From fb416ea81745611cd55d7e4bbb1df88f0fbf91bd Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 13:43:35 -0400 Subject: [PATCH 01/30] test workflow --- .../workflows/build-machines-and-homes.yml | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 413b892..7d4e572 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,9 @@ on: workflow_dispatch: push: pull_request: +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + jobs: build-machines: strategy: @@ -58,7 +61,17 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + + - name: setup attic + run: | + nix profile install nixpkgs#attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + attic use main + + - run: | + nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + attic push main result + build-homes: strategy: matrix: @@ -109,4 +122,13 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + + - name: setup attic + run: | + nix profile install nixpkgs#attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + attic use main + + - run: | + nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + attic push main result From 7a971e519a623e03f577a83e48154d22e8e8da6e Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 13:56:36 -0400 Subject: [PATCH 02/30] fix attic install, use faster nix installer, rm cachix --- .../workflows/build-machines-and-homes.yml | 43 ++++++++----------- 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7d4e572..eb40209 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -5,6 +5,14 @@ on: pull_request: env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi jobs: build-machines: @@ -29,21 +37,15 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - install_url: https://releases.nixos.org/nix/nix-2.25.4/install - extra_nix_config: 'accept-flake-config = true' + uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -64,13 +66,11 @@ jobs: - name: setup attic run: | - nix profile install nixpkgs#attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - attic use main + nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: | nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - attic push main result + nix run github:zhaofengli/attic push main result build-homes: strategy: @@ -94,17 +94,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -125,10 +122,8 @@ jobs: - name: setup attic run: | - nix profile install nixpkgs#attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - attic use main + nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: | nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage - attic push main result + nix run github:zhaofengli/attic push main result From 8209ff70ff1b69ddcb20c4b0eccf3f5f00582a08 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 14:30:02 -0400 Subject: [PATCH 03/30] workflow: use attic cache for packages too --- .../workflows/build-machines-and-homes.yml | 6 +++++ .github/workflows/build-packages.yml | 27 ++++++++++++++----- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index eb40209..547cc42 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,6 +70,9 @@ jobs: - run: | nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + + - name: cache result + run: | nix run github:zhaofengli/attic push main result build-homes: @@ -126,4 +129,7 @@ jobs: - run: | nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + + - name: cache result + run: | nix run github:zhaofengli/attic push main result diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 72fc72c..4c55317 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,17 @@ on: description: "package to build" required: false type: string +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-packages: strategy: @@ -18,6 +29,7 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 + runs-on: ${{ matrix.os }} steps: - name: Install Nix @@ -27,12 +39,13 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + + - name: setup attic + run: | + nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} + + - name: cache result + run: | + nix run github:zhaofengli/attic push main result \ No newline at end of file From 39e1b2dcafe0ab9ab96e8240ad89b260117c79c3 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 14:41:49 -0400 Subject: [PATCH 04/30] workflow: upload result as artifact --- .github/workflows/build-machines-and-homes.yml | 14 ++++++++++++++ .github/workflows/build-packages.yml | 9 ++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 547cc42..55a86db 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -75,6 +75,13 @@ jobs: run: | nix run github:zhaofengli/attic push main result + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.machine }}-${{ matrix.os }} + path: result + if-no-files-found: error + build-homes: strategy: matrix: @@ -133,3 +140,10 @@ jobs: - name: cache result run: | nix run github:zhaofengli/attic push main result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.home }}-${{ matrix.os }} + path: result + if-no-files-found: error diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4c55317..07b76df 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -48,4 +48,11 @@ jobs: - name: cache result run: | - nix run github:zhaofengli/attic push main result \ No newline at end of file + nix run