From 9a6b1c1095ff743dd230a2a983dc118abe83ffe3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 17 Jun 2021 02:47:34 +0200 Subject: [PATCH 001/904] boreal: don't backup rustc build artifacts --- hosts/boreal/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 1045b73..548a0ad 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -65,6 +65,7 @@ in # Rust builds using half my storage capacity "/home/alarsyo/*/target" + "/home/alarsyo/work/rust/build" # C build crap "*.a" From 0bea117289f8807bf3d748cf9a1f9b568c006af9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 17 Jun 2021 10:58:24 +0200 Subject: [PATCH 002/904] boreal: don't backup nixpkgs repo --- hosts/boreal/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 548a0ad..d6254ba 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -67,6 +67,9 @@ in "/home/alarsyo/*/target" "/home/alarsyo/work/rust/build" + # don't backup nixpkgs + "/home/alarsyo/work/nixpkgs" + # C build crap "*.a" "*.o" From 471ad21c781d8c6a60bcaec8cfd44bafd3bc7b24 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Jun 2021 19:28:41 +0200 Subject: [PATCH 003/904] services: matrix: automatic room compress service --- services/matrix.nix | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/services/matrix.nix b/services/matrix.nix index 05dc395..431f789 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -287,5 +287,44 @@ in { # this is just caching for other servers media, doesn't need backup exclude = [ "${dataDir}/media/remote_*" ]; }; + + systemd.services.matrix-synapse-compress-state = { + path = [ + config.services.postgresql.package + pkgs.matrix-synapse-tools.rust-synapse-compress-state + ]; + + serviceConfig = { + Type = "oneshot"; + User = "matrix-synapse"; + Group = "matrix-synapse"; + }; + + script = '' + set -eux + + # select the 20 biggest rooms + psql \ + -U matrix-synapse \ + -d matrix-synapse \ + -c 'SELECT room_id, count(*) AS count + FROM state_groups_state + GROUP BY room_id + ORDER BY count DESC;' \ + -t | sed -r 's/\s([^ ]+)\s*\|.*/\1/' | head -n 20 > /tmp/synapse_compress_rooms.txt + + while read -r room_id; do + synapse-compress-state \ + -p "postgresql:///matrix-synapse?user=matrix-synapse&host=/var/run/postgresql" \ + -r "''${room_id}" \ + -o /tmp/compress.sql \ + -t + psql -U matrix-synapse -d matrix-synapse < /tmp/compress.sql + rm /tmp/compress.sql + done < /tmp/synapse_compress_rooms.txt + + rm /tmp/synapse_compress_rooms.txt + ''; + }; }; } From bcf896224e342d1207bad2469655ca1343117433 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 17 Jun 2021 12:14:44 +0200 Subject: [PATCH 004/904] pkgs: kaleidoscope-udev-rules: please ambroisie --- pkgs/kaleidoscope-udev-rules/default.nix | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/pkgs/kaleidoscope-udev-rules/default.nix b/pkgs/kaleidoscope-udev-rules/default.nix index 211b96f..fc62a62 100644 --- a/pkgs/kaleidoscope-udev-rules/default.nix +++ b/pkgs/kaleidoscope-udev-rules/default.nix @@ -1,25 +1,30 @@ -{ stdenv, lib }: +{ stdenv, lib, fetchFromGitHub }: let + version = "1.99.3"; +in +stdenv.mkDerivation { + inherit version; pname = "kaleidoscope-udev-rules"; - version = "0.8.4"; -in stdenv.mkDerivation rec { - name = "${pname}-${version}"; dontBuild = true; - src = ./.; + src = fetchFromGitHub { + owner = "keyboardio"; + repo = "Kaleidoscope"; + rev = "v${version}"; + sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM="; + }; - # FIXME: fetch from GitHub properly installPhase = '' mkdir -p $out/lib/udev/rules.d - cp ./60-kaleidoscope.rules $out/lib/udev/rules.d/ + cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/ ''; meta = with lib; { description = "udev rules for kaleidoscope firmware keyboards"; - homepage = "https://github.com/keyboardio/Chrysalis"; - license = licenses.gpl3; + homepage = "https://github.com/keyboardio/Kaleidoscope"; + license = licenses.gpl3Only; platforms = [ "x86_64-linux" ]; }; } From cb3f46c75b0d53de3208096317c9c6f0ae6a33b5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Jun 2021 11:04:38 +0200 Subject: [PATCH 005/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/d9baacb691afe81a61b5b9f5fd42473710c59581' -> 'github:nix-community/emacs-overlay/d8bf1e0a7aa41f8eb058760cb7ade8923bf683aa' * Updated 'home-manager': 'github:nix-community/home-manager/148d85ee8303444fb0116943787aa0b1b25f94df' -> 'github:nix-community/home-manager/35a24648d155843a4d162de98c17b1afd5db51e4' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/1f91fd1040667e9265a760b0347f8bc416249da7' -> 'github:NixOS/nixpkgs/6613a30c5e3ee59753181512b4bedd4121569925' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6aa2bb6a818d12d4cf296f736263011611cf2610' -> 'github:NixOS/nixpkgs/7c2d15627a3012c5e5af1d1664a53599687cf1d1' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 289ceee..961afde 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1623609074, - "narHash": "sha256-5r7rpljW3Ck/8I6UFt1QlPUiB7Fa8E2KtRW9u83YC4Y=", + "lastModified": 1624212697, + "narHash": "sha256-aoa9A0JWJBk8QRR0URa5IUqcOp461NlxEfvqBpliD7c=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d9baacb691afe81a61b5b9f5fd42473710c59581", + "rev": "d8bf1e0a7aa41f8eb058760cb7ade8923bf683aa", "type": "github" }, "original": { @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1622917919, - "narHash": "sha256-9gAIwbQyLhK78bEV648k4tfLK6JkYiPk9QdTECpLuOE=", + "lastModified": 1624228557, + "narHash": "sha256-wwOqe73BsrXfRv1PhyXQFNC8iTET50KvE/HitdkRgxs=", "owner": "nix-community", "repo": "home-manager", - "rev": "148d85ee8303444fb0116943787aa0b1b25f94df", + "rev": "35a24648d155843a4d162de98c17b1afd5db51e4", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1623576761, - "narHash": "sha256-krXZQ0lObduC95f40K3JwIT//VIBpXBwVNclqh5njtE=", + "lastModified": 1624172050, + "narHash": "sha256-sLQEhZ6Ffjx0J1AJxHQDY4y7XWKxI/Zgm/hQJjkjZ6M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f91fd1040667e9265a760b0347f8bc416249da7", + "rev": "6613a30c5e3ee59753181512b4bedd4121569925", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1623589201, - "narHash": "sha256-f29Rp2XFmfjtwldUyRvMz0X93/Nf6J8i4WBvVVKqCHs=", + "lastModified": 1624252303, + "narHash": "sha256-ObacANYG/IvQLfcVzNEAmIX1zCw4UVbtiFycUMvDmgo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6aa2bb6a818d12d4cf296f736263011611cf2610", + "rev": "7c2d15627a3012c5e5af1d1664a53599687cf1d1", "type": "github" }, "original": { From 997e82e10b7cc497bf3a4995139fb018829145b3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Jun 2021 17:17:29 +0200 Subject: [PATCH 006/904] home: use 24h clock for tmux --- home/tmux.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tmux.nix b/home/tmux.nix index b19036a..d79458a 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -11,5 +11,6 @@ in enable = true; baseIndex = 1; terminal = "screen-256color"; + clock24 = true; }; } From 86d9a119cf647bfdb6003f6e03c381670ee812a9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Jun 2021 17:30:42 +0200 Subject: [PATCH 007/904] home: tmux: use solarized plugin --- home/tmux.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/home/tmux.nix b/home/tmux.nix index d79458a..6a42c26 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -12,5 +12,14 @@ in baseIndex = 1; terminal = "screen-256color"; clock24 = true; + + plugins = with pkgs; [ + { + plugin = tmuxPlugins.tmux-colors-solarized; + extraConfig = '' + set -g @colors-solarized 'light' + ''; + } + ]; }; } From 63db8cce42d75be3a92a3916207b24cf101dcd9c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Jun 2021 17:44:19 +0200 Subject: [PATCH 008/904] home: tmux: use cpu plugin --- home/tmux.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tmux.nix b/home/tmux.nix index 6a42c26..eeb81d0 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -14,6 +14,7 @@ in clock24 = true; plugins = with pkgs; [ + tmuxPlugins.cpu { plugin = tmuxPlugins.tmux-colors-solarized; extraConfig = '' From a00a9fab737a0024c19c507364b32902433ec91a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Jun 2021 17:47:58 +0200 Subject: [PATCH 009/904] home: tmux: display CPU in status bar --- home/tmux.nix | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/home/tmux.nix b/home/tmux.nix index eeb81d0..20da71a 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -7,20 +7,27 @@ in enable = mkEnableOption "tmux dotfiles"; }; - config.programs.tmux = lib.mkIf cfg.enable { - enable = true; - baseIndex = 1; - terminal = "screen-256color"; - clock24 = true; + config = lib.mkIf cfg.enable { + programs.tmux = { + enable = true; + baseIndex = 1; + terminal = "screen-256color"; + clock24 = true; - plugins = with pkgs; [ - tmuxPlugins.cpu - { - plugin = tmuxPlugins.tmux-colors-solarized; - extraConfig = '' - set -g @colors-solarized 'light' - ''; - } - ]; + plugins = with pkgs; [ + { + plugin = tmuxPlugins.cpu; + extraConfig = '' + set -g status-right 'CPU: #{cpu_percentage} | %a %d-%h %H:%M ' + ''; + } + { + plugin = tmuxPlugins.tmux-colors-solarized; + extraConfig = '' + set -g @colors-solarized 'light' + ''; + } + ]; + }; }; } From 3084fa24b123aa325f6c847325a91699deb22dd0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 24 Jun 2021 10:06:38 +0200 Subject: [PATCH 010/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/d8bf1e0a7aa41f8eb058760cb7ade8923bf683aa' -> 'github:nix-community/emacs-overlay/4690423c87e4a106639aaf9358f2951f11bb615e' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/6613a30c5e3ee59753181512b4bedd4121569925' -> 'github:NixOS/nixpkgs/0ccd0d91361dc42dd32ffcfafed1a4fc23d1c8b4' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7c2d15627a3012c5e5af1d1664a53599687cf1d1' -> 'github:NixOS/nixpkgs/920113a6e5e34e317c910b8477dd6cde88fcd202' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 961afde..ae0ea1f 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1624212697, - "narHash": "sha256-aoa9A0JWJBk8QRR0URa5IUqcOp461NlxEfvqBpliD7c=", + "lastModified": 1624498774, + "narHash": "sha256-pvKU7VWojlitaK3lBgJnZSVjX8QcY0A26w3gyaEHsUg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d8bf1e0a7aa41f8eb058760cb7ade8923bf683aa", + "rev": "4690423c87e4a106639aaf9358f2951f11bb615e", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624172050, - "narHash": "sha256-sLQEhZ6Ffjx0J1AJxHQDY4y7XWKxI/Zgm/hQJjkjZ6M=", + "lastModified": 1624431834, + "narHash": "sha256-n1Gx+l6leo2Y4/F6mZldhJ9VuKoYuH9DcGNrGPKIvDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6613a30c5e3ee59753181512b4bedd4121569925", + "rev": "0ccd0d91361dc42dd32ffcfafed1a4fc23d1c8b4", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1624252303, - "narHash": "sha256-ObacANYG/IvQLfcVzNEAmIX1zCw4UVbtiFycUMvDmgo=", + "lastModified": 1624470504, + "narHash": "sha256-kfGPDT0J+x82CMZlIvIkGUC+yUl4XJSlz+BSVCZJUzI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7c2d15627a3012c5e5af1d1664a53599687cf1d1", + "rev": "920113a6e5e34e317c910b8477dd6cde88fcd202", "type": "github" }, "original": { From ed8048c194710be17e50232e061371270ca24a52 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 29 Jun 2021 01:11:49 +0200 Subject: [PATCH 011/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/4690423c87e4a106639aaf9358f2951f11bb615e' -> 'github:nix-community/emacs-overlay/ab500b1977b48c2524d56fe1efcb5c7102319bf0' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/0ccd0d91361dc42dd32ffcfafed1a4fc23d1c8b4' -> 'github:NixOS/nixpkgs/f77036342e2b690c61c97202bf48f2ce13acc022' --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ae0ea1f..5ecb9f2 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1624498774, - "narHash": "sha256-pvKU7VWojlitaK3lBgJnZSVjX8QcY0A26w3gyaEHsUg=", + "lastModified": 1624901405, + "narHash": "sha256-K1pEfatjW7Huof8TuAJuIXxYIpZD6681e35iQSoB7+c=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4690423c87e4a106639aaf9358f2951f11bb615e", + "rev": "ab500b1977b48c2524d56fe1efcb5c7102319bf0", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624431834, - "narHash": "sha256-n1Gx+l6leo2Y4/F6mZldhJ9VuKoYuH9DcGNrGPKIvDY=", + "lastModified": 1624862269, + "narHash": "sha256-JFcsh2+7QtfKdJFoPibLFPLgIW6Ycnv8Bts9a7RYme0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ccd0d91361dc42dd32ffcfafed1a4fc23d1c8b4", + "rev": "f77036342e2b690c61c97202bf48f2ce13acc022", "type": "github" }, "original": { From 60b65f503758c8a4c5be1a28b2d1ff6349a6b6a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Jul 2021 22:19:51 +0200 Subject: [PATCH 012/904] boreal: switch network interface names --- hosts/boreal/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index d6254ba..c598964 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -41,8 +41,8 @@ in # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. - networking.interfaces.enp7s0.useDHCP = true; - networking.interfaces.wlp3s0.useDHCP = true; + networking.interfaces.enp8s0.useDHCP = true; + networking.interfaces.wlp4s0.useDHCP = true; # List services that you want to enable: my.services = { From af04fc4626da7b9908a7adaac96bcfe2944f005a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Jul 2021 11:29:01 +0200 Subject: [PATCH 013/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/ab500b1977b48c2524d56fe1efcb5c7102319bf0' -> 'github:nix-community/emacs-overlay/9fbb5e43ed6ea3b5b704f13b2169f5404c24113b' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/f77036342e2b690c61c97202bf48f2ce13acc022' -> 'github:NixOS/nixpkgs/21b696caf392ad6fa513caf3327d0aa0430ffb72' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/920113a6e5e34e317c910b8477dd6cde88fcd202' -> 'github:NixOS/nixpkgs/a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 5ecb9f2..80c502d 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1624901405, - "narHash": "sha256-K1pEfatjW7Huof8TuAJuIXxYIpZD6681e35iQSoB7+c=", + "lastModified": 1625475975, + "narHash": "sha256-gCOhldE8f0ve5HCP5VPDGRnvh2TUfzDyWWTcfaMvov4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "ab500b1977b48c2524d56fe1efcb5c7102319bf0", + "rev": "9fbb5e43ed6ea3b5b704f13b2169f5404c24113b", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624862269, - "narHash": "sha256-JFcsh2+7QtfKdJFoPibLFPLgIW6Ycnv8Bts9a7RYme0=", + "lastModified": 1625176478, + "narHash": "sha256-s1RTYNKw7ySyqrZjns9Cq+Nnjpp75ePgL06pgcbIpoA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f77036342e2b690c61c97202bf48f2ce13acc022", + "rev": "21b696caf392ad6fa513caf3327d0aa0430ffb72", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1624470504, - "narHash": "sha256-kfGPDT0J+x82CMZlIvIkGUC+yUl4XJSlz+BSVCZJUzI=", + "lastModified": 1625439722, + "narHash": "sha256-esAlpmpvdWrRO2fTzvlW8HMXCIKr7eW5Bj12my/ys3o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "920113a6e5e34e317c910b8477dd6cde88fcd202", + "rev": "a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883", "type": "github" }, "original": { From bb17432079cb2bdcd34a5f14ebb48a7e068a4106 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Jul 2021 11:58:50 +0200 Subject: [PATCH 014/904] home: i3: remove NVIDIA firefox perf workaround Not needed anymore since switching to a recent RTX card --- home/x/i3.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index 076a4a6..cb87d93 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -106,14 +106,6 @@ in }; }; - startup = [ - # FIXME: make it conditional on "nvidia" being part of video drivers - { - command = "nvidia-settings -a '[gpu:0]/GPUPowerMizerMode=1'"; - notification = false; - } - ]; - terminal = myTerminal; assigns = { From 26ea717eaa88d2d3b665f62ce3948b82c5e1d619 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Jul 2021 12:30:19 +0200 Subject: [PATCH 015/904] boreal: don't power on bluetooth on boot No longer needed now that I found my Logitech dongle --- hosts/boreal/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index c598964..36546c7 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -128,6 +128,6 @@ in hardware.bluetooth = { enable = true; - powerOnBoot = true; + powerOnBoot = false; }; } From 7c8017af030d7fab53642d38d9870d3c66807c72 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Jul 2021 18:21:47 +0200 Subject: [PATCH 016/904] services: init nuage --- hosts/poseidon/default.nix | 4 ++++ services/default.nix | 1 + services/nuage.nix | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 services/nuage.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 61463f7..182ec1d 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -107,6 +107,10 @@ in enable = true; }; + nuage = { + enable = true; + }; + postgresql-backup = { enable = true; }; diff --git a/services/default.nix b/services/default.nix index bfe8f02..2ccf820 100644 --- a/services/default.nix +++ b/services/default.nix @@ -14,6 +14,7 @@ ./monitoring.nix ./nextcloud.nix ./nginx.nix + ./nuage.nix ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix diff --git a/services/nuage.nix b/services/nuage.nix new file mode 100644 index 0000000..42aa36f --- /dev/null +++ b/services/nuage.nix @@ -0,0 +1,36 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.my.services.nuage; + my = config.my; +in +{ + options.my.services.nuage = { + enable = lib.mkEnableOption "Nuage redirect"; + }; + + config = mkIf cfg.enable { + services.nginx.virtualHosts = { + "stratocumulus.org" = { + forceSSL = true; + enableACME = true; + + locations."/".return = "301 https://petit-nuage.org"; + }; + "petit.stratocumulus.org" = { + forceSSL = true; + enableACME = true; + + locations."/".return = "301 https://petit-nuage.org"; + }; + "gros.stratocumulus.org" = { + forceSSL = true; + enableACME = true; + + locations."/".return = "301 https://gros-nuage.org"; + }; + }; + }; +} From e7d18c63c39126d9093c5586384f6d3186243206 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 7 Jul 2021 14:18:41 +0200 Subject: [PATCH 017/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/9fbb5e43ed6ea3b5b704f13b2169f5404c24113b' -> 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/21b696caf392ad6fa513caf3327d0aa0430ffb72' -> 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883' -> 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 80c502d..2db1186 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1625475975, - "narHash": "sha256-gCOhldE8f0ve5HCP5VPDGRnvh2TUfzDyWWTcfaMvov4=", + "lastModified": 1625648664, + "narHash": "sha256-jnJI2sHbEXL/tV3HACCRUaX+m8AxcqDQInNs7TGZMA4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9fbb5e43ed6ea3b5b704f13b2169f5404c24113b", + "rev": "c98b3a644b09550bf5e38cc796c4fdec190f0582", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1625176478, - "narHash": "sha256-s1RTYNKw7ySyqrZjns9Cq+Nnjpp75ePgL06pgcbIpoA=", + "lastModified": 1625601352, + "narHash": "sha256-yCvbAC+gadcmW94KvXbTLWC5erkcKClQWX3G8k5O7u0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "21b696caf392ad6fa513caf3327d0aa0430ffb72", + "rev": "9d1350d9d56411b685ff3de5839ed6728b1bf808", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1625439722, - "narHash": "sha256-esAlpmpvdWrRO2fTzvlW8HMXCIKr7eW5Bj12my/ys3o=", + "lastModified": 1625629921, + "narHash": "sha256-adkYcKoYFQu0NNYMgORq2yQyfgvAqtmEA96ScFIHLb0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a6c2f5e6e7a0c5e99b841cf4c38be3b027bc9883", + "rev": "899ecadfc94809fec3374d4e4dafaae1399cfb7e", "type": "github" }, "original": { From 721a7cefa2c56a1d49ff824ecaa4d0dada3cab8f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 10 Jul 2021 16:47:48 +0200 Subject: [PATCH 018/904] boreal: enable tailscale --- hosts/boreal/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 36546c7..3ccfe73 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -32,6 +32,11 @@ in }; }; + services.tailscale = { + enable = true; + package = pkgs.unstable.tailscale; + }; + networking.hostName = "boreal"; # Define your hostname. networking.domain = "alarsyo.net"; From 049bb7d5d2caf53b57ea15a810ffe55c056b3fbc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 10 Jul 2021 16:48:53 +0200 Subject: [PATCH 019/904] poseidon: enable tailscale --- hosts/poseidon/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 182ec1d..bd9c4f8 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -28,6 +28,11 @@ in }; }; + services.tailscale = { + enable = true; + package = pkgs.unstable.tailscale; + }; + networking.hostName = "poseidon"; # Define your hostname. networking.domain = "alarsyo.net"; From 16297d492ce8fa0959f42bffda29a16b2560747d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jul 2021 11:10:10 +0200 Subject: [PATCH 020/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c98b3a644b09550bf5e38cc796c4fdec190f0582' -> 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/9d1350d9d56411b685ff3de5839ed6728b1bf808' -> 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/899ecadfc94809fec3374d4e4dafaae1399cfb7e' -> 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2db1186..66a481c 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1625648664, - "narHash": "sha256-jnJI2sHbEXL/tV3HACCRUaX+m8AxcqDQInNs7TGZMA4=", + "lastModified": 1626054500, + "narHash": "sha256-r3oFzIgSfi3Vo3nXA58lwQ4UiuflUH9uTZkF8WBRFKU=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c98b3a644b09550bf5e38cc796c4fdec190f0582", + "rev": "c015a0e27baebe1e28ef3b030901adf564959611", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1625601352, - "narHash": "sha256-yCvbAC+gadcmW94KvXbTLWC5erkcKClQWX3G8k5O7u0=", + "lastModified": 1625919529, + "narHash": "sha256-Epn7JRegnKN81hQh4hGx1FOwfp3fBxDCIuSZDgqaBQ4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d1350d9d56411b685ff3de5839ed6728b1bf808", + "rev": "cf59fbd539681f5ec2f4a82cf77aae7ab827a03f", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1625629921, - "narHash": "sha256-adkYcKoYFQu0NNYMgORq2yQyfgvAqtmEA96ScFIHLb0=", + "lastModified": 1626021213, + "narHash": "sha256-KDms4KJVXWV3ZUfHLA9Syi4Sz6kcMzNbpXx2cHy5HLs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "899ecadfc94809fec3374d4e4dafaae1399cfb7e", + "rev": "635a1954044fb0dfbcfd857e3289ab12feb41530", "type": "github" }, "original": { From 72f52cd06aad06fd7de8ae6a426a02f18b3ad58a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jul 2021 14:41:57 +0200 Subject: [PATCH 021/904] base: disable garbage collection Some heavy flake shells with texlive were getting wiped, I can do this by hand from time to time --- base/nix.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/base/nix.nix b/base/nix.nix index 5578252..92e4b84 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -18,11 +18,5 @@ "alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; - - gc = { - automatic = true; - dates = "03:15"; - options = "--delete-older-than 30d"; - }; }; } From df3cffadaf3ae916ac87760abf606898c395bf0d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jul 2021 17:14:52 +0200 Subject: [PATCH 022/904] poseidon: enable docker and docker-compose --- base/users.nix | 1 + hosts/poseidon/default.nix | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/base/users.nix b/base/users.nix index 318a4ec..26a4219 100644 --- a/base/users.nix +++ b/base/users.nix @@ -13,6 +13,7 @@ in extraGroups = [ "media" "networkmanager" + "docker" "wheel" # Enable ‘sudo’ for the user. ]; shell = pkgs.fish; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index bd9c4f8..487f79f 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -33,6 +33,10 @@ in package = pkgs.unstable.tailscale; }; + virtualisation.docker = { + enable = true; + }; + networking.hostName = "poseidon"; # Define your hostname. networking.domain = "alarsyo.net"; @@ -158,4 +162,8 @@ in # Takes a long while to build documentation.nixos.enable = false; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; } From 95733f9e054fd9e9b352121808e8e6198e9d0e4e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jul 2021 19:07:39 +0200 Subject: [PATCH 023/904] services: paperless: setup reverse proxy --- hosts/poseidon/default.nix | 5 +++++ services/default.nix | 1 + services/paperless.nix | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 services/paperless.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 487f79f..059126c 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -120,6 +120,11 @@ in enable = true; }; + paperless = { + enable = true; + port = 8085; + }; + postgresql-backup = { enable = true; }; diff --git a/services/default.nix b/services/default.nix index 2ccf820..1761fc1 100644 --- a/services/default.nix +++ b/services/default.nix @@ -15,6 +15,7 @@ ./nextcloud.nix ./nginx.nix ./nuage.nix + ./paperless.nix ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix diff --git a/services/paperless.nix b/services/paperless.nix new file mode 100644 index 0000000..a315251 --- /dev/null +++ b/services/paperless.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.paperless; + my = config.my; + domain = config.networking.domain; +in +{ + options.my.services.paperless = { + enable = lib.mkEnableOption "Paperless"; + + port = mkOption { + type = types.port; + default = 8080; + example = 8080; + description = "Internal port for Paperless service"; + }; + }; + + config = mkIf cfg.enable { + services.nginx.virtualHosts = { + "paperless.${domain}" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + }; +} From 64d479e2ce1c3a05ea293cc68fe7649c85758bc0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jul 2021 22:12:03 +0200 Subject: [PATCH 024/904] services: prometheus: keep metrics for 2 years --- services/monitoring.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/monitoring.nix b/services/monitoring.nix index 68f1316..2aa66a5 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -49,6 +49,8 @@ in { port = 9090; listenAddress = "127.0.0.1"; + retentionTime = "2y"; + exporters = { node = { enable = true; From f0e5e90c107c211d0d112d23db11ce7f8315c321 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 00:57:33 +0200 Subject: [PATCH 025/904] services: use wildcard certificate Should have done this a long time ago --- hosts/poseidon/default.nix | 4 ---- secrets/default.nix | 1 + secrets/gandi-api-key.secret | Bin 0 -> 63 bytes services/bitwarden_rs.nix | 2 +- services/gitea/default.nix | 2 +- services/jellyfin.nix | 2 +- services/lohr.nix | 2 +- services/matrix.nix | 8 ++++---- services/miniflux.nix | 2 +- services/monitoring.nix | 9 +++++---- services/nextcloud.nix | 2 +- services/nginx.nix | 20 +++++++++++++++++++- services/paperless.nix | 2 +- services/transmission.nix | 2 +- 14 files changed, 37 insertions(+), 21 deletions(-) create mode 100644 secrets/gandi-api-key.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 059126c..40d6562 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -108,7 +108,6 @@ in monitoring = { enable = true; - useACME = true; domain = "monitoring.${config.networking.domain}"; }; @@ -157,9 +156,6 @@ in }; }; - security.acme.acceptTerms = true; - security.acme.email = "antoine97.martin@gmail.com"; - # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.permitRootLogin = "no"; diff --git a/secrets/default.nix b/secrets/default.nix index 6a0a042..9df6f72 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -14,6 +14,7 @@ with lib; nextcloud-admin-pass = lib.fileContents ./nextcloud-admin-pass.secret; nextcloud-admin-user = lib.fileContents ./nextcloud-admin-user.secret; lohr-shared-secret = lib.fileContents ./lohr-shared-secret.secret; + gandiKey = lib.fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; diff --git a/secrets/gandi-api-key.secret b/secrets/gandi-api-key.secret new file mode 100644 index 0000000000000000000000000000000000000000..06a9edabb961c3ea440cefc74e7bb645885d12ca GIT binary patch literal 63 zcmZQ@_Y83kiVO&0`0%bY`PbLK$r@K`edV`rK9>JLODXsJja42q!m9S2%}&_r(>u%e VHP0_IHs9TfOP?L!emQT$MF7vPAVB~C literal 0 HcmV?d00001 diff --git a/services/bitwarden_rs.nix b/services/bitwarden_rs.nix index 0dd8eff..65e3025 100644 --- a/services/bitwarden_rs.nix +++ b/services/bitwarden_rs.nix @@ -60,7 +60,7 @@ in { virtualHosts = { "pass.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 641c85c..8997664 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -91,7 +91,7 @@ in { virtualHosts = { "git.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 09382ee..8a4df98 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -24,7 +24,7 @@ in { # Proxy to Jellyfin services.nginx.virtualHosts."jellyfin.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/" = { proxyPass = "http://localhost:${toString jellyfinPort}/"; diff --git a/services/lohr.nix b/services/lohr.nix index 03d1d53..45b9ecb 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -65,7 +65,7 @@ in services.nginx.virtualHosts = { "lohr.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; diff --git a/services/matrix.nix b/services/matrix.nix index 05dc395..7cf1807 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -171,7 +171,7 @@ in { virtualHosts = { "matrix.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations = let @@ -199,7 +199,7 @@ in { "matrix.${domain}_federation" = rec { forceSSL = true; serverName = "matrix.${domain}"; - useACMEHost = serverName; + useACMEHost = domain; locations."/".return = "404"; @@ -216,7 +216,7 @@ in { "${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."= /.well-known/matrix/server".extraConfig = let @@ -243,7 +243,7 @@ in { # Element Web app deployment # "chat.${domain}" = { - enableACME = true; + useACMEHost = domain; forceSSL = true; root = pkgs.element-web.override { diff --git a/services/miniflux.nix b/services/miniflux.nix index 297eba7..43e51ca 100644 --- a/services/miniflux.nix +++ b/services/miniflux.nix @@ -50,7 +50,7 @@ in { virtualHosts = { "reader.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; diff --git a/services/monitoring.nix b/services/monitoring.nix index 2aa66a5..23b1309 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -2,11 +2,12 @@ with lib; -let cfg = config.my.services.monitoring; +let + cfg = config.my.services.monitoring; + domain = config.networking.domain; in { options.my.services.monitoring = { enable = mkEnableOption "Enable monitoring"; - useACME = mkEnableOption "Get HTTPS certs"; domain = mkOption { type = types.str; @@ -76,8 +77,8 @@ in { proxyWebsockets = true; }; - forceSSL = cfg.useACME; - enableACME = cfg.useACME; + forceSSL = true; + useACMEHost = domain; }; }; }; diff --git a/services/nextcloud.nix b/services/nextcloud.nix index bf85aef..8cbd3cd 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -66,7 +66,7 @@ in virtualHosts = { "cloud.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; }; }; }; diff --git a/services/nginx.nix b/services/nginx.nix index a9f092f..134615e 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -1,7 +1,7 @@ # Part of config shamelessly stolen from: # # https://github.com/delroth/infra.delroth.net -{ config, lib, ... }: +{ config, lib, pkgs, ... }: { # Whenever something defines an nginx vhost, ensure that nginx defaults are # properly set. @@ -17,5 +17,23 @@ }; networking.firewall.allowedTCPPorts = [ 80 443 ]; + + security.acme = { + acceptTerms = true; + email = "antoine97.martin@gmail.com"; + + certs = + let + domain = config.networking.domain; + gandiKey = config.my.secrets.gandiKey; + in { + "${domain}" = { + extraDomainNames = [ "*.${domain}" ]; + dnsProvider = "gandiv5"; + credentialsFile = pkgs.writeText "gandi-creds.env" gandiKey; + group = "nginx"; + }; + }; + }; }; } diff --git a/services/paperless.nix b/services/paperless.nix index a315251..132a617 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -23,7 +23,7 @@ in services.nginx.virtualHosts = { "paperless.${domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; diff --git a/services/transmission.nix b/services/transmission.nix index b642c56..b55e0b8 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -56,7 +56,7 @@ in services.nginx.virtualHosts."${webuiDomain}" = { forceSSL = true; - enableACME = true; + useACMEHost = domain; locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}"; }; From 8eb1fe5001b1004f06415a095355d4085e8d9f24 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 01:14:01 +0200 Subject: [PATCH 026/904] services: paperless: restrict to Tailscale --- services/paperless.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/services/paperless.nix b/services/paperless.nix index 132a617..a837d38 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -25,6 +25,20 @@ in forceSSL = true; useACMEHost = domain; + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.80.61.67"; + port = 443; + ssl = true; + } + { + addr = "100.80.61.67"; + port = 80; + ssl = false; + } + ]; + locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyWebsockets = true; From d2835ceb779c650a015da3c7a0a0696f7d301de2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 13:15:38 +0200 Subject: [PATCH 027/904] services: paperless: drop external traffic to docker --- services/paperless.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/services/paperless.nix b/services/paperless.nix index a837d38..0183c15 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -20,6 +20,14 @@ in }; config = mkIf cfg.enable { + # HACK: see https://github.com/NixOS/nixpkgs/issues/111852 + networking.firewall.extraCommands = '' + iptables -N DOCKER-USER || true + iptables -F DOCKER-USER + iptables -A DOCKER-USER -i eno1 -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A DOCKER-USER -i eno1 -j DROP + ''; + services.nginx.virtualHosts = { "paperless.${domain}" = { forceSSL = true; From c75458d8c993db4dc87aff08a9bf8017d1ba21bb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 13:34:26 +0200 Subject: [PATCH 028/904] services: bitwarden: only listen on local host This was never a problem because the firewall did its job, but better safe than sorry. --- services/bitwarden_rs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/bitwarden_rs.nix b/services/bitwarden_rs.nix index 65e3025..27ea5a2 100644 --- a/services/bitwarden_rs.nix +++ b/services/bitwarden_rs.nix @@ -47,7 +47,9 @@ in { TZ = "Europe/Paris"; WEB_VAULT_ENABLED = true; WEBSOCKET_ENABLED = true; + WEBSOCKET_ADDRESS = "127.0.0.1"; WEBSOCKET_PORT = cfg.websocketPort; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = cfg.privatePort; SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = false; From e7219ae9886f86488cbc39a69eac5eb6dd0b099f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 13:54:18 +0200 Subject: [PATCH 029/904] services: matrix: enable SSL traffic only This is a requirement anyway for homeservers, and the `forceSSL` option tried to create a redirect for non-SSL traffic, except the `listen` option only provided SSL endpoints anyway, so this resulted in additional rules in the nginx config looking like this: server { server_name matrix.alarsyo.net ; location /.well-known/acme-challenge { root /var/lib/acme/acme-challenge; auth_basic off; } location / { return 301 https://$host$request_uri; } } Which led to nginx listening on port 8000 (the default port in this situation, I imagine) --- services/matrix.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/matrix.nix b/services/matrix.nix index 7cf1807..c4e55ef 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -170,7 +170,7 @@ in { services.nginx = { virtualHosts = { "matrix.${domain}" = { - forceSSL = true; + onlySSL = true; useACMEHost = domain; locations = @@ -197,7 +197,7 @@ in { # same as above, but listening on the federation port "matrix.${domain}_federation" = rec { - forceSSL = true; + onlySSL = true; serverName = "matrix.${domain}"; useACMEHost = domain; From 2b59116b8d5b5e8f70ccca41e6ece17c0eee08f8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 14:17:34 +0200 Subject: [PATCH 030/904] services: monitoring: only listen on localhost --- services/monitoring.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/monitoring.nix b/services/monitoring.nix index 23b1309..6583294 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -57,6 +57,7 @@ in { enable = true; enabledCollectors = [ "systemd" ]; port = 9100; + listenAddress = "127.0.0.1"; }; }; From b6f712b8174c0e23b813ce64f711fa5a88607649 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 15:58:43 +0200 Subject: [PATCH 031/904] services: nginx: enable prometheus exporter --- services/nginx.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/services/nginx.nix b/services/nginx.nix index 134615e..cfb7da1 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -18,6 +18,25 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.prometheus = { + exporters.nginx = { + enable = true; + listenAddress = "127.0.0.1"; + }; + + scrapeConfigs = [ + { + job_name = "nginx"; + static_configs = [{ + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; + labels = { + instance = config.networking.hostName; + }; + }]; + } + ]; + }; + security.acme = { acceptTerms = true; email = "antoine97.martin@gmail.com"; From 0b983d1358653372fd8a0322cdf9a9b1afcec1b6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 16:19:15 +0200 Subject: [PATCH 032/904] services: monitoring: add nginx dashboard --- .../grafana-dashboards/nginx_dashboard.json | 567 ++++++++++++++++++ services/monitoring.nix | 2 +- 2 files changed, 568 insertions(+), 1 deletion(-) create mode 100644 services/grafana-dashboards/nginx_dashboard.json diff --git a/services/grafana-dashboards/nginx_dashboard.json b/services/grafana-dashboards/nginx_dashboard.json new file mode 100644 index 0000000..710eb2f --- /dev/null +++ b/services/grafana-dashboards/nginx_dashboard.json @@ -0,0 +1,567 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.0.0" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "singlestat", + "name": "Singlestat", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Official dashboard for NGINX Prometheus exporter", + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "iteration": 1562682051068, + "links": [], + "panels": [ + { + "datasource": "${DS_PROMETHEUS}", + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 4, + "panels": [], + "title": "Status", + "type": "row" + }, + { + "datasource": "${DS_PROMETHEUS}", + "cacheTimeout": null, + "colorBackground": true, + "colorPostfix": false, + "colorPrefix": false, + "colorValue": false, + "colors": [ + "#E02F44", + "#FF9830", + "#299c46" + ], + "decimals": null, + "description": "", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 8, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "repeat": "instance", + "repeatDirection": "h", + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "nginx_up{instance=~\"$instance\"}", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "1,1", + "timeFrom": null, + "timeShift": null, + "title": "NGINX Status for $instance", + "type": "singlestat", + "valueFontSize": "100%", + "valueMaps": [ + { + "op": "=", + "text": "Down", + "value": "0" + }, + { + "op": "=", + "text": "Up", + "value": "1" + } + ], + "valueName": "current" + }, + { + "datasource": "${DS_PROMETHEUS}", + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 4 + }, + "id": 6, + "panels": [], + "title": "Metrics", + "type": "row" + }, + { + "datasource": "${DS_PROMETHEUS}", + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "decimals": null, + "description": "", + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 5 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": {}, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "irate(nginx_connections_accepted{instance=~\"$instance\"}[5m])", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{instance}} accepted", + "refId": "A" + }, + { + "expr": "irate(nginx_connections_handled{instance=~\"$instance\"}[5m])", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{instance}} handled", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Processed connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": "Connections (rate)", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": "${DS_PROMETHEUS}", + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "decimals": 0, + "fill": 1, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 5 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": {}, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "nginx_connections_active{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} active", + "refId": "A" + }, + { + "expr": "nginx_connections_reading{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} reading", + "refId": "B" + }, + { + "expr": "nginx_connections_waiting{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} waiting", + "refId": "C" + }, + { + "expr": "nginx_connections_writing{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} writing", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": "Connections", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": "${DS_PROMETHEUS}", + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "fill": 1, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": {}, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "irate(nginx_http_requests_total{instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} total requests", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Total requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "5s", + "schemaVersion": 18, + "style": "dark", + "tags": [ + "nginx", + "prometheus", + "nginx prometheus exporter" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "tags": [], + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": null, + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "label_values(nginx_up, instance)", + "hide": 0, + "includeAll": true, + "label": "", + "multi": true, + "name": "instance", + "options": [], + "query": "label_values(nginx_up, instance)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "NGINX", + "uid": "MsjffzSZz", + "version": 1 +} diff --git a/services/monitoring.nix b/services/monitoring.nix index 6583294..790f2f1 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -37,7 +37,7 @@ in { dashboards = [ { - name = "Node Exporter"; + name = "Dashboards"; options.path = ./grafana-dashboards; disableDeletion = true; } From 0f8175519b10880474de98fce1dee97c2ae982fb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 16:37:32 +0200 Subject: [PATCH 033/904] services: monitoring: update node exporter dash --- ...ull_rev21.json => node-exporter-full.json} | 1382 ++++++++++------- 1 file changed, 832 insertions(+), 550 deletions(-) rename services/grafana-dashboards/{node-exporter-full_rev21.json => node-exporter-full.json} (91%) diff --git a/services/grafana-dashboards/node-exporter-full_rev21.json b/services/grafana-dashboards/node-exporter-full.json similarity index 91% rename from services/grafana-dashboards/node-exporter-full_rev21.json rename to services/grafana-dashboards/node-exporter-full.json index d044a15..0f336f0 100644 --- a/services/grafana-dashboards/node-exporter-full_rev21.json +++ b/services/grafana-dashboards/node-exporter-full.json @@ -20,7 +20,7 @@ "type": "grafana", "id": "grafana", "name": "Grafana", - "version": "6.7.3" + "version": "7.3.7" }, { "type": "panel", @@ -59,8 +59,23 @@ "gnetId": 1860, "graphTooltip": 0, "id": null, - "iteration": 1595837627257, - "links": [], + "iteration": 1614605016686, + "links": [ + { + "icon": "external link", + "tags": [], + "title": "Github", + "type": "link", + "url": "https://github.com/rfrail3/grafana-dashboards" + }, + { + "icon": "external link", + "tags": [], + "title": "Grafana", + "type": "link", + "url": "https://grafana.com/grafana/dashboards/1860" + } + ], "panels": [ { "collapsed": false, @@ -81,6 +96,45 @@ "cacheTimeout": null, "datasource": "${DS_PROMETHEUS}", "description": "Busy state of all CPU cores together", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": 100, + "min": 0, + "nullValueMode": "null", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 85 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "h": 4, "w": 3, @@ -90,61 +144,26 @@ "id": 20, "links": [], "options": { - "fieldOptions": { + "orientation": "horizontal", + "reduceOptions": { "calcs": [ "lastNotNull" ], - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "unit": "percent" - }, - "overrides": [], + "fields": "", "values": false }, - "orientation": "horizontal", "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.7", "targets": [ { - "expr": "(((count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))) - avg(sum by (mode)(irate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[5m])))) * 100) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", + "expr": "(((count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))) - avg(sum by (mode)(rate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[$__rate_interval])))) * 100) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", "hide": false, "intervalFactor": 1, "legendFormat": "", "refId": "A", - "step": 900 + "step": 240 } ], "title": "CPU Busy", @@ -154,6 +173,45 @@ "cacheTimeout": null, "datasource": "${DS_PROMETHEUS}", "description": "Busy state of all CPU cores together (5 min average)", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": 100, + "min": 0, + "nullValueMode": "null", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 85 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "h": 4, "w": 3, @@ -163,53 +221,18 @@ "id": 155, "links": [], "options": { - "fieldOptions": { + "orientation": "horizontal", + "reduceOptions": { "calcs": [ "lastNotNull" ], - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "unit": "percent" - }, - "overrides": [], + "fields": "", "values": false }, - "orientation": "horizontal", "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.7", "targets": [ { "expr": "avg(node_load5{instance=\"$node\",job=\"$job\"}) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)) * 100", @@ -217,7 +240,7 @@ "hide": false, "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "title": "Sys Load (5m avg)", @@ -227,6 +250,45 @@ "cacheTimeout": null, "datasource": "${DS_PROMETHEUS}", "description": "Busy state of all CPU cores together (15 min average)", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": 100, + "min": 0, + "nullValueMode": "null", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 85 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "h": 4, "w": 3, @@ -236,60 +298,25 @@ "id": 19, "links": [], "options": { - "fieldOptions": { + "orientation": "horizontal", + "reduceOptions": { "calcs": [ "lastNotNull" ], - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "unit": "percent" - }, - "overrides": [], + "fields": "", "values": false }, - "orientation": "horizontal", "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.7", "targets": [ { "expr": "avg(node_load15{instance=\"$node\",job=\"$job\"}) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)) * 100", "hide": false, "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "title": "Sys Load (15m avg)", @@ -299,6 +326,38 @@ "cacheTimeout": null, "datasource": "${DS_PROMETHEUS}", "description": "Non available RAM memory", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": {}, + "decimals": 0, + "mappings": [], + "max": 100, + "min": 0, + "nullValueMode": "null", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "h": 4, "w": 3, @@ -309,46 +368,18 @@ "id": 16, "links": [], "options": { - "fieldOptions": { + "orientation": "horizontal", + "reduceOptions": { "calcs": [ "lastNotNull" ], - "defaults": { - "color": { - "mode": "thresholds" - }, - "decimals": 0, - "mappings": [], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [], + "fields": "", "values": false }, - "orientation": "horizontal", "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.7", "targets": [ { "expr": "((node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"}) / (node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} )) * 100", @@ -356,7 +387,7 @@ "hide": true, "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 }, { "expr": "100 - ((node_memory_MemAvailable_bytes{instance=\"$node\",job=\"$job\"} * 100) / node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"})", @@ -364,7 +395,7 @@ "hide": false, "intervalFactor": 1, "refId": "B", - "step": 900 + "step": 240 } ], "title": "RAM Used", @@ -374,6 +405,45 @@ "cacheTimeout": null, "datasource": "${DS_PROMETHEUS}", "description": "Used Swap", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": 100, + "min": 0, + "nullValueMode": "null", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 10 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 25 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "h": 4, "w": 3, @@ -383,59 +453,24 @@ "id": 21, "links": [], "options": { - "fieldOptions": { + "orientation": "horizontal", + "reduceOptions": { "calcs": [ "lastNotNull" ], - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 10 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 25 - } - ] - }, - "unit": "percent" - }, - "overrides": [], + "fields": "", "values": false }, - "orientation": "horizontal", "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.7", "targets": [ { "expr": "((node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"}) / (node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} )) * 100", "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "title": "SWAP Used", @@ -445,6 +480,45 @@ "cacheTimeout": null, "datasource": "${DS_PROMETHEUS}", "description": "Used Root FS", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": 100, + "min": 0, + "nullValueMode": "null", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, "gridPos": { "h": 4, "w": 3, @@ -454,60 +528,25 @@ "id": 154, "links": [], "options": { - "fieldOptions": { + "orientation": "horizontal", + "reduceOptions": { "calcs": [ "lastNotNull" ], - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [], + "fields": "", "values": false }, - "orientation": "horizontal", "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.7", "targets": [ { "expr": "100 - ((node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",mountpoint=\"/\",fstype!=\"rootfs\"} * 100) / node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",mountpoint=\"/\",fstype!=\"rootfs\"})", "format": "time_series", "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "title": "Root FS Used", @@ -524,6 +563,12 @@ ], "datasource": "${DS_PROMETHEUS}", "description": "Total number of CPU cores", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, "format": "short", "gauge": { "maxValue": 100, @@ -581,7 +626,7 @@ "intervalFactor": 1, "legendFormat": "", "refId": "A", - "step": 900 + "step": 240 } ], "thresholds": "", @@ -609,6 +654,12 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 1, "description": "System uptime", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, "format": "s", "gauge": { "maxValue": 100, @@ -666,7 +717,7 @@ "expr": "node_time_seconds{instance=\"$node\",job=\"$job\"} - node_boot_time_seconds{instance=\"$node\",job=\"$job\"}", "intervalFactor": 2, "refId": "A", - "step": 1800 + "step": 240 } ], "thresholds": "", @@ -695,6 +746,12 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 0, "description": "Total RootFS", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, "format": "bytes", "gauge": { "maxValue": 100, @@ -752,7 +809,7 @@ "hide": false, "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "thresholds": "70,90", @@ -780,6 +837,12 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 0, "description": "Total RAM", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, "format": "bytes", "gauge": { "maxValue": 100, @@ -835,7 +898,7 @@ "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"}", "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "thresholds": "", @@ -863,6 +926,12 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 0, "description": "Total SWAP", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, "format": "bytes", "gauge": { "maxValue": 100, @@ -918,7 +987,7 @@ "expr": "node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"}", "intervalFactor": 1, "refId": "A", - "step": 900 + "step": 240 } ], "thresholds": "", @@ -972,6 +1041,13 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 2, "description": "Basic CPU info", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { @@ -1002,9 +1078,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": true, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1035,7 +1112,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum by (instance)(irate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -1044,7 +1121,7 @@ "step": 240 }, { - "expr": "sum by (instance)(irate(node_cpu_seconds_total{mode='user',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode='user',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -1053,7 +1130,7 @@ "step": 240 }, { - "expr": "sum by (instance)(irate(node_cpu_seconds_total{mode='iowait',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode='iowait',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Busy Iowait", @@ -1061,7 +1138,7 @@ "step": 240 }, { - "expr": "sum by (instance)(irate(node_cpu_seconds_total{mode=~\".*irq\",instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode=~\".*irq\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Busy IRQs", @@ -1069,7 +1146,7 @@ "step": 240 }, { - "expr": "sum (irate(node_cpu_seconds_total{mode!='idle',mode!='user',mode!='system',mode!='iowait',mode!='irq',mode!='softirq',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum (rate(node_cpu_seconds_total{mode!='idle',mode!='user',mode!='system',mode!='iowait',mode!='irq',mode!