cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:a7de77a0fca41ab1397d0981f8c85b096339a158
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:9546caaa7cb896905847308aab02c20bf3f0d27f
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

5 commits
a7de77a0fc ... 9546caaa7c

Author SHA1 Message Date
cy
9546caaa7c
bring back roundcube (with sieve) 2025-04-23 09:56:59 -04:00
cy
17e257a318
use post-build-hook for build packages 2025-04-21 22:07:31 -04:00
cy
4f2af1bcfc
rclone: limit sftp-concurrency to 64 (again) 2025-04-21 17:19:13 -04:00
cy
d97917bba0
flake.lock: Update 
Flake lock file updates:

• Updated input 'garage':
    'github:deuxfleurs-org/garage/4ef954d17604eba8aafa52902cd3c573978c7195' (2025-04-19)
  → 'github:deuxfleurs-org/garage/3c20984a08528f1a6672c8afc83d2306a0361e40' (2025-04-21)
• Updated input 'home-manager':
    'github:nix-community/home-manager/f98314bb064cf8f8446c44afbadaaad2505875a7' (2025-04-20)
  → 'github:nix-community/home-manager/22b326b42bf42973d5e4fe1044591fb459e6aeac' (2025-04-21)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/d8099586d9a84308ffedac07880e7f07a0180ff4' (2025-03-08)
  → 'github:nix-community/lanzaboote/e4cf2086105f47a22f92985358db295a20746abb' (2025-04-21)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53' (2025-03-05)
  → 'github:ipetkov/crane/bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5' (2025-03-09)
• Updated input 'lanzaboote/flake-parts':
    'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01)
  → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07)
• Updated input 'lanzaboote/pre-commit-hooks-nix':
    'github:cachix/pre-commit-hooks.nix/42b1ba089d2034d910566bf6b40830af6b8ec732' (2025-03-02)
  → 'github:cachix/pre-commit-hooks.nix/b5a62751225b2f62ff3147d0a334055ebadcd5cc' (2025-03-07)
• Updated input 'lanzaboote/rust-overlay':
    'github:oxalica/rust-overlay/38e9826bc4296c9daf18bc1e6aa299f3e932a403' (2025-03-06)
  → 'github:oxalica/rust-overlay/c777dc8a1e35407b0e80ec89817fe69970f4e81a' (2025-03-10)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/e2142ef330a61c02f274ac9a9cb6f8487a5d0080' (2025-04-20)
  → 'github:oxalica/rust-overlay/68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a' (2025-04-21)
• Updated input 'vscode-extensions':
    'github:nix-community/nix-vscode-extensions/ff14820202442f847fd37862eb48a7cb254a19d3' (2025-04-20)
  → 'github:nix-community/nix-vscode-extensions/6dfa23066faf8643ca05eac994aa14ef695231aa' (2025-04-21)
 2025-04-21 13:54:25 -04:00
cy
48d8bacea8
change backup frequency 2025-04-21 13:53:21 -04:00
9 changed files with 64 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

35
.github/workflows/build-packages.yml vendored
View file

@ -24,14 +24,33 @@ jobs:
os:
- ubuntu-latest
- ubuntu-24.04-arm
- macos-latest
- macos-13
# - macos-latest
# - macos-13
runs-on: ${{ matrix.os }}
steps:
- name: setup binary cache key
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: post-build-hook
run: |
sudo mkdir -p /etc/nix
sudo cp ci/upload-to-cache.sh /etc/nix/
sudo chmod +x /etc/nix/upload-to-cache.sh
- name: setup s3 credentials
run: |
sudo mkdir /root/.aws
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
@ -44,20 +63,10 @@ jobs:
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
post-build-hook = /etc/nix/upload-to-cache.sh
- run: nix build -L ${{ matrix.package }}
- name: cache result
# https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: |
nix run github:cything/nixcp -- \
push \
--bucket nixcache \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
-u https://nix-community.cachix.org \
"${{ matrix.package }}"
- name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result