github:zhaofengli/attic push main result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.package }}-${{ matrix.os }} + path: result + if-no-files-found: error From 1067cba34bfa9525923191b4bb541d2e98152489 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 14:59:35 -0400 Subject: [PATCH 05/30] workflow: make tarball before uploading --- .github/workflows/build-machines-and-homes.yml | 10 ++++++++-- .github/workflows/build-packages.yml | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 55a86db..2614cba 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -75,11 +75,14 @@ jobs: run: | nix run github:zhaofengli/attic push main result + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: name: ${{ matrix.machine }}-${{ matrix.os }} - path: result + path: result.tar if-no-files-found: error build-homes: @@ -141,9 +144,12 @@ jobs: run: | nix run github:zhaofengli/attic push main result + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: name: ${{ matrix.home }}-${{ matrix.os }} - path: result + path: result.tar if-no-files-found: error diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 07b76df..dbcf6c6 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -50,9 +50,12 @@ jobs: run: | nix run github:zhaofengli/attic push main result + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: name: ${{ matrix.package }}-${{ matrix.os }} - path: result + path: result.tar if-no-files-found: error From 2f7ebbdcaf5825daa8d9ec662c79c67c60aff5fb Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 15:59:29 -0400 Subject: [PATCH 06/30] workflow: test new way to cache --- .github/workflows/build-machines-and-homes.yml | 8 ++++++-- .github/workflows/build-packages.yml | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2614cba..b15bc22 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -73,7 +73,9 @@ jobs: - name: cache result run: | - nix run github:zhaofengli/attic push main result + derivation="$(nix path-info --derivation "${{ matrix.machine }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + nix run github:zhaofengli/attic push main --stdin <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result @@ -142,7 +144,9 @@ jobs: - name: cache result run: | - nix run github:zhaofengli/attic push main result + derivation="$(nix path-info --derivation "${{ matrix.home }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + nix run github:zhaofengli/attic push main --stdin <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index dbcf6c6..7edb468 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -48,7 +48,9 @@ jobs: - name: cache result run: | - nix run github:zhaofengli/attic push main result + derivation="$(nix path-info --derivation "${{ matrix.package }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + nix run github:zhaofengli/attic push main --stdin <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From ffcb42f833bd12bf447b1fb7c2389a76fc95637f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 16:43:34 -0400 Subject: [PATCH 07/30] workflow: fix cache for nixos and home --- .github/workflows/build-machines-and-homes.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index b15bc22..e7b0492 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -140,11 +140,12 @@ jobs: nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: | - nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" - name: cache result run: | - derivation="$(nix path-info --derivation "${{ matrix.home }}")" + derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" nix run github:zhaofengli/attic push main --stdin <<< "$cache" From 2b5322cb7231124030d52ca81e0ba859dd7eac47 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 17:15:53 -0400 Subject: [PATCH 08/30] workflow: install attic instead of nix run --- .github/workflows/build-machines-and-homes.yml | 10 ++++++---- .github/workflows/build-packages.yml | 5 +++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index e7b0492..9e3344a 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -66,7 +66,8 @@ jobs: - name: setup attic run: | - nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: | nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel @@ -75,7 +76,7 @@ jobs: run: | derivation="$(nix path-info --derivation "${{ matrix.machine }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - nix run github:zhaofengli/attic push main --stdin <<< "$cache" + attic push main --stdin <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result @@ -137,7 +138,8 @@ jobs: - name: setup attic run: | - nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" @@ -147,7 +149,7 @@ jobs: run: | derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - nix run github:zhaofengli/attic push main --stdin <<< "$cache" + attic push main --stdin <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 7edb468..7a19a0a 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -42,7 +42,8 @@ jobs: - name: setup attic run: | - nix run github:zhaofengli/attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} @@ -50,7 +51,7 @@ jobs: run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - nix run github:zhaofengli/attic push main --stdin <<< "$cache" + attic push main --stdin <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From 8da2d56d6d76080624b68365aa84c62008423752 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 17:45:59 -0400 Subject: [PATCH 09/30] workflow: fix --- .github/workflows/build-machines-and-homes.