From 131b4b26144d3037219d18e1adda4025191d687a Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 24 Feb 2025 13:23:38 -0500 Subject: [PATCH 1/6] implement traffic control, remove adguard, misc tailscale stuff --- home/yt/ytnix.nix | 3 +++ hosts/chunk/default.nix | 25 ++++++++++++++++++++++--- hosts/chunk/tailscale.nix | 3 +++ hosts/ytnix/default.nix | 6 +++++- hosts/ytnix/tailscale.nix | 7 ++++++- 5 files changed, 39 insertions(+), 5 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 2f4374b..03e3bb9 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -144,6 +144,9 @@ telegram-desktop jadx gradle + localsend + scrcpy + syncthing ]; programs.waybar.enable = true; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index acae89a..2322005 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,5 +1,6 @@ { pkgs, + lib, ... }: { @@ -10,7 +11,6 @@ ./backup.nix ./rclone.nix ./postgres.nix - ./adguard.nix ./hedgedoc.nix ./miniflux.nix ./redlib.nix @@ -92,9 +92,28 @@ 53 853 ]; - extraCommands = '' + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off + + # clear existing rules + ${tc} qdisc del dev ens18 root || true + + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 20 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100% + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100% + + # mark traffic iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2 + + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 ''; }; networking.interfaces.ens18 = { diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix index e170e6b..17ff521 100644 --- a/hosts/chunk/tailscale.nix +++ b/hosts/chunk/tailscale.nix @@ -7,6 +7,9 @@ "--advertise-exit-node" "--accept-dns=false" ]; + extraDaemonFlags = [ + "--no-logs-no-support" + ]; useRoutingFeatures = "server"; openFirewall = true; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b936a8b..a3d4e13 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -91,7 +91,10 @@ resolvconf.enable = true; firewall = { enable = true; - allowedTCPPorts = [ 8080 ]; # for mitmproxy + allowedTCPPorts = [ + 8080 # mitmproxy + 22000 # syncthing + ]; }; }; programs.nm-applet.enable = true; @@ -223,6 +226,7 @@ "/home/yt/.local/share/Steam" "**/.wine" "/home/yt/Games" + "/home/yt/Videos" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix index 63489ae..17db0c5 100644 --- a/hosts/ytnix/tailscale.nix +++ b/hosts/ytnix/tailscale.nix @@ -6,8 +6,13 @@ openFirewall = true; useRoutingFeatures = "client"; extraUpFlags = [ - "--exit-node=100.122.132.30" + "--exit-node=chunk" "--accept-dns=false" + "--operator=yt" + "--exit-node-allow-lan-access" + ]; + extraDaemonFlags = [ + "--no-logs-no-support" ]; }; } From f5096f39175335545e6988ccfee9def3e75e101b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 24 Feb 2025 21:38:02 -0500 Subject: [PATCH 2/6] make attic better --- flake.nix | 2 -- hosts/chunk/attic.nix | 22 ++++++++-------------- hosts/common.nix | 2 -- overlay/attic/concurrent-32.patch | 13 +++++++++++++ overlay/attic/default.nix | 3 +++ secrets/services/attic.yaml | 8 ++++---- 6 files changed, 28 insertions(+), 22 deletions(-) create mode 100644 overlay/attic/concurrent-32.patch diff --git a/flake.nix b/flake.nix index 13c9409..ba2a9ed 100644 --- a/flake.nix +++ b/flake.nix @@ -104,7 +104,6 @@ nixConfig = { extra-substituters = [ - "https://cache.cything.io/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" @@ -112,7 +111,6 @@ "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index c41e985..464c8b7 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -7,32 +7,26 @@ settings = { listen = "[::]:8090"; - api-endpoint = "https://cache.cything.io/"; - allowed-hosts = [ "cache.cything.io" ]; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ "cache.cy7.sh" ]; require-proof-of-possession = false; compression.type = "zstd"; database.url = "postgresql:///atticd?host=/run/postgresql"; storage = { - type = "local"; - path = "/mnt/attic"; + type = "s3"; + region = "auto"; + bucket = "attic"; + endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; }; garbage-collection = { - default-retention-period = "3 months"; - }; - - chunking = { - nar-size-threshold = 0; # disables chunking - min-size = 0; - avg-size = 0; - max-size = 0; - concurrent-chunk-uploads = 32; + default-retention-period = "2 weeks"; }; }; }; - services.caddy.virtualHosts."cache.cything.io".extraConfig = '' + services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' import common reverse_proxy localhost:8090 ''; diff --git a/hosts/common.nix b/hosts/common.nix index a891665..748f6d5 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,7 +10,6 @@ "@wheel" ]; trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" @@ -18,7 +17,6 @@ ]; substituters = [ "https://aseipp-nix-cache.global.ssl.fastly.net" - "https://cache.cything.io/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" diff --git a/overlay/attic/concurrent-32.patch b/overlay/attic/concurrent-32.patch new file mode 100644 index 0000000..639c1ec --- /dev/null +++ b/overlay/attic/concurrent-32.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/config.rs b/server/src/config.rs +index 4412cbf..6dd483a 100644 +--- a/server/src/config.rs ++++ b/server/src/config.rs +@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration { + } + + fn default_concurrent_chunk_uploads() -> usize { +- 10 ++ 32 + } + + fn load_config_from_path(path: &Path) -> Result { diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 5e4161b..ea0cb05 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -16,6 +16,9 @@ final: prev: { cargoLock = null; cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; useFetchCargoVendor = true; + patches = [ + ./concurrent-32.patch + ]; } ); }; diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index 82b0f57..c4ba9a1 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:kwQltWs8MMEJ9SEz/EIKoMNy1DDfz/tCsCVYNkvCy3/m/o8uXtgwc/F3QKBD6Gwc4P27e7Bv1w1ZpBqwHDS5qe+YD5gEg6Z7JSXKaJlG9AAZhOOhg/Qyqib7HTw/bZQH77QVxo/KwEaHzId6IGoUKAS0kimiyqOV2UiAN0O0JZtaWIkC9WmoTcjr+z/2x4mSFJJnRzS7u4wQj6Aqnuc1fmePHcsehy/8hyhD36E9jHm60LG4MgZKC44i5U+FqlidQg1/Jl26pblbGhdWnFu52YdnuguIttumMdGJwgvj9uu6p5bHF7QSbmmx8GlMx9xG0ogq2mi/FClvfd//BRVAOd/5+fcbptt/NRfawCUrxqkUqyj/v3WSym/HtQ9+EZ07vScl4ILnswWQ8nw4UlZSjhDhTuZ1WB5iSANZYmRoB2weSPAKNWqYodwXOR4dFyuj6lJXi7lIBlUzkgA/1q+gsKS+VBhNg8TvuBPpvmN0YlkVPn8xjShM+jcQJF7aeXymW4EjGe8ctraU1cRiC3Hn8dVuODKccSqgJK0AD0SjdCXPjM+drUm5D3BLF/gLNJsEprz+Sirkb0tljapLoR1Zc9CwPeX01wmVKZq8nYqSAEwAiJYYUb0HcO9HMFbWLkw8GNIvKhoKq2NW2zo+Fxc3Wm8vTSieji4TJd8v6cmdFeE4e6i2PPr0m1zxupIvCXCi9ZUT9lvmYlM7kZK3FZYa7rW4i9D5TFsD1K7E1uRRWdqQbnY8vJxpXD7fyRuwz8cqDEyX3me5vT4fNxSbQIr0PS3YW09ijagY9kTn7PkRLDB4Zzswe4yLybWCqHVsuvUlFaOA9M9WQWTxdooHcENtJRADRFdS6fx5QTMcugGMFGYrGt37LDhE/xasGO9GpS6EpoaO81EvSMgobVqHcQlXFjk/+645g+fx9Y9sN3SOB5CBNz9BOsyeTL27coNwAvo+NOCOHZ+3rW2voiU9ybHWgujySyKqxAHZjJ18KEvFv0mWG0thuftL4+hx8sxJ2HfjawlIt/YcXHRP2CpmVICQcJZle7UUYCqDR5On/NTHzAABe4SRBunGJP/2jZ3Qg5dRkxJr0TZStCJT7TzO2R1+YafhOSJIATQN4M9FP0S3GU1e619xKRroupmBducCSDB/fUgiGoN+rGXFadPs7bZc1BmGKwDHBvJ29OrQT2oPsdUTHGo1KR/cWNIvkqJAIsa181hMgz7GiW8DwENkvlY17KOEOnCQcsLHO8Hk1B8g/kWlowPjGnvhK5cI5NvZmej5B77uNPjZy31ZR2Mpt6O/k0wtpdl03ooSdr3MsmR1oChD2oAhpvoYzC7vvhJsd7r1EGUZdo087WZWN0Chmjg/7aFDmcu/dtfkvl6lSAtFog46MgmMcFFjkEMiIIs3SmY00rrhdqWHoT4nARwQkqy3GkrAykyxyu9/WpTf77CVNiKKiLAJNpkEqPmHRYj5tXHDjw1yK/sp+TRe0vn45DJ+ZRfsySmb/5YeME/nioIBNkETh6J1hXj9BMtXyXmz1G+/RlvUDxQMOxW9UqvD3N1sukQ5dHkjiteY0TaJ05OAMSxIk7XRdomljjLA8FF+CvhH5bbpZ5IpkKYxa4IPzxBx4y5JeSpujke8nMGjV5ulqLkFchua8UQPzYABpGoDrOKmWs7ZQoUzQULbsy5INhCOiDKV82Pl6CI5zgBh40d+RKCcOLd8fCaxB3m4NiHio9+nXM7/MEIQFXrpHLrYo8WXgm1L8ik1Gi+8gPP1VcwoX4a4z0tkSID/UnZqWOCVP/URW5D563iG0xl4Mvc55xgyp6Un82higVLWmYkW04ta33pCvu/3RcEAuRAU1Z7a4dq8CacQbqTpHjNw/bArI+hxHODiAPv3DU/jfhhyn/JMDOUnObjNCWxnfpYBJu244Rgmm8CS6YSCxsswnjMmG+rHtPbaOe3FDH2RzdXtRqJ7JxQdPQcV6Pi5bwQAc89vi7WAe94IziFWFQaNDBJc68J/881cGhGikV1mCW4AV26mVbbbrUZo6frKTelBDufD4J/ISPUmCFPppc+uHhCoqdXZ+ONPP00HR1ka4pubzKz+LOQh1G6Rf6PtdfbK/g60RkjhQ/xtA0fRt4O2CIqRZ46Xmyx9jO08zJIW1B+mSpAKWVyZ+ZSqo8x894/sHLWfIsjBIybe6nB9xzLo4hbc3DQpFUNlwWZFpKEFtdNl2/Ww+U4hdjLLZpTQAPbUUjlS/jcAJT2tNMsi7ujy8xgdsbRUp6QpxE9LVl1ChiwQVwwKNHimt5sFlYp8H6j9LUuoL8kIDPRi/9govHrP39GkS294MFjyHeHhZlwfbFrHO1+UowTbl1qTh+YG9/NS3ZN1dAEJs2ZD9AxRH/6m8Cbi1LH+LzZm/0kmM4HgJLqzoTmsB5YjiWA9P6ORbdeM0+4o+6CjuihLOzmc7GMDzeidde4uvoCbKCAsJh8iTEsgGbTHvCys/qo0G5goL+DispSclZwU64tGhJb7SgZCPkl4+2+qFMgjKJ3PO7IodBqETwL3poAEknbwXCuuFNLpDJymwt9G2F86Neky/G1Npsswc6UiKJSzEvyDSR+inxlSuD7MRJu6ujuMdqtBMhTKObHvu/JxE+zVHF3aePYnk78xHTLKl2C7NAVR5/sD3tvo9uxX7SuYWjDcYYIrH/DuWhAIvwBzFEO8tsDGPfg65cF691FOQmuKHWWTJx3tNgoQYelfyoxRI8ao9dIY6Jcwf/FB1NUQr9iw/sfn+w3ojqBqpin46f6xrSc40WgrnQibEoPk1bvK6aZvXYWpdOv/7C29X6amnOBvlCvt+T4/WpXPO9qM/nu1MvFI3ZtNRnJViRRMxjw9wbxxVXPmXD5BqW6SZTI1W03IAu7hNz3aHELB8vZBaAdZ8jGRw+vYsoopjMTFNW/98HVwlRlcz4x0V0FKls5l1FI55rSHjDOLUZdsqyot66TkT5wZ7HHUIFt8MsaXSjZIKRJ166d4Z3435VKWog6LqDrpFiShwRTJpMWNVJNWQLT/7f8clvexqk7v5u6q7C7mq8rOA32UlRFKg3O9ruI8iutyhp2QYdFM6p2l256Tr+Lf3AL7hNA6GSt79Kb9DxXnBl7+IP7vQTZhUDU/hM/z84e+fYagMOMQDSQzfOIC/0H4tnVQk1kQa90pihvvo2A3y98V299kMqc68jw2xMfIIshXLsg/tqpeApSnIKcSrKX6TqHeXn9ZJe4uuzK4tYGhpYfx1ceIFWd25hIjiMrjkb5HjTQqvwrTqrc4gdJ/20J6sSn0p/aAI6BT+UqzRs2cdVMmEK6zTvHmdRnxAMkQ8NAo56UZej9YoGa7fKt5fJMVyll1muZjLp3rRDuZdBpGM4VixLw+OFou/HSdjfcVXQNTlLGIRD+WVyxX662BmvvWjctN5upNhZ3Ale9XrTmQhG2yClM/gQzKSfRi6aLi12N111vdj4Ug2iFxlg9v5KCsRSTQ416BGJFh8a1bAJYFbdd/8yCWvRt1QbdqXWKmpa5S2Ufuivhr7ajX6W+PbEG8XlnIhxAe3xTxsXuGwMhrHBzsBLXDkzZPjSIrMGznBt5+TDy2MCqqiqMepV4YHldyM3jLBPpyFxc5Ut7bT5bF/+01n894Rfi15txJnFV4YWsu2nwECnfLJtJ2iMPlaBwFqT5xyM95B9IuTanSG6UmY3hfcYwHGVdAS1GULnvdVSPFsdSCxR17pyslDARLu7uRNXe3l4z1mdmI5YX10AYphJY0lt5//EFzwNqpRtubYHwxpecaeQXlTHT1fYIz5gwnPny0pBKnqDqF4RZgl7PkSJci3PQS9R2QFNRX+3VzJ13AXE/DPzn7EcJKhajEgVAQN8vDooZ5xLjFPyqgo8hkFbDPF1554eoHm7XC+iw0SSDoLKMSsLPLGwu/jq9bBa5GTCTQ02gx1pVBKVpi/+PjXd+Vl3H7ElvCRNtUErBSNmzKSXFfCRmShZOHB2kJnyuX2IQ+6dEiOBAztx7mBFsmwbC0xvmnBwWx6nn6mbeY+3P82dLrkd8j+uH6bnuMz4rXLc1wonmLSxOQLArUVRDRls6Ng0nDw5VYgX08dMVlJ+NtBL4ra3gbM/CVIddIBRWbgPXttUZs277I2SaZ7KdCrO3pZo7WIApy9akeL2hOGR9kvLBn8uOw6mW77BjjAqH2rVTlfUbb1inAxyrUe6TGHF4uCTavE2Yge37CAFnUwChwN9M84oCfiq2XEM2+CARzhiByAvyFihLvZtrUaUq5le3g1ay67XbCYQ67l+Lrkm9Ktdt1nLEG2lnBuyFDSwnBIPH9KbWw5YGBMq28Gvadjo/3SmKsFaEuh43aiYbB3t9klBi8fpS1Blog0vtPlJC22sLu3u9OkRkeHXwxw5I4ta2E2ii0ZB8DlYmgrYJ2Hn3hwwPQMwdCXiGRBD70PJrDJV2hMitFP9QjW5Gwj5UGnjaPRK7M1x2nai16UAJ2yg7/s6lX9uldEC0JguvvcqRJ1ZlvT4IYRJSlafdb2YaLkEhitMsY3gSEgjkQ+d/qCCv68PdhO8orozBVRqXzAvGuzGAmuD3U54J6/ADZWikKH+5tqhb9DqaD2Q5SGgPkqai1rlkohkS/HBn7cKGKiHHDm1Szv+pUNX3sfFcwV+2H2nfBjZeySd60aU+DFnVGCv09WA4HP+gD/sC8CBuke9pTnGRkzYQICFDac+6eNGNqt16ELVBab6K+ahQNfE1Mpf+saYTpiMVXw/UM+qUvQi23FjMd3bXbNQoiu+KLt4EA2Hx5ZTp0htPrUnDQtcSsdcEbFK/oIDvzZMhSAaO9XA7AjoTqaEFoR/vVWdKaDjI4gVmdogf9b0BHPg/jGM1Pc9mM0RKh93xI4xZwT6PR73raRjRSIkle/uqSyI2Al/pWTXYioPFeUDhsfBmuRzvHXa8Flq+Cjz9XzPi2n3NK7BuM8+ZayNL5K5VtRrL8xPeWy2spIYJCxAqAP/ES5BZ6WmBKxZq2fKMh3Oigt9CStoChjTIZmx8Nn/QZ6QWfh3feQR4VN90LAEjpUn2dVM3R0I/r5gr9hzeh0Tgg4HePcO5U+zhTU4UcBbTVFooyCVxud71EBDs6BdaYzq8mk6ge/kEeyDkOv30dJXyI2039AmwTwvyMaFThUDdAkgfG8UwvYEzrvBfVFsFM9/8NP3w9RPMm4ebvbtgKTloEpIoWUViFT5YhH6bzFJvqJw2czk2EFyzHKfhijMO+6gJX1at21NolNeaFHPvSnD7Arbmv0p1gY60+aSUbx0Cp8DHw5mkRC1r/DC2dJJ1qCwU1Qghyz+/fmrZr0PspTxH8bxJFsVtJ/zdjqi1Ci8YFGOrD8OtIIYpCmQF8cGXx3lyrGKn65xXEegBwRbWh5lQ8WqvRaRWaW+lot0LtpK1vUYJUzPlZTliUYEoujOhTMCPg8LfeUJauvVULo2HT8GTEoWJ8LY+906g/bOqJfukTHHCmwGFaDEtceKyD8kGa2Q1ckHmdh/UnoX/AX0la9ICmCuEDXgbBAoKzMhLEiFpo98Q2XIMpxRRVcDUa6Ovu5gnYYT8xOeyHr2kgsQ2LRjL7fxDGAMMuBkO3szFn4H9f367F0Knbz2vcolt6AlVpfhcMrqPIc0HFVAgLtdxYGm49FWkDiGGGggfRd/pJLX5FD72C7scYTLFP0fxYN13D08U72FcOKcapLLMSETfKrh5u9yp3MNqDqiuhZ+tEnowVkM2ChdE5ce7DdHyS6Sth5MAcs2Z0Nfs2d8wMxQv15dOreLpXGkh3HbEcxZFIZNbpNiJEIp93EgQRJ2viCVJ4CpoMFFzNpARspASxAB/gBS3QsCaiAtv5sEOSSkkNA+P/b/z0iU5gGXyzbGVl2HqW51YxSYvT+gerHwLSLwZoJ/lGGEvI1LwZ9AbxKEIiMp9aSBFea9ZvgLITkZHNpO3QeWXJ5NqdADyRq0d5dSmEzRt8ACEVhCDNxSVrUwHYJokILjjHB0xx5FG2xsB9gaqhB0ZNlA==,iv:cE8zuRVAWVt7sLgnJsiTgwq2CpSsX4cQwIbYAeEv7iQ=,tag:j+VQnlNKapT3eTq4aPebQw==,type:str] + env: ENC[AES256_GCM,data:0qElab1fenlFSuj5GnLIOeSZkj2JX4n+idEg4kwoAoulBG3RxFzHP8zcIW1aDBG3E0trFjdTsrhaIYrfLijgQeDe05kJVJkiLM+wNZGf6w18n90/zDlpbOk9ZKSaqqsqxZ+XItW9Z8VTd2ieTlh75cedBjOaqJkn+DjjxV5YvyqPFJ69xjsbJbt5zWfFeudObiPmTJ1mdto9mMkPAmy2lgUFoXH72tRbkSNqEppylmbuiUF0tO8bpTuAa+o3apcv/tdZkvl6EV7LjTcOWBSkT8OhpGjykdiBLnJmX7yGjPSATbu+RGCkS5ZVCDG0el/RmpgrSZ9uPN6IqZPiop2bHZkAFKM7XBVevOTNmmjMLt+u3yzp5Mk/WdOUEK9vQfMRxperyQhYYtIxGEr/RYpTfV4xO4uW8GQzIg9PLKLrBeHrOrivJ8W83TlzQiBvbTjMLpmh0GFwNHMBNESNrY744PFPYJyumKBTWSzvVtDT6/bWnbmUI4SIbkCPySqu6hqHJDZbwX41oQa1yn3/CnehvAaqelbNbpiOYaYa36HxCpdSZBgiXlAGhQAEgk5VhbqpoKE8OjBdORscB/IT5OXx0dBkiOeYpiCu79LaOkxgnEVWqckwOJLJptvpZGoP81MaYbyLYbxfUHywRKMA74RG4XEJgx6YPmIn1/yRZO4y+BLhNyfTGQY7P6qPVlh9wMwyzXZA2roDLbS3hiJjFaUoOViMmmhxKveBhXQ7BCYspGD0G2L8FkkqZSNRum+LRyI9okMMrRCShz35sIoO4KLcUIq/j/RUdq8tpUy0VPIxjwHVDZ54Ehg7sVdtmJIlO3apCVnSdU+Er8gLwPuOBks6HhdU9u0HXK5Q4xxRcGnmrbdrRlVvauHceyJM/r//1Vgf+0dck75a4I8k6Hh8Pe8uKT3SxQW6Z/xhhq2QN3uE4tKGitpscTVgqVDlUCbMye