flake update

Signed-off-by: cy <cy@cy7.sh>
also traffic control caddy
2025-02-25 12:42:34 -05:00 · 2025-02-25 12:39:43 -05:00 · 2025-02-24 22:07:58 -05:00 · 2025-02-24 21:52:22 -05:00 · 2025-02-24 21:38:02 -05:00 · 2025-02-24 13:23:38 -05:00
19 changed files with 227 additions and 261 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,21 +1,5 @@
 {
  "nodes": {
-    "anki": {
-      "locked": {
-        "lastModified": 1739471491,
-        "narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=",
-        "owner": "cything",
-        "repo": "nixpkgs",
-        "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cything",
-        "repo": "nixpkgs",
-        "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
-        "type": "github"
-      }
-    },
    "attic": {
      "inputs": {
        "crane": "crane",
@ -220,27 +204,6 @@
        "type": "github"
      }
    },
-    "devshell": {
-      "inputs": {
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1735644329,
-        "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
-        "owner": "numtide",
-        "repo": "devshell",
-        "rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "devshell",
-        "type": "github"
-      }
-    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -478,32 +441,6 @@
        "type": "github"
      }
    },
-    "git-hooks_2": {
-      "inputs": {
-        "flake-compat": [
-          "nixvim",
-          "flake-compat"
-        ],
-        "gitignore": "gitignore_3",
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1737465171,
-        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@ -549,28 +486,6 @@
        "type": "github"
      }
    },
-    "gitignore_3": {
-      "inputs": {
-        "nixpkgs": [
-          "nixvim",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -578,11 +493,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740318342,
-        "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=",
+        "lastModified": 1740494361,
+        "narHash": "sha256-Dd/GhJ9qKmUwuhgt/PAROG8J6YdU2ZjtJI9SQX5sVQI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca",
+        "rev": "74f0a8546e3f2458c870cf90fc4b38ac1f498b17",
        "type": "github"
      },
      "original": {
@ -639,11 +554,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1739186342,
-        "narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=",
+        "lastModified": 1740440383,
+        "narHash": "sha256-w8ixbqOGrVWMQZFFs4uAwZpuwuGMzFoKjocMFxTR5Ts=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660",
+        "rev": "6321bc060d757c137c1fbae2057c7e941483878f",
        "type": "github"
      },
      "original": {
@ -699,11 +614,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1740318097,
-        "narHash": "sha256-lCRwHfZqpXO/Q98WCTD0eOWvKpA2J4ANLxrDzd3aWJw=",
+        "lastModified": 1740502011,
+        "narHash": "sha256-H5itHYNtWHzM1nlZozYfLvN+CHRL3A95uO8qKBNx7Xo=",
        "ref": "refs/heads/main",
-        "rev": "aaab224bea76cc6882884f9223b4bec2a781ebd4",
-        "revCount": 17460,
+        "rev": "ffe2dd40f4fae2d8f0ff94063c8522efddc2a3e6",
+        "revCount": 17493,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/lix"
      },
@ -779,11 +694,11 @@
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
-        "lastModified": 1740326457,
-        "narHash": "sha256-C1tiPRIXI6Z5vd3pz26/JQ/p+VaG2eKD6PNk8ZqFW1E=",
+        "lastModified": 1740480783,
+        "narHash": "sha256-5l/WnJ4BELbckzTd1rmTlEGbcqBf71K2tx6pCNb2xM8=",
        "owner": "sodiboo",
        "repo": "niri-flake",
-        "rev": "23b0234ac1b03709a0cec40e84d293f083859dc9",
+        "rev": "0da1abb83ef2a37fd885de79730759486a407c41",
        "type": "github"
      },
      "original": {
@ -795,16 +710,16 @@
    "niri-stable": {
      "flake": false,
      "locked": {
-        "lastModified": 1736614405,
-        "narHash": "sha256-AJ1rlgNOPb3/+DbS5hkhm21t6Oz8IgqLllwmZt0lyzk=",
+        "lastModified": 1740117926,
+        "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=",
        "owner": "YaLTeR",
        "repo": "niri",
-        "rev": "e05bc269e678ecf828b96ae79c991c13b00b38a5",
+        "rev": "b94a5db8790339cf9134873d8b490be69e02ac71",
        "type": "github"