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 9e3344a..9443181 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -69,8 +69,14 @@ jobs: nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - run: | - nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + - name: build and cache + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + - name: cache result run: | @@ -141,12 +147,10 @@ jobs: nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - run: | + - name: build and cache + run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - - - name: cache result - run: | derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" From fef8deac6680a75e199897a93cfdba4c71d028cb Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 18:15:45 -0400 Subject: [PATCH 10/30] workflow: fix artifact name --- .github/workflows/build-packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 7a19a0a..5bb8b29 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -59,6 +59,6 @@ jobs: - name: upload result uses: actions/upload-artifact@v4 with: - name: ${{ matrix.package }}-${{ matrix.os }} + name: ${{ matrix.os }} path: result.tar if-no-files-found: error From bd97413dfa44d3be25438ccb2a3c2743127b863c Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 21:09:04 -0400 Subject: [PATCH 11/30] overlay garage --- flake.lock | 33 +++++++++++++++++++++++++++++++++ flake.nix | 12 ++++++++++++ 2 files changed, 45 insertions(+) diff --git a/flake.lock b/flake.lock index e40aeed..bd1a4e5 100644 --- a/flake.lock +++ b/flake.lock @@ -342,6 +342,38 @@ "type": "github" } }, + "garage": { + "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1741360584, + "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "type": "github" + }, + "original": { + "owner": "deuxfleurs-org", + "repo": "garage", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -1002,6 +1034,7 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", diff --git a/flake.nix b/flake.nix index a07ce00..494ce4f 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,16 @@ crane.follows = "crane"; }; }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -105,11 +115,13 @@ "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; }; From ccc27bb9cc3dfda2507916aee8a3b3067b830cdd Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:36:36 -0400 Subject: [PATCH 12/30] fix leftover --- .github/workflows/build-machines-and-homes.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 9443181..429a454 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -77,13 +77,6 @@ jobs: cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - - name: cache result - run: | - derivation="$(nix path-info --derivation "${{ matrix.machine }}")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result From 5b5418e325472ea7c61ea0ebf2face5435083405 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:48:18 -0400 Subject: [PATCH 13/30] fix garage mainProgram --- overlay/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/overlay/default.nix b/overlay/default.nix index b3cdb56..1df98bd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -19,7 +19,10 @@ in pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; + garage = ((pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + }); } ) ] -++ importedOverlays \ No newline at end of file +++ importedOverlays From 25c7eb865a0680d60847b4c1e596e995658b7f9f Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 13:43:35 -0400 Subject: [PATCH 14/30] workflow: use attic --- .../workflows/build-machines-and-homes.yml | 83 +++++++++++++++---- .github/workflows/build-packages.yml | 40 +++++++-- 2 files changed, 98 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 413b892..429a454 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,17 @@ on: workflow_dispatch: push: pull_request: +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-machines: strategy: @@ -26,21 +37,15 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - install_url: https://releases.nixos.org/nix/nix-2.25.4/install - extra_nix_config: 'accept-flake-config = true' + uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -58,7 +63,30 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - name: build and cache + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.machine }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error + build-homes: strategy: matrix: @@ -81,17 +109,14 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - uses: nixbuild/nix-quick-install-action@master + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -109,4 +134,26 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + + - name: build and cache + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.home }}-${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 72fc72c..5bb8b29 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,17 @@ on: description: "package to build" required: false type: string +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi + jobs: build-packages: strategy: @@ -18,6 +29,7 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 + runs-on: ${{ matrix.os }} steps: - name: Install Nix @@ -27,12 +39,26 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix + + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} + + - name: cache result + run: | + derivation="$(nix path-info --derivation "${{ matrix.package }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }} + path: result.tar + if-no-files-found: error From 386cf05f4246c4b5f74836dd9f0f657b943979e4 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Mar 2025 21:09:04 -0400 Subject: [PATCH 15/30] overlay garage --- flake.lock | 33 +++++++++++++++++++++++++++++++++ flake.nix | 12 ++++++++++++ overlay/default.nix | 5 ++++- 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index e40aeed..bd1a4e5 100644 --- a/flake.lock +++ b/flake.lock @@ -342,6 +342,38 @@ "type": "github" } }, + "garage": { + "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1741360584, + "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "type": "github" + }, + "original": { + "owner": "deuxfleurs-org", + "repo": "garage", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -1002,6 +1034,7 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", diff --git a/flake.nix b/flake.nix index a07ce00..494ce4f 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,16 @@ crane.follows = "crane"; }; }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -105,11 +115,13 @@ "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; }; diff --git a/overlay/default.nix b/overlay/default.nix index b3cdb56..1df98bd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -19,7 +19,10 @@ in pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; + garage = ((pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + }); } ) ] -++ importedOverlays \ No newline at end of file +++ importedOverlays From 60727812b81ea956b6c323979ef3df0fc8ae6d03 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:55:53 -0400 Subject: [PATCH 16/30] rm tor and update firewall stuff --- hosts/chunk/default.nix | 15 +++++---------- hosts/chunk/tor.nix | 16 ---------------- 2 files changed, 5 insertions(+), 26 deletions(-) delete mode 100644 hosts/chunk/tor.nix diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2fee98c..9a621c4 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,7 +22,6 @@ ./forgejo.nix ./garage.nix ./tailscale.nix - ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -101,22 +100,18 @@ ${tc} qdisc del dev ens18 root || true # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} qdisc add dev ens18 root handle 1: htb default 10 ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # tailscale - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% # rest + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # caddy ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 ''; }; interfaces.ens18 = { diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix deleted file mode 100644 index 2ad4a89..0000000 --- a/hosts/chunk/tor.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - services.tor = { - enable = true; - openFirewall = true; - relay = { - enable = true; - role = "relay"; - }; - settings = { - ORPort = 9001; - Nickname = "chunk"; - # MaxAdvertisedBandwidth = "20MBytes"; - }; - }; -} From 1f3b9983d63f8896932f268d12b24167e962494a Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:56:29 -0400 Subject: [PATCH 17/30] vscode: add toml and go --- home/codium.nix | 2 ++ home/yt/ytnix.nix | 1 + 2 files changed, 3 insertions(+) diff --git a/home/codium.nix b/home/codium.nix index 2d7bb9d..dcdf4ea 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -21,6 +21,8 @@ tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker emilast.logfilehighlighter + tamasfe.even-better-toml + golang.go ]; userSettings = let diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9b20a66..5d60a6d 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ pixelflasher element-desktop freetube + gopls ]; home.sessionVariables = { From f1e4d7834f3799bb041fae3b32c7edfcadf9572b Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:57:10 -0400 Subject: [PATCH 18/30] better docker support --- modules/containerization.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/containerization.nix b/modules/containerization.nix index 416d2bf..fd39da9 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -28,8 +28,11 @@ in dns_enabled = true; ipv6_enabled = true; }; + # answer on /var/run/docker.sock + dockerSocket.enable = true; }; - oci-containers.backend = lib.mkIf cfg.usePodman "podman"; + docker.enable = lib.mkIf (!cfg.usePodman) true; + oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; }; }; } From fcd42883eab918036b22e85c40701edc1034f726 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:57:38 -0400 Subject: [PATCH 19/30] add attic cache to nix.conf --- hosts/common.