cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:fba0d4120d32c667a5cb49c6ad4687491fbf1536
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:015b6baa8d1200bacd0e30eb241f3d9f3cb2c5f5
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

47 commits
fba0d4120d ... 015b6baa8d

Author SHA1 Message Date
cy
015b6baa8d
workflow: use sed to stop spam 2025-03-30 09:55:22 -04:00
cy
888fb86155
workflow: rm GITHUB_TOKEN from update-flake-lock 2025-03-30 09:55:07 -04:00
cy
616d291030
workflow: use cachix extra_nix_config option 2025-03-29 14:14:11 -04:00
cy
c6999339da
workflow: use !cancelled() instead of always() 2025-03-29 13:23:24 -04:00
cy
1537fd6444
workflow: try yet another way to cache 2025-03-29 13:23:24 -04:00
cy
47e5c5cd77
workflow: add new lines 2025-03-28 17:47:46 -04:00
cy
048800c0bf
workflow: same changes to build-packages 2025-03-28 17:40:46 -04:00
cy
a45f4132e5
workflow: try another cache command cause --all is really all 2025-03-28 17:36:51 -04:00
cy
70ed141863
workflow: try lix 2025-03-28 17:23:27 -04:00
cy
61b5533dca
justfile: --commit-lock-file 2025-03-28 16:59:32 -04:00
cy
e610ca24e1
workflow: sign all just in case something got missed 2025-03-28 16:58:23 -04:00
cy
d4bf0f3ef5
workflow: nix copy --all 2025-03-28 16:58:22 -04:00
cy
d281beea43
chunk: rm attic; rclone: use 32 transfers 2025-03-28 16:57:46 -04:00
cy
ec86069844
update sops key; immich: change thumbs path; disable nm-applet 2025-03-28 01:01:12 -04:00
cy
36d1097c26
add cache priv key to nix.conf 2025-03-27 23:41:24 -04:00
cy
073e118366
rm helix; install minio-client 2025-03-27 23:41:07 -04:00
cy
9f47fb8a95
update caddy cloudflare plugin 2025-03-27 22:11:21 -04:00
cy
9dbc689e14
workflow: fix typo and don't build on macos 2025-03-27 19:19:54 -04:00
cy
7c8bc5a1f6
rclone: limit sftp-concurrency to 64 and remove OOMScoreAdjust workaround 2025-03-27 19:10:04 -04:00
cy
ec1f55aece
sops: add binary cache priv key 2025-03-27 18:47:25 -04:00
cy
789e0b7597
try to fix rclone memory issue; also disable OOM for now 2025-03-27 18:47:25 -04:00
cy
1ac785fba4
use s3 nix cache 2025-03-27 18:47:24 -04:00
cy
8c3f3a4dff
workflow: use new s3 nix cache 
add cache priv and pub key

add cache priv key to /home/runner

workflow: use new cache for build-packages
 2025-03-27 18:47:15 -04:00
cy
aea2a217c2
chunk: remove unused stuff 2025-03-27 13:24:37 -04:00
cy
225e01d935
nix fmt 2025-03-26 11:53:06 -04:00
cy
57aa110347
don't overlay pixelflasher and don't patch attic num_prefetch 2025-03-26 11:51:51 -04:00
cy
b5d3358f52
vscode stuff and try to make treefmt not suck 2025-03-26 10:43:56 -04:00
cy
8c921fc1ab
nixvim: enable yamlls; home/chunk: remove attic-server 2025-03-20 19:46:04 -04:00
cy
55267c5154
attic: don't chunk, s3 at localhost, start after garage 2025-03-20 19:45:22 -04:00
cy
9400279feb
garage: use 128M block_size 2025-03-20 19:44:45 -04:00
cy
31e8487a3f
immich: backup database to disk (not mount) 2025-03-20 19:44:29 -04:00
cy
c67622ba36
refactor rclone, use same serviceConfig for all mounts 2025-03-20 19:43:22 -04:00
cy
8ffe43a441
attic: always prefer streams 2025-03-20 16:10:39 -04:00
cy
959deb8dbc
try helix 2025-03-20 13:04:47 -04:00
cy
02dc7351ef
make rclone master 2025-03-20 10:11:56 -04:00
cy
5cc48a3eb3
try alternative cache domain 2025-03-20 10:11:56 -04:00
cy
6fa16fa422
try default conduwuit package 2025-03-20 00:46:23 -04:00
cy
384398b08a
misc 2025-03-19 23:14:24 -04:00
cy
ed929219da
nixvim: rm copilot stuff i never use 2025-03-18 23:16:06 -04:00
cy
f28234e555
workflow: add system-features 2025-03-18 15:40:06 -04:00
cy
1c8135095c
attic: try prefetching 8 chunks 2025-03-18 14:18:02 -04:00
cy
2260347ed9
flake update 2025-03-18 13:55:45 -04:00
cy
c299b501a6
workflow: use cachix installer 2025-03-18 00:15:32 -04:00
cy
f0add8c95f
rm lix-module from overlay 2025-03-17 23:42:19 -04:00
cy
ec9283ee26
workflow: rm cache nix store action 2025-03-17 23:38:40 -04:00
cy
7b4f70fbe6
remove lix input (only use lix-module) 2025-03-17 23:37:41 -04:00
cy
d50d2dcb73
workflow: always() cache 2025-03-17 22:35:44 -04:00
25 changed files with 413 additions and 362 deletions
Download patch file Download diff file Expand all files Collapse all files