7b3vjSfXkNiFtp7p9wo9K87osnua0ba3KCgqEzAAT6eRnlVZp/Dq5RaP4IOkYp1F919NkDaZX5t+M2DXvKhIC08nbdqSu6vxRK4KPksUUaYja6w8hjgWsN7VAYH0nKLSOZN8fGF7nNgxLqnh+2bKEQDOQ/Gn3sr/xKONcheKu9RXfoMng0Vd1f+Udg6p6049t9AcHkY2+gd6Cm4fmyZT0Ym50kh63eNI/knDmV/WwOTGld/XcCNwUDbIZl2EHS23rVqoy4XhEHgHIrdN+wh1+zhMW7ZeTBFSIHxYfrziEM33hDQKYYxywWt81tMYjcx2nYKqep1IRuL/9IillZuJ2GTNwidPVFjxgG3/a+0/hghSMr47t/x8EO2YlIoaKkCitkNiRX/4z3t6bfO1UmXxS/hNriFtpXYBVE+v5RHG3ttatbWUxGYU/tSR3at+GJAm22lI7SpEp4kpsLEc7bCNB8m6wqD1rLJ9xQbPqgA6CqTWBCAkVyts1H9QBsRMEJRsleqGZzkjb1p44lAgLUl4YnHCaLWN2En0GmQICetuvl2YecURlXNw6eF166vALvrGB5zGAFFrv7VPIP84okU0yPoxqi/zv0QIl+1p5/avgfYRxhSigeG+caYKs0sqnw5Or7nSh3uwggkt+QvPfXvuzB5P4O2KZOgkziZngeoExLtQSJbZrUuM+qhvt0CiB9m2JyKadSUbBf6mbafSWh6gKTdZRbarWbrvwcEB/b0nBGtNz9QlXcX2msaw8gqu97FVKVtXWAXv7P8Tne/0evb4U7CBCxU3FwsNHIy9VGdbsAWrfHUtYr9NyU9Yhjrncrejbp/0ok08XC2yJ5Lx4fqpibCOD2geHkmTS1EWOMRXqaE1rtroodpzXffzXv/CUXZngH2wc1Jc1NhnTmD/NYA1QviR+wrQGBxrCUz257fER5tYGp7MKNxIEiDPvXBC4SF8XAweoQpMzXof9RHn15CMtNU8+gf9LAltA+H7OZ9N4qyW9R9eXDOOrTW5wNthXqXel+GWSYi2H9H04b+Wf+bG7OwKd2mTpJJ6CREbX7tItBybjH3d7EGU1DGD7IYJhw2IaduqnSywyqgywT1ge07hxziU8E75bpPBDbB4v2+XWBPYItnjAj2BZxBdOIrCTmrMuaewynOAKtHPOn9v/t3wN9pbfEUbFraZGCVytSMJR0lWbhUm28ViO3EHq3DbhVIOLaMimd9Op/IIxjWrcmIvBXT8D/kM+pbYRc4vhfZQXfhFSwmTi5JHTgtaF3wEl8VGMfMLo4fqUz8nrPwJtmvNHP6GvKp9eqrBCtSjvzYD4Z1az9lgQit2rS+fv4XSynNeEZ/IYlDCJDHRCMEKEcJAIxCWRLlXjHMdfWYAMDBCpdrUxFuGuES5/7T0tZS2NbG/n7rMGExJwgAjzbWDe2N0cxegDREJMPJkPq7Q4MzhcmXhvigUYF/qkkpAkaYql5TUIQeWiIu5QsDwdbmED+6X84qKbsPRZ+8vJ9VJSnxMbrV8eU6ao0iWUceRqETiE9f3icg2SsP7n9BlliEUzuGcvW6lhAwHVwaGbhH8t15iggCfbqL+sQ9kTlda+oFC2sxQ8h3gi/kdffsgKCYwSt30RFojlVgWEZ6zMoHS7jo3EItYx+8EUeIfUwkqSRWb+mMb62cBjnWo9M9pK4m7iD85zAnzdLqzTqj6E+tzRhP/SXAo6HW2jIx502tN35MYBBnhmnxlWHGhvlAG/ItP0N2Jq+VuX5XF9HU3teXuaHVZVuo630em0L5YsyyUhyRGRQuLUpTwcvXFO9UXm2p+XpKshCkbCLxO7rgpg06vvJ4/AKrpVbTEDliMr1e4YL28dKc1jDRzjmhGUqDavnCi98x0Z9I4xuC52P1RHhkwEHgGu5ii7LsIpZ2vM4R8vbp+0zWgJzjnimMGZlAqrJlGMhNnqpv3/tk63ADCBkeol10MNxTBAJKrmZXtVXUxEX1GcFUdjFvOEz8vrgm/ide2t9qYfAW2CgJnSnUJdSFiOq8n7EeH70PPpWTwQ7HqncK2J966MmUZom5Flth8rIb8tN+m9WKytDSAhIdBL6z13kaaUiEpw+0TSb3tFSGlkyPyIjgwMuUplrBczQ5r6sfwbF9jt7SLpOU83OhSPepGmCqNTeym5fJK/0h4ypZx+bjvHSM/Wf1l/N5gcq6INLmtsZqPFIFqAqZL3fGCBTRO2ViERAccTHMN8VEEk42vW3PPWx8H6QEkNK/3tHwhdndrnmvq6wBhMbKF7i/Y3n6wy6LnSVWrB17qU1ZpRSGtraQsbUMm4fksuhZBOqPZKsyQAu+7qBs7I4NBn9u2PklZ4BZuhca/hzqWfW8tHtSy6iWIwS6lTwjasC2hZ+LEepINK10bWK9nm7m7fETFukGYgLgKGXgj1lca6G/dYidc1UHE6sLYlgHmLp+GTv1Ajup/jr4oll8AEtp2QEXTQRAVtlPSgqjNXluNL00EVG+YXuOhjh6iuA7xHIq3mg3UR6sDOW6v3h9Iaf5/muVMhJb/2srx1mjRIku0QUzpxyT9jkKQFrzyi4uxqPUJBstIEBToZCQa8ScoGmW5VS7l55M4LPRyMU/JJsa7G/IDD/IbCPLlKh+yUYbCkYupbU/SyVrJoUeiYZHfzrJWXeKKte2/4CQD2MYkV/IY/K8w5T2io0/6gdfhRi2xnMpUoqAMy8ow1wGtpJyDbkXEj+KrX2jk7nSIHGes1gbmN5ayVg2WDiebERJjZBvoLt/aiIwbzSoMKUiJuNzQC9akx7qisOnFhHsKgX1aoefBFw6Q3ChKP/z9cdBpj+jIvN/yjA1fNxpdlmXRitx6Hcum6LJJw129P43MJOVNNgX0if0P7arMJOidxgIg3oB9fEEhan6tCVyLUJUH4saGO3CoVyFA2NLqOZtAQcNzadR9lQaQnqtr3V6iHcv0IgAEYde9AdO1dDkA6OQQY8H8ZiDz0dYtsYR8L+pvqgMiMo2smGFg2pnScyNTypL5PEPJdy4dx8UnMbg8BHgnGMVcXbpTACGe3rvJzwdNyPPzisvn6fJGcSQ8A2G+SUIJLxxxQ5XQMAjeSTmPoWS8DTB7g/vNXD62XoMs24HllzcksUiBJtkbl57FL1BKcwtZesMeoV1Rd+t9lKk5UBiBjqAYYRk+BNWf7LV9ue5y1K0MFPcfB92FPrYPT1LbzZZ1lLRNr260YkBiKVQYhkMmyL1OkCpIGdOKB