flake update

Signed-off-by: cy <cy@cy7.sh>

flake.lock

@@ -1,21 +1,5 @@
 {
   "nodes": {
-    "anki": {
-      "locked": {
-        "lastModified": 1739471491,
-        "narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=",
-        "owner": "cything",
-        "repo": "nixpkgs",
-        "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cything",
-        "repo": "nixpkgs",
-        "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
-        "type": "github"
-      }
-    },
     "attic": {
       "inputs": {
         "crane": "crane",
@@ -220,27 +204,6 @@
         "type": "github"
       }
     },
-    "devshell": {
-      "inputs": {
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1735644329,
-        "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
-        "owner": "numtide",
-        "repo": "devshell",
-        "rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "devshell",
-        "type": "github"
-      }
-    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -478,32 +441,6 @@
         "type": "github"
       }
     },
-    "git-hooks_2": {
-      "inputs": {
-        "flake-compat": [
-          "nixvim",
-          "flake-compat"
-        ],
-        "gitignore": "gitignore_3",
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1737465171,
-        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "git-hooks.nix",
-        "type": "github"
-      }
-    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -549,28 +486,6 @@
         "type": "github"
       }
     },
-    "gitignore_3": {
-      "inputs": {
-        "nixpkgs": [
-          "nixvim",
-          "git-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -578,11 +493,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1740318342,
+        "lastModified": 1740494361,
-        "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=",
+        "narHash": "sha256-Dd/GhJ9qKmUwuhgt/PAROG8J6YdU2ZjtJI9SQX5sVQI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca",
+        "rev": "74f0a8546e3f2458c870cf90fc4b38ac1f498b17",
         "type": "github"
       },
       "original": {
@@ -639,11 +554,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739186342,
+        "lastModified": 1740440383,
-        "narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=",
+        "narHash": "sha256-w8ixbqOGrVWMQZFFs4uAwZpuwuGMzFoKjocMFxTR5Ts=",
         "owner": "nix-community",
         "repo": "lanzaboote",
-        "rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660",
+        "rev": "6321bc060d757c137c1fbae2057c7e941483878f",
         "type": "github"
       },
       "original": {
@@ -699,11 +614,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1740318097,
+        "lastModified": 1740502011,
-        "narHash": "sha256-lCRwHfZqpXO/Q98WCTD0eOWvKpA2J4ANLxrDzd3aWJw=",
+        "narHash": "sha256-H5itHYNtWHzM1nlZozYfLvN+CHRL3A95uO8qKBNx7Xo=",
         "ref": "refs/heads/main",
-        "rev": "aaab224bea76cc6882884f9223b4bec2a781ebd4",
+        "rev": "ffe2dd40f4fae2d8f0ff94063c8522efddc2a3e6",
-        "revCount": 17460,
+        "revCount": 17493,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/lix"
       },
@@ -779,11 +694,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1740326457,
+        "lastModified": 1740480783,
-        "narHash": "sha256-C1tiPRIXI6Z5vd3pz26/JQ/p+VaG2eKD6PNk8ZqFW1E=",
+        "narHash": "sha256-5l/WnJ4BELbckzTd1rmTlEGbcqBf71K2tx6pCNb2xM8=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "23b0234ac1b03709a0cec40e84d293f083859dc9",
+        "rev": "0da1abb83ef2a37fd885de79730759486a407c41",
         "type": "github"
       },
       "original": {
@@ -795,16 +710,16 @@
     "niri-stable": {
       "flake": false,
       "locked": {
-        "lastModified": 1736614405,
+        "lastModified": 1740117926,
-        "narHash": "sha256-AJ1rlgNOPb3/+DbS5hkhm21t6Oz8IgqLllwmZt0lyzk=",
+        "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "e05bc269e678ecf828b96ae79c991c13b00b38a5",
+        "rev": "b94a5db8790339cf9134873d8b490be69e02ac71",
         "type": "github"
       },
       "original": {
         "owner": "YaLTeR",
-        "ref": "v25.01",
+        "ref": "v25.02",
         "repo": "niri",
         "type": "github"
       }
@@ -812,11 +727,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1740251548,
+        "lastModified": 1740476031,
-        "narHash": "sha256-53kgDwNYEPIZadX5SEk7+OoTXycHm1QUF7x2XCoo9+U=",
+        "narHash": "sha256-8YuYgIzExIAenYMaSQTP7zYBzaJPN83pGRrcwQCochY=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "bca65452882e1e616045e21a0a9a4a0b7024239b",
+        "rev": "c153349c62ed44762bf2ae8be6d5812faa9d5c6d",
         "type": "github"
       },