148
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -3,16 +3,12 @@ on:
workflow_dispatch: workflow_dispatch:
push: push:
pull_request: pull_request:
env: env:
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
NIX_CONFIG: |
show-trace = true
extra-substituters = https://cache.cy7.sh/main
extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
experimental-features = nix-command flakes
extra-experimental-features = nix-command flakes
accept-flake-config = true
TERM: ansi TERM: ansi
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }}
jobs: jobs:
build-machines: build-machines:
strategy: strategy:
@ -24,6 +20,7 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Maximize build disk space - name: Maximize build disk space
uses: easimon/maximize-build-space@v10 uses: easimon/maximize-build-space@v10
@ -36,44 +33,59 @@ jobs:
remove-codeql: 'true' remove-codeql: 'true'
remove-docker-images: 'true' remove-docker-images: 'true'
build-mount-path: /nix build-mount-path: /nix
- name: setup binary cache key
run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem
- name: Install Nix - name: Install Nix
uses: nixbuild/nix-quick-install-action@master uses: cachix/install-nix-action@v30
with:
enable_kvm: true
extra_nix_config: |
show-trace = true
experimental-features = nix-command flakes
accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm
secret-key-files = /home/runner/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
--experimental-features "nix-command flakes" \
--extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix \
--extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
nix --version
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago relative to the start of the `Post Restore` phase
purge-last-accessed: 86400
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# always save the cache
save-always: true
- name: setup attic
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build - name: build
run: | run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
nix build -L "$package" nix build -L "$package"
- name: cache - name: cache
if: always() # https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: | run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
derivation="$(nix path-info --derivation "$package")" derivations=()
cache="$(nix-store --query --requisites --include-outputs "$derivation")" while IFS=$'\n' read derivation; do
xargs attic push main <<< "$cache" derivations+=("$derivation")
done < <(nix path-info --derivation "$package" | sed 's/\.drv$/.drv^*/')
for derivation in "${derivations[@]}"; do
nix copy -j8 \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
$(nix-store --query --requisites --include-outputs "$derivation")
done
build-homes: build-homes:
strategy: strategy:
fail-fast: false fail-fast: false
@ -85,6 +97,7 @@ jobs:
- ubuntu-latest - ubuntu-latest
# - macos-latest # - macos-latest
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Maximize build disk space - name: Maximize build disk space
uses: easimon/maximize-build-space@v10 uses: easimon/maximize-build-space@v10
@ -97,40 +110,55 @@ jobs:
remove-codeql: 'true' remove-codeql: 'true'
remove-docker-images: 'true' remove-docker-images: 'true'
build-mount-path: /nix build-mount-path: /nix
- uses: nixbuild/nix-quick-install-action@master
- name: setup binary cache key
run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
enable_kvm: true
extra_nix_config: |
show-trace = true
experimental-features = nix-command flakes
accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm
secret-key-files = /home/runner/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
--experimental-features "nix-command flakes" \
--extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix \
--extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
nix --version
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago relative to the start of the `Post Restore` phase
purge-last-accessed: 86400
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# always save the cache
save-always: true
- name: setup attic
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- name: build - name: build
run: | run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage" package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix build -L "$package" nix build -L "$package"
- name: cache - name: cache
if: always() # https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: | run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage" package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
derivation="$(nix path-info --derivation "$package")" derivations=()
cache="$(nix-store --query --requisites --include-outputs "$derivation")" while IFS=$'\n' read derivation; do
attic push main --stdin <<< "$cache" derivations+=("$derivation")
done < <(nix path-info --derivation "$package" | sed 's/\.drv$/.drv^*/')
for derivation in "${derivations[@]}"; do
nix copy -j8 \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
$(nix-store --query --requisites --include-outputs "$derivation")
done