4fsuUETlA1+KIOcXVuVgWxYkqGcAu49pb0OICjjfXoqM7wuoqttz2GzsQrvyJ+fjzRIIxiEWmVw9v2wrAE2M1aWbA7RAWYAIpy25YrW5MATt9ZWOJdlhqfZOECtwSzn80ohD5+ysmNUqh950EhTvAxqeAO/6PfTXK9EVZM7oMfjrEQ5fJYbJ21HU9kDJjIuDxewr46um8VPrj9oVowhacY0hOo38DpZEd6BvezGL1yWFnZ/s9O7A3I3/6z3Xs/GdZlqPW8pcih7OPeAqEV/E6fQHx4wAAUgIjn72WDcaes/O7SwpM6T2HfRkxfobq1tFeGwf2PNq+74EpVJCZDgjJwqPmFrrwIPxkLWD66/hp0iGEBPtfGRHCFk8PzlccTZeWYZNTOS62g4m+sHugwTMtwk1VCa1C4VNijHa7yJPfxiI1dnmS98CmIHYX3HL+NNk9S9t5w0DG7bJzfbuEgEyOcbBOOq2RhQXyBNT4Pb3avc2CzHKPxxdhiLBKEMBIp9QAQsj9sL3bFxlhU4LmDDsu8ZoTvpfbbTB1YD9gx5yOQamRuyjkErHmGizNYhemMaQszvxJon0u/+tHGMO7vyK3Ex5+apIgEFrMGwvOUTwMFMAY8kSOcoEV09y90BU9oeAjmsUQhZqAvAb3GBLEPhWc7I9cAf7vPXw0/tH+fVUAI3eYdDh5GX1pD8I3Op88LljAk8USu4eBffESKfu7A3s0OoSpQw5ptwkWR5n45TPU60pP+82T98OKQoYJ5BwUuvAjJXwU2gfLikR9SFWoqpYd/5xx3ZKoXh374P8purIDwav7YHf+AWWz2BpsDof81Eplqr5O3F/iKvnBTftOmEXYkJH2ymkUzsCUf1liuafb1kLJ6UWrtR6ieG64MMYPv3E5ok0XEkvKAYqTa4Ux8XWOqBVq9qosuTAKuaYEnaFwK0TRefzJBTJuQCFOZnCmm6erQ/ee9pcXwRNyu/ODWwBh0U5e63PlMbbMrCMwuQtOW95U6ysmJF5Cg1pRsHwRmhOhQfIQpiQx5xQZXEr/xNSFPc7dTzrzPDszOQs9HZM57YDs5hG8gboiG5hLQ1Ly/j6jP5zli0zSd1FTMA1/f8V//emhAKfS5V/J5+N4WEMMf2PZo4/E4fn9qo6q9yv9AbikxsQLmBlf+P8ZS79dJdM6tulMyYutbEhrh2oQyDJiERd+hWI7xgU6RPXmyWGzyc9ksUaPIeZdyD4s13tq9KA0GtfpjFmY2TUxSd2qaAFDqbITkZhGGFaJr0TcJUavrSFpWMpqLGjPaxqefqVdAnPp1yr/CplDVo1amO1Uhbfx9Zhmsvmv5w3kD3s0q4K3sFaW38Chbc1o5U9SiKMhenTxqthsZ/x4AH+kB6FDEH5mLQ/SZb5EMwL3wpwc3EigXiJVZhJWeTOOQyodLQTBZpxK4KIa8j8vJaY8Fk2BxHg23H1JxqP2Ryhhof/Pqt2CAJL0XiUjL13xPqPwNrpthdVZhG/Ty04qvsXUjnrVsmgYb4KuP074EZzylczRllKGANPVNfyh+cDH4HAi6yF4RlZBrOMCSLP1R7f86mFn9x3oA3/7UkjZp502EF7TLa0l7n5rMgl2pbaapKKsw9NmCnbJUqjsjwAYiYPgYa5wVUgP9YJz3Ju8wIxXtezMtFi/IJM50B1f64Q+zvWMi6zlwdOUmCHVaZ0I0u/8Wc4nsIjAZ8kgqUXkmwkBlMoWBgzifvs7EaP4AqPPZlSEh4cAMsrP3WMmnIEasooq/HvtAIsKg+pI7qK/n1aJBKVhQkBNrQQJ+XNKLFQddf7Pv28bZdcCjwDgvOwRig==,iv:XGLs0HSedykhhCR2fB0QdN/LmGkNHwA8pnVGG9ZNNp8=,tag:RRjtMpklT+MCgEDsvwyXhw==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-05T10:45:11Z" - mac: ENC[AES256_GCM,data:iigwuhn4wm2NIRBymwslUKiljbrFzbEsz0UZ9K/YeEX4FU3oy3gY2j8qP+yd7qISdObxOHs6AtdMzx1KcTK4CHhoI3vJ+aYKBwmaNvM91Dgbz71f01IUql/+ZGG/UqqgkWpvac0bERDPW/ypXJM/g9YpzocqWb9bxyfUDRvxkyw=,iv:zI7CsVegQC5STNH3u0hIC/YWXTfNwRyU3JJ1hn5I3AU=,tag:h/+KCpAmnNXORHLcCyldoQ==,type:str] + lastmodified: "2025-02-25T02:25:40Z" + mac: ENC[AES256_GCM,data:LT0NJ2wwGkomokQSQ/iejmhmprS0I5ec3+k2BC0ni7zWFqMCTpNGpSNivOXZ7zVHKJMDgyabDzPU+G8qYIlL7hbY9QP3slt4TqwnF/xJkwIEDwDjV1eDM9QOfBzb5PTqbDpRv3I5oNa9d5viqVggwG7NoZA/j/Y+U5/aE4pVOuQ=,iv:I01C/Y98apE039URvIfnykaHFXOUO2UB6dgJQjj3QH4=,tag:qvVGltx2sE5wdyehF38EhQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 From 066c0a5a740df3d70c9ed1aef52c5340b6e71246 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 24 Feb 2025 21:52:22 -0500 Subject: [PATCH 3/6] update attic cache keys --- flake.nix | 4 ++-- hosts/common.