='softirq',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Busy Other", @@ -1077,7 +1154,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Idle", @@ -1105,6 +1182,7 @@ }, "yaxes": [ { + "$$hashKey": "object:123", "format": "short", "label": "", "logBase": 1, @@ -1113,6 +1191,7 @@ "show": true }, { + "$$hashKey": "object:124", "format": "short", "label": null, "logBase": 1, @@ -1154,6 +1233,13 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 2, "description": "Basic memory usage", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { @@ -1182,9 +1268,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1329,6 +1416,13 @@ "dashes": false, "datasource": "${DS_PROMETHEUS}", "description": "Basic network info per interface", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { @@ -1359,9 +1453,10 @@ "links": [], "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1376,7 +1471,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[5m])*8", + "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", "format": "time_series", "intervalFactor": 2, "legendFormat": "recv {{device}}", @@ -1384,7 +1479,7 @@ "step": 240 }, { - "expr": "irate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[5m])*8", + "expr": "rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", "format": "time_series", "intervalFactor": 2, "legendFormat": "trans {{device}} ", @@ -1441,6 +1536,13 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 3, "description": "Disk space used of all filesystems mounted", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { @@ -1471,9 +1573,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1562,13 +1665,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 2, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 0, - "y": 21 + "y": 3 }, "hiddenSeries": false, "id": 3, @@ -1592,9 +1702,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": true, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1605,16 +1716,16 @@ "steppedLine": false, "targets": [ { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "interval": "10s", "intervalFactor": 2, "legendFormat": "System - Processes executing in kernel mode", "refId": "A", - "step": 20 + "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='user',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='user',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "User - Normal processes executing in user mode", @@ -1622,7 +1733,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='nice',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='nice',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Nice - Niced processes executing in user mode", @@ -1630,7 +1741,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Idle - Waiting for something to happen", @@ -1638,7 +1749,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='iowait',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='iowait',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Iowait - Waiting for I/O to complete", @@ -1646,7 +1757,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='irq',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='irq',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Irq - Servicing interrupts", @@ -1654,7 +1765,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='softirq',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='softirq',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Softirq - Servicing softirqs", @@ -1662,7 +1773,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='steal',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='steal',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Steal - Time spent in other operating systems when running in a virtualized environment", @@ -1670,7 +1781,7 @@ "step": 240 }, { - "expr": "sum by (mode)(irate(node_cpu_seconds_total{mode='guest',instance=\"$node\",job=\"$job\"}[5m])) * 100", + "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='guest',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "Guest - Time spent running a virtual CPU for a guest operating system", @@ -1747,13 +1858,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 2, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 12, - "y": 21 + "y": 3 }, "hiddenSeries": false, "id": 24, @@ -1777,9 +1895,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1926,13 +2045,20 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 0, - "y": 33 + "y": 15 }, "hiddenSeries": false, "id": 84, @@ -1952,9 +2078,10 @@ "links": [], "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -1970,7 +2097,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[5m])*8", + "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Receive", @@ -1978,7 +2105,7 @@ "step": 240 }, { - "expr": "irate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[5m])*8", + "expr": "rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Transmit", @@ -2037,13 +2164,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 3, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 12, - "y": 33 + "y": 15 }, "height": "", "hiddenSeries": false, @@ -2067,9 +2201,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -2135,13 +2270,20 @@ "dashes": false, "datasource": "${DS_PROMETHEUS}", "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 0, - "y": 45 + "y": 27 }, "hiddenSeries": false, "id": 229, @@ -2163,9 +2305,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -2264,14 +2407,14 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[5m])", + "expr": "rate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", "intervalFactor": 4, "legendFormat": "{{device}} - Reads completed", "refId": "A", - "step": 480 + "step": 240 }, { - "expr": "irate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[5m])", + "expr": "rate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", "intervalFactor": 2, "legendFormat": "{{device}} - Writes completed", "refId": "B", @@ -2329,13 +2472,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 3, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 12, - "y": 45 + "y": 27 }, "hiddenSeries": false, "id": 42, @@ -2358,9 +2508,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -2395,7 +2546,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[5m])", + "expr": "rate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -2404,7 +2555,7 @@ "step": 240 }, { - "expr": "irate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[5m])", + "expr": "rate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -2433,7 +2584,8 @@ }, "yaxes": [ { - "format": "bytes", + "$$hashKey": "object:965", + "format": "Bps", "label": "bytes read (-) / write (+)", "logBase": 1, "max": null, @@ -2441,6 +2593,7 @@ "show": true }, { + "$$hashKey": "object:966", "format": "ms", "label": "", "logBase": 1, @@ -2464,13 +2617,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 3, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 4, "fillGradient": 0, "gridPos": { "h": 12, "w": 12, "x": 0, - "y": 57 + "y": 39 }, "hiddenSeries": false, "id": 127, @@ -2493,9 +2653,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -2505,11 +2666,12 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"} [5m])", + "expr": "rate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"} [$__rate_interval])", "format": "time_series", "hide": false, + "interval": "", "intervalFactor": 2, - "legendFormat": "{{device}} - Time spent doing I/Os", + "legendFormat": "{{device}}", "refId": "A", "step": 240 } @@ -2518,7 +2680,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "I/O Usage Times", + "title": "I/O Utilization", "tooltip": { "shared": true, "sort": 0, @@ -2534,14 +2696,16 @@ }, "yaxes": [ { - "format": "s", - "label": "time", + "$$hashKey": "object:1041", + "format": "percentunit", + "label": "%util", "logBase": 1, "max": null, "min": "0", "show": true }, { + "$$hashKey": "object:1042", "format": "s", "label": "", "logBase": 1, @@ -2641,7 +2805,7 @@ "intervalFactor": 2, "legendFormat": "Inactive - Memory which has been less recently used. It is more eligible to be reclaimed for other purposes", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_Active_bytes{instance=\"$node\",job=\"$job\"}", @@ -2649,7 +2813,7 @@ "intervalFactor": 2, "legendFormat": "Active - Memory that has been used more recently and usually not reclaimed unless absolutely necessary", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -2772,7 +2936,7 @@ "intervalFactor": 2, "legendFormat": "Committed_AS - Amount of memory presently allocated on the system", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_CommitLimit_bytes{instance=\"$node\",job=\"$job\"}", @@ -2780,7 +2944,7 @@ "intervalFactor": 2, "legendFormat": "CommitLimit - Amount of memory currently available to be allocated on the system", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -2895,7 +3059,7 @@ "intervalFactor": 2, "legendFormat": "Inactive_file - File-backed memory on inactive LRU list", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_Inactive_anon_bytes{instance=\"$node\",job=\"$job\"}", @@ -2904,7 +3068,7 @@ "intervalFactor": 2, "legendFormat": "Inactive_anon - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem)", "refId": "B", - "step": 4 + "step": 240 }, { "expr": "node_memory_Active_file_bytes{instance=\"$node\",job=\"$job\"}", @@ -2913,7 +3077,7 @@ "intervalFactor": 2, "legendFormat": "Active_file - File-backed memory on active LRU list", "refId": "C", - "step": 4 + "step": 240 }, { "expr": "node_memory_Active_anon_bytes{instance=\"$node\",job=\"$job\"}", @@ -2922,7 +3086,7 @@ "intervalFactor": 2, "legendFormat": "Active_anon - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs", "refId": "D", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3038,7 +3202,7 @@ "intervalFactor": 2, "legendFormat": "Writeback - Memory which is actively being written back to disk", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_WritebackTmp_bytes{instance=\"$node\",job=\"$job\"}", @@ -3046,7 +3210,7 @@ "intervalFactor": 2, "legendFormat": "WritebackTmp - Memory used by FUSE for temporary writeback buffers", "refId": "B", - "step": 4 + "step": 240 }, { "expr": "node_memory_Dirty_bytes{instance=\"$node\",job=\"$job\"}", @@ -3054,7 +3218,7 @@ "intervalFactor": 2, "legendFormat": "Dirty - Memory which is waiting to get written back to the disk", "refId": "C", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3179,7 +3343,7 @@ "intervalFactor": 2, "legendFormat": "Mapped - Used memory in mapped pages files which have been mmaped, such as libraries", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_Shmem_bytes{instance=\"$node\",job=\"$job\"}", @@ -3187,7 +3351,7 @@ "intervalFactor": 2, "legendFormat": "Shmem - Used shared memory (shared between several processes, thus including RAM disks)", "refId": "B", - "step": 4 + "step": 240 }, { "expr": "node_memory_ShmemHugePages_bytes{instance=\"$node\",job=\"$job\"}", @@ -3196,7 +3360,7 @@ "intervalFactor": 2, "legendFormat": "ShmemHugePages - Memory used by shared memory (shmem) and tmpfs allocated with huge pages", "refId": "C", - "step": 4 + "step": 240 }, { "expr": "node_memory_ShmemPmdMapped_bytes{instance=\"$node\",job=\"$job\"}", @@ -3205,7 +3369,7 @@ "intervalFactor": 2, "legendFormat": "ShmemPmdMapped - Ammount of shared (shmem/tmpfs) memory backed by huge pages", "refId": "D", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3323,7 +3487,7 @@ "intervalFactor": 2, "legendFormat": "SUnreclaim - Part of Slab, that cannot be reclaimed on memory pressure", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_SReclaimable_bytes{instance=\"$node\",job=\"$job\"}", @@ -3331,7 +3495,7 @@ "intervalFactor": 2, "legendFormat": "SReclaimable - Part of Slab, that might be reclaimed, such as caches", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3447,7 +3611,7 @@ "intervalFactor": 2, "legendFormat": "VmallocChunk - Largest contigious block of vmalloc area which is free", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_VmallocTotal_bytes{instance=\"$node\",job=\"$job\"}", @@ -3456,7 +3620,7 @@ "intervalFactor": 2, "legendFormat": "VmallocTotal - Total size of vmalloc memory area", "refId": "B", - "step": 4 + "step": 240 }, { "expr": "node_memory_VmallocUsed_bytes{instance=\"$node\",job=\"$job\"}", @@ -3465,7 +3629,7 @@ "intervalFactor": 2, "legendFormat": "VmallocUsed - Amount of vmalloc area which is used", "refId": "C", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3579,7 +3743,7 @@ "intervalFactor": 2, "legendFormat": "Bounce - Memory used for block device bounce buffers", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3699,7 +3863,7 @@ "intervalFactor": 2, "legendFormat": "AnonHugePages - Memory in anonymous huge pages", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_AnonPages_bytes{instance=\"$node\",job=\"$job\"}", @@ -3707,7 +3871,7 @@ "intervalFactor": 2, "legendFormat": "AnonPages - Memory in user pages not backed by files", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3821,7 +3985,7 @@ "intervalFactor": 2, "legendFormat": "KernelStack - Kernel memory stack. This is not reclaimable", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_Percpu_bytes{instance=\"$node\",job=\"$job\"}", @@ -3830,7 +3994,7 @@ "intervalFactor": 2, "legendFormat": "PerCPU - Per CPU memory allocated dynamically by loadable modules", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -3945,7 +4109,7 @@ "intervalFactor": 2, "legendFormat": "HugePages_Free - Huge pages in the pool that are not yet allocated", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_HugePages_Rsvd{instance=\"$node\",job=\"$job\"}", @@ -3953,7 +4117,7 @@ "intervalFactor": 2, "legendFormat": "HugePages_Rsvd - Huge pages for which a commitment to allocate from the pool has been made, but no allocation has yet been made", "refId": "B", - "step": 4 + "step": 240 }, { "expr": "node_memory_HugePages_Surp{instance=\"$node\",job=\"$job\"}", @@ -3961,7 +4125,7 @@ "intervalFactor": 2, "legendFormat": "HugePages_Surp - Huge pages in the pool above the value in /proc/sys/vm/nr_hugepages", "refId": "C", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4076,7 +4240,7 @@ "intervalFactor": 2, "legendFormat": "HugePages - Total size of the pool of huge pages", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_Hugepagesize_bytes{instance=\"$node\",job=\"$job\"}", @@ -4084,7 +4248,7 @@ "intervalFactor": 2, "legendFormat": "Hugepagesize - Huge Page size", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4201,7 +4365,7 @@ "intervalFactor": 2, "legendFormat": "DirectMap1G - Amount of pages mapped as this size", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_DirectMap2M_bytes{instance=\"$node\",job=\"$job\"}", @@ -4210,7 +4374,7 @@ "intervalFactor": 2, "legendFormat": "DirectMap2M - Amount of pages mapped as this size", "refId": "B", - "step": 4 + "step": 240 }, { "expr": "node_memory_DirectMap4k_bytes{instance=\"$node\",job=\"$job\"}", @@ -4219,7 +4383,7 @@ "intervalFactor": 2, "legendFormat": "DirectMap4K - Amount of pages mapped as this size", "refId": "C", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4333,7 +4497,7 @@ "intervalFactor": 2, "legendFormat": "Unevictable - Amount of unevictable memory that can't be swapped out for a variety of reasons", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_memory_Mlocked_bytes{instance=\"$node\",job=\"$job\"}", @@ -4341,7 +4505,7 @@ "intervalFactor": 2, "legendFormat": "MLocked - Size of pages locked to memory using the mlock() system call", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4457,7 +4621,7 @@ "intervalFactor": 2, "legendFormat": "NFS Unstable - Memory in NFS pages sent to the server, but not yet commited to the storage", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4567,20 +4731,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_vmstat_pgpgin{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pgpgin{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pagesin - Page in operations", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_vmstat_pgpgout{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pgpgout{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pagesout - Page out operations", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4674,20 +4838,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_vmstat_pswpin{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pswpin{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pswpin - Pages swapped in", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_vmstat_pswpout{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pswpout{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pswpout - Pages swapped out", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4803,28 +4967,28 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pgfault - Page major and minor fault operations", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pgmajfault - Major page fault operations", "refId": "B", - "step": 4 + "step": 240 }, { - "expr": "irate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[5m]) - irate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[$__rate_interval]) - rate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Pgminfault - Minor page fault operations", "refId": "C", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -4937,13 +5101,13 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_vmstat_oom_kill{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_vmstat_oom_kill{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "oom killer invocations ", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -5688,7 +5852,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_forks_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_forks_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -5788,7 +5952,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "hide": false, "interval": "", "intervalFactor": 2, @@ -5806,7 +5970,7 @@ "step": 240 }, { - "expr": "irate(process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "hide": false, "interval": "", "intervalFactor": 2, @@ -5815,7 +5979,7 @@ "step": 240 }, { - "expr": "irate(process_virtual_memory_max_bytes{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(process_virtual_memory_max_bytes{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "hide": false, "interval": "", "intervalFactor": 2, @@ -6027,7 +6191,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_schedstat_running_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_schedstat_running_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, @@ -6036,7 +6200,7 @@ "step": 240 }, { - "expr": "irate(node_schedstat_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_schedstat_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, @@ -6049,7 +6213,7 @@ "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Process schdeule stats Running / Waiting", + "title": "Process schedule stats Running / Waiting", "tooltip": { "shared": true, "sort": 0, @@ -6260,7 +6424,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_context_switches_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_context_switches_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "Context switches", @@ -6268,7 +6432,7 @@ "step": 240 }, { - "expr": "irate(node_intr_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_intr_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -6368,7 +6532,7 @@ "intervalFactor": 4, "legendFormat": "Load 1m", "refId": "A", - "step": 480 + "step": 240 }, { "expr": "node_load5{instance=\"$node\",job=\"$job\"}", @@ -6376,7 +6540,7 @@ "intervalFactor": 4, "legendFormat": "Load 5m", "refId": "B", - "step": 480 + "step": 240 }, { "expr": "node_load15{instance=\"$node\",job=\"$job\"}", @@ -6384,7 +6548,7 @@ "intervalFactor": 4, "legendFormat": "Load 15m", "refId": "C", - "step": 480 + "step": 240 } ], "thresholds": [], @@ -6484,7 +6648,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_interrupts_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_interrupts_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, @@ -6578,7 +6742,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_schedstat_timeslices_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_schedstat_timeslices_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, @@ -6769,7 +6933,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(process_cpu_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(process_cpu_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, @@ -7359,7 +7523,7 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_systemd_socket_accepted_connections_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_systemd_socket_accepted_connections_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, @@ -7580,14 +7744,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "The number (after merges) of I/O requests completed per second for the device", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 29 + "y": 11 }, "hiddenSeries": false, "id": 9, @@ -7609,9 +7780,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -7728,18 +7900,18 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "intervalFactor": 4, "legendFormat": "{{device}} - Reads completed", "refId": "A", - "step": 8 + "step": 240 }, { - "expr": "irate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "intervalFactor": 2, "legendFormat": "{{device}} - Writes completed", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -7791,14 +7963,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "The number of bytes read from or written to the device per second", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 12, - "y": 29 + "y": 11 }, "hiddenSeries": false, "id": 33, @@ -7820,9 +7999,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -7917,20 +8097,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 4, "legendFormat": "{{device}} - Read bytes", "refId": "A", - "step": 8 + "step": 240 }, { - "expr": "irate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Written bytes", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -7953,6 +8133,7 @@ }, "yaxes": [ { + "$$hashKey": "object:369", "format": "Bps", "label": "bytes read (-) / write (+)", "logBase": 1, @@ -7961,6 +8142,7 @@ "show": true }, { + "$$hashKey": "object:370", "format": "short", "label": null, "logBase": 1, @@ -7980,14 +8162,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "The average time for requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 3, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 39 + "y": 21 }, "hiddenSeries": false, "id": 37, @@ -8011,9 +8200,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -8108,27 +8298,29 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_read_time_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_read_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) / rate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "hide": false, + "interval": "", "intervalFactor": 4, - "legendFormat": "{{device}} - Read time", + "legendFormat": "{{device}} - r_await", "refId": "A", - "step": 8 + "step": 240 }, { - "expr": "irate(node_disk_write_time_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_write_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) / rate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "hide": false, + "interval": "", "intervalFactor": 2, - "legendFormat": "{{device}} - Write time", + "legendFormat": "{{device}} - w_await", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Disk R/W Time", + "title": "Disk Average Wait Time", "tooltip": { "shared": false, "sort": 0, @@ -8144,6 +8336,7 @@ }, "yaxes": [ { + "$$hashKey": "object:441", "format": "s", "label": "time. read (-) / write (+)", "logBase": 1, @@ -8152,6 +8345,7 @@ "show": true }, { + "$$hashKey": "object:442", "format": "short", "label": null, "logBase": 1, @@ -8171,14 +8365,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "The average queue length of the requests that were issued to the device", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 12, - "y": 39 + "y": 21 }, "hiddenSeries": false, "id": 35, @@ -8202,9 +8403,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -8295,18 +8497,19 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_io_time_weighted_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_io_time_weighted_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", "intervalFactor": 4, - "legendFormat": "{{device}} - IO time weighted", + "legendFormat": "{{device}}", "refId": "A", - "step": 8 + "step": 240 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Disk IOs Weighted", + "title": "Average Queue Size", "tooltip": { "shared": false, "sort": 0, @@ -8322,14 +8525,16 @@ }, "yaxes": [ { - "format": "s", - "label": "time", + "$$hashKey": "object:513", + "format": "none", + "label": "aqu-sz", "logBase": 1, "max": null, "min": "0", "show": true }, { + "$$hashKey": "object:514", "format": "short", "label": null, "logBase": 1, @@ -8349,14 +8554,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "The number of read and write requests merged per second that were queued to the device", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 49 + "y": 31 }, "hiddenSeries": false, "id": 133, @@ -8380,9 +8592,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -8477,18 +8690,18 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_reads_merged_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_reads_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "intervalFactor": 2, "legendFormat": "{{device}} - Read merged", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_disk_writes_merged_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_writes_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "intervalFactor": 2, "legendFormat": "{{device}} - Write merged", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -8511,6 +8724,7 @@ }, "yaxes": [ { + "$$hashKey": "object:585", "format": "iops", "label": "I/Os", "logBase": 1, @@ -8519,6 +8733,7 @@ "show": true }, { + "$$hashKey": "object:586", "format": "short", "label": null, "logBase": 1, @@ -8538,14 +8753,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "Percentage of elapsed time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100% for devices serving requests serially. But for devices serving requests in parallel, such as RAID arrays and modern SSDs, this number does not reflect their performance limits.", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 3, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 12, - "y": 49 + "y": 31 }, "hiddenSeries": false, "id": 36, @@ -8569,9 +8791,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -8662,19 +8885,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", - "intervalFactor": 4, - "legendFormat": "{{device}} - IO time", - "refId": "A", - "step": 8 - }, - { - "expr": "irate(node_disk_discard_time_seconds_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "interval": "", "intervalFactor": 4, - "legendFormat": "{{device}} - discard time", + "legendFormat": "{{device}} - IO", + "refId": "A", + "step": 240 + }, + { + "expr": "rate(node_disk_discard_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "intervalFactor": 4, + "legendFormat": "{{device}} - discard", "refId": "B", - "step": 8 + "step": 240 } ], "thresholds": [], @@ -8697,14 +8921,16 @@ }, "yaxes": [ { - "format": "s", - "label": "time", + "$$hashKey": "object:657", + "format": "percentunit", + "label": "%util", "logBase": 1, "max": null, "min": "0", "show": true }, { + "$$hashKey": "object:658", "format": "short", "label": null, "logBase": 1, @@ -8724,14 +8950,21 @@ "dashLength": 10, "dashes": false, "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "The number of outstanding requests at the instant the sample was taken. Incremented as requests are given to appropriate struct request_queue and decremented as they finish.", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 59 + "y": 41 }, "hiddenSeries": false, "id": 34, @@ -8755,9 +8988,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -8848,18 +9082,18 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_io_now{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_io_now{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "intervalFactor": 4, "legendFormat": "{{device}} - IO now", "refId": "A", - "step": 8 + "step": 240 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Disk IOs Current in Progress", + "title": "Instantaneous Queue Size", "tooltip": { "shared": false, "sort": 0, @@ -8875,6 +9109,7 @@ }, "yaxes": [ { + "$$hashKey": "object:729", "format": "iops", "label": "I/Os", "logBase": 1, @@ -8883,6 +9118,7 @@ "show": true }, { + "$$hashKey": "object:730", "format": "short", "label": null, "logBase": 1, @@ -8903,13 +9139,20 @@ "dashes": false, "datasource": "${DS_PROMETHEUS}", "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 12, - "y": 59 + "y": 41 }, "hiddenSeries": false, "id": 301, @@ -8931,9 +9174,10 @@ "maxPerRow": 6, "nullPointMode": "null as zero", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -9044,20 +9288,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_disk_discards_completed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_discards_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "interval": "", "intervalFactor": 4, "legendFormat": "{{device}} - Discards completed", "refId": "A", - "step": 8 + "step": 240 }, { - "expr": "irate(node_disk_discards_merged_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_disk_discards_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "interval": "", "intervalFactor": 2, "legendFormat": "{{device}} - Discards merged", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9127,13 +9371,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": 3, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 78 + "y": 12 }, "hiddenSeries": false, "id": 43, @@ -9154,9 +9405,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -9173,7 +9425,7 @@ "legendFormat": "{{mountpoint}} - Available", "metric": "", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_filesystem_free_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", @@ -9182,7 +9434,7 @@ "intervalFactor": 2, "legendFormat": "{{mountpoint}} - Free", "refId": "B", - "step": 2 + "step": 240 }, { "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", @@ -9191,7 +9443,7 @@ "intervalFactor": 2, "legendFormat": "{{mountpoint}} - Size", "refId": "C", - "step": 2 + "step": 240 } ], "thresholds": [], @@ -9244,13 +9496,20 @@ "dashes": false, "datasource": "${DS_PROMETHEUS}", "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 12, - "y": 78 + "y": 12 }, "hiddenSeries": false, "id": 41, @@ -9271,9 +9530,10 @@ "links": [], "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -9289,7 +9549,7 @@ "intervalFactor": 2, "legendFormat": "{{mountpoint}} - Free file nodes", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9342,13 +9602,20 @@ "dashes": false, "datasource": "${DS_PROMETHEUS}", "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 88 + "y": 22 }, "hiddenSeries": false, "id": 28, @@ -9368,9 +9635,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -9385,7 +9653,7 @@ "intervalFactor": 4, "legendFormat": "Max open files", "refId": "A", - "step": 8 + "step": 240 }, { "expr": "node_filefd_allocated{instance=\"$node\",job=\"$job\"}", @@ -9393,7 +9661,7 @@ "intervalFactor": 2, "legendFormat": "Open files", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9444,13 +9712,20 @@ "dashes": false, "datasource": "${DS_PROMETHEUS}", "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 12, - "y": 88 + "y": 22 }, "hiddenSeries": false, "id": 219, @@ -9471,9 +9746,10 @@ "links": [], "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -9489,7 +9765,7 @@ "intervalFactor": 2, "legendFormat": "{{mountpoint}} - File nodes total", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9543,13 +9819,20 @@ "datasource": "${DS_PROMETHEUS}", "decimals": null, "description": "", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, "fill": 2, "fillGradient": 0, "gridPos": { "h": 10, "w": 12, "x": 0, - "y": 98 + "y": 32 }, "hiddenSeries": false, "id": 44, @@ -9572,9 +9855,10 @@ "maxPerRow": 6, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.7", "pointradius": 5, "points": false, "renderer": "flot", @@ -9589,16 +9873,16 @@ "intervalFactor": 2, "legendFormat": "{{mountpoint}} - ReadOnly", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "node_filesystem_device_error{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "expr": "node_filesystem_device_error{instance=\"$node\",job=\"$job\",device!~'rootfs',fstype!~'tmpfs'}", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "{{mountpoint}} - Device error", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9715,22 +9999,22 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_packets_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_packets_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "{{device}} - Receive", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_network_transmit_packets_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_packets_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "{{device}} - Transmit", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9828,20 +10112,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_errs_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_errs_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Receive errors", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_network_transmit_errs_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_errs_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Rransmit errors", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -9939,20 +10223,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_drop_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_drop_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Receive drop", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_network_transmit_drop_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_drop_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Transmit drop", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10050,20 +10334,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_compressed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_compressed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Receive compressed", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_network_transmit_compressed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_compressed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Transmit compressed", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10161,12 +10445,12 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_multicast_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_multicast_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Receive multicast", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10264,20 +10548,20 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_fifo_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_fifo_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Receive fifo", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_network_transmit_fifo_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_fifo_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Transmit fifo", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10376,13 +10660,13 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_receive_frame_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_receive_frame_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{device}} - Receive frame", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10477,12 +10761,12 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_transmit_carrier_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_carrier_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Statistic transmit_carrier", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10580,12 +10864,12 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_network_transmit_colls_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_network_transmit_colls_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}} - Transmit colls", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10685,7 +10969,7 @@ "intervalFactor": 2, "legendFormat": "NF conntrack entries", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_nf_conntrack_entries_limit{instance=\"$node\",job=\"$job\"}", @@ -10693,7 +10977,7 @@ "intervalFactor": 2, "legendFormat": "NF conntrack limit", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10788,7 +11072,7 @@ "intervalFactor": 2, "legendFormat": "{{ device }} - ARP entries", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10881,7 +11165,7 @@ "intervalFactor": 2, "legendFormat": "{{ device }} - Bytes", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -10975,7 +11259,7 @@ "intervalFactor": 2, "legendFormat": "{{ device }} - Speed", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -11069,7 +11353,7 @@ "intervalFactor": 2, "legendFormat": "{{ device }} - Interface transmit queue length", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -11169,22 +11453,22 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_softnet_processed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_softnet_processed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "CPU {{cpu}} - Processed", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_softnet_dropped_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_softnet_dropped_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "CPU {{cpu}} - Dropped", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -11279,13 +11563,13 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_softnet_times_squeezed_total{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_softnet_times_squeezed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "CPU {{cpu}} - Squeezed", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -11385,7 +11669,7 @@ "intervalFactor": 2, "legendFormat": "{{interface}} - Operational state UP", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_network_carrier{instance=\"$node\",job=\"$job\"}", @@ -12094,21 +12378,21 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_IpExt_InOctets{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_IpExt_InOctets{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "InOctets - Received octets", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_IpExt_OutOctets{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_IpExt_OutOctets{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "intervalFactor": 2, "legendFormat": "OutOctets - Sent octets", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12204,13 +12488,13 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Ip_Forwarding{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Ip_Forwarding{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "Forwarding - IP forwarding", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12311,22 +12595,22 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Icmp_InMsgs{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Icmp_InMsgs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "InMsgs - Messages which the entity received. Note that this counter includes all those counted by icmpInErrors", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Icmp_OutMsgs{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Icmp_OutMsgs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "OutMsgs - Messages which this entity attempted to send. Note that this counter includes all those counted by icmpOutErrors", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12425,13 +12709,13 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Icmp_InErrors{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Icmp_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "InErrors - Messages which the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.)", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12534,22 +12818,22 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Udp_InDatagrams{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Udp_InDatagrams{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "InDatagrams - Datagrams received", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Udp_OutDatagrams{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Udp_OutDatagrams{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "OutDatagrams - Datagrams sent", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12642,46 +12926,46 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Udp_InErrors{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Udp_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "InErrors - UDP Datagrams that could not be delivered to an application", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Udp_NoPorts{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Udp_NoPorts{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "NoPorts - UDP Datagrams received on a port with no listener", "refId": "B", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_UdpLite_InErrors{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_UdpLite_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "interval": "", "legendFormat": "InErrors Lite - UDPLite Datagrams that could not be delivered to an application", "refId": "C" }, { - "expr": "irate(node_netstat_Udp_RcvbufErrors{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Udp_RcvbufErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "RcvbufErrors - UDP buffer errors received", "refId": "D", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Udp_SndbufErrors{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Udp_SndbufErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "SndbufErrors - UDP buffer errors send", "refId": "E", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12786,23 +13070,23 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Tcp_InSegs{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Tcp_InSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "instant": false, "interval": "", "intervalFactor": 2, "legendFormat": "InSegs - Segments received, including those received in error. This count includes segments received on currently established connections", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Tcp_OutSegs{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Tcp_OutSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "OutSegs - Segments sent, including those on current connections but excluding those containing only retransmitted octets", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -12897,42 +13181,42 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_TcpExt_ListenOverflows{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_TcpExt_ListenOverflows{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 2, "legendFormat": "ListenOverflows - Times the listen queue of a socket overflowed", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_TcpExt_ListenDrops{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_TcpExt_ListenDrops{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 2, "legendFormat": "ListenDrops - SYNs to LISTEN sockets ignored", "refId": "B", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_TcpExt_TCPSynRetrans{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_TcpExt_TCPSynRetrans{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "TCPSynRetrans - SYN-SYN/ACK retransmits to break down retransmissions in SYN, fast/timeout retransmits", "refId": "C", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Tcp_RetransSegs{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Tcp_RetransSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "interval": "", "legendFormat": "RetransSegs - Segments retransmitted - that is, the number of TCP segments transmitted containing one or more previously transmitted octets", "refId": "D" }, { - "expr": "irate(node_netstat_Tcp_InErrs{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Tcp_InErrs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "interval": "", "legendFormat": "InErrs - Segments received in error (e.g., bad TCP checksums)", "refId": "E" @@ -13041,7 +13325,7 @@ "intervalFactor": 2, "legendFormat": "CurrEstab - TCP connections for which the current state is either ESTABLISHED or CLOSE- WAIT", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_netstat_Tcp_MaxConn{instance=\"$node\",job=\"$job\"}", @@ -13051,7 +13335,7 @@ "intervalFactor": 2, "legendFormat": "MaxConn - Limit on the total number of TCP connections the entity can support (Dinamic is \"-1\")", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -13153,34 +13437,34 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_TcpExt_SyncookiesFailed{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_TcpExt_SyncookiesFailed{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 2, "legendFormat": "SyncookiesFailed - Invalid SYN cookies received", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_TcpExt_SyncookiesRecv{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_TcpExt_SyncookiesRecv{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 2, "legendFormat": "SyncookiesRecv - SYN cookies received", "refId": "B", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_TcpExt_SyncookiesSent{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_TcpExt_SyncookiesSent{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "hide": false, "interval": "", "intervalFactor": 2, "legendFormat": "SyncookiesSent - SYN cookies sent", "refId": "C", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -13272,22 +13556,22 @@ "steppedLine": false, "targets": [ { - "expr": "irate(node_netstat_Tcp_ActiveOpens{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Tcp_ActiveOpens{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "ActiveOpens - TCP connections that have made a direct transition to the SYN-SENT state from the CLOSED state", "refId": "A", - "step": 4 + "step": 240 }, { - "expr": "irate(node_netstat_Tcp_PassiveOpens{instance=\"$node\",job=\"$job\"}[5m])", + "expr": "rate(node_netstat_Tcp_PassiveOpens{instance=\"$node\",job=\"$job\"}[$__rate_interval])", "format": "time_series", "interval": "", "intervalFactor": 2, "legendFormat": "PassiveOpens - TCP connections that have made a direct transition to the SYN-RCVD state from the LISTEN state", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -13400,7 +13684,7 @@ "intervalFactor": 2, "legendFormat": "{{collector}} - Scrape duration", "refId": "A", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -13502,7 +13786,7 @@ "intervalFactor": 2, "legendFormat": "{{collector}} - Scrape success", "refId": "A", - "step": 4 + "step": 240 }, { "expr": "node_textfile_scrape_error{instance=\"$node\",job=\"$job\"}", @@ -13512,7 +13796,7 @@ "intervalFactor": 2, "legendFormat": "{{collector}} - Scrape textfile error (1 = true)", "refId": "B", - "step": 4 + "step": 240 } ], "thresholds": [], @@ -13565,7 +13849,7 @@ } ], "refresh": "1m", - "schemaVersion": 22, + "schemaVersion": 26, "style": "dark", "tags": [ "linux" @@ -13578,6 +13862,7 @@ "text": "default", "value": "default" }, + "error": null, "hide": 0, "includeAll": false, "label": "datasource", @@ -13595,9 +13880,9 @@ "current": {}, "datasource": "${DS_PROMETHEUS}", "definition": "", + "error": null, "hide": 0, "includeAll": false, - "index": -1, "label": "Job", "multi": false, "name": "job", @@ -13618,9 +13903,9 @@ "current": {}, "datasource": "${DS_PROMETHEUS}", "definition": "label_values(node_uname_info{job=\"$job\"}, instance)", + "error": null, "hide": 0, "includeAll": false, - "index": -1, "label": "Host:", "multi": false, "name": "node", @@ -13643,6 +13928,7 @@ "text": "[a-z]+|nvme[0-9]+n[0-9]+", "value": "[a-z]+|nvme[0-9]+n[0-9]+" }, + "error": null, "hide": 2, "includeAll": false, "label": null, @@ -13691,11 +13977,7 @@ ] }, "timezone": "browser", - "title": "Prometheus Node Exporter Full", + "title": "Node Exporter Full", "uid": "rYdddlPWk", - "variables": { - "list": [] - }, - "version": 47, - "description": "Quick dashboard for Prometheus metrics" -} \ No newline at end of file + "version": 56 +} From 971dcbbc71d1bb73eb28f7cd20c23a33970305a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 17:16:15 +0200 Subject: [PATCH 034/904] flake: use packages overlay for poseidon --- flake.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 4a4ca9a..7bbe528 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,9 @@ { nixpkgs.overlays = [ - (final: prev: { + (self: super: { + packages = import ./pkgs { pkgs = super; }; + # packages accessible through pkgs.unstable.package unstable = import nixpkgs-unstable { inherit system; From 786d884e3abff7191accb1efd57a6d95eafdceee Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 17:13:07 +0200 Subject: [PATCH 035/904] services: monitoring: package grafana dashboards --- pkgs/default.nix | 1 + pkgs/grafana-dashboards/default.nix | 5 + pkgs/grafana-dashboards/nginx.nix | 28 + pkgs/grafana-dashboards/node-exporter.nix | 28 + .../grafana-dashboards/nginx_dashboard.json | 567 - .../node-exporter-full.json | 13983 ---------------- services/monitoring.nix | 9 +- 7 files changed, 69 insertions(+), 14552 deletions(-) create mode 100644 pkgs/grafana-dashboards/default.nix create mode 100644 pkgs/grafana-dashboards/nginx.nix create mode 100644 pkgs/grafana-dashboards/node-exporter.nix delete mode 100644 services/grafana-dashboards/nginx_dashboard.json delete mode 100644 services/grafana-dashboards/node-exporter-full.json diff --git a/pkgs/default.nix b/pkgs/default.nix index e7e4804..4070359 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,4 +2,5 @@ { sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; + grafana-dashboards = pkgs.callPackage ./grafana-dashboards {}; } diff --git a/pkgs/grafana-dashboards/default.nix b/pkgs/grafana-dashboards/default.nix new file mode 100644 index 0000000..f489974 --- /dev/null +++ b/pkgs/grafana-dashboards/default.nix @@ -0,0 +1,5 @@ +{ callPackage }: +{ + nginx = callPackage ./nginx.nix {}; + node-exporter = callPackage ./node-exporter.nix {}; +} diff --git a/pkgs/grafana-dashboards/nginx.nix b/pkgs/grafana-dashboards/nginx.nix new file mode 100644 index 0000000..5e7c4bd --- /dev/null +++ b/pkgs/grafana-dashboards/nginx.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchFromGitHub, lib, ... }: +let + version = "0.9.0"; +in +stdenv.mkDerivation { + inherit version; + pname = "grafana-dashboard-nginx"; + + dontBuild = true; + + src = fetchFromGitHub { + owner = "nginxinc"; + repo = "nginx-prometheus-exporter"; + rev = "v${version}"; + sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf"; + }; + + installPhase = '' + mkdir -p $out + cp grafana/dashboard.json $out/dashboard.json + ''; + + meta = with lib; { + description = "grafana dashboard for NGINX exporter"; + homepage = "https://github.com/nginxinc/nginx-prometheus-exporter"; + license = licenses.asl20; + }; +} diff --git a/pkgs/grafana-dashboards/node-exporter.nix b/pkgs/grafana-dashboards/node-exporter.nix new file mode 100644 index 0000000..98054a0 --- /dev/null +++ b/pkgs/grafana-dashboards/node-exporter.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchFromGitHub, lib, ... }: +let + version = "7d61c79619e5749e629758ecd96748c010028120"; +in +stdenv.mkDerivation { + version = "master-${version}"; + pname = "grafana-dashboard-node-exporter"; + + dontBuild = true; + + src = fetchFromGitHub { + owner = "rfrail3"; + repo = "grafana-dashboards"; + rev = version; + sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6"; + }; + + installPhase = '' + mkdir -p $out + cp prometheus/node-exporter-full.json $out/node-exporter-full.json + ''; + + meta = with lib; { + description = "grafana dashboard for node exporter"; + homepage = "https://github.com/rfrail3/grafana-dashboards"; + license = licenses.lgpl3Only; + }; +} diff --git a/services/grafana-dashboards/nginx_dashboard.json b/services/grafana-dashboards/nginx_dashboard.json deleted file mode 100644 index 710eb2f..0000000 --- a/services/grafana-dashboards/nginx_dashboard.json +++ /dev/null @@ -1,567 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "Official dashboard for NGINX Prometheus exporter", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1562682051068, - "links": [], - "panels": [ - { - "datasource": "${DS_PROMETHEUS}", - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 4, - "panels": [], - "title": "Status", - "type": "row" - }, - { - "datasource": "${DS_PROMETHEUS}", - "cacheTimeout": null, - "colorBackground": true, - "colorPostfix": false, - "colorPrefix": false, - "colorValue": false, - "colors": [ - "#E02F44", - "#FF9830", - "#299c46" - ], - "decimals": null, - "description": "", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 8, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeat": "instance", - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "nginx_up{instance=~\"$instance\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "1,1", - "timeFrom": null, - "timeShift": null, - "title": "NGINX Status for $instance", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "Down", - "value": "0" - }, - { - "op": "=", - "text": "Up", - "value": "1" - } - ], - "valueName": "current" - }, - { - "datasource": "${DS_PROMETHEUS}", - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 4 - }, - "id": 6, - "panels": [], - "title": "Metrics", - "type": "row" - }, - { - "datasource": "${DS_PROMETHEUS}", - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "decimals": null, - "description": "", - "fill": 1, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 5 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": {}, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(nginx_connections_accepted{instance=~\"$instance\"}[5m])", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{instance}} accepted", - "refId": "A" - }, - { - "expr": "irate(nginx_connections_handled{instance=~\"$instance\"}[5m])", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{instance}} handled", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processed connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": "Connections (rate)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "${DS_PROMETHEUS}", - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "decimals": 0, - "fill": 1, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 5 - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": {}, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "nginx_connections_active{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} active", - "refId": "A" - }, - { - "expr": "nginx_connections_reading{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} reading", - "refId": "B" - }, - { - "expr": "nginx_connections_waiting{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} waiting", - "refId": "C" - }, - { - "expr": "nginx_connections_writing{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} writing", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Active Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "Connections", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "${DS_PROMETHEUS}", - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 15 - }, - "id": 15, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": {}, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(nginx_http_requests_total{instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} total requests", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Total requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "5s", - "schemaVersion": 18, - "style": "dark", - "tags": [ - "nginx", - "prometheus", - "nginx prometheus exporter" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "tags": [], - "text": "default", - "value": "default" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": null, - "current": {}, - "datasource": "${DS_PROMETHEUS}", - "definition": "label_values(nginx_up, instance)", - "hide": 0, - "includeAll": true, - "label": "", - "multi": true, - "name": "instance", - "options": [], - "query": "label_values(nginx_up, instance)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "NGINX", - "uid": "MsjffzSZz", - "version": 1 -} diff --git a/services/grafana-dashboards/node-exporter-full.json b/services/grafana-dashboards/node-exporter-full.json deleted file mode 100644 index 0f336f0..0000000 --- a/services/grafana-dashboards/node-exporter-full.json +++ /dev/null @@ -1,13983 +0,0 @@ -{ - "__inputs": [ - { - "name": "DS_PROMETHEUS", - "label": "Prometheus", - "description": "", - "type": "datasource", - "pluginId": "prometheus", - "pluginName": "Prometheus" - } - ], - "__requires": [ - { - "type": "panel", - "id": "gauge", - "name": "Gauge", - "version": "" - }, - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "7.3.7" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "1.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "" - } - ], - "annotations": { - "list": [ - { - "$$hashKey": "object:1058", - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": 1860, - "graphTooltip": 0, - "id": null, - "iteration": 1614605016686, - "links": [ - { - "icon": "external link", - "tags": [], - "title": "Github", - "type": "link", - "url": "https://github.com/rfrail3/grafana-dashboards" - }, - { - "icon": "external link", - "tags": [], - "title": "Grafana", - "type": "link", - "url": "https://grafana.com/grafana/dashboards/1860" - } - ], - "panels": [ - { - "collapsed": false, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 261, - "panels": [], - "repeat": null, - "title": "Quick CPU / Mem / Disk", - "type": "row" - }, - { - "cacheTimeout": null, - "datasource": "${DS_PROMETHEUS}", - "description": "Busy state of all CPU cores together", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 0, - "y": 1 - }, - "id": 20, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "7.3.7", - "targets": [ - { - "expr": "(((count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))) - avg(sum by (mode)(rate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[$__rate_interval])))) * 100) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", - "hide": false, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A", - "step": 240 - } - ], - "title": "CPU Busy", - "type": "gauge" - }, - { - "cacheTimeout": null, - "datasource": "${DS_PROMETHEUS}", - "description": "Busy state of all CPU cores together (5 min average)", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 3, - "y": 1 - }, - "id": 155, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "7.3.7", - "targets": [ - { - "expr": "avg(node_load5{instance=\"$node\",job=\"$job\"}) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)) * 100", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "title": "Sys Load (5m avg)", - "type": "gauge" - }, - { - "cacheTimeout": null, - "datasource": "${DS_PROMETHEUS}", - "description": "Busy state of all CPU cores together (15 min average)", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 6, - "y": 1 - }, - "id": 19, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "7.3.7", - "targets": [ - { - "expr": "avg(node_load15{instance=\"$node\",job=\"$job\"}) / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)) * 100", - "hide": false, - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "title": "Sys Load (15m avg)", - "type": "gauge" - }, - { - "cacheTimeout": null, - "datasource": "${DS_PROMETHEUS}", - "description": "Non available RAM memory", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": {}, - "decimals": 0, - "mappings": [], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 9, - "y": 1 - }, - "hideTimeOverride": false, - "id": 16, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "7.3.7", - "targets": [ - { - "expr": "((node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"}) / (node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} )) * 100", - "format": "time_series", - "hide": true, - "intervalFactor": 1, - "refId": "A", - "step": 240 - }, - { - "expr": "100 - ((node_memory_MemAvailable_bytes{instance=\"$node\",job=\"$job\"} * 100) / node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "B", - "step": 240 - } - ], - "title": "RAM Used", - "type": "gauge" - }, - { - "cacheTimeout": null, - "datasource": "${DS_PROMETHEUS}", - "description": "Used Swap", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 10 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 25 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 12, - "y": 1 - }, - "id": 21, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "7.3.7", - "targets": [ - { - "expr": "((node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"}) / (node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} )) * 100", - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "title": "SWAP Used", - "type": "gauge" - }, - { - "cacheTimeout": null, - "datasource": "${DS_PROMETHEUS}", - "description": "Used Root FS", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "null", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 15, - "y": 1 - }, - "id": 154, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "7.3.7", - "targets": [ - { - "expr": "100 - ((node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",mountpoint=\"/\",fstype!=\"rootfs\"} * 100) / node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",mountpoint=\"/\",fstype!=\"rootfs\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "title": "Root FS Used", - "type": "gauge" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "${DS_PROMETHEUS}", - "description": "Total number of CPU cores", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "short", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 2, - "x": 18, - "y": 1 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "maxPerRow": 6, - "nullPointMode": "null", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A", - "step": 240 - } - ], - "thresholds": "", - "title": "CPU Cores", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "${DS_PROMETHEUS}", - "decimals": 1, - "description": "System uptime", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 20, - "y": 1 - }, - "hideTimeOverride": true, - "id": 15, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "$$hashKey": "object:1094", - "name": "value to text", - "value": 1 - }, - { - "$$hashKey": "object:1095", - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "null", - "nullText": null, - "postfix": "s", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "node_time_seconds{instance=\"$node\",job=\"$job\"} - node_boot_time_seconds{instance=\"$node\",job=\"$job\"}", - "intervalFactor": 2, - "refId": "A", - "step": 240 - } - ], - "thresholds": "", - "title": "Uptime", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "$$hashKey": "object:1097", - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "${DS_PROMETHEUS}", - "decimals": 0, - "description": "Total RootFS", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 2, - "x": 18, - "y": 3 - }, - "id": 23, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "maxPerRow": 6, - "nullPointMode": "null", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",mountpoint=\"/\",fstype!