65
.github/workflows/build-packages.yml vendored
View file

@ -6,16 +6,12 @@ on:
description: "package to build" description: "package to build"
required: false required: false
type: string type: string
env: env:
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
NIX_CONFIG: |
show-trace = true
extra-substituters = https://cache.cy7.sh/main
extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
experimental-features = nix-command flakes
extra-experimental-features = nix-command flakes
accept-flake-config = true
TERM: ansi TERM: ansi
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }}
jobs: jobs:
build-packages: build-packages:
strategy: strategy:
@ -26,29 +22,62 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-latest # - macos-latest
- macos-13 # - macos-13
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: setup binary cache key
run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with:
enable_kvm: true
extra_nix_config: |
show-trace = true
experimental-features = nix-command flakes
accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm
secret-key-files = /home/runner/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
--experimental-features "nix-command flakes" \
--extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix \
--extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
nix --version
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
persist-credentials: false persist-credentials: false
- name: setup attic
run: |
nix profile install github:zhaofengli/attic
attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
- run: nix build -L ${{ matrix.package }} - run: nix build -L ${{ matrix.package }}
- name: cache result - name: cache result
if: always() # https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: | run: |
derivation="$(nix path-info --derivation "${{ matrix.package }}")" derivations=()
cache="$(nix-store --query --requisites --include-outputs "$derivation")" while IFS=$'\n' read derivation; do
xargs attic push main <<< "$cache" derivations+=("$derivation")
done < <(nix path-info --derivation "${{ matrix.package }}" | sed 's/\.drv$/.drv^*/')
for derivation in "${derivations[@]}"; do
nix copy -j8 \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
$(nix-store --query --requisites --include-outputs "$derivation")
done
- name: prepare tarball to upload - name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
- name: upload result - name: upload result
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:

2
.github/workflows/update-flake-lock.yml vendored
View file

@ -14,7 +14,5 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Update flake.lock - name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v24 uses: DeterminateSystems/update-flake-lock@v24

6
.sops.yaml
View file

@ -123,3 +123,9 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/cache-priv-key.pem
key_groups:
- age:
- *yt
- *cy
- *chunk