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 13c9409..85063f3 100644 --- a/flake.nix +++ b/flake.nix @@ -104,7 +104,7 @@ nixConfig = { extra-substituters = [ - "https://cache.cything.io/central" + "https://cache.cy7.sh/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" @@ -112,7 +112,7 @@ "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" diff --git a/hosts/common.nix b/hosts/common.nix index a891665..f2fb963 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,7 +10,7 @@ "@wheel" ]; trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" @@ -18,7 +18,7 @@ ]; substituters = [ "https://aseipp-nix-cache.global.ssl.fastly.net" - "https://cache.cything.io/central" + "https://cache.cy7.sh/central" "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" From d76a9f7f3a5839aa59fb88c0e9d6b886db2b821b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 12:39:43 -0500 Subject: [PATCH 4/6] also traffic control caddy --- home/yt/ytnix.nix | 5 +++-- hosts/chunk/default.nix | 37 ++++++++++++++++++++++--------------- hosts/ytnix/default.nix | 2 +- overlay/zipline/default.nix | 3 +-- 4 files changed, 27 insertions(+), 20 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 03e3bb9..c3a0414 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -147,6 +147,7 @@ localsend scrcpy syncthing + obsidian ]; programs.waybar.enable = true; @@ -189,12 +190,12 @@ # sccache stuff RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; - SCCACHE_REGION = "earth"; + SCCACHE_REGION = "us-east-1"; SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; - SCCACHE_LOG_LEVEL = "warn"; + SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2322005..826b128 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -96,25 +96,32 @@ let ethtool = lib.getExe pkgs.ethtool; tc = lib.getExe' pkgs.iproute2 "tc"; - in '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - # clear existing rules - ${tc} qdisc del dev ens18 root || true + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 20 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100% + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ''; + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ''; }; networking.interfaces.ens18 = { ipv6.addresses = [ diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a3d4e13..c329115 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -92,7 +92,7 @@ firewall = { enable = true; allowedTCPPorts = [ - 8080 # mitmproxy + 8080 # mitmproxy 22000 # syncthing ]; }; diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix index 72ec089..b114119 100644 --- a/overlay/zipline/default.nix +++ b/overlay/zipline/default.nix @@ -1,5 +1,4 @@ -final: prev: -{ +final: prev: { zipline = prev.zipline.overrideAttrs { patches = [ ./no-check-bucket.patch From 1cadfda410d3242dc05c3f93fec50633ea902882 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 15:48:18 -0500 Subject: [PATCH 5/6] backup: don't send ntfy notification --- hosts/chunk/default.nix | 3 --- hosts/ytnix/default.nix | 3 --- modules/backup.nix | 18 ------------------ 3 files changed, 24 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 826b128..e565100 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -31,9 +31,6 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/chunk.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rclone/config" = { sopsFile = ../../secrets/rclone.yaml; }; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c329115..440c30f 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -17,9 +17,6 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/yt.