      },
      "original": {
        "owner": "YaLTeR",
-        "ref": "v25.01",
+        "ref": "v25.02",
        "repo": "niri",
        "type": "github"
      }
@ -812,11 +727,11 @@
    "niri-unstable": {
      "flake": false,
      "locked": {
-        "lastModified": 1740251548,
-        "narHash": "sha256-53kgDwNYEPIZadX5SEk7+OoTXycHm1QUF7x2XCoo9+U=",
+        "lastModified": 1740476031,
+        "narHash": "sha256-8YuYgIzExIAenYMaSQTP7zYBzaJPN83pGRrcwQCochY=",
        "owner": "YaLTeR",
        "repo": "niri",
-        "rev": "bca65452882e1e616045e21a0a9a4a0b7024239b",
+        "rev": "c153349c62ed44762bf2ae8be6d5812faa9d5c6d",
        "type": "github"
      },
      "original": {
@ -866,27 +781,6 @@
        "type": "github"
      }
    },
-    "nix-darwin": {
-      "inputs": {
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1738743987,
-        "narHash": "sha256-O3bnAfsObto6l2tQOmQlrO6Z2kD6yKwOWfs7pA0CpOc=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "ae406c04577ff9a64087018c79b4fdc02468c87c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
    "nix-filter": {
      "locked": {
        "lastModified": 1731533336,
@ -932,11 +826,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1739790836,
-        "narHash": "sha256-ksegG5wSllKmBqId/BtHVje9E5s0I+uCWgiFeLv2RzM=",
+        "lastModified": 1740390822,
+        "narHash": "sha256-UnMANgi2Zf4gf4p49cXM4fDRrPEpN6oJJMXT4Z2BW/U=",
        "owner": "nix-community",
        "repo": "nix-ld",
-        "rev": "36420e7b304b5071da5eedd176c0a567fd821861",
+        "rev": "4c86e9f94553bceba004c48be6f2691971d2a6f7",
        "type": "github"
      },
      "original": {
@ -1043,11 +937,11 @@
    },
    "nixpkgs-stable_4": {
      "locked": {
-        "lastModified": 1740162160,
-        "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
+        "lastModified": 1740339700,
+        "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
+        "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195",
        "type": "github"
      },
      "original": {
@ -1107,11 +1001,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1740301968,
-        "narHash": "sha256-eDAiNagpMExcLoSIgjdef2ZYyvjuy1VTF8r9OZXCMGc=",
+        "lastModified": 1740500346,
+        "narHash": "sha256-4fO8s2ptZODefFbdyCuxR3MaqZs7U9A+Q1wak0SkJ4o=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b7fe81518095c48a8ba94fc7cfe5c0fc8370851b",
+        "rev": "d4d7eaf04bb369b178ad6eab68e356056aeaa952",
        "type": "github"
      },
      "original": {
@ -1123,32 +1017,20 @@
    },
    "nixvim": {
      "inputs": {
-        "devshell": "devshell",
-        "flake-compat": [
-          "flake-compat"
-        ],
        "flake-parts": [
          "flake-parts"
        ],
-        "git-hooks": "git-hooks_2",
-        "home-manager": [
-          "home-manager"
-        ],
-        "nix-darwin": "nix-darwin",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "nuschtosSearch": "nuschtosSearch",
-        "treefmt-nix": [
-          "treefmt"
-        ]
+        "nuschtosSearch": "nuschtosSearch"
      },
      "locked": {
-        "lastModified": 1739902813,
-        "narHash": "sha256-BgOQcKKz7VNvSHIbBllHisv32HvF3W3ALF9sdnC++V8=",
+        "lastModified": 1740432393,
+        "narHash": "sha256-uXlB7bTlrl0q2jryKMSRlU+GptkVJN7PTsqdKkaFg1M=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "0ab9947137cd034ec64eb5cd9ede94e53af21f50",
+        "rev": "53f9d242ffdf0997109d0b5b8bbbcc67a4296077",
        "type": "github"
      },
      "original": {
@ -1281,7 +1163,6 @@
    },
    "root": {
      "inputs": {
-        "anki": "anki",
        "conduwuit": "conduwuit",
        "crane": "crane_2",
        "disko": "disko",
@ -1330,11 +1211,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740277845,
-        "narHash": "sha256-NNU0CdiaSbAeZ8tpDG4aFi9qtcdlItRvk8Xns9oBrVU=",
+        "lastModified": 1740450604,
+        "narHash": "sha256-T/lqASXzCzp5lJISCUw+qwfRmImVUnhKgAhn8ymRClI=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "f933070c29f9c1c5457447a51903f27f76ebb519",
+        "rev": "5961ca311c85c31fc5f51925b4356899eed36221",
        "type": "github"
      },
      "original": {
@ -1426,11 +1307,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740275623,