190
flake.lock generated
View file

@ -92,11 +92,11 @@
"complement": { "complement": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1741378155, "lastModified": 1741891349,
"narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
"owner": "girlbossceo", "owner": "girlbossceo",
"repo": "complement", "repo": "complement",
"rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -131,11 +131,11 @@
"rocksdb": "rocksdb" "rocksdb": "rocksdb"
}, },
"locked": { "locked": {
"lastModified": 1741642109, "lastModified": 1742266954,
"narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=",
"owner": "girlbossceo", "owner": "girlbossceo",
"repo": "conduwuit", "repo": "conduwuit",
"rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -146,11 +146,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1741481578, "lastModified": 1742317686,
"narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -361,11 +361,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741360584, "lastModified": 1742243551,
"narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=",
"owner": "deuxfleurs-org", "owner": "deuxfleurs-org",
"repo": "garage", "repo": "garage",
"rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +455,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741701235, "lastModified": 1742305478,
"narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", "rev": "fb74bb76d94a6c55632376c931fc108131260ee9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -564,29 +564,17 @@
} }
}, },
"lix": { "lix": {
"inputs": { "flake": false,
"flake-compat": [
"flake-compat"
],
"nix2container": "nix2container",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": { "locked": {
"lastModified": 1741700536, "lastModified": 1741888409,
"narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=",
"ref": "refs/heads/main", "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd",
"rev": "be1491fa6aef638e0147b81ff172131d6db668d9", "type": "tarball",
"revCount": 17635, "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd"
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
}, },
"original": { "original": {
"type": "git", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix" "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
@ -595,19 +583,17 @@
"flake-utils" "flake-utils"
], ],
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": [ "lix": "lix",
"lix"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1738176840, "lastModified": 1741894565,
"narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", "rev": "a6da43f8193d9e329bba1795c42590c27966082e",
"revCount": 133, "revCount": 136,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
@ -727,11 +713,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741619381, "lastModified": 1742174123,
"narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -747,11 +733,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741597901, "lastModified": 1742204505,
"narHash": "sha256-nLUTgXXcFFz+3pd3Khz1H4jUECqX5+OapNPGioPJRQs=", "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-ld", "repo": "nix-ld",
"rev": "8e0308dd7dd9cd3656866fb2387bc29052fd6d3a", "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -760,22 +746,6 @@
"type": "github" "type": "github"
} }
}, },
"nix2container": {
"flake": false,
"locked": {
"lastModified": 1724996935,
"narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730531603, "lastModified": 1730531603,
@ -792,22 +762,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@ -826,11 +780,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1741600792, "lastModified": 1742268799,
"narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "rev": "da044451c6a70518db5b730fe277b70f494188f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -874,11 +828,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1741692589, "lastModified": 1742276595,
"narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", "rev": "2b3795787eba0066a2bc8bba7362422e5713840f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -899,11 +853,11 @@
"nuschtosSearch": "nuschtosSearch" "nuschtosSearch": "nuschtosSearch"
}, },
"locked": { "locked": {
"lastModified": 1741637833, "lastModified": 1742255305,
"narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -951,38 +905,6 @@
"type": "github" "type": "github"
} }
}, },
"pixelflasher": {
"locked": {
"lastModified": 1741302870,
"narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=",
"owner": "cything",
"repo": "nixpkgs",
"rev": "5ef8b274bb7f939104295a22cec3382268ed73cc",
"type": "github"
},
"original": {
"owner": "cything",
"ref": "pixelflasher",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"flake": false,
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -1037,7 +959,6 @@
"garage": "garage", "garage": "garage",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"nil": "nil", "nil": "nil",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
@ -1046,7 +967,6 @@
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable_2",
"nixvim": "nixvim", "nixvim": "nixvim",
"nvim-github-theme": "nvim-github-theme", "nvim-github-theme": "nvim-github-theme",
"pixelflasher": "pixelflasher",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"treefmt": "treefmt", "treefmt": "treefmt",
@ -1077,11 +997,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741660300, "lastModified": 1742265167,
"narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1097,11 +1017,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741644481, "lastModified": 1742239755,
"narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e653d71e82575a43fe9d228def8eddb73887b866", "rev": "787afce414bcce803b605c510b60bf43c11f4b55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1147,11 +1067,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1739829690, "lastModified": 1742303424,
"narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "3d0579f5cc93436052d94b73925b48973a104204", "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1170,11 +1090,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741704640, "lastModified": 1742262692,
"narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "27f37976beb94100b18ab8407ff056654db68506", "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7",
"type": "github" "type": "github"
}, },
"original": { "original": {

19
flake.nix
View file

@ -51,12 +51,6 @@
url = "git+https://git.lix.systems/lix-project/nixos-module"; url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
inputs.lix.follows = "lix";
};
lix = {
url = "git+https://git.lix.systems/lix-project/lix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-compat.follows = "flake-compat";
}; };
nix-ld = { nix-ld = {
url = "github:nix-community/nix-ld"; url = "github:nix-community/nix-ld";
@ -77,7 +71,6 @@
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
pixelflasher.url = "github:cything/nixpkgs/pixelflasher";
attic = { attic = {
url = "github:zhaofengli/attic"; url = "github:zhaofengli/attic";
inputs = { inputs = {
@ -113,11 +106,11 @@
nixConfig = { nixConfig = {
extra-substituters = [ extra-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.cy7.sh/main" "https://nixcache.cy7.sh"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8="
]; ];
}; };
@ -135,7 +128,6 @@
imports = [ imports = [
inputs.treefmt.flakeModule inputs.treefmt.flakeModule
]; ];
debug = true;
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
]; ];
@ -148,11 +140,14 @@
treefmt = { treefmt = {
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
programs.nixfmt.enable = true; programs.nixfmt.enable = true;
programs.stylua.enable = true;
programs.yamlfmt.enable = true;
programs.typos.enable = true; programs.typos.enable = true;
programs.shellcheck.enable = true; programs.shellcheck.enable = true;
programs.yamlfmt = {
enable = true;
settings.retain_line_breaks = true;
};
settings.global.excludes = [ settings.global.excludes = [
"secrets/*" "secrets/*"
"**/*.png" # tries to format a png file "**/*.png" # tries to format a png file