=\"rootfs\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "thresholds": "70,90", - "title": "RootFS Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "${DS_PROMETHEUS}", - "decimals": 0, - "description": "Total RAM", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 2, - "x": 20, - "y": 3 - }, - "id": 75, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "maxPerRow": 6, - "nullPointMode": "null", - "nullText": null, - "postfix": "", - "postfixFontSize": "70%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"}", - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "thresholds": "", - "title": "RAM Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "${DS_PROMETHEUS}", - "decimals": 0, - "description": "Total SWAP", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 2, - "x": 22, - "y": 3 - }, - "id": 18, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "maxPerRow": 6, - "nullPointMode": "null", - "nullText": null, - "postfix": "", - "postfixFontSize": "70%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"}", - "intervalFactor": 1, - "refId": "A", - "step": 240 - } - ], - "thresholds": "", - "title": "SWAP Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "collapsed": false, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 263, - "panels": [], - "repeat": null, - "title": "Basic CPU / Mem / Net / Disk", - "type": "row" - }, - { - "aliasColors": { - "Busy": "#EAB839", - "Busy Iowait": "#890F02", - "Busy other": "#1F78C1", - "Idle": "#052B51", - "Idle - Waiting for something to happen": "#052B51", - "guest": "#9AC48A", - "idle": "#052B51", - "iowait": "#EAB839", - "irq": "#BF1B00", - "nice": "#C15C17", - "softirq": "#E24D42", - "steal": "#FCE2DE", - "system": "#508642", - "user": "#5195CE" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "description": "Basic CPU info", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 6 - }, - "hiddenSeries": false, - "id": 77, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": 250, - "sort": null, - "sortDesc": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": true, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Busy Iowait", - "color": "#890F02" - }, - { - "alias": "Idle", - "color": "#7EB26D" - }, - { - "alias": "Busy System", - "color": "#EAB839" - }, - { - "alias": "Busy User", - "color": "#0A437C" - }, - { - "alias": "Busy Other", - "color": "#6D1F62" - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Busy System", - "refId": "A", - "step": 240 - }, - { - "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode='user',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Busy User", - "refId": "B", - "step": 240 - }, - { - "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode='iowait',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Busy Iowait", - "refId": "C", - "step": 240 - }, - { - "expr": "sum by (instance)(rate(node_cpu_seconds_total{mode=~\".*irq\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Busy IRQs", - "refId": "D", - "step": 240 - }, - { - "expr": "sum (rate(node_cpu_seconds_total{mode!='idle',mode!='user',mode!='system',mode!='iowait',mode!='irq',mode!='softirq',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Busy Other", - "refId": "E", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Idle", - "refId": "F", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Basic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:123", - "format": "short", - "label": "", - "logBase": 1, - "max": "100", - "min": "0", - "show": true - }, - { - "$$hashKey": "object:124", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "SWAP Used": "#BF1B00", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap Used": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "description": "Basic memory usage", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 6 - }, - "hiddenSeries": false, - "id": 78, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "RAM Total", - "color": "#E0F9D7", - "fill": 0, - "stack": false - }, - { - "alias": "RAM Cache + Buffer", - "color": "#052B51" - }, - { - "alias": "RAM Free", - "color": "#7EB26D" - }, - { - "alias": "Avaliable", - "color": "#DEDAF7", - "fill": 0, - "stack": false - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "RAM Total", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"} - (node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"} + node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "RAM Used", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"} + node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RAM Cache + Buffer", - "refId": "C", - "step": 240 - }, - { - "expr": "node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RAM Free", - "refId": "D", - "step": 240 - }, - { - "expr": "(node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "SWAP Used", - "refId": "E", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Basic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Recv_bytes_eth2": "#7EB26D", - "Recv_bytes_lo": "#0A50A1", - "Recv_drop_eth2": "#6ED0E0", - "Recv_drop_lo": "#E0F9D7", - "Recv_errs_eth2": "#BF1B00", - "Recv_errs_lo": "#CCA300", - "Trans_bytes_eth2": "#7EB26D", - "Trans_bytes_lo": "#0A50A1", - "Trans_drop_eth2": "#6ED0E0", - "Trans_drop_lo": "#E0F9D7", - "Trans_errs_eth2": "#BF1B00", - "Trans_errs_lo": "#CCA300", - "recv_bytes_lo": "#0A50A1", - "recv_drop_eth0": "#99440A", - "recv_drop_lo": "#967302", - "recv_errs_eth0": "#BF1B00", - "recv_errs_lo": "#890F02", - "trans_bytes_eth0": "#7EB26D", - "trans_bytes_lo": "#0A50A1", - "trans_drop_eth0": "#99440A", - "trans_drop_lo": "#967302", - "trans_errs_eth0": "#BF1B00", - "trans_errs_lo": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "Basic network info per interface", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 13 - }, - "hiddenSeries": false, - "id": 74, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "recv {{device}}", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "trans {{device}} ", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Basic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "pps", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 3, - "description": "Disk space used of all filesystems mounted", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 13 - }, - "height": "", - "hiddenSeries": false, - "id": 152, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "100 - ((node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'} * 100) / node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{mountpoint}}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Space Used Basic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": "100", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 265, - "panels": [ - { - "aliasColors": { - "Idle - Waiting for something to happen": "#052B51", - "guest": "#9AC48A", - "idle": "#052B51", - "iowait": "#EAB839", - "irq": "#BF1B00", - "nice": "#C15C17", - "softirq": "#E24D42", - "steal": "#FCE2DE", - "system": "#508642", - "user": "#5195CE" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 0, - "y": 3 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 250, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": true, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 2, - "legendFormat": "System - Processes executing in kernel mode", - "refId": "A", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='user',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "User - Normal processes executing in user mode", - "refId": "B", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='nice',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Nice - Niced processes executing in user mode", - "refId": "C", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='idle',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Idle - Waiting for something to happen", - "refId": "D", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='iowait',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Iowait - Waiting for I/O to complete", - "refId": "E", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='irq',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Irq - Servicing interrupts", - "refId": "F", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='softirq',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Softirq - Servicing softirqs", - "refId": "G", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='steal',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Steal - Time spent in other operating systems when running in a virtualized environment", - "refId": "H", - "step": 240 - }, - { - "expr": "sum by (mode)(rate(node_cpu_seconds_total{mode='guest',instance=\"$node\",job=\"$job\"}[$__rate_interval])) * 100", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Guest - Time spent running a virtual CPU for a guest operating system", - "refId": "I", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "percentage", - "logBase": 1, - "max": "100", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap - Swap memory usage": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839", - "Unused - Free memory unassigned": "#052B51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 12, - "y": 3 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Hardware Corrupted - *./", - "stack": false - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"} - node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"} - node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"} - node_memory_Slab_bytes{instance=\"$node\",job=\"$job\"} - node_memory_PageTables_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapCached_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Apps - Memory used by user-space applications", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_PageTables_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "PageTables - Memory used to map between virtual and physical memory addresses", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_SwapCached_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "SwapCache - Memory that keeps track of pages that have been fetched from swap but not yet been modified", - "refId": "C", - "step": 240 - }, - { - "expr": "node_memory_Slab_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Slab - Memory used by the kernel to cache data structures for its own use (caches like inode, dentry, etc)", - "refId": "D", - "step": 240 - }, - { - "expr": "node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Cache - Parked file data (file content) cache", - "refId": "E", - "step": 240 - }, - { - "expr": "node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Buffers - Block device (e.g. harddisk) cache", - "refId": "F", - "step": 240 - }, - { - "expr": "node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Unused - Free memory unassigned", - "refId": "G", - "step": 240 - }, - { - "expr": "(node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Swap - Swap space used", - "refId": "H", - "step": 240 - }, - { - "expr": "node_memory_HardwareCorrupted_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working", - "refId": "I", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Stack", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "receive_packets_eth0": "#7EB26D", - "receive_packets_lo": "#E24D42", - "transmit_packets_eth0": "#7EB26D", - "transmit_packets_lo": "#E24D42" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 0, - "y": 15 - }, - "hiddenSeries": false, - "id": 84, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:5871", - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Transmit", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:5884", - "format": "bps", - "label": "bits out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:5885", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 3, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 12, - "y": 15 - }, - "height": "", - "hiddenSeries": false, - "id": 156, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": false, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'} - node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{mountpoint}}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Space Used", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 229, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Read.*/", - "transform": "negative-Y" - }, - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", - "intervalFactor": 4, - "legendFormat": "{{device}} - Reads completed", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{device}} - Writes completed", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk IOps", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "iops", - "label": "IO read (-) / write (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "io time": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 3, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 12, - "y": 27 - }, - "hiddenSeries": false, - "id": 42, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*read*./", - "transform": "negative-Y" - }, - { - "alias": "/.*sda.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde.*/", - "color": "#E24D42" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{device}} - Successfully read bytes", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{device}} - Successfully written bytes", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "I/O Usage Read / Write", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": false, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:965", - "format": "Bps", - "label": "bytes read (-) / write (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:966", - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "io time": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 3, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 4, - "fillGradient": 0, - "gridPos": { - "h": 12, - "w": 12, - "x": 0, - "y": 39 - }, - "hiddenSeries": false, - "id": 127, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\",device=~\"$diskdevices\"} [$__rate_interval])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{device}}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "I/O Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": false, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1041", - "format": "percentunit", - "label": "%util", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1042", - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "CPU / Memory / Net / Disk", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 266, - "panels": [ - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 70 - }, - "hiddenSeries": false, - "id": 136, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 2, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Inactive_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Inactive - Memory which has been less recently used. It is more eligible to be reclaimed for other purposes", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_Active_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Active - Memory that has been used more recently and usually not reclaimed unless absolutely necessary", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Active / Inactive", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 70 - }, - "hiddenSeries": false, - "id": 135, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Committed_AS - *./" - }, - { - "alias": "/.*CommitLimit - *./", - "color": "#BF1B00", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Committed_AS_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Committed_AS - Amount of memory presently allocated on the system", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_CommitLimit_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "CommitLimit - Amount of memory currently available to be allocated on the system", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Commited", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 80 - }, - "hiddenSeries": false, - "id": 191, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Inactive_file_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Inactive_file - File-backed memory on inactive LRU list", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_Inactive_anon_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Inactive_anon - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem)", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_Active_file_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Active_file - File-backed memory on active LRU list", - "refId": "C", - "step": 240 - }, - { - "expr": "node_memory_Active_anon_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Active_anon - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs", - "refId": "D", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Active / Inactive Detail", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "Total Swap": "#614D93", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 80 - }, - "hiddenSeries": false, - "id": 130, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 2, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Writeback_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Writeback - Memory which is actively being written back to disk", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_WritebackTmp_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "WritebackTmp - Memory used by FUSE for temporary writeback buffers", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_Dirty_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Dirty - Memory which is waiting to get written back to the disk", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Writeback and Dirty", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 90 - }, - "hiddenSeries": false, - "id": 138, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:4131", - "alias": "ShmemHugePages - Memory used by shared memory (shmem) and tmpfs allocated with huge pages", - "fill": 0 - }, - { - "$$hashKey": "object:4138", - "alias": "ShmemHugePages - Memory used by shared memory (shmem) and tmpfs allocated with huge pages", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Mapped_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Mapped - Used memory in mapped pages files which have been mmaped, such as libraries", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_Shmem_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Shmem - Used shared memory (shared between several processes, thus including RAM disks)", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_ShmemHugePages_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "ShmemHugePages - Memory used by shared memory (shmem) and tmpfs allocated with huge pages", - "refId": "C", - "step": 240 - }, - { - "expr": "node_memory_ShmemPmdMapped_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "ShmemPmdMapped - Ammount of shared (shmem/tmpfs) memory backed by huge pages", - "refId": "D", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Shared and Mapped", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:4106", - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:4107", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "Total Swap": "#614D93", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 90 - }, - "hiddenSeries": false, - "id": 131, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 2, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_SUnreclaim_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "SUnreclaim - Part of Slab, that cannot be reclaimed on memory pressure", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_SReclaimable_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "SReclaimable - Part of Slab, that might be reclaimed, such as caches", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Slab", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 100 - }, - "hiddenSeries": false, - "id": 70, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_VmallocChunk_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "VmallocChunk - Largest contigious block of vmalloc area which is free", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_VmallocTotal_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "VmallocTotal - Total size of vmalloc memory area", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_VmallocUsed_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "VmallocUsed - Amount of vmalloc area which is used", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Vmalloc", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 100 - }, - "hiddenSeries": false, - "id": 159, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Bounce_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Bounce - Memory used for block device bounce buffers", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Bounce", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 110 - }, - "hiddenSeries": false, - "id": 129, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Inactive *./", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_AnonHugePages_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "AnonHugePages - Memory in anonymous huge pages", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_AnonPages_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "AnonPages - Memory in user pages not backed by files", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Anonymous", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 110 - }, - "hiddenSeries": false, - "id": 160, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 2, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_KernelStack_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "KernelStack - Kernel memory stack. This is not reclaimable", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_Percpu_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "PerCPU - Per CPU memory allocated dynamically by loadable modules", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Kernel / CPU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#806EB7", - "Total RAM + Swap": "#806EB7", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 120 - }, - "hiddenSeries": false, - "id": 140, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_HugePages_Free{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "HugePages_Free - Huge pages in the pool that are not yet allocated", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_HugePages_Rsvd{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "HugePages_Rsvd - Huge pages for which a commitment to allocate from the pool has been made, but no allocation has yet been made", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_HugePages_Surp{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "HugePages_Surp - Huge pages in the pool above the value in /proc/sys/vm/nr_hugepages", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory HugePages Counter", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "pages", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#806EB7", - "Total RAM + Swap": "#806EB7", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 120 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 2, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_HugePages_Total{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "HugePages - Total size of the pool of huge pages", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_Hugepagesize_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Hugepagesize - Huge Page size", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory HugePages Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 130 - }, - "hiddenSeries": false, - "id": 128, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_DirectMap1G_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "DirectMap1G - Amount of pages mapped as this size", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_DirectMap2M_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "DirectMap2M - Amount of pages mapped as this size", - "refId": "B", - "step": 240 - }, - { - "expr": "node_memory_DirectMap4k_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "DirectMap4K - Amount of pages mapped as this size", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory DirectMap", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 130 - }, - "hiddenSeries": false, - "id": 137, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_Unevictable_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Unevictable - Amount of unevictable memory that can't be swapped out for a variety of reasons", - "refId": "A", - "step": 240 - }, - { - "expr": "node_memory_Mlocked_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "MLocked - Size of pages locked to memory using the mlock() system call", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Unevictable and MLocked", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "Total Swap": "#614D93", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 140 - }, - "hiddenSeries": false, - "id": 132, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_NFS_Unstable_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "NFS Unstable - Memory in NFS pages sent to the server, but not yet commited to the storage", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory NFS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Memory Meminfo", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 22 - }, - "id": 267, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 23 - }, - "hiddenSeries": false, - "id": 176, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*out/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_vmstat_pgpgin{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pagesin - Page in operations", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_vmstat_pgpgout{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pagesout - Page out operations", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Pages In / Out", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "pages out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 23 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*out/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_vmstat_pswpin{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pswpin - Pages swapped in", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_vmstat_pswpout{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pswpout - Pages swapped out", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Pages Swap In / Out", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "pages out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Apps": "#629E51", - "Buffers": "#614D93", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Free": "#0A437C", - "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working": "#CFFAFF", - "Inactive": "#584477", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "RAM_Free": "#E0F9D7", - "Slab": "#806EB7", - "Slab_Cache": "#E0752D", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Swap_Free": "#2F575E", - "Unused": "#EAB839" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 33 - }, - "hiddenSeries": false, - "id": 175, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 350, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:6118", - "alias": "Pgfault - Page major and minor fault operations", - "fill": 0, - "stack": false - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pgfault - Page major and minor fault operations", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pgmajfault - Major page fault operations", - "refId": "B", - "step": 240 - }, - { - "expr": "rate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[$__rate_interval]) - rate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Pgminfault - Minor page fault operations", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Page Faults", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6133", - "format": "short", - "label": "faults", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6134", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Active": "#99440A", - "Buffers": "#58140C", - "Cache": "#6D1F62", - "Cached": "#511749", - "Committed": "#508642", - "Dirty": "#6ED0E0", - "Free": "#B7DBAB", - "Inactive": "#EA6460", - "Mapped": "#052B51", - "PageTables": "#0A50A1", - "Page_Tables": "#0A50A1", - "Slab_Cache": "#EAB839", - "Swap": "#BF1B00", - "Swap_Cache": "#C15C17", - "Total": "#511749", - "Total RAM": "#052B51", - "Total RAM + Swap": "#052B51", - "Total Swap": "#614D93", - "VmallocUsed": "#EA6460" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 2, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 33 - }, - "hiddenSeries": false, - "id": 307, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_vmstat_oom_kill{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "oom killer invocations ", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "OOM Killer", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:5373", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:5374", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Memory Vmstat", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 23 - }, - "id": 293, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 260, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Variation*./", - "color": "#890F02" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_timex_estimated_error_seconds{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Estimated error in seconds", - "refId": "A", - "step": 240 - }, - { - "expr": "node_timex_offset_seconds{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Time offset in between local system and reference clock", - "refId": "B", - "step": 240 - }, - { - "expr": "node_timex_maxerror_seconds{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Maximum error in seconds", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time Syncronized Drift", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "seconds", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 24 - }, - "hiddenSeries": false, - "id": 291, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_timex_loop_time_constant{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Phase-locked loop time adjust", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time PLL Adjust", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 34 - }, - "hiddenSeries": false, - "id": 168, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Variation*./", - "color": "#890F02" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_timex_sync_status{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Is clock synchronized to a reliable server (1 = yes, 0 = no)", - "refId": "A", - "step": 240 - }, - { - "expr": "node_timex_frequency_adjustment_ratio{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Local clock frequency adjustment", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time Syncronized Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 34 - }, - "hiddenSeries": false, - "id": 294, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_timex_tick_seconds{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Seconds between clock ticks", - "refId": "A", - "step": 240 - }, - { - "expr": "node_timex_tai_offset_seconds{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "International Atomic Time (TAI) offset", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time Misc", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "seconds", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "System Timesync", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 24 - }, - "id": 312, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 62, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_procs_blocked{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Processes blocked waiting for I/O to complete", - "refId": "A", - "step": 240 - }, - { - "expr": "node_procs_running{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Processes in runnable state", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processes Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6500", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6501", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 7 - }, - "hiddenSeries": false, - "id": 315, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_processes_state{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ state }}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processes State", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6500", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6501", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 17 - }, - "hiddenSeries": false, - "id": 148, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_forks_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Processes forks second", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processes Forks", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6640", - "format": "short", - "label": "forks / sec", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6641", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 17 - }, - "hiddenSeries": false, - "id": 149, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Max.*/", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Processes virtual memory size in bytes", - "refId": "A", - "step": 240 - }, - { - "expr": "process_resident_memory_max_bytes{instance=\"$node\",job=\"$job\"}", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Maximum amount of virtual memory available in bytes", - "refId": "B", - "step": 240 - }, - { - "expr": "rate(process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Processes virtual memory size in bytes", - "refId": "C", - "step": 240 - }, - { - "expr": "rate(process_virtual_memory_max_bytes{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Maximum amount of virtual memory available in bytes", - "refId": "D", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Processes Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 313, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:709", - "alias": "PIDs limit", - "color": "#F2495C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_processes_pids{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Number of PIDs", - "refId": "A", - "step": 240 - }, - { - "expr": "node_processes_max_processes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "PIDs limit", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "PIDs Number and Limit", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6500", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6501", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 27 - }, - "hiddenSeries": false, - "id": 305, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:4963", - "alias": "/.*waiting.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_schedstat_running_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "CPU {{ cpu }} - seconds spent running a process", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_schedstat_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "CPU {{ cpu }} - seconds spent by processing waiting for this CPU", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Process schedule stats Running / Waiting", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:4860", - "format": "s", - "label": "seconds", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:4861", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 37 - }, - "hiddenSeries": false, - "id": 314, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:709", - "alias": "Threads limit", - "color": "#F2495C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_processes_threads{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Allocated threads", - "refId": "A", - "step": 240 - }, - { - "expr": "node_processes_max_threads{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Threads limit", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Threads Number and Limit", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6500", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6501", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "System Processes", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 25 - }, - "id": 269, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_context_switches_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Context switches", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_intr_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "Interrupts", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Context Switches / Interrupts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 8 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_load1{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 4, - "legendFormat": "Load 1m", - "refId": "A", - "step": 240 - }, - { - "expr": "node_load5{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 4, - "legendFormat": "Load 5m", - "refId": "B", - "step": 240 - }, - { - "expr": "node_load15{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 4, - "legendFormat": "Load 15m", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "System Load", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6261", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6262", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 18 - }, - "hiddenSeries": false, - "id": 259, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Critical*./", - "color": "#E24D42", - "fill": 0 - }, - { - "alias": "/.*Max*./", - "color": "#EF843C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_interrupts_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ type }} - {{ info }}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Interrupts Detail", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 18 - }, - "hiddenSeries": false, - "id": 306, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_schedstat_timeslices_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "CPU {{ cpu }}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Schedule timeslices executed by each cpu", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:4860", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:4861", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 28 - }, - "hiddenSeries": false, - "id": 151, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_entropy_available_bits{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Entropy available to random number generators", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Entropy", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6568", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6569", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 28 - }, - "hiddenSeries": false, - "id": 308, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Time spent", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU time spent in user and system contexts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:4860", - "format": "s", - "label": "seconds", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:4861", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 38 - }, - "hiddenSeries": false, - "id": 64, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:6323", - "alias": "/.*Max*./", - "color": "#890F02", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_max_fds{instance=\"$node\",job=\"$job\"}", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Maximum open file descriptors", - "refId": "A", - "step": 240 - }, - { - "expr": "process_open_fds{instance=\"$node\",job=\"$job\"}", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Open file descriptors", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File Descriptors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6338", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6339", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "System Misc", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 26 - }, - "id": 304, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 26 - }, - "hiddenSeries": false, - "id": 158, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:6726", - "alias": "/.*Critical*./", - "color": "#E24D42", - "fill": 0 - }, - { - "$$hashKey": "object:6727", - "alias": "/.*Max*./", - "color": "#EF843C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_hwmon_temp_celsius{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ chip }} {{ sensor }} temp", - "refId": "A", - "step": 240 - }, - { - "expr": "node_hwmon_temp_crit_alarm_celsius{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ chip }} {{ sensor }} Critical Alarm", - "refId": "B", - "step": 240 - }, - { - "expr": "node_hwmon_temp_crit_celsius{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ chip }} {{ sensor }} Critical", - "refId": "C", - "step": 240 - }, - { - "expr": "node_hwmon_temp_crit_hyst_celsius{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ chip }} {{ sensor }} Critical Historical", - "refId": "D", - "step": 240 - }, - { - "expr": "node_hwmon_temp_max_celsius{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ chip }} {{ sensor }} Max", - "refId": "E", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Hardware temperature monitor", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:6750", - "format": "celsius", - "label": "temperature", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:6751", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 26 - }, - "hiddenSeries": false, - "id": 300, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:1655", - "alias": "/.*Max*./", - "color": "#EF843C", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_cooling_device_cur_state{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "Current {{ name }} in {{ type }}", - "refId": "A", - "step": 240 - }, - { - "expr": "node_cooling_device_max_state{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Max {{ name }} in {{ type }}", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Throttle cooling device", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1678", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1679", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 36 - }, - "hiddenSeries": false, - "id": 302, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_power_supply_online{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ power_supply }} online", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Power supply", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1678", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1679", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Hardware Misc", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 296, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 10 - }, - "hiddenSeries": false, - "id": 297, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_systemd_socket_accepted_connections_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{ name }} Connections", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Systemd Sockets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 10 - }, - "hiddenSeries": false, - "id": 298, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Failed", - "color": "#F2495C" - }, - { - "alias": "Inactive", - "color": "#FF9830" - }, - { - "alias": "Active", - "color": "#73BF69" - }, - { - "alias": "Deactivating", - "color": "#FFCB7D" - }, - { - "alias": "Activating", - "color": "#C8F2C2" - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_systemd_units{instance=\"$node\",job=\"$job\",state=\"activating\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Activating", - "refId": "A", - "step": 240 - }, - { - "expr": "node_systemd_units{instance=\"$node\",job=\"$job\",state=\"active\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Active", - "refId": "B", - "step": 240 - }, - { - "expr": "node_systemd_units{instance=\"$node\",job=\"$job\",state=\"deactivating\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Deactivating", - "refId": "C", - "step": 240 - }, - { - "expr": "node_systemd_units{instance=\"$node\",job=\"$job\",state=\"failed\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Failed", - "refId": "D", - "step": 240 - }, - { - "expr": "node_systemd_units{instance=\"$node\",job=\"$job\",state=\"inactive\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Inactive", - "refId": "E", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Systemd Units State", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Systemd", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 28 - }, - "id": 270, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "The number (after merges) of I/O requests completed per second for the device", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 11 - }, - "hiddenSeries": false, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "$$hashKey": "object:2033", - "alias": "/.*Read.*/", - "transform": "negative-Y" - }, - { - "$$hashKey": "object:2034", - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "$$hashKey": "object:2035", - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "$$hashKey": "object:2036", - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "$$hashKey": "object:2037", - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "$$hashKey": "object:2038", - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "$$hashKey": "object:2039", - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "$$hashKey": "object:2040", - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "$$hashKey": "object:2041", - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "$$hashKey": "object:2042", - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "$$hashKey": "object:2043", - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "$$hashKey": "object:2044", - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "$$hashKey": "object:2045", - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "$$hashKey": "object:2046", - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "$$hashKey": "object:2047", - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "$$hashKey": "object:2048", - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "$$hashKey": "object:2049", - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "$$hashKey": "object:2050", - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "$$hashKey": "object:2051", - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "$$hashKey": "object:2052", - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "$$hashKey": "object:2053", - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "intervalFactor": 4, - "legendFormat": "{{device}} - Reads completed", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{device}} - Writes completed", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk IOps Completed", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2186", - "format": "iops", - "label": "IO read (-) / write (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:2187", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "The number of bytes read from or written to the device per second", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 11 - }, - "hiddenSeries": false, - "id": 33, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Read.*/", - "transform": "negative-Y" - }, - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 4, - "legendFormat": "{{device}} - Read bytes", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Written bytes", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk R/W Data", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:369", - "format": "Bps", - "label": "bytes read (-) / write (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:370", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "The average time for requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 3, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 21 - }, - "hiddenSeries": false, - "id": 37, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Read.*/", - "transform": "negative-Y" - }, - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) / rate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "hide": false, - "interval": "", - "intervalFactor": 4, - "legendFormat": "{{device}} - r_await", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_write_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) / rate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{device}} - w_await", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Average Wait Time", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:441", - "format": "s", - "label": "time. read (-) / write (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:442", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "The average queue length of the requests that were issued to the device", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 21 - }, - "hiddenSeries": false, - "id": 35, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_io_time_weighted_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "intervalFactor": 4, - "legendFormat": "{{device}}", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Average Queue Size", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:513", - "format": "none", - "label": "aqu-sz", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:514", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "The number of read and write requests merged per second that were queued to the device", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 31 - }, - "hiddenSeries": false, - "id": 133, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Read.*/", - "transform": "negative-Y" - }, - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_reads_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{device}} - Read merged", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_writes_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{device}} - Write merged", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk R/W Merged", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:585", - "format": "iops", - "label": "I/Os", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:586", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "Percentage of elapsed time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100% for devices serving requests serially. But for devices serving requests in parallel, such as RAID arrays and modern SSDs, this number does not reflect their performance limits.", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 3, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 31 - }, - "hiddenSeries": false, - "id": 36, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "intervalFactor": 4, - "legendFormat": "{{device}} - IO", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_discard_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "intervalFactor": 4, - "legendFormat": "{{device}} - discard", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Time Spent Doing I/Os", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:657", - "format": "percentunit", - "label": "%util", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:658", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "The number of outstanding requests at the instant the sample was taken. Incremented as requests are given to appropriate struct request_queue and decremented as they finish.", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 41 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_io_now{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "intervalFactor": 4, - "legendFormat": "{{device}} - IO now", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Instantaneous Queue Size", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:729", - "format": "iops", - "label": "I/Os", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:730", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 41 - }, - "hiddenSeries": false, - "id": 301, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null as zero", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:2034", - "alias": "/.*sda_.*/", - "color": "#7EB26D" - }, - { - "$$hashKey": "object:2035", - "alias": "/.*sdb_.*/", - "color": "#EAB839" - }, - { - "$$hashKey": "object:2036", - "alias": "/.*sdc_.*/", - "color": "#6ED0E0" - }, - { - "$$hashKey": "object:2037", - "alias": "/.*sdd_.*/", - "color": "#EF843C" - }, - { - "$$hashKey": "object:2038", - "alias": "/.*sde_.*/", - "color": "#E24D42" - }, - { - "$$hashKey": "object:2039", - "alias": "/.*sda1.*/", - "color": "#584477" - }, - { - "$$hashKey": "object:2040", - "alias": "/.*sda2_.*/", - "color": "#BA43A9" - }, - { - "$$hashKey": "object:2041", - "alias": "/.*sda3_.*/", - "color": "#F4D598" - }, - { - "$$hashKey": "object:2042", - "alias": "/.*sdb1.*/", - "color": "#0A50A1" - }, - { - "$$hashKey": "object:2043", - "alias": "/.*sdb2.*/", - "color": "#BF1B00" - }, - { - "$$hashKey": "object:2044", - "alias": "/.*sdb3.*/", - "color": "#E0752D" - }, - { - "$$hashKey": "object:2045", - "alias": "/.*sdc1.*/", - "color": "#962D82" - }, - { - "$$hashKey": "object:2046", - "alias": "/.*sdc2.*/", - "color": "#614D93" - }, - { - "$$hashKey": "object:2047", - "alias": "/.*sdc3.*/", - "color": "#9AC48A" - }, - { - "$$hashKey": "object:2048", - "alias": "/.*sdd1.*/", - "color": "#65C5DB" - }, - { - "$$hashKey": "object:2049", - "alias": "/.*sdd2.*/", - "color": "#F9934E" - }, - { - "$$hashKey": "object:2050", - "alias": "/.*sdd3.*/", - "color": "#EA6460" - }, - { - "$$hashKey": "object:2051", - "alias": "/.*sde1.*/", - "color": "#E0F9D7" - }, - { - "$$hashKey": "object:2052", - "alias": "/.*sdd2.*/", - "color": "#FCEACA" - }, - { - "$$hashKey": "object:2053", - "alias": "/.*sde3.*/", - "color": "#F9E2D2" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_discards_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "intervalFactor": 4, - "legendFormat": "{{device}} - Discards completed", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_disk_discards_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{device}} - Discards merged", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk IOps Discards completed / merged", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2186", - "format": "iops", - "label": "IOs", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:2187", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Storage Disk", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 29 - }, - "id": 271, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": 3, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 12 - }, - "hiddenSeries": false, - "id": 43, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - Available", - "metric": "", - "refId": "A", - "step": 240 - }, - { - "expr": "node_filesystem_free_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - Free", - "refId": "B", - "step": 240 - }, - { - "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "hide": true, - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - Size", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filesystem space available", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:3826", - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:3827", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 12 - }, - "hiddenSeries": false, - "id": 41, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_filesystem_files_free{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - Free file nodes", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File Nodes Free", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:3894", - "format": "short", - "label": "file nodes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:3895", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 22 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_filefd_maximum{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 4, - "legendFormat": "Max open files", - "refId": "A", - "step": 240 - }, - { - "expr": "node_filefd_allocated{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open files", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File Descriptor", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "files", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 22 - }, - "hiddenSeries": false, - "id": 219, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_filesystem_files{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - File nodes total", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "File Nodes Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "file Nodes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "/ ReadOnly": "#890F02" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": null, - "description": "", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 32 - }, - "hiddenSeries": false, - "id": 44, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 6, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.7", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_filesystem_readonly{instance=\"$node\",job=\"$job\",device!~'rootfs'}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - ReadOnly", - "refId": "A", - "step": 240 - }, - { - "expr": "node_filesystem_device_error{instance=\"$node\",job=\"$job\",device!~'rootfs',fstype!~'tmpfs'}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{mountpoint}} - Device error", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Filesystem in ReadOnly / Error", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:3670", - "format": "short", - "label": "counter", - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "$$hashKey": "object:3671", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Storage Filesystem", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 30 - }, - "id": 272, - "panels": [ - { - "aliasColors": { - "receive_packets_eth0": "#7EB26D", - "receive_packets_lo": "#E24D42", - "transmit_packets_eth0": "#7EB26D", - "transmit_packets_lo": "#E24D42" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 30 - }, - "hiddenSeries": false, - "id": 60, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_packets_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_packets_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{device}} - Transmit", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic by Packets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 30 - }, - "hiddenSeries": false, - "id": 142, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_errs_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive errors", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_errs_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Rransmit errors", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 143, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_drop_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive drop", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_drop_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Transmit drop", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Drop", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 40 - }, - "hiddenSeries": false, - "id": 141, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_compressed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive compressed", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_compressed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Transmit compressed", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Compressed", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 50 - }, - "hiddenSeries": false, - "id": 146, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_multicast_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive multicast", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Multicast", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 50 - }, - "hiddenSeries": false, - "id": 144, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_fifo_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive fifo", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_network_transmit_fifo_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Transmit fifo", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Fifo", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 60 - }, - "hiddenSeries": false, - "id": 145, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:576", - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_frame_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{device}} - Receive frame", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Frame", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:589", - "format": "pps", - "label": "packets out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:590", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 60 - }, - "hiddenSeries": false, - "id": 231, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_transmit_carrier_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Statistic transmit_carrier", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Carrier", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 70 - }, - "hiddenSeries": false, - "id": 232, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Trans.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_transmit_colls_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{device}} - Transmit colls", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic Colls", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 70 - }, - "hiddenSeries": false, - "id": 61, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:663", - "alias": "NF conntrack limit", - "color": "#890F02", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_nf_conntrack_entries{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "NF conntrack entries", - "refId": "A", - "step": 240 - }, - { - "expr": "node_nf_conntrack_entries_limit{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "NF conntrack limit", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "NF Contrack", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:678", - "format": "short", - "label": "entries", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:679", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 80 - }, - "hiddenSeries": false, - "id": 230, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_arp_entries{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ device }} - ARP entries", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ARP Entries", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "Entries", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 80 - }, - "hiddenSeries": false, - "id": 288, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 1, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_network_mtu_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ device }} - Bytes", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "MTU", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 90 - }, - "hiddenSeries": false, - "id": 280, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 1, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_network_speed_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ device }} - Speed", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Speed", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 90 - }, - "hiddenSeries": false, - "id": 289, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 1, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_network_transmit_queue_length{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{ device }} - Interface transmit queue length", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Queue Length", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": "packets", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 100 - }, - "hiddenSeries": false, - "id": 290, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:232", - "alias": "/.*Dropped.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_softnet_processed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "CPU {{cpu}} - Processed", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_softnet_dropped_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "CPU {{cpu}} - Dropped", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Softnet Packets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:207", - "format": "short", - "label": "packetes drop (-) / process (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:208", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 100 - }, - "hiddenSeries": false, - "id": 310, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_softnet_times_squeezed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "CPU {{cpu}} - Squeezed", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Softnet Out of Quota", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:207", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:208", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 110 - }, - "hiddenSeries": false, - "id": 309, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_network_up{operstate=\"up\",instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{interface}} - Operational state UP", - "refId": "A", - "step": 240 - }, - { - "expr": "node_network_carrier{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "instant": false, - "legendFormat": "{{device}} - Physical link state", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Operational Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Network Traffic", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 273, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 13 - }, - "hiddenSeries": false, - "id": 63, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_sockstat_TCP_alloc{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "TCP_alloc - Allocated sockets", - "refId": "A", - "step": 240 - }, - { - "expr": "node_sockstat_TCP_inuse{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "TCP_inuse - Tcp sockets currently in use", - "refId": "B", - "step": 240 - }, - { - "expr": "node_sockstat_TCP_mem{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 2, - "legendFormat": "TCP_mem - Used memory for tcp", - "refId": "C", - "step": 240 - }, - { - "expr": "node_sockstat_TCP_orphan{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "TCP_orphan - Orphan sockets", - "refId": "D", - "step": 240 - }, - { - "expr": "node_sockstat_TCP_tw{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "TCP_tw - Sockets wating close", - "refId": "E", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sockstat TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 13 - }, - "hiddenSeries": false, - "id": 124, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_sockstat_UDPLITE_inuse{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "UDPLITE_inuse - Udplite sockets currently in use", - "refId": "A", - "step": 240 - }, - { - "expr": "node_sockstat_UDP_inuse{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "UDP_inuse - Udp sockets currently in use", - "refId": "B", - "step": 240 - }, - { - "expr": "node_sockstat_UDP_mem{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "UDP_mem - Used memory for udp", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sockstat UDP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 23 - }, - "hiddenSeries": false, - "id": 126, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_sockstat_sockets_used{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Sockets_used - Sockets currently in use", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sockstat Used", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "sockets", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 23 - }, - "hiddenSeries": false, - "id": 220, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_sockstat_TCP_mem_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "mem_bytes - TCP sockets in that state", - "refId": "A", - "step": 240 - }, - { - "expr": "node_sockstat_UDP_mem_bytes{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "mem_bytes - UDP sockets in that state", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sockstat Memory Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": "bytes", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 33 - }, - "hiddenSeries": false, - "id": 125, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_sockstat_FRAG_inuse{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "FRAG_inuse - Frag sockets currently in use", - "refId": "A", - "step": 240 - }, - { - "expr": "node_sockstat_FRAG_memory{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "FRAG_memory - Used memory for frag", - "refId": "B", - "step": 240 - }, - { - "expr": "node_sockstat_RAW_inuse{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "RAW_inuse - Raw sockets currently in use", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sockstat FRAG / RAW", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1572", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1573", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Network Sockstat", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 32 - }, - "id": 274, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 32 - }, - "height": "", - "hiddenSeries": false, - "id": 221, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:1876", - "alias": "/.*Out.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_IpExt_InOctets{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "InOctets - Received octets", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_IpExt_OutOctets{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "OutOctets - Sent octets", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Netstat IP In / Out Octets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1889", - "format": "short", - "label": "octects out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1890", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 32 - }, - "height": "", - "hiddenSeries": false, - "id": 81, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Ip_Forwarding{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "Forwarding - IP forwarding", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Netstat IP Forwarding", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1957", - "format": "short", - "label": "datagrams", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:1958", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": null, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 42 - }, - "height": "", - "hiddenSeries": false, - "id": 115, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Out.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Icmp_InMsgs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "InMsgs - Messages which the entity received. Note that this counter includes all those counted by icmpInErrors", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_Icmp_OutMsgs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "OutMsgs - Messages which this entity attempted to send. Note that this counter includes all those counted by icmpOutErrors", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ICMP In / Out", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "messages out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": null, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 42 - }, - "height": "", - "hiddenSeries": false, - "id": 50, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Out.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Icmp_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "InErrors - Messages which the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.)", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ICMP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "messages out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": null, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 52 - }, - "height": "", - "hiddenSeries": false, - "id": 55, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Out.*/", - "transform": "negative-Y" - }, - { - "alias": "/.*Snd.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Udp_InDatagrams{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "InDatagrams - Datagrams received", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_Udp_OutDatagrams{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "OutDatagrams - Datagrams sent", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "UDP In / Out", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "datagrams out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 52 - }, - "height": "", - "hiddenSeries": false, - "id": 109, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Udp_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "InErrors - UDP Datagrams that could not be delivered to an application", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_Udp_NoPorts{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "NoPorts - UDP Datagrams received on a port with no listener", - "refId": "B", - "step": 240 - }, - { - "expr": "rate(node_netstat_UdpLite_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "legendFormat": "InErrors Lite - UDPLite Datagrams that could not be delivered to an application", - "refId": "C" - }, - { - "expr": "rate(node_netstat_Udp_RcvbufErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "RcvbufErrors - UDP buffer errors received", - "refId": "D", - "step": 240 - }, - { - "expr": "rate(node_netstat_Udp_SndbufErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "SndbufErrors - UDP buffer errors send", - "refId": "E", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "UDP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:4232", - "format": "short", - "label": "datagrams", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:4233", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "decimals": null, - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 62 - }, - "height": "", - "hiddenSeries": false, - "id": 299, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Out.*/", - "transform": "negative-Y" - }, - { - "alias": "/.*Snd.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Tcp_InSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "InSegs - Segments received, including those received in error. This count includes segments received on currently established connections", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_Tcp_OutSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "OutSegs - Segments sent, including those on current connections but excluding those containing only retransmitted octets", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP In / Out", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "datagrams out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 62 - }, - "height": "", - "hiddenSeries": false, - "id": 104, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_TcpExt_ListenOverflows{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "ListenOverflows - Times the listen queue of a socket overflowed", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_TcpExt_ListenDrops{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "ListenDrops - SYNs to LISTEN sockets ignored", - "refId": "B", - "step": 240 - }, - { - "expr": "rate(node_netstat_TcpExt_TCPSynRetrans{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "TCPSynRetrans - SYN-SYN/ACK retransmits to break down retransmissions in SYN, fast/timeout retransmits", - "refId": "C", - "step": 240 - }, - { - "expr": "rate(node_netstat_Tcp_RetransSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "legendFormat": "RetransSegs - Segments retransmitted - that is, the number of TCP segments transmitted containing one or more previously transmitted octets", - "refId": "D" - }, - { - "expr": "rate(node_netstat_Tcp_InErrs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "interval": "", - "legendFormat": "InErrs - Segments received in error (e.g., bad TCP checksums)", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 72 - }, - "height": "", - "hiddenSeries": false, - "id": 85, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:454", - "alias": "/.*MaxConn *./", - "color": "#890F02", - "fill": 0 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_netstat_Tcp_CurrEstab{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "CurrEstab - TCP connections for which the current state is either ESTABLISHED or CLOSE- WAIT", - "refId": "A", - "step": 240 - }, - { - "expr": "node_netstat_Tcp_MaxConn{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "MaxConn - Limit on the total number of TCP connections the entity can support (Dinamic is \"-1\")", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:469", - "format": "short", - "label": "connections", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "$$hashKey": "object:470", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 72 - }, - "height": "", - "hiddenSeries": false, - "id": 91, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/.*Sent.*/", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_TcpExt_SyncookiesFailed{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "SyncookiesFailed - Invalid SYN cookies received", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_TcpExt_SyncookiesRecv{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "SyncookiesRecv - SYN cookies received", - "refId": "B", - "step": 240 - }, - { - "expr": "rate(node_netstat_TcpExt_SyncookiesSent{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "SyncookiesSent - SYN cookies sent", - "refId": "C", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP SynCookie", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "counter out (-) / in (+)", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 82 - }, - "height": "", - "hiddenSeries": false, - "id": 82, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "maxPerRow": 12, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_netstat_Tcp_ActiveOpens{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "ActiveOpens - TCP connections that have made a direct transition to the SYN-SENT state from the CLOSED state", - "refId": "A", - "step": 240 - }, - { - "expr": "rate(node_netstat_Tcp_PassiveOpens{instance=\"$node\",job=\"$job\"}[$__rate_interval])", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "PassiveOpens - TCP connections that have made a direct transition to the SYN-RCVD state from the LISTEN state", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "TCP Direct Transition", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "connections", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Network Netstat", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 33 - }, - "id": 279, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 54 - }, - "hiddenSeries": false, - "id": 40, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_scrape_collector_duration_seconds{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{collector}} - Scrape duration", - "refId": "A", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Node Exporter Scrape Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "seconds", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 54 - }, - "hiddenSeries": false, - "id": 157, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "$$hashKey": "object:1969", - "alias": "/.*error.*/", - "color": "#F2495C", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "node_scrape_collector_success{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{collector}} - Scrape success", - "refId": "A", - "step": 240 - }, - { - "expr": "node_textfile_scrape_error{instance=\"$node\",job=\"$job\"}", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{collector}} - Scrape textfile error (1 = true)", - "refId": "B", - "step": 240 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Node Exporter Scrape", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1484", - "format": "short", - "label": "counter", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1485", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "repeat": null, - "title": "Node Exporter", - "type": "row" - } - ], - "refresh": "1m", - "schemaVersion": 26, - "style": "dark", - "tags": [ - "linux" - ], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "default", - "value": "default" - }, - "error": null, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": null, - "current": {}, - "datasource": "${DS_PROMETHEUS}", - "definition": "", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Job", - "multi": false, - "name": "job", - "options": [], - "query": "label_values(node_uname_info, job)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "${DS_PROMETHEUS}", - "definition": "label_values(node_uname_info{job=\"$job\"}, instance)", - "error": null, - "hide": 0, - "includeAll": false, - "label": "Host:", - "multi": false, - "name": "node", - "options": [], - "query": "label_values(node_uname_info{job=\"$job\"}, instance)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": false, - "text": "[a-z]+|nvme[0-9]+n[0-9]+", - "value": "[a-z]+|nvme[0-9]+n[0-9]+" - }, - "error": null, - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "diskdevices", - "options": [ - { - "selected": true, - "text": "[a-z]+|nvme[0-9]+n[0-9]+", - "value": "[a-z]+|nvme[0-9]+n[0-9]+" - } - ], - "query": "[a-z]+|nvme[0-9]+n[0-9]+", - "skipUrlSync": false, - "type": "custom" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Node Exporter Full", - "uid": "rYdddlPWk", - "version": 56 -} diff --git a/services/monitoring.nix b/services/monitoring.nix index 790f2f1..fe66988 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -37,8 +37,13 @@ in { dashboards = [ { - name = "Dashboards"; - options.path = ./grafana-dashboards; + name = "Node Exporter"; + options.path = pkgs.packages.grafana-dashboards.node-exporter; + disableDeletion = true; + } + { + name = "NGINX"; + options.path = pkgs.packages.grafana-dashboards.nginx; disableDeletion = true; } ]; From 6cf2b5893e53b984b707e84e8f027ec0de5d7148 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 17:34:45 +0200 Subject: [PATCH 036/904] pkgs: remove unused kaleidoscope file --- .../60-kaleidoscope.rules | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 pkgs/kaleidoscope-udev-rules/60-kaleidoscope.rules diff --git a/pkgs/kaleidoscope-udev-rules/60-kaleidoscope.rules b/pkgs/kaleidoscope-udev-rules/60-kaleidoscope.rules deleted file mode 100644 index 6462d5a..0000000 --- a/pkgs/kaleidoscope-udev-rules/60-kaleidoscope.rules +++ /dev/null @@ -1,16 +0,0 @@ -## This file sets up a few things for selected Kaleidoscope-powered keyboards: -## - We first symlink the device to a more friendly name, based on the product -## name. -## - We then ask ModemManager to ignore the serial ports on the device, and not -## consider them a candidate. -## - We also tell systemd to grant access to the device (via ACLs) to the user -## at-seat. -## -## For more information about the access part, see the following resources: -## - https://github.com/systemd/systemd/issues/4288 -## - https://www.freedesktop.org/software/systemd/man/sd-login.html - -SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2300", SYMLINK+="model01", ENV{ID_MM_DEVICE_IGNORE}:="1", ENV{ID_MM_CANDIDATE}:="0", TAG+="uaccess", TAG+="seat" -SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2301", SYMLINK+="model01", ENV{ID_MM_DEVICE_IGNORE}:="1", ENV{ID_MM_CANDIDATE}:="0", TAG+="uaccess", TAG+="seat" -SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2302", SYMLINK+="Atreus2", ENV{ID_MM_DEVICE_IGNORE}:="1", ENV{ID_MM_CANDIDATE}:="0", TAG+="uaccess", TAG+="seat" -SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2303", SYMLINK+="Atreus2", ENV{ID_MM_DEVICE_IGNORE}:="1", ENV{ID_MM_CANDIDATE}:="0", TAG+="uaccess", TAG+="seat" From 2e15fbecb91644b040ef986ed531b175cf62e03a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 18:06:22 +0200 Subject: [PATCH 037/904] ci: add NUR update workflow --- .github/workflows/nur-update.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/nur-update.yaml diff --git a/.github/workflows/nur-update.yaml b/.github/workflows/nur-update.yaml new file mode 100644 index 0000000..1e34c87 --- /dev/null +++ b/.github/workflows/nur-update.yaml @@ -0,0 +1,13 @@ +on: + push: + paths: + - 'pkgs/**' + +jobs: + update-nur: + name: "Update NUR repo" + runs-on: ubuntu-latest + steps: + - name: curl nur endpoint + run: | + curl -XPOST https://nur-update.herokuapp.com/update?repo=alarsyo From ff33a50911adb1f1ac327c73ac7561e39c44df61 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 18:08:26 +0200 Subject: [PATCH 038/904] pkgs: sddm-sugar-candy: space out file --- pkgs/sddm-sugar-candy/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/sddm-sugar-candy/default.nix b/pkgs/sddm-sugar-candy/default.nix index e42d3c2..f90b6b8 100644 --- a/pkgs/sddm-sugar-candy/default.nix +++ b/pkgs/sddm-sugar-candy/default.nix @@ -3,12 +3,15 @@ stdenv.mkDerivation rec { pname = "sddm-sugar-candy"; # latest master commit, no recent tags :( version = "2b72ef6c6f720fe0ffde5ea5c7c48152e02f6c4f"; + dontBuild = true; installPhase = '' mkdir -p $out/share/sddm/themes cp -aR . $out/share/sddm/themes/sugar-candy ''; + patches = [ ./custom-conf.patch ]; + src = fetchFromGitLab { domain = "framagit.org"; owner = "MarianArlt"; From 7d8b8c4cae9088359b42a209351004f3b59d8521 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 18:15:25 +0200 Subject: [PATCH 039/904] ci: only trigger on main --- .github/workflows/nur-update.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/nur-update.yaml b/.github/workflows/nur-update.yaml index 1e34c87..bcf60ab 100644 --- a/.github/workflows/nur-update.yaml +++ b/.github/workflows/nur-update.yaml @@ -1,5 +1,7 @@ on: push: + branches: + - 'main' paths: - 'pkgs/**' From 39477a85e7e56dcc711a56617b8fdf00bed52a1a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 22:20:21 +0200 Subject: [PATCH 040/904] services: paperless: backups --- services/paperless.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/paperless.nix b/services/paperless.nix index 0183c15..2cb10cc 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -53,5 +53,9 @@ in }; }; }; + + my.services.borg-backup = mkIf cfg.enable { + paths = [ "/var/lib/docker/volumes/paperless_*" ]; + }; }; } From 880d44e5705533630da9266b0b574ab45762b7bb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 23:12:34 +0200 Subject: [PATCH 041/904] poseidon: add procps to tailscale path --- hosts/poseidon/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 40d6562..e650206 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -32,6 +32,9 @@ in enable = true; package = pkgs.unstable.tailscale; }; + systemd.services.tailscaled = { + path = [ pkgs.procps ]; + }; virtualisation.docker = { enable = true; From bd02870e9f1df02322d70d94bd214e4f4b65d3e9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 23:18:40 +0200 Subject: [PATCH 042/904] poseidon: enable ip forwarding in sysctl --- hosts/poseidon/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index e650206..20b325c 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -21,6 +21,11 @@ in boot.supportedFilesystems = [ "btrfs" ]; + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv4.ip_forward" = true; + }; + services.btrfs = { autoScrub = { enable = true; From 3862992b76b9672d5ec26172c374b31ebc8f3689 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 23:36:13 +0200 Subject: [PATCH 043/904] poseidon: trust tailscale0 interface in firewall --- hosts/poseidon/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 20b325c..298f35d 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -40,6 +40,10 @@ in systemd.services.tailscaled = { path = [ pkgs.procps ]; }; + networking.firewall = { + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; virtualisation.docker = { enable = true; From 1d8750efede661167234a536dea60b44e8e811d7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 23:48:41 +0200 Subject: [PATCH 044/904] services: tailscale: move to service --- hosts/boreal/default.nix | 7 ++----- hosts/poseidon/default.nix | 19 ++----------------- services/default.nix | 1 + services/tailscale.nix | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 services/tailscale.nix diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 3ccfe73..1640821 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -32,11 +32,6 @@ in }; }; - services.tailscale = { - enable = true; - package = pkgs.unstable.tailscale; - }; - networking.hostName = "boreal"; # Define your hostname. networking.domain = "alarsyo.net"; @@ -87,6 +82,8 @@ in pipewire.enable = true; + tailscale.enable = true; + wireguard = { enable = false; iface = "wg"; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 298f35d..c5d6b97 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -21,11 +21,6 @@ in boot.supportedFilesystems = [ "btrfs" ]; - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = true; - "net.ipv4.ip_forward" = true; - }; - services.btrfs = { autoScrub = { enable = true; @@ -33,18 +28,6 @@ in }; }; - services.tailscale = { - enable = true; - package = pkgs.unstable.tailscale; - }; - systemd.services.tailscaled = { - path = [ pkgs.procps ]; - }; - networking.firewall = { - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; - }; - virtualisation.docker = { enable = true; }; @@ -140,6 +123,8 @@ in enable = true; }; + tailscale.enable = true; + tgv = { enable = true; }; diff --git a/services/default.nix b/services/default.nix index 1761fc1..c108814 100644 --- a/services/default.nix +++ b/services/default.nix @@ -19,6 +19,7 @@ ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix + ./tailscale.nix ./tgv.nix ./transmission.nix ./wireguard.nix diff --git a/services/tailscale.nix b/services/tailscale.nix new file mode 100644 index 0000000..75fef50 --- /dev/null +++ b/services/tailscale.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.tailscale; +in +{ + options.my.services.tailscale = { + enable = lib.mkEnableOption "Tailscale"; + }; + + config = mkIf cfg.enable { + services.tailscale = { + enable = true; + package = pkgs.unstable.tailscale; + }; + + # FIXME: remove when upgrading to 21.11, added to module by default + systemd.services.tailscaled = { + path = [ pkgs.procps ]; + }; + + networking.firewall = { + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + + # enable IP forwarding to use as exit node + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv4.ip_forward" = true; + }; + }; +} From c16d8513d226a386624988a063f62e0bfa170b0b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Jul 2021 23:51:17 +0200 Subject: [PATCH 045/904] services: wireguard: removed unused module replaced by tailscale --- .gitattributes | 1 - README.org | 2 - hosts/boreal/default.nix | 17 ------ hosts/poseidon/default.nix | 17 ------ secrets/default.nix | 2 - secrets/wireguard.nix | Bin 804 -> 0 bytes services/default.nix | 1 - services/wireguard.nix | 122 ------------------------------------- 8 files changed, 162 deletions(-) delete mode 100644 secrets/wireguard.nix delete mode 100644 services/wireguard.nix diff --git a/.gitattributes b/.gitattributes index fdfc04b..dca0b4c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1,3 @@ secrets/**/*.secret filter=git-crypt diff=git-crypt secrets/matrix-email-config.nix filter=git-crypt diff=git-crypt -secrets/wireguard.nix filter=git-crypt diff=git-crypt home/secrets/*.secret filter=git-crypt diff=git-crypt diff --git a/README.org b/README.org index 16dad36..dc9d8ff 100644 --- a/README.org +++ b/README.org @@ -42,5 +42,3 @@ RSS reader Grafana and Prometheus are currently used as a glorified =htop=. ** Nextcloud - -** Wireguard VPN diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 1640821..2cb59ee 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -83,23 +83,6 @@ in pipewire.enable = true; tailscale.enable = true; - - wireguard = { - enable = false; - iface = "wg"; - port = 51820; - - net = { - v4 = { - subnet = "10.0.0"; - mask = 24; - }; - v6 = { - subnet = "fd42:42:42"; - mask = 64; - }; - }; - }; }; services = { diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index c5d6b97..b81dbf3 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -134,23 +134,6 @@ in username = "alarsyo"; password = secrets.transmission-password; }; - - wireguard = { - enable = true; - iface = "wg"; - port = 51820; - - net = { - v4 = { - subnet = "10.0.0"; - mask = 24; - }; - v6 = { - subnet = "fd42:42:42"; - mask = 64; - }; - }; - }; }; # Enable the OpenSSH daemon. diff --git a/secrets/default.nix b/secrets/default.nix index 9df6f72..547eb06 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -18,8 +18,6 @@ with lib; borg-backup = import ./borg-backup { inherit lib; }; - wireguard = pkgs.callPackage ./wireguard.nix { }; - matrixEmailConfig = import ./matrix-email-config.nix; }; } diff --git a/secrets/wireguard.nix b/secrets/wireguard.nix deleted file mode 100644 index 3a19c0574538b092f51f8d4a56fd1e7ca937d541..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 804 zcmZQ@_Y83kiVO&0$a~K6WSMJY+TMVV;&CBo&pppEYuqx~{q@QMnTb_>ItO-$JTK)t zu-xb9<%7pQKjD;nelnNCEnZwZ@=n`EDF-jTsn@O+FH|+Y^x>bvjZoH$xn-%F{>pyb zoc*NOIdi7tENRcTy%`Q?MEd_uHdUH-?Q2cjHh&G*MF&{Uopk3}P;6MD zP3wkzi%QP0<{!G35TYkKW#`(shXqsX9xhIo<62PoqxR*(9|;Su7%g0Sw6i&7(N6AP zsZX_={?=cL{HQro_TR**rLjL;{yLWTI=p7QZnS&dW~1WGJJUSlr%o`r+hN`LQ7K}< zKiR?>@y^T?5B8Z??YSegCA3%S3VsYJ*_CTzvGIRSq}ke)A64p#RgMNeOcqo4`+Cv- zdqojJ$CaAg*czlB<;VQn7I}OvXFz%%>#M3&YXs#y*SOfdcfEP=`WidVZf9YCL8FH< zo@_aX73I<%>`JPT`^dD<_gDU>M^PJJzWI3Y@0C~gro}QZ|rjYwDIYrf0K5Ll=a1Zm%5aDr*Frjx|s*8+NADt_eDAD zW;>XjV`yF=ZuY5N2>{w)j~xI2 diff --git a/services/default.nix b/services/default.nix index c108814..79b72f4 100644 --- a/services/default.nix +++ b/services/default.nix @@ -22,6 +22,5 @@ ./tailscale.nix ./tgv.nix ./transmission.nix - ./wireguard.nix ]; } diff --git a/services/wireguard.nix b/services/wireguard.nix deleted file mode 100644 index 9d13b55..0000000 --- a/services/wireguard.nix +++ /dev/null @@ -1,122 +0,0 @@ -# Stolen from: -# -# https://gitea.belanyi.fr/ambroisie/nix-config/src/branch/main/services/wireguard.nix - -{ config, lib, pkgs, ... }: -let - cfg = config.my.services.wireguard; - hostName = config.networking.hostName; - - peers = config.my.secrets.wireguard.peers; - thisPeer = peers."${hostName}"; - otherPeers = lib.filterAttrs (name: _: name != hostName) peers; - - extIface = config.my.networking.externalInterface; -in -{ - options.my.services.wireguard = with lib; { - enable = mkEnableOption "Wireguard VPN service"; - - iface = mkOption { - type = types.str; - default = "wg"; - example = "wg0"; - description = "Name of the interface to configure"; - }; - - port = mkOption { - type = types.port; - default = 51820; - example = 55555; - description = "Port to configure for Wireguard"; - }; - - net = { - v4 = { - subnet = mkOption { - type = types.str; - default = "10.0.0"; - example = "10.100.0"; - description = "Which prefix to use for internal IPs"; - }; - mask = mkOption { - type = types.int; - default = 24; - example = 28; - description = "The CIDR mask to use on internal IPs"; - }; - }; - v6 = { - subnet = mkOption { - type = types.str; - default = "fd42:42:42"; - example = "fdc9:281f:04d7:9ee9"; - description = "Which prefix to use for internal IPs"; - }; - mask = mkOption { - type = types.int; - default = 64; - example = 68; - description = "The CIDR mask to use on internal IPs"; - }; - }; - }; - }; - - config.networking = lib.mkIf cfg.enable { - wg-quick.interfaces."${cfg.iface}" = { - listenPort = cfg.port; - address = with cfg.net; with lib; [ - "${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask}" - "${v6.subnet}::${toString thisPeer.clientNum}/${toHexString v6.mask}" - ]; - privateKey = thisPeer.privateKey; - - peers = lib.mapAttrsToList - (name: peer: { - inherit (peer) publicKey; - } // lib.optionalAttrs (thisPeer ? externalIp) { - # Only forward from server to clients - allowedIPs = with cfg.net; [ - "${v4.subnet}.${toString peer.clientNum}/32" - "${v6.subnet}::${toString peer.clientNum}/128" - ]; - } // lib.optionalAttrs (peer ? externalIp) { - # Known addresses - endpoint = "${peer.externalIp}:${toString cfg.port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - # Forward all traffic to server - allowedIPs = with cfg.net; [ - "0.0.0.0/0" - "::/0" - ]; - # Roaming clients need to keep NAT-ing active - persistentKeepalive = 10; - }) - otherPeers; - } // lib.optionalAttrs (thisPeer ? externalIp) { - # Setup forwarding on server - postUp = with cfg.net; '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i ${cfg.iface} -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o ${extIface} -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -A FORWARD -i ${cfg.iface} -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o ${extIface} -j MASQUERADE - ''; - preDown = with cfg.net; '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i ${cfg.iface} -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o ${extIface} -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -D FORWARD -i ${cfg.iface} -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o ${extIface} -j MASQUERADE - ''; - - }; - - nat = lib.optionalAttrs (thisPeer ? externalIp) { - enable = true; - externalInterface = extIface; - internalInterfaces = [ cfg.iface ]; - }; - - firewall.allowedUDPPorts = lib.optional (thisPeer ? externalIp) cfg.port; - }; -} From 829632e36031d3ebfe477731c76b082b25080df1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 00:08:40 +0200 Subject: [PATCH 046/904] services: tailscale: make exit node optional --- hosts/poseidon/default.nix | 5 ++++- services/tailscale.nix | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index b81dbf3..c96fc35 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -123,7 +123,10 @@ in enable = true; }; - tailscale.enable = true; + tailscale = { + enable = true; + exitNode = true; + }; tgv = { enable = true; diff --git a/services/tailscale.nix b/services/tailscale.nix index 75fef50..cb239df 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -8,6 +8,9 @@ in { options.my.services.tailscale = { enable = lib.mkEnableOption "Tailscale"; + + # NOTE: still have to do `tailscale up --advertise-exit-node` + exitNode = lib.mkEnableOption "Use as exit node"; }; config = mkIf cfg.enable { @@ -27,7 +30,7 @@ in }; # enable IP forwarding to use as exit node - boot.kernel.sysctl = { + boot.kernel.sysctl = mkIf cfg.exitNode { "net.ipv6.conf.all.forwarding" = true; "net.ipv4.ip_forward" = true; }; From 29a98d0c0da0705217d3f11271e91140bda93e76 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 01:05:21 +0200 Subject: [PATCH 047/904] flake: use fast python for synapse in poseidon overlay --- flake.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/flake.nix b/flake.nix index 7bbe528..7163fc2 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,17 @@ inherit system; config.allowUnfree = true; }; + + fastPython3 = self.python3.override { + enableOptimizations = true; + reproducibleBuild = false; + self = self.fastPython3; + pythonAttr = "fastPython3"; + }; + + matrix-synapse = super.matrix-synapse.override { + python3 = self.fastPython3; + }; }) ]; } From 27ae0552eb60a9d294cf7d397f2d48fda6b9b3a5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 03:00:36 +0200 Subject: [PATCH 048/904] services: paperless: fix backup paths --- services/paperless.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/paperless.nix b/services/paperless.nix index 2cb10cc..2c09338 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -55,7 +55,11 @@ in }; my.services.borg-backup = mkIf cfg.enable { - paths = [ "/var/lib/docker/volumes/paperless_*" ]; + paths = [ + "/var/lib/docker/volumes/paperless_data" + "/var/lib/docker/volumes/paperless_media" + "/var/lib/docker/volumes/paperless_pgdata" + ]; }; }; } From b4b30cba64287a02ae4e33840990548fd1056804 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 17:08:19 +0200 Subject: [PATCH 049/904] pkgs: package spot and install on boreal --- hosts/boreal/home.nix | 2 ++ pkgs/default.nix | 1 + pkgs/spot/default.nix | 20 ++++++++++++++++++++ 3 files changed, 23 insertions(+) create mode 100644 pkgs/spot/default.nix diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 64551e4..b231089 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -23,6 +23,8 @@ unstable.beancount unstable.fava + + packages.spot ]; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 4070359..2dcc61d 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -3,4 +3,5 @@ sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; grafana-dashboards = pkgs.callPackage ./grafana-dashboards {}; + spot = pkgs.callPackage ./spot {}; } diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix new file mode 100644 index 0000000..1296be1 --- /dev/null +++ b/pkgs/spot/default.nix @@ -0,0 +1,20 @@ +{ lib, stdenv +, fetchurl +, python3 +}: +let + version = "2.9.7"; +in +stdenv.mkDerivation { + inherit version; + pname = "spot"; + + buildInputs = [ + python3 + ]; + + src = fetchurl { + url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; + sha256 = "sha256-Hupn40Rs27u3Be5uJv2GkCDNt9gsVj/q2ctDlLm6oEw="; + }; +} From c5185394cc744e7e0ce42a03d476de1a0bbcf3b2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 17:41:52 +0200 Subject: [PATCH 050/904] boreal: install chrysalis in home --- hosts/boreal/default.nix | 4 ---- hosts/boreal/home.nix | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 2cb59ee..c59aceb 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -103,10 +103,6 @@ in }; my.displayManager.sddm.enable = true; - environment.systemPackages = with pkgs; [ - chrysalis - ]; - services.udev.packages = with pkgs; [ packages.kaleidoscope-udev-rules ]; diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index b231089..f1e3ec8 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -24,6 +24,9 @@ unstable.beancount unstable.fava + # keyboard goodness + chrysalis + packages.spot ]; }; From 573a6ea0bced1b5dc2e72d5e2de9687177a82df2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 17:53:31 +0200 Subject: [PATCH 051/904] flake: cleanup inputs --- flake.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index 7163fc2..b04b369 100644 --- a/flake.nix +++ b/flake.nix @@ -31,11 +31,7 @@ }; }; - outputs = { self, - nixpkgs, - nixpkgs-unstable, - emacs-overlay, - home-manager }: { + outputs = { self, nixpkgs, home-manager, ... } @inputs: { nixosConfigurations.poseidon = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; modules = [ @@ -55,7 +51,7 @@ packages = import ./pkgs { pkgs = super; }; # packages accessible through pkgs.unstable.package - unstable = import nixpkgs-unstable { + unstable = import inputs.nixpkgs-unstable { inherit system; config.allowUnfree = true; }; @@ -90,12 +86,12 @@ { nixpkgs.overlays = [ - emacs-overlay.overlay + inputs.emacs-overlay.overlay (self: super: { packages = import ./pkgs { pkgs = super; }; - unstable = import nixpkgs-unstable { + unstable = import inputs.nixpkgs-unstable { inherit system; config.allowUnfree = true; }; From a79d27ff227fd989e2102c9bc2f90ff70ff59fa8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 18:05:36 +0200 Subject: [PATCH 052/904] flake: group up nixosConfigurations --- flake.nix | 136 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 71 insertions(+), 65 deletions(-) diff --git a/flake.nix b/flake.nix index b04b369..d4aaa35 100644 --- a/flake.nix +++ b/flake.nix @@ -32,82 +32,88 @@ }; outputs = { self, nixpkgs, home-manager, ... } @inputs: { - nixosConfigurations.poseidon = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ - ./poseidon.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; - } + nixosConfigurations = { - { - nixpkgs.overlays = [ - (self: super: { - packages = import ./pkgs { pkgs = super; }; + poseidon = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ + ./poseidon.nix - # packages accessible through pkgs.unstable.package - unstable = import inputs.nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alarsyo = import ./home; + home-manager.verbose = true; + } - fastPython3 = self.python3.override { - enableOptimizations = true; - reproducibleBuild = false; - self = self.fastPython3; - pythonAttr = "fastPython3"; - }; + { + nixpkgs.overlays = [ + (self: super: { + packages = import ./pkgs { pkgs = super; }; - matrix-synapse = super.matrix-synapse.override { - python3 = self.fastPython3; - }; - }) - ]; - } - ]; - }; - nixosConfigurations.boreal = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ - ./boreal.nix + # packages accessible through pkgs.unstable.package + unstable = import inputs.nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + }; - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; - } + fastPython3 = self.python3.override { + enableOptimizations = true; + reproducibleBuild = false; + self = self.fastPython3; + pythonAttr = "fastPython3"; + }; - { - nixpkgs.overlays = [ - inputs.emacs-overlay.overlay + matrix-synapse = super.matrix-synapse.override { + python3 = self.fastPython3; + }; + }) + ]; + } + ]; + }; - (self: super: { - packages = import ./pkgs { pkgs = super; }; + boreal = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ + ./boreal.nix - unstable = import inputs.nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alarsyo = import ./home; + home-manager.verbose = true; + } - steam = self.unstable.steam; - }) + { + nixpkgs.overlays = [ + inputs.emacs-overlay.overlay + + (self: super: { + packages = import ./pkgs { pkgs = super; }; + + unstable = import inputs.nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + }; + + steam = self.unstable.steam; + }) + + # uncomment this to build everything from scratch, fun but takes a + # while + # + # (self: super: { + # stdenv = super.impureUseNativeOptimizations super.stdenv; + # }) + ]; + } + ]; + }; - # uncomment this to build everything from scratch, fun but takes a - # while - # - # (self: super: { - # stdenv = super.impureUseNativeOptimizations super.stdenv; - # }) - ]; - } - ]; }; }; } From ff673a089029849690def7912036bca77ad97cd2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 18:06:52 +0200 Subject: [PATCH 053/904] flake: merge shared overlay config --- flake.nix | 155 +++++++++++++++++++++++++++--------------------------- 1 file changed, 77 insertions(+), 78 deletions(-) diff --git a/flake.nix b/flake.nix index d4aaa35..1ac942e 100644 --- a/flake.nix +++ b/flake.nix @@ -33,87 +33,86 @@ outputs = { self, nixpkgs, home-manager, ... } @inputs: { - nixosConfigurations = { - - poseidon = nixpkgs.lib.nixosSystem rec { + nixosConfigurations = + let system = "x86_64-linux"; - modules = [ - ./poseidon.nix + shared_overlays = [ + (self: super: { + packages = import ./pkgs { pkgs = super; }; - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; - } - - { - nixpkgs.overlays = [ - (self: super: { - packages = import ./pkgs { pkgs = super; }; - - # packages accessible through pkgs.unstable.package - unstable = import inputs.nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - - fastPython3 = self.python3.override { - enableOptimizations = true; - reproducibleBuild = false; - self = self.fastPython3; - pythonAttr = "fastPython3"; - }; - - matrix-synapse = super.matrix-synapse.override { - python3 = self.fastPython3; - }; - }) - ]; - } + # packages accessible through pkgs.unstable.package + unstable = import inputs.nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + }; + }) ]; + in { + + poseidon = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = [ + ./poseidon.nix + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alarsyo = import ./home; + home-manager.verbose = true; + } + + { + nixpkgs.overlays = [ + (self: super: { + fastPython3 = self.python3.override { + enableOptimizations = true; + reproducibleBuild = false; + self = self.fastPython3; + pythonAttr = "fastPython3"; + }; + + matrix-synapse = super.matrix-synapse.override { + python3 = self.fastPython3; + }; + }) + ] ++ shared_overlays; + } + ]; + }; + + boreal = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = [ + ./boreal.nix + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alarsyo = import ./home; + home-manager.verbose = true; + } + + { + nixpkgs.overlays = [ + inputs.emacs-overlay.overlay + + (self: super: { + steam = self.unstable.steam; + }) + + # uncomment this to build everything from scratch, fun but takes a + # while + # + # (self: super: { + # stdenv = super.impureUseNativeOptimizations super.stdenv; + # }) + ] ++ shared_overlays; + } + ]; + }; + }; - - boreal = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ - ./boreal.nix - - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; - } - - { - nixpkgs.overlays = [ - inputs.emacs-overlay.overlay - - (self: super: { - packages = import ./pkgs { pkgs = super; }; - - unstable = import inputs.nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - - steam = self.unstable.steam; - }) - - # uncomment this to build everything from scratch, fun but takes a - # while - # - # (self: super: { - # stdenv = super.impureUseNativeOptimizations super.stdenv; - # }) - ]; - } - ]; - }; - - }; }; } From 5ac71e96cdd281ba01f2214d27355c9df0759a8c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 18:20:11 +0200 Subject: [PATCH 054/904] flake: factorize home-manager config --- flake.nix | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index 1ac942e..fb30b17 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,14 @@ }; outputs = { self, nixpkgs, home-manager, ... } @inputs: { + nixosModules = { + home = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alarsyo = import ./home; + home-manager.verbose = true; + }; + }; nixosConfigurations = let @@ -54,13 +62,8 @@ modules = [ ./poseidon.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; - } + home-manager.nixosModule + self.nixosModules.home { nixpkgs.overlays = [ @@ -86,13 +89,8 @@ modules = [ ./boreal.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; - } + home-manager.nixosModule + self.nixosModules.home { nixpkgs.overlays = [ From 61a57d8a96e16a2ead191234792f6388d71d20bc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 19:40:35 +0200 Subject: [PATCH 055/904] flake: expose packages --- flake.lock | 17 +++++++++++++++++ flake.nix | 13 ++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 66a481c..ac4d416 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,22 @@ "type": "github" } }, + "flake-utils": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "master", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -72,6 +88,7 @@ "root": { "inputs": { "emacs-overlay": "emacs-overlay", + "flake-utils": "flake-utils", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable" diff --git a/flake.nix b/flake.nix index fb30b17..22b50a4 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,13 @@ ref = "release-21.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + + flake-utils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "master"; + }; }; outputs = { self, nixpkgs, home-manager, ... } @inputs: { @@ -112,5 +119,9 @@ }; }; - }; + } // inputs.flake-utils.lib.eachDefaultSystem (system: { + packages = + inputs.flake-utils.lib.flattenTree + (import ./pkgs { pkgs = import nixpkgs { inherit system; }; }); + }); } From cc825d1e53d6695df0e3c5b05a87a4731ef456ac Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 19:44:28 +0200 Subject: [PATCH 056/904] pkgs: kaleidoscope: remove unneeded meta.platform --- pkgs/kaleidoscope-udev-rules/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/kaleidoscope-udev-rules/default.nix b/pkgs/kaleidoscope-udev-rules/default.nix index fc62a62..2ab2118 100644 --- a/pkgs/kaleidoscope-udev-rules/default.nix +++ b/pkgs/kaleidoscope-udev-rules/default.nix @@ -25,6 +25,5 @@ stdenv.mkDerivation { description = "udev rules for kaleidoscope firmware keyboards"; homepage = "https://github.com/keyboardio/Kaleidoscope"; license = licenses.gpl3Only; - platforms = [ "x86_64-linux" ]; }; } From c7c87fcdb472497fc4c14d07559fe5ef33199e67 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 21:09:26 +0200 Subject: [PATCH 057/904] pkgs: fix grafanaDashboards access in flake The `packages` output from the flake needs flake-utils' `flattenTree` to be valid (because it doesn't support nested sets), but that only works if I use `recurseIntoAttrs`. --- pkgs/default.nix | 2 +- services/monitoring.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 2dcc61d..2f4608f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,6 +2,6 @@ { sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; - grafana-dashboards = pkgs.callPackage ./grafana-dashboards {}; + grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); spot = pkgs.callPackage ./spot {}; } diff --git a/services/monitoring.nix b/services/monitoring.nix index fe66988..ff37171 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -38,12 +38,12 @@ in { dashboards = [ { name = "Node Exporter"; - options.path = pkgs.packages.grafana-dashboards.node-exporter; + options.path = pkgs.packages.grafanaDashboards.node-exporter; disableDeletion = true; } { name = "NGINX"; - options.path = pkgs.packages.grafana-dashboards.nginx; + options.path = pkgs.packages.grafanaDashboards.nginx; disableDeletion = true; } ]; From 40bb8ff33b6075f348ea96ca8e366d0cece6f533 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Jul 2021 23:33:42 +0200 Subject: [PATCH 058/904] base: add innernet to base programs --- base/programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/programs.nix b/base/programs.nix index 5dbf1c7..de19665 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -52,5 +52,7 @@ # nix pkgs lookup nix-index + + unstable.innernet ]; } From 0f4ae458284dd9584da142c3794a4a6a6714d331 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 15 Jul 2021 10:14:03 +0200 Subject: [PATCH 059/904] services: monitoring: set prometheus scrape interval --- services/monitoring.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/services/monitoring.nix b/services/monitoring.nix index ff37171..930743e 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -15,6 +15,13 @@ in { example = "monitoring.example.com"; description = "Domain to use in reverse proxy"; }; + + scrapeInterval = mkOption { + type = types.str; + default = "15s"; + example = "1m"; + description = "prometheus scrape interval"; + }; }; config = mkIf cfg.enable { @@ -32,6 +39,9 @@ in { name = "Prometheus"; type = "prometheus"; url = "http://localhost:${toString config.services.prometheus.port}"; + jsonData = { + timeInterval = cfg.scrapeInterval; + }; } ]; @@ -66,6 +76,10 @@ in { }; }; + globalConfig = { + scrape_interval = cfg.scrapeInterval; + }; + scrapeConfigs = [ { job_name = config.networking.hostName; From fe82f349436cc615e74ab24fa37b404adf7799e0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Jul 2021 13:39:38 +0200 Subject: [PATCH 060/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/c015a0e27baebe1e28ef3b030901adf564959611' -> 'github:nix-community/emacs-overlay/5c20a170b2e025b3a6309ee8ad38eb98cd62008d' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/cf59fbd539681f5ec2f4a82cf77aae7ab827a03f' -> 'github:NixOS/nixpkgs/268dee84298d3affd8d7e92a8ea31f1fdcd44fc1' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/635a1954044fb0dfbcfd857e3289ab12feb41530' -> 'github:NixOS/nixpkgs/56a017774e2992a6592e1ed811ab1b79126c6bba' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ac4d416..08efb6d 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1626054500, - "narHash": "sha256-r3oFzIgSfi3Vo3nXA58lwQ4UiuflUH9uTZkF8WBRFKU=", + "lastModified": 1626685876, + "narHash": "sha256-1DSVhUddjYIXZNu1kntKh2uQwbuoahDgA0lKQrc0YAw=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c015a0e27baebe1e28ef3b030901adf564959611", + "rev": "5c20a170b2e025b3a6309ee8ad38eb98cd62008d", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1625919529, - "narHash": "sha256-Epn7JRegnKN81hQh4hGx1FOwfp3fBxDCIuSZDgqaBQ4=", + "lastModified": 1626545883, + "narHash": "sha256-dARArkQE3wKuxxz91w+oT50D6zg8YGl+NLZYLRsmPTg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cf59fbd539681f5ec2f4a82cf77aae7ab827a03f", + "rev": "268dee84298d3affd8d7e92a8ea31f1fdcd44fc1", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1626021213, - "narHash": "sha256-KDms4KJVXWV3ZUfHLA9Syi4Sz6kcMzNbpXx2cHy5HLs=", + "lastModified": 1626653641, + "narHash": "sha256-A/R+2+tPToPlYtORjx57WxklHIwkC698Fj03jpPG3/8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "635a1954044fb0dfbcfd857e3289ab12feb41530", + "rev": "56a017774e2992a6592e1ed811ab1b79126c6bba", "type": "github" }, "original": { From 611308f120c522e0825cf0b6d69ccc400118565e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Jul 2021 14:59:15 +0200 Subject: [PATCH 061/904] services: paperless: backup correctly --- services/paperless.