cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:main
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:2025-04-14
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

9 commits
main ... 2025-04-14

Author SHA1 Message Date
cy
9960ac71fc
workflow: use envars for s3 region and endpoint 2025-04-14 15:12:57 -04:00
cy
114aca9541
workflow: try hex encoded secret 2025-04-14 14:35:50 -04:00
cy
0bfef139ee
workflow: use runner.temp variable 2025-04-14 14:19:20 -04:00
cy
dbfd590562
dogfood nixcp 2025-04-14 13:46:03 -04:00
cy
892f42ed2a
use nixpkgs unstable 2025-04-14 13:37:13 -04:00
cy
1573032ace
try not using lix 2025-04-14 13:29:51 -04:00
cy
e452f2b753
just don't use matrix anymore 2025-04-14 13:29:51 -04:00
cy
1d851c93f1
install nil 2025-04-14 13:29:51 -04:00
cy
fecdb66f77
use lix from nixpkgs 2025-04-14 10:45:00 -04:00
14 changed files with 809 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

98
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -39,25 +39,6 @@ jobs:
- name: setup binary cache key - name: setup binary cache key
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: post-build-hook
run: |
sudo mkdir -p /etc/nix
sudo cp ci/upload-to-cache.sh /etc/nix/
sudo chmod +x /etc/nix/upload-to-cache.sh
- name: setup s3 credentials
run: |
sudo mkdir /root/.aws
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -68,14 +49,39 @@ jobs:
accept-flake-config = true accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm system-features = nixos-test benchmark big-parallel kvm
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
post-build-hook = /etc/nix/upload-to-cache.sh
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix
nix --version
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: build - name: build
run: | run: |
# package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
# nix build -L "$package"
nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}"
- name: cache
# https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
nix run github:cything/nixcp/2025-04-12 -- \
push \
--bucket nixcache \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
-u https://nix-community.cachix.org \
$package
build-homes: build-homes:
strategy: strategy:
fail-fast: false fail-fast: false
@ -104,25 +110,6 @@ jobs:
- name: setup binary cache key - name: setup binary cache key
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: post-build-hook
run: |
sudo mkdir -p /etc/nix
sudo cp ci/upload-to-cache.sh /etc/nix/
sudo chmod +x /etc/nix/upload-to-cache.sh
- name: setup s3 credentials
run: |
sudo mkdir /root/.aws
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -133,11 +120,34 @@ jobs:
accept-flake-config = true accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm system-features = nixos-test benchmark big-parallel kvm
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
post-build-hook = /etc/nix/upload-to-cache.sh
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix
nix --version
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: build - name: build
run: | run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage" package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix build -L "$package" nix build -L "$package"
- name: cache
# https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix run github:cything/nixcp/2025-04-12 -- \
push \
--bucket nixcache \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
-u https://nix-community.cachix.org \
$package

18
.github/workflows/build-packages.yml vendored
View file

@ -42,8 +42,20 @@ jobs:
accept-flake-config = true accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm system-features = nixos-test benchmark big-parallel kvm
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix
nix --version
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- run: nix build -L ${{ matrix.package }} - run: nix build -L ${{ matrix.package }}
@ -51,7 +63,7 @@ jobs:
# https://stackoverflow.com/a/58859404 # https://stackoverflow.com/a/58859404
if: '!cancelled()' if: '!cancelled()'
run: | run: |
nix run github:cything/nixcp -- \ nix run github:cything/nixcp/2025-04-12 -- \
push \ push \
--bucket nixcache \ --bucket nixcache \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \

1
README
View file

@ -1 +0,0 @@
this is only open source for free ci

40
README.md Normal file
View file

@ -0,0 +1,40 @@
# infra
## ./home
- [home-manager](https://github.com/nix-community/home-manager) configuration files
- foot, tmux, and zsh are configured in Nix
- nvim, rofi, sway, waybar are configured in their own literature and symlinked to $XDG_CONFIG_HOME with home-manager
## ./hosts
- [`hosts/common.nix`](hosts/common.nix): configuration that makes sense on all computers
- [`hosts/zsh.nix`](hosts/zsh.nix): for computers that have the power to run zsh
### ./hosts/ytnix
- personal laptop
- a single [`default.nix`](hosts/ytnix/default.nix) that could be modularized but works for now
### ./hosts/chunk
- the overworked server with 5% SLA
- very short and concise [`default.nix`](hosts/chunk/default.nix)
- services organized in their modules
- some services run through `virtualisation.oci-containers`:
- [immich](hosts/chunk/immich.nix)
- [conduwuit](hosts/chunk/conduwuit.nix)
### ./hosts/titan
- got this cause chunk would go down way too often :(
- hosted on azure for "reliability"
- runs:
- [ghost](hosts/titan/ghost.nix) (through `virtualisation.oci-containers`)
- [uptime-kuma](hosts/titan/uptime-kuma.nix)
- [ntfy-sh](hosts/titan/ntfy.nix)
## ./secrets
- secrets
- see [`.sops.yaml`](.sops.yaml) for who privy to what
## backups
- hourly borgbackup to [rsync.net](https://rsync.net)
- see [modules/backup](modules/backup.nix)
## monitoring
- [status.cything.io](https://status.cything.io/): uptime kuma (reliable)
- [grafana.cything.io](https://grafana.cything.io/): some real-time metrics here; unlike the status page this will go kaput often

8
ci/upload-to-cache.sh
View file

@ -1,8 +0,0 @@
#!/bin/sh
# https://nix.dev/guides/recipes/post-build-hook.html#implementing-the-build-hook
set -eu
set -f # disable globbing
export IFS=' '
echo "Uploading paths" $OUT_PATHS
exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd&parallel-compression=true" $OUT_PATHS