       "original": {
@@ -866,27 +781,6 @@
         "type": "github"
       }
     },
-    "nix-darwin": {
-      "inputs": {
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1738743987,
-        "narHash": "sha256-O3bnAfsObto6l2tQOmQlrO6Z2kD6yKwOWfs7pA0CpOc=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "ae406c04577ff9a64087018c79b4fdc02468c87c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
     "nix-filter": {
       "locked": {
         "lastModified": 1731533336,
@@ -932,11 +826,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739790836,
+        "lastModified": 1740390822,
-        "narHash": "sha256-ksegG5wSllKmBqId/BtHVje9E5s0I+uCWgiFeLv2RzM=",
+        "narHash": "sha256-UnMANgi2Zf4gf4p49cXM4fDRrPEpN6oJJMXT4Z2BW/U=",
         "owner": "nix-community",
         "repo": "nix-ld",
-        "rev": "36420e7b304b5071da5eedd176c0a567fd821861",
+        "rev": "4c86e9f94553bceba004c48be6f2691971d2a6f7",
         "type": "github"
       },
       "original": {
@@ -1043,11 +937,11 @@
     },
     "nixpkgs-stable_4": {
       "locked": {
-        "lastModified": 1740162160,
+        "lastModified": 1740339700,
-        "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=",
+        "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9",
+        "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195",
         "type": "github"
       },
       "original": {
@@ -1107,11 +1001,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1740301968,
+        "lastModified": 1740500346,
-        "narHash": "sha256-eDAiNagpMExcLoSIgjdef2ZYyvjuy1VTF8r9OZXCMGc=",
+        "narHash": "sha256-4fO8s2ptZODefFbdyCuxR3MaqZs7U9A+Q1wak0SkJ4o=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b7fe81518095c48a8ba94fc7cfe5c0fc8370851b",
+        "rev": "d4d7eaf04bb369b178ad6eab68e356056aeaa952",
         "type": "github"
       },
       "original": {
@@ -1123,32 +1017,20 @@
     },
     "nixvim": {
       "inputs": {
-        "devshell": "devshell",
-        "flake-compat": [
-          "flake-compat"
-        ],
         "flake-parts": [
           "flake-parts"
         ],
-        "git-hooks": "git-hooks_2",
-        "home-manager": [
-          "home-manager"
-        ],
-        "nix-darwin": "nix-darwin",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nuschtosSearch": "nuschtosSearch",
+        "nuschtosSearch": "nuschtosSearch"
-        "treefmt-nix": [
-          "treefmt"
-        ]
       },
       "locked": {
-        "lastModified": 1739902813,
+        "lastModified": 1740432393,
-        "narHash": "sha256-BgOQcKKz7VNvSHIbBllHisv32HvF3W3ALF9sdnC++V8=",
+        "narHash": "sha256-uXlB7bTlrl0q2jryKMSRlU+GptkVJN7PTsqdKkaFg1M=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "0ab9947137cd034ec64eb5cd9ede94e53af21f50",
+        "rev": "53f9d242ffdf0997109d0b5b8bbbcc67a4296077",
         "type": "github"
       },
       "original": {
@@ -1281,7 +1163,6 @@
     },
     "root": {
       "inputs": {
-        "anki": "anki",
         "conduwuit": "conduwuit",
         "crane": "crane_2",
         "disko": "disko",
@@ -1330,11 +1211,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1740277845,
+        "lastModified": 1740450604,
-        "narHash": "sha256-NNU0CdiaSbAeZ8tpDG4aFi9qtcdlItRvk8Xns9oBrVU=",
+        "narHash": "sha256-T/lqASXzCzp5lJISCUw+qwfRmImVUnhKgAhn8ymRClI=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "f933070c29f9c1c5457447a51903f27f76ebb519",
+        "rev": "5961ca311c85c31fc5f51925b4356899eed36221",
         "type": "github"
       },
       "original": {
@@ -1426,11 +1307,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1740275623,
+        "lastModified": 1740448507,
-        "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=",
+        "narHash": "sha256-4NsNG5lxS+r5LQ9QmT8xC2VQCN6BeMBnWzxTF/0r14U=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3",
+        "rev": "b0bb3351351155e341033b05fffe0a0c9b342ee4",
         "type": "github"
       },
       "original": {
@@ -1442,16 +1323,16 @@
     "xwayland-satellite-stable": {
       "flake": false,
       "locked": {
-        "lastModified": 1730166465,
+        "lastModified": 1739246919,
-        "narHash": "sha256-nq7bouXQXaaPPo/E+Jbq+wNHnatD4dY8OxSrRqzvy6s=",
+        "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=",
         "owner": "Supreeeme",
         "repo": "xwayland-satellite",
-        "rev": "a713cf46cb7db84a0d1b57c3a397c610cad3cf98",
+        "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d",
         "type": "github"
       },
       "original": {
         "owner": "Supreeeme",
-        "ref": "v0.5",
+        "ref": "v0.5.1",
         "repo": "xwayland-satellite",
         "type": "github"
       }