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless.nix b/services/paperless.nix index 2c09338..adebc51 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -58,7 +58,7 @@ in paths = [ "/var/lib/docker/volumes/paperless_data" "/var/lib/docker/volumes/paperless_media" - "/var/lib/docker/volumes/paperless_pgdata" + "/home/alarsyo/paperless-ng/backups" ]; }; }; From d819b905598158f28e0cb434a6d554e3bc341c86 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Jul 2021 15:26:13 +0200 Subject: [PATCH 062/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/5c20a170b2e025b3a6309ee8ad38eb98cd62008d' -> 'github:nix-community/emacs-overlay/40e6376f2d3fe4911122ae78569243aa929888b2' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/268dee84298d3affd8d7e92a8ea31f1fdcd44fc1' -> 'github:NixOS/nixpkgs/63ee5cd99a2e193d5e4c879feb9683ddec23fa03' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/56a017774e2992a6592e1ed811ab1b79126c6bba' -> 'github:NixOS/nixpkgs/314cf1949b181a1362b96c2e0421f9710a8fe607' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 08efb6d..96f1b8b 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1626685876, - "narHash": "sha256-1DSVhUddjYIXZNu1kntKh2uQwbuoahDgA0lKQrc0YAw=", + "lastModified": 1626945692, + "narHash": "sha256-Io8/GJjq7D4F2ouH1FAUrwVH7yCHeqlms76Lu0/qUoY=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "5c20a170b2e025b3a6309ee8ad38eb98cd62008d", + "rev": "40e6376f2d3fe4911122ae78569243aa929888b2", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1626545883, - "narHash": "sha256-dARArkQE3wKuxxz91w+oT50D6zg8YGl+NLZYLRsmPTg=", + "lastModified": 1626834727, + "narHash": "sha256-ToGgus+UImnLNaLgv+xfo/cI3J/NQl2KB5kvyErXays=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "268dee84298d3affd8d7e92a8ea31f1fdcd44fc1", + "rev": "63ee5cd99a2e193d5e4c879feb9683ddec23fa03", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1626653641, - "narHash": "sha256-A/R+2+tPToPlYtORjx57WxklHIwkC698Fj03jpPG3/8=", + "lastModified": 1626910492, + "narHash": "sha256-7QG4AxJVgroVMoRY+4PhIp3aJV9svjfAds8JYyFrmSw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56a017774e2992a6592e1ed811ab1b79126c6bba", + "rev": "314cf1949b181a1362b96c2e0421f9710a8fe607", "type": "github" }, "original": { From f4f5cf3c3b999b57c79f058ed32fa297877c0d05 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Jul 2021 18:18:41 +0200 Subject: [PATCH 063/904] base: remove innernet from programs --- base/programs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index de19665..5dbf1c7 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -52,7 +52,5 @@ # nix pkgs lookup nix-index - - unstable.innernet ]; } From 0b193d29b436f0ad829ba13eaacc5c0a17d80b49 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Jul 2021 18:19:04 +0200 Subject: [PATCH 064/904] base: remove stow from base programs no longer needed, as dotfiles are now handled by home-manager --- base/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/base/programs.nix b/base/programs.nix index 5dbf1c7..88d6910 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -47,7 +47,6 @@ dogdns du-dust htop - stow tealdeer # nix pkgs lookup From 7f4d76cd64c4a36057b9ac12be162e92ee3eb30e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Jul 2021 18:20:43 +0200 Subject: [PATCH 065/904] base: add zip/unzip to base programs --- base/programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/programs.nix b/base/programs.nix index 88d6910..d49535a 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -48,6 +48,8 @@ du-dust htop tealdeer + unzip + zip # nix pkgs lookup nix-index From d7387374da0a966cff7a0786ace31f794d2e6d6c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Jul 2021 18:22:23 +0200 Subject: [PATCH 066/904] base: add gimp to base programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index f3189ef..1e6e3c3 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -3,6 +3,7 @@ environment.systemPackages = with pkgs; [ alacritty feh + gimp gnome.nautilus mpv pavucontrol From cbd98189e2d5bcf1140da920774c33eaceb27b37 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 23 Jul 2021 18:47:53 +0200 Subject: [PATCH 067/904] zephyrus: init host --- flake.nix | 20 +++++++ hosts/zephyrus/default.nix | 63 +++++++++++++++++++++++ hosts/zephyrus/hardware-configuration.nix | 44 ++++++++++++++++ hosts/zephyrus/home.nix | 26 ++++++++++ zephyrus.nix | 28 ++++++++++ 5 files changed, 181 insertions(+) create mode 100644 hosts/zephyrus/default.nix create mode 100644 hosts/zephyrus/hardware-configuration.nix create mode 100644 hosts/zephyrus/home.nix create mode 100644 zephyrus.nix diff --git a/flake.nix b/flake.nix index 22b50a4..3176f82 100644 --- a/flake.nix +++ b/flake.nix @@ -118,6 +118,26 @@ ]; }; + zephyrus = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = [ + ./zephyrus.nix + + home-manager.nixosModule + self.nixosModules.home + + { + nixpkgs.overlays = [ + inputs.emacs-overlay.overlay + + (self: super: { + steam = self.unstable.steam; + }) + ] ++ shared_overlays; + } + ]; + }; + }; } // inputs.flake-utils.lib.eachDefaultSystem (system: { packages = diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix new file mode 100644 index 0000000..1f55c38 --- /dev/null +++ b/hosts/zephyrus/default.nix @@ -0,0 +1,63 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: +let + secrets = config.my.secrets; +in +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./home.nix + ]; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = [ "/" ]; + }; + }; + + networking.hostName = "zephyrus"; # Define your hostname. + networking.domain = "alarsyo.net"; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.interfaces.enp0s31f6.useDHCP = true; + networking.interfaces.wlp0s20f3.useDHCP = true; + + # List services that you want to enable: + my.services = { + tailscale.enable = true; + + pipewire.enable = true; + }; + + services = { + xserver = { + enable = true; + windowManager.i3.enable = true; + layout = "fr"; + xkbVariant = "us"; + libinput.enable = true; + }; + }; + my.displayManager.sddm.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; +} diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix new file mode 100644 index 0000000..6808322 --- /dev/null +++ b/hosts/zephyrus/hardware-configuration.nix @@ -0,0 +1,44 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" "noatime" ]; + }; + + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297"; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" "noatime" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/D9DA-F46C"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix new file mode 100644 index 0000000..08f11ad --- /dev/null +++ b/hosts/zephyrus/home.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: +{ + home-manager.users.alarsyo = { + # Keyboard settings & i3 settings + my.home.x.enable = true; + my.home.x.cursor.enable = true; + my.home.alacritty.enable = true; + my.home.emacs.enable = true; + my.home.tmux.enable = true; + my.home.starship.enable = false; + my.home.fish.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + + home.packages = with pkgs; [ + # some websites only work there :( + chromium + + # dev + rustup + + unstable.beancount + unstable.fava + ]; + }; +} diff --git a/zephyrus.nix b/zephyrus.nix new file mode 100644 index 0000000..45f0074 --- /dev/null +++ b/zephyrus.nix @@ -0,0 +1,28 @@ +{ ... }: +{ + imports = [ + # Default configuration + ./base + ./base/gui-programs.nix + + # Module definitions + ./modules + + # Service definitions + ./services + + # Configuration secrets + ./secrets + + # Host-specific config + ./hosts/zephyrus + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? +} From be1e31bb78d52a96961065269ece2fccac58075e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 23 Jul 2021 19:18:07 +0200 Subject: [PATCH 068/904] home: i3bar: make temp display configurable --- home/x/i3bar.nix | 19 +++++++++++++++---- hosts/boreal/home.nix | 2 ++ hosts/zephyrus/home.nix | 2 ++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 2f8b4c8..dadde9b 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -2,8 +2,21 @@ let isEnabled = config.my.home.x.enable; i3BarTheme = config.my.theme.i3BarTheme; + cfg = config.my.home.x.i3bar; in { + options.my.home.x.i3bar = with lib; { + temperature.chip = mkOption { + type = types.str; + example = "coretemp-isa-*"; + default = ""; + }; + temperature.inputs = mkOption { + type = types.listOf types.str; + example = ["Core 0" "Core 1" "Core 2" "Core 3"]; + default = ""; + }; + }; config = lib.mkIf isEnabled { home.packages = with pkgs; [ @@ -57,10 +70,8 @@ in collapsed = false; interval = 10; format = "{max}"; - # FIXME: specific to my AMD Ryzen CPU. Make this depend on - # hostname or something else - chip = "k10temp-pci-*"; - inputs = [ "Tccd1" ]; + chip = cfg.temperature.chip; + inputs = cfg.temperature.inputs; } { block = "networkmanager"; diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index f1e3ec8..006cb4a 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -3,6 +3,8 @@ home-manager.users.alarsyo = { # Keyboard settings & i3 settings my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; + my.home.x.i3bar.temperature.inputs = [ "Tccd1" ]; my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 08f11ad..806dff4 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -3,6 +3,8 @@ home-manager.users.alarsyo = { # Keyboard settings & i3 settings my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; + my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; From ca5f1167c28c9af13897818a96bdf53643a97178 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 01:29:53 +0200 Subject: [PATCH 069/904] zephyrus: enable light program --- hosts/zephyrus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 1f55c38..83f7a0c 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -60,4 +60,6 @@ in enable = true; powerOnBoot = false; }; + + programs.light.enable = true; } From 084fca9a59d3fd592f11f0a918364067c15af3e5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 01:30:54 +0200 Subject: [PATCH 070/904] base: users: add alarsyo to video group --- base/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/users.nix b/base/users.nix index 26a4219..263163f 100644 --- a/base/users.nix +++ b/base/users.nix @@ -13,6 +13,7 @@ in extraGroups = [ "media" "networkmanager" + "video" # for `light` permissions "docker" "wheel" # Enable ‘sudo’ for the user. ]; From 55db4dbdebda6a93217f1c1e04e7a1c9c07532f1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 01:32:49 +0200 Subject: [PATCH 071/904] zephyrus: install darktable --- hosts/zephyrus/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 806dff4..7646d14 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -18,6 +18,8 @@ # some websites only work there :( chromium + darktable + # dev rustup From fae1b45a9d50f2bc30983b930e77578e1d7584f8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 01:53:01 +0200 Subject: [PATCH 072/904] home: alacritty: turn off DPI scaling --- home/alacritty.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/alacritty.nix b/home/alacritty.nix index 577140e..a269a61 100644 --- a/home/alacritty.nix +++ b/home/alacritty.nix @@ -11,6 +11,10 @@ in enable = true; settings = { + env = { + WINIT_X11_SCALE_FACTOR = "1.0"; + }; + window = { padding = { x = 8; From 953af1affcbd845635d69525fd4801b5f37bd15e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 02:00:50 +0200 Subject: [PATCH 073/904] flake.lock: Update Flake input changes: * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/314cf1949b181a1362b96c2e0421f9710a8fe607' -> 'github:NixOS/nixpkgs/b09661d41fb93562fd53f31574dbf781b130ac44' --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 96f1b8b..a07905b 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1626910492, - "narHash": "sha256-7QG4AxJVgroVMoRY+4PhIp3aJV9svjfAds8JYyFrmSw=", + "lastModified": 1626995815, + "narHash": "sha256-ma1ZkQXDzpKHO6lVeZTK2hC3CZBMz/iK9x53g2f+un4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "314cf1949b181a1362b96c2e0421f9710a8fe607", + "rev": "b09661d41fb93562fd53f31574dbf781b130ac44", "type": "github" }, "original": { From f75ff6849d5115f40660b6318f5f1842c0c03d58 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 02:18:15 +0200 Subject: [PATCH 074/904] home: allow marking device as laptop --- home/default.nix | 1 + home/laptop.nix | 6 ++++++ hosts/zephyrus/home.nix | 2 ++ 3 files changed, 9 insertions(+) create mode 100644 home/laptop.nix diff --git a/home/default.nix b/home/default.nix index 10ebaae..b383e47 100644 --- a/home/default.nix +++ b/home/default.nix @@ -6,6 +6,7 @@ ./env.nix ./fish ./flameshot.nix + ./laptop.nix ./secrets ./starship.nix ./themes diff --git a/home/laptop.nix b/home/laptop.nix new file mode 100644 index 0000000..ef4d266 --- /dev/null +++ b/home/laptop.nix @@ -0,0 +1,6 @@ +{ config, lib, ... }: +{ + options.my.home.laptop = with lib; { + enable = mkEnableOption "Laptop settings"; + }; +} diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 7646d14..0e12176 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: { home-manager.users.alarsyo = { + my.home.laptop.enable = true; + # Keyboard settings & i3 settings my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; From 67b91f8c88be1beb2cf4d717587e2dbd70bae459 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Jul 2021 02:18:27 +0200 Subject: [PATCH 075/904] home: i3bar: show battery for laptops --- home/x/i3bar.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index dadde9b..afa170e 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -93,6 +93,11 @@ in block = "sound"; driver = "pulseaudio"; } + ] ++ (lib.lists.optionals config.my.home.laptop.enable [ + { + block = "battery"; + } + ]) ++ [ # { # block = "notify"; # } From 1c0e8eaa8d4ba3a05bd221e35f6d1d45add4d9ce Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Jul 2021 16:17:18 +0200 Subject: [PATCH 076/904] base: add imagemagick to gui programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 1e6e3c3..c831949 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -5,6 +5,7 @@ feh gimp gnome.nautilus + imagemagick mpv pavucontrol thunderbird From dff7b29b1dae02e64876f75e69ff8394836949f8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Jul 2021 16:28:06 +0200 Subject: [PATCH 077/904] home: i3: add brightness shortcuts --- home/x/i3.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index cb87d93..a7f9ccc 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -87,6 +87,9 @@ in "XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; "XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + "XF86MonBrightnessDown" = "exec --no-startup-id light -U 5"; + "XF86MonBrightnessUp" = "exec --no-startup-id light -A 5"; + "${modifier}+l" = "exec --no-startup-id betterlockscreen --lock"; }; From fa6f54a03a4b5dd469ecc496d613ba1165ed1942 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Jul 2021 21:29:55 +0200 Subject: [PATCH 078/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/40e6376f2d3fe4911122ae78569243aa929888b2' -> 'github:nix-community/emacs-overlay/b7bdcae5f7b376945851995ef022ae22b6b17991' * Updated 'home-manager': 'github:nix-community/home-manager/35a24648d155843a4d162de98c17b1afd5db51e4' -> 'github:nix-community/home-manager/9c0abed5228d54aad120b4bc757b6f5935aeda1c' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/63ee5cd99a2e193d5e4c879feb9683ddec23fa03' -> 'github:NixOS/nixpkgs/973910f5c31b9ba6c171c33a8bd7199990b14c72' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b09661d41fb93562fd53f31574dbf781b130ac44' -> 'github:NixOS/nixpkgs/ecaf3da9340231e5493eccc3db87604a3705da42' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a07905b..5ad2d69 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1626945692, - "narHash": "sha256-Io8/GJjq7D4F2ouH1FAUrwVH7yCHeqlms76Lu0/qUoY=", + "lastModified": 1627238545, + "narHash": "sha256-471t3bqHh1VKoDJQS11AfepaOIW3PMaWGrJT2fJXZSg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "40e6376f2d3fe4911122ae78569243aa929888b2", + "rev": "b7bdcae5f7b376945851995ef022ae22b6b17991", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1624228557, - "narHash": "sha256-wwOqe73BsrXfRv1PhyXQFNC8iTET50KvE/HitdkRgxs=", + "lastModified": 1627158444, + "narHash": "sha256-+C0SqhyQQplhcmWl681ODGNWUng8Wp1yvC/MdI1Q7hY=", "owner": "nix-community", "repo": "home-manager", - "rev": "35a24648d155843a4d162de98c17b1afd5db51e4", + "rev": "9c0abed5228d54aad120b4bc757b6f5935aeda1c", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1626834727, - "narHash": "sha256-ToGgus+UImnLNaLgv+xfo/cI3J/NQl2KB5kvyErXays=", + "lastModified": 1627131378, + "narHash": "sha256-R26ndhO4uTGqE6tsPbGd1BDTG2+eotvVV5K5YOuKM9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63ee5cd99a2e193d5e4c879feb9683ddec23fa03", + "rev": "973910f5c31b9ba6c171c33a8bd7199990b14c72", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1626995815, - "narHash": "sha256-ma1ZkQXDzpKHO6lVeZTK2hC3CZBMz/iK9x53g2f+un4=", + "lastModified": 1627170405, + "narHash": "sha256-6t7ISnt0Iqc2jxIf5+/su6eFmZNWnPAOA1JeOv9lLRE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b09661d41fb93562fd53f31574dbf781b130ac44", + "rev": "ecaf3da9340231e5493eccc3db87604a3705da42", "type": "github" }, "original": { From 0ff76742e27f2f3c57b0a67c16002fbeb6a994ba Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 27 Jul 2021 00:33:10 +0200 Subject: [PATCH 079/904] zephyrus: enable tlp service and hardware module --- flake.lock | 17 +++++++++++++++++ flake.nix | 11 +++++++++++ hosts/zephyrus/default.nix | 9 +++++++++ hosts/zephyrus/hardware-configuration.nix | 2 ++ 4 files changed, 39 insertions(+) diff --git a/flake.lock b/flake.lock index 5ad2d69..6622494 100644 --- a/flake.lock +++ b/flake.lock @@ -53,6 +53,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1627212500, + "narHash": "sha256-KMUQCT3JSqznp+dR6BTvbwLqPFErjNlotVpkp/P/ZmM=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "03e7686c72345f237405c0b46b153dccd3ec9913", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1627131378, @@ -90,6 +106,7 @@ "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable" } diff --git a/flake.nix b/flake.nix index 3176f82..c47d331 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,13 @@ repo = "flake-utils"; ref = "master"; }; + + nixos-hardware = { + type = "github"; + owner = "NixOS"; + repo = "nixos-hardware"; + ref = "master"; + }; }; outputs = { self, nixpkgs, home-manager, ... } @inputs: { @@ -123,6 +130,10 @@ modules = [ ./zephyrus.nix + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-ssd + home-manager.nixosModule self.nixosModules.home diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 83f7a0c..68add65 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -53,6 +53,15 @@ in xkbVariant = "us"; libinput.enable = true; }; + tlp = { + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + START_CHARGE_THRESH_BAT0 = 70; + STOP_CHARGE_THRESH_BAT0 = 80; + }; + }; }; my.displayManager.sddm.enable = true; diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix index 6808322..cc55acf 100644 --- a/hosts/zephyrus/hardware-configuration.nix +++ b/hosts/zephyrus/hardware-configuration.nix @@ -41,4 +41,6 @@ swapDevices = [ ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware.enableRedistributableFirmware = true; } From 75db86e59b5409fce9f0323d8062385009347fc2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 27 Jul 2021 22:52:07 +0200 Subject: [PATCH 080/904] zephyrus: enable fwupd --- hosts/zephyrus/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 68add65..c116bb8 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -62,6 +62,7 @@ in STOP_CHARGE_THRESH_BAT0 = 80; }; }; + fwupd.enable = true; }; my.displayManager.sddm.enable = true; From 2718be6ac93c153e357f8218490155505b365545 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 28 Jul 2021 17:12:20 +0200 Subject: [PATCH 081/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/b7bdcae5f7b376945851995ef022ae22b6b17991' -> 'github:nix-community/emacs-overlay/0fce209cb26c7f56090406058065081a3cddc76a' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/973910f5c31b9ba6c171c33a8bd7199990b14c72' -> 'github:NixOS/nixpkgs/382039c05a16827a7f0731183e862366b66b422f' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ecaf3da9340231e5493eccc3db87604a3705da42' -> 'github:NixOS/nixpkgs/0efb458bc1d1c5d4f36e55ae3c513d5dec615d46' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6622494..7f112ac 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1627238545, - "narHash": "sha256-471t3bqHh1VKoDJQS11AfepaOIW3PMaWGrJT2fJXZSg=", + "lastModified": 1627479923, + "narHash": "sha256-+a9mSSyGSWnx/iC5J8Q9E3VlgUvvTDLI5NU14W6L/+A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b7bdcae5f7b376945851995ef022ae22b6b17991", + "rev": "0fce209cb26c7f56090406058065081a3cddc76a", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627131378, - "narHash": "sha256-R26ndhO4uTGqE6tsPbGd1BDTG2+eotvVV5K5YOuKM9g=", + "lastModified": 1627460592, + "narHash": "sha256-jdJqJi9DSPiGOY9xlZSi0ufDJpS6ezvDdx8AQq5VuyI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "973910f5c31b9ba6c171c33a8bd7199990b14c72", + "rev": "382039c05a16827a7f0731183e862366b66b422f", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1627170405, - "narHash": "sha256-6t7ISnt0Iqc2jxIf5+/su6eFmZNWnPAOA1JeOv9lLRE=", + "lastModified": 1627427471, + "narHash": "sha256-8qEEPkr9BVSM+ce4Qs2dL3O4ooZkVxF7Ow2WxB9w6Es=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ecaf3da9340231e5493eccc3db87604a3705da42", + "rev": "0efb458bc1d1c5d4f36e55ae3c513d5dec615d46", "type": "github" }, "original": { From 270809ca259254043bc38a93926e3d3c6c569fc8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 00:07:33 +0200 Subject: [PATCH 082/904] home: add bat config --- base/programs.nix | 1 - home/bat.nix | 20 ++++++++++++++++++++ home/default.nix | 1 + home/themes/bat.nix | 10 ++++++++++ home/themes/default.nix | 4 ++++ home/themes/solarizedLight/bat.nix | 3 +++ home/themes/solarizedLight/default.nix | 3 ++- 7 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 home/bat.nix create mode 100644 home/themes/bat.nix create mode 100644 home/themes/solarizedLight/bat.nix diff --git a/base/programs.nix b/base/programs.nix index d49535a..06191b2 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -21,7 +21,6 @@ environment.systemPackages = with pkgs; [ # shell usage - bat fd ripgrep sd diff --git a/home/bat.nix b/home/bat.nix new file mode 100644 index 0000000..6d496e8 --- /dev/null +++ b/home/bat.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: +let + cfg = config.my.home.bat; + batTheme = config.my.theme.batTheme; +in +{ + options.my.home.bat = with lib; { + enable = (mkEnableOption "bat code display tool") // { default = true; }; + }; + + config = lib.mkIf cfg.enable { + programs.bat = { + enable = true; + + config = { + theme = batTheme.name; + }; + }; + }; +} diff --git a/home/default.nix b/home/default.nix index b383e47..6ab7e70 100644 --- a/home/default.nix +++ b/home/default.nix @@ -2,6 +2,7 @@ { imports = [ ./alacritty.nix + ./bat.nix ./emacs.nix ./env.nix ./fish diff --git a/home/themes/bat.nix b/home/themes/bat.nix new file mode 100644 index 0000000..5c14c5f --- /dev/null +++ b/home/themes/bat.nix @@ -0,0 +1,10 @@ +{ lib }: +with lib; +types.submodule { + options = { + name = mkOption { + type = types.str; + default = ""; + }; + }; +} diff --git a/home/themes/default.nix b/home/themes/default.nix index 6ce1d1a..96fc994 100644 --- a/home/themes/default.nix +++ b/home/themes/default.nix @@ -7,6 +7,10 @@ let type = import ./alacritty.nix { inherit lib; }; default = {}; }; + batTheme = mkOption { + type = import ./bat.nix { inherit lib; }; + default = {}; + }; i3Theme = mkOption { type = import ./i3.nix { inherit lib; }; default = {}; diff --git a/home/themes/solarizedLight/bat.nix b/home/themes/solarizedLight/bat.nix new file mode 100644 index 0000000..053f11c --- /dev/null +++ b/home/themes/solarizedLight/bat.nix @@ -0,0 +1,3 @@ +{ + name = "Solarized (light)"; +} diff --git a/home/themes/solarizedLight/default.nix b/home/themes/solarizedLight/default.nix index ed22ad4..01517b1 100644 --- a/home/themes/solarizedLight/default.nix +++ b/home/themes/solarizedLight/default.nix @@ -1,5 +1,6 @@ { + alacrittyTheme = import ./alacritty.nix; + batTheme = import ./bat.nix; i3Theme = import ./i3.nix; i3BarTheme = import ./i3bar.nix; - alacrittyTheme = import ./alacritty.nix; } From b3fc8428dc80047bd34ad0454ba87ed0c01321cc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 00:14:33 +0200 Subject: [PATCH 083/904] poseidon: enable solarizedLight theme for bat --- hosts/poseidon/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/poseidon/home.nix b/hosts/poseidon/home.nix index 77f374e..8ec0d80 100644 --- a/hosts/poseidon/home.nix +++ b/hosts/poseidon/home.nix @@ -3,5 +3,7 @@ home-manager.users.alarsyo = { my.home.tmux.enable = true; my.home.fish.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; } From 9b4d3852c3acc55fb0aa4075e74f7b2ea26e3e82 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 10:43:02 +0200 Subject: [PATCH 084/904] home: bump stateVersion to 21.05 --- home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 6ab7e70..7850575 100644 --- a/home/default.nix +++ b/home/default.nix @@ -15,7 +15,7 @@ ./x ]; - home.stateVersion = "20.09"; + home.stateVersion = "21.05"; home.username = "alarsyo"; } From e52d474d85a0073006bb972e8c352de05f1f8d59 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 11:07:14 +0200 Subject: [PATCH 085/904] home: git: setup git config --- home/default.nix | 1 + home/git.nix | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 home/git.nix diff --git a/home/default.nix b/home/default.nix index 7850575..0ddda5f 100644 --- a/home/default.nix +++ b/home/default.nix @@ -7,6 +7,7 @@ ./env.nix ./fish ./flameshot.nix + ./git.nix ./laptop.nix ./secrets ./starship.nix diff --git a/home/git.nix b/home/git.nix new file mode 100644 index 0000000..d8428b6 --- /dev/null +++ b/home/git.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.git; +in +{ + options.my.home.git.enable = (lib.mkEnableOption "Git configuration") // { default = true; }; + + config = lib.mkIf cfg.enable { + programs.git = { + enable = true; + + lfs.enable = true; + + userEmail = "antoine@alarsyo.net"; + userName = "Antoine Martin"; + + extraConfig = { + commit = { verbose = true; }; + core = { editor = "vim"; }; + init = { defaultBranch = "main"; }; + pull = { rebase = true; }; + rerere = { enabled = true; }; + }; + + aliases = { + push-wip = "push -o ci.skip"; + push-merge = "push -o merge_request.create -o merge_request.merge_when_pipeline_succeeds -o merge_request.remove_source_branch"; + push-mr = "push -o merge_request.create -o merge_request.remove_source_branch"; + }; + + includes = [ + { + condition = "gitdir:~/work/lrde"; + contents = { user = { email = "amartin@lrde.epita.fr"; }; }; + } + { + condition = "gitdir:~/work/prologin"; + contents = { user = { email = "antoine.martin@prologin.org"; }; }; + } + { + condition = "gitdir:~/work/epita"; + contents = { user = { email = "antoine4.martin@epita.fr"; }; }; + } + ]; + }; + }; +} From e923b28c6ceb5f340828096e3192c1715ff7b7e4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 11:16:45 +0200 Subject: [PATCH 086/904] base: remove alacritty from gui programs It's now enabled from my home config --- base/gui-programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index c831949..7157273 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - alacritty feh gimp gnome.nautilus From fb2b03fb798901c80d06df7bb9a7e20f3136ada5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 11:17:22 +0200 Subject: [PATCH 087/904] home: rofi: setup config --- home/default.nix | 1 + home/rofi.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 home/rofi.nix diff --git a/home/default.nix b/home/default.nix index 0ddda5f..f4c1384 100644 --- a/home/default.nix +++ b/home/default.nix @@ -9,6 +9,7 @@ ./flameshot.nix ./git.nix ./laptop.nix + ./rofi.nix ./secrets ./starship.nix ./themes diff --git a/home/rofi.nix b/home/rofi.nix new file mode 100644 index 0000000..61f1e88 --- /dev/null +++ b/home/rofi.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.rofi; +in +{ + options.my.home.rofi = with lib; { + enable = (mkEnableOption "rofi configuration") // { default = true; }; + }; + + config = lib.mkIf cfg.enable { + programs.rofi = { + enable = true; + + terminal = "${pkgs.alacritty}/bin/alacritty"; + extraConfig = { + ssh-client = "${pkgs.mosh}/bin/mosh"; + }; + }; + }; +} From 0ecf54e3d503395c205a3b157657949eb3af79c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 11:22:39 +0200 Subject: [PATCH 088/904] home: i3: setup rofi keybinding --- home/x/i3.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index a7f9ccc..20fdeb7 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -91,6 +91,7 @@ in "XF86MonBrightnessUp" = "exec --no-startup-id light -A 5"; "${modifier}+l" = "exec --no-startup-id betterlockscreen --lock"; + "${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run"; }; modes = From d177a5bd71b17f6e822d030f2099543d27658f93 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 11:31:21 +0200 Subject: [PATCH 089/904] home: ssh: setup config --- home/default.nix | 1 + home/ssh.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 home/ssh.nix diff --git a/home/default.nix b/home/default.nix index f4c1384..d63a19e 100644 --- a/home/default.nix +++ b/home/default.nix @@ -11,6 +11,7 @@ ./laptop.nix ./rofi.nix ./secrets + ./ssh.nix ./starship.nix ./themes ./tmux.nix diff --git a/home/ssh.nix b/home/ssh.nix new file mode 100644 index 0000000..6c98ce2 --- /dev/null +++ b/home/ssh.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +let + cfg = config.my.home.ssh; +in +{ + options.my.home.ssh = with lib; { + enable = (mkEnableOption "ssh configuration") // { default = true; }; + }; + + config = lib.mkIf cfg.enable { + programs.ssh = { + enable = true; + + matchBlocks = { + poseidon = { + hostname = "poseidon.alarsyo.net"; + }; + }; + }; + }; +} From bc79f1b8a281536d9034bbadb83c304c7098fb44 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 11:41:54 +0200 Subject: [PATCH 090/904] home: starship: remove unused module --- home/default.nix | 1 - home/starship.nix | 17 ----------------- hosts/boreal/home.nix | 1 - hosts/zephyrus/home.nix | 1 - 4 files changed, 20 deletions(-) delete mode 100644 home/starship.nix diff --git a/home/default.nix b/home/default.nix index d63a19e..d914eb7 100644 --- a/home/default.nix +++ b/home/default.nix @@ -12,7 +12,6 @@ ./rofi.nix ./secrets ./ssh.nix - ./starship.nix ./themes ./tmux.nix ./x diff --git a/home/starship.nix b/home/starship.nix deleted file mode 100644 index 8476c85..0000000 --- a/home/starship.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.home.starship; -in -{ - options.my.home.starship.enable = lib.mkEnableOption "Starship.rs prompt"; - - config = lib.mkIf cfg.enable { - programs.starship = { - enable = true; - enableFishIntegration = true; - settings = { - add_newline = false; - }; - }; - }; -} diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 006cb4a..e1e5417 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -9,7 +9,6 @@ my.home.alacritty.enable = true; my.home.emacs.enable = true; my.home.tmux.enable = true; - my.home.starship.enable = false; my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 0e12176..59dc44b 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -11,7 +11,6 @@ my.home.alacritty.enable = true; my.home.emacs.enable = true; my.home.tmux.enable = true; - my.home.starship.enable = false; my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From d64cb708ffd3c402bb80b1368d9f93edd77a5d26 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 12:05:06 +0200 Subject: [PATCH 091/904] home: rofi: don't enable on headless machines --- home/rofi.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/rofi.nix b/home/rofi.nix index 61f1e88..30022d7 100644 --- a/home/rofi.nix +++ b/home/rofi.nix @@ -4,7 +4,7 @@ let in { options.my.home.rofi = with lib; { - enable = (mkEnableOption "rofi configuration") // { default = true; }; + enable = (mkEnableOption "rofi configuration") // { default = config.my.home.x.enable; }; }; config = lib.mkIf cfg.enable { From db024c02d592023f9f9d90f4bf1d41c9c4d75466 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 12:17:41 +0200 Subject: [PATCH 092/904] home: tridactyl: setup config --- home/default.nix | 2 ++ home/firefox.nix | 20 ++++++++++++++++++++ home/tridactyl.nix | 13 +++++++++++++ home/tridactylrc | 31 +++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+) create mode 100644 home/firefox.nix create mode 100644 home/tridactyl.nix create mode 100644 home/tridactylrc diff --git a/home/default.nix b/home/default.nix index d914eb7..75a2ac4 100644 --- a/home/default.nix +++ b/home/default.nix @@ -5,6 +5,7 @@ ./bat.nix ./emacs.nix ./env.nix + ./firefox.nix ./fish ./flameshot.nix ./git.nix @@ -14,6 +15,7 @@ ./ssh.nix ./themes ./tmux.nix + ./tridactyl.nix ./x ]; diff --git a/home/firefox.nix b/home/firefox.nix new file mode 100644 index 0000000..15a40ad --- /dev/null +++ b/home/firefox.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.firefox; +in +{ + options.my.home.firefox = with lib; { + enable = (mkEnableOption "firefox config") // { default = config.my.home.x.enable; }; + }; + + config = lib.mkIf cfg.enable { + programs.firefox = { + enable = true; + package = pkgs.unstable.firefox.override { + cfg = { + enableTridactylNative = true; + }; + }; + }; + }; +} diff --git a/home/tridactyl.nix b/home/tridactyl.nix new file mode 100644 index 0000000..b179812 --- /dev/null +++ b/home/tridactyl.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + cfg = config.my.home.tridactyl; +in +{ + options.my.home.tridactyl = with lib; { + enable = (mkEnableOption "tridactyl code display tool") // { default = config.my.home.firefox.enable; }; + }; + + config = lib.mkIf cfg.enable { + xdg.configFile."tridactyl/tridactylrc".source = ./tridactylrc; + }; +} diff --git a/home/tridactylrc b/home/tridactylrc new file mode 100644 index 0000000..2b756e3 --- /dev/null +++ b/home/tridactylrc @@ -0,0 +1,31 @@ +" This wipes all existing settings. This means that if a setting in this file is +" removed, then it will return to default. In other words, this file serves as +" as an enforced single point of truth for Tridactyl's configuration. +sanitize tridactyllocal tridactylsync + +" Ctrl-F should use the browser's native 'find' functionality. +unbind + +" Tridactyl has an incomplete find mode +bind / fillcmdline find +bind ? fillcmdline find -? +bind n findnext 1 +bind N findnext -1 +bind , nohlsearch + +" case insensitive if lowercase, case sensitive if using some uppercase letters +set findcase smart + +" New reddit is bad +autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") + +" Orange site / Reddit / Lobste.rs specific hints to toggle comments +bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"] + +" Use emacs as editor +set editorcmd emacsclient -c + +" copy all the things +set yankto both + +blacklistadd netflix.com From ba1e18165b2870780720fbaec822d9150f7729c9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 12:19:31 +0200 Subject: [PATCH 093/904] home: tmux: enable by default --- home/tmux.nix | 2 +- hosts/boreal/home.nix | 1 - hosts/poseidon/home.nix | 1 - hosts/zephyrus/home.nix | 1 - 4 files changed, 1 insertion(+), 4 deletions(-) diff --git a/home/tmux.nix b/home/tmux.nix index 20da71a..cff3070 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -4,7 +4,7 @@ let in { options.my.home.tmux = with lib; { - enable = mkEnableOption "tmux dotfiles"; + enable = (mkEnableOption "tmux dotfiles") // { default = true; }; }; config = lib.mkIf cfg.enable { diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index e1e5417..fee30cf 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -8,7 +8,6 @@ my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; - my.home.tmux.enable = true; my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; diff --git a/hosts/poseidon/home.nix b/hosts/poseidon/home.nix index 8ec0d80..75aafe9 100644 --- a/hosts/poseidon/home.nix +++ b/hosts/poseidon/home.nix @@ -1,7 +1,6 @@ { config, ... }: { home-manager.users.alarsyo = { - my.home.tmux.enable = true; my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 59dc44b..d1fd8ed 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -10,7 +10,6 @@ my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; - my.home.tmux.enable = true; my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From 1d75c36f9e1e95253f4302647de0eabed4fae30d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 12:20:30 +0200 Subject: [PATCH 094/904] home: fish: enable by default --- home/fish/default.nix | 2 +- hosts/boreal/home.nix | 1 - hosts/poseidon/home.nix | 1 - hosts/zephyrus/home.nix | 1 - 4 files changed, 1 insertion(+), 4 deletions(-) diff --git a/home/fish/default.nix b/home/fish/default.nix index 88104e8..9175f57 100644 --- a/home/fish/default.nix +++ b/home/fish/default.nix @@ -3,7 +3,7 @@ let cfg = config.my.home.fish; in { - options.my.home.fish.enable = lib.mkEnableOption "Fish shell"; + options.my.home.fish.enable = (lib.mkEnableOption "Fish shell") // { default = true; }; config = lib.mkIf cfg.enable { programs.fish = { diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index fee30cf..06d4c33 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -8,7 +8,6 @@ my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; - my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; diff --git a/hosts/poseidon/home.nix b/hosts/poseidon/home.nix index 75aafe9..acdd4fd 100644 --- a/hosts/poseidon/home.nix +++ b/hosts/poseidon/home.nix @@ -1,7 +1,6 @@ { config, ... }: { home-manager.users.alarsyo = { - my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index d1fd8ed..fbb2013 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -10,7 +10,6 @@ my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; - my.home.fish.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From afd5444a88658bdf7fe1b24bb0d5eeccc6dc9357 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 12:22:46 +0200 Subject: [PATCH 095/904] home: x: cursor: enable by default --- home/x/cursor.nix | 2 +- hosts/boreal/home.nix | 1 - hosts/zephyrus/home.nix | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/home/x/cursor.nix b/home/x/cursor.nix index 0b69d47..76226b4 100644 --- a/home/x/cursor.nix +++ b/home/x/cursor.nix @@ -3,7 +3,7 @@ let cfg = config.my.home.x.cursor; in { - options.my.home.x.cursor.enable = lib.mkEnableOption "X cursor"; + options.my.home.x.cursor.enable = (lib.mkEnableOption "X cursor") // { default = config.my.home.x.enable; }; config = lib.mkIf cfg.enable { xsession.pointerCursor = { diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 06d4c33..68ef790 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -5,7 +5,6 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = [ "Tccd1" ]; - my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index fbb2013..0af58ba 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -7,7 +7,6 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; - my.home.x.cursor.enable = true; my.home.alacritty.enable = true; my.home.emacs.enable = true; From 13d01da571a67cb902611403b0b83b332a1aa313 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Jul 2021 12:24:01 +0200 Subject: [PATCH 096/904] home: alacritty: enable by default --- home/alacritty.nix | 2 +- hosts/boreal/home.nix | 1 - hosts/zephyrus/home.nix | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/home/alacritty.nix b/home/alacritty.nix index a269a61..44f08cb 100644 --- a/home/alacritty.nix +++ b/home/alacritty.nix @@ -4,7 +4,7 @@ let alacrittyTheme = config.my.theme.alacrittyTheme; in { - options.my.home.alacritty.enable = lib.mkEnableOption "Alacritty terminal"; + options.my.home.alacritty.enable = (lib.mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; }; config = lib.mkIf cfg.enable { programs.alacritty = { diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 68ef790..0b2e791 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -5,7 +5,6 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = [ "Tccd1" ]; - my.home.alacritty.enable = true; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 0af58ba..648788d 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -7,7 +7,6 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; - my.home.alacritty.enable = true; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From 8067ee090dc91aec53a3bb3d09b880bb32bf9901 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 30 Jul 2021 12:55:51 +0200 Subject: [PATCH 097/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/0fce209cb26c7f56090406058065081a3cddc76a' -> 'github:nix-community/emacs-overlay/d65cce02712eedb9922cc9341c3936920089c886' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/382039c05a16827a7f0731183e862366b66b422f' -> 'github:NixOS/nixpkgs/2262d7863a6af007274a698367484bf4903a3299' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0efb458bc1d1c5d4f36e55ae3c513d5dec615d46' -> 'github:NixOS/nixpkgs/d0044b0e7d531a7a28d4552582b98e8b3953c6cb' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 7f112ac..0b3b8ce 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1627479923, - "narHash": "sha256-+a9mSSyGSWnx/iC5J8Q9E3VlgUvvTDLI5NU14W6L/+A=", + "lastModified": 1627633896, + "narHash": "sha256-5qROuqi7O8v/jkr+DiJgPAN/sY8REsbyz6bMTvHGNcs=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "0fce209cb26c7f56090406058065081a3cddc76a", + "rev": "d65cce02712eedb9922cc9341c3936920089c886", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627460592, - "narHash": "sha256-jdJqJi9DSPiGOY9xlZSi0ufDJpS6ezvDdx8AQq5VuyI=", + "lastModified": 1627528535, + "narHash": "sha256-+E0LxCLav1GmbQbqwCKP39DRMn6NeEq00drC8udnYIY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "382039c05a16827a7f0731183e862366b66b422f", + "rev": "2262d7863a6af007274a698367484bf4903a3299", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1627427471, - "narHash": "sha256-8qEEPkr9BVSM+ce4Qs2dL3O4ooZkVxF7Ow2WxB9w6Es=", + "lastModified": 1627519362, + "narHash": "sha256-ZtnrlzTqWZlfJsGMwmf0HaFazN7FxsJ3wWJDIikKbwc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0efb458bc1d1c5d4f36e55ae3c513d5dec615d46", + "rev": "d0044b0e7d531a7a28d4552582b98e8b3953c6cb", "type": "github" }, "original": { From 6265f4b95b7522090abda22d779834a8b2d6d6cd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 30 Jul 2021 23:34:06 +0200 Subject: [PATCH 098/904] home: i3: add shortcuts for brightness fine tuning --- home/x/i3.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index 20fdeb7..8daed9b 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -89,6 +89,8 @@ in "XF86MonBrightnessDown" = "exec --no-startup-id light -U 5"; "XF86MonBrightnessUp" = "exec --no-startup-id light -A 5"; + "${modifier}+XF86MonBrightnessDown" = "exec --no-startup-id light -U 0.1"; + "${modifier}+XF86MonBrightnessUp" = "exec --no-startup-id light -A 0.1"; "${modifier}+l" = "exec --no-startup-id betterlockscreen --lock"; "${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run"; From 71c395ab6946507902e3a833941d65ea4bfd383e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Aug 2021 13:24:44 +0200 Subject: [PATCH 099/904] boreal: pin kernel to 5.12 nvidia driver is broken on 5.13: https://github.com/NixOS/nixpkgs/issues/129233 Fixed on unstable only --- hosts/boreal/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index c59aceb..f34bf27 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -14,7 +14,7 @@ in ./home.nix ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_5_12; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From 286e3ceff21a5f3f589eb736fc77e61ad1a29845 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Aug 2021 13:33:21 +0200 Subject: [PATCH 100/904] home: ssh: add lrde proxyjump settings --- home/ssh.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/home/ssh.nix b/home/ssh.nix index 6c98ce2..e7a5532 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -15,6 +15,15 @@ in poseidon = { hostname = "poseidon.alarsyo.net"; }; + + "*.lrde.epita.fr" = { + user = "amartin"; + }; + + lrde-proxyjump = { + host = "*.lrde.epita.fr !ssh.lrde.epita.fr"; + proxyJump = "ssh.lrde.epita.fr"; + }; }; }; }; From f45f80b1bc4ef8ed8ef9c0aa84396db7b64f57cc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 Aug 2021 13:18:42 +0200 Subject: [PATCH 101/904] home: git: fix conditional includes --- home/git.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/git.nix b/home/git.nix index d8428b6..9122e2a 100644 --- a/home/git.nix +++ b/home/git.nix @@ -30,15 +30,15 @@ in includes = [ { - condition = "gitdir:~/work/lrde"; + condition = "gitdir:~/work/lrde/"; contents = { user = { email = "amartin@lrde.epita.fr"; }; }; } { - condition = "gitdir:~/work/prologin"; + condition = "gitdir:~/work/prologin/"; contents = { user = { email = "antoine.martin@prologin.org"; }; }; } { - condition = "gitdir:~/work/epita"; + condition = "gitdir:~/work/epita/"; contents = { user = { email = "antoine4.martin@epita.fr"; }; }; } ]; From 38672b1a5f43cd93ee403b096c5bb47814a9c5cc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 Aug 2021 13:48:55 +0200 Subject: [PATCH 102/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/d65cce02712eedb9922cc9341c3936920089c886' -> 'github:nix-community/emacs-overlay/3378b6cd8b52f636e4d3cb1b4479f537c434e782' * Updated 'home-manager': 'github:nix-community/home-manager/9c0abed5228d54aad120b4bc757b6f5935aeda1c' -> 'github:nix-community/home-manager/b39647e52ed3c0b989e9d5c965e598ae4c38d7ef' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/2262d7863a6af007274a698367484bf4903a3299' -> 'github:NixOS/nixpkgs/d4590d21006387dcb190c516724cb1e41c0f8fdf' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d0044b0e7d531a7a28d4552582b98e8b3953c6cb' -> 'github:NixOS/nixpkgs/c464dc811babfe316ed4ab7bbc12351122e69dd7' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0b3b8ce..a1c5ea1 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1627633896, - "narHash": "sha256-5qROuqi7O8v/jkr+DiJgPAN/sY8REsbyz6bMTvHGNcs=", + "lastModified": 1627987136, + "narHash": "sha256-HJQt214Okr6+/CRzV77cj+xXnH/kRvyx4O0cpjqLmFI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d65cce02712eedb9922cc9341c3936920089c886", + "rev": "3378b6cd8b52f636e4d3cb1b4479f537c434e782", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1627158444, - "narHash": "sha256-+C0SqhyQQplhcmWl681ODGNWUng8Wp1yvC/MdI1Q7hY=", + "lastModified": 1627649712, + "narHash": "sha256-AJBasvMKpsyJmCLdjroBElCHY5AlalbVy+XY5vjbgXc=", "owner": "nix-community", "repo": "home-manager", - "rev": "9c0abed5228d54aad120b4bc757b6f5935aeda1c", + "rev": "b39647e52ed3c0b989e9d5c965e598ae4c38d7ef", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627528535, - "narHash": "sha256-+E0LxCLav1GmbQbqwCKP39DRMn6NeEq00drC8udnYIY=", + "lastModified": 1627892869, + "narHash": "sha256-Fg0KPi9oGTZ7Ju7rb8foq0GOZI3++ZaF6wf10ClMA58=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2262d7863a6af007274a698367484bf4903a3299", + "rev": "d4590d21006387dcb190c516724cb1e41c0f8fdf", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1627519362, - "narHash": "sha256-ZtnrlzTqWZlfJsGMwmf0HaFazN7FxsJ3wWJDIikKbwc=", + "lastModified": 1627942574, + "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0044b0e7d531a7a28d4552582b98e8b3953c6cb", + "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", "type": "github" }, "original": { From bd5aa2cef59d1deefabb5709d98f4fb81cc3f1f7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 7 Aug 2021 15:19:45 +0200 Subject: [PATCH 103/904] services: setup fava service --- hosts/poseidon/default.nix | 6 +++ services/default.nix | 1 + services/fava.nix | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 services/fava.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index c96fc35..e45b02a 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -75,6 +75,12 @@ in enable = true; }; + fava = { + enable = true; + port = 8084; + filePath = "accounts/current.beancount"; + }; + gitea = { enable = true; privatePort = 8082; diff --git a/services/default.nix b/services/default.nix index 79b72f4..2904314 100644 --- a/services/default.nix +++ b/services/default.nix @@ -5,6 +5,7 @@ ./bitwarden_rs.nix ./borg-backup.nix ./fail2ban.nix + ./fava.nix ./gitea ./jellyfin.nix ./lohr.nix diff --git a/services/fava.nix b/services/fava.nix new file mode 100644 index 0000000..16e7b5a --- /dev/null +++ b/services/fava.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.fava; + my = config.my; + domain = config.networking.domain; + secrets = config.my.secrets; +in +{ + options.my.services.fava = { + enable = lib.mkEnableOption "Fava"; + + home = mkOption { + type = types.str; + default = "/var/lib/fava"; + example = "/var/lib/fava"; + description = "Home for the fava service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 8080; + example = 8080; + description = "Internal port for Fava"; + }; + + filePath = mkOption { + type = types.str; + example = "my_dir/money.beancount"; + description = "File to load in Fava"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.fava = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Environment = []; + ExecStart = "${pkgs.unstable.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.filePath}"; + WorkingDirectory = cfg.home; + User = "fava"; + Group = "fava"; + }; + path = with pkgs; []; + }; + + users.users.fava = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "fava"; + }; + users.groups.fava = { }; + + services.nginx.virtualHosts = { + "fava.${domain}" = { + forceSSL = true; + useACMEHost = domain; + + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.80.61.67"; + port = 443; + ssl = true; + } + { + addr = "100.80.61.67"; + port = 80; + ssl = false; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + }; + }; +} From 38708d154cee6272fe6c46ffb1acb2632828825d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 7 Aug 2021 21:21:12 +0200 Subject: [PATCH 104/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/3378b6cd8b52f636e4d3cb1b4479f537c434e782' -> 'github:nix-community/emacs-overlay/cd04543c0155979dc019213a434e71734455e903' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/d4590d21006387dcb190c516724cb1e41c0f8fdf' -> 'github:NixOS/nixpkgs/733682c32929293341f113f297b64ea6319e9089' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c464dc811babfe316ed4ab7bbc12351122e69dd7' -> 'github:NixOS/nixpkgs/67c80531be622641b5b2ccc3a7aff355cb02476b' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index a1c5ea1..324ccec 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1627987136, - "narHash": "sha256-HJQt214Okr6+/CRzV77cj+xXnH/kRvyx4O0cpjqLmFI=", + "lastModified": 1628356768, + "narHash": "sha256-MYnHBDAH1pF3jCvsnxjfECD2PP0t1ODVFH6SnzIc2FQ=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "3378b6cd8b52f636e4d3cb1b4479f537c434e782", + "rev": "cd04543c0155979dc019213a434e71734455e903", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627892869, - "narHash": "sha256-Fg0KPi9oGTZ7Ju7rb8foq0GOZI3++ZaF6wf10ClMA58=", + "lastModified": 1628186972, + "narHash": "sha256-wWXlIQdZq/EtlBAGFJ62YHYEnJclxCuUOUGnrQqJ3zg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d4590d21006387dcb190c516724cb1e41c0f8fdf", + "rev": "733682c32929293341f113f297b64ea6319e9089", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1627942574, - "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", + "lastModified": 1628320020, + "narHash": "sha256-4xBEb+TOHyIGpK37EVsZx6dGPwNMf5YWNBJaQ4VyZws=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "rev": "67c80531be622641b5b2ccc3a7aff355cb02476b", "type": "github" }, "original": { From 1a0f0da28d7aefc560734006a54fd336ba9e1797 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 8 Aug 2021 00:08:20 +0200 Subject: [PATCH 105/904] base: use stable element-desktop some problems with libX11 / glibc version prevent the unstable version from opening links and other stuff, so let's roll that back --- base/gui-programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 7157273..4406a27 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + element-desktop feh gimp gnome.nautilus @@ -12,7 +13,6 @@ unstable.discord unstable.firefox - unstable.element-desktop unstable.slack unstable.spotify unstable.tdesktop From a763e0549f4a8db7f03c591833c2745aae840013 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 Aug 2021 19:34:23 +0200 Subject: [PATCH 106/904] services: setup restic backups service --- hosts/poseidon/default.nix | 4 +- secrets/default.nix | 1 + secrets/restic-backup/default.nix | 4 + secrets/restic-backup/poseidon-repo.secret | Bin 0 -> 41 bytes services/default.nix | 1 + services/restic-backup.nix | 83 +++++++++++++++++++++ 6 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 secrets/restic-backup/default.nix create mode 100644 secrets/restic-backup/poseidon-repo.secret create mode 100644 services/restic-backup.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index e45b02a..46840ba 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -66,9 +66,9 @@ in websocketPort = 3012; }; - borg-backup = { + restic-backup = { enable = true; - repo = secrets.borg-backup.poseidon-repo; + repo = secrets.restic-backup.poseidon-repo; }; fail2ban = { diff --git a/secrets/default.nix b/secrets/default.nix index 547eb06..59c9049 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -17,6 +17,7 @@ with lib; gandiKey = lib.fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; + restic-backup = import ./restic-backup { inherit lib; }; matrixEmailConfig = import ./matrix-email-config.nix; }; diff --git a/secrets/restic-backup/default.nix b/secrets/restic-backup/default.nix new file mode 100644 index 0000000..1d6b630 --- /dev/null +++ b/secrets/restic-backup/default.nix @@ -0,0 +1,4 @@ +{ lib }: +{ + poseidon-repo = lib.fileContents ./poseidon-repo.secret; +} diff --git a/secrets/restic-backup/poseidon-repo.secret b/secrets/restic-backup/poseidon-repo.secret new file mode 100644 index 0000000000000000000000000000000000000000..db082cf2c1ff6419a2e6c357dc10e42f7f8b7d38 GIT binary patch literal 41 xcmZQ@_Y83kiVO&0XiwF?^k1TW<5}l(-m<>pw|%|azb^YAsr!DnJ Date: Mon, 9 Aug 2021 20:01:33 +0200 Subject: [PATCH 107/904] services: backup postgres to restic --- services/postgresql-backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/postgresql-backup.nix b/services/postgresql-backup.nix index e8c5381..94a60ef 100644 --- a/services/postgresql-backup.nix +++ b/services/postgresql-backup.nix @@ -12,11 +12,11 @@ in { config = mkIf cfg.enable { services.postgresqlBackup = { enable = true; - # Borg backup starts at midnight so create DB dump just before + # Restic backup starts at midnight so create DB dump just before startAt = "*-*-* 23:30:00"; }; - my.services.borg-backup = mkIf cfg.enable { + my.services.restic-backup = mkIf cfg.enable { paths = [ "/var/backup/postgresql" ]; # no need to store previously backed up files, as borg does the snapshoting From e9c0d157f13ece0e6f946561ceca89e17ab9a367 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 Aug 2021 20:14:09 +0200 Subject: [PATCH 108/904] services: restic: make it verbose --- services/restic-backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/restic-backup.nix b/services/restic-backup.nix index 701cd97..ccbe44e 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -70,7 +70,7 @@ in { passwordFile = "/root/restic/password"; s3CredentialsFile = "/root/restic/creds"; - extraBackupArgs = [ ] + extraBackupArgs = [ "--verbose=2" ] ++ optional (builtins.length cfg.exclude != 0) excludeArg; timerConfig = { From b00faf77bb64957d58faf3ed0e492983f98e80d0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 Aug 2021 20:19:27 +0200 Subject: [PATCH 109/904] services: move to restic for everything --- services/bitwarden_rs.nix | 2 +- services/gitea/default.nix | 4 ++-- services/matrix.nix | 2 +- services/nextcloud.nix | 2 +- services/paperless.nix | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/services/bitwarden_rs.nix b/services/bitwarden_rs.nix index 27ea5a2..e57ee2c 100644 --- a/services/bitwarden_rs.nix +++ b/services/bitwarden_rs.nix @@ -85,7 +85,7 @@ in { bitwarden_rs-vault ]; - my.services.borg-backup = mkIf cfg.enable { + my.services.restic-backup = mkIf cfg.enable { paths = [ "/var/lib/bitwarden_rs" ]; exclude = [ "/var/lib/bitwarden_rs/icon_cache" ]; }; diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 8997664..fc6b501 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -61,7 +61,7 @@ in { }; # NixOS module uses `gitea dump` to backup repositories and the database, - # but it produces a single .zip file that's not very borg-backup friendly. + # but it produces a single .zip file that's not very restic friendly. # I configure my backup system manually below. dump.enable = false; @@ -76,7 +76,7 @@ in { # gitea, so it may produce corrupt files in the snapshot if I push stuff # around midnight. I'm not sure how `gitea dump` handles this either, # though. - my.services.borg-backup = { + my.services.restic-backup = { paths = [ config.services.gitea.lfs.contentDir config.services.gitea.repositoryRoot diff --git a/services/matrix.nix b/services/matrix.nix index c4e55ef..dea5a4c 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -280,7 +280,7 @@ in { federationPort.public ]; - my.services.borg-backup = let + my.services.restic-backup = let dataDir = config.services.matrix-synapse.dataDir; in mkIf cfg.enable { paths = [ dataDir ]; diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 8cbd3cd..533e16e 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -71,7 +71,7 @@ in }; }; - my.services.borg-backup = let + my.services.restic-backup = let nextcloudHome = config.services.nextcloud.home; in lib.mkIf cfg.enable { paths = [ nextcloudHome ]; diff --git a/services/paperless.nix b/services/paperless.nix index adebc51..5a970b4 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -54,7 +54,7 @@ in }; }; - my.services.borg-backup = mkIf cfg.enable { + my.services.restic-backup = mkIf cfg.enable { paths = [ "/var/lib/docker/volumes/paperless_data" "/var/lib/docker/volumes/paperless_media" From e8ea4c8b5fe34773484996bdec2003b8b0c435b4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 Aug 2021 21:09:32 +0200 Subject: [PATCH 110/904] services: nextcloud: regex don't work with restic --- services/nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 533e16e..d6f4ab1 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -77,9 +77,9 @@ in paths = [ nextcloudHome ]; exclude = [ # borg can fail if *.part files disappear during backup - "re:^${nextcloudHome}/data/[^/]+/uploads" + "${nextcloudHome}/data/*/uploads" # image previews can take up a lot of space - "re:^${nextcloudHome}/data/appdata_[^/]+/preview" + "${nextcloudHome}/data/appdata_*/preview" ]; }; }; From 1b7c4d40c6812fd7c4c856d96386a3b755f5f012 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Aug 2021 00:33:19 +0200 Subject: [PATCH 111/904] services: nextcloud: ignore heavy files --- services/nextcloud.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index d6f4ab1..bca8710 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -80,6 +80,8 @@ in "${nextcloudHome}/data/*/uploads" # image previews can take up a lot of space "${nextcloudHome}/data/appdata_*/preview" + # specific account for huge files I don't care about losing + "${nextcloudHome}/data/misc" ]; }; }; From 64c53c243d7ca6c72341697f9f4a6594953a5fa2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Aug 2021 02:48:21 +0200 Subject: [PATCH 112/904] home: i3bar: display network throughput --- home/x/i3bar.