-        "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=",
+        "lastModified": 1740448507,
+        "narHash": "sha256-4NsNG5lxS+r5LQ9QmT8xC2VQCN6BeMBnWzxTF/0r14U=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3",
+        "rev": "b0bb3351351155e341033b05fffe0a0c9b342ee4",
        "type": "github"
      },
      "original": {
@ -1442,16 +1323,16 @@
    "xwayland-satellite-stable": {
      "flake": false,
      "locked": {
-        "lastModified": 1730166465,
-        "narHash": "sha256-nq7bouXQXaaPPo/E+Jbq+wNHnatD4dY8OxSrRqzvy6s=",
+        "lastModified": 1739246919,
+        "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=",
        "owner": "Supreeeme",
        "repo": "xwayland-satellite",
-        "rev": "a713cf46cb7db84a0d1b57c3a397c610cad3cf98",
+        "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d",
        "type": "github"
      },
      "original": {
        "owner": "Supreeeme",
-        "ref": "v0.5",
+        "ref": "v0.5.1",
        "repo": "xwayland-satellite",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -100,14 +100,11 @@
    flake-utils.url = "github:numtide/flake-utils";
    crane.url = "github:ipetkov/crane";
    flake-compat.url = "github:edolstra/flake-compat";
-
-    # unmerged PRs
-    anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248";
  };

  nixConfig = {
    extra-substituters = [
-      "https://cache.cything.io/central"
+      "https://cache.cy7.sh/central"
      "https://niri.cachix.org"
      "https://nix-community.cachix.org"
      "https://cache.garnix.io"
@ -115,7 +112,7 @@
      "https://aseipp-nix-cache.global.ssl.fastly.net"
    ];
    extra-trusted-public-keys = [
-      "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
+      "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg="
      "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -144,6 +144,10 @@
    telegram-desktop
    jadx
    gradle
+    localsend
+    scrcpy
+    syncthing
+    obsidian
  ];

  programs.waybar.enable = true;
@ -186,12 +190,12 @@
    # sccache stuff
    RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
    SCCACHE_BUCKET = "sccache";
-    SCCACHE_REGION = "earth";
+    SCCACHE_REGION = "us-east-1";
    SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
    SCCACHE_ALLOW_CORE_DUMPS = "true";
    SCCACHE_S3_USE_SSL = "true";
    SCCACHE_CACHE_MULTIARCH = "true";
-    SCCACHE_LOG_LEVEL = "warn";
+    SCCACHE_LOG = "warn";
    AWS_DEFAULT_REGION = "us-east-1";
    AWS_ENDPOINT_URL = "https://s3.cy7.sh";
    AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
--- a/home/zsh/default.nix
+++ b/home/zsh/default.nix
@ -36,6 +36,13 @@
      searchUpKey = "^p";
      searchDownKey = "^n";
    };
+
+    # prezto = {
+    #   enable = true;
+    #   caseSensitive = false;
+    #   editor.keymap = "vi";
+    # };
+
    initExtra = ''
      # disable control+s to pause terminal
      unsetopt FLOW_CONTROL
--- a/hosts/chunk/attic.nix
+++ b/hosts/chunk/attic.nix
@ -7,32 +7,26 @@

    settings = {
      listen = "[::]:8090";
-      api-endpoint = "https://cache.cything.io/";
-      allowed-hosts = [ "cache.cything.io" ];
+      api-endpoint = "https://cache.cy7.sh/";
+      allowed-hosts = [ "cache.cy7.sh" ];
      require-proof-of-possession = false;
      compression.type = "zstd";
      database.url = "postgresql:///atticd?host=/run/postgresql";

      storage = {
-        type = "local";
-        path = "/mnt/attic";
+        type = "s3";
+        region = "auto";
+        bucket = "attic";
+        endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
      };

      garbage-collection = {
-        default-retention-period = "3 months";
-      };
-
-      chunking = {
-        nar-size-threshold = 0; # disables chunking
-        min-size = 0;
-        avg-size = 0;
-        max-size = 0;
-        concurrent-chunk-uploads = 32;
+        default-retention-period = "2 weeks";
      };
    };
  };

-  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
+  services.caddy.virtualHosts."cache.cy7.sh".extraConfig = ''
    import common
    reverse_proxy localhost:8090
  '';
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -1,5 +1,6 @@
 {
  pkgs,
+  lib,
  ...