flake.nix

@@ -100,14 +100,11 @@
     flake-utils.url = "github:numtide/flake-utils";
     crane.url = "github:ipetkov/crane";
     flake-compat.url = "github:edolstra/flake-compat";
-
-    # unmerged PRs
-    anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248";
   };
 
   nixConfig = {
     extra-substituters = [
-      "https://cache.cything.io/central"
+      "https://cache.cy7.sh/central"
       "https://niri.cachix.org"
       "https://nix-community.cachix.org"
       "https://cache.garnix.io"
@@ -115,7 +112,7 @@
       "https://aseipp-nix-cache.global.ssl.fastly.net"
     ];
     extra-trusted-public-keys = [
-      "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
+      "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg="
       "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="

home/yt/ytnix.nix

@@ -144,6 +144,10 @@
     telegram-desktop
     jadx
     gradle
+    localsend
+    scrcpy
+    syncthing
+    obsidian
   ];
 
   programs.waybar.enable = true;
@@ -186,12 +190,12 @@
     # sccache stuff
     RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
     SCCACHE_BUCKET = "sccache";
-    SCCACHE_REGION = "earth";
+    SCCACHE_REGION = "us-east-1";
     SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
     SCCACHE_ALLOW_CORE_DUMPS = "true";
     SCCACHE_S3_USE_SSL = "true";
     SCCACHE_CACHE_MULTIARCH = "true";
-    SCCACHE_LOG_LEVEL = "warn";
+    SCCACHE_LOG = "warn";
     AWS_DEFAULT_REGION = "us-east-1";
     AWS_ENDPOINT_URL = "https://s3.cy7.sh";
     AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";

home/zsh/default.nix

@@ -36,6 +36,13 @@
       searchUpKey = "^p";
       searchDownKey = "^n";
     };
+
+    # prezto = {
+    #   enable = true;
+    #   caseSensitive = false;
+    #   editor.keymap = "vi";
+    # };
+
     initExtra = ''
       # disable control+s to pause terminal
       unsetopt FLOW_CONTROL