65
home/codium.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, lib, ... }:
{ {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
@ -22,10 +22,13 @@
emilast.logfilehighlighter emilast.logfilehighlighter
tamasfe.even-better-toml tamasfe.even-better-toml
golang.go golang.go
ms-python.python
christian-kohler.path-intellisense
]; ];
userSettings = userSettings =
let let
vimCommonKeyBindings = [ vimCommonKeyBindings = [
# nice emacs bindings
{ {
"before" = [ "C-a" ]; "before" = [ "C-a" ];
"commands" = [ "cursorHome" ]; "commands" = [ "cursorHome" ];
@ -34,6 +37,19 @@
"before" = [ "C-e" ]; "before" = [ "C-e" ];
"commands" = [ "cursorEnd" ]; "commands" = [ "cursorEnd" ];
} }
{
"before" = [ "C-b" ];
"commands" = [ "cursorLeft" ];
}
{
"before" = [ "C-f" ];
"commands" = [ "cursorRight" ];
}
# ctrl+h to turn off search highlighting
{
"before" = [ "C-h" ];
"commands" = [ ":nohl" ];
}
]; ];
in in
{ {
@ -73,7 +89,7 @@
"markdown-preview-enhanced.previewTheme" = "github-dark.css"; "markdown-preview-enhanced.previewTheme" = "github-dark.css";
"nix.enableLanguageServer" = true; "nix.enableLanguageServer" = true;
"nix.serverPath" = "nil"; "nix.serverPath" = "${lib.getExe pkgs.nil}";
"bookmarks.saveBookmarksInProject" = true; "bookmarks.saveBookmarksInProject" = true;
"cSpell.enabledFileTypes" = { "cSpell.enabledFileTypes" = {
@ -83,6 +99,15 @@
# vim stuff # vim stuff
"vim.leader" = ","; "vim.leader" = ",";
"extensions.experimental.affinity" = {
"vscodevim.vim" = 1;
};
"vim.sneak" = true;
"vim.sneakUseIgnorecaseAndSmartcase" = true;
"vim.enableNeovim" = true;
"vim.hlsearch" = true;
"vim.easymotion" = true;
"editor.lineNumbers" = "relative";
"vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [
{ {
"before" = [ ";" ]; "before" = [ ";" ];
@ -117,6 +142,13 @@
]; ];
"commands" = [ "workbench.action.toggleSidebarVisibility" ]; "commands" = [ "workbench.action.toggleSidebarVisibility" ];
} }
{
"before" = [
"<space>"
"s"
];
"commands" = [ "workbench.action.toggleSidebarVisibility" ];
}
{ {
"before" = [ "before" = [
"<leader>" "<leader>"
@ -190,10 +222,33 @@
"commands" = [ "editor.action.outdentLines" ]; "commands" = [ "editor.action.outdentLines" ];
} }
]; ];
"extensions.experimental.affinity" = {
"vscodevim.vim" = 1;
};
}; };
keybindings = [
# repeat these vim bindings here cause otherwise they get overridden by vscode
{
"key" = "ctrl+b";
"when" = "inputFocus";
"command" = "cursorLeft";
}
{
"key" = "ctrl+f";
"when" = "inputFocus";
"command" = "cursorRight";
}
# clear default bindings that conflict
{
"key" = "ctrl+f";
"command" = "-actions.find";
}
{
"key" = "ctrl+b";
"command" = "-workbench.action.toggleSidebarVisibility";
}
{
"key" = "ctrl+w";
"command" = "-workbench.action.closeActiveEditor";
}
];
}; };
}; };
} }

47
home/nixvim/default.nix
View file

@ -71,41 +71,6 @@
key = "<C-e>"; key = "<C-e>";
mode = "i"; mode = "i";
} }
# quick chat with copilot
{
key = "<leader>ccq";
action.__raw = ''
function()
local input = vim.fn.input("Quick chat: ")
if input ~= "" then
require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer })
end
end
'';
mode = [
"n"
"v"
];
}
# ask perplexity a quick question
{
key = "<leader>ccs";
action.__raw = ''
function()
local input = vim.fn.input("Perplexity: ")
if input ~= "" then
require("CopilotChat").ask(input, {
agent = "perplexityai",
selection = false,
})
end
end
'';
mode = [
"n"
"v"
];
}
]; ];
plugins.cmp = { plugins.cmp = {
@ -198,10 +163,11 @@
}; };
rust_analyzer = { rust_analyzer = {
enable = true; enable = true;
installRustc = true; installRustc = false;
installCargo = true; installCargo = false;
}; };
eslint.enable = true; eslint.enable = true;
yamlls.enable = true;
}; };
}; };
plugins.treesitter = { plugins.treesitter = {
@ -233,13 +199,6 @@
settings.current_line_blame = true; settings.current_line_blame = true;
}; };
plugins.copilot-chat = {
enable = true;
settings = {
model = "claude-3.5-sonnet";
};
};
plugins.cmp-buffer.enable = true; plugins.cmp-buffer.enable = true;
plugins.cmp-emoji.enable = true; plugins.cmp-emoji.enable = true;
plugins.cmp-nvim-lsp.enable = true; plugins.cmp-nvim-lsp.enable = true;