 }:
 {
@ -10,13 +11,10 @@
    ./backup.nix
    ./rclone.nix
    ./postgres.nix
-    ./wireguard.nix
-    ./adguard.nix
    ./hedgedoc.nix
    ./miniflux.nix
    ./redlib.nix
    ./vaultwarden.nix
-    ./wireguard.nix
    ./grafana.nix
    ./conduwuit.nix
    ./immich.nix
@ -48,15 +46,6 @@
    "hedgedoc/env" = {
      sopsFile = ../../secrets/services/hedgedoc.yaml;
    };
-    "wireguard/private" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
-    "wireguard/psk-yt" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
-    "wireguard/psk-phone" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
    "miniflux/env" = {
      sopsFile = ../../secrets/services/miniflux.yaml;
    };
@ -100,11 +89,39 @@
    ];
    allowedUDPPorts = [
      443
-      51820
      53
      853
-    ]; # 51820 is wireguard
-    trustedInterfaces = [ "wg0" ];
+    ];
+    extraCommands =
+      let
+        ethtool = lib.getExe pkgs.ethtool;
+        tc = lib.getExe' pkgs.iproute2 "tc";
+      in
+      ''
+        # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
+        ${ethtool} -K ens18 tso off
+
+        # clear existing rules
+        ${tc} qdisc del dev ens18 root || true
+
+        # create HTB hierarchy
+        ${tc} qdisc add dev ens18 root handle 1: htb default 30
+        ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
+        # tailscale
+        ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
+        # caddy
+        ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
+        # rest
+        ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
+
+        # mark traffic
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
+
+        # route marked packets
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
+      '';
  };
  networking.interfaces.ens18 = {
    ipv6.addresses = [
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -34,7 +34,7 @@
      ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
      ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
        config.sops.secrets."rclone/config".path
-      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic ";
+      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
    };
  };
@ -55,6 +55,4 @@
      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
    };
  };
-
-  programs.fuse.userAllowOther = true;
 }
--- a/hosts/chunk/tailscale.nix
+++ b/hosts/chunk/tailscale.nix
@ -7,6 +7,9 @@
      "--advertise-exit-node"
      "--accept-dns=false"
    ];
+    extraDaemonFlags = [
+      "--no-logs-no-support"
+    ];
    useRoutingFeatures = "server";
    openFirewall = true;
  };
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -10,7 +10,7 @@
        "@wheel"
      ];
      trusted-public-keys = [
-        "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
+        "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg="
        "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
@ -18,7 +18,7 @@
      ];
      substituters = [
        "https://aseipp-nix-cache.global.ssl.fastly.net"
-        "https://cache.cything.io/central"
+        "https://cache.cy7.sh/central"
        "https://niri.cachix.org"
        "https://nix-community.cachix.org"
        "https://cache.garnix.io"
@ -41,15 +41,30 @@
    '';
    registry.nixpkgs.flake = inputs.nixpkgs;
  };
-  time.timeZone = "America/Toronto";