hosts/chunk/attic.nix

@@ -7,32 +7,26 @@
 
     settings = {
       listen = "[::]:8090";
-      api-endpoint = "https://cache.cything.io/";
+      api-endpoint = "https://cache.cy7.sh/";
-      allowed-hosts = [ "cache.cything.io" ];
+      allowed-hosts = [ "cache.cy7.sh" ];
       require-proof-of-possession = false;
       compression.type = "zstd";
       database.url = "postgresql:///atticd?host=/run/postgresql";
 
       storage = {
-        type = "local";
+        type = "s3";
-        path = "/mnt/attic";
+        region = "auto";
+        bucket = "attic";
+        endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
       };
 
       garbage-collection = {
-        default-retention-period = "3 months";
+        default-retention-period = "2 weeks";
-      };
-
-      chunking = {
-        nar-size-threshold = 0; # disables chunking
-        min-size = 0;
-        avg-size = 0;
-        max-size = 0;
-        concurrent-chunk-uploads = 32;
       };
     };
   };
 
-  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
+  services.caddy.virtualHosts."cache.cy7.sh".extraConfig = ''
     import common
     reverse_proxy localhost:8090
   '';

hosts/chunk/default.nix

@@ -1,5 +1,6 @@
 {
   pkgs,
+  lib,
   ...
 }:
 {
@@ -10,13 +11,10 @@
     ./backup.nix
     ./rclone.nix
     ./postgres.nix
-    ./wireguard.nix
-    ./adguard.nix
     ./hedgedoc.nix
     ./miniflux.nix
     ./redlib.nix
     ./vaultwarden.nix
-    ./wireguard.nix
     ./grafana.nix
     ./conduwuit.nix
     ./immich.nix
@@ -48,15 +46,6 @@
     "hedgedoc/env" = {
       sopsFile = ../../secrets/services/hedgedoc.yaml;
     };
-    "wireguard/private" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
-    "wireguard/psk-yt" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
-    "wireguard/psk-phone" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
     "miniflux/env" = {
       sopsFile = ../../secrets/services/miniflux.yaml;
     };
@@ -100,11 +89,39 @@
     ];
     allowedUDPPorts = [
       443
-      51820
       53
       853
-    ]; # 51820 is wireguard
+    ];
-    trustedInterfaces = [ "wg0" ];
+    extraCommands =
+      let
+        ethtool = lib.getExe pkgs.ethtool;
+        tc = lib.getExe' pkgs.iproute2 "tc";
+      in
+      ''
+        # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
+        ${ethtool} -K ens18 tso off
+
+        # clear existing rules
+        ${tc} qdisc del dev ens18 root || true
+
+        # create HTB hierarchy
+        ${tc} qdisc add dev ens18 root handle 1: htb default 30
+        ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
+        # tailscale
+        ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
+        # caddy
+        ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
+        # rest
+        ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
+
+        # mark traffic
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
+
+        # route marked packets
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
+      '';
   };
   networking.interfaces.ens18 = {
     ipv6.addresses = [

hosts/chunk/rclone.nix

@@ -34,7 +34,7 @@
       ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
       ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
         config.sops.secrets."rclone/config".path
-      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic ";
+      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
       ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
     };
   };
@@ -55,6 +55,4 @@
       ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
     };
   };
-
-  programs.fuse.userAllowOther = true;
 }

hosts/chunk/tailscale.nix

@@ -7,6 +7,9 @@
       "--advertise-exit-node"
       "--accept-dns=false"
     ];
+    extraDaemonFlags = [
+      "--no-logs-no-support"
+    ];
     useRoutingFeatures = "server";
     openFirewall = true;
   };