726
flake.lock generated
View file

@ -1,6 +1,171 @@
{ {
"nodes": { "nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1738524606,
"narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "main",
"repo": "attic",
"type": "github"
}
},
"cachix": {
"inputs": {
"devenv": "devenv",
"flake-compat": "flake-compat_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1737621947,
"narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
"owner": "cachix",
"repo": "cachix",
"rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "cachix",
"type": "github"
}
},
"cachix_2": {
"inputs": {
"devenv": [
"conduwuit",
"cachix",
"devenv"
],
"flake-compat": [
"conduwuit",
"cachix",
"devenv"
],
"git-hooks": [
"conduwuit",
"cachix",
"devenv"
],
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1728672398,
"narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
"owner": "cachix",
"repo": "cachix",
"rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "latest",
"repo": "cachix",
"type": "github"
}
},
"complement": {
"flake": false,
"locked": {
"lastModified": 1741891349,
"narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
"owner": "girlbossceo",
"repo": "complement",
"rev": "e587b3df569cba411aeac7c20b6366d03c143745",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"ref": "main",
"repo": "complement",
"type": "github"
}
},
"conduwuit": {
"inputs": {
"attic": "attic",
"cachix": "cachix",
"complement": "complement",
"crane": "crane_2",
"fenix": "fenix",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils",
"liburing": "liburing",
"nix-filter": "nix-filter",
"nixpkgs": [
"nixpkgs"
],
"rocksdb": "rocksdb"
},
"locked": {
"lastModified": 1743780871,
"narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=",
"owner": "girlbossceo",
"repo": "conduwuit",
"rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"repo": "conduwuit",
"type": "github"
}
},
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1739936662,
"narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "master",
"repo": "crane",
"type": "github"
}
},
"crane_3": {
"locked": { "locked": {
"lastModified": 1737689766, "lastModified": 1737689766,
"narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=",
@ -15,7 +180,7 @@
"type": "github" "type": "github"
} }
}, },
"crane_2": { "crane_4": {
"locked": { "locked": {
"lastModified": 1741148495, "lastModified": 1741148495,
"narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
@ -30,17 +195,75 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": { "devenv": {
"inputs": {
"cachix": "cachix_2",
"flake-compat": [
"conduwuit",
"cachix",
"flake-compat"
],
"git-hooks": [
"conduwuit",
"cachix",
"git-hooks"
],
"nix": "nix",
"nixpkgs": [
"conduwuit",
"cachix",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1717312683, "lastModified": 1733323168,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
"owner": "cachix",
"repo": "devenv",
"rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"conduwuit",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1740724364,
"narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-compat", "repo": "fenix",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "rev": "edf7d9e431cda8782e729253835f178a356d3aab",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "main",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"type": "github" "type": "github"
} }
@ -61,7 +284,101 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"ref": "master",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
"cachix",
"devenv",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"lanzaboote", "lanzaboote",
@ -96,6 +413,7 @@
}, },
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"ref": "main",
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
@ -136,22 +454,40 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"garage": { "garage": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane_3",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1745093116, "lastModified": 1742547966,
"narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=",
"owner": "deuxfleurs-org", "owner": "deuxfleurs-org",
"repo": "garage", "repo": "garage",
"rev": "4ef954d17604eba8aafa52902cd3c573978c7195", "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -160,7 +496,59 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [
"conduwuit",
"cachix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"conduwuit",
"cachix",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"conduwuit",
"cachix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -189,11 +577,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745128386, "lastModified": 1743948087,
"narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", "narHash": "sha256-B6cIi2ScgVSROPPlTti6len+TdR0K25B9R3oKvbw3M8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", "rev": "ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,9 +592,9 @@
}, },
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane_4",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_5",
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -228,9 +616,42 @@
"type": "github" "type": "github"
} }
}, },
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"liburing": {
"flake": false,
"locked": {
"lastModified": 1740613216,
"narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=",
"owner": "axboe",
"repo": "liburing",
"rev": "e1003e496e66f9b0ae06674869795edf772d5500",
"type": "github"
},
"original": {
"owner": "axboe",
"ref": "master",
"repo": "liburing",
"type": "github"
}
},
"nil": { "nil": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -250,6 +671,85 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"inputs": {
"flake-compat": [
"conduwuit",
"cachix",
"devenv"
],
"flake-parts": "flake-parts_2",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-23-11": [
"conduwuit",
"cachix",
"devenv"
],
"nixpkgs-regression": [
"conduwuit",
"cachix",
"devenv"
],
"pre-commit-hooks": [
"conduwuit",
"cachix",
"devenv"
]
},
"locked": {
"lastModified": 1727438425,
"narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
"owner": "domenkozar",
"repo": "nix",
"rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.24",
"repo": "nix",
"type": "github"
}
},
"nix-filter": {
"locked": {
"lastModified": 1731533336,
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "nix-filter",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -257,11 +757,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745120797, "lastModified": 1743911143,
"narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "69716041f881a2af935021c1182ed5b0cc04d40e", "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -277,11 +777,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744621833, "lastModified": 1743410259,
"narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-ld", "repo": "nix-ld",
"rev": "9a3812797e25def1d4aed62b517606b7b93989dc", "rev": "140451db1cadeef1e7e9e054332b67b7be808916",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -292,11 +792,107 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1744932701, "lastModified": 1726042813,
"narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -312,7 +908,7 @@
"lanzaboote", "lanzaboote",
"flake-compat" "flake-compat"
], ],
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
@ -332,20 +928,55 @@
"type": "github" "type": "github"
} }
}, },
"rocksdb": {
"flake": false,
"locked": {
"lastModified": 1741308171,
"narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=",
"owner": "girlbossceo",
"repo": "rocksdb",
"rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"ref": "v9.11.1",
"repo": "rocksdb",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"conduwuit": "conduwuit",
"garage": "garage", "garage": "garage",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nil": "nil", "nil": "nil",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-ld": "nix-ld", "nix-ld": "nix-ld",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay_4", "rust-overlay": "rust-overlay_4",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"vscode-extensions": "vscode-extensions" "vscode-extensions": "vscode-extensions"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1740691488,
"narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -417,11 +1048,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745116541, "lastModified": 1743906877,
"narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", "narHash": "sha256-Thah1oU8Vy0gs9bh5QhNcQh1iuQiowMnZPbrkURonZA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", "rev": "9d00c6b69408dd40d067603012938d9fbe95cfcd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -437,11 +1068,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744669848, "lastModified": 1743910657,
"narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "61154300d945f0b147b30d24ddcafa159148026a", "rev": "523f58a4faff6c67f5f685bed33a7721e984c304",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -495,19 +1126,34 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vscode-extensions": { "vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1745114521, "lastModified": 1743904774,
"narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", "narHash": "sha256-dHnwYLz1b6ohGP2DjWKpDFEZ9WOm4vYuPXKUna08awU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "ff14820202442f847fd37862eb48a7cb254a19d3", "rev": "da51d4cab526bef885e8c95ab2b9455bfe0940d4",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -11,6 +11,8 @@
lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
conduwuit.url = "github:girlbossceo/conduwuit";
conduwuit.inputs.nixpkgs.follows = "nixpkgs";
nix-ld.url = "github:nix-community/nix-ld"; nix-ld.url = "github:nix-community/nix-ld";
nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nix-ld.inputs.nixpkgs.follows = "nixpkgs";
nil.url = "github:oxalica/nil"; nil.url = "github:oxalica/nil";

