276e76..cb7e65d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,9 +118,8 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/services/searx.yaml key_groups: - age: - *chunk - - *cy \ No newline at end of file + - *cy diff --git a/home/codium.nix b/home/codium.nix index dcdf4ea..935866b 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,8 +10,7 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; - [ + with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix index a2aa405..4ef858c 100644 --- a/hosts/ytnix/containers.nix +++ b/hosts/ytnix/containers.nix @@ -1,4 +1,4 @@ -{ +{ config, pkgs, lib, @@ -6,20 +6,22 @@ }: { virtualisation.oci-containers.containers = { - immich-ml = let - modelCache = "/opt/immich-ml"; - in { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; + immich-ml = + let + modelCache = "/opt/immich-ml"; + in + { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; - }; }; systemd.services.create-immich-net = rec { @@ -33,4 +35,4 @@ ${lib.getExe pkgs.podman} network create immich-net ''; }; -} \ No newline at end of file +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 15ccf21..b57887e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -147,47 +147,49 @@ "podman" ]; - environment.systemPackages = with pkgs; lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = + with pkgs; + lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; diff --git a/modules/attic.nix b/modules/attic.nix index e7fbe8d..b24820b 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -44,4 +44,4 @@ in reverse_proxy localhost:8091 ''; }; -} \ No newline at end of file +} diff --git a/modules/searx.nix b/modules/searx.nix index 9e23955..db22bed 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -44,4 +44,4 @@ in reverse_proxy 127.0.0.1:8090 ''; }; -} \ No newline at end of file +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 8fda611..443d886 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -29,4 +29,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix index bcbabea..e9ace96 100644 --- a/overlay/bitwarden/default.nix +++ b/overlay/bitwarden/default.nix @@ -1,7 +1,9 @@ final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - }); -} \ No newline at end of file + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( + finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + } + ); +} diff --git a/overlay/default.nix b/overlay/default.nix index 1df98bd..3a655fd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -14,14 +14,15 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = - pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; - garage = ((pkgFrom inputs.garage "default").overrideAttrs { + garage = ( + (pkgFrom inputs.garage "default").overrideAttrs { meta.mainProgram = "garage"; - }); + } + ); } ) ] From 22204b49dd4f27deb51be111c48478a86c5de58f Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 13:19:36 -0400 Subject: [PATCH 296/410] patch attic to prefetch 32 chunks instead of 2 --- overlay/attic/default.nix | 7 +++++++ overlay/attic/prefetch-32-chunks.patch | 13 +++++++++++++ overlay/default.nix | 1 + 3 files changed, 21 insertions(+) create mode 100644 overlay/attic/default.nix create mode 100644 overlay/attic/prefetch-32-chunks.patch diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix new file mode 100644 index 0000000..14f5daf --- /dev/null +++ b/overlay/attic/default.nix @@ -0,0 +1,7 @@ +final: prev: { + attic-server = prev.attic-server.overrideAttrs { + patches = [ + ./prefetch-32-chunks.patch + ]; + }; +} diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-32-chunks.patch new file mode 100644 index 0000000..bbb801b --- /dev/null +++ b/overlay/attic/prefetch-32-chunks.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs +index 02e4857..71eeee8 100644 +--- a/server/src/api/binary_cache.rs ++++ b/server/src/api/binary_cache.rs +@@ -262,7 +262,7 @@ async fn get_nar( + + // TODO: Make num_prefetch configurable + // The ideal size depends on the average chunk size +- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { ++ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { + tracing::error!(%e, "Stream error"); + e + }); diff --git a/overlay/default.nix b/overlay/default.nix index 3a655fd..0eea626 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -3,6 +3,7 @@ let overlays = [ ./zipline ./bitwarden + ./attic ]; importedOverlays = map (m: import m) overlays; in From ffd7dc5ae64649c60a2e83711009cb28e5d2e45e Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 13:19:44 -0400 Subject: [PATCH 297/410] disable cachix cache --- flake.nix | 2 -- hosts/common.nix | 4 ---- 2 files changed, 6 deletions(-) diff --git a/flake.nix b/flake.nix index 494ce4f..3f362e2 100644 --- a/flake.nix +++ b/flake.nix @@ -114,13 +114,11 @@ extra-substituters = [ "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cything.cachix.org" "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; diff --git a/hosts/common.nix b/hosts/common.nix index 0fb2fc6..bfa70e3 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,17 +10,13 @@ "@wheel" ]; trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; substituters = [ - "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cything.cachix.org" "https://cache.cy7.sh/main" ]; }; From a22868f0496dbd9633b9ed72256110ef2afde9f3 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 00:14:49 -0400 Subject: [PATCH 298/410] attempts to make garage and attic faster --- hosts/chunk/garage.nix | 2 +- hosts/chunk/rclone.nix | 24 ++++++++++++++++++------ modules/attic.nix | 2 +- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 1620a67..81b4af3 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -16,7 +16,7 @@ db_engine = "lmdb"; disable_scrub = true; block_size = "10M"; - compression_level = 3; + compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index a3faaa2..60d4e0e 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -15,9 +15,16 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --cache-dir /var/cache/rclone \ + --transfers=32 \ + --dir-cache-time 30d \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 2G \ + photos: /mnt/photos + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; }; }; @@ -37,10 +44,15 @@ --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers=32 --checkers=32 \ - --vfs-cache-mode writes \ - --vfs-cache-max-size 5G \ + --transfers=32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 10M \ + --vfs-read-chunk-streams 32 \ rsyncnet:garage /mnt/garage ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; diff --git a/modules/attic.nix b/modules/attic.nix index b24820b..5aa54c6 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -21,7 +21,7 @@ in allowed-hosts = [ "cache.cy7.sh" ]; require-proof-of-possession = false; compression = { - type = "zstd"; + type = "none"; level = 3; }; database.url = "postgresql:///atticd?host=/run/postgresql"; From 8f72e20b096fc7fde7febcb978e3d2d6bd30e858 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 00:15:15 -0400 Subject: [PATCH 299/410] use garage for sccache --- home/yt/ytnix.nix | 4 ++-- secrets/yt/aws.yaml | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 5d60a6d..3ec6aeb 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -113,13 +113,13 @@ RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + SCCACHE_ENDPOINT = "https://s3.cy7.sh"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 40f828a..0a48d33 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,6 +1,8 @@ aws: - key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str] - key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str] + key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] + key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] + _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] + _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: @@ -27,8 +29,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-27T02:50:27Z" - mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str] + lastmodified: "2025-03-16T16:45:13Z" + mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 From 0be44bc4c896fbc6015a4a81487b4a7916043084 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 11:08:49 -0400 Subject: [PATCH 300/410] workflow: disable fail-fast when building homes --- .github/workflows/build-machines-and-homes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index eded224..21d70a8 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -72,6 +72,7 @@ jobs: attic push main --stdin <<< "$cache" build-homes: strategy: + fail-fast: false matrix: home: - yt@ytnix From 54af66d26cb66cac4d083fbdb8ec09e61174b8a1 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 11:09:00 -0400 Subject: [PATCH 301/410] remove garnix cache --- flake.nix | 3 --- hosts/common.nix | 7 +------ 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 3f362e2..7746231 100644 --- a/flake.nix +++ b/flake.nix @@ -113,15 +113,12 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.garnix.io" "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - builders-use-substitutes = true; }; outputs = diff --git a/hosts/common.nix b/hosts/common.nix index bfa70e3..c7841c3 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -11,12 +11,10 @@ ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - substituters = [ + trusted-substituters = [ "https://nix-community.cachix.org" - "https://cache.garnix.io" "https://cache.cy7.sh/main" ]; }; @@ -31,9 +29,6 @@ persistent = true; options = "--delete-older-than 14d"; }; - extraOptions = '' - builders-use-substitutes = true - ''; registry.nixpkgs.flake = inputs.nixpkgs; }; From d50d2dcb7354a58933e0b83a136d503a87f81f8e Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 21:38:31 -0400 Subject: [PATCH 302/410] workflow: always() cache --- .github/workflows/build-machines-and-homes.yml | 16 ++++++++++++---- .github/workflows/build-packages.yml | 3 ++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 21d70a8..4e45c05 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -63,13 +63,17 @@ jobs: run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache + if: always() + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" build-homes: strategy: fail-fast: false @@ -119,10 +123,14 @@ jobs: run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache + if: always() + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index d23da13..872aa6d 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -42,10 +42,11 @@ jobs: attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} - name: cache result + if: always() run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 7b4f70fbe6af7627e66c5f0de0bd1f9ccbd9d55f Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 23:32:31 -0400 Subject: [PATCH 303/410] remove lix input (only use lix-module) --- flake.lock | 81 ++++++------------------------------------------------ flake.nix | 7 +---- 2 files changed, 10 insertions(+), 78 deletions(-) diff --git a/flake.lock b/flake.lock index bd1a4e5..bff9eba 100644 --- a/flake.lock +++ b/flake.lock @@ -564,29 +564,17 @@ } }, "lix": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "nix2container": "nix2container", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-regression": "nixpkgs-regression", - "pre-commit-hooks": "pre-commit-hooks" - }, + "flake": false, "locked": { - "lastModified": 1741700536, - "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", - "ref": "refs/heads/main", - "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", - "revCount": 17635, - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" + "lastModified": 1742262179, + "narHash": "sha256-bmywICXzaly0Q9orrv8ADTAPyNrzjzPX52Dk5I2omd4=", + "rev": "5243a6f8b4d5936ffdf2b5b44451e5949a73da06", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/5243a6f8b4d5936ffdf2b5b44451e5949a73da06.tar.gz?rev=5243a6f8b4d5936ffdf2b5b44451e5949a73da06" }, "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" } }, "lix-module": { @@ -595,9 +583,7 @@ "flake-utils" ], "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], + "lix": "lix", "nixpkgs": [ "nixpkgs" ] @@ -760,22 +746,6 @@ "type": "github" } }, - "nix2container": { - "flake": false, - "locked": { - "lastModified": 1724996935, - "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1730531603, @@ -792,22 +762,6 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -967,22 +921,6 @@ "type": "github" } }, - "pre-commit-hooks": { - "flake": false, - "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1037,7 +975,6 @@ "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix": "lix", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", diff --git a/flake.nix b/flake.nix index 7746231..63877d3 100644 --- a/flake.nix +++ b/flake.nix @@ -51,12 +51,6 @@ url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; - inputs.lix.follows = "lix"; - }; - lix = { - url = "git+https://git.lix.systems/lix-project/lix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-compat.follows = "flake-compat"; }; nix-ld = { url = "github:nix-community/nix-ld"; @@ -166,6 +160,7 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ + inputs.lix-module.overlays.default inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); From ec9283ee263002081940c185e1a887ae8fc6d739 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 23:38:40 -0400 Subject: [PATCH 304/410] workflow: rm cache nix store action --- .../workflows/build-machines-and-homes.yml | 34 ------------------- 1 file changed, 34 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 4e45c05..741aa70 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -42,23 +42,6 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - name: setup attic run: | nix profile install github:zhaofengli/attic @@ -102,23 +85,6 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - name: setup attic run: | nix profile install github:zhaofengli/attic From f0add8c95fcef356a42db49da6910ce7ebb70c7f Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 23:42:19 -0400 Subject: [PATCH 305/410] rm lix-module from overlay --- flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake.nix b/flake.nix index 63877d3..8370a2d 100644 --- a/flake.nix +++ b/flake.nix @@ -160,7 +160,6 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ - inputs.lix-module.overlays.default inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); From c299b501a6d76f813398e68d2a4e082ca77b2bd4 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 00:15:32 -0400 Subject: [PATCH 306/410] workflow: use cachix installer --- .github/workflows/build-machines-and-homes.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 741aa70..7278ee3 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -37,7 +37,7 @@ jobs: remove-docker-images: 'true' build-mount-path: /nix - name: Install Nix - uses: nixbuild/nix-quick-install-action@master + uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: @@ -80,7 +80,8 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master + - name: Install Nix + uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: From 2260347ed95b1f5bd18ad59c2e3e0b242ce1630e Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 13:22:12 -0400 Subject: [PATCH 307/410] flake update --- flake.lock | 100 +++++++++++++++++++++++----------------------- modules/caddy.nix | 2 +- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index bff9eba..4bf9015 100644 --- a/flake.lock +++ b/flake.lock @@ -92,11 +92,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1741378155, - "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", + "lastModified": 1741891349, + "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", "owner": "girlbossceo", "repo": "complement", - "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", + "rev": "e587b3df569cba411aeac7c20b6366d03c143745", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1741642109, - "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", + "lastModified": 1742266954, + "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", + "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "crane": { "locked": { - "lastModified": 1741481578, - "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "lastModified": 1742317686, + "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", "owner": "ipetkov", "repo": "crane", - "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1741360584, - "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "lastModified": 1742243551, + "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1741701235, - "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", + "lastModified": 1742305478, + "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", + "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1742262179, - "narHash": "sha256-bmywICXzaly0Q9orrv8ADTAPyNrzjzPX52Dk5I2omd4=", - "rev": "5243a6f8b4d5936ffdf2b5b44451e5949a73da06", + "lastModified": 1741888409, + "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", + "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/5243a6f8b4d5936ffdf2b5b44451e5949a73da06.tar.gz?rev=5243a6f8b4d5936ffdf2b5b44451e5949a73da06" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" }, "original": { "type": "tarball", @@ -589,11 +589,11 @@ ] }, "locked": { - "lastModified": 1738176840, - "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", + "lastModified": 1741894565, + "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", "ref": "refs/heads/main", - "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", - "revCount": 133, + "rev": "a6da43f8193d9e329bba1795c42590c27966082e", + "revCount": 136, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -713,11 +713,11 @@ ] }, "locked": { - "lastModified": 1741619381, - "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", + "lastModified": 1742174123, + "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", + "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", "type": "github" }, "original": { @@ -733,11 +733,11 @@ ] }, "locked": { - "lastModified": 1741597901, - "narHash": "sha256-nLUTgXXcFFz+3pd3Khz1H4jUECqX5+OapNPGioPJRQs=", + "lastModified": 1742204505, + "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", "owner": "nix-community", "repo": "nix-ld", - "rev": "8e0308dd7dd9cd3656866fb2387bc29052fd6d3a", + "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", "type": "github" }, "original": { @@ -780,11 +780,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1741600792, - "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", + "lastModified": 1742268799, + "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", + "rev": "da044451c6a70518db5b730fe277b70f494188f1", "type": "github" }, "original": { @@ -828,11 +828,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1741692589, - "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", + "lastModified": 1742276595, + "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", + "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", "type": "github" }, "original": { @@ -853,11 +853,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741637833, - "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", + "lastModified": 1742255305, + "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", "owner": "nix-community", "repo": "nixvim", - "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", + "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", "type": "github" }, "original": { @@ -1014,11 +1014,11 @@ ] }, "locked": { - "lastModified": 1741660300, - "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", + "lastModified": 1742265167, + "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", + "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", "type": "github" }, "original": { @@ -1034,11 +1034,11 @@ ] }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1742239755, + "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "787afce414bcce803b605c510b60bf43c11f4b55", "type": "github" }, "original": { @@ -1084,11 +1084,11 @@ ] }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742303424, + "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ ] }, "locked": { - "lastModified": 1741704640, - "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", + "lastModified": 1742262692, + "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "27f37976beb94100b18ab8407ff056654db68506", + "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", "type": "github" }, "original": { diff --git a/modules/caddy.nix b/modules/caddy.nix index 6b46cb5..131edf3 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -21,7 +21,7 @@ in # (still need the @ to pass nix config check) "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" ]; - hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + hash = "sha256-W09nFfBKd+9QEuzV3RYLeNy2CTry1Tz3Vg1U2JPNPPc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; From 1c8135095c8b7700ccc6228d919e10b762a4a1ee Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 14:18:02 -0400 Subject: [PATCH 308/410] attic: try prefetching 8 chunks --- overlay/attic/default.nix | 2 +- .../attic/{prefetch-32-chunks.patch => prefetch-8-chunks.patch} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename overlay/attic/{prefetch-32-chunks.patch => prefetch-8-chunks.patch} (85%) diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 14f5daf..454d367 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -1,7 +1,7 @@ final: prev: { attic-server = prev.attic-server.overrideAttrs { patches = [ - ./prefetch-32-chunks.patch + ./prefetch-8-chunks.patch ]; }; } diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-8-chunks.patch similarity index 85% rename from overlay/attic/prefetch-32-chunks.patch rename to overlay/attic/prefetch-8-chunks.patch index bbb801b..3786541 100644 --- a/overlay/attic/prefetch-32-chunks.patch +++ b/overlay/attic/prefetch-8-chunks.patch @@ -7,7 +7,7 @@ index 02e4857..71eeee8 100644 // TODO: Make num_prefetch configurable // The ideal size depends on the average chunk size - let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { -+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { ++ let merged = merge_chunks(chunks, streamer, storage, 8).map_err(|e| { tracing::error!(%e, "Stream error"); e }); From f28234e55592f226b1b0f3a77d3f58d901ce1ae3 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 15:40:06 -0400 Subject: [PATCH 309/410] workflow: add system-features --- .github/workflows/build-machines-and-homes.yml | 2 +- .github/workflows/build-packages.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7278ee3..7731122 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -10,8 +10,8 @@ env: extra-substituters = https://cache.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm TERM: ansi jobs: build-machines: diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 872aa6d..fb0620e 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -13,7 +13,6 @@ env: extra-substituters = https://cache.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi jobs: From ed929219da13b0927a750bf4d71c8e9842e558df Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 18 Mar 2025 23:16:06 -0400 Subject: [PATCH 310/410] nixvim: rm copilot stuff i never use --- home/nixvim/default.nix | 41 +---------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 94895c1..39c3ba9 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -71,41 +71,6 @@ key = ""; mode = "i"; } - # quick chat with copilot - { - key = "ccq"; - action.__raw = '' - function() - local input = vim.fn.input("Quick chat: ") - if input ~= "" then - require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer }) - end - end - ''; - mode = [ - "n" - "v" - ]; - } - # ask perplexity a quick question - { - key = "ccs"; - action.__raw = '' - function() - local input = vim.fn.input("Perplexity: ") - if input ~= "" then - require("CopilotChat").ask(input, { - agent = "perplexityai", - selection = false, - }) - end - end - ''; - mode = [ - "n" - "v" - ]; - } ]; plugins.cmp = { @@ -196,11 +161,7 @@ nix.flake.autoArchive = true; }; }; - rust_analyzer = { - enable = true; - installRustc = true; - installCargo = true; - }; + rust_analyzer.enable = true; eslint.enable = true; }; }; From 384398b08abd0aee66b3ce24ab9aee3df5c5f8b4 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 19 Mar 2025 23:14:24 -0400 Subject: [PATCH 311/410] misc --- home/codium.nix | 1 + home/nixvim/default.nix | 6 +++++- home/yt/ytnix.nix | 4 ++-- home/zsh/default.nix | 2 +- hosts/common.nix | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index 935866b..28c3a6e 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -22,6 +22,7 @@ emilast.logfilehighlighter tamasfe.even-better-toml golang.go + ms-python.python ]; userSettings = let diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 39c3ba9..0ce28d6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -161,7 +161,11 @@ nix.flake.autoArchive = true; }; }; - rust_analyzer.enable = true; + rust_analyzer = { + enable = true; + installRustc = false; + installCargo = false; + }; eslint.enable = true; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 3ec6aeb..1731475 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -60,7 +60,6 @@ unzip anki-bin trezorctl - trezor-agent q gdb fuzzel @@ -100,9 +99,10 @@ nix-output-monitor wl-clipboard-rs pixelflasher - element-desktop + cinny-desktop freetube gopls + rust-analyzer ]; home.sessionVariables = { diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 9b5bcc6..e599f0d 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -92,7 +92,7 @@ "s" = "sudo"; "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; - "hrs" = "home-manager switch -L --flake . |& nom --json"; + "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; diff --git a/hosts/common.nix b/hosts/common.nix index c7841c3..779a4e1 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -13,7 +13,7 @@ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - trusted-substituters = [ + extra-substituters = [ "https://nix-community.cachix.org" "https://cache.cy7.sh/main" ]; From 6fa16fa422fa02a8a3c65bd9a4825256366be8f3 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 19 Mar 2025 23:45:30 -0400 Subject: [PATCH 312/410] try default conduwuit package --- overlay/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/default.nix b/overlay/default.nix index 0eea626..cd9f038 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -15,7 +15,7 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = pkgFrom inputs.conduwuit "default"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; From 5cc48a3eb3f29f224b8df8c33635efa250569054 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 03:17:22 -0400 Subject: [PATCH 313/410] try alternative cache domain --- .github/workflows/build-machines-and-homes.yml | 2 +- .github/workflows/build-packages.yml | 2 +- flake.nix | 2 +- hosts/common.nix | 2 +- modules/attic.nix | 13 ++++++++----- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7731122..1900b0e 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -7,7 +7,7 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cache.cy7.sh/main + extra-substituters = https://cdn.