hosts/common.nix

@@ -10,7 +10,7 @@
         "@wheel"
       ];
       trusted-public-keys = [
-        "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
+        "central:KNxL0JFzHDGosui8ASem9n/tDmEAYLL9dtVMJ6TWsyg="
         "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
@@ -18,7 +18,7 @@
       ];
       substituters = [
         "https://aseipp-nix-cache.global.ssl.fastly.net"
-        "https://cache.cything.io/central"
+        "https://cache.cy7.sh/central"
         "https://niri.cachix.org"
         "https://nix-community.cachix.org"
         "https://cache.garnix.io"
@@ -41,15 +41,30 @@
     '';
     registry.nixpkgs.flake = inputs.nixpkgs;
   };
-  time.timeZone = "America/Toronto";
+
-  networking.firewall.logRefusedConnections = false;
+  time.timeZone = "America/New_York";
-  networking.nameservers = [
+  networking = {
+    firewall.logRefusedConnections = false;
+    nameservers = [
       # quad9
       "2620:fe::fe"
       "2620:fe::9"
       "9.9.9.9"
       "149.112.112.112"
     ];
+    timeServers = [
+      "ntppool1.time.nl"
+      "nts.netnod.se"
+      "ptbtime1.ptb.de"
+      "ohio.time.system76.com"
+      "time.txryan.com"
+      "time.dfm.dk"
+    ];
+  };
+  services.chrony = {
+    enable = true;
+    enableNTS = true;
+  };
 
   # this is true by default and mutually exclusive with
   # programs.nix-index

hosts/ytnix/default.nix

@@ -20,12 +20,6 @@
     "services/ntfy" = {
       sopsFile = ../../secrets/services/ntfy.yaml;
     };
-    "wireguard/private" = {
-      sopsFile = ../../secrets/wireguard/yt.yaml;
-    };
-    "wireguard/psk" = {
-      sopsFile = ../../secrets/wireguard/yt.yaml;
-    };
     "rsyncnet/id_ed25519" = {
       sopsFile = ../../secrets/zh5061/yt.yaml;
     };
@@ -89,11 +83,18 @@
     networkmanager = {
       enable = true;
       dns = "none";
-      wifi.backend = "iwd";
+      wifi = {
+        backend = "iwd";
+        powersave = false;
+      };
     };
     resolvconf.enable = true;
     firewall = {
-      allowedTCPPorts = [ 8080 ]; # for mitmproxy
+      enable = true;
+      allowedTCPPorts = [
+        8080 # mitmproxy
+        22000 # syncthing
+      ];
     };
   };
   programs.nm-applet.enable = true;
@@ -105,9 +106,7 @@
     alsa.enable = true;
     alsa.support32Bit = true;
     wireplumber.extraConfig.bluetoothEnhancements = {
-      "wireplumber.settings" = {
+      # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration
-        "bluetooth.autoswitch-to-headset-profile" = false;
-      };
       "monitor.bluez.properties" = {
         "bluez5.enable-sbc-xq" = true;
         "bluez5.enable-msbc" = true;
@@ -115,6 +114,10 @@
         "bluez5.roles" = [
           "a2dp_sink"
           "a2dp_source"
+          "hsp_hs"
+          "hsp_ag"
+          "hfp_hf"
+          "hfp_ag"
         ];
       };
     };
@@ -223,6 +226,7 @@
       "/home/yt/.local/share/Steam"
       "**/.wine"
       "/home/yt/Games"
+      "/home/yt/Videos"
     ];
     repo = "yt";
     passFile = config.sops.secrets."borg/rsyncnet".path;
@@ -375,28 +379,6 @@
 
   services.ollama.enable = false;
 
-  # wireguard setup
-  networking.wg-quick.interfaces.wg0 = {
-    autostart = false;
-    address = [
-      "10.0.0.2/24"
-      "fdc9:281f:04d7:9ee9::2/64"
-    ];
-    privateKeyFile = config.sops.secrets."wireguard/private".path;
-    peers = [
-      {
-        publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
-        allowedIPs = [
-          "0.0.0.0/0"
-          "::/0"
-        ];
-        endpoint = "31.59.129.225:51820";
-        persistentKeepalive = 25;
-        presharedKeyFile = config.sops.secrets."wireguard/psk".path;
-      }
-    ];
-  };
-
   services.trezord.enable = false;
 
   programs.niri.enable = false;