6
garnix.yaml Normal file
View file

@ -0,0 +1,6 @@
builds:
include:
- 'nixosConfigurations.*'
- 'homeConfigurations.*'
- '*.aarch64-linux.*'
- '*.x86_64-linux.*'

1
home/kitty.nix
View file

@ -7,6 +7,7 @@
package = pkgs.ibm-plex; package = pkgs.ibm-plex;
size = 12; size = 12;
}; };
themeFile = "GitHub_Dark";
settings = { settings = {
enable_audio_bell = true; enable_audio_bell = true;
# how many windows should be open before kitty asks # how many windows should be open before kitty asks

3
home/yt/ytnix.nix
View file

@ -104,7 +104,6 @@
rust-analyzer rust-analyzer
minio-client minio-client
nil nil
keepassxc
]; ];
home.sessionVariables = { home.sessionVariables = {
@ -162,6 +161,4 @@
enable = true; enable = true;
addKeysToAgent = "yes"; addKeysToAgent = "yes";
}; };
programs.firefox.enable = true;
} }

2
hosts/chunk/default.nix
View file

@ -184,7 +184,7 @@
my.containerization.enable = true; my.containerization.enable = true;
my.authelia.enable = true; my.authelia.enable = true;
my.karakeep = { my.karakeep = {
enable = false; enable = true;
dataDir = "/opt/karakeep"; dataDir = "/opt/karakeep";
}; };
} }

1
hosts/common.nix
View file

@ -1,7 +1,6 @@
{ inputs, config, pkgs, ... }: { inputs, config, pkgs, ... }:
{ {
nix = { nix = {
package = pkgs.lix;
settings = { settings = {
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
auto-optimise-store = true; auto-optimise-store = true;

2
modules/caddy.nix
View file

@ -21,7 +21,7 @@ in
# (still need the @ to pass nix config check) # (still need the @ to pass nix config check)
"github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
]; ];
hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc=";
}; };
logFormat = lib.mkForce "level INFO"; logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";

3
overlay/default.nix
View file

@ -7,6 +7,9 @@
pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg};
in in
{ {
conduwuit = pkgFrom inputs.conduwuit "default";
attic-server = pkgFrom inputs.attic "attic-server";
attic = pkgFrom inputs.attic "attic";
garage = ( garage = (
(pkgFrom inputs.garage "default").overrideAttrs { (pkgFrom inputs.garage "default").overrideAttrs {
meta.mainProgram = "garage"; meta.mainProgram = "garage";