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index afa170e..42fc426 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -16,6 +16,12 @@ in example = ["Core 0" "Core 1" "Core 2" "Core 3"]; default = ""; }; + + networking.throughput_interfaces = mkOption { + type = types.listOf types.str; + example = [ "wlp1s0" ]; + default = [ ]; + }; }; config = lib.mkIf isEnabled { @@ -73,6 +79,18 @@ in chip = cfg.temperature.chip; inputs = cfg.temperature.inputs; } + ] ++ (lib.lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) + (map + (interface: + { + block = "net"; + device = interface; + interval = 1; + hide_inactive = true; + }) + + cfg.networking.throughput_interfaces) + ) ++ [ { block = "networkmanager"; primary_only = true; From f037e14e009a2fa199f207d361af47eff7010166 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Aug 2021 02:48:46 +0200 Subject: [PATCH 113/904] boreal: add throughput interfaces --- hosts/boreal/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 0b2e791..d80f927 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -5,6 +5,7 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = [ "Tccd1" ]; + my.home.x.i3bar.networking.throughput_interfaces = [ "enp8s0" "wlp4s0" ]; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From b5ce0fca2c21dff027efeb6f8edd3ebf2541f36c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Aug 2021 02:51:46 +0200 Subject: [PATCH 114/904] zephyrus: add throughput interfaces --- hosts/zephyrus/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 648788d..0077f1b 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -7,6 +7,7 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; + my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" ]; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From e950ba89710f0ba146e9af22aa76343edf141811 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Aug 2021 14:59:56 +0200 Subject: [PATCH 115/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/cd04543c0155979dc019213a434e71734455e903' -> 'github:nix-community/emacs-overlay/ac7350563d9d8c6bb0eb4bda9a2a1c0ce9ad526c' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/733682c32929293341f113f297b64ea6319e9089' -> 'github:NixOS/nixpkgs/927ce1afc1db40869a463a37ea2738c27d425f80' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/67c80531be622641b5b2ccc3a7aff355cb02476b' -> 'github:NixOS/nixpkgs/911b8a569cd44d3e3f2e8c39f5e1162506e7941c' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 324ccec..e24e394 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1628356768, - "narHash": "sha256-MYnHBDAH1pF3jCvsnxjfECD2PP0t1ODVFH6SnzIc2FQ=", + "lastModified": 1628760643, + "narHash": "sha256-D6N5mxByAJWb/zIxhcDKcnzQdVcDN0Mk4wI/oO5Ct+c=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "cd04543c0155979dc019213a434e71734455e903", + "rev": "ac7350563d9d8c6bb0eb4bda9a2a1c0ce9ad526c", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1628186972, - "narHash": "sha256-wWXlIQdZq/EtlBAGFJ62YHYEnJclxCuUOUGnrQqJ3zg=", + "lastModified": 1628696776, + "narHash": "sha256-K8+/IQNZDZltIu/KSf+Tz01OwNzTGgTch0ktMOWcxLg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "733682c32929293341f113f297b64ea6319e9089", + "rev": "927ce1afc1db40869a463a37ea2738c27d425f80", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1628320020, - "narHash": "sha256-4xBEb+TOHyIGpK37EVsZx6dGPwNMf5YWNBJaQ4VyZws=", + "lastModified": 1628681740, + "narHash": "sha256-0YN5ObEBBZoCrDeJ7gY4L0NaQPl1gkcJH2HoQ+5yc/U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67c80531be622641b5b2ccc3a7aff355cb02476b", + "rev": "911b8a569cd44d3e3f2e8c39f5e1162506e7941c", "type": "github" }, "original": { From b03806095efca954bfd862f17715013816e51379 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Aug 2021 18:39:20 +0200 Subject: [PATCH 116/904] boreal: simplify backup exclude path --- hosts/boreal/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index f34bf27..96e7bd8 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -76,7 +76,7 @@ in "*.so" # ignore all dotfiles as .config and .cache can become quite big - "re:^/home/alarsyo/\\." + "/home/alarsyo/.*" ]; }; From be0a55debfbb942df1ec0629aa5772aa03ef8e64 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Aug 2021 18:44:01 +0200 Subject: [PATCH 117/904] Revert "boreal: pin kernel to 5.12" This reverts commit 71c395ab6946507902e3a833941d65ea4bfd383e. NVIDIA driver is now updated to v470 in NixOS stable as well --- hosts/boreal/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 96e7bd8..5b239c0 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -14,7 +14,7 @@ in ./home.nix ]; - boot.kernelPackages = pkgs.linuxPackages_5_12; + boot.kernelPackages = pkgs.linuxPackages_latest; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From ebf08cd0ce615fbf3aeb355a917d8143e0858cb9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 19 Aug 2021 11:47:00 +0200 Subject: [PATCH 118/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/ac7350563d9d8c6bb0eb4bda9a2a1c0ce9ad526c' -> 'github:nix-community/emacs-overlay/43a27b143c8f0d25d7ec008d6040e86b75dd016e' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/927ce1afc1db40869a463a37ea2738c27d425f80' -> 'github:NixOS/nixpkgs/7bbca9877caed472c6b5866ea09302cfcdce3dbf' * Updated 'nixpkgs-unstable': 'github:NixOS/nixpkgs/911b8a569cd44d3e3f2e8c39f5e1162506e7941c' -> 'github:NixOS/nixpkgs/7c38b03f742a657bf38e9579adeb608fc7cc5f1a' --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e24e394..106c85c 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1628760643, - "narHash": "sha256-D6N5mxByAJWb/zIxhcDKcnzQdVcDN0Mk4wI/oO5Ct+c=", + "lastModified": 1629365267, + "narHash": "sha256-elShloulonGXs9grll3PHBtYFcvGEtEu/ocpKvw+jBM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "ac7350563d9d8c6bb0eb4bda9a2a1c0ce9ad526c", + "rev": "43a27b143c8f0d25d7ec008d6040e86b75dd016e", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1628696776, - "narHash": "sha256-K8+/IQNZDZltIu/KSf+Tz01OwNzTGgTch0ktMOWcxLg=", + "lastModified": 1629271619, + "narHash": "sha256-by9D3OkEKk4rOzJIMbC0uP2wP3Bt81auP5xmbmPg2a8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "927ce1afc1db40869a463a37ea2738c27d425f80", + "rev": "7bbca9877caed472c6b5866ea09302cfcdce3dbf", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1628681740, - "narHash": "sha256-0YN5ObEBBZoCrDeJ7gY4L0NaQPl1gkcJH2HoQ+5yc/U=", + "lastModified": 1629318195, + "narHash": "sha256-mFqoLruMu3poN6pkbegevDcGYwMVjoiyAexL+KE7DBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "911b8a569cd44d3e3f2e8c39f5e1162506e7941c", + "rev": "7c38b03f742a657bf38e9579adeb608fc7cc5f1a", "type": "github" }, "original": { From 12c60e9d2e18065098354729d289fee34c667bb5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 19 Aug 2021 21:30:09 +0200 Subject: [PATCH 119/904] services: postgresql: upgraded to v13 --- services/postgresql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/postgresql.nix b/services/postgresql.nix index a6d1f05..742f0f2 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -2,6 +2,6 @@ { # set postgresql version so we don't get any bad surprise config.services.postgresql = { - package = pkgs.postgresql_12; + package = pkgs.postgresql_13; }; } From bdd074862031dbc9adb4be7673f7ca8d8064a2e3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 19 Aug 2021 23:34:41 +0200 Subject: [PATCH 120/904] flake: switch back entire config to unstable Mixing stable and unstable brought me weird problems, so I'm switching back to unstable entirely until it breaks hard enough to convince me to go back to stable. :) --- base/gui-programs.nix | 10 +++++----- flake.lock | 18 +++++++++--------- flake.nix | 14 +++----------- home/firefox.nix | 2 +- hosts/boreal/home.nix | 4 ++-- hosts/zephyrus/home.nix | 4 ++-- services/fava.nix | 2 +- services/tailscale.nix | 7 +------ 8 files changed, 24 insertions(+), 37 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 4406a27..bf71c5d 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -3,20 +3,20 @@ environment.systemPackages = with pkgs; [ element-desktop feh + firefox gimp gnome.nautilus imagemagick mpv pavucontrol + slack + spotify + tdesktop + teams thunderbird zathura unstable.discord - unstable.firefox - unstable.slack - unstable.spotify - unstable.tdesktop - unstable.teams ]; networking.networkmanager.enable = true; diff --git a/flake.lock b/flake.lock index 106c85c..19a1924 100644 --- a/flake.lock +++ b/flake.lock @@ -71,27 +71,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1629271619, - "narHash": "sha256-by9D3OkEKk4rOzJIMbC0uP2wP3Bt81auP5xmbmPg2a8=", + "lastModified": 1629292755, + "narHash": "sha256-5xMo32NVLnloY9DveqwJO/Cab1+PbTMPqU4WMmawX5M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7bbca9877caed472c6b5866ea09302cfcdce3dbf", + "rev": "253aecf69ed7595aaefabde779aa6449195bebb7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-21.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-unstable-small": { "locked": { - "lastModified": 1629318195, - "narHash": "sha256-mFqoLruMu3poN6pkbegevDcGYwMVjoiyAexL+KE7DBg=", + "lastModified": 1629379651, + "narHash": "sha256-k4WWTLqz3tYvCCVt9ANm3Ac7qR/qXi1Uk6Xf9RXO8VM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7c38b03f742a657bf38e9579adeb608fc7cc5f1a", + "rev": "14b0f20fa1f56438b74100513c9b1f7c072cf789", "type": "github" }, "original": { @@ -108,7 +108,7 @@ "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } }, diff --git a/flake.nix b/flake.nix index c47d331..7e11a13 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-21.05"; + ref = "nixos-unstable"; }; - nixpkgs-unstable = { + nixpkgs-unstable-small = { type = "github"; owner = "NixOS"; repo = "nixpkgs"; @@ -63,7 +63,7 @@ packages = import ./pkgs { pkgs = super; }; # packages accessible through pkgs.unstable.package - unstable = import inputs.nixpkgs-unstable { + unstable = import inputs.nixpkgs-unstable-small { inherit system; config.allowUnfree = true; }; @@ -110,10 +110,6 @@ nixpkgs.overlays = [ inputs.emacs-overlay.overlay - (self: super: { - steam = self.unstable.steam; - }) - # uncomment this to build everything from scratch, fun but takes a # while # @@ -140,10 +136,6 @@ { nixpkgs.overlays = [ inputs.emacs-overlay.overlay - - (self: super: { - steam = self.unstable.steam; - }) ] ++ shared_overlays; } ]; diff --git a/home/firefox.nix b/home/firefox.nix index 15a40ad..6bfe377 100644 --- a/home/firefox.nix +++ b/home/firefox.nix @@ -10,7 +10,7 @@ in config = lib.mkIf cfg.enable { programs.firefox = { enable = true; - package = pkgs.unstable.firefox.override { + package = pkgs.firefox.override { cfg = { enableTridactylNative = true; }; diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index d80f927..4eba48c 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -19,8 +19,8 @@ # dev rustup - unstable.beancount - unstable.fava + beancount + fava # keyboard goodness chrysalis diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 0077f1b..d53c5b2 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -21,8 +21,8 @@ # dev rustup - unstable.beancount - unstable.fava + beancount + fava ]; }; } diff --git a/services/fava.nix b/services/fava.nix index 16e7b5a..48ea530 100644 --- a/services/fava.nix +++ b/services/fava.nix @@ -38,7 +38,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { Environment = []; - ExecStart = "${pkgs.unstable.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.filePath}"; + ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.filePath}"; WorkingDirectory = cfg.home; User = "fava"; Group = "fava"; diff --git a/services/tailscale.nix b/services/tailscale.nix index cb239df..d97af62 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -16,12 +16,7 @@ in config = mkIf cfg.enable { services.tailscale = { enable = true; - package = pkgs.unstable.tailscale; - }; - - # FIXME: remove when upgrading to 21.11, added to module by default - systemd.services.tailscaled = { - path = [ pkgs.procps ]; + package = pkgs.tailscale; }; networking.firewall = { From f52e42681774fa0e82e129882969d83e1fb690d2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 00:08:40 +0200 Subject: [PATCH 121/904] zephyrus: install spot as well Easier to do now that it's cached! --- hosts/zephyrus/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index d53c5b2..879f735 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -23,6 +23,8 @@ beancount fava + + packages.spot ]; }; } From 8f1eb162b9bd6b3d66912f0c5e24d9006c034504 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 19 Aug 2021 23:36:35 +0200 Subject: [PATCH 122/904] ci: setup cachix for flake package outputs --- .github/workflows/build-flake-packages.sh | 14 ++++++++++++++ .github/workflows/cachix.yaml | 23 +++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100755 .github/workflows/build-flake-packages.sh create mode 100644 .github/workflows/cachix.yaml diff --git a/.github/workflows/build-flake-packages.sh b/.github/workflows/build-flake-packages.sh new file mode 100755 index 0000000..9f387c8 --- /dev/null +++ b/.github/workflows/build-flake-packages.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -xe + +PACKAGES=$(nix flake show \ + | grep ': package' \ + | sed 's/\x1b\[[0-9;]*m//g' \ + | sed -E 's/^.*───([A-Za-z/"-]+):.*$/\1/' \ + | sort \ + | uniq) + +for package in $PACKAGES; do + nix build --verbose .#$package +done diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml new file mode 100644 index 0000000..7a47d30 --- /dev/null +++ b/.github/workflows/cachix.yaml @@ -0,0 +1,23 @@ +name: "Build packages for cachix" +on: + push: + paths: + - 'pkgs/**' + - 'flake.nix' + - 'flake.lock' +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v13 + with: + install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install + install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve' + extra_nix_config: | + experimental-features = nix-command flakes + - uses: cachix/cachix-action@v10 + with: + name: alarsyo + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: .github/workflows/build-flake-packages.sh From 2c7abf829aa2ee2c8fd91d8a6d3fd25c559d3c1e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 00:59:28 +0200 Subject: [PATCH 123/904] services: adapt bitwarden to vaultwarden rename --- hosts/poseidon/default.nix | 2 +- services/default.nix | 2 +- .../{bitwarden_rs.nix => vaultwarden.nix} | 40 ++++++++----------- 3 files changed, 18 insertions(+), 26 deletions(-) rename services/{bitwarden_rs.nix => vaultwarden.nix} (71%) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 46840ba..3b90696 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -60,7 +60,7 @@ in # List services that you want to enable: my.services = { - bitwarden_rs = { + vaultwarden = { enable = true; privatePort = 8081; websocketPort = 3012; diff --git a/services/default.nix b/services/default.nix index 4291e78..5f894c4 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,7 +2,7 @@ { imports = [ - ./bitwarden_rs.nix + ./vaultwarden.nix ./borg-backup.nix ./fail2ban.nix ./fava.nix diff --git a/services/bitwarden_rs.nix b/services/vaultwarden.nix similarity index 71% rename from services/bitwarden_rs.nix rename to services/vaultwarden.nix index e57ee2c..751f51d 100644 --- a/services/bitwarden_rs.nix +++ b/services/vaultwarden.nix @@ -3,13 +3,13 @@ with lib; let - cfg = config.my.services.bitwarden_rs; + cfg = config.my.services.vaultwarden; my = config.my; domain = config.networking.domain; in { - options.my.services.bitwarden_rs = { - enable = mkEnableOption "Bitwarden"; + options.my.services.vaultwarden = { + enable = mkEnableOption "Vaultwarden"; privatePort = mkOption { type = types.port; @@ -29,18 +29,13 @@ in { config = mkIf cfg.enable { services.postgresql = { enable = true; - - initialScript = pkgs.writeText "bitwarden_rs-init.sql" '' - CREATE ROLE "bitwarden_rs" WITH LOGIN; - CREATE DATABASE "bitwarden_rs" WITH OWNER "bitwarden_rs"; - ''; }; services.postgresqlBackup = { - databases = [ "bitwarden_rs" ]; + databases = [ "vaultwarden" ]; }; - services.bitwarden_rs = { + services.vaultwarden = { enable = true; dbBackend = "postgresql"; config = { @@ -54,7 +49,8 @@ in { SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = false; DOMAIN = "https://pass.${domain}"; - DATABASE_URL = "postgresql://bitwarden_rs@/bitwarden_rs"; + # FIXME: should be renamed to vaultwarden eventually + DATABASE_URL = "postgresql://vaultwarden@/vaultwarden"; }; }; @@ -80,46 +76,42 @@ in { }; }; - # needed for bitwarden to find files to serve for the vault - environment.systemPackages = with pkgs; [ - bitwarden_rs-vault - ]; - + # FIXME: should be renamed to vaultwarden eventually my.services.restic-backup = mkIf cfg.enable { paths = [ "/var/lib/bitwarden_rs" ]; exclude = [ "/var/lib/bitwarden_rs/icon_cache" ]; }; services.fail2ban.jails = { - bitwarden_rs = '' + vaultwarden = '' enabled = true - filter = bitwarden_rs + filter = vaultwarden port = http,https maxretry = 5 ''; # Admin page isn't enabled by default, but just in case... - bitwarden_rs-admin = '' + vaultwarden-admin = '' enabled = true - filter = bitwarden_rs-admin + filter = vaultwarden-admin port = http,https maxretry = 2 ''; }; environment.etc = { - "fail2ban/filter.d/bitwarden_rs.conf".text = '' + "fail2ban/filter.d/vaultwarden.conf".text = '' [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ ignoreregex = - journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service + journalmatch = _SYSTEMD_UNIT=vaultwarden.service ''; - "fail2ban/filter.d/bitwarden_rs-admin.conf".text = '' + "fail2ban/filter.d/vaultwarden-admin.conf".text = '' [Definition] failregex = ^.*Invalid admin token\. IP: .*$ ignoreregex = - journalmatch = _SYSTEMD_UNIT=bitwarden_rs.service + journalmatch = _SYSTEMD_UNIT=vaultwarden.service ''; }; }; From d8c3f5c9872d4a57c6cc613f307ccdd8e78ab3ad Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 01:52:45 +0200 Subject: [PATCH 124/904] services: nextcloud: upgrade to nextcloud 22 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index bca8710..3a8e793 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -43,7 +43,7 @@ in hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud21; + package = pkgs.nextcloud22; maxUploadSize = "1G"; From 58595b8d2967e4e54f3eaab69274bf9a752f2046 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 02:11:40 +0200 Subject: [PATCH 125/904] flake: use master branch of home-manager --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 19a1924..56d6b40 100644 --- a/flake.lock +++ b/flake.lock @@ -39,16 +39,16 @@ ] }, "locked": { - "lastModified": 1627649712, - "narHash": "sha256-AJBasvMKpsyJmCLdjroBElCHY5AlalbVy+XY5vjbgXc=", + "lastModified": 1629347633, + "narHash": "sha256-FGZJ7lmTAMIkjdrh6dIPck5HuB4KMT2GgDV5ZjiCWoc=", "owner": "nix-community", "repo": "home-manager", - "rev": "b39647e52ed3c0b989e9d5c965e598ae4c38d7ef", + "rev": "bf6b85136b47ab1a76df4a90ea4850871147494a", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.05", + "ref": "master", "repo": "home-manager", "type": "github" } diff --git a/flake.nix b/flake.nix index 7e11a13..faa4564 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-21.05"; + ref = "master"; inputs.nixpkgs.follows = "nixpkgs"; }; From 14ed1167177c30c6ac787941c861b93ffe84a8d3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 02:20:27 +0200 Subject: [PATCH 126/904] readme: rework --- README.org | 46 +++------------------------------------------- 1 file changed, 3 insertions(+), 43 deletions(-) diff --git a/README.org b/README.org index dc9d8ff..539a8eb 100644 --- a/README.org +++ b/README.org @@ -1,44 +1,4 @@ -#+title: NixOS deployment configuration +#+title: NixOS configurations -* Services - -** Bitwarden - -Password manager, Rust lightweight version. - -** Borg backup - -Creating daily backups to borgbase - -** fail2ban - -Keeping the bad guys away - -** Gitea - -Hosting for all my personal projects - -** Jellyfin - -Netflix but just for me - -** Lohr - -*** Setup - -Needs manual SSH key and known hosts setup. - -** Matrix - -My Matrix homeserver at =alarsyo.net=. Also hosting an Element web client at -[[https://chat.alarsyo.net][chat.alarsyo.net]]. - -** Miniflux - -RSS reader - -** Monitoring - -Grafana and Prometheus are currently used as a glorified =htop=. - -** Nextcloud +Configuration for my computers! You may find here system configurations for +various services I host, as well as my dotfiles for daily programs. From 996ba1cddac8620ef6abebce50aea269f3841451 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Aug 2021 02:26:01 +0200 Subject: [PATCH 127/904] readme: mention packaged software --- README.org | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.org b/README.org index 539a8eb..0b7e2ce 100644 --- a/README.org +++ b/README.org @@ -2,3 +2,24 @@ Configuration for my computers! You may find here system configurations for various services I host, as well as my dotfiles for daily programs. + +** Packages + +Various packages of mine can be found in this repo. You can easily use these +packages from Nix by [[https://github.com/nix-community/NUR][setting up the Nix User Repository]]. + +*** Flake + +If you prefer, theses packages are also exposed as a *flake* in this repo: + +- To list packages: + +#+begin_src sh +nix flake show +#+end_src + +- To install one of them: + +#+begin_src sh +nix build github:alarsyo/nixos-config#$PACKAGE +#+end_src From e0336d1367a68ba9ff30f47d7d67d7ee188c30bc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 21 Aug 2021 11:56:01 +0200 Subject: [PATCH 128/904] modules: wakeonwlan: setup simple wakeonwlan --- modules/default.nix | 1 + modules/wakeonwlan.nix | 63 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 modules/wakeonwlan.nix diff --git a/modules/default.nix b/modules/default.nix index 0b7755f..761f84e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,5 +2,6 @@ { imports = [ ./sddm.nix + ./wakeonwlan.nix ]; } diff --git a/modules/wakeonwlan.nix b/modules/wakeonwlan.nix new file mode 100644 index 0000000..8243671 --- /dev/null +++ b/modules/wakeonwlan.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.wakeonwlan; + + mkWowlanService = name: cfg: + nameValuePair "wowlan-${name}" { + description = "Enable WoWLAN for interface ${name}"; + requires = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + }; + script = '' + ${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods} + ''; + }; +in +{ + options.my.wakeonwlan = { + interfaces = mkOption { + default = { }; + description = "Wireless interfaces where you want to enable WoWLAN"; + example = literalExample '' + { + phy0.methods = [ + "magic-packet" + "disconnect" + "gtk-rekey-failure" + "eap-identity-request" + "rfkill-release" + ]; + phy2.methods = [ "any" ]; + } + ''; + type = types.attrsOf ( + types.submodule { + options = { + methods = mkOption { + type = types.listOf (types.enum [ + "4way-handshake" + "any" + "disconnect" + "eap-identity-request" + "gtk-rekey-failure" + "magic-packet" + "rfkill-release" + ]); + description = "Wake-On-WiFiLan methods for this interface."; + }; + }; + } + ); + }; + }; + + config = mkIf (cfg.interfaces != {}) { + systemd.services = mapAttrs' mkWowlanService cfg.interfaces; + }; +} From 1aed654aaa67f592470beda61e6aed16e2657cc6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 21 Aug 2021 12:00:56 +0200 Subject: [PATCH 129/904] boreal: enable wakeonwlan --- hosts/boreal/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 5b239c0..089f3d1 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -103,6 +103,14 @@ in }; my.displayManager.sddm.enable = true; + my.wakeonwlan.interfaces.phy0.methods = [ + "magic-packet" + "disconnect" + "gtk-rekey-failure" + "eap-identity-request" + "rfkill-release" + ]; + services.udev.packages = with pkgs; [ packages.kaleidoscope-udev-rules ]; From 97d4ccf5334cc2b0b81bdbd3dbeb15068cd64188 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 21 Aug 2021 12:06:09 +0200 Subject: [PATCH 130/904] home: ssh: add more custom hosts --- home/ssh.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/home/ssh.nix b/home/ssh.nix index e7a5532..cf8d877 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -12,8 +12,11 @@ in enable = true; matchBlocks = { - poseidon = { - hostname = "poseidon.alarsyo.net"; + boreal = { hostname = "boreal.alarsyo.net"; }; + poseidon = { hostname = "poseidon.alarsyo.net"; }; + pi = { + hostname = "pi.alarsyo.net"; + user = "pi"; }; "*.lrde.epita.fr" = { From d8de5c17013df3ed7621636db24cea926cb072fc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 21 Aug 2021 18:35:55 +0200 Subject: [PATCH 131/904] home: fish: add WoL alias --- home/fish/functions/wake.fish | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 home/fish/functions/wake.fish diff --git a/home/fish/functions/wake.fish b/home/fish/functions/wake.fish new file mode 100644 index 0000000..5c255db --- /dev/null +++ b/home/fish/functions/wake.fish @@ -0,0 +1,14 @@ +function wake -d "Wake-on-WiFi shortcut" -a host + if not set -q host[1] + echo "Usage: wake HOSTNAME" + return 1 + end + + switch $host + case boreal + ssh -t pi@pi.alarsyo.net "bash -ic wakywaky" + case * + echo "Unknown host!" + return 1 + end +end From 7ce48f71641dc093536f229d972d3f660af2ac44 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 22 Aug 2021 16:40:57 +0200 Subject: [PATCH 132/904] services: add navidrome --- services/default.nix | 1 + services/navidrome.nix | 47 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 services/navidrome.nix diff --git a/services/default.nix b/services/default.nix index 5f894c4..9412e57 100644 --- a/services/default.nix +++ b/services/default.nix @@ -13,6 +13,7 @@ ./media.nix ./miniflux.nix ./monitoring.nix + ./navidrome.nix ./nextcloud.nix ./nginx.nix ./nuage.nix diff --git a/services/navidrome.nix b/services/navidrome.nix new file mode 100644 index 0000000..33372f6 --- /dev/null +++ b/services/navidrome.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.navidrome; + domain = config.networking.domain; +in { + options.my.services.navidrome = { + enable = mkEnableOption "Navidrome"; + }; + + config = lib.mkIf cfg.enable { + services.navidrome = { + enable = true; + settings = { + Address = "127.0.0.1"; + Port = 4533; + LastFM.Enabled = false; + }; + }; + + services.nginx.virtualHosts."music.${domain}" = { + forceSSL = true; + useACMEHost = domain; + + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.80.61.67"; + port = 443; + ssl = true; + } + { + addr = "100.80.61.67"; + port = 80; + ssl = false; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.navidrome.settings.Port}/"; + proxyWebsockets = true; + }; + }; + }; +} From bee57a1e09a53132a4e0178768cb28a8fdc067a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 22 Aug 2021 16:41:25 +0200 Subject: [PATCH 133/904] poseidon: enable navidrome --- hosts/poseidon/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 3b90696..cb09303 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -112,6 +112,10 @@ in domain = "monitoring.${config.networking.domain}"; }; + navidrome = { + enable = true; + }; + nextcloud = { enable = true; }; From 901556f8051db8ee56238d2c22ba097c7db124b8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 22 Aug 2021 17:24:52 +0200 Subject: [PATCH 134/904] services: navidrome: make music folder configurable --- services/navidrome.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/navidrome.nix b/services/navidrome.nix index 33372f6..3473737 100644 --- a/services/navidrome.nix +++ b/services/navidrome.nix @@ -8,6 +8,10 @@ let in { options.my.services.navidrome = { enable = mkEnableOption "Navidrome"; + musicFolder = mkOption { + type = types.str; + default = "./music"; + }; }; config = lib.mkIf cfg.enable { @@ -17,6 +21,7 @@ in { Address = "127.0.0.1"; Port = 4533; LastFM.Enabled = false; + MusicFolder = cfg.musicFolder; }; }; From 81575957479c2d4bcf4a0b46481f03180a387734 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 22 Aug 2021 17:25:11 +0200 Subject: [PATCH 135/904] poseidon: point navidrome to nextcloud folder --- hosts/poseidon/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index cb09303..cf3ca3a 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -114,6 +114,7 @@ in navidrome = { enable = true; + musicFolder = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; }; nextcloud = { From c94356e24f6b060eaa835f84c0dcf0a62f0f0e04 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 22 Aug 2021 17:48:45 +0200 Subject: [PATCH 136/904] services: navidrome: setup restic backups --- hosts/poseidon/default.nix | 2 +- services/navidrome.nix | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index cf3ca3a..fb55c25 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -114,7 +114,7 @@ in navidrome = { enable = true; - musicFolder = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; + musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; }; nextcloud = { diff --git a/services/navidrome.nix b/services/navidrome.nix index 3473737..b245ed5 100644 --- a/services/navidrome.nix +++ b/services/navidrome.nix @@ -8,9 +8,12 @@ let in { options.my.services.navidrome = { enable = mkEnableOption "Navidrome"; - musicFolder = mkOption { - type = types.str; - default = "./music"; + musicFolder = { + path = mkOption { + type = types.str; + default = "./music"; + }; + backup = mkEnableOption "backup the music folder"; }; }; @@ -21,10 +24,15 @@ in { Address = "127.0.0.1"; Port = 4533; LastFM.Enabled = false; - MusicFolder = cfg.musicFolder; + MusicFolder = cfg.musicFolder.path; }; }; + my.services.restic-backup = { + paths = [ "/var/lib/navidrome" ] ++ optional cfg.musicFolder.backup cfg.musicFolder.path; + exclude = [ "/var/lib/navidrome/cache" ]; + }; + services.nginx.virtualHosts."music.${domain}" = { forceSSL = true; useACMEHost = domain; From 9bb834587d97c1ed57da8b7b36f69731b177af8b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 25 Aug 2021 21:39:05 +0200 Subject: [PATCH 137/904] flake: pin nixpkgs channel in nix path --- flake.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/flake.nix b/flake.nix index faa4564..3484c28 100644 --- a/flake.nix +++ b/flake.nix @@ -53,6 +53,11 @@ home-manager.users.alarsyo = import ./home; home-manager.verbose = true; }; + nix-path = { + nix.nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + ]; + }; }; nixosConfigurations = @@ -76,6 +81,8 @@ modules = [ ./poseidon.nix + self.nixosModules.nix-path + home-manager.nixosModule self.nixosModules.home @@ -103,6 +110,8 @@ modules = [ ./boreal.nix + self.nixosModules.nix-path + home-manager.nixosModule self.nixosModules.home @@ -130,6 +139,8 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-ssd + self.nixosModules.nix-path + home-manager.nixosModule self.nixosModules.home From e4775f4611ce51e286ad7b7ee8187c422d62ce55 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 25 Aug 2021 21:56:42 +0200 Subject: [PATCH 138/904] flake: factorize shared modules --- flake.nix | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/flake.nix b/flake.nix index 3484c28..8719c74 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,10 @@ }; }) ]; + sharedModules = [ + home-manager.nixosModule + { nixpkgs.overlays = shared_overlays; } + ] ++ (nixpkgs.lib.attrValues self.nixosModules); in { poseidon = nixpkgs.lib.nixosSystem rec { @@ -81,11 +85,6 @@ modules = [ ./poseidon.nix - self.nixosModules.nix-path - - home-manager.nixosModule - self.nixosModules.home - { nixpkgs.overlays = [ (self: super: { @@ -100,9 +99,9 @@ python3 = self.fastPython3; }; }) - ] ++ shared_overlays; + ]; } - ]; + ] ++ sharedModules; }; boreal = nixpkgs.lib.nixosSystem rec { @@ -110,11 +109,6 @@ modules = [ ./boreal.nix - self.nixosModules.nix-path - - home-manager.nixosModule - self.nixosModules.home - { nixpkgs.overlays = [ inputs.emacs-overlay.overlay @@ -125,9 +119,9 @@ # (self: super: { # stdenv = super.impureUseNativeOptimizations super.stdenv; # }) - ] ++ shared_overlays; + ]; } - ]; + ] ++ sharedModules; }; zephyrus = nixpkgs.lib.nixosSystem rec { @@ -139,17 +133,12 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-ssd - self.nixosModules.nix-path - - home-manager.nixosModule - self.nixosModules.home - { nixpkgs.overlays = [ inputs.emacs-overlay.overlay - ] ++ shared_overlays; + ]; } - ]; + ] ++ sharedModules; }; }; From 618b7b37e9dfd37f62929b68c52102144643216f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Aug 2021 12:38:25 +0200 Subject: [PATCH 139/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/43a27b143c8f0d25d7ec008d6040e86b75dd016e' -> 'github:nix-community/emacs-overlay/daf338bd83887489341c85e4f20f26034cc24bd2' * Updated 'home-manager': 'github:nix-community/home-manager/bf6b85136b47ab1a76df4a90ea4850871147494a' -> 'github:nix-community/home-manager/f637e145d758ab183d3dba096c9312eae8bc0c7c' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/253aecf69ed7595aaefabde779aa6449195bebb7' -> 'github:NixOS/nixpkgs/5bc8b980b9178ef9a4bb622320cf34e59ea2ea10' * Updated 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/14b0f20fa1f56438b74100513c9b1f7c072cf789' -> 'github:NixOS/nixpkgs/296da7b2f843a385bbc655070c77e28bcf915d61' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 56d6b40..a0cc9af 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1629365267, - "narHash": "sha256-elShloulonGXs9grll3PHBtYFcvGEtEu/ocpKvw+jBM=", + "lastModified": 1629969371, + "narHash": "sha256-8BwSUWo9xeXPNw2JtvGSa3r8p520DZUDKy8kxyy5Y+A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "43a27b143c8f0d25d7ec008d6040e86b75dd016e", + "rev": "daf338bd83887489341c85e4f20f26034cc24bd2", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1629347633, - "narHash": "sha256-FGZJ7lmTAMIkjdrh6dIPck5HuB4KMT2GgDV5ZjiCWoc=", + "lastModified": 1629961460, + "narHash": "sha256-t0UEf5bIJg4TKrqN3dF2rS65iyKCUTT0RfW2f5lWMQw=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf6b85136b47ab1a76df4a90ea4850871147494a", + "rev": "f637e145d758ab183d3dba096c9312eae8bc0c7c", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1629292755, - "narHash": "sha256-5xMo32NVLnloY9DveqwJO/Cab1+PbTMPqU4WMmawX5M=", + "lastModified": 1629705759, + "narHash": "sha256-M5sHgjA1OZn/c21pk64qd5kjbkBpbZuYwgaDEl9kiP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "253aecf69ed7595aaefabde779aa6449195bebb7", + "rev": "5bc8b980b9178ef9a4bb622320cf34e59ea2ea10", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1629379651, - "narHash": "sha256-k4WWTLqz3tYvCCVt9ANm3Ac7qR/qXi1Uk6Xf9RXO8VM=", + "lastModified": 1629918467, + "narHash": "sha256-6iVnXyFfyc0BIfsMn+8fU0JgVXPkeoHuzykVvL2f/JY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "14b0f20fa1f56438b74100513c9b1f7c072cf789", + "rev": "296da7b2f843a385bbc655070c77e28bcf915d61", "type": "github" }, "original": { From 4bbf21eff8a968723a83ee9301569e5069a558e4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Aug 2021 12:59:19 +0200 Subject: [PATCH 140/904] flake: remove custom python overlay for poseidon That was fun but build time was too long, not worth it --- flake.nix | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/flake.nix b/flake.nix index 8719c74..2363356 100644 --- a/flake.nix +++ b/flake.nix @@ -84,23 +84,6 @@ inherit system; modules = [ ./poseidon.nix - - { - nixpkgs.overlays = [ - (self: super: { - fastPython3 = self.python3.override { - enableOptimizations = true; - reproducibleBuild = false; - self = self.fastPython3; - pythonAttr = "fastPython3"; - }; - - matrix-synapse = super.matrix-synapse.override { - python3 = self.fastPython3; - }; - }) - ]; - } ] ++ sharedModules; }; From af0428fe45f3b1c1bc2f8e731d85f2b0dd130ec1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Aug 2021 13:58:10 +0200 Subject: [PATCH 141/904] services: gitea: upgrade to v1.15.0 --- services/gitea/templates/home.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/gitea/templates/home.tmpl b/services/gitea/templates/home.tmpl index cab8416..c2d3ee2 100644 --- a/services/gitea/templates/home.tmpl +++ b/services/gitea/templates/home.tmpl @@ -3,7 +3,7 @@
- +

From 629a133c8c1741391d914d1e0f1309892238288c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 31 Aug 2021 22:45:33 +0200 Subject: [PATCH 142/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/daf338bd83887489341c85e4f20f26034cc24bd2' -> 'github:nix-community/emacs-overlay/9f17ba1ed9c8b2012c0a1a41edf3d02936aa4def' * Updated 'home-manager': 'github:nix-community/home-manager/f637e145d758ab183d3dba096c9312eae8bc0c7c' -> 'github:nix-community/home-manager/21a2ff449620a9cb91802f9d1a9157b2ae8c6b39' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/5bc8b980b9178ef9a4bb622320cf34e59ea2ea10' -> 'github:NixOS/nixpkgs/8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512' * Updated 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/296da7b2f843a385bbc655070c77e28bcf915d61' -> 'github:NixOS/nixpkgs/075a6f16c0c67a97d4c81d9e90b6e5a3addf7503' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a0cc9af..d57d023 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1629969371, - "narHash": "sha256-8BwSUWo9xeXPNw2JtvGSa3r8p520DZUDKy8kxyy5Y+A=", + "lastModified": 1630430032, + "narHash": "sha256-f3XLZ3zhpSmhR/tOwELtvj+o2pkRtDOn5YcRULn+T+M=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "daf338bd83887489341c85e4f20f26034cc24bd2", + "rev": "9f17ba1ed9c8b2012c0a1a41edf3d02936aa4def", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1629961460, - "narHash": "sha256-t0UEf5bIJg4TKrqN3dF2rS65iyKCUTT0RfW2f5lWMQw=", + "lastModified": 1630428740, + "narHash": "sha256-394yJxkFjvg47vB0jK5WHCitLDilyGjO3HpuZkAM2GA=", "owner": "nix-community", "repo": "home-manager", - "rev": "f637e145d758ab183d3dba096c9312eae8bc0c7c", + "rev": "21a2ff449620a9cb91802f9d1a9157b2ae8c6b39", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1629705759, - "narHash": "sha256-M5sHgjA1OZn/c21pk64qd5kjbkBpbZuYwgaDEl9kiP8=", + "lastModified": 1630248577, + "narHash": "sha256-9d/yq96TTrnF7qjA6wPYk+rYjWAXwfUmwk3qewezSeg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5bc8b980b9178ef9a4bb622320cf34e59ea2ea10", + "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1629918467, - "narHash": "sha256-6iVnXyFfyc0BIfsMn+8fU0JgVXPkeoHuzykVvL2f/JY=", + "lastModified": 1630407737, + "narHash": "sha256-QX7dh0MTh/2MaTRaEOCYJbupPbAa9shFh+GGiQmkJDM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "296da7b2f843a385bbc655070c77e28bcf915d61", + "rev": "075a6f16c0c67a97d4c81d9e90b6e5a3addf7503", "type": "github" }, "original": { From cbc899fab000d24026d1fe0d7ef513018dcb95e3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 1 Sep 2021 15:05:45 +0200 Subject: [PATCH 143/904] Revert "flake.lock: Update" This reverts commit 629a133c8c1741391d914d1e0f1309892238288c. --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index d57d023..a0cc9af 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1630430032, - "narHash": "sha256-f3XLZ3zhpSmhR/tOwELtvj+o2pkRtDOn5YcRULn+T+M=", + "lastModified": 1629969371, + "narHash": "sha256-8BwSUWo9xeXPNw2JtvGSa3r8p520DZUDKy8kxyy5Y+A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9f17ba1ed9c8b2012c0a1a41edf3d02936aa4def", + "rev": "daf338bd83887489341c85e4f20f26034cc24bd2", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1630428740, - "narHash": "sha256-394yJxkFjvg47vB0jK5WHCitLDilyGjO3HpuZkAM2GA=", + "lastModified": 1629961460, + "narHash": "sha256-t0UEf5bIJg4TKrqN3dF2rS65iyKCUTT0RfW2f5lWMQw=", "owner": "nix-community", "repo": "home-manager", - "rev": "21a2ff449620a9cb91802f9d1a9157b2ae8c6b39", + "rev": "f637e145d758ab183d3dba096c9312eae8bc0c7c", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1630248577, - "narHash": "sha256-9d/yq96TTrnF7qjA6wPYk+rYjWAXwfUmwk3qewezSeg=", + "lastModified": 1629705759, + "narHash": "sha256-M5sHgjA1OZn/c21pk64qd5kjbkBpbZuYwgaDEl9kiP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512", + "rev": "5bc8b980b9178ef9a4bb622320cf34e59ea2ea10", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1630407737, - "narHash": "sha256-QX7dh0MTh/2MaTRaEOCYJbupPbAa9shFh+GGiQmkJDM=", + "lastModified": 1629918467, + "narHash": "sha256-6iVnXyFfyc0BIfsMn+8fU0JgVXPkeoHuzykVvL2f/JY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "075a6f16c0c67a97d4c81d9e90b6e5a3addf7503", + "rev": "296da7b2f843a385bbc655070c77e28bcf915d61", "type": "github" }, "original": { From 986dd5fcc229571265b5a08e9776635cc38136eb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 4 Sep 2021 17:36:48 +0200 Subject: [PATCH 144/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/daf338bd83887489341c85e4f20f26034cc24bd2' -> 'github:nix-community/emacs-overlay/77da5f7db124ac4e9c0d1228647f20c01e5498f9' * Updated 'home-manager': 'github:nix-community/home-manager/f637e145d758ab183d3dba096c9312eae8bc0c7c' -> 'github:nix-community/home-manager/21a2ff449620a9cb91802f9d1a9157b2ae8c6b39' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/5bc8b980b9178ef9a4bb622320cf34e59ea2ea10' -> 'github:NixOS/nixpkgs/4194d02deb6c3bd60dffe752b4b788570553a649' * Updated 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/296da7b2f843a385bbc655070c77e28bcf915d61' -> 'github:NixOS/nixpkgs/d431839ab4494499714f2b6f001413fe380607eb' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a0cc9af..42b5afd 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1629969371, - "narHash": "sha256-8BwSUWo9xeXPNw2JtvGSa3r8p520DZUDKy8kxyy5Y+A=", + "lastModified": 1630746807, + "narHash": "sha256-l30gDY9EQbaTaXTehjLgmnGeCUL0sGpD+KsI2WnCsdI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "daf338bd83887489341c85e4f20f26034cc24bd2", + "rev": "77da5f7db124ac4e9c0d1228647f20c01e5498f9", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1629961460, - "narHash": "sha256-t0UEf5bIJg4TKrqN3dF2rS65iyKCUTT0RfW2f5lWMQw=", + "lastModified": 1630428740, + "narHash": "sha256-394yJxkFjvg47vB0jK5WHCitLDilyGjO3HpuZkAM2GA=", "owner": "nix-community", "repo": "home-manager", - "rev": "f637e145d758ab183d3dba096c9312eae8bc0c7c", + "rev": "21a2ff449620a9cb91802f9d1a9157b2ae8c6b39", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1629705759, - "narHash": "sha256-M5sHgjA1OZn/c21pk64qd5kjbkBpbZuYwgaDEl9kiP8=", + "lastModified": 1630600546, + "narHash": "sha256-RFqEv59bWpds9Ymo757GgHB9S3nJFra96ySW1YptNuQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5bc8b980b9178ef9a4bb622320cf34e59ea2ea10", + "rev": "4194d02deb6c3bd60dffe752b4b788570553a649", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1629918467, - "narHash": "sha256-6iVnXyFfyc0BIfsMn+8fU0JgVXPkeoHuzykVvL2f/JY=", + "lastModified": 1630736093, + "narHash": "sha256-NSLXh0sHFqcX1dLNt9NQcHjCVXAFJaR63yCqPPyHPFI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "296da7b2f843a385bbc655070c77e28bcf915d61", + "rev": "d431839ab4494499714f2b6f001413fe380607eb", "type": "github" }, "original": { From 6afcd36d8ed8dfb5c063903ceb4f3622305eccf9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 4 Sep 2021 18:21:10 +0200 Subject: [PATCH 145/904] services: lohr: bump flake I should clean that up anyway --- services/lohr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/lohr.nix b/services/lohr.nix index 45b9ecb..6d760a3 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -9,7 +9,7 @@ let secrets = config.my.secrets; lohrPkg = let - flake = builtins.getFlake "github:alarsyo/lohr?rev=5f7d140b616c4e92318ea09f3438ee2dcc061236"; + flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; in flake.defaultPackage."x86_64-linux"; # FIXME: use correct system in From d7133e98de8e43ff42ec73f1cf82f8c60da61006 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Sep 2021 05:41:48 +0200 Subject: [PATCH 146/904] zephyrus: tlp: remove cpu governor tweak The laptop's fans run really loud whenever it's plugged in, and cores are all at max frequency even when there's 0 load. --- hosts/zephyrus/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index c116bb8..3c7aab5 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -55,9 +55,6 @@ in }; tlp = { settings = { - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - START_CHARGE_THRESH_BAT0 = 70; STOP_CHARGE_THRESH_BAT0 = 80; }; From 3196015861361023f992bae30bde3af5d7a21e30 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 8 Sep 2021 22:25:52 +0200 Subject: [PATCH 147/904] zephyrus: add wine to packages --- hosts/zephyrus/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 879f735..6c6ad0f 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -16,6 +16,8 @@ # some websites only work there :( chromium + wineWowPackages.stable + darktable # dev From eb3c698f693e886c38e2213f430d82770d48c1de Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Sep 2021 23:49:21 +0200 Subject: [PATCH 148/904] home: setup lorri service --- home/default.nix | 1 + home/lorri.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 home/lorri.nix diff --git a/home/default.nix b/home/default.nix index 75a2ac4..44341dd 100644 --- a/home/default.nix +++ b/home/default.nix @@ -10,6 +10,7 @@ ./flameshot.nix ./git.nix ./laptop.nix + ./lorri.nix ./rofi.nix ./secrets ./ssh.nix diff --git a/home/lorri.nix b/home/lorri.nix new file mode 100644 index 0000000..2567331 --- /dev/null +++ b/home/lorri.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: +let + cfg = config.my.home.lorri; +in +{ + options.my.home.lorri = with lib; { + enable = (mkEnableOption "lorri daemon setup") // { default = true; }; + }; + + config = lib.mkIf cfg.enable { + services.lorri.enable = true; + programs.direnv = { + enable = true; + enableFishIntegration = true; + }; + }; +} From f12387f5d8fd3c4f3cd7a3cf196ab2e842bb8ddb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Sep 2021 23:50:08 +0200 Subject: [PATCH 149/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/77da5f7db124ac4e9c0d1228647f20c01e5498f9' -> 'github:nix-community/emacs-overlay/8320c615b706f0d459544d7d37a59c5a5ff5e7e0' * Updated 'home-manager': 'github:nix-community/home-manager/21a2ff449620a9cb91802f9d1a9157b2ae8c6b39' -> 'github:nix-community/home-manager/039f786e609fdb3cfd9c5520ff3791750c3eaebf' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/4194d02deb6c3bd60dffe752b4b788570553a649' -> 'github:NixOS/nixpkgs/4f6d8095fd51954120a1d08ea5896fe42dc3923b' * Updated 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/d431839ab4494499714f2b6f001413fe380607eb' -> 'github:NixOS/nixpkgs/c678e050c1978110badd975274785265fc953a66' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 42b5afd..39ce466 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1630746807, - "narHash": "sha256-l30gDY9EQbaTaXTehjLgmnGeCUL0sGpD+KsI2WnCsdI=", + "lastModified": 1631294328, + "narHash": "sha256-PYuZn7hloVUxvFWyhvt23cUGPxCQSkw7RvF7YIn1Ut0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "77da5f7db124ac4e9c0d1228647f20c01e5498f9", + "rev": "8320c615b706f0d459544d7d37a59c5a5ff5e7e0", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1630428740, - "narHash": "sha256-394yJxkFjvg47vB0jK5WHCitLDilyGjO3HpuZkAM2GA=", + "lastModified": 1631134124, + "narHash": "sha256-C17wJ2HyuFZllJ/PbpFuuDjkzWvg8np9UIAdSrpuwS0=", "owner": "nix-community", "repo": "home-manager", - "rev": "21a2ff449620a9cb91802f9d1a9157b2ae8c6b39", + "rev": "039f786e609fdb3cfd9c5520ff3791750c3eaebf", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1630600546, - "narHash": "sha256-RFqEv59bWpds9Ymo757GgHB9S3nJFra96ySW1YptNuQ=", + "lastModified": 1631206977, + "narHash": "sha256-o3Dct9aJ5ht5UaTUBzXrRcK1RZt2eG5/xSlWJuUCVZM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4194d02deb6c3bd60dffe752b4b788570553a649", + "rev": "4f6d8095fd51954120a1d08ea5896fe42dc3923b", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1630736093, - "narHash": "sha256-NSLXh0sHFqcX1dLNt9NQcHjCVXAFJaR63yCqPPyHPFI=", + "lastModified": 1631264114, + "narHash": "sha256-9B/r68I5FKAtHFUQ2TRmWKEIbKFldMqNRrNRxDRRudM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d431839ab4494499714f2b6f001413fe380607eb", + "rev": "c678e050c1978110badd975274785265fc953a66", "type": "github" }, "original": { From 5e8431b1c09d458ff97e9c1c54e5aca701019e64 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Sep 2021 00:03:53 +0200 Subject: [PATCH 150/904] boreal,zephyrus: remove beancount and fava --- hosts/boreal/home.nix | 3 --- hosts/zephyrus/home.nix | 3 --- 2 files changed, 6 deletions(-) diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 4eba48c..bfb0788 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -19,9 +19,6 @@ # dev rustup - beancount - fava - # keyboard goodness chrysalis diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 6c6ad0f..1b38985 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -23,9 +23,6 @@ # dev rustup - beancount - fava - packages.spot ]; }; From c80a5e9a872c834fbfd9a0610be94fff359dadf9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Sep 2021 20:43:54 +0200 Subject: [PATCH 151/904] services: setup prololo test service --- hosts/poseidon/default.nix | 13 +++++ secrets/default.nix | 4 ++ secrets/prololo-github-secret.secret | Bin 0 -> 30 bytes secrets/prololo-password.secret | Bin 0 -> 87 bytes secrets/prololo-room.secret | Bin 0 -> 54 bytes services/default.nix | 1 + services/prololo.nix | 80 +++++++++++++++++++++++++++ 7 files changed, 98 insertions(+) create mode 100644 secrets/prololo-github-secret.secret create mode 100644 secrets/prololo-password.secret create mode 100644 secrets/prololo-room.secret create mode 100644 services/prololo.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index fb55c25..2eee87c 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -134,6 +134,19 @@ in enable = true; }; + prololo = { + enable = true; + port = 8089; + settings = { + matrix_username = "prololo"; + matrix_password = config.my.secrets.prololo_password; + matrix_homeserver = "https://matrix.alarsyo.net"; + matrix_room_id = config.my.secrets.prololo_room; + matrix_state_dir = "./prololo_state_dir"; + github_secret = config.my.secrets.prololo_github_secret; + }; + }; + tailscale = { enable = true; exitNode = true; diff --git a/secrets/default.nix b/secrets/default.nix index 59c9049..522b240 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -20,5 +20,9 @@ with lib; restic-backup = import ./restic-backup { inherit lib; }; matrixEmailConfig = import ./matrix-email-config.nix; + + prololo_password = lib.fileContents ./prololo-password.secret; + prololo_room = lib.fileContents ./prololo-room.secret; + prololo_github_secret = lib.fileContents ./prololo-github-secret.secret; }; } diff --git a/secrets/prololo-github-secret.secret b/secrets/prololo-github-secret.secret new file mode 100644 index 0000000000000000000000000000000000000000..e63c13e69ab8d50a735a09a118e2df097ba2f3a3 GIT binary patch literal 30 mcmZQ@_Y83kiVO&0ILonr-=P(`3e6Ic!TFn>ZSh=R+y(%uGYqo; literal 0 HcmV?d00001 diff --git a/secrets/prololo-password.secret b/secrets/prololo-password.secret new file mode 100644 index 0000000000000000000000000000000000000000..039626324fcbe7bc98d49ace35c7202ace55bd76 GIT binary patch literal 87 zcmZQ@_Y83kiVO&0usq{hVRu>P?>n2vt)G4@Ht6)*=Th|1VA79k?5-}S-4nK0{<8WJ vaFKVCk^8#GTQ3}cs5;YSx5l?BSG~!P59^%|kDs@Bp1bseB_?j_TMhyM8__E- literal 0 HcmV?d00001 diff --git a/secrets/prololo-room.secret b/secrets/prololo-room.secret new file mode 100644 index 0000000000000000000000000000000000000000..3ce60010f52ea0e4c84d70ce09320471b32ec005 GIT binary patch literal 54 zcmZQ@_Y83kiVO&0V9QCVHLus(bwlJ!N^N0I7{{wjql~>XwD&6d@CmGw55IIn+|d2i KqEH6zOZ5O0f)uj= literal 0 HcmV?d00001 diff --git a/services/default.nix b/services/default.nix index 9412e57..1522988 100644 --- a/services/default.nix +++ b/services/default.nix @@ -21,6 +21,7 @@ ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix + ./prololo.nix ./restic-backup.nix ./tailscale.nix ./tgv.nix diff --git a/services/prololo.nix b/services/prololo.nix new file mode 100644 index 0000000..8976551 --- /dev/null +++ b/services/prololo.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.prololo; + my = config.my; + domain = config.networking.domain; + prololoPkg = + let + flake = builtins.getFlake "github:alarsyo/prololo-reborn?rev=40da010f5782bc760c83ac9883716970fcee40ff"; + in + flake.defaultPackage."x86_64-linux"; # FIXME: use correct system + settingsFormat = pkgs.formats.yaml {}; +in +{ + options.my.services.prololo = { + enable = lib.mkEnableOption "Prololo Matrix bot"; + + home = mkOption { + type = types.str; + default = "/var/lib/prololo"; + example = "/var/lib/prololo"; + description = "Home for the prololo service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 8080; + example = 8080; + description = "Internal port for Prololo Rocket server"; + }; + + settings = mkOption { + type = settingsFormat.type; + default = {}; + }; + }; + + config = + let + configFile = settingsFormat.generate "config.yaml" cfg.settings; + in mkIf cfg.enable + { + systemd.services.prololo = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Environment = [ + "ROCKET_PORT=${toString cfg.port}" + "ROCKET_LOG_LEVEL=normal" + "RUST_LOG=rocket=info,prololo_reborn=trace" + ]; + ExecStart = "${prololoPkg}/bin/prololo-reborn --config ${configFile}"; + StateDirectory = "prololo"; + WorkingDirectory = cfg.home; + User = "prololo"; + Group = "prololo"; + }; + }; + + users.users.prololo = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "prololo"; + }; + users.groups.prololo = { }; + + services.nginx.virtualHosts = { + "prololo.${domain}" = { + forceSSL = true; + useACMEHost = domain; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + }; + }; +} From 7bf83aaac38305c0ccacd2eee809d7ecfe7d5900 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 16 Sep 2021 16:23:52 +0200 Subject: [PATCH 152/904] services: prololo: bump flake --- hosts/poseidon/default.nix | 15 ++++++++++++++- secrets/default.nix | 1 + secrets/prololo-room2.secret | Bin 0 -> 54 bytes services/prololo.nix | 6 +++--- 4 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 secrets/prololo-room2.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 2eee87c..64d3733 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -141,9 +141,22 @@ in matrix_username = "prololo"; matrix_password = config.my.secrets.prololo_password; matrix_homeserver = "https://matrix.alarsyo.net"; - matrix_room_id = config.my.secrets.prololo_room; matrix_state_dir = "./prololo_state_dir"; github_secret = config.my.secrets.prololo_github_secret; + matrix_rooms = { + test-room = { id = config.my.secrets.prololo_room; default = true; }; + test-room2 = { id = config.my.secrets.prololo_room2; }; + }; + destinations = [ + { + regex = "^prologin/.*-playground$"; + room = "test-room2"; + } + { + regex = "^prologin/.*-\\dplayground$"; + room = "test-room2"; + } + ]; }; }; diff --git a/secrets/default.nix b/secrets/default.nix index 522b240..e2f351d 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -23,6 +23,7 @@ with lib; prololo_password = lib.fileContents ./prololo-password.secret; prololo_room = lib.fileContents ./prololo-room.secret; + prololo_room2 = lib.fileContents ./prololo-room2.secret; prololo_github_secret = lib.fileContents ./prololo-github-secret.secret; }; } diff --git a/secrets/prololo-room2.secret b/secrets/prololo-room2.secret new file mode 100644 index 0000000000000000000000000000000000000000..905ffdbd2548e2e8566bb6912ed280c85acfb062 GIT binary patch literal 54 zcmZQ@_Y83kiVO&0&^!F>kLji8n-@08I}~}voSNUhbNbVt>$hg_k2Cw~P!P3mT8MW| Ln)wp`>a`~Ut}hyG literal 0 HcmV?d00001 diff --git a/services/prololo.nix b/services/prololo.nix index 8976551..11664f6 100644 --- a/services/prololo.nix +++ b/services/prololo.nix @@ -8,7 +8,7 @@ let domain = config.networking.domain; prololoPkg = let - flake = builtins.getFlake "github:alarsyo/prololo-reborn?rev=40da010f5782bc760c83ac9883716970fcee40ff"; + flake = builtins.getFlake "github:prologin/prololo?rev=65007253adb9f366698a450cc9343b30c8ac508f"; in flake.defaultPackage."x86_64-linux"; # FIXME: use correct system settingsFormat = pkgs.formats.yaml {}; @@ -48,9 +48,9 @@ in Environment = [ "ROCKET_PORT=${toString cfg.port}" "ROCKET_LOG_LEVEL=normal" - "RUST_LOG=rocket=info,prololo_reborn=trace" + "RUST_LOG=rocket=info,prololo=trace" ]; - ExecStart = "${prololoPkg}/bin/prololo-reborn --config ${configFile}"; + ExecStart = "${prololoPkg}/bin/prololo --config ${configFile}"; StateDirectory = "prololo"; WorkingDirectory = cfg.home; User = "prololo"; From 6d1b8e9b17de13c4b40e1e54622aaf6e71519cf1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 23 Sep 2021 16:36:32 +0200 Subject: [PATCH 153/904] home: set emacs as editor --- home/env.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/env.nix b/home/env.nix index e196dd9..c678b36 100644 --- a/home/env.nix +++ b/home/env.nix @@ -5,4 +5,8 @@ "${config.home.homeDirectory}/.cargo/bin" "${config.home.homeDirectory}/.local/bin" ]; + + home.sessionVariables = { + EDITOR = "emacsclient -t"; + }; } From 63af1a317e48c2dfbe39fc18abe2ca236cbe7e93 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 24 Sep 2021 16:16:27 +0200 Subject: [PATCH 154/904] services: remove prololo beta testing service --- hosts/poseidon/default.nix | 26 --------- secrets/default.nix | 5 -- secrets/prololo-github-secret.secret | Bin 30 -> 0 bytes secrets/prololo-password.secret | Bin 87 -> 0 bytes secrets/prololo-room.secret | Bin 54 -> 0 bytes secrets/prololo-room2.secret | Bin 54 -> 0 bytes services/default.nix | 1 - services/prololo.nix | 80 --------------------------- 8 files changed, 112 deletions(-) delete mode 100644 secrets/prololo-github-secret.secret delete mode 100644 secrets/prololo-password.secret delete mode 100644 secrets/prololo-room.secret delete mode 100644 secrets/prololo-room2.secret delete mode 100644 services/prololo.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 64d3733..fb55c25 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -134,32 +134,6 @@ in enable = true; }; - prololo = { - enable = true; - port = 8089; - settings = { - matrix_username = "prololo"; - matrix_password = config.my.secrets.prololo_password; - matrix_homeserver = "https://matrix.alarsyo.net"; - matrix_state_dir = "./prololo_state_dir"; - github_secret = config.my.secrets.prololo_github_secret; - matrix_rooms = { - test-room = { id = config.my.secrets.prololo_room; default = true; }; - test-room2 = { id = config.my.secrets.prololo_room2; }; - }; - destinations = [ - { - regex = "^prologin/.*-playground$"; - room = "test-room2"; - } - { - regex = "^prologin/.