hosts/ytnix/tailscale.nix

@@ -6,8 +6,13 @@
     openFirewall = true;
     useRoutingFeatures = "client";
     extraUpFlags = [
-      "--exit-node=100.122.132.30"
+      "--exit-node=chunk"
       "--accept-dns=false"
+      "--operator=yt"
+      "--exit-node-allow-lan-access"
+    ];
+    extraDaemonFlags = [
+      "--no-logs-no-support"
     ];
   };
 }

modules/zipline.nix

@@ -15,18 +15,12 @@ in
     services.zipline = {
       enable = true;
       settings = {
+        CORE_HOSTNAME = "127.0.0.1";
         CORE_PORT = 3001;
         DATASOURCE_TYPE = "s3";
-        DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
+        DATASOURCE_S3_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
         DATASOURCE_S3_BUCKET = "zipline";
         DATASOURCE_S3_REGION = "auto";
-        DATASOURCE_S3_USE_SSL = "true";
-        DATASOURCE_S3_FORCE_S3_PATH = "false";
-        FEATURES_THUMBNAILS = "true";
-        EXIF_REMOVE_GPS = "true";
-        CHUNKS_CHUNKS_SIZE = "50mb";
-        CHUNKS_MAX_SIZE = "95mb";
-        FEATURES_OAUTH_REGISTRATION = "true";
       };
       environmentFiles = [ config.sops.secrets."zipline/env".path ];
     };

overlay/attic/concurrent-32.patch

@@ -0,0 +1,13 @@
+diff --git a/server/src/config.rs b/server/src/config.rs
+index 4412cbf..6dd483a 100644
+--- a/server/src/config.rs
++++ b/server/src/config.rs
+@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration {
+ }
+ 
+ fn default_concurrent_chunk_uploads() -> usize {
+-    10
++    32
+ }
+ 
+ fn load_config_from_path(path: &Path) -> Result<Config> {

overlay/attic/default.nix

@@ -16,6 +16,9 @@ final: prev: {
             cargoLock = null;
             cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
             useFetchCargoVendor = true;
+            patches = [
+              ./concurrent-32.patch
+            ];
           }
         );
     };

overlay/default.nix

@@ -2,6 +2,7 @@
 let
   overlays = [
     ./attic
+    ./zipline
   ];
   importedOverlays = map (m: import m) overlays;
 in

overlay/zipline/default.nix

@@ -0,0 +1,7 @@
+final: prev: {
+  zipline = prev.zipline.overrideAttrs {
+    patches = [
+      ./no-check-bucket.patch
+    ];
+  };
+}

overlay/zipline/no-check-bucket.patch

@@ -0,0 +1,45 @@
+diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts
+index 089dd64..39dd8f4 100644
+--- a/src/lib/datasource/S3.ts
++++ b/src/lib/datasource/S3.ts
+@@ -4,7 +4,6 @@ import {
+   DeleteObjectCommand,
+   DeleteObjectsCommand,
+   GetObjectCommand,
+-  ListBucketsCommand,
+   ListObjectsCommand,
+   PutObjectCommand,
+   S3Client,
+@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource {
+       endpoint: this.options.endpoint ?? undefined,
+       forcePathStyle: this.options.forcePathStyle ?? false,
+     });
+-
+-    this.ensureBucketExists();
+-  }
+-
+-  private async ensureBucketExists() {
+-    try {
+-      const res = await this.client.send(new ListBucketsCommand());
+-      if (res.$metadata.httpStatusCode !== 200) {
+-        this.logger
+-          .error('there was an error while listing buckets', res.$metadata as Record<string, unknown>)
+-          .error('zipline will now exit');
+-        process.exit(1);
+-      }
+-
+-      if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) {
+-        this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit');
+-        process.exit(1);
+-      }
+-    } catch (e) {
+-      this.logger
+-        .error('there was an error while listing buckets', e as Record<string, unknown>)
+-        .error('zipline will now exit');
+-      process.exit(1);
+-    } finally {
+-      this.logger.debug(`bucket ${this.options.bucket} exists`);
+-    }
+   }
+ 
+   public async get(file: string): Promise<Readable | null> {