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/common.nix b/hosts/common.nix index feafd17..0fb2fc6 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -14,12 +14,14 @@ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; substituters = [ "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; }; channel.enable = false; From 5dd8b87f38049f3ee6ffd60a8fc76e4da6654771 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 00:58:59 -0400 Subject: [PATCH 20/30] ytnix: disable nix sandbox --- hosts/ytnix/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c185991..15ccf21 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -144,6 +144,7 @@ "docker" "disk" "adbusers" + "podman" ]; environment.systemPackages = with pkgs; lib.flatten [ @@ -384,4 +385,5 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; + nix.settings.sandbox = false; } From 16788bc7b2228ea50e86f00df560edc3ed3f1e29 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 01:01:18 -0400 Subject: [PATCH 21/30] workflow: upload artifact only for packages --- .../workflows/build-machines-and-homes.yml | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 429a454..2e9a593 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -77,16 +77,6 @@ jobs: cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.machine }}-${{ matrix.os }} - path: result.tar - if-no-files-found: error - build-homes: strategy: matrix: @@ -147,13 +137,3 @@ jobs: derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.home }}-${{ matrix.os }} - path: result.tar - if-no-files-found: error From 9c72baf1c0a5eec2962a50e16b72b59ec1b6c5a7 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 02:09:30 -0400 Subject: [PATCH 22/30] make garage and rclone better --- hosts/chunk/garage.nix | 12 +++--------- hosts/chunk/grafana.nix | 8 ++++++++ hosts/chunk/rclone.nix | 14 +++++++++++--- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 0dade9f..1620a67 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,15 +10,13 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.s3.cy7.sh"; - index = "index.html"; - }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; + disable_scrub = true; + block_size = "10M"; + compression_level = 3; }; environmentFile = config.sops.secrets."garage/env".path; }; @@ -31,10 +29,6 @@ reverse_proxy localhost:3900 ''; }; - "*.web.s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3902 - ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index ee5a382..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,6 +29,14 @@ } ]; } + { + job_name = "garage"; + static_configs = [ + { + targets = [ "127.0.0.1:3903" ]; + } + ]; + } ]; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 59a02e1..a3faaa2 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -32,9 +32,17 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers=32 --checkers=32 \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 5G \ + --dir-cache-time 30d \ + rsyncnet:garage /mnt/garage + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; From 00a8ac69cf0ca6d9e09e9603202a051cd0e1deee Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 02:10:11 -0400 Subject: [PATCH 23/30] nix fmt --- .../workflows/build-machines-and-homes.yml | 12 --- .github/workflows/build-packages.yml | 8 -- .sops.yaml | 3 +- home/codium.nix | 3 +- hosts/ytnix/containers.nix | 32 +++---- hosts/ytnix/default.nix | 84 ++++++++++--------- modules/attic.nix | 2 +- modules/searx.nix | 2 +- modules/vaultwarden.nix | 2 +- overlay/bitwarden/default.nix | 14 ++-- overlay/default.nix | 9 +- 11 files changed, 78 insertions(+), 93 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2e9a593..eded224 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi - jobs: build-machines: strategy: @@ -37,15 +36,12 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -63,12 +59,10 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" @@ -76,7 +70,6 @@ jobs: derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - build-homes: strategy: matrix: @@ -99,14 +92,11 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -124,12 +114,10 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5bb8b29..d23da13 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -16,7 +16,6 @@ env: extra-experimental-features = nix-command flakes accept-flake-config = true TERM: ansi - jobs: build-packages: strategy: @@ -29,33 +28,26 @@ jobs: - ubuntu-24.04-arm - macos-latest - macos-13 - runs-on: ${{ matrix.os }} steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - run: nix build -L ${{ matrix.package }} - - name: cache result run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" - - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - name: upload result uses: actions/upload-artifact@v4 with: diff --git a/.sops.yaml b/.sops.yaml index 6276e76..cb7e65d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,9 +118,8 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/services/searx.yaml key_groups: - age: - *chunk - - *cy \ No newline at end of file + - *cy diff --git a/home/codium.nix b/home/codium.nix index dcdf4ea..935866b 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,8 +10,7 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; - [ + with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix index a2aa405..4ef858c 100644 --- a/hosts/ytnix/containers.nix +++ b/hosts/ytnix/containers.nix @@ -1,4 +1,4 @@ -{ +{ config, pkgs, lib, @@ -6,20 +6,22 @@ }: { virtualisation.oci-containers.containers = { - immich-ml = let - modelCache = "/opt/immich-ml"; - in { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; + immich-ml = + let + modelCache = "/opt/immich-ml"; + in + { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; - }; }; systemd.services.create-immich-net = rec { @@ -33,4 +35,4 @@ ${lib.getExe pkgs.podman} network create immich-net ''; }; -} \ No newline at end of file +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 15ccf21..b57887e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -147,47 +147,49 @@ "podman" ]; - environment.systemPackages = with pkgs; lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = + with pkgs; + lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; diff --git a/modules/attic.nix b/modules/attic.nix index e7fbe8d..b24820b 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -44,4 +44,4 @@ in reverse_proxy localhost:8091 ''; }; -} \ No newline at end of file +} diff --git a/modules/searx.nix b/modules/searx.nix index 9e23955..db22bed 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -44,4 +44,4 @@ in reverse_proxy 127.0.0.1:8090 ''; }; -} \ No newline at end of file +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 8fda611..443d886 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -29,4 +29,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix index bcbabea..e9ace96 100644 --- a/overlay/bitwarden/default.nix +++ b/overlay/bitwarden/default.nix @@ -1,7 +1,9 @@ final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs (finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - }); -} \ No newline at end of file + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( + finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + } + ); +} diff --git a/overlay/default.nix b/overlay/default.nix index 1df98bd..3a655fd 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -14,14 +14,15 @@ in pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = - pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; attic-server = pkgFrom inputs.attic "attic-server"; attic = pkgFrom inputs.attic "attic"; - garage = ((pkgFrom inputs.garage "default").overrideAttrs { + garage = ( + (pkgFrom inputs.garage "default").overrideAttrs { meta.mainProgram = "garage"; - }); + } + ); } ) ] From 22204b49dd4f27deb51be111c48478a86c5de58f Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 13:19:36 -0400 Subject: [PATCH 24/30] patch attic to prefetch 32 chunks instead of 2 --- overlay/attic/default.nix | 7 +++++++ overlay/attic/prefetch-32-chunks.patch | 13 +++++++++++++ overlay/default.nix | 1 + 3 files changed, 21 insertions(+) create mode 100644 overlay/attic/default.nix create mode 100644 overlay/attic/prefetch-32-chunks.patch diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix new file mode 100644 index 0000000..14f5daf --- /dev/null +++ b/overlay/attic/default.nix @@ -0,0 +1,7 @@ +final: prev: { + attic-server = prev.attic-server.overrideAttrs { + patches = [ + ./prefetch-32-chunks.patch + ]; + }; +} diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-32-chunks.patch new file mode 100644 index 0000000..bbb801b --- /dev/null +++ b/overlay/attic/prefetch-32-chunks.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs +index 02e4857..71eeee8 100644 +--- a/server/src/api/binary_cache.rs ++++ b/server/src/api/binary_cache.rs +@@ -262,7 +262,7 @@ async fn get_nar( + + // TODO: Make num_prefetch configurable + // The ideal size depends on the average chunk size +- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { ++ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { + tracing::error!(%e, "Stream error"); + e + }); diff --git a/overlay/default.nix b/overlay/default.nix index 3a655fd..0eea626 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -3,6 +3,7 @@ let overlays = [ ./zipline ./bitwarden + ./attic ]; importedOverlays = map (m: import m) overlays; in From ffd7dc5ae64649c60a2e83711009cb28e5d2e45e Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 14 Mar 2025 13:19:44 -0400 Subject: [PATCH 25/30] disable cachix cache --- flake.nix | 2 -- hosts/common.nix | 4 ---- 2 files changed, 6 deletions(-) diff --git a/flake.nix b/flake.nix index 494ce4f..3f362e2 100644 --- a/flake.nix +++ b/flake.nix @@ -114,13 +114,11 @@ extra-substituters = [ "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cything.cachix.org" "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; diff --git a/hosts/common.nix b/hosts/common.nix index 0fb2fc6..bfa70e3 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,17 +10,13 @@ "@wheel" ]; trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; substituters = [ - "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cything.cachix.org" "https://cache.cy7.sh/main" ]; }; From a22868f0496dbd9633b9ed72256110ef2afde9f3 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 00:14:49 -0400 Subject: [PATCH 26/30] attempts to make garage and attic faster --- hosts/chunk/garage.nix | 2 +- hosts/chunk/rclone.nix | 24 ++++++++++++++++++------ modules/attic.nix | 2 +- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 1620a67..81b4af3 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -16,7 +16,7 @@ db_engine = "lmdb"; disable_scrub = true; block_size = "10M"; - compression_level = 3; + compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index