4
home/yt/chunk.nix
View file

@ -14,8 +14,4 @@
programs.home-manager.enable = true; programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
home.packages = with pkgs; [
attic-server
];
} }

6
home/yt/ytnix.nix
View file

@ -60,7 +60,6 @@
unzip unzip
anki-bin anki-bin
trezorctl trezorctl
trezor-agent
q q
gdb gdb
fuzzel fuzzel
@ -77,7 +76,6 @@
)) ))
p7zip p7zip
qbittorrent qbittorrent
nil
android-tools android-tools
frida-tools frida-tools
mitmproxy mitmproxy
@ -100,9 +98,11 @@
nix-output-monitor nix-output-monitor
wl-clipboard-rs wl-clipboard-rs
pixelflasher pixelflasher
element-desktop cinny-desktop
freetube freetube
gopls gopls
rust-analyzer
minio-client
]; ];
home.sessionVariables = { home.sessionVariables = {

2
home/zsh/default.nix
View file

@ -92,7 +92,7 @@
"s" = "sudo"; "s" = "sudo";
"nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json";
"nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json";
"hrs" = "home-manager switch -L --flake . |& nom --json"; "hrs" = "home-manager switch -L --flake .";
"g" = "git"; "g" = "git";
"ga" = "git add"; "ga" = "git add";
"gaa" = "git add --all"; "gaa" = "git add --all";

6
hosts/chunk/default.nix
View file

@ -184,16 +184,10 @@
security.sudo.enable = true; security.sudo.enable = true;
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
programs.gnupg.agent.enable = true;
programs.git.enable = true; programs.git.enable = true;
my.caddy.enable = true; my.caddy.enable = true;
# container stuff # container stuff
my.containerization.enable = true; my.containerization.enable = true;
my.roundcube.enable = true;
my.zipline.enable = true;
my.searx.enable = true;
my.attic.enable = true;
} }

15
hosts/chunk/garage.nix
View file

@ -10,15 +10,21 @@
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";
root_domain = "s3.cy7.sh"; root_domain = "s3.cy7.sh";
}; };
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.cy7.sh";
add_host_to_metrics = true;
};
admin.api_bind_addr = "[::]:3903"; admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
replication_factor = 1; replication_factor = 1;
db_engine = "lmdb"; db_engine = "lmdb";
disable_scrub = true; disable_scrub = true;
block_size = "10M"; block_size = "128M";
compression_level = "none"; compression_level = "none";
}; };
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
logLevel = "warn";
}; };
services.caddy.virtualHosts = { services.caddy.virtualHosts = {
@ -33,5 +39,12 @@
import common import common
reverse_proxy localhost:3903 reverse_proxy localhost:3903
''; '';
"*.web.cy7.sh" = {
serverAliases = [ "nixcache.cy7.sh" ];
extraConfig = ''
import common
reverse_proxy localhost:3902
'';
};
}; };
} }

6
hosts/chunk/immich.nix
View file

@ -6,9 +6,10 @@
}: }:
let let
uploadLocation = "/mnt/photos/immich"; uploadLocation = "/mnt/photos/immich";
thumbsLocation = "/opt/immich/thumbs"; # thumbsLocation = "/opt/immich/thumbs";
profileLocation = "/opt/immich/profile"; profileLocation = "/opt/immich/profile";
dbDataLocation = "/opt/immich/postgres"; dbDataLocation = "/opt/immich/postgres";
backupsLocation = "/opt/immich/backups";
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@ -19,8 +20,9 @@ in
pull = "newer"; pull = "newer";
volumes = [ volumes = [
"${uploadLocation}:/usr/src/app/upload" "${uploadLocation}:/usr/src/app/upload"
"${thumbsLocation}:/usr/src/app/upload/thumbs" # "${thumbsLocation}:/usr/src/app/upload/thumbs"
"${profileLocation}:/usr/src/app/upload/profile" "${profileLocation}:/usr/src/app/upload/profile"
"${backupsLocation}:/usr/src/app/upload/backups"
]; ];
environment = { environment = {
REDIS_HOSTNAME = "immich-redis"; REDIS_HOSTNAME = "immich-redis";

