flake.nix

@@ -104,6 +104,7 @@
 
   nixConfig = {
     extra-substituters = [
+      "https://cache.cything.io/central"
       "https://niri.cachix.org"
       "https://nix-community.cachix.org"
       "https://cache.garnix.io"
@@ -111,6 +112,7 @@
       "https://aseipp-nix-cache.global.ssl.fastly.net"
     ];
     extra-trusted-public-keys = [
+      "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
       "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="

home/yt/ytnix.nix

@@ -144,9 +144,6 @@
     telegram-desktop
     jadx
     gradle
-    localsend
-    scrcpy
-    syncthing
   ];
 
   programs.waybar.enable = true;

hosts/chunk/attic.nix

@@ -7,26 +7,32 @@
 
     settings = {
       listen = "[::]:8090";
-      api-endpoint = "https://cache.cy7.sh/";
-      allowed-hosts = [ "cache.cy7.sh" ];
+      api-endpoint = "https://cache.cything.io/";
+      allowed-hosts = [ "cache.cything.io" ];
       require-proof-of-possession = false;
       compression.type = "zstd";
       database.url = "postgresql:///atticd?host=/run/postgresql";
 
       storage = {
-        type = "s3";
-        region = "auto";
-        bucket = "attic";
-        endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
+        type = "local";
+        path = "/mnt/attic";
       };
 
       garbage-collection = {
-        default-retention-period = "2 weeks";
+        default-retention-period = "3 months";
+      };
+
+      chunking = {
+        nar-size-threshold = 0; # disables chunking
+        min-size = 0;
+        avg-size = 0;
+        max-size = 0;
+        concurrent-chunk-uploads = 32;
       };
     };
   };
 
-  services.caddy.virtualHosts."cache.cy7.sh".extraConfig = ''
+  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
     import common
     reverse_proxy localhost:8090
   '';

hosts/chunk/default.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  lib,
   ...
 }:
 {
@@ -11,6 +10,7 @@
     ./backup.nix
     ./rclone.nix
     ./postgres.nix
+    ./adguard.nix
     ./hedgedoc.nix
     ./miniflux.nix
     ./redlib.nix
@@ -92,28 +92,9 @@
       53
       853
     ];
-    extraCommands =
-      let
-        ethtool = lib.getExe pkgs.ethtool;
-        tc = lib.getExe' pkgs.iproute2 "tc";
-      in ''
-      # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
-      ${ethtool} -K ens18 tso off
-
-      # clear existing rules
-      ${tc} qdisc del dev ens18 root || true
-
-      # create HTB hierarchy
-      ${tc} qdisc add dev ens18 root handle 1: htb default 20
-      ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-      ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100%
-      ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100%
-
-      # mark traffic
+    extraCommands = ''
       iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
-
-      # route marked packets
-      ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+      iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2
     '';
   };
   networking.interfaces.ens18 = {

hosts/chunk/tailscale.nix

@@ -7,9 +7,6 @@
       "--advertise-exit-node"
       "--accept-dns=false"
     ];
-    extraDaemonFlags = [
-      "--no-logs-no-support"
-    ];
     useRoutingFeatures = "server";
     openFirewall = true;
   };

hosts/common.nix

@@ -10,6 +10,7 @@
         "@wheel"
       ];
       trusted-public-keys = [
+        "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
         "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
@@ -17,6 +18,7 @@
       ];
       substituters = [
         "https://aseipp-nix-cache.global.ssl.fastly.net"
+        "https://cache.cything.io/central"
         "https://niri.cachix.org"
         "https://nix-community.cachix.org"
         "https://cache.garnix.io"

hosts/ytnix/default.nix

@@ -91,10 +91,7 @@
     resolvconf.enable = true;
     firewall = {
       enable = true;
-      allowedTCPPorts = [
-        8080  # mitmproxy
-        22000 # syncthing
-      ];
+      allowedTCPPorts = [ 8080 ]; # for mitmproxy
     };
   };
   programs.nm-applet.enable = true;
@@ -226,7 +223,6 @@
       "/home/yt/.local/share/Steam"
       "**/.wine"
       "/home/yt/Games"
-      "/home/yt/Videos"
     ];
     repo = "yt";
     passFile = config.sops.secrets."borg/rsyncnet".path;

hosts/ytnix/tailscale.nix

@@ -6,13 +6,8 @@
     openFirewall = true;
     useRoutingFeatures = "client";
     extraUpFlags = [
-      "--exit-node=chunk"
+      "--exit-node=100.122.132.30"
       "--accept-dns=false"
-      "--operator=yt"
-      "--exit-node-allow-lan-access"
-    ];
-    extraDaemonFlags = [
-      "--no-logs-no-support"
     ];
   };
 }

overlay/attic/concurrent-32.patch

@@ -1,13 +0,0 @@
-diff --git a/server/src/config.rs b/server/src/config.rs
-index 4412cbf..6dd483a 100644
---- a/server/src/config.rs
-+++ b/server/src/config.rs
-@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration {
- }
- 
- fn default_concurrent_chunk_uploads() -> usize {
--    10
-+    32
- }
- 
- fn load_config_from_path(path: &Path) -> Result<Config> {

overlay/attic/default.nix

@@ -16,9 +16,6 @@ final: prev: {
             cargoLock = null;
             cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
             useFetchCargoVendor = true;
-            patches = [
-              ./concurrent-32.patch
-            ];
           }
         );
     };