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index fb0620e..1d23fe9 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -10,7 +10,7 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cache.cy7.sh/main + extra-substituters = https://cdn.cy7.sh/main extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true diff --git a/flake.nix b/flake.nix index 8370a2d..b469e18 100644 --- a/flake.nix +++ b/flake.nix @@ -107,7 +107,7 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.cy7.sh/main" + "https://cdn.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" diff --git a/hosts/common.nix b/hosts/common.nix index 779a4e1..7067008 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -15,7 +15,7 @@ ]; extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.cy7.sh/main" + "https://cdn.cy7.sh/main" ]; }; channel.enable = false; diff --git a/modules/attic.nix b/modules/attic.nix index 5aa54c6..c08afe1 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -18,7 +18,7 @@ in settings = { listen = "[::]:8091"; api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" ]; + allowed-hosts = [ "cache.cy7.sh" "cdn.cy7.sh" ]; require-proof-of-possession = false; compression = { type = "none"; @@ -39,9 +39,12 @@ in }; }; - services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8091 - ''; + services.caddy.virtualHosts."cache.cy7.sh" = { + serverAliases = [ "cdn.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; + }; }; } From 02dc7351efac7d11e4b997609abdb6bdd1fb6848 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 10:09:34 -0400 Subject: [PATCH 314/410] make rclone master --- hosts/chunk/rclone.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 60d4e0e..09f5b18 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -44,15 +44,17 @@ --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers=32 \ + --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 10M \ - --vfs-read-chunk-streams 32 \ + --vfs-read-chunk-size 4M \ + --vfs-read-chunk-streams 64 \ + --sftp-concurrency 128 \ + --sftp-chunk-size 255k \ rsyncnet:garage /mnt/garage ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; From 959deb8dbc5c7559c17a377ece1b698a47dbef8d Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 11:03:22 -0400 Subject: [PATCH 315/410] try helix --- flake.lock | 43 ++++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++++ home/yt/ytnix.nix | 13 +++++++++++++ overlay/default.nix | 1 + 4 files changed, 61 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 4bf9015..ddda4b4 100644 --- a/flake.lock +++ b/flake.lock @@ -448,6 +448,30 @@ "type": "github" } }, + "helix": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": "nixpkgs_4", + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1742479163, + "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=", + "owner": "helix-editor", + "repo": "helix", + "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "repo": "helix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -827,6 +851,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1742276595, "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", @@ -973,13 +1013,14 @@ "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "garage": "garage", + "helix": "helix", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", diff --git a/flake.nix b/flake.nix index b469e18..54a1b90 100644 --- a/flake.nix +++ b/flake.nix @@ -92,6 +92,11 @@ flake-utils.follows = "flake-utils"; }; }; + helix = { + url = "github:helix-editor/helix"; + inputs.flake-utils.follows = "flake-utils"; + inputs.rust-overlay.follows = "rust-overlay"; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 1731475..6ce06ec 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -152,4 +152,17 @@ }; programs.nix-index-database.comma.enable = true; + programs.helix = { + enable = true; + settings = { + theme = "github_dark"; + editor = { + line-number = "relative"; + lsp.display-messages = true; + }; + keys.insert = { + "C-[" = "normal_mode"; + }; + }; + }; } diff --git a/overlay/default.nix b/overlay/default.nix index cd9f038..d8780e2 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -24,6 +24,7 @@ in meta.mainProgram = "garage"; } ); + helix = pkgFrom inputs.helix "default"; } ) ] From 8ffe43a4414500d1a11b2d50e5c735e98c051633 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 16:10:39 -0400 Subject: [PATCH 316/410] attic: always prefer streams --- overlay/attic/prefetch-8-chunks.patch | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch index 3786541..eafc514 100644 --- a/overlay/attic/prefetch-8-chunks.patch +++ b/overlay/attic/prefetch-8-chunks.patch @@ -1,7 +1,16 @@ diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..71eeee8 100644 +index 02e4857..b522154 100644 --- a/server/src/api/binary_cache.rs +++ b/server/src/api/binary_cache.rs +@@ -215,7 +215,7 @@ async fn get_nar( + let chunk = chunks[0].as_ref().unwrap(); + let remote_file = &chunk.remote_file.0; + let storage = state.storage().await?; +- match storage.download_file_db(remote_file, false).await? { ++ match storage.download_file_db(remote_file, true).await? { + Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), + Download::AsyncRead(stream) => { + let stream = ReaderStream::new(stream).map_err(|e| { @@ -262,7 +262,7 @@ async fn get_nar( // TODO: Make num_prefetch configurable @@ -11,3 +20,4 @@ index 02e4857..71eeee8 100644 tracing::error!(%e, "Stream error"); e }); + From c67622ba36b205d1d1f8d2ab268142ba538b6157 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:43:22 -0400 Subject: [PATCH 317/410] refactor rclone, use same serviceConfig for all mounts --- hosts/chunk/rclone.nix | 66 ++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 09f5b18..31cdf54 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -4,6 +4,32 @@ lib, ... }: +let + mkServiceConfig = remote: mount: { + Type = "notify"; + TimeoutSec = "5min 20s"; + ExecStartPre = "/usr/bin/env mkdir -p ${mount}"; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers 32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ + --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 4M \ + --vfs-read-chunk-streams 32 \ + --sftp-concurrency 128 \ + --sftp-chunk-size 255k \ + ${remote} ${mount} + ''; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + }; +in { systemd.services.immich-mount = { enable = true; @@ -12,21 +38,7 @@ after = [ "network-online.target" ]; requiredBy = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --cache-dir /var/cache/rclone \ - --transfers=32 \ - --dir-cache-time 30d \ - --vfs-cache-mode writes \ - --vfs-cache-max-size 2G \ - photos: /mnt/photos - ''; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; - }; + serviceConfig = mkServiceConfig "photos:" "/mnt/photos"; }; systemd.services.garage-mount = { @@ -36,28 +48,6 @@ after = [ "network-online.target" ]; requiredBy = [ "garage.service" ]; before = [ "garage.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --allow-other \ - --cache-dir /var/cache/rclone \ - --transfers 32 \ - --vfs-cache-mode full \ - --vfs-cache-min-free-space 5G \ - --dir-cache-time 30d \ - --no-checksum \ - --no-modtime \ - --vfs-fast-fingerprint \ - --vfs-read-chunk-size 4M \ - --vfs-read-chunk-streams 64 \ - --sftp-concurrency 128 \ - --sftp-chunk-size 255k \ - rsyncnet:garage /mnt/garage - ''; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; - }; + serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage"; }; } From 31e8487a3f1d3fd3671ba47a6749a6117e992585 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:44:29 -0400 Subject: [PATCH 318/410] immich: backup database to disk (not mount) --- hosts/chunk/immich.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 6541770..f2636f1 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -9,6 +9,7 @@ let thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; + backupsLocation = "/opt/immich/backups"; in { virtualisation.oci-containers.containers = { @@ -21,6 +22,7 @@ in "${uploadLocation}:/usr/src/app/upload" "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" + "${backupsLocation}:/usr/src/app/upload/backups" ]; environment = { REDIS_HOSTNAME = "immich-redis"; From 9400279febe41d5283e377fdff61196d4416e2e2 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:44:45 -0400 Subject: [PATCH 319/410] garage: use 128M block_size --- hosts/chunk/garage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 81b4af3..6a25df2 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -15,7 +15,7 @@ replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "10M"; + block_size = "128M"; compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; From 55267c5154af54c5eae292bba2a30c51e0923cd1 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:45:22 -0400 Subject: [PATCH 320/410] attic: don't chunk, s3 at localhost, start after garage --- modules/attic.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/modules/attic.nix b/modules/attic.nix index c08afe1..a43d444 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -30,12 +30,31 @@ in type = "s3"; region = "us-east-1"; bucket = "attic"; - endpoint = "https://s3.cy7.sh"; + # attic must be patched to never serve pre-signed s3 urls directly + # otherwise it will redirect clients to this localhost endpoint + endpoint = "http://127.0.0.1:3900"; }; garbage-collection = { default-retention-period = "1 month"; }; + + chunking = { + # disable chunking since garage does its own + nar-size-threshold = 0; + # defaults + min-size = 16384; + avg-size = 65536; + max-size = 262144; + }; + }; + }; + + systemd.services.atticd = { + requires = [ "garage.service" ]; + after = [ "garage.service" ]; + environment = { + RUST_LOG = "INFO"; }; }; From 8c921fc1ab4d703cffd19bee965280845ff1ad24 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 20 Mar 2025 19:46:04 -0400 Subject: [PATCH 321/410] nixvim: enable yamlls; home/chunk: remove attic-server --- home/nixvim/default.nix | 8 +------- home/yt/chunk.nix | 4 ---- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 0ce28d6..5199812 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -167,6 +167,7 @@ installCargo = false; }; eslint.enable = true; + yamlls.enable = true; }; }; plugins.treesitter = { @@ -198,13 +199,6 @@ settings.current_line_blame = true; }; - plugins.copilot-chat = { - enable = true; - settings = { - model = "claude-3.5-sonnet"; - }; - }; - plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; plugins.cmp-nvim-lsp.enable = true; diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index ad024cd..474abfc 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -14,8 +14,4 @@ programs.home-manager.enable = true; systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - attic-server - ]; } From b5d3358f526f7ea323ff7adddc998ee9b23ba610 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Mar 2025 10:43:56 -0400 Subject: [PATCH 322/410] vscode stuff and try to make treefmt not suck --- .../workflows/build-machines-and-homes.yml | 6 ++ flake.nix | 8 ++- home/codium.nix | 64 +++++++++++++++++-- home/yt/ytnix.nix | 1 - 4 files changed, 70 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1900b0e..43ea5bf 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: push: pull_request: + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -13,6 +14,7 @@ env: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm TERM: ansi + jobs: build-machines: strategy: @@ -36,16 +38,20 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix uses: cachix/install-nix-action@v30 + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" diff --git a/flake.nix b/flake.nix index 54a1b90..1c5adea 100644 --- a/flake.nix +++ b/flake.nix @@ -134,7 +134,6 @@ imports = [ inputs.treefmt.flakeModule ]; - debug = true; systems = [ "x86_64-linux" ]; @@ -147,11 +146,14 @@ treefmt = { projectRootFile = "flake.nix"; programs.nixfmt.enable = true; - programs.stylua.enable = true; - programs.yamlfmt.enable = true; programs.typos.enable = true; programs.shellcheck.enable = true; + programs.yamlfmt = { + enable = true; + settings.retain_line_breaks = true; + }; + settings.global.excludes = [ "secrets/*" "**/*.png" # tries to format a png file diff --git a/home/codium.nix b/home/codium.nix index 28c3a6e..00724b6 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { programs.vscode = { enable = true; @@ -23,10 +23,12 @@ tamasfe.even-better-toml golang.go ms-python.python + christian-kohler.path-intellisense ]; userSettings = let vimCommonKeyBindings = [ + # nice emacs bindings { "before" = [ "C-a" ]; "commands" = [ "cursorHome" ]; @@ -35,6 +37,19 @@ "before" = [ "C-e" ]; "commands" = [ "cursorEnd" ]; } + { + "before" = [ "C-b" ]; + "commands" = [ "cursorLeft" ]; + } + { + "before" = [ "C-f" ]; + "commands" = [ "cursorRight" ]; + } + # ctrl+h to turn off search highlighting + { + "before" = [ "C-h" ]; + "commands" = [ ":nohl" ]; + } ]; in { @@ -74,7 +89,7 @@ "markdown-preview-enhanced.previewTheme" = "github-dark.css"; "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; + "nix.serverPath" = "${lib.getExe pkgs.nil}"; "bookmarks.saveBookmarksInProject" = true; "cSpell.enabledFileTypes" = { @@ -84,6 +99,15 @@ # vim stuff "vim.leader" = ","; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; + "vim.sneak" = true; + "vim.sneakUseIgnorecaseAndSmartcase" = true; + "vim.enableNeovim" = true; + "vim.hlsearch" = true; + "vim.easymotion" = true; + "editor.lineNumbers" = "relative"; "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ { "before" = [ ";" ]; @@ -118,6 +142,13 @@ ]; "commands" = [ "workbench.action.toggleSidebarVisibility" ]; } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } { "before" = [ "" @@ -191,10 +222,33 @@ "commands" = [ "editor.action.outdentLines" ]; } ]; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; }; + keybindings = [ + # repeat these vim bindings here cause otherwise they get overridden by vscode + { + "key" = "ctrl+b"; + "when" = "inputFocus"; + "command" = "cursorLeft"; + } + { + "key" = "ctrl+f"; + "when" = "inputFocus"; + "command" = "cursorRight"; + } + # clear default bindings that conflict + { + "key" = "ctrl+f"; + "command" = "-actions.find"; + } + { + "key" = "ctrl+b"; + "command" = "-workbench.action.toggleSidebarVisibility"; + } + { + "key" = "ctrl+w"; + "command" = "-workbench.action.closeActiveEditor"; + } + ]; }; }; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 6ce06ec..4e431b2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -76,7 +76,6 @@ )) p7zip qbittorrent - nil android-tools frida-tools mitmproxy From 57aa1103476fa98b45e43ae8ce43a756ee6ccd94 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Mar 2025 11:51:51 -0400 Subject: [PATCH 323/410] don't overlay pixelflasher and don't patch attic num_prefetch --- flake.lock | 17 ----------------- flake.nix | 1 - overlay/attic/prefetch-8-chunks.patch | 9 --------- overlay/default.nix | 1 - 4 files changed, 28 deletions(-) diff --git a/flake.lock b/flake.lock index ddda4b4..a6ee1bb 100644 --- a/flake.lock +++ b/flake.lock @@ -945,22 +945,6 @@ "type": "github" } }, - "pixelflasher": { - "locked": { - "lastModified": 1741302870, - "narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "5ef8b274bb7f939104295a22cec3382268ed73cc", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "pixelflasher", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1024,7 +1008,6 @@ "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", - "pixelflasher": "pixelflasher", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", diff --git a/flake.nix b/flake.nix index 1c5adea..b5fccc8 100644 --- a/flake.nix +++ b/flake.nix @@ -71,7 +71,6 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; - pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; attic = { url = "github:zhaofengli/attic"; inputs = { diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch index eafc514..3d6134f 100644 --- a/overlay/attic/prefetch-8-chunks.patch +++ b/overlay/attic/prefetch-8-chunks.patch @@ -11,13 +11,4 @@ index 02e4857..b522154 100644 Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), Download::AsyncRead(stream) => { let stream = ReaderStream::new(stream).map_err(|e| { -@@ -262,7 +262,7 @@ async fn get_nar( - - // TODO: Make num_prefetch configurable - // The ideal size depends on the average chunk size -- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { -+ let merged = merge_chunks(chunks, streamer, storage, 8).map_err(|e| { - tracing::error!(%e, "Stream error"); - e - }); diff --git a/overlay/default.nix b/overlay/default.nix index d8780e2..71bee1e 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -16,7 +16,6 @@ in in { conduwuit = pkgFrom inputs.conduwuit "default"; - pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; garage = ( From 225e01d935cd3208e2c6a8bd735b3f8d6b9717cc Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 26 Mar 2025 11:53:06 -0400 Subject: [PATCH 324/410] nix fmt --- .../workflows/build-machines-and-homes.yml | 6 --- home/codium.nix | 54 +++++++++---------- modules/attic.nix | 5 +- 3 files changed, 31 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 43ea5bf..1900b0e 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,7 +3,6 @@ on: workflow_dispatch: push: pull_request: - env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -14,7 +13,6 @@ env: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm TERM: ansi - jobs: build-machines: strategy: @@ -38,20 +36,16 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" diff --git a/home/codium.nix b/home/codium.nix index 00724b6..117c9e0 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -107,7 +107,7 @@ "vim.enableNeovim" = true; "vim.hlsearch" = true; "vim.easymotion" = true; - "editor.lineNumbers" = "relative"; + "editor.lineNumbers" = "relative"; "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ { "before" = [ ";" ]; @@ -223,32 +223,32 @@ } ]; }; - keybindings = [ - # repeat these vim bindings here cause otherwise they get overridden by vscode - { - "key" = "ctrl+b"; - "when" = "inputFocus"; - "command" = "cursorLeft"; - } - { - "key" = "ctrl+f"; - "when" = "inputFocus"; - "command" = "cursorRight"; - } - # clear default bindings that conflict - { - "key" = "ctrl+f"; - "command" = "-actions.find"; - } - { - "key" = "ctrl+b"; - "command" = "-workbench.action.toggleSidebarVisibility"; - } - { - "key" = "ctrl+w"; - "command" = "-workbench.action.closeActiveEditor"; - } - ]; + keybindings = [ + # repeat these vim bindings here cause otherwise they get overridden by vscode + { + "key" = "ctrl+b"; + "when" = "inputFocus"; + "command" = "cursorLeft"; + } + { + "key" = "ctrl+f"; + "when" = "inputFocus"; + "command" = "cursorRight"; + } + # clear default bindings that conflict + { + "key" = "ctrl+f"; + "command" = "-actions.find"; + } + { + "key" = "ctrl+b"; + "command" = "-workbench.action.toggleSidebarVisibility"; + } + { + "key" = "ctrl+w"; + "command" = "-workbench.action.closeActiveEditor"; + } + ]; }; }; } diff --git a/modules/attic.nix b/modules/attic.nix index a43d444..e546a9e 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -18,7 +18,10 @@ in settings = { listen = "[::]:8091"; api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" "cdn.cy7.sh" ]; + allowed-hosts = [ + "cache.cy7.sh" + "cdn.cy7.sh" + ]; require-proof-of-possession = false; compression = { type = "none"; From aea2a217c24d56b34ca7341f3f77edc75abf8caf Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 13:24:37 -0400 Subject: [PATCH 325/410] chunk: remove unused stuff --- hosts/chunk/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9a621c4..f016a84 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -184,7 +184,6 @@ security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; - programs.gnupg.agent.enable = true; programs.git.enable = true; my.caddy.enable = true; @@ -192,8 +191,5 @@ # container stuff my.containerization.enable = true; - my.roundcube.enable = true; - my.zipline.enable = true; - my.searx.enable = true; my.attic.enable = true; } From 8c3f3a4dffe25798bc32aa5adc993fc7d9929979 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 14:42:22 -0400 Subject: [PATCH 326/410] workflow: use new s3 nix cache add cache priv and pub key add cache priv key to /home/runner workflow: use new cache for build-packages --- .../workflows/build-machines-and-homes.yml | 29 +++++++------------ .github/workflows/build-packages.yml | 15 ++++------ 2 files changed, 17 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1900b0e..3b36789 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -7,12 +7,15 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cdn.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} jobs: build-machines: strategy: @@ -36,16 +39,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" @@ -53,10 +54,7 @@ jobs: - name: cache if: always() run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" build-homes: strategy: fail-fast: false @@ -80,16 +78,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" @@ -97,7 +93,4 @@ jobs: - name: cache if: always() run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 1d23fe9..2e926b2 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -10,10 +10,11 @@ env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | show-trace = true - extra-substituters = https://cdn.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= experimental-features = nix-command flakes accept-flake-config = true + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi jobs: build-packages: @@ -29,23 +30,19 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} - name: cache result if: always() run: | - derivation="$(nix path-info --derivation "${{ matrix.package }}")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - xargs attic push main <<< "$cache" + nix copy "${{ matrix.machine }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 1ac785fba41a7a9db98352a79c8d1943d6d00813 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 16:39:33 -0400 Subject: [PATCH 327/410] use s3 nix cache --- flake.nix | 4 ++-- hosts/chunk/garage.nix | 12 ++++++++++++ hosts/common.nix | 4 ++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index b5fccc8..52d012f 100644 --- a/flake.nix +++ b/flake.nix @@ -111,11 +111,11 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cdn.cy7.sh/main" + "https://nixcache.cy7.sh" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; }; diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 6a25df2..da9b650 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,6 +10,11 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.cy7.sh"; + add_host_to_metrics = true; + }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; @@ -33,5 +38,12 @@ import common reverse_proxy localhost:3903 ''; + "*.web.cy7.sh" = { + serverAliases = [ "nixcache.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; + }; }; } diff --git a/hosts/common.nix b/hosts/common.nix index 7067008..1d54545 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -11,11 +11,11 @@ ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; extra-substituters = [ "https://nix-community.cachix.org" - "https://cdn.cy7.sh/main" + "https://nixcache.cy7.sh" ]; }; channel.enable = false; From 789e0b7597f0363c06d63583cd96b3923a2f4e2a Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 18:44:53 -0400 Subject: [PATCH 328/410] try to fix rclone memory issue; also disable OOM for now --- hosts/chunk/rclone.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 31cdf54..1da2ad7 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,20 +14,22 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 32 \ + --transfers 16 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 4M \ - --vfs-read-chunk-streams 32 \ + --vfs-read-chunk-size 16M \ + --vfs-read-chunk-streams 16 \ --sftp-concurrency 128 \ --sftp-chunk-size 255k \ + --buffer-size 0 \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + OOMScoreAdjust = -1000; }; in { From ec1f55aecea53367c868a76548bb53dc6de66041 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 18:45:14 -0400 Subject: [PATCH 329/410] sops: add binary cache priv key --- .sops.yaml | 5 +++++ secrets/cache-priv-key.pem | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 secrets/cache-priv-key.pem diff --git a/.sops.yaml b/.sops.yaml index cb7e65d..c812080 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -123,3 +123,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/cache-priv-key.pem + key_groups: + - age: + - *yt + - *cy diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem new file mode 100644 index 0000000..30618df --- /dev/null +++ b/secrets/cache-priv-key.pem @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdkxBV3NSL1NDRjhPanpZ\nWTQwUmJmTExNOG0xZ1l1M2ZUSlFaTWdzS2hvCkdNT0dmK3FhcC85RE1mQmN1Uncw\nU1A4Znk1Vnk3RmY1UWdBY21VdnRZdWMKLS0tIHhTYUVUeTZsYkJFWk5LdnNDWlc5\ndDFDMUN2RmN0MDNXclpEMFA5Z0F5M0kKsLgc2D73RPNdTo4q7hBPGcBVPGwY73g+\nqQZbkVVzKPHo814ivwIVFYv+i5Qvf+p985Rko/fQ98GxW0G5c9Qfkg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZ3B4czExQVZxNUJGNk1X\nbE9Md1Z6blM1S2xhb3VLT0JWbUpjSkxxS1U0Cm41bmt5Rk9LVTJFbVRFT2xxM01i\nTGUyYVU2RWdzRUhBVmNsTzJZWmh6cFUKLS0tIFlXVHQrcTVvbnptRitQVkVXRHBJ\nTjIxVXFvRmRQbUFHRXFjbFIva1IxVG8KciKyUdNjec7ocuKVX8KflMVPKpf/tEVr\nTxudivOoQ0XaqyPVi3cWDpuk2IAWUuJDxjmEctE6JgPtQvs1GsKCdg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-03-27T20:37:28Z", + "mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file From 7c8bc5a1f616cdc72875daeeecb2a129e746d3f0 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 19:10:04 -0400 Subject: [PATCH 330/410] rclone: limit sftp-concurrency to 64 and remove OOMScoreAdjust workaround --- hosts/chunk/rclone.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1da2ad7..803a188 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -23,13 +23,12 @@ let --vfs-fast-fingerprint \ --vfs-read-chunk-size 16M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; - OOMScoreAdjust = -1000; }; in { From 9dbc689e14447020452c7bfb7dffcc591aa90e20 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 19:19:54 -0400 Subject: [PATCH 331/410] workflow: fix typo and don't build on macos --- .github/workflows/build-packages.