-  networking.firewall.logRefusedConnections = false;
-  networking.nameservers = [
-    # quad9
-    "2620:fe::fe"
-    "2620:fe::9"
-    "9.9.9.9"
-    "149.112.112.112"
-  ];
+
+  time.timeZone = "America/New_York";
+  networking = {
+    firewall.logRefusedConnections = false;
+    nameservers = [
+      # quad9
+      "2620:fe::fe"
+      "2620:fe::9"
+      "9.9.9.9"
+      "149.112.112.112"
+    ];
+    timeServers = [
+      "ntppool1.time.nl"
+      "nts.netnod.se"
+      "ptbtime1.ptb.de"
+      "ohio.time.system76.com"
+      "time.txryan.com"
+      "time.dfm.dk"
+    ];
+  };
+  services.chrony = {
+    enable = true;
+    enableNTS = true;
+  };

  # this is true by default and mutually exclusive with
  # programs.nix-index
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -20,12 +20,6 @@
    "services/ntfy" = {
      sopsFile = ../../secrets/services/ntfy.yaml;
    };
-    "wireguard/private" = {
-      sopsFile = ../../secrets/wireguard/yt.yaml;
-    };
-    "wireguard/psk" = {
-      sopsFile = ../../secrets/wireguard/yt.yaml;
-    };
    "rsyncnet/id_ed25519" = {
      sopsFile = ../../secrets/zh5061/yt.yaml;
    };
@ -89,11 +83,18 @@
    networkmanager = {
      enable = true;
      dns = "none";
-      wifi.backend = "iwd";
+      wifi = {
+        backend = "iwd";
+        powersave = false;
+      };
    };
    resolvconf.enable = true;
    firewall = {
-      allowedTCPPorts = [ 8080 ]; # for mitmproxy
+      enable = true;
+      allowedTCPPorts = [
+        8080 # mitmproxy
+        22000 # syncthing
+      ];
    };
  };
  programs.nm-applet.enable = true;
@ -105,9 +106,7 @@
    alsa.enable = true;
    alsa.support32Bit = true;
    wireplumber.extraConfig.bluetoothEnhancements = {
-      "wireplumber.settings" = {
-        "bluetooth.autoswitch-to-headset-profile" = false;
-      };
+      # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration
      "monitor.bluez.properties" = {
        "bluez5.enable-sbc-xq" = true;
        "bluez5.enable-msbc" = true;
@ -115,6 +114,10 @@
        "bluez5.roles" = [
          "a2dp_sink"
          "a2dp_source"
+          "hsp_hs"
+          "hsp_ag"
+          "hfp_hf"
+          "hfp_ag"
        ];
      };
    };
@ -223,6 +226,7 @@
      "/home/yt/.local/share/Steam"
      "**/.wine"
      "/home/yt/Games"
+      "/home/yt/Videos"
    ];
    repo = "yt";
    passFile = config.sops.secrets."borg/rsyncnet".path;
@ -375,28 +379,6 @@

  services.ollama.enable = false;

-  # wireguard setup
-  networking.wg-quick.interfaces.wg0 = {
-    autostart = false;
-    address = [
-      "10.0.0.2/24"
-      "fdc9:281f:04d7:9ee9::2/64"
-    ];
-    privateKeyFile = config.sops.secrets."wireguard/private".path;
-    peers = [
-      {
-        publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
-        allowedIPs = [
-          "0.0.0.0/0"
-          "::/0"
-        ];
-        endpoint = "31.59.129.225:51820";
-        persistentKeepalive = 25;
-        presharedKeyFile = config.sops.secrets."wireguard/psk".path;
-      }
-    ];
-  };
-
  services.trezord.enable = false;

  programs.niri.enable = false;
--- a/hosts/ytnix/tailscale.nix
+++ b/hosts/ytnix/tailscale.nix
@ -6,8 +6,13 @@
    openFirewall = true;
    useRoutingFeatures = "client";
    extraUpFlags = [
-      "--exit-node=100.122.132.30"