a3faaa2..60d4e0e 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -15,9 +15,16 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --cache-dir /var/cache/rclone \ + --transfers=32 \ + --dir-cache-time 30d \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 2G \ + photos: /mnt/photos + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; }; }; @@ -37,10 +44,15 @@ --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers=32 --checkers=32 \ - --vfs-cache-mode writes \ - --vfs-cache-max-size 5G \ + --transfers=32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 10M \ + --vfs-read-chunk-streams 32 \ rsyncnet:garage /mnt/garage ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; diff --git a/modules/attic.nix b/modules/attic.nix index b24820b..5aa54c6 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -21,7 +21,7 @@ in allowed-hosts = [ "cache.cy7.sh" ]; require-proof-of-possession = false; compression = { - type = "zstd"; + type = "none"; level = 3; }; database.url = "postgresql:///atticd?host=/run/postgresql"; From 8f72e20b096fc7fde7febcb978e3d2d6bd30e858 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 00:15:15 -0400 Subject: [PATCH 27/30] use garage for sccache --- home/yt/ytnix.nix | 4 ++-- secrets/yt/aws.yaml | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 5d60a6d..3ec6aeb 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -113,13 +113,13 @@ RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + SCCACHE_ENDPOINT = "https://s3.cy7.sh"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 40f828a..0a48d33 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,6 +1,8 @@ aws: - key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str] - key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str] + key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] + key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] + _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] + _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: @@ -27,8 +29,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-27T02:50:27Z" - mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str] + lastmodified: "2025-03-16T16:45:13Z" + mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 From 0be44bc4c896fbc6015a4a81487b4a7916043084 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 11:08:49 -0400 Subject: [PATCH 28/30] workflow: disable fail-fast when building homes --- .github/workflows/build-machines-and-homes.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index eded224..21d70a8 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -72,6 +72,7 @@ jobs: attic push main --stdin <<< "$cache" build-homes: strategy: + fail-fast: false matrix: home: - yt@ytnix From 54af66d26cb66cac4d083fbdb8ec09e61174b8a1 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 11:09:00 -0400 Subject: [PATCH 29/30] remove garnix cache --- flake.nix | 3 --- hosts/common.nix | 7 +------ 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 3f362e2..7746231 100644 --- a/flake.nix +++ b/flake.nix @@ -113,15 +113,12 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.garnix.io" "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - builders-use-substitutes = true; }; outputs = diff --git a/hosts/common.nix b/hosts/common.nix index bfa70e3..c7841c3 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -11,12 +11,10 @@ ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; - substituters = [ + trusted-substituters = [ "https://nix-community.cachix.org" - "https://cache.garnix.io" "https://cache.cy7.sh/main" ]; }; @@ -31,9 +29,6 @@ persistent = true; options = "--delete-older-than 14d"; }; - extraOptions = '' - builders-use-substitutes = true - ''; registry.nixpkgs.flake = inputs.nixpkgs; }; From fba0d4120d32c667a5cb49c6ad4687491fbf1536 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 17 Mar 2025 21:38:31 -0400 Subject: [PATCH 30/30] workflow: always() cache --- .github/workflows/build-machines-and-homes.yml | 14 +++++++++++--- .github/workflows/build-packages.yml | 3 ++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 21d70a8..dbbb834 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -63,13 +63,17 @@ jobs: run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache + if: always() + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" build-homes: strategy: fail-fast: false @@ -119,10 +123,14 @@ jobs: run: | nix profile install github:zhaofengli/attic attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache + if: always() + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivation="$(nix path-info --derivation "$package")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" attic push main --stdin <<< "$cache" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index d23da13..872aa6d 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -42,10 +42,11 @@ jobs: attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} - name: cache result + if: always() run: | derivation="$(nix path-info --derivation "${{ matrix.package }}")" cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + xargs attic push main <<< "$cache" - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result