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 2e926b2..3411c89 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -26,8 +26,8 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - - macos-latest - - macos-13 + # - macos-latest + # - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key @@ -42,7 +42,7 @@ jobs: - name: cache result if: always() run: | - nix copy "${{ matrix.machine }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy "${{ matrix.package }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 9f47fb8a956975923ecf1fc9f84292e50b0c0ca5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 22:11:21 -0400 Subject: [PATCH 332/410] update caddy cloudflare plugin --- modules/caddy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index 131edf3..3e6ca63 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -19,9 +19,9 @@ in plugins = [ # error message will tell you the correct version tag to use # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" + "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-W09nFfBKd+9QEuzV3RYLeNy2CTry1Tz3Vg1U2JPNPPc="; + hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; From 073e118366383504884abd2c5f4aad85316b2dff Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 23:41:07 -0400 Subject: [PATCH 333/410] rm helix; install minio-client --- .sops.yaml | 1 + flake.lock | 43 +------------------------------------------ flake.nix | 5 ----- home/yt/ytnix.nix | 14 +------------- overlay/default.nix | 1 - 5 files changed, 3 insertions(+), 61 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c812080..9e9a860 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -128,3 +128,4 @@ creation_rules: - age: - *yt - *cy + - *chunk diff --git a/flake.lock b/flake.lock index a6ee1bb..20d9470 100644 --- a/flake.lock +++ b/flake.lock @@ -448,30 +448,6 @@ "type": "github" } }, - "helix": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": "nixpkgs_4", - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1742479163, - "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=", - "owner": "helix-editor", - "repo": "helix", - "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c", - "type": "github" - }, - "original": { - "owner": "helix-editor", - "repo": "helix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -851,22 +827,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1742276595, "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", @@ -997,14 +957,13 @@ "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "garage": "garage", - "helix": "helix", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", diff --git a/flake.nix b/flake.nix index 52d012f..b76d3e1 100644 --- a/flake.nix +++ b/flake.nix @@ -91,11 +91,6 @@ flake-utils.follows = "flake-utils"; }; }; - helix = { - url = "github:helix-editor/helix"; - inputs.flake-utils.follows = "flake-utils"; - inputs.rust-overlay.follows = "rust-overlay"; - }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 4e431b2..cd6baa4 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ freetube gopls rust-analyzer + minio-client ]; home.sessionVariables = { @@ -151,17 +152,4 @@ }; programs.nix-index-database.comma.enable = true; - programs.helix = { - enable = true; - settings = { - theme = "github_dark"; - editor = { - line-number = "relative"; - lsp.display-messages = true; - }; - keys.insert = { - "C-[" = "normal_mode"; - }; - }; - }; } diff --git a/overlay/default.nix b/overlay/default.nix index 71bee1e..f4a7353 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -23,7 +23,6 @@ in meta.mainProgram = "garage"; } ); - helix = pkgFrom inputs.helix "default"; } ) ] From 36d1097c2605c82f1e6af2f9628ee7a65addb304 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 23:41:24 -0400 Subject: [PATCH 334/410] add cache priv key to nix.conf --- hosts/common.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hosts/common.nix b/hosts/common.nix index 1d54545..77e0edb 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, config, ... }: { nix = { settings = { @@ -9,7 +9,7 @@ "root" "@wheel" ]; - trusted-public-keys = [ + extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; @@ -17,6 +17,9 @@ "https://nix-community.cachix.org" "https://nixcache.cy7.sh" ]; + secret-key-files = [ + config.sops.secrets.cache-priv-key.path + ]; }; channel.enable = false; optimise = { @@ -74,4 +77,11 @@ services.thermald.enable = true; environment.enableAllTerminfo = true; + + sops.secrets.cache-priv-key = { + format = "binary"; + sopsFile = ../secrets/cache-priv-key.pem; + mode = "0440"; + group = "users"; + }; } From ec8606984436bc33f5d764369a208fbc1e9c451e Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 01:01:12 -0400 Subject: [PATCH 335/410] update sops key; immich: change thumbs path; disable nm-applet --- hosts/chunk/garage.nix | 1 + hosts/chunk/immich.nix | 4 ++-- hosts/ytnix/default.nix | 4 +++- secrets/cache-priv-key.pem | 8 ++++++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index da9b650..b046a4b 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -24,6 +24,7 @@ compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; + logLevel = "warn"; }; services.caddy.virtualHosts = { diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index f2636f1..7dc7824 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -6,7 +6,7 @@ }: let uploadLocation = "/mnt/photos/immich"; - thumbsLocation = "/opt/immich/thumbs"; + # thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; backupsLocation = "/opt/immich/backups"; @@ -20,7 +20,7 @@ in pull = "newer"; volumes = [ "${uploadLocation}:/usr/src/app/upload" - "${thumbsLocation}:/usr/src/app/upload/thumbs" + # "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" "${backupsLocation}:/usr/src/app/upload/backups" ]; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b57887e..eba3509 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -94,8 +94,10 @@ # 3003 # immich-ml # ]; }; + hosts = { + "100.122.132.30" = [ "s3.cy7.sh" ]; + }; }; - programs.nm-applet.enable = true; security.rtkit.enable = true; services.pipewire = { diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem index 30618df..c9bd80e 100644 --- a/secrets/cache-priv-key.pem +++ b/secrets/cache-priv-key.pem @@ -8,11 +8,15 @@ "age": [ { "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdkxBV3NSL1NDRjhPanpZ\nWTQwUmJmTExNOG0xZ1l1M2ZUSlFaTWdzS2hvCkdNT0dmK3FhcC85RE1mQmN1Uncw\nU1A4Znk1Vnk3RmY1UWdBY21VdnRZdWMKLS0tIHhTYUVUeTZsYkJFWk5LdnNDWlc5\ndDFDMUN2RmN0MDNXclpEMFA5Z0F5M0kKsLgc2D73RPNdTo4q7hBPGcBVPGwY73g+\nqQZbkVVzKPHo814ivwIVFYv+i5Qvf+p985Rko/fQ98GxW0G5c9Qfkg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZ3B4czExQVZxNUJGNk1X\nbE9Md1Z6blM1S2xhb3VLT0JWbUpjSkxxS1U0Cm41bmt5Rk9LVTJFbVRFT2xxM01i\nTGUyYVU2RWdzRUhBVmNsTzJZWmh6cFUKLS0tIFlXVHQrcTVvbnptRitQVkVXRHBJ\nTjIxVXFvRmRQbUFHRXFjbFIva1IxVG8KciKyUdNjec7ocuKVX8KflMVPKpf/tEVr\nTxudivOoQ0XaqyPVi3cWDpuk2IAWUuJDxjmEctE6JgPtQvs1GsKCdg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-27T20:37:28Z", From d281beea431ab1729b337d5ce3de9b54f66247b2 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 16:57:46 -0400 Subject: [PATCH 336/410] chunk: rm attic; rclone: use 32 transfers --- hosts/chunk/default.nix | 2 -- hosts/chunk/rclone.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index f016a84..22290c1 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -190,6 +190,4 @@ # container stuff my.containerization.enable = true; - - my.attic.enable = true; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 803a188..c592fbb 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,7 +14,7 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 16 \ + --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ From d4bf0f3ef5a33721149839ba356abaab3032a6b3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 27 Mar 2025 23:43:53 -0400 Subject: [PATCH 337/410] workflow: nix copy --all --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 3b36789..bc1f2db 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -54,7 +54,7 @@ jobs: - name: cache if: always() run: | - nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose build-homes: strategy: fail-fast: false @@ -93,4 +93,4 @@ jobs: - name: cache if: always() run: | - nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 3411c89..c530cb7 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -16,6 +16,8 @@ env: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} jobs: build-packages: strategy: @@ -42,7 +44,7 @@ jobs: - name: cache result if: always() run: | - nix copy "${{ matrix.package }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem" + nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From e610ca24e10996f97dcdf68297dbd0c1b9ffc4ed Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 10:48:25 -0400 Subject: [PATCH 338/410] workflow: sign all just in case something got missed --- .github/workflows/build-machines-and-homes.yml | 2 ++ .github/workflows/build-packages.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index bc1f2db..7e25ec2 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -55,6 +55,7 @@ jobs: if: always() run: | nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose + nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all build-homes: strategy: fail-fast: false @@ -94,3 +95,4 @@ jobs: if: always() run: | nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose + nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index c530cb7..5e779ac 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -45,6 +45,7 @@ jobs: if: always() run: | nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose + nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 61b5533dcaf4fe65494665f9ab3b48cfd74dc138 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 16:59:32 -0400 Subject: [PATCH 339/410] justfile: --commit-lock-file --- justfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/justfile b/justfile index 68b7e5c..9f6236c 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,7 @@ update: git branch -D update || true git switch -c update - nix flake update - git add flake.lock - git commit -s -m "flake update" + nix flake update --commit-lock-file git push -f git switch main From 70ed1418632966ebb70bf52c07c04be5d22e3ebd Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:14:08 -0400 Subject: [PATCH 340/410] workflow: try lix --- .../workflows/build-machines-and-homes.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7e25ec2..8459ace 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -43,6 +43,16 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + - name: Sync repository uses: actions/checkout@v4 with: @@ -83,6 +93,16 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + - name: Sync repository uses: actions/checkout@v4 with: From a45f4132e5902f45545762cceaeffcd8c32359a4 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:36:51 -0400 Subject: [PATCH 341/410] workflow: try another cache command cause --all is really all --- .github/workflows/build-machines-and-homes.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 8459ace..2924929 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -52,6 +52,7 @@ jobs: 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ upgrade-nix \ --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version - name: Sync repository uses: actions/checkout@v4 @@ -64,8 +65,10 @@ jobs: - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') build-homes: strategy: fail-fast: false @@ -102,6 +105,7 @@ jobs: 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ upgrade-nix \ --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version - name: Sync repository uses: actions/checkout@v4 @@ -114,5 +118,7 @@ jobs: - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') From 048800c0bf7ddb2778e92b7e0e4e7d42f3e5fd3a Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:40:46 -0400 Subject: [PATCH 342/410] workflow: same changes to build-packages --- .github/workflows/build-packages.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5e779ac..44af952 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -36,6 +36,17 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version + - name: Sync repository uses: actions/checkout@v4 with: @@ -44,8 +55,9 @@ jobs: - name: cache result if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 47e5c5cd7798811d59702ad9cac04e356c0a08b7 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:47:46 -0400 Subject: [PATCH 343/410] workflow: add new lines --- .github/workflows/build-machines-and-homes.yml | 13 +++++++++++++ .github/workflows/build-packages.yml | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2924929..1272cc1 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: push: pull_request: + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -16,6 +17,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-machines: strategy: @@ -27,6 +29,7 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -39,8 +42,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -58,10 +63,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache if: always() run: | @@ -69,6 +76,7 @@ jobs: nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + build-homes: strategy: fail-fast: false @@ -80,6 +88,7 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -92,8 +101,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -111,10 +122,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache if: always() run: | diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 44af952..637afbf 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,7 @@ on: description: "package to build" required: false type: string + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -18,6 +19,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-packages: strategy: @@ -31,9 +33,11 @@ jobs: # - macos-latest # - macos-13 runs-on: ${{ matrix.os }} + steps: - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -51,15 +55,19 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - run: nix build -L ${{ matrix.package }} + - name: cache result if: always() run: | nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: From 1537fd644418e4ae1b8e60c31d465076ee7bdfce Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:01:35 -0400 Subject: [PATCH 344/410] workflow: try yet another way to cache --- .../workflows/build-machines-and-homes.yml | 30 ++++++++++++++----- .github/workflows/build-packages.yml | 13 ++++++-- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1272cc1..f04d05f 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,12 +70,19 @@ jobs: nix build -L "$package" - name: cache - if: always() + # if: always() run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done build-homes: strategy: @@ -129,9 +136,16 @@ jobs: nix build -L "$package" - name: cache - if: always() + # if: always() run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 637afbf..17e5637 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -61,9 +61,16 @@ jobs: - name: cache result if: always() run: | - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "${{ matrix.package }}") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From c6999339dac9d9241cee33799d253803e5e3d965 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:28:48 -0400 Subject: [PATCH 345/410] workflow: use !cancelled() instead of always() --- .github/workflows/build-machines-and-homes.yml | 6 ++++-- .github/workflows/build-packages.yml | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index f04d05f..2bf0350 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,7 +70,8 @@ jobs: nix build -L "$package" - name: cache - # if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivations=() @@ -136,7 +137,8 @@ jobs: nix build -L "$package" - name: cache - # if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivations=() diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 17e5637..cd3c273 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -59,7 +59,8 @@ jobs: - run: nix build -L ${{ matrix.package }} - name: cache result - if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | derivations=() while IFS=$'\n' read derivation; do From 616d2910303b0d0feb692871ba0e005e11fa550c Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 29 Mar 2025 14:14:11 -0400 Subject: [PATCH 346/410] workflow: use cachix extra_nix_config option --- .../workflows/build-machines-and-homes.yml | 29 +++++++++++++------ .github/workflows/build-packages.yml | 18 +++++++----- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2bf0350..7ede8d4 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -5,15 +5,6 @@ on: pull_request: env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} @@ -48,6 +39,16 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | @@ -115,6 +116,16 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index cd3c273..fea88fc 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -8,14 +8,6 @@ on: type: string env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} @@ -40,6 +32,16 @@ jobs: - name: Install Nix uses: cachix/install-nix-action@v30 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Install Lix run: | From ec978a406d5039abbe471edb24972e3f8f50f1d4 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 09:55:07 -0400 Subject: [PATCH 347/410] workflow: rm GITHUB_TOKEN from update-flake-lock --- .github/workflows/update-flake-lock.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 59006f6..248b096 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -14,7 +14,5 @@ jobs: - uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v30 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v24 From 925f78853bab654428f2caed31ec2d1ba7b28bf2 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 10:21:23 -0400 Subject: [PATCH 348/410] workflow: use deploy keys in update-flake-lock to trigger actions --- .github/workflows/update-flake-lock.yml | 28 ++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 248b096..8d94149 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -11,8 +11,30 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + with: + ssh-key: ${{ secrets.SSH_DEPLOY_KEY }} + - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@53fb48f556dd912c4814b24ee8059a9c91c82b18 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v24 + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + nix flake update --commit-lock-file + + - name: Create PR + uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 + with: + title: nix flake update From f34eec7b178b1ded0e342a07d8957fde3c3dcb39 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 31 Mar 2025 09:01:33 -0400 Subject: [PATCH 349/410] serve nixcache home as text/plain --- hosts/chunk/garage.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index b046a4b..28f7b22 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -43,6 +43,14 @@ serverAliases = [ "nixcache.cy7.sh" ]; extraConfig = '' import common + @plain { + host nixcache.cy7.sh nixcache.web.cy7.sh + path / /nix-cache-info + } + header @plain { + >content-type text/plain + } + reverse_proxy localhost:3902 ''; }; From 67f6032b67f66feb30bb4a1dfde3c6a9ff749446 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 30 Mar 2025 21:29:11 -0400 Subject: [PATCH 350/410] workflow: use nixpkgs#nixos-rebuild --- .github/workflows/build-machines-and-homes.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7ede8d4..563a44c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -67,8 +67,9 @@ jobs: - name: build run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix build -L "$package" + # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + # nix build -L "$package" + nix run nixpkgs#nixos-rebuild build -- --flake ".#${{ matrix.machine }}" - name: cache # https://stackoverflow.com/a/58859404 From 897fd44badfa9277064c2de8436f647c9839b232 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 31 Mar 2025 10:36:45 -0400 Subject: [PATCH 351/410] use release-2.92 branch for lix --- flake.lock | 21 +++++++++++---------- flake.nix | 2 +- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 20d9470..8f15385 100644 --- a/flake.lock +++ b/flake.lock @@ -566,15 +566,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1741888409, - "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", - "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", + "lastModified": 1742250400, + "narHash": "sha256-be2mY7VFiWcPw7GcaJBbUvpnpoLd39wxqTXagBNTR5w=", + "rev": "d8db15010d2059a23a17f70ef542b4d1e7d2c640", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8db15010d2059a23a17f70ef542b4d1e7d2c640.tar.gz?rev=d8db15010d2059a23a17f70ef542b4d1e7d2c640" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -589,15 +589,16 @@ ] }, "locked": { - "lastModified": 1741894565, - "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", - "ref": "refs/heads/main", - "rev": "a6da43f8193d9e329bba1795c42590c27966082e", - "revCount": 136, + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "ref": "release-2.92", + "rev": "3fae818597ca2f1474de62022f850c23be50528d", + "revCount": 134, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, "original": { + "ref": "release-2.92", "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" } diff --git a/flake.nix b/flake.nix index b76d3e1..3093168 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,7 @@ }; }; lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module"; + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; From 16848e291ef454cdee5afa1e6cfb9ff9b3689272 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 31 Mar 2025 10:42:51 -0400 Subject: [PATCH 352/410] workflow: use branch-suffix for update-flake-lock --- .github/workflows/update-flake-lock.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 8d94149..3b79705 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -38,3 +38,5 @@ jobs: uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 with: title: nix flake update + branch: update-flake-inputs + branch-suffix: timestamp From 08a75b8b8fe22e907f6ccdcd280aaa20f99a791a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 12:11:41 -0400 Subject: [PATCH 353/410] flake.lock: Update (#35) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'conduwuit': 'github:girlbossceo/conduwuit/7bf92c8a3710eeff229bd86bc81a89daa94b66d5?narHash=sha256-PoVjZXR24r1WPyWWK%2BDZDAlVr4otn/BcxY7/jd8fehM%3D' (2025-03-18) → 'github:girlbossceo/conduwuit/3e57b7d35d5bd6cfed5900b377f7c68970213518?narHash=sha256-uGI98B%2BbinIclsCJd2wXb7l1k2wV7e%2BsNmX4R8L5RPc%3D' (2025-03-28) • Updated input 'crane': 'github:ipetkov/crane/66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb?narHash=sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE%3D' (2025-03-18) → 'github:ipetkov/crane/70947c1908108c0c551ddfd73d4f750ff2ea67cd?narHash=sha256-vVOAp9ahvnU%2BfQoKd4SEXB2JG2wbENkpqcwlkIXgUC0%3D' (2025-03-19) • Updated input 'garage': 'github:deuxfleurs-org/garage/6906a4ff12838da2a74bdaeb7e7cd05cd1d69699?narHash=sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E%3D' (2025-03-17) → 'github:deuxfleurs-org/garage/14d2f2b18da015508d4a1e31b2f014da5188d516?narHash=sha256-AJfw%2BXRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI%3D' (2025-03-21) • Updated input 'home-manager': 'github:nix-community/home-manager/fb74bb76d94a6c55632376c931fc108131260ee9?narHash=sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4%3D' (2025-03-18) → 'github:nix-community/home-manager/216690777e47aa0fb1475e4dbe2510554ce0bc4b?narHash=sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI%3D' (2025-03-31) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8db15010d2059a23a17f70ef542b4d1e7d2c640.tar.gz?narHash=sha256-be2mY7VFiWcPw7GcaJBbUvpnpoLd39wxqTXagBNTR5w%3D&rev=d8db15010d2059a23a17f70ef542b4d1e7d2c640' (2025-03-17) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?narHash=sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW%2BDvDtuv9SwQZZcs%3D&rev=079528098f5998ba13c88821a2eca1005c1695de' (2025-01-18) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c?narHash=sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y%3D' (2025-03-17) → 'github:nix-community/nix-index-database/b3696bfb6c24aa61428839a99e8b40c53ac3a82d?narHash=sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E%3D' (2025-03-30) • Updated input 'nix-ld': 'github:nix-community/nix-ld/bc1ecb8ca83507c764a3909f02f1acf53c033585?narHash=sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A%3D' (2025-03-17) → 'github:nix-community/nix-ld/140451db1cadeef1e7e9e054332b67b7be808916?narHash=sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs%3D' (2025-03-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2b3795787eba0066a2bc8bba7362422e5713840f?narHash=sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80%3D' (2025-03-18) → 'github:nixos/nixpkgs/1d3a750cb7d8e1058a425810c80790a3842ef27b?narHash=sha256-aRAFj%2BSzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA%3D' (2025-03-31) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/da044451c6a70518db5b730fe277b70f494188f1?narHash=sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic%3D' (2025-03-18) → 'github:nixos/nixpkgs/7ffe0edc685f14b8c635e3d6591b0bbb97365e6c?narHash=sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI%3D' (2025-03-30) • Updated input 'nixvim': 'github:nix-community/nixvim/78f6166c23f80bdfbcc8c44b20f7f4132299a33f?narHash=sha256-XxygfriVXQt%2B5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg%3D' (2025-03-17) → 'github:nix-community/nixvim/d81f37256d0a8691b837b74979d27bf89be8ecdd?narHash=sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU%3D' (2025-03-30) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/86e2038290859006e05ca7201425ea5b5de4aecb?narHash=sha256-4DaDrQDAIxlWhTjH6h/%2BxfG05jt3qDZrZE/7zDLQaS4%3D' (2025-02-02) → 'github:NuschtOS/search/508752835128a3977985a4d5225ff241f7756181?narHash=sha256-i/JCrr/jApVorI9GkSV5to%2BUSrRCa0rWuQDH8JSlK2A%3D' (2025-03-22) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/87f0965f9f5b13fca9f38074eee8369dc767550d?narHash=sha256-RB0UEF9IXIgwuuBFC%2Bs9H4rDyvmMZePHlBAK4vRAwf4%3D' (2025-03-18) → 'github:oxalica/rust-overlay/011de3c895927300651d9c2cb8e062adf17aa665?narHash=sha256-OBcNE%2B2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc%3D' (2025-03-31) • Updated input 'sops-nix': 'github:Mic92/sops-nix/787afce414bcce803b605c510b60bf43c11f4b55?narHash=sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ%3D' (2025-03-17) → 'github:Mic92/sops-nix/8e873886bbfc32163fe027b8676c75637b7da114?narHash=sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo%3D' (2025-03-30) • Updated input 'treefmt': 'github:numtide/treefmt-nix/b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753?narHash=sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00%3D' (2025-03-18) → 'github:numtide/treefmt-nix/29a3d7b768c70addce17af0869f6e2bd8f5be4b7?narHash=sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE%3D' (2025-03-27) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/32de9a383db6b555ac92877dd8b5b986f4151de7?narHash=sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA%2BPy%2Bes%3D' (2025-03-18) → 'github:nix-community/nix-vscode-extensions/300097f877ee9a0c401a57e7ec731f4edace7117?narHash=sha256-LqcqOUJJcTUgACX2N%2Bi6cqMTZ/b0WAT4WUhwV9JWsZg%3D' (2025-03-31) Co-authored-by: github-actions[bot] --- flake.lock | 92 +++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/flake.lock b/flake.lock index 8f15385..df19b3b 