+      "--exit-node=chunk"
      "--accept-dns=false"
+      "--operator=yt"
+      "--exit-node-allow-lan-access"
+    ];
+    extraDaemonFlags = [
+      "--no-logs-no-support"
    ];
  };
 }
--- a/modules/zipline.nix
+++ b/modules/zipline.nix
@ -15,18 +15,12 @@ in
    services.zipline = {
      enable = true;
      settings = {
+        CORE_HOSTNAME = "127.0.0.1";
        CORE_PORT = 3001;
        DATASOURCE_TYPE = "s3";
-        DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
+        DATASOURCE_S3_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
        DATASOURCE_S3_BUCKET = "zipline";
        DATASOURCE_S3_REGION = "auto";
-        DATASOURCE_S3_USE_SSL = "true";
-        DATASOURCE_S3_FORCE_S3_PATH = "false";
-        FEATURES_THUMBNAILS = "true";
-        EXIF_REMOVE_GPS = "true";
-        CHUNKS_CHUNKS_SIZE = "50mb";
-        CHUNKS_MAX_SIZE = "95mb";
-        FEATURES_OAUTH_REGISTRATION = "true";
      };
      environmentFiles = [ config.sops.secrets."zipline/env".path ];
    };
--- a/overlay/attic/concurrent-32.patch
+++ b/overlay/attic/concurrent-32.patch
@ -0,0 +1,13 @@
+diff --git a/server/src/config.rs b/server/src/config.rs
+index 4412cbf..6dd483a 100644
+--- a/server/src/config.rs
+++ b/server/src/config.rs
+@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration {
+ }
+ 
+ fn default_concurrent_chunk_uploads() -> usize {
+-    10
+    32
+ }
+ 
+ fn load_config_from_path(path: &Path) -> Result<Config> {
--- a/overlay/attic/default.nix
+++ b/overlay/attic/default.nix
@ -16,6 +16,9 @@ final: prev: {
            cargoLock = null;
            cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
            useFetchCargoVendor = true;
+            patches = [
+              ./concurrent-32.patch
+            ];
          }
        );
    };
--- a/overlay/default.nix
+++ b/overlay/default.nix
@ -2,6 +2,7 @@
 let
  overlays = [
    ./attic
+    ./zipline
  ];
  importedOverlays = map (m: import m) overlays;
 in
--- a/overlay/zipline/default.nix
+++ b/overlay/zipline/default.nix
@ -0,0 +1,7 @@
+final: prev: {
+  zipline = prev.zipline.overrideAttrs {
+    patches = [
+      ./no-check-bucket.patch
+    ];
+  };
+}
--- a/overlay/zipline/no-check-bucket.patch
+++ b/overlay/zipline/no-check-bucket.patch
@ -0,0 +1,45 @@
+diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts
+index 089dd64..39dd8f4 100644
+--- a/src/lib/datasource/S3.ts
+++ b/src/lib/datasource/S3.ts
+@@ -4,7 +4,6 @@ import {
+   DeleteObjectCommand,
+   DeleteObjectsCommand,
+   GetObjectCommand,
+-  ListBucketsCommand,
+   ListObjectsCommand,
+   PutObjectCommand,
+   S3Client,
+@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource {
+       endpoint: this.options.endpoint ?? undefined,
+       forcePathStyle: this.options.forcePathStyle ?? false,
+     });
+-
+-    this.ensureBucketExists();
+-  }
+-
+-  private async ensureBucketExists() {
+-    try {
+-      const res = await this.client.send(new ListBucketsCommand());
+-      if (res.$metadata.httpStatusCode !== 200) {
+-        this.logger
+-          .error('there was an error while listing buckets', res.$metadata as Record<string, unknown>)
+-          .error('zipline will now exit');
+-        process.exit(1);
+-      }
+-
+-      if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) {