54
flake.lock generated
View file

@ -17,11 +17,11 @@
},
"crane_2": {
"locked": {
"lastModified": 1741148495,
"narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
"lastModified": 1741481578,
"narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
"owner": "ipetkov",
"repo": "crane",
"rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
"rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
"type": "github"
},
"original": {
@ -69,11 +69,11 @@
]
},
"locked": {
"lastModified": 1740872218,
"narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3876f6b87db82f33775b1ef5ea343986105db764",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
@ -147,11 +147,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1745093116,
"narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=",
"lastModified": 1745229893,
"narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=",
"owner": "deuxfleurs-org",
"repo": "garage",
"rev": "4ef954d17604eba8aafa52902cd3c573978c7195",
"rev": "3c20984a08528f1a6672c8afc83d2306a0361e40",
"type": "github"
},
"original": {
@ -189,11 +189,11 @@
]
},
"locked": {
"lastModified": 1745128386,
"narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=",
"lastModified": 1745256380,
"narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f98314bb064cf8f8446c44afbadaaad2505875a7",
"rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
"type": "github"
},
"original": {
@ -214,11 +214,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1741442524,
"narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
"lastModified": 1745217777,
"narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
"rev": "e4cf2086105f47a22f92985358db295a20746abb",
"type": "github"
},
"original": {
@ -319,11 +319,11 @@
]
},
"locked": {
"lastModified": 1740915799,
"narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
"lastModified": 1741379162,
"narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
"rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
"type": "github"
},
"original": {
@ -376,11 +376,11 @@
]
},
"locked": {
"lastModified": 1741228283,
"narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
"lastModified": 1741573199,
"narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
"rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a",
"type": "github"
},
"original": {
@ -417,11 +417,11 @@
]
},
"locked": {
"lastModified": 1745116541,
"narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=",
"lastModified": 1745207416,
"narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080",
"rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a",
"type": "github"
},
"original": {
@ -503,11 +503,11 @@
]
},
"locked": {
"lastModified": 1745114521,
"narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=",
"lastModified": 1745251368,
"narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "ff14820202442f847fd37862eb48a7cb254a19d3",
"rev": "6dfa23066faf8643ca05eac994aa14ef695231aa",
"type": "github"
},
"original": {

2
home/yt/ytnix.nix
View file

@ -53,6 +53,7 @@
toolchain:
toolchain.default.override {
extensions = [ "rust-src" ];
targets = [ "aarch64-unknown-linux-musl" ];
}
))
pwgen
@ -105,6 +106,7 @@
minio-client
nil
keepassxc
lua-language-server
];
home.sessionVariables = {

1
hosts/chunk/default.nix
View file

@ -187,4 +187,5 @@
enable = false;
dataDir = "/opt/karakeep";
};
my.roundcube.enable = true;
}

5
hosts/chunk/postgres.nix
View file

@ -19,8 +19,5 @@
}
];
};
services.postgresqlBackup = {
enable = true;
startAt = "hourly";
};
services.postgresqlBackup.enable = true;
}

3
hosts/chunk/rclone.nix
View file

@ -23,13 +23,14 @@ let
--vfs-fast-fingerprint \
--vfs-read-chunk-size 8M \
--vfs-read-chunk-streams 16 \
--sftp-concurrency 128 \
--sftp-concurrency 64 \
--sftp-chunk-size 255k \
--buffer-size 0 \
--write-back-cache \
${remote} ${mount}
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}";
Restart = "on-failure";
};
in
{

2
hosts/ytnix/default.nix
View file

@ -87,7 +87,7 @@
resolvconf.enable = true;
firewall = {
enable = true;
trustedInterfaces = [ "tailscale0" ];
trustedInterfaces = [ "tailscale0" "virbr0" ];
# allowedTCPPorts = [
# 8080 # mitmproxy
# 22000 # syncthing

7
modules/backup.nix
View file

@ -47,7 +47,7 @@ in
};
startAt = lib.mkOption {
type = lib.types.str;
default = "hourly";
default = "daily";
description = "see systemd.timer(5)";
};
jobName = lib.mkOption {
@ -98,8 +98,9 @@ in
failOnWarnings = false;
prune.keep = {
within = "2d";
daily = 365;
daily = 7;
weekly = 12;
monthly = -1;
};
extraPruneArgs = [ "--stats" ];
};

4
modules/roundcube.nix
View file

@ -31,6 +31,7 @@ in
"contextmenu"
"custom_from"
"thunderbird_labels"
"managesieve"
];
dicts = with pkgs.aspellDicts; [ en ];
extraConfig = ''
@ -38,6 +39,8 @@ in
$config['smtp_host'] = "ssl://smtp.migadu.com:465";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
$config['managesieve_host'] = "tls://imap.migadu.com";
$config['managesieve_port'] = 4190;
'';
};
@ -48,6 +51,7 @@ in
services.caddy.virtualHosts."mail.cy7.sh".extraConfig = ''
import common
import authelia
root ${roundcube.package}
php_fastcgi unix/${fpm.socket}
file_server