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1742266954, - "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", + "lastModified": 1743186614, + "narHash": "sha256-uGI98B+binIclsCJd2wXb7l1k2wV7e+sNmX4R8L5RPc=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", + "rev": "3e57b7d35d5bd6cfed5900b377f7c68970213518", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "crane": { "locked": { - "lastModified": 1742317686, - "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -361,11 +361,11 @@ ] }, "locked": { - "lastModified": 1742243551, - "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", + "lastModified": 1742547966, + "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", + "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516", "type": "github" }, "original": { @@ -455,11 +455,11 @@ ] }, "locked": { - "lastModified": 1742305478, - "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", + "lastModified": 1743430792, + "narHash": "sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", + "rev": "216690777e47aa0fb1475e4dbe2510554ce0bc4b", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1742250400, - "narHash": "sha256-be2mY7VFiWcPw7GcaJBbUvpnpoLd39wxqTXagBNTR5w=", - "rev": "d8db15010d2059a23a17f70ef542b4d1e7d2c640", + "lastModified": 1737234286, + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/d8db15010d2059a23a17f70ef542b4d1e7d2c640.tar.gz?rev=d8db15010d2059a23a17f70ef542b4d1e7d2c640" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", @@ -714,11 +714,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1743306489, + "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d", "type": "github" }, "original": { @@ -734,11 +734,11 @@ ] }, "locked": { - "lastModified": 1742204505, - "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", + "lastModified": 1743410259, + "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=", "owner": "nix-community", "repo": "nix-ld", - "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", + "rev": "140451db1cadeef1e7e9e054332b67b7be808916", "type": "github" }, "original": { @@ -781,11 +781,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "lastModified": 1743367904, + "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", "type": "github" }, "original": { @@ -829,11 +829,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1742276595, - "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", + "lastModified": 1743386251, + "narHash": "sha256-aRAFj+SzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", + "rev": "1d3a750cb7d8e1058a425810c80790a3842ef27b", "type": "github" }, "original": { @@ -854,11 +854,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1742255305, - "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", + "lastModified": 1743362786, + "narHash": "sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU=", "owner": "nix-community", "repo": "nixvim", - "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", + "rev": "d81f37256d0a8691b837b74979d27bf89be8ecdd", "type": "github" }, "original": { @@ -877,11 +877,11 @@ ] }, "locked": { - "lastModified": 1738508923, - "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", + "lastModified": 1742659553, + "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", "owner": "NuschtOS", "repo": "search", - "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", + "rev": "508752835128a3977985a4d5225ff241f7756181", "type": "github" }, "original": { @@ -998,11 +998,11 @@ ] }, "locked": { - "lastModified": 1742265167, - "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", + "lastModified": 1743388531, + "narHash": "sha256-OBcNE+2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", + "rev": "011de3c895927300651d9c2cb8e062adf17aa665", "type": "github" }, "original": { @@ -1018,11 +1018,11 @@ ] }, "locked": { - "lastModified": 1742239755, - "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", + "lastModified": 1743305778, + "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=", "owner": "Mic92", "repo": "sops-nix", - "rev": "787afce414bcce803b605c510b60bf43c11f4b55", + "rev": "8e873886bbfc32163fe027b8676c75637b7da114", "type": "github" }, "original": { @@ -1068,11 +1068,11 @@ ] }, "locked": { - "lastModified": 1742303424, - "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ ] }, "locked": { - "lastModified": 1742262692, - "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", + "lastModified": 1743386331, + "narHash": "sha256-LqcqOUJJcTUgACX2N+i6cqMTZ/b0WAT4WUhwV9JWsZg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", + "rev": "300097f877ee9a0c401a57e7ec731f4edace7117", "type": "github" }, "original": { From ecc20e71f30e4e626ab815687911560fe0e44870 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:17:57 -0400 Subject: [PATCH 354/410] don't use flake-parts --- flake.lock | 19 ++++++- flake.nix | 158 ++++++++++++++++++++--------------------------------- 2 files changed, 75 insertions(+), 102 deletions(-) diff --git a/flake.lock b/flake.lock index df19b3b..480ec6e 100644 --- a/flake.lock +++ b/flake.lock @@ -273,9 +273,7 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { "lastModified": 1741352980, @@ -763,6 +761,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, diff --git a/flake.nix b/flake.nix index 3093168..525c090 100644 --- a/flake.nix +++ b/flake.nix @@ -29,10 +29,6 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-parts.follows = "flake-parts"; }; - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -101,6 +97,7 @@ flake-utils.url = "github:numtide/flake-utils"; crane.url = "github:ipetkov/crane"; flake-compat.url = "github:edolstra/flake-compat"; + flake-parts.url = "github:hercules-ci/flake-parts"; }; nixConfig = { @@ -119,111 +116,74 @@ self, nixpkgs, home-manager, - flake-parts, ... }@inputs: - flake-parts.lib.mkFlake { inherit inputs; } ( - { ... }: + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default + ] ++ (import ./overlay { inherit inputs; }); + }; + in { - imports = [ - inputs.treefmt.flakeModule - ]; - systems = [ - "x86_64-linux" - ]; - perSystem = + nixosConfigurations = + let + lib = nixpkgs.lib; + in { - inputs', - ... - }: - { - treefmt = { - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.typos.enable = true; - programs.shellcheck.enable = true; - - programs.yamlfmt = { - enable = true; - settings.retain_line_breaks = true; - }; - - settings.global.excludes = [ - "secrets/*" - "**/*.png" # tries to format a png file + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lanzaboote.nixosModules.lanzaboote + inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/chunk + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default ]; }; }; - - flake = + homeConfigurations = let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = [ - inputs.rust-overlay.overlays.default - inputs.vscode-extensions.overlays.default - ] ++ (import ./overlay { inherit inputs; }); - }; + lib = home-manager.lib; in { - nixosConfigurations = - let - lib = nixpkgs.lib; - in - { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default - inputs.nix-ld.nixosModules.nix-ld - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in - { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim - inputs.nix-index-database.hmModules.nix-index - ]; - }; + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.nix-index-database.hmModules.nix-index + ]; + }; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; - }; + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; }; - } - ); + }; } From de4797cf066dd4f64de0bf5f4d622c405b12e59d Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:18:12 -0400 Subject: [PATCH 355/410] caddy: add keys.cy7.sh --- modules/caddy.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/caddy.nix b/modules/caddy.nix index 3e6ca63..90ec770 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -36,6 +36,15 @@ in } ''; environmentFile = config.sops.secrets."caddy/env".path; + + virtualHosts."keys.cy7.sh".extraConfig = '' + import common + respond / 200 { + body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD" + } + ''; }; }; } From 35638117ab2ef9ed1021d5049b8a2ef3bcc62f06 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:22:32 -0400 Subject: [PATCH 356/410] dogfood nixcp --- .../workflows/build-machines-and-homes.yml | 32 +++++++------------ 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 563a44c..88d531a 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -76,16 +76,12 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$package") - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + nix profile install git+https://git.cy7.sh/cy/nixcp.git + nixcp \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + -u https://nix-community.cachix.org \ + -u https://nixcache.cy7.sh \ + $package build-homes: strategy: @@ -153,13 +149,9 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "$package") - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + nix profile install git+https://git.cy7.sh/cy/nixcp.git + nixcp \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + -u https://nix-community.cachix.org \ + -u https://nixcache.cy7.sh \ + $package From 0db4f4c4abce421fefe7e8d5e01fae93e317c93d Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 12:37:10 -0400 Subject: [PATCH 357/410] dogfood nixcp everywhere --- .github/workflows/build-machines-and-homes.yml | 6 ++---- .github/workflows/build-packages.yml | 15 +++++---------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 88d531a..6995a7a 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -76,8 +76,7 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix profile install git+https://git.cy7.sh/cy/nixcp.git - nixcp \ + nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ -u https://nixcache.cy7.sh \ @@ -149,8 +148,7 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix profile install git+https://git.cy7.sh/cy/nixcp.git - nixcp \ + nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ -u https://nixcache.cy7.sh \ diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index fea88fc..ce4afd1 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -64,16 +64,11 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - derivations=() - while IFS=$'\n' read derivation; do - derivations+=("$derivation") - done < <(nix path-info --derivation "${{ matrix.package }}") - - for derivation in "${derivations[@]}"; do - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix-store --query --requisites --include-outputs "$derivation") - done + nix run git+https://git.cy7.sh/cy/nixcp.git -- \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + -u https://nix-community.cachix.org \ + -u https://nixcache.cy7.sh \ + "${{ matrix.package }}" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From 97da2848c616b3c571d58b37f2e7de16df94acf9 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 17:05:07 -0400 Subject: [PATCH 358/410] use good ol ssh-agent instead of bitwarden crap; install regular neovim --- home/yt/ytnix.nix | 14 +++++++++++--- hosts/ytnix/default.nix | 3 +++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index cd6baa4..686a8a3 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -122,9 +122,6 @@ AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; - - # bitwarden ssh agent - SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; home.sessionPath = [ @@ -152,4 +149,15 @@ }; programs.nix-index-database.comma.enable = true; + + programs.neovim = { + enable = true; + viAlias = true; + vimAlias = true; + }; + + programs.ssh = { + enable = true; + addKeysToAgent = "yes"; + }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index eba3509..ed91b61 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -329,6 +329,7 @@ curl pcre2 gsettings-desktop-schemas + fzf ]; }; programs.evolution.enable = true; @@ -390,4 +391,6 @@ nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; nix.settings.sandbox = false; + + programs.ssh.startAgent = true; } From 6a3a5d0cfdff73ee6e30cc7affa866bd81c480ae Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 1 Apr 2025 17:08:22 -0400 Subject: [PATCH 359/410] rm overlays fot stuff we dont use anymore --- overlay/attic/default.nix | 7 --- overlay/attic/prefetch-8-chunks.patch | 14 ------ overlay/bitwarden/default.nix | 9 ---- overlay/bitwarden/ssh-agent-no-confirm.patch | 34 --------------- overlay/default.nix | 9 ---- overlay/vscode.nix | 14 ------ overlay/zipline/default.nix | 7 --- overlay/zipline/no-check-bucket.patch | 45 -------------------- 8 files changed, 139 deletions(-) delete mode 100644 overlay/attic/default.nix delete mode 100644 overlay/attic/prefetch-8-chunks.patch delete mode 100644 overlay/bitwarden/default.nix delete mode 100644 overlay/bitwarden/ssh-agent-no-confirm.patch delete mode 100644 overlay/vscode.nix delete mode 100644 overlay/zipline/default.nix delete mode 100644 overlay/zipline/no-check-bucket.patch diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix deleted file mode 100644 index 454d367..0000000 --- a/overlay/attic/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -final: prev: { - attic-server = prev.attic-server.overrideAttrs { - patches = [ - ./prefetch-8-chunks.patch - ]; - }; -} diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch deleted file mode 100644 index 3d6134f..0000000 --- a/overlay/attic/prefetch-8-chunks.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..b522154 100644 ---- a/server/src/api/binary_cache.rs -+++ b/server/src/api/binary_cache.rs -@@ -215,7 +215,7 @@ async fn get_nar( - let chunk = chunks[0].as_ref().unwrap(); - let remote_file = &chunk.remote_file.0; - let storage = state.storage().await?; -- match storage.download_file_db(remote_file, false).await? { -+ match storage.download_file_db(remote_file, true).await? { - Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), - Download::AsyncRead(stream) => { - let stream = ReaderStream::new(stream).map_err(|e| { - diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix deleted file mode 100644 index e9ace96..0000000 --- a/overlay/bitwarden/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( - finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - } - ); -} diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch deleted file mode 100644 index 3e8e023..0000000 --- a/overlay/bitwarden/ssh-agent-no-confirm.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs -index 4e304cc..8203dca 100644 ---- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs -+++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs -@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { - return false; - } - -- let request_id = self.get_request_id().await; -- println!( -- "[SSH Agent] Confirming request from application: {}", -- info.process_name() -- ); -- -- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); -- self.show_ui_request_tx -- .send(SshAgentUIRequest { -- request_id, -- cipher_id: Some(ssh_key.cipher_uuid.clone()), -- process_name: info.process_name().to_string(), -- is_list: false, -- }) -- .await -- .expect("Should send request to ui"); -- while let Ok((id, response)) = rx_channel.recv().await { -- if id == request_id { -- return response; -- } -- } -- false -+ true - } - - async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/default.nix b/overlay/default.nix index f4a7353..9e6336c 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,12 +1,4 @@ { inputs }: -let - overlays = [ - ./zipline - ./bitwarden - ./attic - ]; - importedOverlays = map (m: import m) overlays; -in [ ( final: prev: @@ -26,4 +18,3 @@ in } ) ] -++ importedOverlays diff --git a/overlay/vscode.nix b/overlay/vscode.nix deleted file mode 100644 index 4de2d90..0000000 --- a/overlay/vscode.nix +++ /dev/null @@ -1,14 +0,0 @@ -final: prev: { - vscode-extensions = prev.vscode-extensions // { - github = prev.vscode-extensions.github // { - codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - publisher = "github"; - name = "codespaces"; - version = "1.17.3"; - hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; - }; - }; - }; - }; -} diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix deleted file mode 100644 index b114119..0000000 --- a/overlay/zipline/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -final: prev: { - zipline = prev.zipline.overrideAttrs { - patches = [ - ./no-check-bucket.patch - ]; - }; -} diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch deleted file mode 100644 index 9d1c756..0000000 --- a/overlay/zipline/no-check-bucket.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts -index 089dd64..39dd8f4 100644 ---- a/src/lib/datasource/S3.ts -+++ b/src/lib/datasource/S3.ts -@@ -4,7 +4,6 @@ import { - DeleteObjectCommand, - DeleteObjectsCommand, - GetObjectCommand, -- ListBucketsCommand, - ListObjectsCommand, - PutObjectCommand, - S3Client, -@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource { - endpoint: this.options.endpoint ?? undefined, - forcePathStyle: this.options.forcePathStyle ?? false, - }); -- -- this.ensureBucketExists(); -- } -- -- private async ensureBucketExists() { -- try { -- const res = await this.client.send(new ListBucketsCommand()); -- if (res.$metadata.httpStatusCode !== 200) { -- this.logger -- .error('there was an error while listing buckets', res.$metadata as Record) -- .error('zipline will now exit'); -- process.exit(1); -- } -- -- if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) { -- this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit'); -- process.exit(1); -- } -- } catch (e) { -- this.logger -- .error('there was an error while listing buckets', e as Record) -- .error('zipline will now exit'); -- process.exit(1); -- } finally { -- this.logger.debug(`bucket ${this.options.bucket} exists`); -- } - } - - public async get(file: string): Promise { From da709432f552d3f3c3144a716f65bdda5535a143 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 2 Apr 2025 01:03:35 -0400 Subject: [PATCH 360/410] flake.lock: Update (#37) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'conduwuit': 'github:girlbossceo/conduwuit/3e57b7d35d5bd6cfed5900b377f7c68970213518?narHash=sha256-uGI98B%2BbinIclsCJd2wXb7l1k2wV7e%2BsNmX4R8L5RPc%3D' (2025-03-28) → 'github:girlbossceo/conduwuit/0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8?narHash=sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI%3D' (2025-04-01) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9?narHash=sha256-%2Bu2UunDA4Cl5Fci3m7S643HzKmIDAe%2BfiXrLqYsR2fs%3D' (2025-03-07) → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01) • Updated input 'home-manager': 'github:nix-community/home-manager/216690777e47aa0fb1475e4dbe2510554ce0bc4b?narHash=sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI%3D' (2025-03-31) → 'github:nix-community/home-manager/5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0?narHash=sha256-rvU79DJ6rPDxiH0sTp686Vlm%2BJewwAZPGcwt8OfHJbM%3D' (2025-04-02) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/1d3a750cb7d8e1058a425810c80790a3842ef27b?narHash=sha256-aRAFj%2BSzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA%3D' (2025-03-31) → 'github:nixos/nixpkgs/adae22bea8bcc0aa2fd6e8732044660fb7755f5e?narHash=sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys%2BjQWnkS/BHAMXVk%3D' (2025-04-02) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/7ffe0edc685f14b8c635e3d6591b0bbb97365e6c?narHash=sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI%3D' (2025-03-30) → 'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4?narHash=sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4%3D' (2025-04-01) • Updated input 'nixvim': 'github:nix-community/nixvim/d81f37256d0a8691b837b74979d27bf89be8ecdd?narHash=sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU%3D' (2025-03-30) → 'github:nix-community/nixvim/754b8df7e37be04b7438decee5a5aa18af72cbe1?narHash=sha256-/jlBU7EGIfaa5VKwvVyrSspuuNmgKYOjAuTd2ywyevg%3D' (2025-04-01) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/508752835128a3977985a4d5225ff241f7756181?narHash=sha256-i/JCrr/jApVorI9GkSV5to%2BUSrRCa0rWuQDH8JSlK2A%3D' (2025-03-22) → 'github:NuschtOS/search/2651dbfad93d6ef66c440cbbf23238938b187bde?narHash=sha256-bb/dqoIjtIWtJRzASOe8g4m8W2jUIWtuoGPXdNjM/Tk%3D' (2025-03-28) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/011de3c895927300651d9c2cb8e062adf17aa665?narHash=sha256-OBcNE%2B2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc%3D' (2025-03-31) → 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7?narHash=sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p%2BL5Ojh1SEOqs%3D' (2025-04-02) • Updated input 'sops-nix': 'github:Mic92/sops-nix/8e873886bbfc32163fe027b8676c75637b7da114?narHash=sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo%3D' (2025-03-30) → 'github:Mic92/sops-nix/e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8?narHash=sha256-zI2WSkU%2Bei4zCxT%2BIVSQjNM9i0ST%2B%2BT2qSFXTsAND7s%3D' (2025-04-01) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/300097f877ee9a0c401a57e7ec731f4edace7117?narHash=sha256-LqcqOUJJcTUgACX2N%2Bi6cqMTZ/b0WAT4WUhwV9JWsZg%3D' (2025-03-31) → 'github:nix-community/nix-vscode-extensions/bc23f562c367b3e6300d596c24f0080220897df7?narHash=sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY%3D' (2025-04-02) Co-authored-by: github-actions[bot] --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 480ec6e..a0bb113 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743186614, - "narHash": "sha256-uGI98B+binIclsCJd2wXb7l1k2wV7e+sNmX4R8L5RPc=", + "lastModified": 1743473828, + "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "3e57b7d35d5bd6cfed5900b377f7c68970213518", + "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8", "type": "github" }, "original": { @@ -276,11 +276,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -453,11 +453,11 @@ ] }, "locked": { - "lastModified": 1743430792, - "narHash": "sha256-pGKDA84oK1WTt2yxBUjAwKLacNwJkf9CS7cTXXfgWvI=", + "lastModified": 1743556466, + "narHash": "sha256-rvU79DJ6rPDxiH0sTp686Vlm+JewwAZPGcwt8OfHJbM=", "owner": "nix-community", "repo": "home-manager", - "rev": "216690777e47aa0fb1475e4dbe2510554ce0bc4b", + "rev": "5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0", "type": "github" }, "original": { @@ -794,11 +794,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1743367904, - "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", + "lastModified": 1743501102, + "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", + "rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4", "type": "github" }, "original": { @@ -842,11 +842,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1743386251, - "narHash": "sha256-aRAFj+SzZGUlCMDBbd6yI09ffo9lMgx726VTZMMCRGA=", + "lastModified": 1743559129, + "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1d3a750cb7d8e1058a425810c80790a3842ef27b", + "rev": "adae22bea8bcc0aa2fd6e8732044660fb7755f5e", "type": "github" }, "original": { @@ -867,11 +867,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1743362786, - "narHash": "sha256-XbXIRDbb8/vLBX1M096l7lM5wfzBTp1ZXfUl9bUhVGU=", + "lastModified": 1743536158, + "narHash": "sha256-/jlBU7EGIfaa5VKwvVyrSspuuNmgKYOjAuTd2ywyevg=", "owner": "nix-community", "repo": "nixvim", - "rev": "d81f37256d0a8691b837b74979d27bf89be8ecdd", + "rev": "754b8df7e37be04b7438decee5a5aa18af72cbe1", "type": "github" }, "original": { @@ -890,11 +890,11 @@ ] }, "locked": { - "lastModified": 1742659553, - "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", + "lastModified": 1743201766, + "narHash": "sha256-bb/dqoIjtIWtJRzASOe8g4m8W2jUIWtuoGPXdNjM/Tk=", "owner": "NuschtOS", "repo": "search", - "rev": "508752835128a3977985a4d5225ff241f7756181", + "rev": "2651dbfad93d6ef66c440cbbf23238938b187bde", "type": "github" }, "original": { @@ -1011,11 +1011,11 @@ ] }, "locked": { - "lastModified": 1743388531, - "narHash": "sha256-OBcNE+2/TD1AMgq8HKMotSQF8ZPJEFGZdRoBJ7t/HIc=", + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "011de3c895927300651d9c2cb8e062adf17aa665", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", "type": "github" }, "original": { @@ -1031,11 +1031,11 @@ ] }, "locked": { - "lastModified": 1743305778, - "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=", + "lastModified": 1743502316, + "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8e873886bbfc32163fe027b8676c75637b7da114", + "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", "type": "github" }, "original": { @@ -1104,11 +1104,11 @@ ] }, "locked": { - "lastModified": 1743386331, - "narHash": "sha256-LqcqOUJJcTUgACX2N+i6cqMTZ/b0WAT4WUhwV9JWsZg=", + "lastModified": 1743558944, + "narHash": "sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "300097f877ee9a0c401a57e7ec731f4edace7117", + "rev": "bc23f562c367b3e6300d596c24f0080220897df7", "type": "github" }, "original": { From 026abe5123811883035cf36dcd409f8e0ee0a592 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 03:09:27 -0400 Subject: [PATCH 361/410] init authelia --- .sops.yaml | 7 ++++ hosts/chunk/default.nix | 6 ++- hosts/chunk/garage.nix | 2 +- hosts/chunk/redlib.nix | 1 + modules/authelia.nix | 68 ++++++++++++++++++++++++++++++++++ modules/caddy.nix | 7 ++++ modules/default.nix | 1 + secrets/services/authelia.yaml | 37 ++++++++++++++++++ 8 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 modules/authelia.nix create mode 100644 secrets/services/authelia.yaml diff --git a/.sops.yaml b/.sops.yaml index 9e9a860..21d2151 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -129,3 +129,10 @@ creation_rules: - *yt - *cy - *chunk + - path_regex: secrets/services/authelia.yaml + key_groups: + - age: + - *yt + - *cy + - *chunk + diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 22290c1..56bae51 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -146,12 +146,12 @@ ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" ]; # for forgejo users.users.git = { @@ -190,4 +190,6 @@ # container stuff my.containerization.enable = true; + + my.authelia.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 28f7b22..982e1f4 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -40,7 +40,7 @@ reverse_proxy localhost:3903 ''; "*.web.cy7.sh" = { - serverAliases = [ "nixcache.cy7.sh" ]; + serverAliases = [ "nixcache.cy7.sh" "staging.cy7.sh" ]; extraConfig = '' import common @plain { diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index d095da5..fac65cd 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -13,6 +13,7 @@ services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8087 ''; } diff --git a/modules/authelia.nix b/modules/authelia.nix new file mode 100644 index 0000000..0db83ee --- /dev/null +++ b/modules/authelia.nix @@ -0,0 +1,68 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.authelia; + getSecret = path: config.sops.secrets.