diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 423c88a..343a54f 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -24,14 +24,33 @@ jobs: os: - ubuntu-latest - ubuntu-24.04-arm - - macos-latest - - macos-13 + # - macos-latest + # - macos-13 runs-on: ${{ matrix.os }} steps: - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + - name: Install Nix uses: cachix/install-nix-action@v30 with: @@ -44,20 +63,10 @@ jobs: secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + post-build-hook = /etc/nix/upload-to-cache.sh - run: nix build -L ${{ matrix.package }} - - name: cache result - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - "${{ matrix.package }}" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/flake.lock b/flake.lock index 4370247..2044b2a 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1745093116, - "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", + "lastModified": 1745229893, + "narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", + "rev": "3c20984a08528f1a6672c8afc83d2306a0361e40", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1745128386, - "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", + "lastModified": 1745256380, + "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", "owner": "nix-community", "repo": "home-manager", - "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", + "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1741442524, - "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", + "lastModified": 1745217777, + "narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", + "rev": "e4cf2086105f47a22f92985358db295a20746abb", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1740915799, - "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "lastModified": 1741379162, + "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", "type": "github" }, "original": { @@ -376,11 +376,11 @@ ] }, "locked": { - "lastModified": 1741228283, - "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "lastModified": 1741573199, + "narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1745116541, - "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", + "lastModified": 1745207416, + "narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", + "rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1745114521, - "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", + "lastModified": 1745251368, + "narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", + "rev": "6dfa23066faf8643ca05eac994aa14ef695231aa", "type": "github" }, "original": { diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index f22d425..c08d0b8 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -53,6 +53,7 @@ toolchain: toolchain.default.override { extensions = [ "rust-src" ]; + targets = [ "aarch64-unknown-linux-musl" ]; } )) pwgen @@ -105,6 +106,7 @@ minio-client nil keepassxc + lua-language-server ]; home.sessionVariables = { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2e4c960..6f73eaf 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -187,4 +187,5 @@ enable = false; dataDir = "/opt/karakeep"; }; + my.roundcube.enable = true; } diff --git a/hosts/chunk/postgres.nix b/hosts/chunk/postgres.nix index 07a3125..c4a6233 100644 --- a/hosts/chunk/postgres.nix +++ b/hosts/chunk/postgres.nix @@ -19,8 +19,5 @@ } ]; }; - services.postgresqlBackup = { - enable = true; - startAt = "hourly"; - }; + services.postgresqlBackup.enable = true; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c474af..1c253f2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -23,13 +23,14 @@ let --vfs-fast-fingerprint \ --vfs-read-chunk-size 8M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ --write-back-cache \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + Restart = "on-failure"; }; in { diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ddf1364..c3759fa 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -87,7 +87,7 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; + trustedInterfaces = [ "tailscale0" "virbr0" ]; # allowedTCPPorts = [ # 8080 # mitmproxy # 22000 # syncthing diff --git a/modules/backup.nix b/modules/backup.nix index 2715deb..a07542d 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -47,7 +47,7 @@ in }; startAt = lib.mkOption { type = lib.types.str; - default = "hourly"; + default = "daily"; description = "see systemd.timer(5)"; }; jobName = lib.mkOption { @@ -98,8 +98,9 @@ in failOnWarnings = false; prune.keep = { - within = "2d"; - daily = 365; + daily = 7; + weekly = 12; + monthly = -1; }; extraPruneArgs = [ "--stats" ]; }; diff --git a/modules/roundcube.nix b/modules/roundcube.nix index 63b14c5..7dcfb9d 100644 --- a/modules/roundcube.nix +++ b/modules/roundcube.nix @@ -31,6 +31,7 @@ in "contextmenu" "custom_from" "thunderbird_labels" + "managesieve" ]; dicts = with pkgs.aspellDicts; [ en ]; extraConfig = '' @@ -38,6 +39,8 @@ in $config['smtp_host'] = "ssl://smtp.migadu.com:465"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; + $config['managesieve_host'] = "tls://imap.migadu.com"; + $config['managesieve_port'] = 4190; ''; }; @@ -48,6 +51,7 @@ in services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' import common + import authelia root ${roundcube.package} php_fastcgi unix/${fpm.socket} file_server