*-\\dplayground$"; - room = "test-room2"; - } - ]; - }; - }; - tailscale = { enable = true; exitNode = true; diff --git a/secrets/default.nix b/secrets/default.nix index e2f351d..59c9049 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -20,10 +20,5 @@ with lib; restic-backup = import ./restic-backup { inherit lib; }; matrixEmailConfig = import ./matrix-email-config.nix; - - prololo_password = lib.fileContents ./prololo-password.secret; - prololo_room = lib.fileContents ./prololo-room.secret; - prololo_room2 = lib.fileContents ./prololo-room2.secret; - prololo_github_secret = lib.fileContents ./prololo-github-secret.secret; }; } diff --git a/secrets/prololo-github-secret.secret b/secrets/prololo-github-secret.secret deleted file mode 100644 index e63c13e69ab8d50a735a09a118e2df097ba2f3a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30 mcmZQ@_Y83kiVO&0ILonr-=P(`3e6Ic!TFn>ZSh=R+y(%uGYqo; diff --git a/secrets/prololo-password.secret b/secrets/prololo-password.secret deleted file mode 100644 index 039626324fcbe7bc98d49ace35c7202ace55bd76..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 87 zcmZQ@_Y83kiVO&0usq{hVRu>P?>n2vt)G4@Ht6)*=Th|1VA79k?5-}S-4nK0{<8WJ vaFKVCk^8#GTQ3}cs5;YSx5l?BSG~!P59^%|kDs@Bp1bseB_?j_TMhyM8__E- diff --git a/secrets/prololo-room.secret b/secrets/prololo-room.secret deleted file mode 100644 index 3ce60010f52ea0e4c84d70ce09320471b32ec005..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54 zcmZQ@_Y83kiVO&0V9QCVHLus(bwlJ!N^N0I7{{wjql~>XwD&6d@CmGw55IIn+|d2i KqEH6zOZ5O0f)uj= diff --git a/secrets/prololo-room2.secret b/secrets/prololo-room2.secret deleted file mode 100644 index 905ffdbd2548e2e8566bb6912ed280c85acfb062..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54 zcmZQ@_Y83kiVO&0&^!F>kLji8n-@08I}~}voSNUhbNbVt>$hg_k2Cw~P!P3mT8MW| Ln)wp`>a`~Ut}hyG diff --git a/services/default.nix b/services/default.nix index 1522988..9412e57 100644 --- a/services/default.nix +++ b/services/default.nix @@ -21,7 +21,6 @@ ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix - ./prololo.nix ./restic-backup.nix ./tailscale.nix ./tgv.nix diff --git a/services/prololo.nix b/services/prololo.nix deleted file mode 100644 index 11664f6..0000000 --- a/services/prololo.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.my.services.prololo; - my = config.my; - domain = config.networking.domain; - prololoPkg = - let - flake = builtins.getFlake "github:prologin/prololo?rev=65007253adb9f366698a450cc9343b30c8ac508f"; - in - flake.defaultPackage."x86_64-linux"; # FIXME: use correct system - settingsFormat = pkgs.formats.yaml {}; -in -{ - options.my.services.prololo = { - enable = lib.mkEnableOption "Prololo Matrix bot"; - - home = mkOption { - type = types.str; - default = "/var/lib/prololo"; - example = "/var/lib/prololo"; - description = "Home for the prololo service, where data will be stored"; - }; - - port = mkOption { - type = types.port; - default = 8080; - example = 8080; - description = "Internal port for Prololo Rocket server"; - }; - - settings = mkOption { - type = settingsFormat.type; - default = {}; - }; - }; - - config = - let - configFile = settingsFormat.generate "config.yaml" cfg.settings; - in mkIf cfg.enable - { - systemd.services.prololo = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Environment = [ - "ROCKET_PORT=${toString cfg.port}" - "ROCKET_LOG_LEVEL=normal" - "RUST_LOG=rocket=info,prololo=trace" - ]; - ExecStart = "${prololoPkg}/bin/prololo --config ${configFile}"; - StateDirectory = "prololo"; - WorkingDirectory = cfg.home; - User = "prololo"; - Group = "prololo"; - }; - }; - - users.users.prololo = { - isSystemUser = true; - home = cfg.home; - createHome = true; - group = "prololo"; - }; - users.groups.prololo = { }; - - services.nginx.virtualHosts = { - "prololo.${domain}" = { - forceSSL = true; - useACMEHost = domain; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - }; - }; - }; - }; -} From 4604e5861aea0f692a4b8df8343e42625d295c57 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 29 Sep 2021 13:36:48 +0200 Subject: [PATCH 155/904] flake.lock: Update Flake input changes: * Updated 'emacs-overlay': 'github:nix-community/emacs-overlay/8320c615b706f0d459544d7d37a59c5a5ff5e7e0' -> 'github:nix-community/emacs-overlay/961d6e84bcc5414e452f6cf674aef818575e317b' * Updated 'home-manager': 'github:nix-community/home-manager/039f786e609fdb3cfd9c5520ff3791750c3eaebf' -> 'github:nix-community/home-manager/959217e51dbd07d0de6dcbddfbfcb4f2efdc0c1e' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/4f6d8095fd51954120a1d08ea5896fe42dc3923b' -> 'github:NixOS/nixpkgs/31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497' * Updated 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/c678e050c1978110badd975274785265fc953a66' -> 'github:NixOS/nixpkgs/e0f52be5659343620d917e71c41e00acad6e3678' --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 39ce466..377dcff 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1631294328, - "narHash": "sha256-PYuZn7hloVUxvFWyhvt23cUGPxCQSkw7RvF7YIn1Ut0=", + "lastModified": 1632906667, + "narHash": "sha256-nTq9cKMT/8arwBKZgDppUn6oJF7I0EpFWGr8LAMZF74=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "8320c615b706f0d459544d7d37a59c5a5ff5e7e0", + "rev": "961d6e84bcc5414e452f6cf674aef818575e317b", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1631134124, - "narHash": "sha256-C17wJ2HyuFZllJ/PbpFuuDjkzWvg8np9UIAdSrpuwS0=", + "lastModified": 1632838573, + "narHash": "sha256-0GJKyDy7YYhN6s0qji+wzwnawvPzuovqfbmVloeYDcI=", "owner": "nix-community", "repo": "home-manager", - "rev": "039f786e609fdb3cfd9c5520ff3791750c3eaebf", + "rev": "959217e51dbd07d0de6dcbddfbfcb4f2efdc0c1e", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1631206977, - "narHash": "sha256-o3Dct9aJ5ht5UaTUBzXrRcK1RZt2eG5/xSlWJuUCVZM=", + "lastModified": 1632660378, + "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4f6d8095fd51954120a1d08ea5896fe42dc3923b", + "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1631264114, - "narHash": "sha256-9B/r68I5FKAtHFUQ2TRmWKEIbKFldMqNRrNRxDRRudM=", + "lastModified": 1632795409, + "narHash": "sha256-xDS2hNk5XC/11kw4AgvkUFYvRe7f+6knqEjaCJaEfBc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c678e050c1978110badd975274785265fc953a66", + "rev": "e0f52be5659343620d917e71c41e00acad6e3678", "type": "github" }, "original": { From cdb34a08daa5c4fc21b93eb6a46f895815f5887b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 29 Sep 2021 23:42:50 +0200 Subject: [PATCH 156/904] home: only mark emacs as editor if enabled --- home/emacs.nix | 4 ++++ home/env.nix | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/home/emacs.nix b/home/emacs.nix index 34d4dab..af4d593 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -5,6 +5,10 @@ }; config = lib.mkIf config.my.home.emacs.enable { + home.sessionVariables = { + EDITOR = "emacsclient -t"; + }; + home.packages = with pkgs; [ sqlite # needed by org-roam diff --git a/home/env.nix b/home/env.nix index c678b36..e196dd9 100644 --- a/home/env.nix +++ b/home/env.nix @@ -5,8 +5,4 @@ "${config.home.homeDirectory}/.cargo/bin" "${config.home.homeDirectory}/.local/bin" ]; - - home.sessionVariables = { - EDITOR = "emacsclient -t"; - }; } From 2e8f2431b5ecd05e0b24193b36b2583632f71dcb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 29 Sep 2021 23:43:59 +0200 Subject: [PATCH 157/904] boreal: remove blender from home packages --- hosts/boreal/home.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index bfb0788..6dd86d3 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -11,8 +11,6 @@ my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; home.packages = with pkgs; [ - blender - # some websites only work there :( chromium From 1e00f77576809d5c85bee76f019ba6344e8e77bf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Sep 2021 15:43:25 +0200 Subject: [PATCH 158/904] zephyrus: install arandr --- hosts/zephyrus/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 3c7aab5..0765fcb 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -63,6 +63,10 @@ in }; my.displayManager.sddm.enable = true; + environment.systemPackages = with pkgs; [ + arandr + ]; + hardware.bluetooth = { enable = true; powerOnBoot = false; From 1d3569f7f96b24e83a5a586e68a8f1a57713d7c9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Oct 2021 13:46:05 +0200 Subject: [PATCH 159/904] base: install docker --- base/programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/programs.nix b/base/programs.nix index 06191b2..9a4096a 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -19,6 +19,8 @@ bandwhich.enable = true; }; + virtualisation.docker.enable = true; + environment.systemPackages = with pkgs; [ # shell usage fd From 9532ca93c3078510a237e3107532180ee8a6443c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Oct 2021 13:48:31 +0200 Subject: [PATCH 160/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/961d6e84bcc5414e452f6cf674aef818575e317b' (2021-09-29) → 'github:nix-community/emacs-overlay/e64f85607c00e1d9ccb5b98854c0934deb7c0455' (2021-10-07) • Updated input 'home-manager': 'github:nix-community/home-manager/959217e51dbd07d0de6dcbddfbfcb4f2efdc0c1e' (2021-09-28) → 'github:nix-community/home-manager/d9fe208f3ccd7047a29eb31fd0cd3191c4445323' (2021-10-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497' (2021-09-26) → 'github:NixOS/nixpkgs/14aef06d9b3ad1d07626bdbb16083b83f92dc6c1' (2021-10-04) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/e0f52be5659343620d917e71c41e00acad6e3678' (2021-09-28) → 'github:NixOS/nixpkgs/ea4524e6cc7761c3cc271233fa97b5e7473f760a' (2021-10-07) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 377dcff..ebcdb33 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1632906667, - "narHash": "sha256-nTq9cKMT/8arwBKZgDppUn6oJF7I0EpFWGr8LAMZF74=", + "lastModified": 1633597810, + "narHash": "sha256-aC7g/ixMtPJ5KLltNqk4SmEooUrF+yuoaojLIjvgW/M=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "961d6e84bcc5414e452f6cf674aef818575e317b", + "rev": "e64f85607c00e1d9ccb5b98854c0934deb7c0455", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1632838573, - "narHash": "sha256-0GJKyDy7YYhN6s0qji+wzwnawvPzuovqfbmVloeYDcI=", + "lastModified": 1633531796, + "narHash": "sha256-fm1tcPf9yB+4ySxKETQk6hVpmbYZPVb27fEJFuIz6fA=", "owner": "nix-community", "repo": "home-manager", - "rev": "959217e51dbd07d0de6dcbddfbfcb4f2efdc0c1e", + "rev": "d9fe208f3ccd7047a29eb31fd0cd3191c4445323", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1632660378, - "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", + "lastModified": 1633351077, + "narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", + "rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1632795409, - "narHash": "sha256-xDS2hNk5XC/11kw4AgvkUFYvRe7f+6knqEjaCJaEfBc=", + "lastModified": 1633573942, + "narHash": "sha256-kmcYNDXiqNGJzi6gy55+aObl5wjFGp908zBMCklExqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e0f52be5659343620d917e71c41e00acad6e3678", + "rev": "ea4524e6cc7761c3cc271233fa97b5e7473f760a", "type": "github" }, "original": { From 8b646cdc586244f741bfe71be9c58997bb088009 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Oct 2021 17:05:41 +0200 Subject: [PATCH 161/904] home: fish: add docking / undocking scripts --- home/fish/functions/dock.fish | 19 +++++++++++++++++++ home/fish/functions/undock.fish | 11 +++++++++++ 2 files changed, 30 insertions(+) create mode 100644 home/fish/functions/dock.fish create mode 100644 home/fish/functions/undock.fish diff --git a/home/fish/functions/dock.fish b/home/fish/functions/dock.fish new file mode 100644 index 0000000..5780954 --- /dev/null +++ b/home/fish/functions/dock.fish @@ -0,0 +1,19 @@ +function dock + xrandr \ + --output eDP-1 --mode 1920x1080 --pos 1920x0 --rotate normal \ + --output DP-1-1 --primary --mode 1920x1200 --pos 0x0 --rotate normal \ + --output DP-1-2 --off \ + --output DP-1-3 --off \ + --output DP-1 --off \ + --output HDMI-1 --off \ + --output DP-2 --off \ + --output HDMI-2 --off + + i3-msg '[workspace="1"]' move workspace to output DP-1-1 + i3-msg '[workspace="2"]' move workspace to output DP-1-1 + i3-msg '[workspace="3"]' move workspace to output DP-1-1 + i3-msg '[workspace="4"]' move workspace to output DP-1-1 + i3-msg '[workspace="9"]' move workspace to output DP-1-1 + + i3-msg '[workspace="10"]' move workspace to output eDP-1 +end diff --git a/home/fish/functions/undock.fish b/home/fish/functions/undock.fish new file mode 100644 index 0000000..89cafe6 --- /dev/null +++ b/home/fish/functions/undock.fish @@ -0,0 +1,11 @@ +function undock + xrandr \ + --output eDP-1 --primary --mode 1920x1080 --pos 0x0 --rotate normal \ + --output DP-1-1 --off \ + --output DP-1-2 --off \ + --output DP-1-3 --off \ + --output DP-1 --off \ + --output HDMI-1 --off \ + --output DP-2 --off \ + --output HDMI-2 --off +end From 8c4053850ddacffb0fc142df42c7a5db1f7165f9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Oct 2021 14:38:42 +0200 Subject: [PATCH 162/904] base: add kakoune --- base/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/programs.nix b/base/programs.nix index 9a4096a..b220c48 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -37,6 +37,7 @@ git-lfs gnumake gnupg + kakoune pinentry-curses python3 vim From bdb1e300ecb58cbdec0f5400355086a1d065e10e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Oct 2021 11:58:34 +0200 Subject: [PATCH 163/904] home: i3: add media shortcuts for spotify --- home/x/i3.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index 8daed9b..9827bc2 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -87,6 +87,9 @@ in "XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; "XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + "XF86AudioPlay" = "exec --no-startup-id dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Play"; + "XF86AudioPause" = "exec --no-startup-id dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Pause"; + "XF86MonBrightnessDown" = "exec --no-startup-id light -U 5"; "XF86MonBrightnessUp" = "exec --no-startup-id light -A 5"; "${modifier}+XF86MonBrightnessDown" = "exec --no-startup-id light -U 0.1"; From 0fc78b9f96452ecd8156f1b8f3818a5adf651509 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Oct 2021 12:00:24 +0200 Subject: [PATCH 164/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/e64f85607c00e1d9ccb5b98854c0934deb7c0455' (2021-10-07) → 'github:nix-community/emacs-overlay/4afeb3a259dc19ff5a001e598dcd94885d439d24' (2021-10-19) • Updated input 'home-manager': 'github:nix-community/home-manager/d9fe208f3ccd7047a29eb31fd0cd3191c4445323' (2021-10-06) → 'github:nix-community/home-manager/b5d738b5a3f8c3738433e0aa6482afb4ac635380' (2021-10-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/14aef06d9b3ad1d07626bdbb16083b83f92dc6c1' (2021-10-04) → 'github:NixOS/nixpkgs/9aeeb7574fb784eaf6395f4400705b5f619e6cc3' (2021-10-17) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/ea4524e6cc7761c3cc271233fa97b5e7473f760a' (2021-10-07) → 'github:NixOS/nixpkgs/af1ac44440c3918910cf378a4ead96a94a3f6bd6' (2021-10-18) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index ebcdb33..53b8497 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1633597810, - "narHash": "sha256-aC7g/ixMtPJ5KLltNqk4SmEooUrF+yuoaojLIjvgW/M=", + "lastModified": 1634632586, + "narHash": "sha256-EK6/txPv2GyxVjG5MZjUZ92l1NZ0Z5IytK6xXoRMIVo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "e64f85607c00e1d9ccb5b98854c0934deb7c0455", + "rev": "4afeb3a259dc19ff5a001e598dcd94885d439d24", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1633531796, - "narHash": "sha256-fm1tcPf9yB+4ySxKETQk6hVpmbYZPVb27fEJFuIz6fA=", + "lastModified": 1634543124, + "narHash": "sha256-sPjP5GjZ0DgTgY8KljhGeix4L5ey7A3L1nm6lDffTh0=", "owner": "nix-community", "repo": "home-manager", - "rev": "d9fe208f3ccd7047a29eb31fd0cd3191c4445323", + "rev": "b5d738b5a3f8c3738433e0aa6482afb4ac635380", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1633351077, - "narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=", + "lastModified": 1634436779, + "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1", + "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1633573942, - "narHash": "sha256-kmcYNDXiqNGJzi6gy55+aObl5wjFGp908zBMCklExqo=", + "lastModified": 1634551892, + "narHash": "sha256-3qLpLhQhIeEMA7smlQiY/RdsDU3FyLqLM8eg3Udv9c8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea4524e6cc7761c3cc271233fa97b5e7473f760a", + "rev": "af1ac44440c3918910cf378a4ead96a94a3f6bd6", "type": "github" }, "original": { From 9c76f7757f8233a335ed556c53910eb14130f892 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Oct 2021 13:07:08 +0200 Subject: [PATCH 165/904] pkgs: spot: bump to 2.9.8 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 1296be1..cda1d5c 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ , python3 }: let - version = "2.9.7"; + version = "2.9.8"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-Hupn40Rs27u3Be5uJv2GkCDNt9gsVj/q2ctDlLm6oEw="; + sha256 = "sha256-t/QEu5CjNaWRQ4Tsw/w6ICH/IsV+6XpAwHuyq0DiDPk="; }; } From 9f3f3c8415d4bf8b812a0e67fbb5370970289d02 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Oct 2021 13:19:35 +0200 Subject: [PATCH 166/904] home: i3bar: remove music widget --- home/x/i3bar.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 42fc426..e3f0af7 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -101,12 +101,6 @@ in hide_disconnected = true; format = "{percentage}"; } - { - block = "music"; - player = "spotify"; - buttons = ["prev" "play" "next"]; - hide_when_empty = true; - } { block = "sound"; driver = "pulseaudio"; From f47411092bbb6a125c6eedf79bd244ad20f589b9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 25 Oct 2021 18:05:44 +0200 Subject: [PATCH 167/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/4afeb3a259dc19ff5a001e598dcd94885d439d24' (2021-10-19) → 'github:nix-community/emacs-overlay/8f1fe25dcf689f0e62063f9d8b56d436cb27a519' (2021-10-25) • Updated input 'home-manager': 'github:nix-community/home-manager/b5d738b5a3f8c3738433e0aa6482afb4ac635380' (2021-10-18) → 'github:nix-community/home-manager/da8a78eec9f7adb57f9e961d1da64805efacff37' (2021-10-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9aeeb7574fb784eaf6395f4400705b5f619e6cc3' (2021-10-17) → 'github:NixOS/nixpkgs/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be' (2021-10-21) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/af1ac44440c3918910cf378a4ead96a94a3f6bd6' (2021-10-18) → 'github:NixOS/nixpkgs/38d21595b8fb0a744aa31c5794013bf42cf98fa9' (2021-10-25) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 53b8497..9077c73 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1634632586, - "narHash": "sha256-EK6/txPv2GyxVjG5MZjUZ92l1NZ0Z5IytK6xXoRMIVo=", + "lastModified": 1635154104, + "narHash": "sha256-Ptu8u4Lfh80EwQX7vvlJtqUfFP9iYomzq8q5zvCBYnI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4afeb3a259dc19ff5a001e598dcd94885d439d24", + "rev": "8f1fe25dcf689f0e62063f9d8b56d436cb27a519", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1634543124, - "narHash": "sha256-sPjP5GjZ0DgTgY8KljhGeix4L5ey7A3L1nm6lDffTh0=", + "lastModified": 1635123562, + "narHash": "sha256-kYuwQqHXDYxy5ijpm8SvCoPNx0br1TpoWeTIOEwOYvA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5d738b5a3f8c3738433e0aa6482afb4ac635380", + "rev": "da8a78eec9f7adb57f9e961d1da64805efacff37", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1634436779, - "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", + "lastModified": 1634782485, + "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", + "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1634551892, - "narHash": "sha256-3qLpLhQhIeEMA7smlQiY/RdsDU3FyLqLM8eg3Udv9c8=", + "lastModified": 1635141467, + "narHash": "sha256-H+TVE6tBSm4nAepm7HRfW7AcrndI5e4+TJwCQo4/z+s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "af1ac44440c3918910cf378a4ead96a94a3f6bd6", + "rev": "38d21595b8fb0a744aa31c5794013bf42cf98fa9", "type": "github" }, "original": { From d180209ba3c720d57dfa24dbb965351750e67a35 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 31 Oct 2021 14:22:30 +0100 Subject: [PATCH 168/904] base: install drill by default --- base/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/programs.nix b/base/programs.nix index b220c48..28e1143 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -49,6 +49,7 @@ dogdns du-dust htop + ldns # drill tealdeer unzip zip From fe49bf48d5c6b44b79fbae61953d62a41164e078 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 31 Oct 2021 14:22:42 +0100 Subject: [PATCH 169/904] base: gui: install virt-manager --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index bf71c5d..59f3846 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -14,6 +14,7 @@ tdesktop teams thunderbird + virt-manager zathura unstable.discord From 85f2bd9ea1d84807f0ec24712c818177bb75178d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 2 Nov 2021 15:06:06 +0100 Subject: [PATCH 170/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/8f1fe25dcf689f0e62063f9d8b56d436cb27a519' (2021-10-25) → 'github:nix-community/emacs-overlay/8a408af9df1cd99b7f198136edc229071c1389d3' (2021-11-02) • Updated input 'home-manager': 'github:nix-community/home-manager/da8a78eec9f7adb57f9e961d1da64805efacff37' (2021-10-25) → 'github:nix-community/home-manager/288faaa5a65e72e37e6027024829b15c8bb69286' (2021-11-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be' (2021-10-21) → 'github:NixOS/nixpkgs/b165ce0c4efbb74246714b5c66b6bcdce8cde175' (2021-11-01) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/38d21595b8fb0a744aa31c5794013bf42cf98fa9' (2021-10-25) → 'github:NixOS/nixpkgs/94d91a448b87a70204485bd768977c07575911e8' (2021-11-02) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9077c73..12287bc 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1635154104, - "narHash": "sha256-Ptu8u4Lfh80EwQX7vvlJtqUfFP9iYomzq8q5zvCBYnI=", + "lastModified": 1635849715, + "narHash": "sha256-gHbdX7nJOGZ9lZU9EwSPMh3hj7ojO8dlo8VyDH0Hpa0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "8f1fe25dcf689f0e62063f9d8b56d436cb27a519", + "rev": "8a408af9df1cd99b7f198136edc229071c1389d3", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1635123562, - "narHash": "sha256-kYuwQqHXDYxy5ijpm8SvCoPNx0br1TpoWeTIOEwOYvA=", + "lastModified": 1635839387, + "narHash": "sha256-2B6DqfTiwY5w2TljC4+AxEUuVYMTP5Fo2h5iGNIONvk=", "owner": "nix-community", "repo": "home-manager", - "rev": "da8a78eec9f7adb57f9e961d1da64805efacff37", + "rev": "288faaa5a65e72e37e6027024829b15c8bb69286", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1634782485, - "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", + "lastModified": 1635792138, + "narHash": "sha256-D79GqaYrwgyM4wvOPbQeKveAHROnVh97F36iSGZO9uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", + "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1635141467, - "narHash": "sha256-H+TVE6tBSm4nAepm7HRfW7AcrndI5e4+TJwCQo4/z+s=", + "lastModified": 1635835164, + "narHash": "sha256-E8MI6D+uX5O7MJwfEa+MZb7L9tonbbn4VZDkqkLZeQc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "38d21595b8fb0a744aa31c5794013bf42cf98fa9", + "rev": "94d91a448b87a70204485bd768977c07575911e8", "type": "github" }, "original": { From 0f08890ac1490834bc553563552d791a5bff8c2f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 2 Nov 2021 15:20:55 +0100 Subject: [PATCH 171/904] home: fish: quiet docking script --- home/fish/functions/dock.fish | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/home/fish/functions/dock.fish b/home/fish/functions/dock.fish index 5780954..0eb28e3 100644 --- a/home/fish/functions/dock.fish +++ b/home/fish/functions/dock.fish @@ -9,11 +9,11 @@ function dock --output DP-2 --off \ --output HDMI-2 --off - i3-msg '[workspace="1"]' move workspace to output DP-1-1 - i3-msg '[workspace="2"]' move workspace to output DP-1-1 - i3-msg '[workspace="3"]' move workspace to output DP-1-1 - i3-msg '[workspace="4"]' move workspace to output DP-1-1 - i3-msg '[workspace="9"]' move workspace to output DP-1-1 + i3-msg -q '[workspace="1"]' move workspace to output DP-1-1 2>/dev/null + i3-msg -q '[workspace="2"]' move workspace to output DP-1-1 2>/dev/null + i3-msg -q '[workspace="3"]' move workspace to output DP-1-1 2>/dev/null + i3-msg -q '[workspace="4"]' move workspace to output DP-1-1 2>/dev/null + i3-msg -q '[workspace="9"]' move workspace to output DP-1-1 2>/dev/null - i3-msg '[workspace="10"]' move workspace to output eDP-1 + i3-msg -q '[workspace="10"]' move workspace to output eDP-1 2>/dev/null end From 1ec4e5e88f3b542b19acc88c0eb4c6d4aadb2625 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 2 Nov 2021 16:24:26 +0100 Subject: [PATCH 172/904] github: bump install-nix-action --- .github/workflows/cachix.yaml | 5 +++-- .github/workflows/nur-update.yaml | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 7a47d30..7905fcb 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -5,14 +5,15 @@ on: - 'pkgs/**' - 'flake.nix' - 'flake.lock' + - '.github/workflows/*' jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v13 + - uses: cachix/install-nix-action@v14 with: - install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install + install_url: https://nixos-nix-install-tests.cachix.org/serve/vij683ly7sl95nnhb67bdjjfabclr85m/install install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve' extra_nix_config: | experimental-features = nix-command flakes diff --git a/.github/workflows/nur-update.yaml b/.github/workflows/nur-update.yaml index bcf60ab..87feeb6 100644 --- a/.github/workflows/nur-update.yaml +++ b/.github/workflows/nur-update.yaml @@ -4,6 +4,7 @@ on: - 'main' paths: - 'pkgs/**' + - '.github/workflows/*' jobs: update-nur: From 28c39af38b03de908d6d955b026173692ca686b6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 2 Nov 2021 16:27:10 +0100 Subject: [PATCH 173/904] github: print build log --- .github/workflows/build-flake-packages.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-flake-packages.sh b/.github/workflows/build-flake-packages.sh index 9f387c8..2d68df1 100755 --- a/.github/workflows/build-flake-packages.sh +++ b/.github/workflows/build-flake-packages.sh @@ -10,5 +10,5 @@ PACKAGES=$(nix flake show \ | uniq) for package in $PACKAGES; do - nix build --verbose .#$package + nix build --verbose -L .#$package done From abf1bd436a68dbeec76136a42aae71f7a98c7a09 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 5 Nov 2021 16:06:10 +0100 Subject: [PATCH 174/904] github: use new --json flag to get packages --- .github/workflows/build-flake-packages.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-flake-packages.sh b/.github/workflows/build-flake-packages.sh index 2d68df1..4d002c7 100755 --- a/.github/workflows/build-flake-packages.sh +++ b/.github/workflows/build-flake-packages.sh @@ -2,12 +2,8 @@ set -xe -PACKAGES=$(nix flake show \ - | grep ': package' \ - | sed 's/\x1b\[[0-9;]*m//g' \ - | sed -E 's/^.*───([A-Za-z/"-]+):.*$/\1/' \ - | sort \ - | uniq) +PACKAGES=$(nix flake show --json \ + | jq '.packages."x86_64-linux" | keys[]') for package in $PACKAGES; do nix build --verbose -L .#$package From 88be471fe53da761b6692ef0566f646c30a5f51e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 5 Nov 2021 16:59:33 +0100 Subject: [PATCH 175/904] base: add obs-studio to gui-programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 59f3846..5dc286d 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -8,6 +8,7 @@ gnome.nautilus imagemagick mpv + obs-studio pavucontrol slack spotify From 4b5b14d0442e3231362a97f6f2dfc7a4ae7ada21 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 8 Nov 2021 10:37:33 +0100 Subject: [PATCH 176/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/8a408af9df1cd99b7f198136edc229071c1389d3' (2021-11-02) → 'github:nix-community/emacs-overlay/086344663fbd821023dd4cce8cb5eecc502c2769' (2021-11-08) • Updated input 'home-manager': 'github:nix-community/home-manager/288faaa5a65e72e37e6027024829b15c8bb69286' (2021-11-02) → 'github:nix-community/home-manager/2917ef23b398a22ee33fb34b5766b28728228ab1' (2021-11-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b165ce0c4efbb74246714b5c66b6bcdce8cde175' (2021-11-01) → 'github:NixOS/nixpkgs/c935f5e0add2cf0ae650d072c8357533e21b0c35' (2021-11-07) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/94d91a448b87a70204485bd768977c07575911e8' (2021-11-02) → 'github:NixOS/nixpkgs/c9acf4782f2a830da29c18b77ec564cb73e22946' (2021-11-07) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 12287bc..3d51ff3 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1635849715, - "narHash": "sha256-gHbdX7nJOGZ9lZU9EwSPMh3hj7ojO8dlo8VyDH0Hpa0=", + "lastModified": 1636363962, + "narHash": "sha256-DyF+NBIPF7f8IZ6zI0NKbTjnfAq7tTSr74k2zVolQsw=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "8a408af9df1cd99b7f198136edc229071c1389d3", + "rev": "086344663fbd821023dd4cce8cb5eecc502c2769", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1635839387, - "narHash": "sha256-2B6DqfTiwY5w2TljC4+AxEUuVYMTP5Fo2h5iGNIONvk=", + "lastModified": 1636274622, + "narHash": "sha256-tZYuGhqcfH7piCsrUrIYM0P3oPJcoBxGkuxeFNVxkCc=", "owner": "nix-community", "repo": "home-manager", - "rev": "288faaa5a65e72e37e6027024829b15c8bb69286", + "rev": "2917ef23b398a22ee33fb34b5766b28728228ab1", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1635792138, - "narHash": "sha256-D79GqaYrwgyM4wvOPbQeKveAHROnVh97F36iSGZO9uA=", + "lastModified": 1636267212, + "narHash": "sha256-KDS173KqmqrYUPY9N4vf750GxIo+S6E0djyq2BsQm8s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", + "rev": "c935f5e0add2cf0ae650d072c8357533e21b0c35", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1635835164, - "narHash": "sha256-E8MI6D+uX5O7MJwfEa+MZb7L9tonbbn4VZDkqkLZeQc=", + "lastModified": 1636300541, + "narHash": "sha256-UiaOhzCeJX0EpHl/iVxsqpoS0blSG2yZnR4JrN8GcvM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94d91a448b87a70204485bd768977c07575911e8", + "rev": "c9acf4782f2a830da29c18b77ec564cb73e22946", "type": "github" }, "original": { From f558b4b680c41b546dd7b19313c3b675b12e792a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 17 Nov 2021 00:58:54 +0100 Subject: [PATCH 177/904] poseidon: upgrade deprecated options --- secrets/default.nix | 2 +- services/nextcloud.nix | 2 +- services/restic-backup.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/secrets/default.nix b/secrets/default.nix index 59c9049..59df0a1 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -11,7 +11,7 @@ with lib; shadow-hashed-password-root = lib.fileContents ./shadow-hashed-password-root.secret; miniflux-admin-credentials = lib.fileContents ./miniflux-admin-credentials.secret; transmission-password = lib.fileContents ./transmission.secret; - nextcloud-admin-pass = lib.fileContents ./nextcloud-admin-pass.secret; + nextcloud-admin-pass = ./nextcloud-admin-pass.secret; nextcloud-admin-user = lib.fileContents ./nextcloud-admin-user.secret; lohr-shared-secret = lib.fileContents ./lohr-shared-secret.secret; gandiKey = lib.fileContents ./gandi-api-key.secret; diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 3a8e793..799208e 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -58,7 +58,7 @@ in dbhost = "/run/postgresql"; adminuser = my.secrets.nextcloud-admin-user; - adminpass = my.secrets.nextcloud-admin-pass; + adminpassFile = "${my.secrets.nextcloud-admin-pass}"; }; }; diff --git a/services/restic-backup.nix b/services/restic-backup.nix index ccbe44e..e83fdbc 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -68,7 +68,7 @@ in { repository = cfg.repo; passwordFile = "/root/restic/password"; - s3CredentialsFile = "/root/restic/creds"; + environmentFile = "/root/restic/creds"; extraBackupArgs = [ "--verbose=2" ] ++ optional (builtins.length cfg.exclude != 0) excludeArg; From fb1a53e73d356148c348602ff92f3b5cdd7a2205 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 17 Nov 2021 02:29:06 +0100 Subject: [PATCH 178/904] services: fava: workaround file not found bug --- services/fava.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/fava.nix b/services/fava.nix index 48ea530..de0d2d9 100644 --- a/services/fava.nix +++ b/services/fava.nix @@ -38,7 +38,7 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig = { Environment = []; - ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.filePath}"; + ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}"; WorkingDirectory = cfg.home; User = "fava"; Group = "fava"; From 2e412c1004317045e6cf003d4c0435ea8dcb5177 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 17 Nov 2021 02:56:42 +0100 Subject: [PATCH 179/904] base: add ffmpeg to gui programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 5dc286d..9f6f862 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -4,6 +4,7 @@ element-desktop feh firefox + ffmpeg gimp gnome.nautilus imagemagick From 0de88dfb81c69b046739f142f3a69aaa3f5de4aa Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 19 Nov 2021 11:44:44 +0100 Subject: [PATCH 180/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/086344663fbd821023dd4cce8cb5eecc502c2769' (2021-11-08) → 'github:nix-community/emacs-overlay/cc2cdfc1212057526f1f8f48b91cf58f49a1c3ae' (2021-11-19) • Updated input 'home-manager': 'github:nix-community/home-manager/2917ef23b398a22ee33fb34b5766b28728228ab1' (2021-11-07) → 'github:nix-community/home-manager/2452979efe92128b03e3c27567267066c2825fab' (2021-11-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c935f5e0add2cf0ae650d072c8357533e21b0c35' (2021-11-07) → 'github:NixOS/nixpkgs/931ab058daa7e4cd539533963f95e2bb0dbd41e6' (2021-11-15) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/c9acf4782f2a830da29c18b77ec564cb73e22946' (2021-11-07) → 'github:NixOS/nixpkgs/42d32516400c1d821d275a5460900bbaef3d3bf1' (2021-11-18) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3d51ff3..bf431a0 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1636363962, - "narHash": "sha256-DyF+NBIPF7f8IZ6zI0NKbTjnfAq7tTSr74k2zVolQsw=", + "lastModified": 1637314118, + "narHash": "sha256-npGYpjp2Zc53p3adMQouTq+F+YI/X1aJiDL0DozzWOs=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "086344663fbd821023dd4cce8cb5eecc502c2769", + "rev": "cc2cdfc1212057526f1f8f48b91cf58f49a1c3ae", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1636274622, - "narHash": "sha256-tZYuGhqcfH7piCsrUrIYM0P3oPJcoBxGkuxeFNVxkCc=", + "lastModified": 1637249535, + "narHash": "sha256-RCatEYQ+uqsZOZpN4ZOtSoO7CJTiQpHNdPjUA0jtejw=", "owner": "nix-community", "repo": "home-manager", - "rev": "2917ef23b398a22ee33fb34b5766b28728228ab1", + "rev": "2452979efe92128b03e3c27567267066c2825fab", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1636267212, - "narHash": "sha256-KDS173KqmqrYUPY9N4vf750GxIo+S6E0djyq2BsQm8s=", + "lastModified": 1636976544, + "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c935f5e0add2cf0ae650d072c8357533e21b0c35", + "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1636300541, - "narHash": "sha256-UiaOhzCeJX0EpHl/iVxsqpoS0blSG2yZnR4JrN8GcvM=", + "lastModified": 1637209424, + "narHash": "sha256-oXw75hkCOVtoB+CEElWiTmkC1gNdL3jf0tG2GInytHA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c9acf4782f2a830da29c18b77ec564cb73e22946", + "rev": "42d32516400c1d821d275a5460900bbaef3d3bf1", "type": "github" }, "original": { From 95d9ff424938edcb7765712a3e7368938011d440 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 19 Nov 2021 11:45:36 +0100 Subject: [PATCH 181/904] base: nix: nix 2.4 is now stable --- base/nix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/nix.nix b/base/nix.nix index 92e4b84..dd9842b 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -3,7 +3,7 @@ nixpkgs.config.allowUnfree = true; nix = { - package = pkgs.nixUnstable; + package = pkgs.nixStable; extraOptions = '' experimental-features = nix-command flakes ''; From 69190d7181d516cd029f6b29eda2d4d4a483e215 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 19 Nov 2021 12:04:58 +0100 Subject: [PATCH 182/904] pkgs: spot: bump to 2.10 --- pkgs/spot/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index cda1d5c..b11d889 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -1,9 +1,9 @@ -{ lib, stdenv +{ stdenv , fetchurl , python3 }: let - version = "2.9.8"; + version = "2.10"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-t/QEu5CjNaWRQ4Tsw/w6ICH/IsV+6XpAwHuyq0DiDPk="; + sha256 = "sha256-lm4yPBucERFK2/ADCoUqVxFk8YHZnjG9YWr+kTxSMWA="; }; } From c16d7dbc715996b2b80274bd89b5f319037d43a8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 19 Nov 2021 15:08:37 +0100 Subject: [PATCH 183/904] pkgs: spot: bump to 2.10.1 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index b11d889..124a2d4 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ , python3 }: let - version = "2.10"; + version = "2.10.1"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-lm4yPBucERFK2/ADCoUqVxFk8YHZnjG9YWr+kTxSMWA="; + sha256 = "sha256-OAApifyONyWEGgU3Zluy1d/CWdLgk1gQAyLDj0x0ga0="; }; } From 316860cdeecfa6f63b4853fe8e4841ab35958792 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 26 Nov 2021 21:04:45 +0100 Subject: [PATCH 184/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/cc2cdfc1212057526f1f8f48b91cf58f49a1c3ae' (2021-11-19) → 'github:nix-community/emacs-overlay/df5519990439ca5e65e72107d5ed83b846e53f6a' (2021-11-24) • Updated input 'home-manager': 'github:nix-community/home-manager/2452979efe92128b03e3c27567267066c2825fab' (2021-11-18) → 'github:nix-community/home-manager/df931a59a5864d6ff0c5d83598135816f8593647' (2021-11-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/931ab058daa7e4cd539533963f95e2bb0dbd41e6' (2021-11-15) → 'github:NixOS/nixpkgs/263ef4cc4146c9fab808085487438c625d4426a9' (2021-11-22) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/42d32516400c1d821d275a5460900bbaef3d3bf1' (2021-11-18) → 'github:NixOS/nixpkgs/5dadb7717f34c2fb95bedc22cf279ef9eb095983' (2021-11-24) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index bf431a0..5a4a511 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1637314118, - "narHash": "sha256-npGYpjp2Zc53p3adMQouTq+F+YI/X1aJiDL0DozzWOs=", + "lastModified": 1637719161, + "narHash": "sha256-W7o+USyW1MqpdQVturGQT3xW7QFZEjraeT5Tuc0mzZE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "cc2cdfc1212057526f1f8f48b91cf58f49a1c3ae", + "rev": "df5519990439ca5e65e72107d5ed83b846e53f6a", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1637249535, - "narHash": "sha256-RCatEYQ+uqsZOZpN4ZOtSoO7CJTiQpHNdPjUA0jtejw=", + "lastModified": 1637721183, + "narHash": "sha256-4CAKKxrt9l0Hbl57Uypo7ol93Ko+5Yn+7xWWCMUyHQ8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2452979efe92128b03e3c27567267066c2825fab", + "rev": "df931a59a5864d6ff0c5d83598135816f8593647", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "lastModified": 1637595801, + "narHash": "sha256-LkIMwVFKCuEqidaUdg8uxwpESAXjsPo4oCz3eJ7RaRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "263ef4cc4146c9fab808085487438c625d4426a9", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1637209424, - "narHash": "sha256-oXw75hkCOVtoB+CEElWiTmkC1gNdL3jf0tG2GInytHA=", + "lastModified": 1637737052, + "narHash": "sha256-6dXZrqIz4TSSHRHDuM3fyTEnF78A3lawM1kKamyRM/4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42d32516400c1d821d275a5460900bbaef3d3bf1", + "rev": "5dadb7717f34c2fb95bedc22cf279ef9eb095983", "type": "github" }, "original": { From 7e001a35363218c90a4eff665f14c1acae91b50f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 26 Nov 2021 21:06:02 +0100 Subject: [PATCH 185/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/df5519990439ca5e65e72107d5ed83b846e53f6a' (2021-11-24) → 'github:nix-community/emacs-overlay/66cf86d29d3482e84d3a03f5c647abbdd03c34dc' (2021-11-26) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 5a4a511..32b937e 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1637719161, - "narHash": "sha256-W7o+USyW1MqpdQVturGQT3xW7QFZEjraeT5Tuc0mzZE=", + "lastModified": 1637947500, + "narHash": "sha256-UmzI/Y8ujqOd5uuicYfQdq7INyeACfQU9Qsotge5BHk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "df5519990439ca5e65e72107d5ed83b846e53f6a", + "rev": "66cf86d29d3482e84d3a03f5c647abbdd03c34dc", "type": "github" }, "original": { From eb757915c3fa91d6ffb8771a778403ac5579ab33 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 26 Nov 2021 22:06:37 +0100 Subject: [PATCH 186/904] home: emacs: pin to emacs 28 --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index af4d593..4edbf5f 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -27,7 +27,7 @@ programs.emacs = { enable = true; - package = pkgs.emacsPgtkGcc; + package = pkgs.emacsGcc28; }; }; } From 5e593100d94252169f00b9c6a440cbc8d72cc6eb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 30 Nov 2021 14:23:14 +0100 Subject: [PATCH 187/904] home: git: enable delta diffing tool --- home/git.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home/git.nix b/home/git.nix index 9122e2a..1b5adb5 100644 --- a/home/git.nix +++ b/home/git.nix @@ -9,6 +9,12 @@ in programs.git = { enable = true; + delta = { + enable = true; + options = { + syntax-theme = "Solarized (light)"; + }; + }; lfs.enable = true; userEmail = "antoine@alarsyo.net"; From 5e9d1ad49b2557dd72d05b5b89a8b84cabffa132 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 3 Dec 2021 15:54:21 +0100 Subject: [PATCH 188/904] home: tridactyl: blacklist localhost Jupyter notebooks have handy shortcuts --- home/tridactylrc | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tridactylrc b/home/tridactylrc index 2b756e3..a6a60e6 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -29,3 +29,4 @@ set editorcmd emacsclient -c set yankto both blacklistadd netflix.com +blacklistadd localhost From d0a8fa17e5efb7e630aab0d3b7d716a22f2e9d73 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 3 Dec 2021 15:55:04 +0100 Subject: [PATCH 189/904] home: lorri: enable nix-direnv for direnv --- home/lorri.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/lorri.nix b/home/lorri.nix index 2567331..df4d23d 100644 --- a/home/lorri.nix +++ b/home/lorri.nix @@ -12,6 +12,10 @@ in programs.direnv = { enable = true; enableFishIntegration = true; + # FIXME: proper file, not lorri.nix + nix-direnv = { + enable = true; + }; }; }; } From 18bebf3eb23bef28d7dcb01afe547529974d5a8e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 3 Dec 2021 15:56:05 +0100 Subject: [PATCH 190/904] pkgs: spot: bump to 2.10.2 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 124a2d4..ff1851b 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ , python3 }: let - version = "2.10.1"; + version = "2.10.2"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-OAApifyONyWEGgU3Zluy1d/CWdLgk1gQAyLDj0x0ga0="; + sha256 = "sha256-wcS6TxyHkZs9J0koDH6ZWafYKkpDqXoZ7KCjyiJgUGY="; }; } From af8af9eb758481259695e2b36ff64d9a3e49ec59 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 4 Dec 2021 22:20:23 +0100 Subject: [PATCH 191/904] zephyrus: use default LTS kernel release Linux 5.15.x had a bluetooth bug until 5.15.4, and I just don't need a really recent kernel in general, so let's use the LTS, slow moving release for now. --- hosts/zephyrus/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 0765fcb..e57efc2 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -13,7 +13,7 @@ in ./home.nix ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From 29f58a32041bd16d477072bb28df7fcc7bf9e47a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Dec 2021 15:58:17 +0100 Subject: [PATCH 192/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/66cf86d29d3482e84d3a03f5c647abbdd03c34dc' (2021-11-26) → 'github:nix-community/emacs-overlay/90e1419696ac7f13f2a5be35fddd85af8068cabb' (2021-12-14) • Updated input 'home-manager': 'github:nix-community/home-manager/df931a59a5864d6ff0c5d83598135816f8593647' (2021-11-24) → 'github:nix-community/home-manager/c1677de31a53972a21201d56d4a792461b0c8e73' (2021-12-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/263ef4cc4146c9fab808085487438c625d4426a9' (2021-11-22) → 'github:NixOS/nixpkgs/b0bf5f888d377dd2f36d90340df6dc9f035aaada' (2021-12-12) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/5dadb7717f34c2fb95bedc22cf279ef9eb095983' (2021-11-24) → 'github:NixOS/nixpkgs/69958994ab2c4c41f82db658ae6333b91079bcf6' (2021-12-14) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 32b937e..217f7b2 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1637947500, - "narHash": "sha256-UmzI/Y8ujqOd5uuicYfQdq7INyeACfQU9Qsotge5BHk=", + "lastModified": 1639446817, + "narHash": "sha256-mImncqYBGgto1mcdun8vV/JMILgcLvaAskbR4o7MkJE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "66cf86d29d3482e84d3a03f5c647abbdd03c34dc", + "rev": "90e1419696ac7f13f2a5be35fddd85af8068cabb", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1637721183, - "narHash": "sha256-4CAKKxrt9l0Hbl57Uypo7ol93Ko+5Yn+7xWWCMUyHQ8=", + "lastModified": 1639464984, + "narHash": "sha256-AOD8hPHpF0XFSk3AO5PWEETNX9M2cYZgMZQ91xA7g6E=", "owner": "nix-community", "repo": "home-manager", - "rev": "df931a59a5864d6ff0c5d83598135816f8593647", + "rev": "c1677de31a53972a21201d56d4a792461b0c8e73", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637595801, - "narHash": "sha256-LkIMwVFKCuEqidaUdg8uxwpESAXjsPo4oCz3eJ7RaRw=", + "lastModified": 1639347265, + "narHash": "sha256-q5feWoC64+h6T6J89o2HJJ8DOnB/4vwMODBlZIgeIlA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "263ef4cc4146c9fab808085487438c625d4426a9", + "rev": "b0bf5f888d377dd2f36d90340df6dc9f035aaada", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1637737052, - "narHash": "sha256-6dXZrqIz4TSSHRHDuM3fyTEnF78A3lawM1kKamyRM/4=", + "lastModified": 1639442420, + "narHash": "sha256-GL4Q5gDXDHxLPZD1Rg8kk6M6S+NqxDjTu0XqGF/Xhuc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5dadb7717f34c2fb95bedc22cf279ef9eb095983", + "rev": "69958994ab2c4c41f82db658ae6333b91079bcf6", "type": "github" }, "original": { From c3457db32e9fe90629bbb1b74c50429da955dc8b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Dec 2021 16:27:16 +0100 Subject: [PATCH 193/904] home: emacs: revert to emacsGcc Following overlay update, the name change was reverted --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 4edbf5f..e03335d 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -27,7 +27,7 @@ programs.emacs = { enable = true; - package = pkgs.emacsGcc28; + package = pkgs.emacsGcc; }; }; } From 44a50f94f4904244ed07c33bee0c266959d73244 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 19 Dec 2021 15:17:39 +0100 Subject: [PATCH 194/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/90e1419696ac7f13f2a5be35fddd85af8068cabb' (2021-12-14) → 'github:nix-community/emacs-overlay/1d40515d8ca7bb3bac4b7405c4bd19b2a41f200c' (2021-12-19) • Updated input 'home-manager': 'github:nix-community/home-manager/c1677de31a53972a21201d56d4a792461b0c8e73' (2021-12-14) → 'github:nix-community/home-manager/3db603677509eb0b8c396a3234b1d4b70d023894' (2021-12-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b0bf5f888d377dd2f36d90340df6dc9f035aaada' (2021-12-12) → 'github:NixOS/nixpkgs/03ec468b14067729a285c2c7cfa7b9434a04816c' (2021-12-17) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/69958994ab2c4c41f82db658ae6333b91079bcf6' (2021-12-14) → 'github:NixOS/nixpkgs/42c2003e5a0c21b1222e2e17f95c2cc926852ebe' (2021-12-19) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 217f7b2..50f2a32 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1639446817, - "narHash": "sha256-mImncqYBGgto1mcdun8vV/JMILgcLvaAskbR4o7MkJE=", + "lastModified": 1639915649, + "narHash": "sha256-8ygMVY2AgS7R0/yGUyolmzdFgj6LGZ5fJyKzR1orRGI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "90e1419696ac7f13f2a5be35fddd85af8068cabb", + "rev": "1d40515d8ca7bb3bac4b7405c4bd19b2a41f200c", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1639464984, - "narHash": "sha256-AOD8hPHpF0XFSk3AO5PWEETNX9M2cYZgMZQ91xA7g6E=", + "lastModified": 1639891275, + "narHash": "sha256-2IMLVTtOHV9kBsirGPRpo8NE48Mjq20iXN7l7uy0YjE=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1677de31a53972a21201d56d4a792461b0c8e73", + "rev": "3db603677509eb0b8c396a3234b1d4b70d023894", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1639347265, - "narHash": "sha256-q5feWoC64+h6T6J89o2HJJ8DOnB/4vwMODBlZIgeIlA=", + "lastModified": 1639699734, + "narHash": "sha256-tlX6WebGmiHb2Hmniff+ltYp+7dRfdsBxw9YczLsP60=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0bf5f888d377dd2f36d90340df6dc9f035aaada", + "rev": "03ec468b14067729a285c2c7cfa7b9434a04816c", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1639442420, - "narHash": "sha256-GL4Q5gDXDHxLPZD1Rg8kk6M6S+NqxDjTu0XqGF/Xhuc=", + "lastModified": 1639886505, + "narHash": "sha256-m+AXCGzJkoDb4zXg5Wh905Joh2Lf7n585c0q6OTFe9w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "69958994ab2c4c41f82db658ae6333b91079bcf6", + "rev": "42c2003e5a0c21b1222e2e17f95c2cc926852ebe", "type": "github" }, "original": { From f5bbde2e5fd16cc74130ede0a63bb449412ee6f9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 19 Dec 2021 17:34:59 +0100 Subject: [PATCH 195/904] home: emacs: go back to emacsPgtkGcc --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index e03335d..af4d593 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -27,7 +27,7 @@ programs.emacs = { enable = true; - package = pkgs.emacsGcc; + package = pkgs.emacsPgtkGcc; }; }; } From 788e95e596410512bf003ff78f24edfbd337be2b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 19 Dec 2021 17:35:15 +0100 Subject: [PATCH 196/904] flake: expose emacsPgtkGcc in flake This way it's cached in CI --- flake.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 2363356..a30b5d8 100644 --- a/flake.nix +++ b/flake.nix @@ -127,7 +127,16 @@ }; } // inputs.flake-utils.lib.eachDefaultSystem (system: { packages = - inputs.flake-utils.lib.flattenTree - (import ./pkgs { pkgs = import nixpkgs { inherit system; }; }); + ( + inputs.flake-utils.lib.flattenTree + (import ./pkgs { pkgs = import nixpkgs { inherit system; }; }) + ) // { + emacsPgtkGcc = ( + import nixpkgs { + inherit system; + overlays = [ inputs.emacs-overlay.overlay ]; + } + ).emacsPgtkGcc; + }; }); } From 55a1ff49e92ea31ac04658630edc05931f494385 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 22 Dec 2021 15:13:16 +0100 Subject: [PATCH 197/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'home-manager': 'github:nix-community/home-manager/3db603677509eb0b8c396a3234b1d4b70d023894' (2021-12-19) → 'github:nix-community/home-manager/1b03a8ab7af9385b70b7d7c319c4a31a58c5cfa5' (2021-12-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/03ec468b14067729a285c2c7cfa7b9434a04816c' (2021-12-17) → 'github:NixOS/nixpkgs/81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d' (2021-12-22) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/42c2003e5a0c21b1222e2e17f95c2cc926852ebe' (2021-12-19) → 'github:NixOS/nixpkgs/3a13552f56dccb1ce312d9977d49a21651945f46' (2021-12-22) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 50f2a32..8787048 100644 --- a/flake.lock +++ b/flake.lock @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1639891275, - "narHash": "sha256-2IMLVTtOHV9kBsirGPRpo8NE48Mjq20iXN7l7uy0YjE=", + "lastModified": 1640126586, + "narHash": "sha256-Brja0wQZFSl+hduOcBfE/oVPs0QattbILSMHC7/9fEg=", "owner": "nix-community", "repo": "home-manager", - "rev": "3db603677509eb0b8c396a3234b1d4b70d023894", + "rev": "1b03a8ab7af9385b70b7d7c319c4a31a58c5cfa5", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1639699734, - "narHash": "sha256-tlX6WebGmiHb2Hmniff+ltYp+7dRfdsBxw9YczLsP60=", + "lastModified": 1640139330, + "narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "03ec468b14067729a285c2c7cfa7b9434a04816c", + "rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1639886505, - "narHash": "sha256-m+AXCGzJkoDb4zXg5Wh905Joh2Lf7n585c0q6OTFe9w=", + "lastModified": 1640167347, + "narHash": "sha256-R8S7K9a7gIHup4h8loKiAGdxhX5Z2tus+sOE2wQGNqk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42c2003e5a0c21b1222e2e17f95c2cc926852ebe", + "rev": "3a13552f56dccb1ce312d9977d49a21651945f46", "type": "github" }, "original": { From ed7cacb3b4f243d4be2e0b1f2d0a51cc86a81ae4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 22 Dec 2021 18:07:14 +0100 Subject: [PATCH 198/904] services: nextcloud: upgrade to nextcloud 23 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 799208e..ec7627a 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -43,7 +43,7 @@ in hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud22; + package = pkgs.nextcloud23; maxUploadSize = "1G"; From 516cbd4ae70a93865f24f1963e058f495c0ff748 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 22 Dec 2021 19:17:16 +0100 Subject: [PATCH 199/904] services: paperless: switch from docker to nixos --- secrets/default.nix | 1 + secrets/paperless/admin-password.secret | Bin 0 -> 87 bytes secrets/paperless/default.nix | 5 ++ secrets/paperless/secret-key-file.secret | Bin 0 -> 151 bytes services/paperless.nix | 66 +++++++++++++++++++---- 5 files changed, 61 insertions(+), 11 deletions(-) create mode 100644 secrets/paperless/admin-password.secret create mode 100644 secrets/paperless/default.nix create mode 100644 secrets/paperless/secret-key-file.secret diff --git a/secrets/default.nix b/secrets/default.nix index 59df0a1..4b7baca 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -17,6 +17,7 @@ with lib; gandiKey = lib.fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; + paperless = import ./paperless { inherit lib; }; restic-backup = import ./restic-backup { inherit lib; }; matrixEmailConfig = import ./matrix-email-config.nix; diff --git a/secrets/paperless/admin-password.secret b/secrets/paperless/admin-password.secret new file mode 100644 index 0000000000000000000000000000000000000000..e8111fc9ea28556e37773cbec45b9a3f61b4118f GIT binary patch literal 87 zcmZQ@_Y83kiVO&0V3c(#{Fr5BzfNth$^RwBTk0I+X0T=avR(hbKde3AN99sUrYYt1 t6PGn?khoc8BpZ<5XZrfNs^05usiHq0cbGpEP}wIv@3!iv{z$(M^8h$-C#nDd literal 0 HcmV?d00001 diff --git a/secrets/paperless/default.nix b/secrets/paperless/default.nix new file mode 100644 index 0000000..968404d --- /dev/null +++ b/secrets/paperless/default.nix @@ -0,0 +1,5 @@ +{ lib }: +{ + secretKey = lib.fileContents ./secret-key-file.secret; + adminPassword = lib.fileContents ./admin-password.secret; +} diff --git a/secrets/paperless/secret-key-file.secret b/secrets/paperless/secret-key-file.secret new file mode 100644 index 0000000000000000000000000000000000000000..1f447d4d4e63202dfa9a7aa672ec3da4e9608db2 GIT binary patch literal 151 zcmZQ@_Y83kiVO&0*!(bI_R%+iscLWLm>rNbJpO%#zlP1;3m>_iFHbt3r@!@_LaTO% z~lugnj$%@a|39- Date: Wed, 22 Dec 2021 20:01:54 +0100 Subject: [PATCH 200/904] services: paperless: fix redis server warning --- services/paperless.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/services/paperless.nix b/services/paperless.nix index d358a6a..6341139 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -40,20 +40,26 @@ in PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = "alarsyo"; + + # FIXME: upstream module should be fixed instead of setting the redis URL myself + PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}"; }; }; systemd.services = { paperless-ng-server.serviceConfig = { EnvironmentFile = secretKeyFile; + BindReadOnlyPaths = [ config.services.redis.servers.paperless.unixSocket ]; }; paperless-ng-consumer.serviceConfig = { EnvironmentFile = secretKeyFile; + BindReadOnlyPaths = [ config.services.redis.servers.paperless.unixSocket ]; }; paperless-ng-web.serviceConfig = { EnvironmentFile = secretKeyFile; + BindReadOnlyPaths = [ config.services.redis.servers.paperless.unixSocket ]; }; }; @@ -68,6 +74,8 @@ in ]; }; + services.redis.servers.paperless.enable = true; + systemd.services.paperless-ng-server = { # Make sure the DB is available after = [ "postgresql.service" ]; @@ -99,6 +107,10 @@ in }; }; + users.users.${config.services.paperless-ng.user} = { + extraGroups = [ config.services.redis.servers.paperless.user ]; + }; + my.services.restic-backup = mkIf cfg.enable { paths = [ config.services.paperless-ng.dataDir From 196a9b97b7d4f407b2cb357466f08bc44e92fc7f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 22 Dec 2021 22:54:00 +0100 Subject: [PATCH 201/904] services: paperless: set ocr mode to noarchive --- services/paperless.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/paperless.nix b/services/paperless.nix index 6341139..09ceab8 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -36,6 +36,7 @@ in PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_OCR_LANGUAGE = "fra+eng"; + PAPERLESS_OCR_MODE = "skip_noarchive"; PAPERLESS_TIME_ZONE = config.time.timeZone; From 5371f0eeb51b78bb4dbaf7d8f005bbdd5665d620 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Dec 2021 14:52:44 +0100 Subject: [PATCH 202/904] services: paperless: make sure redis is started --- services/paperless.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless.nix b/services/paperless.nix index 09ceab8..b56450d 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -79,7 +79,7 @@ in systemd.services.paperless-ng-server = { # Make sure the DB is available - after = [ "postgresql.service" ]; + after = [ "postgresql.service" "redis-paperless.service" ]; }; services.nginx.virtualHosts = { From 34235fe7c1688f397e2cdac6f10c95f754949946 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Dec 2021 15:19:19 +0100 Subject: [PATCH 203/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/1d40515d8ca7bb3bac4b7405c4bd19b2a41f200c' (2021-12-19) → 'github:nix-community/emacs-overlay/8fffeeaac29e31719cc7c70ec425fa3f81428252' (2021-12-27) • Updated input 'home-manager': 'github:nix-community/home-manager/1b03a8ab7af9385b70b7d7c319c4a31a58c5cfa5' (2021-12-21) → 'github:nix-community/home-manager/48f2b381dd397ec88040d3354ac9c036739ba139' (2021-12-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d' (2021-12-22) → 'github:NixOS/nixpkgs/cb372c3b8880e504b06946e8fb2ca9777c685505' (2021-12-25) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/3a13552f56dccb1ce312d9977d49a21651945f46' (2021-12-22) → 'github:NixOS/nixpkgs/bd241e39f366eb7a41ea94f04f7af5c9508da632' (2021-12-26) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8787048..b50a4e9 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1639915649, - "narHash": "sha256-8ygMVY2AgS7R0/yGUyolmzdFgj6LGZ5fJyKzR1orRGI=", + "lastModified": 1640598568, + "narHash": "sha256-+L8E0XcqT2jXEYlUlABo1Oj7MDxy8JMWSRat46ZdkPY=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "1d40515d8ca7bb3bac4b7405c4bd19b2a41f200c", + "rev": "8fffeeaac29e31719cc7c70ec425fa3f81428252", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1640126586, - "narHash": "sha256-Brja0wQZFSl+hduOcBfE/oVPs0QattbILSMHC7/9fEg=", + "lastModified": 1640417317, + "narHash": "sha256-jT2uMARXs0Xm65ccroFsKyr4LTHSecw+9HAnmBdJO8U=", "owner": "nix-community", "repo": "home-manager", - "rev": "1b03a8ab7af9385b70b7d7c319c4a31a58c5cfa5", + "rev": "48f2b381dd397ec88040d3354ac9c036739ba139", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640139330, - "narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=", + "lastModified": 1640408860, + "narHash": "sha256-h2uF3+a8bVfM8SjcS4hLbsOzOuG3qsxuImC0BucWs1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d", + "rev": "cb372c3b8880e504b06946e8fb2ca9777c685505", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1640167347, - "narHash": "sha256-R8S7K9a7gIHup4h8loKiAGdxhX5Z2tus+sOE2wQGNqk=", + "lastModified": 1640554034, + "narHash": "sha256-gf7uo/CXrsna/S4Yfaklg8BnyRkDvo3poIzXCClyYaw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3a13552f56dccb1ce312d9977d49a21651945f46", + "rev": "bd241e39f366eb7a41ea94f04f7af5c9508da632", "type": "github" }, "original": { From b4d19a5bef6b8f566fa2fb86976f64a5ad9c8be5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Dec 2021 15:28:04 +0100 Subject: [PATCH 204/904] poseidon: remove docker from system --- hosts/poseidon/default.