${path}.path; + sopsConfig = { + sopsFile = ../secrets/services/authelia.yaml; + owner = "authelia-main"; + }; + domain = "auth.cy7.sh"; + varPath = "/var/lib/authelia-main"; +in +{ + options.my.authelia = { + enable = lib.mkEnableOption "authelia"; + }; + + config = lib.mkIf cfg.enable { + services.authelia.instances.main = { + enable = true; + settings = { + theme = "dark"; + default_2fa_method = "webauthn"; + log.level = "info"; + log.format = "text"; + server = { + disable_healthcheck = true; + endpoints.authz.forward-auth.implementation = "ForwardAuth"; + }; + authentication_backend.file.path = "${varPath}/users_database.yaml"; + access_control = { + default_policy = "deny"; + rules = [ + { + domain = "red.cy7.sh"; + policy = "one_factor"; + } + ]; + }; + session.cookies = [{ + domain = "cy7.sh"; + authelia_url = "https://${domain}"; + }]; + storage.local.path = "${varPath}/db.sqlite3"; + notifier.filesystem.filename = "${varPath}/notifications.txt"; + }; + secrets = { + sessionSecretFile = getSecret "authelia/session"; + storageEncryptionKeyFile = getSecret "authelia/storage"; + jwtSecretFile = getSecret "authelia/jwt"; + }; + }; + + sops.secrets = { + "authelia/jwt" = sopsConfig; + "authelia/storage" = sopsConfig; + "authelia/session" = sopsConfig; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + import common + reverse_proxy localhost:9091 + ''; + }; +} \ No newline at end of file diff --git a/modules/caddy.nix b/modules/caddy.nix index 90ec770..0eb2cb7 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -34,6 +34,13 @@ in resolvers 1.1.1.1 8.8.8.8 } } + + (authelia) { + forward_auth localhost:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } + } ''; environmentFile = config.sops.secrets."caddy/env".path; diff --git a/modules/default.nix b/modules/default.nix index 640d56b..db7bfa4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -9,5 +9,6 @@ ./vaultwarden.nix ./searx.nix ./attic.nix + ./authelia.nix ]; } diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml new file mode 100644 index 0000000..ebf6497 --- /dev/null +++ b/secrets/services/authelia.yaml @@ -0,0 +1,37 @@ +authelia: + jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] + storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] + session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] +sops: + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJOG1menBCTTF3YURCOThM + Q3Z4bnZJYmtQY1RmdTBSeFlhZCtUVzg4Qm5ZClo5NFJqaWg3NElKQjRLcFZGdmxP + cFMwOGxoelJlVnJNamUxWFhETWpiY3cKLS0tIFNDWGRkYVZQWTd2YXg2aGswbmJz + MVJQdDV3ZGdzd3NYL29tYU51NndiNmcKtagAZdoZQo0y0atvRI6f1tY/3j8aD4RP + yvs9RVDdNqm990O5EudjMNhoKLXnFQtX9NlzYVHzrsX0UT/HSUi7mQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0K2tGaktsdXVPN3g0bXps + ZkVWamZGc0QzNk1TaVdla1RDaW90TVpYb25rCmRPL29ZNFFCbVkrbVpseW5SZlFN + dmlLWHVBb1RMb1dvY3NKNHc3NEpMZFEKLS0tIFluRGN6U2paVzVBdCt4d3FyMVZ4 + Nkx5aHo4Qk8vU01wazdWdmhvNWRLQTAK7kiQiEdF1LpzQ/syjRjyhchShrnfhHFE + M/XWLSIcnnApt1dOyJhJlpsQTnT6Y6Fqem0y779/uOQCBJGavscOWw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzK2U3YlRLK3BuK1Q0TkYy + SE1lTkVXUUV4NFVuT2V2VjdqUFpBbVFLSTJnCjI3c0xpMnBnV0M0Q0ZHYTdUSVZl + MWNMQXowWitFVTlIMFBadVJ6OHBBR28KLS0tIHJ1M0NkZzFMSndIUjBwN2tFUmF5 + b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds + JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-02T06:02:29Z" + mac: ENC[AES256_GCM,data:F/nZqGBLsjLqocmtQCShAEDK79pEwZRVXw1ZNd6Rr2I6fewF2j3XAM5Zk9oRyI1jeD6lnKcWaYVx7dYFbcstlmTUZ2farIYZ6G/ylBMQxNP9mom+wWPz9oCwd5qBF5YrI0PtO6dFD7XXcUlWcWlPheuJ035XGp53rtNmvy1LVW0=,iv:+iWhVLm+KSLMb42n5d2I3JE6AQq/6tbd6LHd2nyUKfI=,tag:+oclIvtaG1s3SVLqbDiNwQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 From 7653df7715b58fe9f2960fc3fb2f7d7f0ed5c9e1 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 10:13:51 -0400 Subject: [PATCH 362/410] authelia: configure oidc and use it for immich --- modules/authelia.nix | 23 +++++++++++++++++++++++ secrets/services/authelia.yaml | 6 ++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/modules/authelia.nix b/modules/authelia.nix index 0db83ee..0e404cd 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -46,11 +46,32 @@ in }]; storage.local.path = "${varPath}/db.sqlite3"; notifier.filesystem.filename = "${varPath}/notifications.txt"; + webauthn = { + enable_passkey_login = true; + }; + identity_providers.oidc.clients = [ + { + client_id = "immich"; + client_name = "immich"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://photos.cy7.sh/auth/login" + "https://photos.cy7.sh/user-settings" + "app.immich:///oauth-callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + } + ]; }; secrets = { sessionSecretFile = getSecret "authelia/session"; storageEncryptionKeyFile = getSecret "authelia/storage"; jwtSecretFile = getSecret "authelia/jwt"; + oidcHmacSecretFile = getSecret "authelia/hmac"; + oidcIssuerPrivateKeyFile = getSecret "authelia/oidc_private"; }; }; @@ -58,6 +79,8 @@ in "authelia/jwt" = sopsConfig; "authelia/storage" = sopsConfig; "authelia/session" = sopsConfig; + "authelia/hmac" = sopsConfig; + "authelia/oidc_private" = sopsConfig; }; services.caddy.virtualHosts.${domain}.extraConfig = '' diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml index ebf6497..6aa9c33 100644 --- a/secrets/services/authelia.yaml +++ b/secrets/services/authelia.yaml @@ -2,6 +2,8 @@ authelia: jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] + hmac: ENC[AES256_GCM,data:K/qiyibBlu9wNh9IINHgYQiEZMromSA9Kf0iRVHPVuuhhUBZRyyfFyd4sLYNDLWvYKRJGnTBniIscQuBR+HU3/ttFGN0EkDsuAXlW3tKyLSxTiVgEvsKhA==,iv:2femAZUtSE9DjopiRIRT3Be3T2Qi0J+b8TaNJZ9vcjw=,tag:Sb7TT+1uxtStv20oM8oa8A==,type:str] + oidc_private: ENC[AES256_GCM,data:dzrykbgRk77yDbrnayTzSyiAjvgr5RUuDG046azumPinHL9wBaKpNdx6CqY7o+W95yOyVr/Xriw/aBbSyCZE8RoMchZhnS5Z8moHrIK7RryRM/BmEpOfyFLf9kpaO5QqSGyPt13yJQSA/3TwoXD4et3rVEdEz8mwb+vIA+G3WIZrNY+95KNjhwu9W648eouGBqJFfwTw0tm8mHsu+VZE8OYdp+ujSlKWZcVDEzgMEe+egXbvSB/3sk82HjolcqCmDx+U1TWMZfZdZPaT4RxONy+4kgGDW4FOqtsgctS2uRUQ2CLuRLD8xIulBO/VbsnNuticiM86BYygobq3RUdCKAFLUpcXqNWgnDBvnYPcF6mXPTmFCD3Gr2t4uRkqIIPc3NrW6DKnSO4pu4oVlUiSd9XaHGvAuo0yR7zcG7Zl4BAzhZa1HuVq6QmSNMf1TAo5P5zBc/NKlUVUhgIEKmRkwf95ZDyph1CJJagTsRZp/D4n6gbuzmV2Pjd8GxT6X+GOK7MQ3hPWsQP8+hhf8DArnVa988Z5cVxG3CQS6wEdEfc8yoHXlXwsB6iHjG4GooJk17GkP0YnMqOkv5Y9QbWXGNN/Zce6LJrSdvpd1Z8oWHxFB9ChFEA34tTYE/1wv0C71K6VRADnshBTyg0i+7GxvW0iyplWGEB2/DRv9WbpmIze1vff0KPlwvmdPXvZM7kfJE6uRP+DH5kJeIlKezA+hwuZmTLEu8kTdIkIJVfbzuOmXtX1yO+sQmSs6anqbSBuw5dpKYFFtQ04V+P27uTdi6lbUUfaBiHMhiW2A8aj/1Xf+pOV5oIN1c7PXNhAGrsNbmumQ7mBmbfOZeLC2aze5iKLSu5xqCzMNEWdlxXkmK+eEuUgDAQgW0pRAA12wvAFT8cf5BIeEPQQF4gPJprrQ3u93AXCVXve/TPC6rSEb+uCVq30JRGvIciFAEPWjhtSSO2Mh2zxjaALXVRE456k8DQq5mvovCp003EW23Io+lKDfg73n4LLZvbpHBVa3SQY0YMazjynJTo6UcDT3J/u9kNutIRjszzohMdW4jmykawPb/FFGv4yaX199bkTT/6/ztygaUTUTtWrl40p61lMzFHsz1qPy/5Bp4fxOYk6mLHpUFBpXUlu90ZxiReu6fX9HR6oQ1OC6MmpYjvcvxOAfIszgoMmp0LABJ1XN7DMOxpRrjNqW071xnel2/NzYy/gx0r2SdusxFJckGjrnyVzjEBVFwdpc9lZ+NdyzbNaElt/duk5AhdQ/iTCDlQpFsBhcl83Sbt38P/QlsOCPvRYuOz3vvOgeRprZn4hXuvGpQKJZEy+/rHDFijVABgbqLBxhfQiCpFmfwqQrcI+vFnPBGHP96p8S7xg5Dh2007QyFk9D2zHDHY6E+Iv27UkjaCZI29IAEdBe86IMtLI7Pl0q6XE44cHwD+QqzS55YlPj/F3va9LesoylPzBJwlxogciolfBQfQjLp4OF1rBSpy1Xy/Es7+M9eEsdatX1a3qFzYCJbC8+no5ol0PaIHx4ejH9aeoIiVfq/yXtzV04pJQz0bZfpfKVwtroyHhclEsP9pZVHnnexIFY1xqVF76V0kbusiizhru5ldOWE7smwXD5+KyMCTfDuxPnEjFBZLb/BLjo46sugJTAGQJhBBWJY+h7Je5PP+FnjQG28h4n4NMshhPfnyDEAZWNpDAHi08KhHOGzbNhPl+E+pNrNoNwmJjWbiqZ+P9LVQf1s5C+UrL+uV6qpeVKcm9tjy75fgVTD4iRXb4ejQIWlwO2EVLBzI9BXYsVmly6z0C+8f3wDPswwwocna9SonBus1QGudZ8cLSihZqSYmq6fCIFqfXTlCj3H0aOBNbX7dCYrles/y6jtn0VebQa3UEflXs+4WytpXdKEelN5f1PoJVnjrRF6Wtyq23GNbo1M9BTBQfpUf5x7QnZrxyIVbgvHq3JSR6/5p6yv6SGOdypCEqMtvnw9+bJMi6bxy55tXQNNpBB/GHWPqzOE9//9pqazJzikL/x7HWg/t+tJ7yV7MCFV6Bk2cy77j7i0fftxfHqjF7MRbnIaJRqxiTqp0z2rA4L797Que6a903b/u/AStMnsm8sE9gRy7P5L/PafqpgA/kK2FIxbDDP91cnvikRi2u+oaydHLhCkaq20SIupBCbgyDVkOXZ9n5EnKJDjFOAbOQ2UiXYrQPXDEMPLLUklBeLzQBHY4ZTQ7zzMb1tqvo4UqaHVnw2FwY+PoX2IPmF1ciccFO5uHX2w2qz8Hx0ZCPa9AsR/3HhKAg9sdg0cF0k3nXqTWCSs8j+9vpJxjCmrN1bXwoRA8K/ICYDoOtjb76c1B/Ahvc2YA7OULcM0EAzsQ2Z++cU/OCIcQatxzEx+TOp5i1yN2YnCFHqDBpE1UB2UbxBCYb+oEEBqB9qeFkQI6eZmvHASjdasXUtvnBYNCc3nliGfODoOXKLmzHQZJVPguWFu7b06zWA7fy3qGMjf7h/RhKbfkL9o7HkAvHTSh0+Lpc8gjPVu+sqLNUMyk3196LJWUI3nf7L3kUxkdSBdsJ/18FZ97OzC3Ws9dhhWe02ry3Y2ptRnIlLf8f4Y/P6FpqwR8Asa6NYBq+LKNSuWfzo4ZynkPt4irAm0LDOnZzbrRbQTB7tUHIA1dZMMWueIe22mUDOzTGDPuFSfF31rYbh2rmc3Tjvkumz6g53kdCV4QnL04htkMwql4KvpMCrkkMxDRlOTf1Xh10QrO49aPd29i7LbFjorGj1872hXszPDpmdDN78VApvMzVue8dKdhlz/x/9aCJnp9oEEgdObEg2OYyc29bqd9kbCOs5F4vaI4YdMrN9QKTqjAVG0kQAKH41Q7VCe0/jPWmGpH4Kd40RQ6/NY5g312D3RKV3V30DlCOIm+w1z7XzV2EWTgb5vgg4EbYyVmh3Y7wBguv2qOqzwhGMFrWGx+fTFAe5Zq8TVwvQUfeN/vFlYz+jc8ysKBbyrrAl4vKm2pz9Geu3Rh4AfRRmxawNjE/qlrTk6sWdWNJu7i2Wgk1C2+1FZeAprPg6EsZj7rFEGOFvZIjWrTi7n+IHI+8rRKDo3J5SkAsxiDaDo8dfvGecPp9ig5l9+OiN68t29HxfGnhJsk5eim/vkuA5mdFJW0cy7h3gtP1Z0PtRYsRoBO+hPp7dcYhhh9NqkP4LbVI8graz5FEf0yMmaA6ci7xgBWe/zOa0V539Y9cWzTK5zE2wrWI+mHKsbgUH9s+7y0tTVk9mPaNKhih1MHgCQiFyctQLzVnd6fXnv7JHzkkIY7AQiCjEZ4QPUrj99rDh0bikDtKX0hAiVedGMJQ664Hhyd3sWVGfrC/Qmob+4LhpE24kAxIRf94d2cB1zRFQ02HMGkbVUbge8SPNqqq/HoWkYvNo/ltdL0Nr5Qb1OmY0LP5txGh8cCQt8SD3K/ww+ZjD0ZbqqTwIaND9reyzXL0ryf8yNkiPCTpFiNmdL1rtHw+E2s9HtdngCz9XuGW5GRa4cL5xY1Yt4WBLEnxXwmyB/EOjBIeO4aJuwAcssL3UrvS/IEERWN4XrqVM4O81ainLaXeze1jj9VJcMb+/qz8dMdgm4WGkKfbbJeIsFCrlHOJ0CFNZZmijMvkoTvZ9WTq2OpxxZdsci1UmItlU60LETfWTUK8Q3YOo+c+fukIMPv68NLQH1LsiYjFXo9yDdzfD990uI5wdwnR3S3Sx6Vp04SkzJX7BAZ2UuL0wJ564Ny4S9Ew5BfWucd70mfQaEzOl52M9mqCyJYDfMYhd65YxkAEAV1dMg3FBlpZmOr2wtEQqXz+25cSPCNwQ/obCQt12cLNGRhyNi1Stz2E67Q9sesmssF7dgq0u/TeLezzVxTk13sJj6PzMtdpOYDwsgZJdh9hz8PZ32nJMTJnlkq6zcTYsbq23+HreCx1dHJJEDjpqZlttMYqLZ8mLLob25PzFaue164MbqozFtNTOc8eeOD+hoPCP/hfPoKoNi7oARs0fvwOwCQEug0XpMcz9mF/85ZBxYuDUBEP1vpbD9MpP/ECslqGdHuJePEFiiJOrDVggpaGcgWUfS2jwWv/46Bbz+W9QH+6Y8IevMf+lXPOL294g5VOoOW5k77naeNNCbycbijFD76gR5DtA+Vn+B6pxzF7l4E4VqC0Vlc1OUvYA7GLZ4rzb4bH4cEZiIb2/skDhJOmcb2btPWKRgutbmpHmi59eVbVkKUAKXm/WBw8xLwt2sLBS5r5R7aAZpMu/NaXFTfBEBGUzrH1u8Pfz3FwRK7v0QEyzhu2bS2JkGxSsaxD5+geQlvzN8eRYW4+pst/CfcCxTES9spBnqSWIX++rs8f9/mECf4jXzZQDv0fdbGILAU=,iv:GTKiBIir9+G3Lh45x77KARxi7paEsGP1m0qVldRnuOw=,tag:eCsjDzyO1g2HvnDhR/Gb4w==,type:str] sops: age: - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 @@ -31,7 +33,7 @@ sops: b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-02T06:02:29Z" - mac: ENC[AES256_GCM,data:F/nZqGBLsjLqocmtQCShAEDK79pEwZRVXw1ZNd6Rr2I6fewF2j3XAM5Zk9oRyI1jeD6lnKcWaYVx7dYFbcstlmTUZ2farIYZ6G/ylBMQxNP9mom+wWPz9oCwd5qBF5YrI0PtO6dFD7XXcUlWcWlPheuJ035XGp53rtNmvy1LVW0=,iv:+iWhVLm+KSLMb42n5d2I3JE6AQq/6tbd6LHd2nyUKfI=,tag:+oclIvtaG1s3SVLqbDiNwQ==,type:str] + lastmodified: "2025-04-02T14:06:11Z" + mac: ENC[AES256_GCM,data:wK8Nb1Vb80UfolzqZOpifZdoEKYu847anowYiCdSluoK+dfHhDhCj7ZxznYV7SwVACIoLsqLR5syRzC861PRBrAujkhbcn7lTc1kQRCjw0gMAbPYR/xiO76EHmiYqnV2UMN0EmuQg1nIRIWY9EO9C7m1b9fjoZFgDsj/7O99aVU=,iv:CJxUKpyNgEYwqLhSvuXoHb+Hu3M7ydKh0WlsjlOtKkM=,tag:4KXmNwwFrqvBjxe656Jvug==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1 From f072b33fe26886b409466a32a6f8d81e995319f7 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 10:58:48 -0400 Subject: [PATCH 363/410] authelia: configure forgejo for oidc --- modules/authelia.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/authelia.nix b/modules/authelia.nix index 0e404cd..ae5b0ad 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -64,6 +64,19 @@ in scopes = [ "openid" "profile" "email" ]; userinfo_signed_response_alg = "none"; } + { + client_id = "forgejo"; + client_name = "Forgejo"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://git.cy7.sh/user/oauth2/authelia/callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_basic"; + } ]; }; secrets = { From 9bab7059626b05ad53f173828a67f80b6fef7716 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 15:06:40 -0400 Subject: [PATCH 364/410] flake: only override nixpkgs input --- flake.lock | 551 ++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 118 +++--------- 2 files changed, 438 insertions(+), 231 deletions(-) diff --git a/flake.lock b/flake.lock index a0bb113..d7cfcaa 100644 --- a/flake.lock +++ b/flake.lock @@ -2,22 +2,12 @@ "nodes": { "attic": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1738524606, @@ -29,6 +19,7 @@ }, "original": { "owner": "zhaofengli", + "ref": "main", "repo": "attic", "type": "github" } @@ -36,9 +27,9 @@ "cachix": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1737621947, @@ -72,7 +63,7 @@ "cachix", "devenv" ], - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1728672398, @@ -108,21 +99,13 @@ }, "conduwuit": { "inputs": { - "attic": [ - "attic" - ], + "attic": "attic", "cachix": "cachix", "complement": "complement", - "crane": [ - "crane" - ], + "crane": "crane_2", "fenix": "fenix", - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils", "liburing": "liburing", "nix-filter": "nix-filter", "nixpkgs": [ @@ -145,6 +128,59 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "master", + "repo": "crane", + "type": "github" + } + }, + "crane_3": { + "locked": { + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_4": { "locked": { "lastModified": 1742394900, "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", @@ -217,6 +253,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -232,7 +284,40 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "master", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { + "flake": false, "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -248,6 +333,28 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "conduwuit", @@ -271,9 +378,33 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] }, "locked": { "lastModified": 1743550720, @@ -303,6 +434,7 @@ }, "original": { "owner": "numtide", + "ref": "main", "repo": "flake-utils", "type": "github" } @@ -325,6 +457,78 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -342,21 +546,13 @@ }, "garage": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], + "crane": "crane_3", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay" }, "locked": { "lastModified": 1742547966, @@ -385,7 +581,7 @@ "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1733318908, @@ -496,22 +692,14 @@ }, "lanzaboote": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], + "crane": "crane_4", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1741442524, @@ -577,9 +765,7 @@ }, "lix-module": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -603,15 +789,11 @@ }, "nil": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1741118843, @@ -634,9 +816,9 @@ "cachix", "devenv" ], - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-23-11": [ "conduwuit", "cachix", @@ -687,6 +869,7 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ + "conduwuit", "attic", "nixpkgs" ] @@ -747,36 +930,37 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -792,7 +976,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1743501102, "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", @@ -809,6 +993,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -824,7 +1024,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -840,7 +1040,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1743559129, "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", @@ -858,9 +1058,7 @@ }, "nixvim": { "inputs": { - "flake-parts": [ - "flake-parts" - ], + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -882,7 +1080,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_5", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -903,22 +1101,6 @@ "type": "github" } }, - "nvim-github-theme": { - "flake": false, - "locked": { - "lastModified": 1735641120, - "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", - "owner": "projekt0n", - "repo": "github-nvim-theme", - "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", - "type": "github" - }, - "original": { - "owner": "projekt0n", - "repo": "github-nvim-theme", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -964,12 +1146,7 @@ }, "root": { "inputs": { - "attic": "attic", "conduwuit": "conduwuit", - "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "flake-utils": "flake-utils", "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -977,13 +1154,11 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_3", "nixvim": "nixvim", - "nvim-github-theme": "nvim-github-theme", - "rust-overlay": "rust-overlay", + "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", - "treefmt": "treefmt", "vscode-extensions": "vscode-extensions" } }, @@ -1005,6 +1180,70 @@ } }, "rust-overlay": { + "inputs": { + "nixpkgs": [ + "garage", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738549608, + "narHash": "sha256-GdyT9QEUSx5k/n8kILuNy83vxxdyUfJ8jL5mMpQZWfw=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "nil", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -1074,31 +1313,69 @@ "type": "github" } }, - "treefmt": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, + "systems_3": { "locked": { - "lastModified": 1743081648, - "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "numtide", - "repo": "treefmt-nix", + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", "type": "github" } }, "vscode-extensions": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 525c090..aa43dea 100644 --- a/flake.nix +++ b/flake.nix @@ -4,100 +4,30 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - treefmt = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - lanzaboote = { - url = "github:nix-community/lanzaboote/master"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.crane.follows = "crane"; - inputs.flake-compat.follows = "flake-compat"; - inputs.flake-parts.follows = "flake-parts"; - inputs.rust-overlay.follows = "rust-overlay"; - }; - nixvim = { - url = "github:nix-community/nixvim"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - }; - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - conduwuit = { - url = "github:girlbossceo/conduwuit"; - inputs = { - nixpkgs.follows = "nixpkgs"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - attic.follows = "attic"; - }; - }; - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - nix-ld = { - url = "github:nix-community/nix-ld"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nil = { - url = "github:oxalica/nil"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - inputs.flake-utils.follows = "flake-utils"; - }; - vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions/"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - flake-compat.follows = "flake-compat"; - flake-parts.follows = "flake-parts"; - crane.follows = "crane"; - }; - }; - garage = { - url = "github:deuxfleurs-org/garage"; - inputs = { - nixpkgs.follows = "nixpkgs"; - rust-overlay.follows = "rust-overlay"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - }; - }; - - nvim-github-theme = { - url = "github:projekt0n/github-nvim-theme"; - flake = false; - }; - - # deduplication - flake-utils.url = "github:numtide/flake-utils"; - crane.url = "github:ipetkov/crane"; - flake-compat.url = "github:edolstra/flake-compat"; - flake-parts.url = "github:hercules-ci/flake-parts"; + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote.url = "github:nix-community/lanzaboote/master"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + nixvim.url = "github:nix-community/nixvim"; + nixvim.inputs.nixpkgs.follows = "nixpkgs"; + rust-overlay.url = "github:oxalica/rust-overlay"; + rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; + conduwuit.url = "github:girlbossceo/conduwuit"; + conduwuit.inputs.nixpkgs.follows = "nixpkgs"; + lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; + lix-module.inputs.nixpkgs.follows = "nixpkgs"; + nix-ld.url = "github:nix-community/nix-ld"; + nix-ld.inputs.nixpkgs.follows = "nixpkgs"; + nil.url = "github:oxalica/nil"; + nil.inputs.nixpkgs.follows = "nixpkgs"; + vscode-extensions.url = "github:nix-community/nix-vscode-extensions/"; + vscode-extensions.inputs.nixpkgs.follows = "nixpkgs"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + garage.url = "github:deuxfleurs-org/garage"; + garage.inputs.nixpkgs.follows = "nixpkgs"; }; nixConfig = { From f894fdb61ce842259bb318c0df80d833e9462bc2 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 15:07:08 -0400 Subject: [PATCH 365/410] authelia: auth redlib --- hosts/chunk/miniflux.nix | 1 + modules/authelia.nix | 2 +- modules/vault.nix | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 modules/vault.nix diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 84783f6..9c6a8c7 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -12,6 +12,7 @@ services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8080 ''; } diff --git a/modules/authelia.nix b/modules/authelia.nix index ae5b0ad..afd8b52 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -35,7 +35,7 @@ in default_policy = "deny"; rules = [ { - domain = "red.cy7.sh"; + domain = "*.cy7.sh"; policy = "one_factor"; } ]; diff --git a/modules/vault.nix b/modules/vault.nix new file mode 100644 index 0000000..1e3772d --- /dev/null +++ b/modules/vault.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vault; +in +{ + options.my.vault = { + enable = lib.mkEnableOption "hashicorp vault"; + }; + + config = lib.mkIf cfg.enable { + services.vault = { + + }; + }; +} \ No newline at end of file From 2f1b064d59f420a877da9f649e0907a420dea076 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 15:08:13 -0400 Subject: [PATCH 366/410] rm nixvim --- flake.nix | 4 - home/nixvim/default.nix | 215 ---------------------------------------- home/yt/common.nix | 1 - 3 files changed, 220 deletions(-) delete mode 100644 home/nixvim/default.nix diff --git a/flake.nix b/flake.nix index aa43dea..3bcf3e7 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,6 @@ home-manager.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.url = "github:nix-community/lanzaboote/master"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - nixvim.url = "github:nix-community/nixvim"; - nixvim.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; conduwuit.url = "github:girlbossceo/conduwuit"; @@ -101,7 +99,6 @@ extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim inputs.nix-index-database.hmModules.nix-index ]; }; @@ -111,7 +108,6 @@ extraSpecialArgs = { inherit inputs; }; modules = [ ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim ]; }; }; diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix deleted file mode 100644 index 5199812..0000000 --- a/home/nixvim/default.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ pkgs, inputs, ... }: -{ - programs.nixvim = { - enable = true; - plugins.lualine.enable = true; - opts = { - number = true; - relativenumber = true; - expandtab = true; - autoindent = true; - shiftwidth = 2; - smartindent = true; - tabstop = 2; - ignorecase = true; - incsearch = true; - smartcase = true; - }; - colorscheme = "github_dark_tritanopia"; - clipboard.register = "unnamed"; - - globals = { - mapleader = ","; - }; - - extraPlugins = [ - (pkgs.vimUtils.buildVimPlugin { - name = "github-theme"; - src = inputs.nvim-github-theme; - }) - ]; - - keymaps = [ - { - action = "Neotree toggle"; - key = "s"; - mode = "n"; - options.silent = true; - } - { - # shortcut to command mode - action = ":"; - key = ";"; - mode = [ - "n" - "x" - ]; - options.silent = true; - } - { - # insert line below without moving cursor - action = "printf('m`%so``', v:count1)"; - key = "o"; - options.expr = true; - mode = "n"; - } - { - # insert line above without moving cursor - action = "printf('m`%sO``', v:count1)"; - key = "O"; - options.expr = true; - mode = "n"; - } - # nice emacs bindings - { - action = ""; - key = ""; - mode = "i"; - } - { - action = ""; - key = ""; - mode = "i"; - } - ]; - - plugins.cmp = { - enable = true; - settings = { - formatting.fields = [ - "abbr" - "kind" - "menu" - ]; - experimental = { - ghost_text = true; - }; - snippet.expand = '' - function(args) require('luasnip').lsp_expand(args.body) end - ''; - sources = [ - { name = "nvim_lsp"; } - { name = "emoji"; } - { name = "luasnip"; } - { name = "buffer"; } - { name = "path"; } - ]; - mapping = { - "" = "cmp.mapping.abort()"; - "" = "cmp.mapping.select_next_item()"; - "" = "cmp.mapping.select_prev_item()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = '' - cmp.mapping(function(fallback) - if cmp.visible() then - if require("luasnip").expandable() then - require("luasnip").expand() - else - cmp.confirm({ - select = true, - }) - end - else - fallback() - end - end) - ''; - # plain tab conflicts with i try to indent - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(1) then - require("luasnip").jump(1) - else - fallback() - end - end,{"i","s"}) - ''; - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(-1) then - require("luasnip").jump(-1) - else - fallback() - end - end,{"i","s"}) - ''; - }; - }; - }; - - plugins.lsp = { - enable = true; - keymaps.lspBuf = { - "K" = "hover"; - "gd" = "definition"; - "gD" = "references"; - # "gt" = "type_definition"; # conflicts with switch tab - "gI" = "type_definition"; - "gi" = "implementation"; - }; - servers = { - bashls.enable = true; - lua_ls.enable = true; - nil_ls = { - enable = true; - settings = { - formatting.command = [ - "nix" - "fmt" - ]; - nix.flake.autoArchive = true; - }; - }; - rust_analyzer = { - enable = true; - installRustc = false; - installCargo = false; - }; - eslint.enable = true; - yamlls.enable = true; - }; - }; - plugins.treesitter = { - enable = true; - nixGrammars = true; - settings = { - indent.enable = true; - auto_install = true; - highlight.enable = true; - }; - }; - plugins.fzf-lua = { - enable = true; - profile = "fzf-native"; - keymaps = { - "ff" = "files"; - "fg" = "live_grep"; - }; - }; - - plugins.neo-tree = { - enable = true; - buffers.followCurrentFile.enabled = true; - window.width = 30; - }; - - plugins.gitsigns = { - enable = true; - settings.current_line_blame = true; - }; - - plugins.cmp-buffer.enable = true; - plugins.cmp-emoji.enable = true; - plugins.cmp-nvim-lsp.enable = true; - plugins.cmp-path.enable = true; - plugins.cmp_luasnip.enable = true; - plugins.luasnip.enable = true; - plugins.nvim-autopairs.enable = true; - plugins.rainbow-delimiters.enable = true; - plugins.web-devicons.enable = true; - plugins.auto-save.enable = true; - plugins.indent-blankline.enable = true; - plugins.undotree.enable = true; - }; -} diff --git a/home/yt/common.nix b/home/yt/common.nix index a8c9467..d06d67b 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,7 +3,6 @@ imports = [ ../tmux.nix ../zsh - ../nixvim ]; home.sessionVariables = { From 22cc5aed313e82c89427376d93a7db4c3ad54c32 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 16:18:16 -0400 Subject: [PATCH 367/410] workflow: use direct s3 url check for hit on nixcache --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6995a7a..79f3f7b 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -79,7 +79,7 @@ jobs: nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ + -u https://nixcache.web.cy7.sh \ $package build-homes: @@ -151,5 +151,5 @@ jobs: nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ + -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index ce4afd1..11ebc32 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -67,7 +67,7 @@ jobs: nix run git+https://git.cy7.sh/cy/nixcp.git -- \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ -u https://nix-community.cachix.org \ - -u https://nixcache.cy7.sh \ + -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" - name: prepare tarball to upload From f6b7c0d3a1e895771a77c66dfcd035460fc386fe Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 16:21:35 -0400 Subject: [PATCH 368/410] nix flake lock oops --- flake.lock | 130 +---------------------------------------------------- 1 file changed, 1 insertion(+), 129 deletions(-) diff --git a/flake.lock b/flake.lock index d7cfcaa..1a2c3f1 100644 --- a/flake.lock +++ b/flake.lock @@ -399,27 +399,6 @@ "type": "github" } }, - "flake-parts_4": { - "inputs": { - "nixpkgs-lib": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -511,24 +490,6 @@ "type": "github" } }, - "flake-utils_6": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -662,34 +623,6 @@ "type": "github" } }, - "ixx": { - "inputs": { - "flake-utils": [ - "nixvim", - "nuschtosSearch", - "flake-utils" - ], - "nixpkgs": [ - "nixvim", - "nuschtosSearch", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729958008, - "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.0.6", - "repo": "ixx", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane_4", @@ -1056,51 +989,6 @@ "type": "github" } }, - "nixvim": { - "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": [ - "nixpkgs" - ], - "nuschtosSearch": "nuschtosSearch" - }, - "locked": { - "lastModified": 1743536158, - "narHash": "sha256-/jlBU7EGIfaa5VKwvVyrSspuuNmgKYOjAuTd2ywyevg=", - "owner": "nix-community", - "repo": "nixvim", - "rev": "754b8df7e37be04b7438decee5a5aa18af72cbe1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixvim", - "type": "github" - } - }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils_5", - "ixx": "ixx", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743201766, - "narHash": "sha256-bb/dqoIjtIWtJRzASOe8g4m8W2jUIWtuoGPXdNjM/Tk=", - "owner": "NuschtOS", - "repo": "search", - "rev": "2651dbfad93d6ef66c440cbbf23238938b187bde", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1156,7 +1044,6 @@ "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_3", - "nixvim": "nixvim", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" @@ -1358,24 +1245,9 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] From d6186b23eedafee54bdba4fe3599a5da24637033 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 17:55:05 -0400 Subject: [PATCH 369/410] flake: don't override lix-module's nixpkgs input --- flake.lock | 22 ++++++++++++++++++---- flake.nix | 1 - 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 1a2c3f1..0fe0871 100644 --- a/flake.lock +++ b/flake.lock @@ -701,9 +701,7 @@ "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1742943028, @@ -974,6 +972,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1743559129, "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", @@ -1042,7 +1056,7 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_3", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index 3bcf3e7..37215e0 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,6 @@ conduwuit.url = "github:girlbossceo/conduwuit"; conduwuit.inputs.nixpkgs.follows = "nixpkgs"; lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; - lix-module.inputs.nixpkgs.follows = "nixpkgs"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nil.url = "github:oxalica/nil"; From a61c7fbf503361e5d6761a4a23bad28291f43109 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 2 Apr 2025 17:32:29 -0400 Subject: [PATCH 370/410] workflow: nix copy compression none; add cache.lix.systems; pass -L to nixos-rebuild --- .../workflows/build-machines-and-homes.yml | 24 +++++++------------ .github/workflows/build-packages.yml | 11 ++++----- 2 files changed, 13 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 79f3f7b..c955639 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -47,17 +47,14 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + upgrade-nix nix --version - name: Sync repository @@ -69,7 +66,7 @@ jobs: run: | # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" # nix build -L "$package" - nix run nixpkgs#nixos-rebuild build -- --flake ".#${{ matrix.machine }}" + nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - name: cache # https://stackoverflow.com/a/58859404 @@ -77,7 +74,7 @@ jobs: run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package @@ -120,17 +117,14 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + upgrade-nix nix --version - name: Sync repository @@ -149,7 +143,7 @@ jobs: run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 11ebc32..c188482 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -40,17 +40,14 @@ jobs: accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - name: Install Lix run: | sudo --preserve-env=PATH $(which nix) run \ - --experimental-features "nix-command flakes" \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix \ - --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + upgrade-nix nix --version - name: Sync repository @@ -65,7 +62,7 @@ jobs: if: '!cancelled()' run: | nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" From 912cde0be459bb4a727cce882ed846d32f73d6d9 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 10:01:49 -0400 Subject: [PATCH 371/410] bump conduwuit --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0fe0871..7eb0812 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743473828, - "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=", + "lastModified": 1743735594, + "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8", + "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696", "type": "github" }, "original": { @@ -151,11 +151,11 @@ }, "crane_2": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1739936662, + "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", "type": "github" }, "original": { From d3c61ac0dfe0c7cca1595edd9846551ce3331b22 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:06:56 -0400 Subject: [PATCH 372/410] kitty: improve keybindings and bring back kitten ssh alias --- home/kitty.nix | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/home/kitty.nix b/home/kitty.nix index ea7047f..0021bb5 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -17,10 +17,10 @@ # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager - "scrollback_pager_history_size" = "1024"; + "scrollback_pager_history_size" = "10"; # in MB # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; - "scrollback_lines" = 20000; + # "scrollback_lines" = 20000; }; keybindings = { # kitty_mod is ctrl+shift by default @@ -58,18 +58,29 @@ "kitty_mod+alt+p" = "move_tab_backward"; "kitty_mod+q" = "close_tab"; "kitty_mod+t" = "new_tab_with_cwd"; - "ctrl+f2" = "detach_tab"; # hints # > basically means the preceding key is a prefix (think tmux) "kitty_mod+o>o" = "open_url_with_hints"; - "kitty_mod+o>p" = "kitten hints --type path --program -"; - "kitty_mod+o>n" = "kitten hints --type line --program -"; - "kitty_mod+o>w" = "kitten hints --type word --program -"; - "kitty_mod+o>h" = "kitten hints --type hash --program -"; + # `--program @` means copy to clipboard + "kitty_mod+o>u" = "kitten hints --type url --program @"; + "kitty_mod+o>p" = "kitten hints --type path --program @"; + "kitty_mod+o>n" = "kitten hints --type line --program @"; + "kitty_mod+o>w" = "kitten hints --type word --program @"; + "kitty_mod+o>h" = "kitten hints --type hash --program @"; "kitty_mod+o>l" = "kitten hints --type linenum"; + + # scrolling + "kitty_mod+u" = "scroll_page_up"; + "kitty_mod+d" = "scroll_page_down"; + "kitty_mod+a" = "scroll_home"; + "kitty_mod+e" = "scroll_end"; + "kitty_mod+z" = "scroll_to_prompt -1"; # scroll to previous shell prompt + "kitty_mod+x" = "scroll_to_prompt 1"; # scroll to next shell prompt + "kitty_mod+y" = "show_scrollback"; # browse scrollback buffer in pager + "kitty_mod+g" = "show_last_command_output"; # browse output of last command in pager }; }; - # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( + programs.zsh.shellAliases."ssh" = "kitten ssh"; } From afda7622defc3f33bfa35b2346f29ab10ca1e931 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:07:39 -0400 Subject: [PATCH 373/410] hedgedoc: fix domain --- hosts/chunk/hedgedoc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 62505f9..1e7e497 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -11,7 +11,7 @@ dialect = "postgresql"; }; port = 8085; - domain = "pad.cything.io"; + domain = "pad.cy7.sh"; allowEmailRegister = false; protocolUseSSL = true; }; From 541d625c8e30176fd25e79201eee72871309088b Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:14:02 -0400 Subject: [PATCH 374/410] garage: use 16M block_size and compression_level 3 --- hosts/chunk/garage.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 982e1f4..639bbd8 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -20,8 +20,8 @@ replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "128M"; - compression_level = "none"; + block_size = "16M"; + compression_level = 3; }; environmentFile = config.sops.secrets."garage/env".path; logLevel = "warn"; From 160f89b4238b8278f0e0d00d97829eef067bfc50 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:14:24 -0400 Subject: [PATCH 375/410] tune rclone (again) --- hosts/chunk/rclone.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index c592fbb..1c474af 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,18 +14,19 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 32 \ + --transfers 64 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 16M \ + --vfs-read-chunk-size 8M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 64 \ + --sftp-concurrency 128 \ --sftp-chunk-size 255k \ --buffer-size 0 \ + --write-back-cache \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; From 2c9d24f06a1a20292aca678437f959f1dc2ab2e5 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:52:29 -0400 Subject: [PATCH 376/410] authelia: oauth for hedgedoc and guard grafana --- hosts/chunk/grafana.nix | 1 + hosts/chunk/hedgedoc.nix | 1 + modules/authelia.nix | 19 ++++++++++++++++++- secrets/services/hedgedoc.yaml | 13 ++++--------- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index f79a7ff..33a77a0 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -42,6 +42,7 @@ services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8088 ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1e7e497..765e0f5 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -14,6 +14,7 @@ domain = "pad.cy7.sh"; allowEmailRegister = false; protocolUseSSL = true; + imageuploadtype = "minio"; }; }; diff --git a/modules/authelia.nix b/modules/authelia.nix index afd8b52..b882a42 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -77,6 +77,23 @@ in userinfo_signed_response_alg = "none"; token_endpoint_auth_method = "client_secret_basic"; } + { + client_id = "hedgedoc"; + client_name = "HedgeDoc"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://pad.cy7.sh/auth/oauth2/callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + grant_types = [ "refresh_token" "authorization_code" ]; + response_types = [ "code" ]; + response_modes = [ "form_post" "query" "fragment" ]; + audience = []; + token_endpoint_auth_method = "client_secret_post"; + } ]; }; secrets = { @@ -101,4 +118,4 @@ in reverse_proxy localhost:9091 ''; }; -} \ No newline at end of file +} diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index 84ef3d6..a970c3b 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,10 +1,6 @@ hedgedoc: - env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] + env: ENC[AES256_GCM,data:XClDoB4GH+gdOO2d2MQZUvjY1Y70/hlGbPlULBMNL+xv8OLUQCIpA8XBV8pLKdSbSimrzyXhIAIbCGGS4Q1NoWcoH99G4+pXRvHyOo7MyUs8wqXJc/mQ+e1SEXji3cwdiQUxrbov6w6e6fEYg4VhsHs/zJXLeS2M3jdYAlYy3jeJ5WcbPO9zlkz6h21fO5FOKzzaPXgnZGxj4JiZUivHLzSsQ+4TN3bgSdb+2048uQAn9RnLFKeROVE9Z8DzAIIPbE6KxWwYr2fFCdlegFA3taLJ+FwoCCaSoLDOrd78SDzcHmSpLJfD3ZRCFExE9xogLXx7kZNX6uPtncxN1W5iemW9F7aEyZmkv0POUlldyLSyhTk8Z6jzQkgbymIp/STHdcg4GvWvz8KZ+Yd+tBjkNlTCXuc0S/JGuyjf6we8yuYWnRkfMwQ4GNIjsIHQYSMjpLviNZfKrPk8T0DijtmZnb4Zdw5eg4KLjMS3DfJAeR7c3LnOOIwgzcwTBDFsQunnxpZTT6eZSFbyktVEBH6CaXTWONzOH2Ff1mn/Tbzg7RHo/CaOXDqeJ6B5GejK5ahmeko1SYp+qsX/qdf75lNbJieUcPtfkVwrcHK187HbPSZkf6DYDNvpDcuPD1kQqq2OUb5lHKohbN8iGnwzFlPF4w60jGOzwry8CbctZtynFB6LdK4NTPsiGv9OqU+y5rqm24GjaHljTawbMwYt5kWmLYMtVwcWkXJdFdRUu4hfmMmNUYExpx5CBCjiXZTnElTivmGw3NPdncIsfjo8gOliM/ZidmZxrn5a5+RzLfYslQecp50ek/9UIRPB9P4UyLqgl3rYwh4BadVyIro5mRQBz3nnvEj1kwIeSVwC60Ysv/Uel4zfULKV0vAE+7x2Ogs1s/4N3wYuCns/+UOnS2DNnnjpSHF75Z/GktD9Ni1MJYeOpLU559gbGzKen+6ndy2oXQw8fdFC7ZlwkzRO5YKmrOpwVaVUC4vIYWJO4lFCgajJEpqGhRgPjHE8xFcPu1/kCyYFWVUC/9CAYFFqzpOhczLiS08CqCR9F9XktX3tgHqcJkz473B6xsAIeS2TCgMtRozLwi8OBwiDUZZYAVSmt+h1Dlq09cvjfhXfPQCHVh5jajlPNuXsNXtfVlz45i1DYo7ccyE+Svn2eMs5smkCXt66aFOMujURvkzTZqXYK3loaQPck2DXlN6nFCXlig==,iv:eUa/yfdrxj9+GBqyp03s/7q67fAgr6Z39sT4iqb/38Q=,tag:Je9lq7BLB4NJGDTWAKRgIQ==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn enc: | @@ -24,8 +20,7 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:54Z" - mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] - pgp: [] + lastmodified: "2025-04-04T16:46:41Z" + mac: ENC[AES256_GCM,data:X7wtnmauh/tRbYCSPNtr/38CVyhIezYQKwcysna+3d31QatbAfTSkAMAWcSG+brpvAW14UfhwRiaCPoSjkS5eSkwd99S0CBI50yCjUFh43Uum3TBJhAnc6bzQkJHGXRk7duxkQJvEeDDZT4ph+/UoZ2xGu5LCjpLenDqldeHgCg=,iv:jMVBz0gPoW/J8NvkSGMjx28nXpX8mpWBrvXyCgi7F1U=,tag:mTj/2mwVjy3wYIsHnbMXDw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.1 From 2568f729231cc39118090d476537206ff6a2615b Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 13:05:12 -0400 Subject: [PATCH 377/410] hedgedoc: don't use s3 --- hosts/chunk/hedgedoc.nix | 1 - secrets/services/hedgedoc.yaml | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 765e0f5..1e7e497 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -14,7 +14,6 @@ domain = "pad.cy7.sh"; allowEmailRegister = false; protocolUseSSL = true; - imageuploadtype = "minio"; }; }; diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index a970c3b..eec4db4 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,5 +1,5 @@ hedgedoc: - env: ENC[AES256_GCM,data:XClDoB4GH+gdOO2d2MQZUvjY1Y70/hlGbPlULBMNL+xv8OLUQCIpA8XBV8pLKdSbSimrzyXhIAIbCGGS4Q1NoWcoH99G4+pXRvHyOo7MyUs8wqXJc/mQ+e1SEXji3cwdiQUxrbov6w6e6fEYg4VhsHs/zJXLeS2M3jdYAlYy3jeJ5WcbPO9zlkz6h21fO5FOKzzaPXgnZGxj4JiZUivHLzSsQ+4TN3bgSdb+2048uQAn9RnLFKeROVE9Z8DzAIIPbE6KxWwYr2fFCdlegFA3taLJ+FwoCCaSoLDOrd78SDzcHmSpLJfD3ZRCFExE9xogLXx7kZNX6uPtncxN1W5iemW9F7aEyZmkv0POUlldyLSyhTk8Z6jzQkgbymIp/STHdcg4GvWvz8KZ+Yd+tBjkNlTCXuc0S/JGuyjf6we8yuYWnRkfMwQ4GNIjsIHQYSMjpLviNZfKrPk8T0DijtmZnb4Zdw5eg4KLjMS3DfJAeR7c3LnOOIwgzcwTBDFsQunnxpZTT6eZSFbyktVEBH6CaXTWONzOH2Ff1mn/Tbzg7RHo/CaOXDqeJ6B5GejK5ahmeko1SYp+qsX/qdf75lNbJieUcPtfkVwrcHK187HbPSZkf6DYDNvpDcuPD1kQqq2OUb5lHKohbN8iGnwzFlPF4w60jGOzwry8CbctZtynFB6LdK4NTPsiGv9OqU+y5rqm24GjaHljTawbMwYt5kWmLYMtVwcWkXJdFdRUu4hfmMmNUYExpx5CBCjiXZTnElTivmGw3NPdncIsfjo8gOliM/ZidmZxrn5a5+RzLfYslQecp50ek/9UIRPB9P4UyLqgl3rYwh4BadVyIro5mRQBz3nnvEj1kwIeSVwC60Ysv/Uel4zfULKV0vAE+7x2Ogs1s/4N3wYuCns/+UOnS2DNnnjpSHF75Z/GktD9Ni1MJYeOpLU559gbGzKen+6ndy2oXQw8fdFC7ZlwkzRO5YKmrOpwVaVUC4vIYWJO4lFCgajJEpqGhRgPjHE8xFcPu1/kCyYFWVUC/9CAYFFqzpOhczLiS08CqCR9F9XktX3tgHqcJkz473B6xsAIeS2TCgMtRozLwi8OBwiDUZZYAVSmt+h1Dlq09cvjfhXfPQCHVh5jajlPNuXsNXtfVlz45i1DYo7ccyE+Svn2eMs5smkCXt66aFOMujURvkzTZqXYK3loaQPck2DXlN6nFCXlig==,iv:eUa/yfdrxj9+GBqyp03s/7q67fAgr6Z39sT4iqb/38Q=,tag:Je9lq7BLB4NJGDTWAKRgIQ==,type:str] + env: ENC[AES256_GCM,data:hU4Ht9WkWknuYJ3yHZSm5o22wlssTNjPDZvgDi9DGEh8ULt2GzrEHfFHI9VcpyrbsLcw7HT5TuYrPibWMk4AEvqlZT/6UiyQFMso9mac6x7esf55RHTXr4F7gyC/eRDUE+mAzyhjB5xKaCUhaQpMOwA2t0zahtiaCzLvi/DXRo1jiB42Xt8Nwi1D+zRT3T/HYD8l7D+SZQQc6HC+WM/y7RIjEPcDeX/wTk+JqiGW++0D3GxCQgq6VOhw7EM4hs5aR659QVNICT9kJt9nxEsyU84nsws4MHzU53BvEY77rYZPvvrBSFJ+TnQJ0c/e8K2G9mgaEGkk/+Rmx3RbPQKuTNCzAJZ0m9g9XSwMHU/z5KkrxcI6xU1+JqpdL2Rx35JiNxbNNrlQSvXJFuGNSf0Z5l8RirKJL4HJXAsIPVZTxeJJ0rQflyb5hN63KH/vUTHJWucAFSRYwLHOgs4Yu7SKJjnWnrLYAK9K/eRprhe3Np3vTed13soZXjdB1Jz6lz3lUxZ4TpOb6E8rGt33GqACTp04DBkyUaxMg7fOQIi0riev9GcGNy1kQkDC5dOwWyQdSICIavBrL+4WRoK8xhsEMY8K58+TYfIm3XnWz6pSEl7OzdGNSFZJuwAPzGS065bCjHIlMxIUKlbx4rmGvecIGRLoa5a5XpFwVwPlH8IJ8LvDPXqyIBquL6IsoCNi+jVy7UV52WldqAAeC3+UJtD8LJj1FaWLkoshkSbcr5veZLtBnpOZsiPXtkn1qgRhCB0QjzNwz+AOJCamSn1R+i+JJN6Wja3mJytCrtoj0M6cc1beJBbam4PgxWd1CJE3zhstuqoktn9LdDZ3qNjPgRY3q4FPbjo53XvQQi/NgnPztMg2z7Rj8yeNtG+HjL2pfXIw9AXZwc19D+T7M5hR7jlD3117o+K2CeaC+wgfXPZ/xzIbhg==,iv:gvSOTStLJ5R4UaXj7gXQDCF4TAgway12yh1BtGz1Mvs=,tag:Jt+daURO+t8HME/m7tLEIw==,type:str] sops: age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn @@ -20,7 +20,7 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-04T16:46:41Z" - mac: ENC[AES256_GCM,data:X7wtnmauh/tRbYCSPNtr/38CVyhIezYQKwcysna+3d31QatbAfTSkAMAWcSG+brpvAW14UfhwRiaCPoSjkS5eSkwd99S0CBI50yCjUFh43Uum3TBJhAnc6bzQkJHGXRk7duxkQJvEeDDZT4ph+/UoZ2xGu5LCjpLenDqldeHgCg=,iv:jMVBz0gPoW/J8NvkSGMjx28nXpX8mpWBrvXyCgi7F1U=,tag:mTj/2mwVjy3wYIsHnbMXDw==,type:str] + lastmodified: "2025-04-04T17:04:50Z" + mac: ENC[AES256_GCM,data:RRkdyrxwrFs3r0SaNred5zTpz5CKf043+KWkFSvPFh0RbvIVyxzJKyfL9r7erifEMhPRJ7Hz5GKE4RAPA9yRLkA9C+416sZKfwdopqAe6zSRt4zd0QOPMdc2z3+07+1SP2ay/ZYCn6jjIyoBaki3t0DMv7e9a/OzFv3WfyjG/rg=,iv:K41muQnynaGoZsBquNF0SNFgssLF9KGzBz8siagI+38=,tag:jkWbWBloSbUSJXl9jedAMQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1 From 7c180248fb4cf47d19007c00a66bb3f27bac5acc Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 4 Apr 2025 12:55:01 -0400 Subject: [PATCH 378/410] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'conduwuit': 'github:girlbossceo/conduwuit/00f7745ec4ebcea5f892376c5de5db1299f71696' (2025-04-04) → 'github:girlbossceo/conduwuit/4e5b87d0cd16f3d015f4b61285b369d027bb909d' (2025-04-04) • Updated input 'garage/crane': 'github:ipetkov/crane/70947c1908108c0c551ddfd73d4f750ff2ea67cd' (2025-03-19) → 'github:ipetkov/crane/6fe74265bbb6d016d663b1091f015e2976c4a527' (2025-01-24) • Updated input 'home-manager': 'github:nix-community/home-manager/5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0' (2025-04-02) → 'github:nix-community/home-manager/bb036cb35383982066e01a6ac8d45597132cf5d5' (2025-04-04) • Updated input 'lanzaboote/crane': 'github:ipetkov/crane/70947c1908108c0c551ddfd73d4f750ff2ea67cd' (2025-03-19) → 'github:ipetkov/crane/75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53' (2025-03-05) • Updated input 'lanzaboote/flake-parts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) → 'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01) • Updated input 'lanzaboote/rust-overlay': 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7' (2025-04-02) → 'github:oxalica/rust-overlay/38e9826bc4296c9daf18bc1e6aa299f3e932a403' (2025-03-06) • Updated input 'lix-module/nixpkgs': 'github:nixos/nixpkgs/77b584d61ff80b4cef9245829a6f1dfad5afdfa3' (2025-03-31) → 'github:nixos/nixpkgs/1e5b653dff12029333a6546c11e108ede13052eb' (2025-03-22) • Updated input 'nil/rust-overlay': 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7' (2025-04-02) → 'github:oxalica/rust-overlay/aefb7017d710f150970299685e8d8b549d653649' (2025-03-04) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/adae22bea8bcc0aa2fd6e8732044660fb7755f5e' (2025-04-02) → 'github:nixos/nixpkgs/30705076a1748a2b2a1cf0539ea1665eef4d2f4a' (2025-04-04) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4' (2025-04-01) → 'github:nixos/nixpkgs/44a69ed688786e98a101f02b712c313f1ade37ab' (2025-04-02) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/1de27ae43712a971c1da100dcd84386356f03ec7' (2025-04-02) → 'github:oxalica/rust-overlay/c4a8327b0f25d1d81edecbb6105f74d7cf9d7382' (2025-04-03) • Updated input 'sops-nix': 'github:Mic92/sops-nix/e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8' (2025-04-01) → 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/bc23f562c367b3e6300d596c24f0080220897df7' (2025-04-02) → 'github:nix-community/nix-vscode-extensions/c8270f31af9c37e4fe5711567a6412460e94e9b7' (2025-04-04) --- flake.lock | 78 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 7eb0812..76a4f1e 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743735594, - "narHash": "sha256-aaP8OjY4fkpxk2JdSggx9S3Rk+P+VhuivT6aRpLxoj0=", + "lastModified": 1743780871, + "narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "00f7745ec4ebcea5f892376c5de5db1299f71696", + "rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d", "type": "github" }, "original": { @@ -167,11 +167,11 @@ }, "crane_3": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1737689766, + "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", "type": "github" }, "original": { @@ -182,11 +182,11 @@ }, "crane_4": { "locked": { - "lastModified": 1742394900, - "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "owner": "ipetkov", "repo": "crane", - "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", "type": "github" }, "original": { @@ -386,11 +386,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -610,11 +610,11 @@ ] }, "locked": { - "lastModified": 1743556466, - "narHash": "sha256-rvU79DJ6rPDxiH0sTp686Vlm+JewwAZPGcwt8OfHJbM=", + "lastModified": 1743783108, + "narHash": "sha256-Lg1cK7oGCNPOO1ts481m269WmdGNoigz8RNXLRE9Co0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0", + "rev": "bb036cb35383982066e01a6ac8d45597132cf5d5", "type": "github" }, "original": { @@ -909,11 +909,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1743501102, - "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", + "lastModified": 1743576891, + "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4", + "rev": "44a69ed688786e98a101f02b712c313f1ade37ab", "type": "github" }, "original": { @@ -973,11 +973,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -989,11 +989,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1743559129, - "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", + "lastModified": 1743775863, + "narHash": "sha256-gUnR9qcZK/O20oQFn1ijz7Nn66qG2Sp7JprDFl+oQBo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "adae22bea8bcc0aa2fd6e8732044660fb7755f5e", + "rev": "30705076a1748a2b2a1cf0539ea1665eef4d2f4a", "type": "github" }, "original": { @@ -1110,11 +1110,11 @@ ] }, "locked": { - "lastModified": 1743561237, - "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "lastModified": 1741228283, + "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", "type": "github" }, "original": { @@ -1131,11 +1131,11 @@ ] }, "locked": { - "lastModified": 1743561237, - "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "rev": "aefb7017d710f150970299685e8d8b549d653649", "type": "github" }, "original": { @@ -1151,11 +1151,11 @@ ] }, "locked": { - "lastModified": 1743561237, - "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", "type": "github" }, "original": { @@ -1171,11 +1171,11 @@ ] }, "locked": { - "lastModified": 1743502316, - "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", + "lastModified": 1743756170, + "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", + "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d", "type": "github" }, "original": { @@ -1267,11 +1267,11 @@ ] }, "locked": { - "lastModified": 1743558944, - "narHash": "sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY=", + "lastModified": 1743731627, + "narHash": "sha256-gFvZTGlSGCl7MZ5MrihUf7pkIY0zwaUVhl/iUBto/3I=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "bc23f562c367b3e6300d596c24f0080220897df7", + "rev": "c8270f31af9c37e4fe5711567a6412460e94e9b7", "type": "github" }, "original": { From 8ead8c14e3fbc895910e389bd0a7f0476b3d465a Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 5 Apr 2025 12:57:19 -0400 Subject: [PATCH 379/410] rm element web --- home/codium.nix | 6 ++++++ home/kitty.nix | 1 + hosts/chunk/default.nix | 1 - hosts/chunk/element.nix | 33 --------------------------------- 4 files changed, 7 insertions(+), 34 deletions(-) delete mode 100644 hosts/chunk/element.nix diff --git a/home/codium.nix b/home/codium.nix index 117c9e0..706736d 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -24,6 +24,7 @@ golang.go ms-python.python christian-kohler.path-intellisense + # firefox-devtools.vscode-firefox-debug ]; userSettings = let @@ -74,6 +75,11 @@ "telemetry.enableTelemetry" = false; "telemetry.telemetryLevel" = "off"; "window.titleBarStyle" = "custom"; + # https://github.com/ChristianKohler/PathIntellisense#installation + "typescript.suggest.paths" = false; + "javascript.suggest.paths" = false; + + "path-intellisense.absolutePathToWorkspace" = true; # terminal stuff "terminal.integrated.cursorBlinking" = true; diff --git a/home/kitty.nix b/home/kitty.nix index 0021bb5..a77a432 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -21,6 +21,7 @@ # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; # "scrollback_lines" = 20000; + wheel_scroll_multiplier = 50; }; keybindings = { # kitty_mod is ctrl+shift by default diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 56bae51..5ddc4d5 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -18,7 +18,6 @@ ./grafana.nix ./conduwuit.nix ./immich.nix - ./element.nix ./forgejo.nix ./garage.nix ./tailscale.nix diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix deleted file mode 100644 index 5a12e1e..0000000 --- a/hosts/chunk/element.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.element = { - image = "vectorim/element-web"; - autoStart = true; - ports = [ "127.0.0.1:8089:8089" ]; - pull = "newer"; - networks = [ "element-net" ]; - environment = { - ELEMENT_WEB_PORT = "8089"; - }; - }; - - systemd.services.create-element-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-element.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists element-net || \ - ${pkgs.podman}/bin/podman network create element-net - ''; - }; - - services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8089 - ''; -} From f7157a11ed296160bf79b6a81b975311f68a55e7 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 5 Apr 2025 16:46:18 -0400 Subject: [PATCH 380/410] containers: enable daily autoPrune --- modules/containerization.