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; diff --git a/modules/backup.nix b/modules/backup.nix index 52913b4..2715deb 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -6,7 +6,6 @@ }: let cfg = config.my.backup; - hostname = config.networking.hostName; defaultPaths = [ "/root" "/home" @@ -97,23 +96,6 @@ in ]; # warnings are often not that serious failOnWarnings = false; - postHook = '' - invocationId=$(systemctl show -p InvocationID --value borgbackup-job-${cfg.jobName}.service) - title="${hostname}: backup completed with exit code: $exitStatus" - msg=$(journalctl -o cat _SYSTEMD_INVOCATION_ID=$invocationId) - - if [ "$exitStatus" -eq 0 ]; then - tag="v" - else - tag="rotating_light" - fi - - ${pkgs.curl}/bin/curl -sL -u $(cat ${config.sops.secrets."services/ntfy".path}) \ - -H "Title: $title" \ - -H "Tags: $tag" \ - -d "$msg" \ - https://ntfy.cything.io/backups > /dev/null - ''; prune.keep = { within = "2d"; From 8b53c43e26392481f432f024df56f01949349fce Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 15:49:07 -0500 Subject: [PATCH 6/6] rm newsboat, add syncthingtray and cleanup unused stuff --- home/yt/ytnix.nix | 46 +---------------------------------------- hosts/ytnix/default.nix | 4 ---- 2 files changed, 1 insertion(+), 49 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c3a0414..ddb2212 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -19,30 +19,6 @@ }; programs.home-manager.enable = true; - systemd.user.startServices = "sd-switch"; - - # keep this commented when using plasma - # otherwise "system settings" in KDE will not function - # qt = { - # enable = true; - # platformTheme.name = "kde"; - # style.name = "breeze-dark"; - # style.package = pkgs.kdePackages.breeze; - # }; - - # this one too - # gtk = { - # enable = true; - # theme = { - # package = pkgs.adw-gtk3; - # name = "adw-gtk3-dark"; - # }; - # iconTheme = { - # package = pkgs.adwaita-icon-theme; - # name = "Adwaita"; - # }; - # }; - home.pointerCursor = { package = pkgs.bibata-cursors; name = "Bibata-Modern-Classic"; @@ -56,7 +32,6 @@ ungoogled-chromium librewolf bitwarden-desktop - bitwarden-cli fastfetch nwg-look kdePackages.gwenview @@ -67,11 +42,6 @@ signal-desktop pavucontrol btop - grim - slurp - rofi-wayland - rofimoji - cliphist jq bash-language-server sqlite @@ -88,7 +58,6 @@ pwgen lua-language-server gnumake - foot minisign unzip lm_sensors @@ -125,7 +94,6 @@ radare2 p7zip qbittorrent - # vscodium nil pkg-config gtk2 @@ -147,28 +115,16 @@ localsend scrcpy syncthing + syncthingtray obsidian ]; - programs.waybar.enable = true; programs.feh.enable = true; xdg.configFile = { - rofi.source = ../rofi; - waybar.source = ../waybar; mpv.source = ../mpv; }; - programs.newsboat = { - enable = true; - extraConfig = '' - urls-source "miniflux" - miniflux-url "https://rss.cything.io/" - miniflux-login "cy" - miniflux-passwordfile /run/secrets/newsboat/miniflux - ''; - }; - programs.direnv = { enable = true; nix-direnv.enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 440c30f..296335c 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -20,10 +20,6 @@ "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; - "newsboat/miniflux" = { - sopsFile = ../../secrets/newsboat.yaml; - owner = "yt"; - }; "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; };