+-        this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit');
+-        process.exit(1);
+-      }
+-    } catch (e) {
+-      this.logger
+-        .error('there was an error while listing buckets', e as Record<string, unknown>)
+-        .error('zipline will now exit');
+-      process.exit(1);
+-    } finally {
+-      this.logger.debug(`bucket ${this.options.bucket} exists`);
+-    }
+   }
+ 
+   public async get(file: string): Promise<Readable | null> {
--- a/secrets/services/attic.yaml
+++ b/secrets/services/attic.yaml
--- a/secrets/services/zipline.yaml
+++ b/secrets/services/zipline.yaml
@ -1,5 +1,5 @@
 zipline:
-    env: ENC[AES256_GCM,data:lsR/+bET/C7ssik0xv5IBITT+KEnoyqNjSZ9jvkkb7lmNAQzow6dCm1nprfimiJC0EF2LyiEPm0wchdtrLTNEtUkJWkworEJXeWGrGGbHgZW0/HC1BSERqlLmZTPyLWkhsl3rObvuhRoTKlUN5EMwtK8x06aOX6PcxLdwVjps7UxkBXej712IcKPvHVSJIQMvVHP2lqSppJc+sEMt4u3Vnf1ZYGsQS3bWnI7w40sOdGR8LGBadfmWwIj0/3XTaG7S7Lhi4AOFGZtpdyOmxxIH3Vd5qesfiqPHm0nTmu/JxPftYm+F/hDnbJHrbg7cNVlJahDFtQp8QdlVvdMU3ccNptpRXGWIwFOz3JtuzDo7pxkYRqO2dKqYbKhOknrMW0PYuB48XEKj3e4Q+T8tUhFTsOHfqT0J8ati26dQaUO5wvw22o=,iv:QeR8fU9bRVO5OuqjbEeiC1vihbLxrNgnR0k0K/mRmSw=,tag:6x2XELOlJ9JWeOuVBBHNpg==,type:str]
+    env: ENC[AES256_GCM,data:5n056AoWvM4PXBCxm+tk2G9qOugRpA/n5YRrxTtB7XBBQmRQNaP2a6AbAnWX665yFGQsB0iHdSER3sY78RqUL0gFKupVq1UAT8A2Wi0HqcFMqUs2drXjIksdmI6hTLk9TCxtPy0VbPieIshO2VEYesUqitTZ01i8Hj5CyF8yFC6t9eQ2L9iKLm5gje80MoqQT4IFx+V5B4ExP3fzhcpfr8StGHKHvG59nc40KQAW38i/95H3nncScOBfSQSNH61wLnDjecr8srxELO/j2iOKD9JzmqYLQr8TLKNw7KIIhDMAmuNeQhG1YXtj7/nj6gHN6cHpcHPgUdWID/Y6MHcndDCIJnyC2Qeod5ShOn53IjL7C8VZ940o9LfwNz22sx1SYZEwRGktIhUY0c4IL/4bUvhxwTcMH9ITYU8eVfG/QSnr8B4=,iv:juf0dRagztirDN89Jj+v8k62BBl9TU12A8TdR/m8qDA=,tag:WakN+bOYfF4YrleIsAg+OQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -24,8 +24,8 @@ sops:
            WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW
            AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-14T03:37:09Z"
-    mac: ENC[AES256_GCM,data:KViPAUWWpE5UTZOp55f3QeXhHkXBvyl9Np/Tlj5bY7t3qt1U370OLq1yL87WWbvRWa/K/ZYN2gjN16dgfp5o834VniSJM6dnw+vC76QNaXjCfE2HKozRx6NlHFMflzzV8TXvqzJvuPa43E8DRaBctY2a7aIbJ4DJki1dfmrrO3Y=,iv:vPeMWOWQNZX3t4BoYzpuI74tZJ3rCXwbxmqcRAW5ZXY=,tag:i4ZjIXg0JOj2U2jMwurChw==,type:str]
+    lastmodified: "2025-02-23T21:43:15Z"
+    mac: ENC[AES256_GCM,data:nI7xnLUMtseY9q8XZ3owb6qtRBtaRmmNNK4Z5ELHaI85VowdItZXMFN9faCVuCVTzhKp/4WC8jm96k7eWxytzW6r6KRvKDrUaRV27UweraK2Oe8et7u+oIEPh6HkNuZFB+qPiFYdfc+qQeTIKwayEVLeVWyvQKVDBhBxZd9UArg=,iv:q4hRQVat+LHVbYnF6QLE8iBdBeacJVUBKmMe4tbU8YU=,tag:6m4+SU1BFXMPORqe9vgXAw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4
Author	SHA1	Message	Date
cy	a55a932a4d	flake update Signed-off-by: cy <cy@cy7.sh>	2025-02-25 12:42:34 -05:00
cy	d76a9f7f3a	also traffic control caddy	2025-02-25 12:39:43 -05:00
cy	47d703d9d1	Merge branch 'new-attic'	2025-02-24 22:07:58 -05:00
cy	066c0a5a74	update attic cache keys	2025-02-24 21:52:22 -05:00
cy	f5096f3917	make attic better	2025-02-24 21:38:02 -05:00
cy	131b4b2614	implement traffic control, remove adguard, misc tailscale stuff	2025-02-24 13:23:38 -05:00
cy	a82a616f11	cleanup overlays, don't use prezto, remove wireguard code, some time and network stuff	2025-02-23 18:11:19 -05:00
cy	2e7c178862	upgrade and patch zipline	2025-02-23 18:07:48 -05:00
cy	81d442200b	zsh: enable presto and disable casesensitive	2025-02-23 13:44:49 -05:00