65
hosts/chunk/rclone.nix
View file

@ -4,6 +4,33 @@
lib, lib,
... ...
}: }:
let
mkServiceConfig = remote: mount: {
Type = "notify";
TimeoutSec = "5min 20s";
ExecStartPre = "/usr/bin/env mkdir -p ${mount}";
ExecStart = ''
${lib.getExe pkgs.rclone} mount \
--config ${config.sops.secrets."rclone/config".path} \
--allow-other \
--cache-dir /var/cache/rclone \
--transfers 32 \
--vfs-cache-mode full \
--vfs-cache-min-free-space 5G \
--dir-cache-time 30d \
--no-checksum \
--no-modtime \
--vfs-fast-fingerprint \
--vfs-read-chunk-size 16M \
--vfs-read-chunk-streams 16 \
--sftp-concurrency 64 \
--sftp-chunk-size 255k \
--buffer-size 0 \
${remote} ${mount}
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}";
};
in
{ {
systemd.services.immich-mount = { systemd.services.immich-mount = {
enable = true; enable = true;
@ -12,21 +39,7 @@
after = [ "network-online.target" ]; after = [ "network-online.target" ];
requiredBy = [ "podman-immich-server.service" ]; requiredBy = [ "podman-immich-server.service" ];
before = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ];
serviceConfig = { serviceConfig = mkServiceConfig "photos:" "/mnt/photos";
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
ExecStart = ''
${lib.getExe pkgs.rclone} mount \
--config ${config.sops.secrets."rclone/config".path} \
--cache-dir /var/cache/rclone \
--transfers=32 \
--dir-cache-time 30d \
--vfs-cache-mode writes \
--vfs-cache-max-size 2G \
photos: /mnt/photos
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos";
};
}; };
systemd.services.garage-mount = { systemd.services.garage-mount = {
@ -36,26 +49,6 @@
after = [ "network-online.target" ]; after = [ "network-online.target" ];
requiredBy = [ "garage.service" ]; requiredBy = [ "garage.service" ];
before = [ "garage.service" ]; before = [ "garage.service" ];
serviceConfig = { serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage";
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
ExecStart = ''
${lib.getExe pkgs.rclone} mount \
--config ${config.sops.secrets."rclone/config".path} \
--allow-other \
--cache-dir /var/cache/rclone \
--transfers=32 \
--vfs-cache-mode full \
--vfs-cache-min-free-space 5G \
--dir-cache-time 30d \
--no-checksum \
--no-modtime \
--vfs-fast-fingerprint \
--vfs-read-chunk-size 10M \
--vfs-read-chunk-streams 32 \
rsyncnet:garage /mnt/garage
'';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
};
}; };
} }

20
hosts/common.nix
View file

@ -1,4 +1,4 @@
{ inputs, ... }: { inputs, config, ... }:
{ {
nix = { nix = {
settings = { settings = {
@ -9,13 +9,16 @@
"root" "root"
"@wheel" "@wheel"
]; ];
trusted-public-keys = [ extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8="
]; ];
trusted-substituters = [ extra-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.cy7.sh/main" "https://nixcache.cy7.sh"
];
secret-key-files = [
config.sops.secrets.cache-priv-key.path
]; ];
}; };
channel.enable = false; channel.enable = false;
@ -74,4 +77,11 @@
services.thermald.enable = true; services.thermald.enable = true;
environment.enableAllTerminfo = true; environment.enableAllTerminfo = true;
sops.secrets.cache-priv-key = {
format = "binary";
sopsFile = ../secrets/cache-priv-key.pem;
mode = "0440";
group = "users";
};
} }

4
hosts/ytnix/default.nix
View file

@ -94,8 +94,10 @@
# 3003 # immich-ml # 3003 # immich-ml
# ]; # ];
}; };
hosts = {
"100.122.132.30" = [ "s3.cy7.sh" ];
};
}; };
programs.nm-applet.enable = true;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