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/containerization.nix b/modules/containerization.nix index fd39da9..2bcc8dd 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -30,6 +30,10 @@ in }; # answer on /var/run/docker.sock dockerSocket.enable = true; + autoPrune = { + enable = true; + dates = "daily"; + }; }; docker.enable = lib.mkIf (!cfg.usePodman) true; oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; From 895052fb204cef0250128538d2f82c877008f8e0 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 5 Apr 2025 16:46:32 -0400 Subject: [PATCH 381/410] init karakeep (hoarder) --- .sops.yaml | 6 +++ hosts/chunk/default.nix | 17 +++---- modules/authelia.nix | 16 +++++++ modules/default.nix | 1 + modules/karakeep.nix | 81 ++++++++++++++++++++++++++++++++++ secrets/services/karakeep.yaml | 35 +++++++++++++++ 6 files changed, 145 insertions(+), 11 deletions(-) create mode 100644 modules/karakeep.nix create mode 100644 secrets/services/karakeep.yaml diff --git a/.sops.yaml b/.sops.yaml index 21d2151..5dca48c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -135,4 +135,10 @@ creation_rules: - *yt - *cy - *chunk + - path_regex: secrets/services/karakeep.yaml + key_groups: + - age: + - *yt + - *cy + - *chunk diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 5ddc4d5..9c6289d 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -46,20 +46,14 @@ "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/chunk.yaml; }; - "attic/env" = { - sopsFile = ../../secrets/services/attic.yaml; - }; "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; - "zipline/env" = { - sopsFile = ../../secrets/services/zipline.yaml; - }; - "searx/env" = { - sopsFile = ../../secrets/services/searx.yaml; + "karakeep/env" = { + sopsFile = ../../secrets/services/karakeep.yaml; }; }; @@ -186,9 +180,10 @@ programs.git.enable = true; my.caddy.enable = true; - - # container stuff my.containerization.enable = true; - my.authelia.enable = true; + my.karakeep = { + enable = true; + dataDir = "/opt/karakeep"; + }; } diff --git a/modules/authelia.nix b/modules/authelia.nix index b882a42..8b06196 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -49,6 +49,11 @@ in webauthn = { enable_passkey_login = true; }; + identity_providers.oidc.claims_policies = { + # https://github.com/karakeep-app/karakeep/issues/410 + # https://www.authelia.com/integration/openid-connect/openid-connect-1.0-claims/#restore-functionality-prior-to-claims-parameter + karakeep.id_token = [ "email" ]; + }; identity_providers.oidc.clients = [ { client_id = "immich"; @@ -94,6 +99,17 @@ in audience = []; token_endpoint_auth_method = "client_secret_post"; } + { + client_id = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; + client_name = "Karakeep"; + client_secret = "$pbkdf2-sha512$310000$4UanDZq.6oholJW3CmKwtQ$9e3hqR8qGU4LoneR/Y9jtJTx0iSzATI4iXymrs8QrmGw4JY1BPF4.IJ9Jbc.8cikU4qpfUIFO6r2dG7JHznCnw"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ "https://keep.cy7.sh/api/auth/callback/custom" ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + claims_policy = "karakeep"; + } ]; }; secrets = { diff --git a/modules/default.nix b/modules/default.nix index db7bfa4..0d4638f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,5 +10,6 @@ ./searx.nix ./attic.nix ./authelia.nix + ./karakeep.nix ]; } diff --git a/modules/karakeep.nix b/modules/karakeep.nix new file mode 100644 index 0000000..3e75f74 --- /dev/null +++ b/modules/karakeep.nix @@ -0,0 +1,81 @@ +{ config, lib, ... }: +let + cfg = config.my.karakeep; +in +{ + options.my.karakeep = { + enable = lib.mkEnableOption "karakeep"; + dataDir = lib.mkOption { + type = lib.types.path; + }; + port = lib.mkOption { + default = 3002; + description = "port for the web service"; + type = lib.types.port; + }; + domain = lib.mkOption { + default = "keep.cy7.sh"; + type = lib.types.str; + }; + environmentFile = lib.mkOption { + default = config.sops.secrets."karakeep/env".path; + type = lib.types.path; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.oci-containers.containers = { + karakeep-web = { + image = "ghcr.io/karakeep-app/karakeep:release"; + pull = "newer"; + volumes = [ "${cfg.dataDir}:/data" ]; + ports = [ "${toString cfg.port}:3000"]; + dependsOn = [ + "karakeep-chrome" + "karakeep-meilisearch" + ]; + environment = { + MEILI_ADDR = "http://karakeep-meilisearch:7700"; + BROWSER_WEB_URL = "http://karakeep-chrome:9222"; + DATA_DIR = "/data"; + NEXTAUTH_URL = "https://${cfg.domain}"; + DISABLE_PASSWORD_AUTH = "true"; + OAUTH_WELLKNOWN_URL = "https://auth.cy7.sh/.well-known/openid-configuration"; + OAUTH_CLIENT_ID = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; + OAUTH_PROVIDER_NAME = "Authelia"; + OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true"; + }; + # needs NEXTAUTH_SECRET + environmentFiles = [ "${cfg.environmentFile}" ]; + }; + + karakeep-chrome = { + image = "ghcr.io/zenika/alpine-chrome:latest"; + pull = "newer"; + cmd = [ + "--no-sandbox" + "--disable-gpu" + "--disable-dev-shm-usage" + "--remote-debugging-address=0.0.0.0" + "--remote-debugging-port=9222" + "--hide-scrollbars" + ]; + }; + + karakeep-meilisearch = { + image = "getmeili/meilisearch:latest"; + volumes = [ "meilisearch:/meili_data" ]; + environment = { + MEILI_NO_ANALYTICS = "true"; + }; + # needs MEILI_MASTER_KEY + environmentFiles = [ "${cfg.environmentFile}" ]; + }; + }; + + services.caddy.virtualHosts.${cfg.domain}.extraConfig = '' + import common + reverse_proxy localhost:${toString cfg.port} + ''; + }; +} \ No newline at end of file diff --git a/secrets/services/karakeep.yaml b/secrets/services/karakeep.yaml new file mode 100644 index 0000000..cc09262 --- /dev/null +++ b/secrets/services/karakeep.yaml @@ -0,0 +1,35 @@ +karakeep: + env: ENC[AES256_GCM,data:SWc26EQaKR5d9hMDYzVHA/r7XfjwFZ0d44Co0IS6OayR24ej7yqLAtkNttROKoKFuYc0sHgN9bOy4MyX0s3qiSWYovIIUJgFiJjPQFYDAo+50WR4+5W5FgvYI6e42fcWrQhaCXWQrDyzch/zT2OITZsjXcQhT5E+IiPLVkaGOjGptE07GjM7ZXI4UxBzINFQOhxdfIO0km1o6Wq8GhJdWsz4exz4ahRslR+WjK/flV2GZVAj6EHSJ5sHohm74QlhxaShEbc/8IKP6R2gSjBFP7l8VvwFyIUD9sLzYGvS3iU=,iv:gSPQU0bZ+VRFbuaNDc90dW0ogWX2SMH7kewtq/u/11E=,tag:L0Y4EWSQUhcn2eHt+yZ7qQ==,type:str] +sops: + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaWQ1Q1JwRHJxQjNjdTAx + TXRsWjVZOG1mNEptNVhscHBaK2I5MHhjdlFjCkNqOEhwT3hyOHpHQ2k0ZmowUXB4 + eks2dlpUS0V6VjBEYW9UWnhFOEw4VGsKLS0tIFo2a0FTRE5WdHBGVW5DOUFkaE9p + bitvUnJXSnB6UnV3VTEzSjlSYmEwVUEKHOwFCRu+SIyM0uJ6bNEAo+MMlsc8la6G + bLYdCoykcBu+uVXqn3BYTbrS5ylQMRYcbcPFJw5BVdmjIYF4LU5W6A== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrU2ZnNVAyeVdJeHlTSW1x + QUhKRzlNclVUWE1ucHFLZW5sL1lnUDhkd0Y4CjFuekNEOE1icDNqL1JyT0hEYW16 + Q2VyajJFWWtGUnBzOENGOEZHbWROZzAKLS0tIE8wMVc3TkV5Y1VyenIvOW02NDNq + cStTeUcvY1pJWEN2MzFEeThKT0JPc1EKXrtVG49a6YZVKiL1F8Xg3t3niTYv3LwN + NeAQ8srV0F6ckky7OCkvUp9GInZCWRzULXV/x+4IUb6C+KQaNm2vYA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdDdUSUlmMk5VcytyT01N + UmRaK2k5Wkh5SlhPT3QrczY2eW9vZk5KWFZBCnBteitnNFlHdWRaaTRxSWYvYmtG + ZnY5ZXlYa3Z5aENlRy9BQjVSU1F3UzQKLS0tIFpjN1dOaWNKaU9PaENyaXc1K3BU + K2orZ0Y2Z05LSUZ5WHQ4TnVVY0QwSzQKiUQT4aSxXnaq0kEMp+q5WnIUoGypEmZ+ + DQEhkB9yu/BrkjXH+HGQr1W5B4sJyb5rnl0+SQ+IypRIRyaX4CdFxg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-05T19:44:58Z" + mac: ENC[AES256_GCM,data:OmqsJI9BaICOTiH1cq4gZlNBbkAxn/pAOWBtkIjHdqpikABLG6fMY+sLpyeaovXjexIj9MZk7fPmV8dRZ5VNLHCqlYXK/cVoQBZ2HK+p/cGTAFelNAShu9NSgZdFmVgJJtOjVvFp8dtuY8VcQj861k/MPX0mNZt9pmXYdumjpNM=,iv:efHkp1KUctwtCjG9A8i5qs7nQfQqv2ya1yYlHHOt8pU=,tag:4lChpspl0oOUMiXzvGuA2Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 From 9c859e23e66543b6bbd586f4248fae59c7b228e9 Mon Sep 17 00:00:00 2001 From: cy Date: Sat, 5 Apr 2025 18:53:39 -0400 Subject: [PATCH 382/410] authelia: use random client_ids --- modules/authelia.nix | 6 +++--- secrets/services/hedgedoc.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/authelia.nix b/modules/authelia.nix index 8b06196..f231f50 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -56,7 +56,7 @@ in }; identity_providers.oidc.clients = [ { - client_id = "immich"; + client_id = "4EIrpRb9rnwHWjYWvlz2gYrtTmoOLF1D5gqXw28BvmOS0f-9T2p4CFwuctf4Co1hkpo2sd4Y"; client_name = "immich"; client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; public = false; @@ -70,7 +70,7 @@ in userinfo_signed_response_alg = "none"; } { - client_id = "forgejo"; + client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; client_name = "Forgejo"; client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; public = false; @@ -83,7 +83,7 @@ in token_endpoint_auth_method = "client_secret_basic"; } { - client_id = "hedgedoc"; + client_id = "b_ITCG0uNzy9lZ5nVC~Ny5R35te8I3hoQW1uraCbdxeiE9VuiCIelMmZZ7dAZLg_anTUWSQG"; client_name = "HedgeDoc"; client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; public = false; diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index eec4db4..0c693dc 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,5 +1,5 @@ hedgedoc: - env: ENC[AES256_GCM,data:hU4Ht9WkWknuYJ3yHZSm5o22wlssTNjPDZvgDi9DGEh8ULt2GzrEHfFHI9VcpyrbsLcw7HT5TuYrPibWMk4AEvqlZT/6UiyQFMso9mac6x7esf55RHTXr4F7gyC/eRDUE+mAzyhjB5xKaCUhaQpMOwA2t0zahtiaCzLvi/DXRo1jiB42Xt8Nwi1D+zRT3T/HYD8l7D+SZQQc6HC+WM/y7RIjEPcDeX/wTk+JqiGW++0D3GxCQgq6VOhw7EM4hs5aR659QVNICT9kJt9nxEsyU84nsws4MHzU53BvEY77rYZPvvrBSFJ+TnQJ0c/e8K2G9mgaEGkk/+Rmx3RbPQKuTNCzAJZ0m9g9XSwMHU/z5KkrxcI6xU1+JqpdL2Rx35JiNxbNNrlQSvXJFuGNSf0Z5l8RirKJL4HJXAsIPVZTxeJJ0rQflyb5hN63KH/vUTHJWucAFSRYwLHOgs4Yu7SKJjnWnrLYAK9K/eRprhe3Np3vTed13soZXjdB1Jz6lz3lUxZ4TpOb6E8rGt33GqACTp04DBkyUaxMg7fOQIi0riev9GcGNy1kQkDC5dOwWyQdSICIavBrL+4WRoK8xhsEMY8K58+TYfIm3XnWz6pSEl7OzdGNSFZJuwAPzGS065bCjHIlMxIUKlbx4rmGvecIGRLoa5a5XpFwVwPlH8IJ8LvDPXqyIBquL6IsoCNi+jVy7UV52WldqAAeC3+UJtD8LJj1FaWLkoshkSbcr5veZLtBnpOZsiPXtkn1qgRhCB0QjzNwz+AOJCamSn1R+i+JJN6Wja3mJytCrtoj0M6cc1beJBbam4PgxWd1CJE3zhstuqoktn9LdDZ3qNjPgRY3q4FPbjo53XvQQi/NgnPztMg2z7Rj8yeNtG+HjL2pfXIw9AXZwc19D+T7M5hR7jlD3117o+K2CeaC+wgfXPZ/xzIbhg==,iv:gvSOTStLJ5R4UaXj7gXQDCF4TAgway12yh1BtGz1Mvs=,tag:Jt+daURO+t8HME/m7tLEIw==,type:str] + env: ENC[AES256_GCM,data:9xnOlQrk1qCyiAHSjmu8dvj2/z/BrJlngNGAQnMwvLsL0pnyvvyJLnYWTDYix1a9o8OJUNLw6Qhq7KbY4uXfxsNZkfGdVHwvkvhySjR2rcX/r90txqHJUUIxE/TzdsBvonzQ0F85KfXhsi69gKHp016gCj+jNf6CCY+tOVpt71el4Z+jzqLHasuQET8GctKJRzHOfNfCx/X2kJeb7RQl3JFC6/VmYT45bUk7uFfveFD9ao03wJwLKi27wO1WDrfpOigFdvkmqpbWZjaILYHYmkdhdlhr7w330CiCmGHT/ssmSPcu5cYUc8tjYPgpYLjusiUzpE5jmut5GaNwZsY9hNuow/mUVnQ/tCDH0ChOq0DQisJ07VMYlRII9tMdcuT4IbjjwiRcYlORAHsTFUuo5DCaDp8a4mx846BGp1YMQsvqJQgOe4x15VMpeB/ptxm79qxcLZKZ3BkiJaKmDdWsVk9RfqVgsxqiq16Me2EQhknO2s/oBjGOaoIiT4NEuRFQl0BIPgIMD0lYzKx0uDaYyclID5W0DqMI+SrcBd+WH/BB9HPdZx92rFe34PzjZse0i6+5UZHXUu8au6CyLMqGkUlzkSFwVT5W7Lv2m9P3+6YjgPRMaYbg8b6kmavB6EtjiqWtTbMKr3nxPVYJc5FRImvebfFqiLy5MWoNV6Qe7TUGIk6QtX2OWBhQ1UB+IpR+180QH7yw7UpgJ9EM8dD2m2/smar5P0BjAaqAFib++GzoB0OfFtxJNUjrejQC11tRWBXYvcHWwa78VbKPul0xqiEMmsAZufMix4lD1EgutTf1CXfv7l0rUpLwkYbWIq2hT5UI53L0YWJDl7zlhi94ANdXV8z8kCvMeXm2Fwl/vIgJ9JuFeVeVYPpXwx2coLBwE6uI4SuFvY1d4ojvzY8KftcHWO7srVzpuwrwW+6gKLwPQyEazv+sRKXAGo0ffMO2/2KRgOu9zGwaOFaNDAZ6gYFDWbPz6TMfNWHzfLEFK5BlVAL8KDb78IODUBYcMr2CX1Y=,iv:LDkuJgxIbohEVf7wmdtOZ/vlPddMYa7uzHGkL+0MnUM=,tag:pnJiCJydjTmUbS761fPUPw==,type:str] sops: age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn @@ -20,7 +20,7 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-04T17:04:50Z" - mac: ENC[AES256_GCM,data:RRkdyrxwrFs3r0SaNred5zTpz5CKf043+KWkFSvPFh0RbvIVyxzJKyfL9r7erifEMhPRJ7Hz5GKE4RAPA9yRLkA9C+416sZKfwdopqAe6zSRt4zd0QOPMdc2z3+07+1SP2ay/ZYCn6jjIyoBaki3t0DMv7e9a/OzFv3WfyjG/rg=,iv:K41muQnynaGoZsBquNF0SNFgssLF9KGzBz8siagI+38=,tag:jkWbWBloSbUSJXl9jedAMQ==,type:str] + lastmodified: "2025-04-05T21:08:15Z" + mac: ENC[AES256_GCM,data:cPisYUoZWd/vd+wWzz3xTnftj1RdjK20dWFo+MKssm/eu7eCOWDIaZdcJg13gkTleBpMWQy/mG1drC6GLfGQiBmkS99UCPAoo0aLTBL4FbSm6FEXdbVjoOI7URu6Sj31drWCMAm+lXYymWsHwZJrNLhjsCTQsxTPvFq8oOdNlXo=,iv:KpmJoZ/BGEEhZ75jXfXxegNglm7k6mtleRuVud6tX2g=,tag:lsiqX+YSz4mGK6mw9gdKNg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1 From 2b39a5ab5354bb7f277b85b91406f8311bfc4faa Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 6 Apr 2025 10:52:27 -0400 Subject: [PATCH 383/410] workflow: nix copy compression zstd --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index c955639..290761f 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -74,7 +74,7 @@ jobs: run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package @@ -143,7 +143,7 @@ jobs: run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index c188482..4f76a1d 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -62,7 +62,7 @@ jobs: if: '!cancelled()' run: | nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" From a4bd232336012e5891decdd2369b3671c5205a31 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 6 Apr 2025 11:09:09 -0400 Subject: [PATCH 384/410] garage: use 128M block_size and none compression --- hosts/chunk/garage.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 639bbd8..a36dc49 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -17,11 +17,12 @@ }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "100.122.132.30:3901"; replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; - block_size = "16M"; - compression_level = 3; + block_size = "128M"; + compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; logLevel = "warn"; From d9e6995b929c83c969904046c52a268168f922ff Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 6 Apr 2025 11:10:37 -0400 Subject: [PATCH 385/410] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/bb036cb35383982066e01a6ac8d45597132cf5d5' (2025-04-04) → 'github:nix-community/home-manager/ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7' (2025-04-06) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/b3696bfb6c24aa61428839a99e8b40c53ac3a82d' (2025-03-30) → 'github:nix-community/nix-index-database/a36f6a7148aec2c77d78e4466215cceb2f5f4bfb' (2025-04-06) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/30705076a1748a2b2a1cf0539ea1665eef4d2f4a' (2025-04-04) → 'github:nixos/nixpkgs/06f3516b0397bd241bde2daefc8538fc886c5467' (2025-04-05) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/44a69ed688786e98a101f02b712c313f1ade37ab' (2025-04-02) → 'github:nixos/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6' (2025-04-05) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/c4a8327b0f25d1d81edecbb6105f74d7cf9d7382' (2025-04-03) → 'github:oxalica/rust-overlay/9d00c6b69408dd40d067603012938d9fbe95cfcd' (2025-04-06) • Updated input 'sops-nix': 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04) → 'github:Mic92/sops-nix/523f58a4faff6c67f5f685bed33a7721e984c304' (2025-04-06) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/c8270f31af9c37e4fe5711567a6412460e94e9b7' (2025-04-04) → 'github:nix-community/nix-vscode-extensions/da51d4cab526bef885e8c95ab2b9455bfe0940d4' (2025-04-06) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 76a4f1e..ba20fb3 100644 --- a/flake.lock +++ b/flake.lock @@ -610,11 +610,11 @@ ] }, "locked": { - "lastModified": 1743783108, - "narHash": "sha256-Lg1cK7oGCNPOO1ts481m269WmdGNoigz8RNXLRE9Co0=", + "lastModified": 1743948087, + "narHash": "sha256-B6cIi2ScgVSROPPlTti6len+TdR0K25B9R3oKvbw3M8=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb036cb35383982066e01a6ac8d45597132cf5d5", + "rev": "ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7", "type": "github" }, "original": { @@ -826,11 +826,11 @@ ] }, "locked": { - "lastModified": 1743306489, - "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=", + "lastModified": 1743911143, + "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d", + "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb", "type": "github" }, "original": { @@ -909,11 +909,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1743576891, - "narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=", + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44a69ed688786e98a101f02b712c313f1ade37ab", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", "type": "github" }, "original": { @@ -989,11 +989,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1743775863, - "narHash": "sha256-gUnR9qcZK/O20oQFn1ijz7Nn66qG2Sp7JprDFl+oQBo=", + "lastModified": 1743862455, + "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30705076a1748a2b2a1cf0539ea1665eef4d2f4a", + "rev": "06f3516b0397bd241bde2daefc8538fc886c5467", "type": "github" }, "original": { @@ -1151,11 +1151,11 @@ ] }, "locked": { - "lastModified": 1743682350, - "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", + "lastModified": 1743906877, + "narHash": "sha256-Thah1oU8Vy0gs9bh5QhNcQh1iuQiowMnZPbrkURonZA=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", + "rev": "9d00c6b69408dd40d067603012938d9fbe95cfcd", "type": "github" }, "original": { @@ -1171,11 +1171,11 @@ ] }, "locked": { - "lastModified": 1743756170, - "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=", + "lastModified": 1743910657, + "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d", + "rev": "523f58a4faff6c67f5f685bed33a7721e984c304", "type": "github" }, "original": { @@ -1267,11 +1267,11 @@ ] }, "locked": { - "lastModified": 1743731627, - "narHash": "sha256-gFvZTGlSGCl7MZ5MrihUf7pkIY0zwaUVhl/iUBto/3I=", + "lastModified": 1743904774, + "narHash": "sha256-dHnwYLz1b6ohGP2DjWKpDFEZ9WOm4vYuPXKUna08awU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c8270f31af9c37e4fe5711567a6412460e94e9b7", + "rev": "da51d4cab526bef885e8c95ab2b9455bfe0940d4", "type": "github" }, "original": { From cad11e55f10cd36d3bc2cdf9ab8eba5c8f747b1b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 7 Apr 2025 10:38:17 -0400 Subject: [PATCH 386/410] add new sk-ed25519 key --- hosts/chunk/default.nix | 4 +++- modules/caddy.nix | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9c6289d..0509b8d 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -138,13 +138,15 @@ "podman" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" ]; # for forgejo users.users.git = { diff --git a/modules/caddy.nix b/modules/caddy.nix index 0eb2cb7..f3f8e14 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -49,7 +49,8 @@ in respond / 200 { body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD" + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD + sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" } ''; }; From 2001228889ee08234fc04af6bfdb67696a09974b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 7 Apr 2025 10:38:44 -0400 Subject: [PATCH 387/410] ytnix: add systemd to nix-ld --- hosts/ytnix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ed91b61..ddf1364 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -274,7 +274,6 @@ enable = true; # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ libraries = with pkgs; [ - # TODO: revisit what we actually need mesa extest stdenv.cc.cc @@ -330,6 +329,7 @@ pcre2 gsettings-desktop-schemas fzf + systemd ]; }; programs.evolution.enable = true; From e678d56cad4e58a2e111faa8cddd472e2fdfab5b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 7 Apr 2025 10:39:22 -0400 Subject: [PATCH 388/410] codium: rm path-intellisense cuz no work --- home/codium.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/home/codium.nix b/home/codium.nix index 706736d..1eb02a4 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -23,8 +23,6 @@ tamasfe.even-better-toml golang.go ms-python.python - christian-kohler.path-intellisense - # firefox-devtools.vscode-firefox-debug ]; userSettings = let @@ -75,11 +73,6 @@ "telemetry.enableTelemetry" = false; "telemetry.telemetryLevel" = "off"; "window.titleBarStyle" = "custom"; - # https://github.com/ChristianKohler/PathIntellisense#installation - "typescript.suggest.paths" = false; - "javascript.suggest.paths" = false; - - "path-intellisense.absolutePathToWorkspace" = true; # terminal stuff "terminal.integrated.cursorBlinking" = true; From 904cecde7667c6d924101a525904432dc81047cd Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 14 Apr 2025 10:32:02 -0400 Subject: [PATCH 389/410] codium: format on save --- home/codium.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/codium.nix b/home/codium.nix index 1eb02a4..ba4e324 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -73,6 +73,7 @@ "telemetry.enableTelemetry" = false; "telemetry.telemetryLevel" = "off"; "window.titleBarStyle" = "custom"; + "editor.formatOnSave" = true; # terminal stuff "terminal.integrated.cursorBlinking" = true; From 68d6fcc45e6da99c691607e825df04b0d0880aac Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 14 Apr 2025 10:54:24 -0400 Subject: [PATCH 390/410] just don't use matrix anymore --- flake.lock | 696 ++------------------------------------ flake.nix | 2 - hosts/chunk/conduwuit.nix | 33 -- hosts/chunk/default.nix | 1 - overlay/default.nix | 3 - 5 files changed, 25 insertions(+), 710 deletions(-) delete mode 100644 hosts/chunk/conduwuit.nix diff --git a/flake.lock b/flake.lock index ba20fb3..435ec8d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,171 +1,6 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1738524606, - "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "main", - "repo": "attic", - "type": "github" - } - }, - "cachix": { - "inputs": { - "devenv": "devenv", - "flake-compat": "flake-compat_2", - "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1737621947, - "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", - "owner": "cachix", - "repo": "cachix", - "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "cachix", - "type": "github" - } - }, - "cachix_2": { - "inputs": { - "devenv": [ - "conduwuit", - "cachix", - "devenv" - ], - "flake-compat": [ - "conduwuit", - "cachix", - "devenv" - ], - "git-hooks": [ - "conduwuit", - "cachix", - "devenv" - ], - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1728672398, - "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", - "owner": "cachix", - "repo": "cachix", - "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "latest", - "repo": "cachix", - "type": "github" - } - }, - "complement": { - "flake": false, - "locked": { - "lastModified": 1741891349, - "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", - "owner": "girlbossceo", - "repo": "complement", - "rev": "e587b3df569cba411aeac7c20b6366d03c143745", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "main", - "repo": "complement", - "type": "github" - } - }, - "conduwuit": { - "inputs": { - "attic": "attic", - "cachix": "cachix", - "complement": "complement", - "crane": "crane_2", - "fenix": "fenix", - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils", - "liburing": "liburing", - "nix-filter": "nix-filter", - "nixpkgs": [ - "nixpkgs" - ], - "rocksdb": "rocksdb" - }, - "locked": { - "lastModified": 1743780871, - "narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=", - "owner": "girlbossceo", - "repo": "conduwuit", - "rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "repo": "conduwuit", - "type": "github" - } - }, "crane": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "ref": "master", - "repo": "crane", - "type": "github" - } - }, - "crane_3": { "locked": { "lastModified": 1737689766, "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", @@ -180,7 +15,7 @@ "type": "github" } }, - "crane_4": { + "crane_2": { "locked": { "lastModified": 1741148495, "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", @@ -195,75 +30,17 @@ "type": "github" } }, - "devenv": { - "inputs": { - "cachix": "cachix_2", - "flake-compat": [ - "conduwuit", - "cachix", - "flake-compat" - ], - "git-hooks": [ - "conduwuit", - "cachix", - "git-hooks" - ], - "nix": "nix", - "nixpkgs": [ - "conduwuit", - "cachix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733323168, - "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", - "owner": "cachix", - "repo": "devenv", - "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "fenix": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1740724364, - "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", - "owner": "nix-community", - "repo": "fenix", - "rev": "edf7d9e431cda8782e729253835f178a356d3aab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "main", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { - "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "nix-community", "repo": "flake-compat", "type": "github" } @@ -284,101 +61,7 @@ "type": "github" } }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "ref": "master", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { - "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "cachix", - "devenv", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -413,7 +96,6 @@ }, "original": { "owner": "numtide", - "ref": "main", "repo": "flake-utils", "type": "github" } @@ -472,24 +154,6 @@ "type": "github" } }, - "flake-utils_5": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -507,9 +171,9 @@ }, "garage": { "inputs": { - "crane": "crane_3", - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_2", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], @@ -529,59 +193,7 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "conduwuit", - "cachix", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "conduwuit", - "cachix", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "cachix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -625,9 +237,9 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_4", - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_3", + "crane": "crane_2", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ], @@ -649,39 +261,6 @@ "type": "github" } }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" - } - }, - "liburing": { - "flake": false, - "locked": { - "lastModified": 1740613216, - "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", - "owner": "axboe", - "repo": "liburing", - "rev": "e1003e496e66f9b0ae06674869795edf772d5500", - "type": "github" - }, - "original": { - "owner": "axboe", - "ref": "master", - "repo": "liburing", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -698,10 +277,10 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1742943028, @@ -720,7 +299,7 @@ }, "nil": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], @@ -740,85 +319,6 @@ "type": "github" } }, - "nix": { - "inputs": { - "flake-compat": [ - "conduwuit", - "cachix", - "devenv" - ], - "flake-parts": "flake-parts_2", - "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", - "nixpkgs-23-11": [ - "conduwuit", - "cachix", - "devenv" - ], - "nixpkgs-regression": [ - "conduwuit", - "cachix", - "devenv" - ], - "pre-commit-hooks": [ - "conduwuit", - "cachix", - "devenv" - ] - }, - "locked": { - "lastModified": 1727438425, - "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", - "owner": "domenkozar", - "repo": "nix", - "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "devenv-2.24", - "repo": "nix", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1731533336, - "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", - "type": "github" - }, - "original": { - "owner": "numtide", - "ref": "main", - "repo": "nix-filter", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -861,53 +361,21 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", - "owner": "NixOS", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { "locked": { "lastModified": 1743813633, "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", @@ -924,70 +392,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1717432640, - "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1743862455, "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", @@ -1009,7 +413,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -1029,26 +433,8 @@ "type": "github" } }, - "rocksdb": { - "flake": false, - "locked": { - "lastModified": 1741308171, - "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", - "owner": "girlbossceo", - "repo": "rocksdb", - "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "v9.11.1", - "repo": "rocksdb", - "type": "github" - } - }, "root": { "inputs": { - "conduwuit": "conduwuit", "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -1056,30 +442,13 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1740691488, - "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -1244,24 +613,9 @@ "type": "github" } }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 37215e0..92d6363 100644 --- a/flake.nix +++ b/flake.nix @@ -12,8 +12,6 @@ lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - conduwuit.url = "github:girlbossceo/conduwuit"; - conduwuit.inputs.nixpkgs.follows = "nixpkgs"; lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix deleted file mode 100644 index 3a6638f..0000000 --- a/hosts/chunk/conduwuit.