secrets/services/zipline.yaml

@@ -1,5 +1,5 @@
 zipline:
-    env: ENC[AES256_GCM,data:lsR/+bET/C7ssik0xv5IBITT+KEnoyqNjSZ9jvkkb7lmNAQzow6dCm1nprfimiJC0EF2LyiEPm0wchdtrLTNEtUkJWkworEJXeWGrGGbHgZW0/HC1BSERqlLmZTPyLWkhsl3rObvuhRoTKlUN5EMwtK8x06aOX6PcxLdwVjps7UxkBXej712IcKPvHVSJIQMvVHP2lqSppJc+sEMt4u3Vnf1ZYGsQS3bWnI7w40sOdGR8LGBadfmWwIj0/3XTaG7S7Lhi4AOFGZtpdyOmxxIH3Vd5qesfiqPHm0nTmu/JxPftYm+F/hDnbJHrbg7cNVlJahDFtQp8QdlVvdMU3ccNptpRXGWIwFOz3JtuzDo7pxkYRqO2dKqYbKhOknrMW0PYuB48XEKj3e4Q+T8tUhFTsOHfqT0J8ati26dQaUO5wvw22o=,iv:QeR8fU9bRVO5OuqjbEeiC1vihbLxrNgnR0k0K/mRmSw=,tag:6x2XELOlJ9JWeOuVBBHNpg==,type:str]
+    env: ENC[AES256_GCM,data:5n056AoWvM4PXBCxm+tk2G9qOugRpA/n5YRrxTtB7XBBQmRQNaP2a6AbAnWX665yFGQsB0iHdSER3sY78RqUL0gFKupVq1UAT8A2Wi0HqcFMqUs2drXjIksdmI6hTLk9TCxtPy0VbPieIshO2VEYesUqitTZ01i8Hj5CyF8yFC6t9eQ2L9iKLm5gje80MoqQT4IFx+V5B4ExP3fzhcpfr8StGHKHvG59nc40KQAW38i/95H3nncScOBfSQSNH61wLnDjecr8srxELO/j2iOKD9JzmqYLQr8TLKNw7KIIhDMAmuNeQhG1YXtj7/nj6gHN6cHpcHPgUdWID/Y6MHcndDCIJnyC2Qeod5ShOn53IjL7C8VZ940o9LfwNz22sx1SYZEwRGktIhUY0c4IL/4bUvhxwTcMH9ITYU8eVfG/QSnr8B4=,iv:juf0dRagztirDN89Jj+v8k62BBl9TU12A8TdR/m8qDA=,tag:WakN+bOYfF4YrleIsAg+OQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +24,8 @@ sops:
             WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW
             AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-14T03:37:09Z"
+    lastmodified: "2025-02-23T21:43:15Z"
-    mac: ENC[AES256_GCM,data:KViPAUWWpE5UTZOp55f3QeXhHkXBvyl9Np/Tlj5bY7t3qt1U370OLq1yL87WWbvRWa/K/ZYN2gjN16dgfp5o834VniSJM6dnw+vC76QNaXjCfE2HKozRx6NlHFMflzzV8TXvqzJvuPa43E8DRaBctY2a7aIbJ4DJki1dfmrrO3Y=,iv:vPeMWOWQNZX3t4BoYzpuI74tZJ3rCXwbxmqcRAW5ZXY=,tag:i4ZjIXg0JOj2U2jMwurChw==,type:str]
+    mac: ENC[AES256_GCM,data:nI7xnLUMtseY9q8XZ3owb6qtRBtaRmmNNK4Z5ELHaI85VowdItZXMFN9faCVuCVTzhKp/4WC8jm96k7eWxytzW6r6KRvKDrUaRV27UweraK2Oe8et7u+oIEPh6HkNuZFB+qPiFYdfc+qQeTIKwayEVLeVWyvQKVDBhBxZd9UArg=,iv:q4hRQVat+LHVbYnF6QLE8iBdBeacJVUBKmMe4tbU8YU=,tag:6m4+SU1BFXMPORqe9vgXAw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4