4
justfile
View file

@ -1,9 +1,7 @@
update: update:
git branch -D update || true git branch -D update || true
git switch -c update git switch -c update
nix flake update nix flake update --commit-lock-file
git add flake.lock
git commit -s -m "flake update"
git push -f git push -f
git switch main git switch main

37
modules/attic.nix
View file

@ -18,7 +18,10 @@ in
settings = { settings = {
listen = "[::]:8091"; listen = "[::]:8091";
api-endpoint = "https://cache.cy7.sh/"; api-endpoint = "https://cache.cy7.sh/";
allowed-hosts = [ "cache.cy7.sh" ]; allowed-hosts = [
"cache.cy7.sh"
"cdn.cy7.sh"
];
require-proof-of-possession = false; require-proof-of-possession = false;
compression = { compression = {
type = "none"; type = "none";
@ -30,18 +33,40 @@ in
type = "s3"; type = "s3";
region = "us-east-1"; region = "us-east-1";
bucket = "attic"; bucket = "attic";
endpoint = "https://s3.cy7.sh"; # attic must be patched to never serve pre-signed s3 urls directly
# otherwise it will redirect clients to this localhost endpoint
endpoint = "http://127.0.0.1:3900";
}; };
garbage-collection = { garbage-collection = {
default-retention-period = "1 month"; default-retention-period = "1 month";
}; };
chunking = {
# disable chunking since garage does its own
nar-size-threshold = 0;
# defaults
min-size = 16384;
avg-size = 65536;
max-size = 262144;
};
}; };
}; };
services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' systemd.services.atticd = {
import common requires = [ "garage.service" ];
reverse_proxy localhost:8091 after = [ "garage.service" ];
''; environment = {
RUST_LOG = "INFO";
};
};
services.caddy.virtualHosts."cache.cy7.sh" = {
serverAliases = [ "cdn.cy7.sh" ];
extraConfig = ''
import common
reverse_proxy localhost:8091
'';
};
}; };
} }

4
modules/caddy.nix
View file

@ -19,9 +19,9 @@ in
plugins = [ plugins = [
# error message will tell you the correct version tag to use # error message will tell you the correct version tag to use
# (still need the @ to pass nix config check) # (still need the @ to pass nix config check)
"github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
]; ];
hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc=";
}; };
logFormat = lib.mkForce "level INFO"; logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";

2
overlay/attic/default.nix
View file

@ -1,7 +1,7 @@
final: prev: { final: prev: {
attic-server = prev.attic-server.overrideAttrs { attic-server = prev.attic-server.overrideAttrs {
patches = [ patches = [
./prefetch-32-chunks.patch ./prefetch-8-chunks.patch
]; ];
}; };
} }

13
overlay/attic/prefetch-32-chunks.patch
View file

@ -1,13 +0,0 @@
diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs
index 02e4857..71eeee8 100644
--- a/server/src/api/binary_cache.rs
+++ b/server/src/api/binary_cache.rs
@@ -262,7 +262,7 @@ async fn get_nar(
// TODO: Make num_prefetch configurable
// The ideal size depends on the average chunk size
- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| {
+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| {
tracing::error!(%e, "Stream error");
e
});

14
overlay/attic/prefetch-8-chunks.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs
index 02e4857..b522154 100644
--- a/server/src/api/binary_cache.rs
+++ b/server/src/api/binary_cache.rs
@@ -215,7 +215,7 @@ async fn get_nar(
let chunk = chunks[0].as_ref().unwrap();
let remote_file = &chunk.remote_file.0;
let storage = state.storage().await?;
- match storage.download_file_db(remote_file, false).await? {
+ match storage.download_file_db(remote_file, true).await? {
Download::Url(url) => Ok(Redirect::temporary(&url).into_response()),
Download::AsyncRead(stream) => {
let stream = ReaderStream::new(stream).map_err(|e| {

3
overlay/default.nix
View file

@ -15,8 +15,7 @@ in
pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg};
in in
{ {
conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; conduwuit = pkgFrom inputs.conduwuit "default";
pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher";
attic-server = pkgFrom inputs.attic "attic-server"; attic-server = pkgFrom inputs.attic "attic-server";
attic = pkgFrom inputs.attic "attic"; attic = pkgFrom inputs.attic "attic";
garage = ( garage = (

28
secrets/cache-priv-key.pem Normal file
View file

@ -0,0 +1,28 @@
{
"data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-03-27T20:37:28Z",
"mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}