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: -{ - services.conduwuit = { - enable = true; - settings.global = { - port = [ 8448 ]; - server_name = "cything.io"; - allow_check_for_updates = true; - }; - }; - - services.caddy.virtualHosts."chat.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8448 - ''; - - services.caddy.virtualHosts."cything.io" = { - serverAliases = [ "www.cything.io" ]; - extraConfig = '' - import common - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD - header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - route { - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} - redir https://cy7.sh/posts{uri} permanent - } - ''; - }; -} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 0509b8d..5dcbf56 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -16,7 +16,6 @@ ./redlib.nix ./vaultwarden.nix ./grafana.nix - ./conduwuit.nix ./immich.nix ./forgejo.nix ./garage.nix diff --git a/overlay/default.nix b/overlay/default.nix index 9e6336c..3599338 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -7,9 +7,6 @@ pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "default"; - attic-server = pkgFrom inputs.attic "attic-server"; - attic = pkgFrom inputs.attic "attic"; garage = ( (pkgFrom inputs.garage "default").overrideAttrs { meta.mainProgram = "garage"; From 40d0a1512d5153b5afac5cb3c8bbbebff43f6103 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 14 Apr 2025 16:26:26 -0400 Subject: [PATCH 391/410] disable karakeep --- hosts/chunk/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 5dcbf56..2e4c960 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -184,7 +184,7 @@ my.containerization.enable = true; my.authelia.enable = true; my.karakeep = { - enable = true; + enable = false; dataDir = "/opt/karakeep"; }; } From 21399aaf47a14b57ce6f5b41789bdc22fd524ffc Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 18:22:18 -0400 Subject: [PATCH 392/410] update readme --- README | 1 + README.md | 40 ---------------------------------------- 2 files changed, 1 insertion(+), 40 deletions(-) create mode 100644 README delete mode 100644 README.md diff --git a/README b/README new file mode 100644 index 0000000..1a59725 --- /dev/null +++ b/README @@ -0,0 +1 @@ +this is only open source for free ci diff --git a/README.md b/README.md deleted file mode 100644 index eb52498..0000000 --- a/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# infra -## ./home -- [home-manager](https://github.com/nix-community/home-manager) configuration files -- foot, tmux, and zsh are configured in Nix -- nvim, rofi, sway, waybar are configured in their own literature and symlinked to $XDG_CONFIG_HOME with home-manager - -## ./hosts -- [`hosts/common.nix`](hosts/common.nix): configuration that makes sense on all computers -- [`hosts/zsh.nix`](hosts/zsh.nix): for computers that have the power to run zsh -### ./hosts/ytnix -- personal laptop -- a single [`default.nix`](hosts/ytnix/default.nix) that could be modularized but works for now - -### ./hosts/chunk -- the overworked server with 5% SLA -- very short and concise [`default.nix`](hosts/chunk/default.nix) -- services organized in their modules -- some services run through `virtualisation.oci-containers`: - - [immich](hosts/chunk/immich.nix) - - [conduwuit](hosts/chunk/conduwuit.nix) - -### ./hosts/titan -- got this cause chunk would go down way too often :( -- hosted on azure for "reliability" -- runs: - - [ghost](hosts/titan/ghost.nix) (through `virtualisation.oci-containers`) - - [uptime-kuma](hosts/titan/uptime-kuma.nix) - - [ntfy-sh](hosts/titan/ntfy.nix) - -## ./secrets -- secrets -- see [`.sops.yaml`](.sops.yaml) for who privy to what - -## backups -- hourly borgbackup to [rsync.net](https://rsync.net) -- see [modules/backup](modules/backup.nix) - -## monitoring -- [status.cything.io](https://status.cything.io/): uptime kuma (reliable) -- [grafana.cything.io](https://grafana.cything.io/): some real-time metrics here; unlike the status page this will go kaput often From c806ffb3bb83be59b24b7efc10ee4896c1cf025a Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 18:23:23 -0400 Subject: [PATCH 393/410] rm garnix.yaml --- garnix.yaml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 garnix.yaml diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index c189664..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,6 +0,0 @@ -builds: - include: - - 'nixosConfigurations.*' - - 'homeConfigurations.*' - - '*.aarch64-linux.*' - - '*.x86_64-linux.*' From e2df47ab99d06e1d062902a219fc5de8814ce7f5 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 19:25:57 -0400 Subject: [PATCH 394/410] 2025 04 14 (#45) * use lix from nixpkgs * install nil * just don't use matrix anymore * try not using lix * use nixpkgs unstable * dogfood nixcp * workflow: use runner.temp variable * workflow: try hex encoded secret * workflow: use envars for s3 region and endpoint * rm matrix * workflow: trace nixcp * workflow: no lix and no checkout in build packages * Revert "workflow: trace nixcp" This reverts commit 16d0827bcb90bff73a072920eb83f97aa84394ce. --- .../workflows/build-machines-and-homes.yml | 46 +++--- .github/workflows/build-packages.yml | 33 ++--- flake.lock | 131 +----------------- flake.nix | 6 +- home/yt/ytnix.nix | 1 + hosts/common.nix | 2 +- overlay/default.nix | 1 + 7 files changed, 41 insertions(+), 179 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 290761f..ba6ec24 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -8,6 +8,8 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-machines: @@ -35,7 +37,7 @@ jobs: build-mount-path: /nix - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -46,16 +48,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 @@ -73,10 +68,11 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ $package build-homes: @@ -105,7 +101,7 @@ jobs: build-mount-path: /nix - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -116,16 +112,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 @@ -142,8 +131,9 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4f76a1d..2688fb3 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -11,6 +11,8 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-packages: @@ -22,13 +24,13 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - # - macos-latest - # - macos-13 + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key - run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 @@ -39,21 +41,9 @@ jobs: experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= - - - name: Install Lix - run: | - sudo --preserve-env=PATH $(which nix) run \ - 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ - upgrade-nix - nix --version - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - run: nix build -L ${{ matrix.package }} @@ -61,10 +51,11 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + nix run github:cything/nixcp/2025-04-12 -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ - -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" - name: prepare tarball to upload diff --git a/flake.lock b/flake.lock index 435ec8d..9feaf1e 100644 --- a/flake.lock +++ b/flake.lock @@ -136,39 +136,6 @@ "type": "github" } }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "garage": { "inputs": { "crane": "crane", @@ -261,45 +228,9 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1742943028, - "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", - "ref": "release-2.92", - "rev": "3fae818597ca2f1474de62022f850c23be50528d", - "revCount": 134, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "release-2.92", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nil": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -361,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -375,38 +306,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1743862455, - "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "06f3516b0397bd241bde2daefc8538fc886c5467", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -438,12 +337,10 @@ "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix-module": "lix-module", "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", "vscode-extensions": "vscode-extensions" @@ -598,24 +495,10 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", + "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 92d6363..0aea8eb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,7 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; @@ -12,7 +11,6 @@ lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - lix-module.url = "git+https://git.lix.systems/lix-project/nixos-module?ref=release-2.92"; nix-ld.url = "github:nix-community/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nil.url = "github:oxalica/nil"; @@ -69,7 +67,6 @@ ./modules inputs.sops-nix.nixosModules.sops inputs.lanzaboote.nixosModules.lanzaboote - inputs.lix-module.nixosModules.default inputs.nix-ld.nixosModules.nix-ld ]; }; @@ -82,7 +79,6 @@ ./hosts/chunk ./modules inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default ]; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 686a8a3..3ed40e6 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -103,6 +103,7 @@ gopls rust-analyzer minio-client + nil ]; home.sessionVariables = { diff --git a/hosts/common.nix b/hosts/common.nix index 77e0edb..b5a71a0 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ inputs, config, ... }: +{ inputs, config, pkgs, ... }: { nix = { settings = { diff --git a/overlay/default.nix b/overlay/default.nix index 3599338..67d855e 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -12,6 +12,7 @@ meta.mainProgram = "garage"; } ); + nil = pkgFrom inputs.nil "default"; } ) ] From 71657e0ccb7b6ef81939b4b044ef1d3c02c72fec Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 15 Apr 2025 20:19:08 -0400 Subject: [PATCH 395/410] use nixcp main --- .github/workflows/build-machines-and-homes.yml | 4 ++-- .github/workflows/build-packages.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index ba6ec24..6a14b19 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -68,7 +68,7 @@ jobs: if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run github:cything/nixcp/2025-04-12 -- \ + nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ @@ -131,7 +131,7 @@ jobs: if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run github:cything/nixcp/2025-04-12 -- \ + nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 2688fb3..423c88a 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -51,7 +51,7 @@ jobs: # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | - nix run github:cything/nixcp/2025-04-12 -- \ + nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ From 61a4f97684f05ea23003f1ba84b887c4a1448283 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 16 Apr 2025 21:37:51 -0400 Subject: [PATCH 396/410] use lix from nixpkgs --- hosts/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/common.nix b/hosts/common.nix index b5a71a0..b1989b1 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,6 +1,7 @@ { inputs, config, pkgs, ... }: { nix = { + package = pkgs.lix; settings = { experimental-features = "nix-command flakes"; auto-optimise-store = true; From b3f1d10575ab32fd94e7f2adffef6126c3f5e632 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 16 Apr 2025 21:37:57 -0400 Subject: [PATCH 397/410] install keepassxc --- home/yt/ytnix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 3ed40e6..4ba3f66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -104,6 +104,7 @@ rust-analyzer minio-client nil + keepassxc ]; home.sessionVariables = { From f5af830c30c16d065674b36051a72292292f4dd3 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 16 Apr 2025 21:38:04 -0400 Subject: [PATCH 398/410] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7' (2025-04-06) → 'github:nix-community/home-manager/c6b75d69b6994ba68ec281bd36faebcc56097800' (2025-04-16) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/a36f6a7148aec2c77d78e4466215cceb2f5f4bfb' (2025-04-06) → 'github:nix-community/nix-index-database/4fc9ea78c962904f4ea11046f3db37c62e8a02fd' (2025-04-13) • Updated input 'nix-ld': 'github:nix-community/nix-ld/140451db1cadeef1e7e9e054332b67b7be808916' (2025-03-31) → 'github:nix-community/nix-ld/9a3812797e25def1d4aed62b517606b7b93989dc' (2025-04-14) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/9d00c6b69408dd40d067603012938d9fbe95cfcd' (2025-04-06) → 'github:oxalica/rust-overlay/c564fb830c7d5b3e4fde5ea829a62f0e41e43a20' (2025-04-16) • Updated input 'sops-nix': 'github:Mic92/sops-nix/523f58a4faff6c67f5f685bed33a7721e984c304' (2025-04-06) → 'github:Mic92/sops-nix/61154300d945f0b147b30d24ddcafa159148026a' (2025-04-14) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/da51d4cab526bef885e8c95ab2b9455bfe0940d4' (2025-04-06) → 'github:nix-community/nix-vscode-extensions/47bd3dc652c4a02dc565a9360fe828af38bea287' (2025-04-16) --- flake.lock | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 9feaf1e..d4de20c 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1743948087, - "narHash": "sha256-B6cIi2ScgVSROPPlTti6len+TdR0K25B9R3oKvbw3M8=", + "lastModified": 1744833442, + "narHash": "sha256-BBMWW2m64Grcc5FlXz74+vdkUyCJOfUGnl+VcS/4x44=", "owner": "nix-community", "repo": "home-manager", - "rev": "ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7", + "rev": "c6b75d69b6994ba68ec281bd36faebcc56097800", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1743911143, - "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=", + "lastModified": 1744518957, + "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb", + "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1743410259, - "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=", + "lastModified": 1744621833, + "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", "owner": "nix-community", "repo": "nix-ld", - "rev": "140451db1cadeef1e7e9e054332b67b7be808916", + "rev": "9a3812797e25def1d4aed62b517606b7b93989dc", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1743906877, - "narHash": "sha256-Thah1oU8Vy0gs9bh5QhNcQh1iuQiowMnZPbrkURonZA=", + "lastModified": 1744803954, + "narHash": "sha256-f+gE6JtLhPzyDWOCEHbN/S30GEGHMtXEt41+Va7wzEU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "9d00c6b69408dd40d067603012938d9fbe95cfcd", + "rev": "c564fb830c7d5b3e4fde5ea829a62f0e41e43a20", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1743910657, - "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "523f58a4faff6c67f5f685bed33a7721e984c304", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { @@ -498,17 +498,16 @@ "vscode-extensions": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1743904774, - "narHash": "sha256-dHnwYLz1b6ohGP2DjWKpDFEZ9WOm4vYuPXKUna08awU=", + "lastModified": 1744768710, + "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "da51d4cab526bef885e8c95ab2b9455bfe0940d4", + "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", "type": "github" }, "original": { From 44a98fd703c59e659d3139af0d0113b1e4853c6b Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 17 Apr 2025 15:19:29 -0400 Subject: [PATCH 399/410] ytnix: enable firefox --- home/yt/ytnix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 4ba3f66..f22d425 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -162,4 +162,6 @@ enable = true; addKeysToAgent = "yes"; }; + + programs.firefox.enable = true; } From 140f0f5dcf033c7e03b4e65c8248fec2f6f6a06a Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:18:41 -0400 Subject: [PATCH 400/410] kitty: use default theme --- home/kitty.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/kitty.nix b/home/kitty.nix index a77a432..a6ddf37 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -7,7 +7,6 @@ package = pkgs.ibm-plex; size = 12; }; - themeFile = "GitHub_Dark"; settings = { enable_audio_bell = true; # how many windows should be open before kitty asks From c193ba21081c5387f74d41ae51c6fe431a964b8e Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:27:05 -0400 Subject: [PATCH 401/410] workflow: test post-build hook --- .github/workflows/build-machines-and-homes.yml | 17 ++++++++++++----- ci/upload-to-cache.sh | 8 ++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) create mode 100755 ci/upload-to-cache.sh diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6a14b19..1d86c47 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -39,6 +39,17 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -51,11 +62,7 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + post-build-hook = /etc/nix/upload-to-cache.sh - name: build run: | diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh new file mode 100755 index 0000000..a8f9e0f --- /dev/null +++ b/ci/upload-to-cache.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# https://nix.dev/guides/recipes/post-build-hook.html#implementing-the-build-hook +set -eu +set -f # disable globbing +export IFS=' ' +echo "Uploading paths" $OUT_PATHS +exec nix copy --to "s3://nixcache" $OUT_PATHS From 2591401aa3491151325bad378022861eae74505a Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:33:55 -0400 Subject: [PATCH 402/410] workflow: debug --- .github/workflows/build-machines-and-homes.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1d86c47..a70ff0d 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -63,6 +63,9 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh + + - name: debug + run: echo "$(which nix)" - name: build run: | From eb054c444ac71f2f1703012504c826b0ec889545 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:35:16 -0400 Subject: [PATCH 403/410] temp disable maximize disk space --- .../workflows/build-machines-and-homes.yml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index a70ff0d..17a8c17 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -24,17 +24,17 @@ jobs: runs-on: ${{ matrix.os }} steps: - - name: Maximize build disk space - uses: easimon/maximize-build-space@v10 - with: - overprovision-lvm: true - swap-size-mb: 1024 - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'true' - remove-docker-images: 'true' - build-mount-path: /nix + # - name: Maximize build disk space + # uses: easimon/maximize-build-space@v10 + # with: + # overprovision-lvm: true + # swap-size-mb: 1024 + # remove-dotnet: 'true' + # remove-android: 'true' + # remove-haskell: 'true' + # remove-codeql: 'true' + # remove-docker-images: 'true' + # build-mount-path: /nix - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem From 5a053b2379fd556f30a7a1a314e1b7491ad9ae30 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:36:23 -0400 Subject: [PATCH 404/410] fix nix path --- ci/upload-to-cache.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index a8f9e0f..c72c0a2 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,4 +5,5 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -exec nix copy --to "s3://nixcache" $OUT_PATHS +# this is where the cachix installer installs nix +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache" $OUT_PATHS From e38ed0e6f1d9e692a49451d45e9fc541e837f515 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:39:56 -0400 Subject: [PATCH 405/410] fix nix copy dest --- ci/upload-to-cache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index c72c0a2..6e348a7 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -6,4 +6,4 @@ set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS # this is where the cachix installer installs nix -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh" $OUT_PATHS From 4f1bd260644c52469c42827e3db5e91be95aefba Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 01:59:00 -0400 Subject: [PATCH 406/410] setup aws profile for s3 auth --- .../workflows/build-machines-and-homes.yml | 84 +++++++++---------- ci/upload-to-cache.sh | 1 - 2 files changed, 39 insertions(+), 46 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 17a8c17..f1e07bc 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -24,17 +24,17 @@ jobs: runs-on: ${{ matrix.os }} steps: - # - name: Maximize build disk space - # uses: easimon/maximize-build-space@v10 - # with: - # overprovision-lvm: true - # swap-size-mb: 1024 - # remove-dotnet: 'true' - # remove-android: 'true' - # remove-haskell: 'true' - # remove-codeql: 'true' - # remove-docker-images: 'true' - # build-mount-path: /nix + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + overprovision-lvm: true + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' + build-mount-path: /nix - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem @@ -50,6 +50,14 @@ jobs: sudo cp ci/upload-to-cache.sh /etc/nix/ sudo chmod +x /etc/nix/upload-to-cache.sh + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -63,28 +71,11 @@ jobs: extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh - - - name: debug - run: echo "$(which nix)" - name: build run: | - # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - # nix build -L "$package" nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - - name: cache - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - $package - build-homes: strategy: fail-fast: false @@ -113,6 +104,25 @@ jobs: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -125,25 +135,9 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false + post-build-hook = /etc/nix/upload-to-cache.sh - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - - - name: cache - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - $package diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index 6e348a7..6ea65f5 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,5 +5,4 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -# this is where the cachix installer installs nix exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh" $OUT_PATHS From f3f15724d2dca0347b065ad9cf44176b88f720d6 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:23:19 -0400 Subject: [PATCH 407/410] ci use zstd to compress cache --- ci/upload-to-cache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index 6ea65f5..98b72b5 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,4 +5,4 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd" $OUT_PATHS From 1cf31a7ae03f089ac038a998106e8e36b7f0d69c Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:26:56 -0400 Subject: [PATCH 408/410] ci use parallel compression --- ci/upload-to-cache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh index 98b72b5..559d062 100755 --- a/ci/upload-to-cache.sh +++ b/ci/upload-to-cache.sh @@ -5,4 +5,4 @@ set -eu set -f # disable globbing export IFS=' ' echo "Uploading paths" $OUT_PATHS -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd¶llel-compression=true" $OUT_PATHS From 1b298adbf69446e4603cca5e1037a5c60c9bc30c Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:28:52 -0400 Subject: [PATCH 409/410] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'garage': 'github:deuxfleurs-org/garage/14d2f2b18da015508d4a1e31b2f014da5188d516' (2025-03-21) → 'github:deuxfleurs-org/garage/4ef954d17604eba8aafa52902cd3c573978c7195' (2025-04-19) • Updated input 'home-manager': 'github:nix-community/home-manager/c6b75d69b6994ba68ec281bd36faebcc56097800' (2025-04-16) → 'github:nix-community/home-manager/f98314bb064cf8f8446c44afbadaaad2505875a7' (2025-04-20) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/4fc9ea78c962904f4ea11046f3db37c62e8a02fd' (2025-04-13) → 'github:nix-community/nix-index-database/69716041f881a2af935021c1182ed5b0cc04d40e' (2025-04-20) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2631b0b7abcea6e640ce31cd78ea58910d31e650' (2025-04-12) → 'github:nixos/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef' (2025-04-17) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/c564fb830c7d5b3e4fde5ea829a62f0e41e43a20' (2025-04-16) → 'github:oxalica/rust-overlay/e2142ef330a61c02f274ac9a9cb6f8487a5d0080' (2025-04-20) • Updated input 'vscode-extensions': 'github:nix-community/nix-vscode-extensions/47bd3dc652c4a02dc565a9360fe828af38bea287' (2025-04-16) → 'github:nix-community/nix-vscode-extensions/ff14820202442f847fd37862eb48a7cb254a19d3' (2025-04-20) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d4de20c..4370247 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1742547966, - "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=", + "lastModified": 1745093116, + "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516", + "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1744833442, - "narHash": "sha256-BBMWW2m64Grcc5FlXz74+vdkUyCJOfUGnl+VcS/4x44=", + "lastModified": 1745128386, + "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6b75d69b6994ba68ec281bd36faebcc56097800", + "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1744518957, - "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", + "lastModified": 1745120797, + "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", + "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1744803954, - "narHash": "sha256-f+gE6JtLhPzyDWOCEHbN/S30GEGHMtXEt41+Va7wzEU=", + "lastModified": 1745116541, + "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c564fb830c7d5b3e4fde5ea829a62f0e41e43a20", + "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1744768710, - "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", + "lastModified": 1745114521, + "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", + "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", "type": "github" }, "original": { From a7de77a0fca41ab1397d0981f8c85b096339a158 Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 20 Apr 2025 02:36:48 -0400 Subject: [PATCH 410/410] update caddy hash --- modules/caddy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index f3f8e14..c5de226 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -21,7 +21,7 @@ in # (still need the @ to pass nix config check) "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="; + hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";