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index fb55c25..f458015 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -28,10 +28,6 @@ in }; }; - virtualisation.docker = { - enable = true; - }; - networking.hostName = "poseidon"; # Define your hostname. networking.domain = "alarsyo.net"; @@ -157,8 +153,4 @@ in # Takes a long while to build documentation.nixos.enable = false; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; } From 78ab54e70967640b2307d51c73c7b19fff16463c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Dec 2021 15:28:33 +0100 Subject: [PATCH 205/904] base: remove docker from base programs --- base/programs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index 28e1143..b573d97 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -19,8 +19,6 @@ bandwhich.enable = true; }; - virtualisation.docker.enable = true; - environment.systemPackages = with pkgs; [ # shell usage fd From ffba8942cc2f3828cea43d925302c16000e0915e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Dec 2021 15:51:54 +0100 Subject: [PATCH 206/904] ci: bump cachix action --- .github/workflows/cachix.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 7905fcb..f6b830f 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -11,12 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v14 - with: - install_url: https://nixos-nix-install-tests.cachix.org/serve/vij683ly7sl95nnhb67bdjjfabclr85m/install - install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve' - extra_nix_config: | - experimental-features = nix-command flakes + - uses: cachix/install-nix-action@v16 - uses: cachix/cachix-action@v10 with: name: alarsyo From d362c10c1de859d889cfb5eb1ab5e5af0cd9cbac Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 2 Jan 2022 22:40:56 +0100 Subject: [PATCH 207/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/8fffeeaac29e31719cc7c70ec425fa3f81428252' (2021-12-27) → 'github:nix-community/emacs-overlay/f3c435a5e5cfa3ce1b2f50ba37b9cacfec4139d9' (2022-01-02) • Updated input 'home-manager': 'github:nix-community/home-manager/48f2b381dd397ec88040d3354ac9c036739ba139' (2021-12-25) → 'github:nix-community/home-manager/8e7a10602d1eb1d242c9d3f9b822203d5751a8c6' (2022-01-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cb372c3b8880e504b06946e8fb2ca9777c685505' (2021-12-25) → 'github:NixOS/nixpkgs/59bfda72480496f32787cec8c557182738b1bd3f' (2021-12-31) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/bd241e39f366eb7a41ea94f04f7af5c9508da632' (2021-12-26) → 'github:NixOS/nixpkgs/c1d8e77ac2ca4248886632c597debea233700b2b' (2022-01-02) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b50a4e9..7f78079 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1640598568, - "narHash": "sha256-+L8E0XcqT2jXEYlUlABo1Oj7MDxy8JMWSRat46ZdkPY=", + "lastModified": 1641149178, + "narHash": "sha256-Mt+oT5YZ6G9zHctDKV5pY+3vIdsMmAg0HMvz6rxsIc0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "8fffeeaac29e31719cc7c70ec425fa3f81428252", + "rev": "f3c435a5e5cfa3ce1b2f50ba37b9cacfec4139d9", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1640417317, - "narHash": "sha256-jT2uMARXs0Xm65ccroFsKyr4LTHSecw+9HAnmBdJO8U=", + "lastModified": 1641121012, + "narHash": "sha256-svaOMxNMQgFHjcxdmLojOxTxfqSENtnO+S3kb+npIwY=", "owner": "nix-community", "repo": "home-manager", - "rev": "48f2b381dd397ec88040d3354ac9c036739ba139", + "rev": "8e7a10602d1eb1d242c9d3f9b822203d5751a8c6", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640408860, - "narHash": "sha256-h2uF3+a8bVfM8SjcS4hLbsOzOuG3qsxuImC0BucWs1Q=", + "lastModified": 1640959792, + "narHash": "sha256-zYSR//06FU2TDOpKKj0Hkff6unsxk3NwwNFuB1loU6E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb372c3b8880e504b06946e8fb2ca9777c685505", + "rev": "59bfda72480496f32787cec8c557182738b1bd3f", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1640554034, - "narHash": "sha256-gf7uo/CXrsna/S4Yfaklg8BnyRkDvo3poIzXCClyYaw=", + "lastModified": 1641125298, + "narHash": "sha256-oNIG2UsyMk/osOmnjxHp53d8nJMudpW5a2+dcgsJzmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd241e39f366eb7a41ea94f04f7af5c9508da632", + "rev": "c1d8e77ac2ca4248886632c597debea233700b2b", "type": "github" }, "original": { From b9f088c65659a74a095f629bf22485bf7191b302 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jan 2022 17:20:57 +0100 Subject: [PATCH 208/904] base: put common GUI programs behind option --- base/default.nix | 1 + base/gui-programs.nix | 56 ++++++++++++++++++++------------------ boreal.nix | 1 - hosts/boreal/default.nix | 1 + hosts/zephyrus/default.nix | 1 + zephyrus.nix | 1 - 6 files changed, 33 insertions(+), 28 deletions(-) diff --git a/base/default.nix b/base/default.nix index 3331a09..123b658 100644 --- a/base/default.nix +++ b/base/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ + ./gui-programs.nix ./networking.nix ./nix.nix ./programs.nix diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 9f6f862..1815fe3 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -1,31 +1,35 @@ -{ pkgs, ... }: +{ pkgs, lib, config, ... }: { - environment.systemPackages = with pkgs; [ - element-desktop - feh - firefox - ffmpeg - gimp - gnome.nautilus - imagemagick - mpv - obs-studio - pavucontrol - slack - spotify - tdesktop - teams - thunderbird - virt-manager - zathura + options.my.gui.enable = lib.mkEnableOption "System has some kind of screen attached"; - unstable.discord - ]; + config = lib.mkIf config.my.gui.enable { + environment.systemPackages = with pkgs; [ + element-desktop + feh + firefox + ffmpeg + gimp + gnome.nautilus + imagemagick + mpv + obs-studio + pavucontrol + slack + spotify + tdesktop + teams + thunderbird + virt-manager + zathura - networking.networkmanager.enable = true; - programs.nm-applet.enable = true; - programs.steam.enable = true; + unstable.discord + ]; - # NOTE: needed for home emacs configuration - nixpkgs.config.input-fonts.acceptLicense = true; + networking.networkmanager.enable = true; + programs.nm-applet.enable = true; + programs.steam.enable = true; + + # NOTE: needed for home emacs configuration + nixpkgs.config.input-fonts.acceptLicense = true; + }; } diff --git a/boreal.nix b/boreal.nix index 498c76a..63b89d5 100644 --- a/boreal.nix +++ b/boreal.nix @@ -3,7 +3,6 @@ imports = [ # Default configuration ./base - ./base/gui-programs.nix # Module definitions ./modules diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 089f3d1..439cde1 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -102,6 +102,7 @@ in }; }; my.displayManager.sddm.enable = true; + my.gui.enable = true; my.wakeonwlan.interfaces.phy0.methods = [ "magic-packet" diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index e57efc2..a66c770 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -62,6 +62,7 @@ in fwupd.enable = true; }; my.displayManager.sddm.enable = true; + my.gui.enable = true; environment.systemPackages = with pkgs; [ arandr diff --git a/zephyrus.nix b/zephyrus.nix index 45f0074..e355eb3 100644 --- a/zephyrus.nix +++ b/zephyrus.nix @@ -3,7 +3,6 @@ imports = [ # Default configuration ./base - ./base/gui-programs.nix # Module definitions ./modules From ae2c3308dbc95a9b89cc8a9c8a0767de3623cd2a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jan 2022 17:44:30 +0100 Subject: [PATCH 209/904] base: move common Xorg options under gui option --- base/gui-programs.nix | 22 ++++++++++++++++++++-- hosts/boreal/default.nix | 15 ++++----------- hosts/zephyrus/default.nix | 8 -------- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 1815fe3..dfc4bfc 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -1,8 +1,26 @@ -{ pkgs, lib, config, ... }: +{ pkgs, lib, config, options, ... }: { - options.my.gui.enable = lib.mkEnableOption "System has some kind of screen attached"; + options.my.gui = { + enable = lib.mkEnableOption "System has some kind of screen attached"; + isNvidia = lib.mkEnableOption "System a NVIDIA GPU"; + }; config = lib.mkIf config.my.gui.enable { + my.displayManager.sddm.enable = true; + + services = { + xserver = { + enable = true; + # NOTE: could use `mkOptionDefault` but this feels more explicit + videoDrivers = options.services.xserver.videoDrivers.default + ++ lib.optional config.my.gui.isNvidia "nvidia"; + windowManager.i3.enable = true; + layout = "fr"; + xkbVariant = "us"; + libinput.enable = true; + }; + }; + environment.systemPackages = with pkgs; [ element-desktop feh diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 439cde1..e41608f 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -91,18 +91,11 @@ in permitRootLogin = "no"; passwordAuthentication = false; }; - - xserver = { - enable = true; - videoDrivers = [ "nvidia" ]; - windowManager.i3.enable = true; - layout = "fr"; - xkbVariant = "us"; - libinput.enable = true; - }; }; - my.displayManager.sddm.enable = true; - my.gui.enable = true; + my.gui = { + enable = true; + isNvidia = true; + }; my.wakeonwlan.interfaces.phy0.methods = [ "magic-packet" diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index a66c770..659a6bb 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -46,13 +46,6 @@ in }; services = { - xserver = { - enable = true; - windowManager.i3.enable = true; - layout = "fr"; - xkbVariant = "us"; - libinput.enable = true; - }; tlp = { settings = { START_CHARGE_THRESH_BAT0 = 70; @@ -61,7 +54,6 @@ in }; fwupd.enable = true; }; - my.displayManager.sddm.enable = true; my.gui.enable = true; environment.systemPackages = with pkgs; [ From 8bc9a4e87bb96433fd626cb5b0d515bf6b87eeae Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 11:56:30 +0100 Subject: [PATCH 210/904] ci: build packages in parallel --- .github/workflows/build-flake-packages.sh | 10 ---------- .github/workflows/cachix.yaml | 17 ++++++++++++++++- 2 files changed, 16 insertions(+), 11 deletions(-) delete mode 100755 .github/workflows/build-flake-packages.sh diff --git a/.github/workflows/build-flake-packages.sh b/.github/workflows/build-flake-packages.sh deleted file mode 100755 index 4d002c7..0000000 --- a/.github/workflows/build-flake-packages.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -set -xe - -PACKAGES=$(nix flake show --json \ - | jq '.packages."x86_64-linux" | keys[]') - -for package in $PACKAGES; do - nix build --verbose -L .#$package -done diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index f6b830f..accee21 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -9,11 +9,26 @@ on: jobs: build: runs-on: ubuntu-latest + + strategy: + matrix: + name: + - emacsPgtkGcc + - grafanaDashboards/nginx + - grafanaDashboards/node-exporter + - kaleidoscope-udev-rules + - sddm-sugar-candy + - spot + steps: - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v16 + - uses: cachix/cachix-action@v10 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: .github/workflows/build-flake-packages.sh + + - name: Build package + run: nix build --verbose -L .#"${{ matrix.name }}" From 328b59ed03c2c450bb7dbdfabcfeb04a55ca8cf4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 13:47:36 +0100 Subject: [PATCH 211/904] ci: use nix-community cachix --- .github/workflows/cachix.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index accee21..e4c48ae 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -29,6 +29,7 @@ jobs: with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + extraPullNames: "nix-community" - name: Build package run: nix build --verbose -L .#"${{ matrix.name }}" From be9268236a4d27b722e4e1f43889180409940150 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 14:12:06 +0100 Subject: [PATCH 212/904] home: only put doom in path if emacs is enabled --- home/emacs.nix | 2 ++ home/env.nix | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index af4d593..154e79b 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -5,6 +5,8 @@ }; config = lib.mkIf config.my.home.emacs.enable { + + home.sessionPath = [ "${config.xdg.configHome}/emacs/bin" ]; home.sessionVariables = { EDITOR = "emacsclient -t"; }; diff --git a/home/env.nix b/home/env.nix index e196dd9..3996dfc 100644 --- a/home/env.nix +++ b/home/env.nix @@ -1,7 +1,6 @@ { config, ... }: { home.sessionPath = [ - "${config.xdg.configHome}/emacs/bin" "${config.home.homeDirectory}/.cargo/bin" "${config.home.homeDirectory}/.local/bin" ]; From ef59fd800ecda8e8111831ca8c8352a89e210898 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 16:37:28 +0100 Subject: [PATCH 213/904] base: use *only* nvidia driver if GPU is nvidia --- base/gui-programs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index dfc4bfc..2925b64 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -12,8 +12,8 @@ xserver = { enable = true; # NOTE: could use `mkOptionDefault` but this feels more explicit - videoDrivers = options.services.xserver.videoDrivers.default - ++ lib.optional config.my.gui.isNvidia "nvidia"; + videoDrivers = if config.my.gui.isNvidia then [ "nvidia" ] + else options.services.xserver.videoDrivers.default; windowManager.i3.enable = true; layout = "fr"; xkbVariant = "us"; From 912073bee6040306f21f7618422e4a9504934524 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 16:08:21 +0100 Subject: [PATCH 214/904] nix: exorcise all `with ;` uses --- base/gui-programs.nix | 56 ++++++++++-------- base/networking.nix | 8 ++- base/programs.nix | 71 ++++++++++++----------- home/alacritty.nix | 14 +++-- home/bat.nix | 9 ++- home/emacs.nix | 24 +++++--- home/firefox.nix | 9 ++- home/fish/default.nix | 9 ++- home/flameshot.nix | 9 ++- home/git.nix | 9 ++- home/laptop.nix | 7 ++- home/lorri.nix | 9 ++- home/rofi.nix | 9 ++- home/secrets/default.nix | 8 ++- home/ssh.nix | 9 ++- home/themes/alacritty.nix | 6 +- home/themes/bat.nix | 7 ++- home/themes/color.nix | 7 ++- home/themes/default.nix | 8 ++- home/themes/i3.nix | 6 +- home/themes/i3bar.nix | 6 +- home/themes/solarizedLight/alacritty.nix | 20 ++++++- home/themes/solarizedLight/i3.nix | 12 +++- home/themes/solarizedLight/i3bar.nix | 11 +++- home/tmux.nix | 11 +++- home/tridactyl.nix | 9 ++- home/x/cursor.nix | 9 ++- home/x/default.nix | 7 ++- home/x/i3.nix | 15 +++-- home/x/i3bar.nix | 30 ++++++---- hosts/boreal/default.nix | 4 +- hosts/boreal/home.nix | 8 ++- hosts/poseidon/hardware-configuration.nix | 8 ++- hosts/zephyrus/default.nix | 4 +- hosts/zephyrus/hardware-configuration.nix | 8 ++- hosts/zephyrus/home.nix | 20 ++++--- modules/sddm.nix | 26 ++++++--- modules/wakeonwlan.nix | 13 ++++- pkgs/grafana-dashboards/nginx.nix | 6 +- pkgs/grafana-dashboards/node-exporter.nix | 6 +- pkgs/kaleidoscope-udev-rules/default.nix | 6 +- secrets/borg-backup/default.nix | 9 ++- secrets/default.nix | 26 +++++---- secrets/paperless/default.nix | 9 ++- secrets/restic-backup/default.nix | 7 ++- services/borg-backup.nix | 12 ++-- services/fail2ban.nix | 6 +- services/fava.nix | 13 +++-- services/gitea/default.nix | 10 +++- services/jellyfin.nix | 9 ++- services/lohr.nix | 16 ++--- services/matrix.nix | 16 +++-- services/media.nix | 16 +++-- services/miniflux.nix | 10 +++- services/monitoring.nix | 10 +++- services/navidrome.nix | 13 +++-- services/nextcloud.nix | 11 +++- services/nginx.nix | 7 ++- services/nuage.nix | 9 ++- services/paperless.nix | 12 ++-- services/pipewire.nix | 12 ++-- services/postgresql-backup.nix | 7 ++- services/restic-backup.nix | 22 ++++--- services/tailscale.nix | 11 ++-- services/tgv.nix | 9 ++- services/transmission.nix | 10 +++- services/vaultwarden.nix | 10 +++- 67 files changed, 576 insertions(+), 259 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 2925b64..c1dbbc6 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -1,11 +1,18 @@ { pkgs, lib, config, options, ... }: +let + inherit (lib) + mkEnableOption + mkIf + optional + ; +in { options.my.gui = { - enable = lib.mkEnableOption "System has some kind of screen attached"; - isNvidia = lib.mkEnableOption "System a NVIDIA GPU"; + enable = mkEnableOption "System has some kind of screen attached"; + isNvidia = mkEnableOption "System a NVIDIA GPU"; }; - config = lib.mkIf config.my.gui.enable { + config = mkIf config.my.gui.enable { my.displayManager.sddm.enable = true; services = { @@ -21,27 +28,30 @@ }; }; - environment.systemPackages = with pkgs; [ - element-desktop - feh - firefox - ffmpeg - gimp - gnome.nautilus - imagemagick - mpv - obs-studio - pavucontrol - slack - spotify - tdesktop - teams - thunderbird - virt-manager - zathura + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + element-desktop + feh + firefox + ffmpeg + gimp + imagemagick + mpv + obs-studio + pavucontrol + slack + spotify + tdesktop + teams + thunderbird + virt-manager + zathura + ; - unstable.discord - ]; + inherit (pkgs.gnome) nautilus; + + inherit (pkgs.unstable) discord; + }; networking.networkmanager.enable = true; programs.nm-applet.enable = true; diff --git a/base/networking.nix b/base/networking.nix index c17ed76..e059f5e 100644 --- a/base/networking.nix +++ b/base/networking.nix @@ -1,6 +1,12 @@ { lib, ... }: +let + inherit (lib) + mkOption + types + ; +in { - options.my.networking.externalInterface = with lib; mkOption { + options.my.networking.externalInterface = mkOption { type = types.nullOr types.str; default = null; example = "eth0"; diff --git a/base/programs.nix b/base/programs.nix index b573d97..86a0668 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -19,40 +19,45 @@ bandwhich.enable = true; }; - environment.systemPackages = with pkgs; [ - # shell usage - fd - ripgrep - sd - tmux - tokei - tree - wget + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + # shell usage + fd + ripgrep + sd + tmux + tokei + tree + wget - # development - git - git-crypt - git-lfs - gnumake - gnupg - kakoune - pinentry-curses - python3 - vim - clang_11 - llvmPackages_11.bintools + # development + git + git-crypt + git-lfs + gnumake + gnupg + kakoune + pinentry-curses + python3 + vim - # terminal utilities - bottom - dogdns - du-dust - htop - ldns # drill - tealdeer - unzip - zip + # terminal utilities + bottom + dogdns + du-dust + htop + ldns # drill + tealdeer + unzip + zip - # nix pkgs lookup - nix-index - ]; + # nix pkgs lookup + nix-index + ; + + inherit (pkgs.llvmPackages_11) + bintools + clang + ; + }; } diff --git a/home/alacritty.nix b/home/alacritty.nix index 44f08cb..bf9665b 100644 --- a/home/alacritty.nix +++ b/home/alacritty.nix @@ -1,12 +1,17 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.alacritty; alacrittyTheme = config.my.theme.alacrittyTheme; in { - options.my.home.alacritty.enable = (lib.mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; }; + options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.alacritty = { enable = true; @@ -34,9 +39,8 @@ in }; }; - home.packages = with pkgs; [ - iosevka-bin - ]; + home.packages = [ pkgs.iosevka-bin ]; + # make sure font is discoverable fonts.fontconfig.enable = true; }; diff --git a/home/bat.nix b/home/bat.nix index 6d496e8..2349985 100644 --- a/home/bat.nix +++ b/home/bat.nix @@ -1,14 +1,19 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.bat; batTheme = config.my.theme.batTheme; in { - options.my.home.bat = with lib; { + options.my.home.bat = { enable = (mkEnableOption "bat code display tool") // { default = true; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.bat = { enable = true; diff --git a/home/emacs.nix b/home/emacs.nix index 154e79b..c9ed8f6 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -1,23 +1,31 @@ { config, lib, pkgs, ... }: +let + inherit (lib) + mkEnableOption + mkIf + ; +in { - options.my.home.emacs = with lib; { + options.my.home.emacs = { enable = mkEnableOption "Emacs daemon configuration"; }; - config = lib.mkIf config.my.home.emacs.enable { + config = mkIf config.my.home.emacs.enable { home.sessionPath = [ "${config.xdg.configHome}/emacs/bin" ]; home.sessionVariables = { EDITOR = "emacsclient -t"; }; - home.packages = with pkgs; [ - sqlite # needed by org-roam + home.packages = builtins.attrValues { + inherit (pkgs) + sqlite # needed by org-roam - # fonts used by my config - emacs-all-the-icons-fonts - iosevka-bin - ]; + # fonts used by my config + emacs-all-the-icons-fonts + iosevka-bin + ; + }; # make sure above fonts are discoverable fonts.fontconfig.enable = true; diff --git a/home/firefox.nix b/home/firefox.nix index 6bfe377..1cfce8a 100644 --- a/home/firefox.nix +++ b/home/firefox.nix @@ -1,13 +1,18 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.firefox; in { - options.my.home.firefox = with lib; { + options.my.home.firefox = { enable = (mkEnableOption "firefox config") // { default = config.my.home.x.enable; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.firefox = { enable = true; package = pkgs.firefox.override { diff --git a/home/fish/default.nix b/home/fish/default.nix index 9175f57..3f50c71 100644 --- a/home/fish/default.nix +++ b/home/fish/default.nix @@ -1,11 +1,16 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.fish; in { - options.my.home.fish.enable = (lib.mkEnableOption "Fish shell") // { default = true; }; + options.my.home.fish.enable = (mkEnableOption "Fish shell") // { default = true; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.fish = { enable = true; }; diff --git a/home/flameshot.nix b/home/flameshot.nix index 359fc8c..043d2ce 100644 --- a/home/flameshot.nix +++ b/home/flameshot.nix @@ -1,13 +1,18 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.flameshot; in { - options.my.home.flameshot = with lib; { + options.my.home.flameshot = { enable = mkEnableOption "flameshot autolaunch"; }; - config.services.flameshot = lib.mkIf cfg.enable { + config.services.flameshot = mkIf cfg.enable { enable = true; }; } diff --git a/home/git.nix b/home/git.nix index 1b5adb5..61e8171 100644 --- a/home/git.nix +++ b/home/git.nix @@ -1,11 +1,16 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.git; in { - options.my.home.git.enable = (lib.mkEnableOption "Git configuration") // { default = true; }; + options.my.home.git.enable = (mkEnableOption "Git configuration") // { default = true; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.git = { enable = true; diff --git a/home/laptop.nix b/home/laptop.nix index ef4d266..8d30003 100644 --- a/home/laptop.nix +++ b/home/laptop.nix @@ -1,6 +1,11 @@ { config, lib, ... }: +let + inherit (lib) + mkEnableOption + ; +in { - options.my.home.laptop = with lib; { + options.my.home.laptop = { enable = mkEnableOption "Laptop settings"; }; } diff --git a/home/lorri.nix b/home/lorri.nix index df4d23d..e2c5ebb 100644 --- a/home/lorri.nix +++ b/home/lorri.nix @@ -1,13 +1,18 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.lorri; in { - options.my.home.lorri = with lib; { + options.my.home.lorri = { enable = (mkEnableOption "lorri daemon setup") // { default = true; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.lorri.enable = true; programs.direnv = { enable = true; diff --git a/home/rofi.nix b/home/rofi.nix index 30022d7..b5a9e91 100644 --- a/home/rofi.nix +++ b/home/rofi.nix @@ -1,13 +1,18 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.rofi; in { - options.my.home.rofi = with lib; { + options.my.home.rofi = { enable = (mkEnableOption "rofi configuration") // { default = config.my.home.x.enable; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.rofi = { enable = true; diff --git a/home/secrets/default.nix b/home/secrets/default.nix index 71b63a9..b149dde 100644 --- a/home/secrets/default.nix +++ b/home/secrets/default.nix @@ -1,5 +1,11 @@ { lib, ... }: -with lib; +let + inherit (lib) + fileContents + mkOption + types + ; +in { options.my.secrets = mkOption { type = types.attrs; diff --git a/home/ssh.nix b/home/ssh.nix index cf8d877..fc5884e 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -1,13 +1,18 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.ssh; in { - options.my.home.ssh = with lib; { + options.my.home.ssh = { enable = (mkEnableOption "ssh configuration") // { default = true; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.ssh = { enable = true; diff --git a/home/themes/alacritty.nix b/home/themes/alacritty.nix index 0e1aeb3..cc6943b 100644 --- a/home/themes/alacritty.nix +++ b/home/themes/alacritty.nix @@ -1,6 +1,10 @@ { lib }: -with lib; let + inherit (lib) + mkOption + types + ; + mkColorOption = import ./color.nix { inherit lib; }; primaryColorModule = types.submodule { diff --git a/home/themes/bat.nix b/home/themes/bat.nix index 5c14c5f..df9565e 100644 --- a/home/themes/bat.nix +++ b/home/themes/bat.nix @@ -1,5 +1,10 @@ { lib }: -with lib; +let + inherit (lib) + mkOption + types + ; +in types.submodule { options = { name = mkOption { diff --git a/home/themes/color.nix b/home/themes/color.nix index 46ce77e..5c63963 100644 --- a/home/themes/color.nix +++ b/home/themes/color.nix @@ -1,6 +1,11 @@ { lib }: let - mkColorOption = with lib; {default ? "#000000", description ? "" }: mkOption { + inherit (lib) + mkOption + types + ; + + mkColorOption = {default ? "#000000", description ? "" }: mkOption { inherit description default; example = "#abcdef"; type = types.strMatching "#[0-9a-f]{6}"; diff --git a/home/themes/default.nix b/home/themes/default.nix index 96fc994..e19a474 100644 --- a/home/themes/default.nix +++ b/home/themes/default.nix @@ -1,6 +1,10 @@ { config, lib, ... }: -with lib; let + inherit (lib) + mkOption + types + ; + themeType = types.submodule { options = { alacrittyTheme = mkOption { @@ -29,7 +33,7 @@ in }; options.my.themes = mkOption { - type = with types; attrsOf themeType; + type = types.attrsOf themeType; }; config.my.themes = { diff --git a/home/themes/i3.nix b/home/themes/i3.nix index 450f26a..6e5b3eb 100644 --- a/home/themes/i3.nix +++ b/home/themes/i3.nix @@ -1,6 +1,10 @@ { lib }: -with lib; let + inherit (lib) + mkOption + types + ; + mkColorOption = import ./color.nix { inherit lib; }; barColorSetModule = types.submodule { diff --git a/home/themes/i3bar.nix b/home/themes/i3bar.nix index 990c6d5..3701116 100644 --- a/home/themes/i3bar.nix +++ b/home/themes/i3bar.nix @@ -1,6 +1,10 @@ { lib }: -with lib; let + inherit (lib) + mkOption + types + ; + mkColorOption = import ./color.nix { inherit lib; }; in types.submodule { diff --git a/home/themes/solarizedLight/alacritty.nix b/home/themes/solarizedLight/alacritty.nix index 9f2149f..fb22436 100644 --- a/home/themes/solarizedLight/alacritty.nix +++ b/home/themes/solarizedLight/alacritty.nix @@ -1,7 +1,23 @@ let - colors = import ./colors.nix; + inherit (import ./colors.nix) + base0 + base00 + base01 + base02 + base03 + base1 + base2 + base3 + blue + cyan + green + magenta + orange + red + violet + yellow + ; in -with colors; { primary = { background = base3; diff --git a/home/themes/solarizedLight/i3.nix b/home/themes/solarizedLight/i3.nix index 3eab85d..df9634a 100644 --- a/home/themes/solarizedLight/i3.nix +++ b/home/themes/solarizedLight/i3.nix @@ -1,7 +1,15 @@ let - colors = import ./colors.nix; + inherit (import ./colors.nix) + base00 + base2 + base3 + blue + magenta + orange + red + yellow + ; in -with colors; { bar = { background = base3; diff --git a/home/themes/solarizedLight/i3bar.nix b/home/themes/solarizedLight/i3bar.nix index 69594f4..5b37775 100644 --- a/home/themes/solarizedLight/i3bar.nix +++ b/home/themes/solarizedLight/i3bar.nix @@ -1,7 +1,14 @@ let - colors = import ./colors.nix; + inherit (import ./colors.nix) + base00 + base2 + base3 + blue + green + red + yellow + ; in -with colors; { theme = { name = "solarized-light"; diff --git a/home/tmux.nix b/home/tmux.nix index cff3070..86d6995 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -1,20 +1,25 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.tmux; in { - options.my.home.tmux = with lib; { + options.my.home.tmux = { enable = (mkEnableOption "tmux dotfiles") // { default = true; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { programs.tmux = { enable = true; baseIndex = 1; terminal = "screen-256color"; clock24 = true; - plugins = with pkgs; [ + plugins = let inherit (pkgs) tmuxPlugins; in [ { plugin = tmuxPlugins.cpu; extraConfig = '' diff --git a/home/tridactyl.nix b/home/tridactyl.nix index b179812..9be9906 100644 --- a/home/tridactyl.nix +++ b/home/tridactyl.nix @@ -1,13 +1,18 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.tridactyl; in { - options.my.home.tridactyl = with lib; { + options.my.home.tridactyl = { enable = (mkEnableOption "tridactyl code display tool") // { default = config.my.home.firefox.enable; }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { xdg.configFile."tridactyl/tridactylrc".source = ./tridactylrc; }; } diff --git a/home/x/cursor.nix b/home/x/cursor.nix index 76226b4..aa4ead7 100644 --- a/home/x/cursor.nix +++ b/home/x/cursor.nix @@ -1,11 +1,16 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.x.cursor; in { - options.my.home.x.cursor.enable = (lib.mkEnableOption "X cursor") // { default = config.my.home.x.enable; }; + options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // { default = config.my.home.x.enable; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { xsession.pointerCursor = { package = pkgs.capitaine-cursors; name = "capitaine-cursors"; diff --git a/home/x/default.nix b/home/x/default.nix index 9473fc3..4953b9a 100644 --- a/home/x/default.nix +++ b/home/x/default.nix @@ -1,4 +1,9 @@ { config, lib, pkgs, ... }: +let + inherit (lib) + mkEnableOption + ; +in { imports = [ ./cursor.nix @@ -6,7 +11,7 @@ ./i3bar.nix ]; - options.my.home.x = with lib; { + options.my.home.x = { enable = mkEnableOption "X server configuration"; }; } diff --git a/home/x/i3.nix b/home/x/i3.nix index 9827bc2..4dde0c4 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -1,5 +1,10 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkIf + mkOptionDefault + ; + isEnabled = config.my.home.x.enable; myTerminal = @@ -17,14 +22,12 @@ let i3Theme = config.my.theme.i3Theme; in { - config = lib.mkIf isEnabled { + config = mkIf isEnabled { my.home = { flameshot.enable = true; }; - home.packages = with pkgs; [ - betterlockscreen - ]; + home.packages = [ pkgs.betterlockscreen ]; xsession.windowManager.i3 = { enable = true; @@ -77,7 +80,7 @@ in size = 8.0; }; - keybindings = lib.mkOptionDefault { + keybindings = mkOptionDefault { "${modifier}+Shift+e" = ''mode "${logoutMode}"''; "${modifier}+i" = "exec emacsclient -c"; @@ -106,7 +109,7 @@ in "Return" = "mode default"; }; in - lib.mkOptionDefault { + mkOptionDefault { "${logoutMode}" = makeModeBindings { "l" = "exec --no-startup-id i3-msg exit, mode default"; "s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index e3f0af7..335ba68 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -1,11 +1,19 @@ { config, lib, pkgs, ... }: let + inherit (lib) + lists + mkIf + mkOption + optional + types + ; + isEnabled = config.my.home.x.enable; i3BarTheme = config.my.theme.i3BarTheme; cfg = config.my.home.x.i3bar; in { - options.my.home.x.i3bar = with lib; { + options.my.home.x.i3bar = { temperature.chip = mkOption { type = types.str; example = "coretemp-isa-*"; @@ -24,12 +32,14 @@ in }; }; - config = lib.mkIf isEnabled { - home.packages = with pkgs; [ - iw # Used by `net` block - lm_sensors # Used by `temperature` block - font-awesome - ]; + config = mkIf isEnabled { + home.packages = builtins.attrValues { + inherit (pkgs) + iw # Used by `net` block + lm_sensors # Used by `temperature` block + font-awesome + ; + }; programs.i3status-rust = { enable = true; @@ -79,7 +89,7 @@ in chip = cfg.temperature.chip; inputs = cfg.temperature.inputs; } - ] ++ (lib.lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) + ] ++ (lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) (map (interface: { @@ -105,11 +115,11 @@ in block = "sound"; driver = "pulseaudio"; } - ] ++ (lib.lists.optionals config.my.home.laptop.enable [ + ] ++ (optional config.my.home.laptop.enable { block = "battery"; } - ]) ++ [ + ) ++ [ # { # block = "notify"; # } diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index e41608f..f1b3d81 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -105,9 +105,7 @@ in "rfkill-release" ]; - services.udev.packages = with pkgs; [ - packages.kaleidoscope-udev-rules - ]; + services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ]; hardware.bluetooth = { enable = true; diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 6dd86d3..aabbe6d 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -10,7 +10,8 @@ my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - home.packages = with pkgs; [ + home.packages = builtins.attrValues { + inherit (pkgs) # some websites only work there :( chromium @@ -19,8 +20,9 @@ # keyboard goodness chrysalis + ; - packages.spot - ]; + inherit (pkgs.packages) spot; + }; }; } diff --git a/hosts/poseidon/hardware-configuration.nix b/hosts/poseidon/hardware-configuration.nix index bd2bc7a..847f37a 100644 --- a/hosts/poseidon/hardware-configuration.nix +++ b/hosts/poseidon/hardware-configuration.nix @@ -2,7 +2,11 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: - +let + inherit (lib) + mkDefault + ; +in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -32,5 +36,5 @@ [ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; } ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + powerManagement.cpuFreqGovernor = mkDefault "ondemand"; } diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 659a6bb..231692f 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -56,9 +56,7 @@ in }; my.gui.enable = true; - environment.systemPackages = with pkgs; [ - arandr - ]; + environment.systemPackages = [ pkgs.arandr ]; hardware.bluetooth = { enable = true; diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix index cc55acf..48d6162 100644 --- a/hosts/zephyrus/hardware-configuration.nix +++ b/hosts/zephyrus/hardware-configuration.nix @@ -2,7 +2,11 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: - +let + inherit (lib) + mkDefault + ; +in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -40,7 +44,7 @@ swapDevices = [ ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + powerManagement.cpuFreqGovernor = mkDefault "powersave"; hardware.enableRedistributableFirmware = true; } diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 1b38985..4618fe3 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -12,18 +12,20 @@ my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - home.packages = with pkgs; [ - # some websites only work there :( - chromium + home.packages = builtins.attrValues { + inherit (pkgs) + # some websites only work there :( + chromium - wineWowPackages.stable + darktable - darktable + # dev + rustup + ; - # dev - rustup + inherit (pkgs.packages) spot; - packages.spot - ]; + inherit (pkgs.wineWowPackages) stable; + }; }; } diff --git a/modules/sddm.nix b/modules/sddm.nix index 785a681..9c66ddc 100644 --- a/modules/sddm.nix +++ b/modules/sddm.nix @@ -1,23 +1,31 @@ { config, lib, pkgs, ... }: let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.displayManager.sddm; in { - options.my.displayManager.sddm.enable = lib.mkEnableOption "SDDM setup"; + options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.xserver.displayManager.sddm = { enable = true; theme = "sugar-candy"; }; - environment.systemPackages = with pkgs; [ - packages.sddm-sugar-candy + environment.systemPackages = builtins.attrValues { + inherit (pkgs.packages) + sddm-sugar-candy + ; - # dependencies for sugar-candy theme - libsForQt5.qt5.qtgraphicaleffects - libsForQt5.qt5.qtquickcontrols2 - libsForQt5.qt5.qtsvg - ]; + inherit (pkgs.libsForQt5.qt5) + qtgraphicaleffects + qtquickcontrols2 + qtsvg + ; + }; }; } diff --git a/modules/wakeonwlan.nix b/modules/wakeonwlan.nix index 8243671..096515d 100644 --- a/modules/wakeonwlan.nix +++ b/modules/wakeonwlan.nix @@ -1,8 +1,15 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + concatStringsSep + literalExample + mapAttrs' + mkIf + mkOption + nameValuePair + ; + cfg = config.my.wakeonwlan; mkWowlanService = name: cfg: @@ -20,7 +27,7 @@ let }; in { - options.my.wakeonwlan = { + options.my.wakeonwlan = let inherit (lib) types; in { interfaces = mkOption { default = { }; description = "Wireless interfaces where you want to enable WoWLAN"; diff --git a/pkgs/grafana-dashboards/nginx.nix b/pkgs/grafana-dashboards/nginx.nix index 5e7c4bd..e707159 100644 --- a/pkgs/grafana-dashboards/nginx.nix +++ b/pkgs/grafana-dashboards/nginx.nix @@ -1,5 +1,9 @@ { stdenv, fetchFromGitHub, lib, ... }: let + inherit (lib) + licenses + ; + version = "0.9.0"; in stdenv.mkDerivation { @@ -20,7 +24,7 @@ stdenv.mkDerivation { cp grafana/dashboard.json $out/dashboard.json ''; - meta = with lib; { + meta = { description = "grafana dashboard for NGINX exporter"; homepage = "https://github.com/nginxinc/nginx-prometheus-exporter"; license = licenses.asl20; diff --git a/pkgs/grafana-dashboards/node-exporter.nix b/pkgs/grafana-dashboards/node-exporter.nix index 98054a0..55fbb6d 100644 --- a/pkgs/grafana-dashboards/node-exporter.nix +++ b/pkgs/grafana-dashboards/node-exporter.nix @@ -1,5 +1,9 @@ { stdenv, fetchFromGitHub, lib, ... }: let + inherit (lib) + licenses + ; + version = "7d61c79619e5749e629758ecd96748c010028120"; in stdenv.mkDerivation { @@ -20,7 +24,7 @@ stdenv.mkDerivation { cp prometheus/node-exporter-full.json $out/node-exporter-full.json ''; - meta = with lib; { + meta = { description = "grafana dashboard for node exporter"; homepage = "https://github.com/rfrail3/grafana-dashboards"; license = licenses.lgpl3Only; diff --git a/pkgs/kaleidoscope-udev-rules/default.nix b/pkgs/kaleidoscope-udev-rules/default.nix index 2ab2118..aaeaea9 100644 --- a/pkgs/kaleidoscope-udev-rules/default.nix +++ b/pkgs/kaleidoscope-udev-rules/default.nix @@ -1,6 +1,10 @@ { stdenv, lib, fetchFromGitHub }: let + inherit (lib) + licenses + ; + version = "1.99.3"; in stdenv.mkDerivation { @@ -21,7 +25,7 @@ stdenv.mkDerivation { cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/ ''; - meta = with lib; { + meta = { description = "udev rules for kaleidoscope firmware keyboards"; homepage = "https://github.com/keyboardio/Kaleidoscope"; license = licenses.gpl3Only; diff --git a/secrets/borg-backup/default.nix b/secrets/borg-backup/default.nix index 11dad25..b611715 100644 --- a/secrets/borg-backup/default.nix +++ b/secrets/borg-backup/default.nix @@ -1,5 +1,10 @@ { lib }: +let + inherit (lib) + fileContents + ; +in { - boreal-repo = lib.fileContents ./boreal-repo.secret; - poseidon-repo = lib.fileContents ./poseidon-repo.secret; + boreal-repo = fileContents ./boreal-repo.secret; + poseidon-repo = fileContents ./poseidon-repo.secret; } diff --git a/secrets/default.nix b/secrets/default.nix index 4b7baca..12f8a19 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,20 +1,24 @@ { pkgs, lib, config, ... }: -with lib; -{ - options.my.secrets = mkOption { +let + inherit (lib) + fileContents + mkOption + ; +in { + options.my.secrets = let inherit (lib) types; in mkOption { type = types.attrs; }; config.my.secrets = { - matrix-registration-shared-secret = lib.fileContents ./matrix-registration-shared-secret.secret; - shadow-hashed-password-alarsyo = lib.fileContents ./shadow-hashed-password-alarsyo.secret; - shadow-hashed-password-root = lib.fileContents ./shadow-hashed-password-root.secret; - miniflux-admin-credentials = lib.fileContents ./miniflux-admin-credentials.secret; - transmission-password = lib.fileContents ./transmission.secret; + matrix-registration-shared-secret = fileContents ./matrix-registration-shared-secret.secret; + shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret; + shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret; + miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; + transmission-password = fileContents ./transmission.secret; nextcloud-admin-pass = ./nextcloud-admin-pass.secret; - nextcloud-admin-user = lib.fileContents ./nextcloud-admin-user.secret; - lohr-shared-secret = lib.fileContents ./lohr-shared-secret.secret; - gandiKey = lib.fileContents ./gandi-api-key.secret; + nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; + lohr-shared-secret = fileContents ./lohr-shared-secret.secret; + gandiKey = fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; paperless = import ./paperless { inherit lib; }; diff --git a/secrets/paperless/default.nix b/secrets/paperless/default.nix index 968404d..69c4008 100644 --- a/secrets/paperless/default.nix +++ b/secrets/paperless/default.nix @@ -1,5 +1,10 @@ { lib }: +let + inherit (lib) + fileContents + ; +in { - secretKey = lib.fileContents ./secret-key-file.secret; - adminPassword = lib.fileContents ./admin-password.secret; + secretKey = fileContents ./secret-key-file.secret; + adminPassword = fileContents ./admin-password.secret; } diff --git a/secrets/restic-backup/default.nix b/secrets/restic-backup/default.nix index 1d6b630..e9a3e7a 100644 --- a/secrets/restic-backup/default.nix +++ b/secrets/restic-backup/default.nix @@ -1,4 +1,9 @@ { lib }: +let + inherit (lib) + fileContents + ; +in { - poseidon-repo = lib.fileContents ./poseidon-repo.secret; + poseidon-repo = fileContents ./poseidon-repo.secret; } diff --git a/services/borg-backup.nix b/services/borg-backup.nix index 23300a4..92b91b0 100644 --- a/services/borg-backup.nix +++ b/services/borg-backup.nix @@ -1,10 +1,14 @@ { config, lib, pkgs, ... }: -with lib; - -let cfg = config.my.services.borg-backup; +let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.borg-backup; in { - options.my.services.borg-backup = { + options.my.services.borg-backup = let inherit (lib) types; in { enable = mkEnableOption "Enable Borg backups for this host"; repo = mkOption { diff --git a/services/fail2ban.nix b/services/fail2ban.nix index 8f61796..ccc12f2 100644 --- a/services/fail2ban.nix +++ b/services/fail2ban.nix @@ -1,7 +1,11 @@ { config, lib, pkgs, ... }: -with lib; let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.fail2ban; in { options.my.services.fail2ban = { diff --git a/services/fava.nix b/services/fava.nix index de0d2d9..e283022 100644 --- a/services/fava.nix +++ b/services/fava.nix @@ -1,16 +1,20 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.fava; my = config.my; domain = config.networking.domain; secrets = config.my.secrets; in { - options.my.services.fava = { - enable = lib.mkEnableOption "Fava"; + options.my.services.fava = let inherit (lib) types; in { + enable = mkEnableOption "Fava"; home = mkOption { type = types.str; @@ -43,7 +47,6 @@ in User = "fava"; Group = "fava"; }; - path = with pkgs; []; }; users.users.fava = { diff --git a/services/gitea/default.nix b/services/gitea/default.nix index fc6b501..408d29d 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -1,14 +1,18 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.gitea; my = config.my; domain = config.networking.domain; in { - options.my.services.gitea = { + options.my.services.gitea = let inherit (lib) types; in { enable = mkEnableOption "Personal Git hosting with Gitea"; privatePort = mkOption { diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 8a4df98..f485d65 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -1,8 +1,11 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.jellyfin; my = config.my; @@ -15,7 +18,7 @@ in { enable = mkEnableOption "Jellyfin"; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.jellyfin = { enable = true; group = "media"; diff --git a/services/lohr.nix b/services/lohr.nix index 6d760a3..d7442e8 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -1,8 +1,12 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.lohr; my = config.my; domain = config.networking.domain; @@ -14,8 +18,8 @@ let flake.defaultPackage."x86_64-linux"; # FIXME: use correct system in { - options.my.services.lohr = { - enable = lib.mkEnableOption "Lohr Mirroring Daemon"; + options.my.services.lohr = let inherit (lib) types; in { + enable = mkEnableOption "Lohr Mirroring Daemon"; home = mkOption { type = types.str; @@ -49,9 +53,7 @@ in User = "lohr"; Group = "lohr"; }; - path = with pkgs; [ - git - ]; + path = [ pkgs.git ]; }; users.users.lohr = { diff --git a/services/matrix.nix b/services/matrix.nix index dea5a4c..d5780b6 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -9,9 +9,13 @@ # { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.matrix; my = config.my; @@ -19,10 +23,10 @@ let clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; in { - options.my.services.matrix = { - enable = lib.mkEnableOption "Matrix Synapse"; + options.my.services.matrix = let inherit (lib) types; in { + enable = mkEnableOption "Matrix Synapse"; - registration_shared_secret = lib.mkOption { + registration_shared_secret = mkOption { type = types.str; default = null; example = "deadbeef"; @@ -61,7 +65,7 @@ in { }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.postgresql = { enable = true; }; diff --git a/services/media.nix b/services/media.nix index 5b6b9ae..175319e 100644 --- a/services/media.nix +++ b/services/media.nix @@ -1,11 +1,17 @@ { config, lib, ... }: let - mediaServices = with config.my.services; [ - jellyfin - transmission - ]; + inherit (lib) + mkIf + ; + + mediaServices = builtins.attrValues { + inherit (config.my.services) + jellyfin + transmission + ; + }; needed = builtins.any (service: service.enable) mediaServices; in { - config.users.groups.media = lib.mkIf needed { }; + config.users.groups.media = mkIf needed { }; } diff --git a/services/miniflux.nix b/services/miniflux.nix index 43e51ca..0670711 100644 --- a/services/miniflux.nix +++ b/services/miniflux.nix @@ -1,14 +1,18 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.miniflux; my = config.my; domain = config.networking.domain; in { - options.my.services.miniflux = { + options.my.services.miniflux = let inherit (lib) types; in { enable = mkEnableOption "Serve a Miniflux instance"; adminCredentialsFile = mkOption { diff --git a/services/monitoring.nix b/services/monitoring.nix index 930743e..82e20fd 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -1,12 +1,16 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.monitoring; domain = config.networking.domain; in { - options.my.services.monitoring = { + options.my.services.monitoring = let inherit (lib) types; in { enable = mkEnableOption "Enable monitoring"; domain = mkOption { diff --git a/services/navidrome.nix b/services/navidrome.nix index b245ed5..bb350ff 100644 --- a/services/navidrome.nix +++ b/services/navidrome.nix @@ -1,12 +1,17 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + optional + ; + cfg = config.my.services.navidrome; domain = config.networking.domain; in { - options.my.services.navidrome = { + options.my.services.navidrome = let inherit (lib) types; in { enable = mkEnableOption "Navidrome"; musicFolder = { path = mkOption { @@ -17,7 +22,7 @@ in { }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.navidrome = { enable = true; settings = { diff --git a/services/nextcloud.nix b/services/nextcloud.nix index ec7627a..89a6bf5 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -3,6 +3,11 @@ # TODO: setup prometheus exporter let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.nextcloud; my = config.my; domain = config.networking.domain; @@ -10,10 +15,10 @@ let in { options.my.services.nextcloud = { - enable = lib.mkEnableOption "NextCloud"; + enable = mkEnableOption "NextCloud"; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.postgresql = { enable = true; @@ -73,7 +78,7 @@ in my.services.restic-backup = let nextcloudHome = config.services.nextcloud.home; - in lib.mkIf cfg.enable { + in mkIf cfg.enable { paths = [ nextcloudHome ]; exclude = [ # borg can fail if *.part files disappear during backup diff --git a/services/nginx.nix b/services/nginx.nix index cfb7da1..c765643 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -2,10 +2,15 @@ # # https://github.com/delroth/infra.delroth.net { config, lib, pkgs, ... }: +let + inherit (lib) + mkIf + ; +in { # Whenever something defines an nginx vhost, ensure that nginx defaults are # properly set. - config = lib.mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) { + config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) { services.nginx = { enable = true; statusPage = true; # For monitoring scraping. diff --git a/services/nuage.nix b/services/nuage.nix index 42aa36f..4c2e65a 100644 --- a/services/nuage.nix +++ b/services/nuage.nix @@ -1,14 +1,17 @@ { config, lib, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.nuage; my = config.my; in { options.my.services.nuage = { - enable = lib.mkEnableOption "Nuage redirect"; + enable = mkEnableOption "Nuage redirect"; }; config = mkIf cfg.enable { diff --git a/services/paperless.nix b/services/paperless.nix index b56450d..142ee13 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -1,8 +1,12 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.paperless; my = config.my; domain = config.networking.domain; @@ -10,8 +14,8 @@ let secretKeyFile = pkgs.writeText "paperless-secret-key-file.env" my.secrets.paperless.secretKey; in { - options.my.services.paperless = { - enable = lib.mkEnableOption "Paperless"; + options.my.services.paperless = let inherit (lib) types; in { + enable = mkEnableOption "Paperless"; port = mkOption { type = types.port; diff --git a/services/pipewire.nix b/services/pipewire.nix index e48ec2c..7f9a162 100644 --- a/services/pipewire.nix +++ b/services/pipewire.nix @@ -1,14 +1,18 @@ { config, lib, pkgs, options, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + optionalAttrs + ; + cfg = config.my.services.pipewire; my = config.my; in { options.my.services.pipewire = { - enable = lib.mkEnableOption "Pipewire sound backend"; + enable = mkEnableOption "Pipewire sound backend"; }; # HACK: services.pipewire.alsa doesn't exist on 20.09, avoid evaluating this @@ -69,6 +73,6 @@ in # FIXME: a shame pactl isn't available by itself, eventually this should be # replaced by pw-cli or a wrapper, I guess? - environment.systemPackages = with pkgs; [ pulseaudio ]; + environment.systemPackages = [ pkgs.pulseaudio ]; }); } diff --git a/services/postgresql-backup.nix b/services/postgresql-backup.nix index 94a60ef..c3642b7 100644 --- a/services/postgresql-backup.nix +++ b/services/postgresql-backup.nix @@ -1,8 +1,11 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.postgresql-backup; in { options.my.services.postgresql-backup = { diff --git a/services/restic-backup.nix b/services/restic-backup.nix index e83fdbc..a4ee271 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -1,16 +1,22 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + attrsets + concatStringsSep + mkEnableOption + mkIf + mkOption + optional + ; + cfg = config.my.services.restic-backup; secrets = config.my.secrets; - excludeArg = with builtins; with pkgs; - "--exclude-file=" + (writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); + excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); makePruneOpts = pruneOpts: attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts; in { - options.my.services.restic-backup = { + options.my.services.restic-backup = let inherit (lib) types; in { enable = mkEnableOption "Enable Restic backups for this host"; repo = mkOption { @@ -22,7 +28,7 @@ in { }; paths = mkOption { - type = with types; listOf str; + type = types.listOf types.str; default = [ ]; example = [ "/var/lib" @@ -32,7 +38,7 @@ in { }; exclude = mkOption { - type = with types; listOf str; + type = types.listOf types.str; default = [ ]; example = [ # very large paths @@ -71,7 +77,7 @@ in { environmentFile = "/root/restic/creds"; extraBackupArgs = [ "--verbose=2" ] - ++ optional (builtins.length cfg.exclude != 0) excludeArg; + ++ optional (builtins.length cfg.exclude != 0) excludeArg; timerConfig = { OnCalendar = "daily"; diff --git a/services/tailscale.nix b/services/tailscale.nix index d97af62..4da1d6b 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -1,16 +1,19 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.tailscale; in { options.my.services.tailscale = { - enable = lib.mkEnableOption "Tailscale"; + enable = mkEnableOption "Tailscale"; # NOTE: still have to do `tailscale up --advertise-exit-node` - exitNode = lib.mkEnableOption "Use as exit node"; + exitNode = mkEnableOption "Use as exit node"; }; config = mkIf cfg.enable { diff --git a/services/tgv.nix b/services/tgv.nix index eb6107e..295a672 100644 --- a/services/tgv.nix +++ b/services/tgv.nix @@ -1,14 +1,17 @@ { config, lib, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.services.tgv; my = config.my; in { options.my.services.tgv = { - enable = lib.mkEnableOption "TGV redirect"; + enable = mkEnableOption "TGV redirect"; }; config = mkIf cfg.enable { diff --git a/services/transmission.nix b/services/transmission.nix index b55e0b8..5c6826b 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -1,5 +1,11 @@ { config, lib, ... }: let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.transmission; domain = config.networking.domain; @@ -11,7 +17,7 @@ let downloadBase = "/media/torrents/"; in { - options.my.services.transmission = with lib; { + options.my.services.transmission = let inherit (lib) types; in { enable = mkEnableOption "Transmission torrent client"; username = mkOption { @@ -28,7 +34,7 @@ in }; }; - config = lib.mkIf cfg.enable { + config = mkIf cfg.enable { services.transmission = { enable = true; group = "media"; diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 751f51d..505678c 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -1,14 +1,18 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + mkEnableOption + mkIf + mkOption + ; + cfg = config.my.services.vaultwarden; my = config.my; domain = config.networking.domain; in { - options.my.services.vaultwarden = { + options.my.services.vaultwarden = let inherit (lib) types; in { enable = mkEnableOption "Vaultwarden"; privatePort = mkOption { From 0c25fa3f8374d18ac29e5f253ba6e1427aeb21c5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 17:59:01 +0100 Subject: [PATCH 215/904] overlays: add overlay for i3status-rust --- flake.nix | 4 +++- overlays/default.nix | 3 +++ overlays/i3status-rust/default.nix | 19 +++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 overlays/default.nix create mode 100644 overlays/i3status-rust/default.nix diff --git a/flake.nix b/flake.nix index a30b5d8..9bc927c 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,8 @@ }; }; + overlays = import ./overlays; + nixosConfigurations = let system = "x86_64-linux"; @@ -73,7 +75,7 @@ config.allowUnfree = true; }; }) - ]; + ] ++ builtins.attrValues self.overlays; sharedModules = [ home-manager.nixosModule { nixpkgs.overlays = shared_overlays; } diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..1f747a6 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,3 @@ +{ + i3status-rust = import ./i3status-rust; +} diff --git a/overlays/i3status-rust/default.nix b/overlays/i3status-rust/default.nix new file mode 100644 index 0000000..1b78021 --- /dev/null +++ b/overlays/i3status-rust/default.nix @@ -0,0 +1,19 @@ +final: prev: +{ + # overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and + # `notmuch`'s tests were briefly broken. the features I'm disabling, I don't + # need anyway: (at the time of writing) + # + # - notmuch + # - maildir + i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: { + buildInputs = builtins.attrValues { + inherit (final) + dbus + openssl + pulseaudio + ; + }; + cargoBuildFeatures = [ "pulseaudio" ]; + }); +} From c74103f1055d62dc46d0e473922bc0c74f449284 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jan 2022 17:59:22 +0100 Subject: [PATCH 216/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/f3c435a5e5cfa3ce1b2f50ba37b9cacfec4139d9' (2022-01-02) → 'github:nix-community/emacs-overlay/57378ea2f62e9f450f420dc9d01cc06e0d3dd15e' (2022-01-11) • Updated input 'home-manager': 'github:nix-community/home-manager/8e7a10602d1eb1d242c9d3f9b822203d5751a8c6' (2022-01-02) → 'github:nix-community/home-manager/5209ea0d8c77399ec4987590e9738953f15f8d80' (2022-01-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/59bfda72480496f32787cec8c557182738b1bd3f' (2021-12-31) → 'github:NixOS/nixpkgs/0ecf7d414811f831060cf55707c374d54fbb1dec' (2022-01-09) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/c1d8e77ac2ca4248886632c597debea233700b2b' (2022-01-02) → 'github:NixOS/nixpkgs/3fe528dec572a26404f130893d2c22a35646247c' (2022-01-11) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 7f78079..778ccad 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1641149178, - "narHash": "sha256-Mt+oT5YZ6G9zHctDKV5pY+3vIdsMmAg0HMvz6rxsIc0=", + "lastModified": 1641901534, + "narHash": "sha256-Nvm6Zj80fVtzmGsUFYlz9XGFyLnyAe9VoduPmDBu+js=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f3c435a5e5cfa3ce1b2f50ba37b9cacfec4139d9", + "rev": "57378ea2f62e9f450f420dc9d01cc06e0d3dd15e", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1641121012, - "narHash": "sha256-svaOMxNMQgFHjcxdmLojOxTxfqSENtnO+S3kb+npIwY=", + "lastModified": 1641915897, + "narHash": "sha256-C5Vw7B8BKA/kr9tWVYjEdD3AjstXFqoxkkzrOwfQZxk=", "owner": "nix-community", "repo": "home-manager", - "rev": "8e7a10602d1eb1d242c9d3f9b822203d5751a8c6", + "rev": "5209ea0d8c77399ec4987590e9738953f15f8d80", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640959792, - "narHash": "sha256-zYSR//06FU2TDOpKKj0Hkff6unsxk3NwwNFuB1loU6E=", + "lastModified": 1641710811, + "narHash": "sha256-yVJ+CtwWZY8BnkNIJ/ue5a28yrRM6CkDF1LvmGmqqwM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59bfda72480496f32787cec8c557182738b1bd3f", + "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1641125298, - "narHash": "sha256-oNIG2UsyMk/osOmnjxHp53d8nJMudpW5a2+dcgsJzmE=", + "lastModified": 1641865627, + "narHash": "sha256-B3b7KCThCx5bcDtWCX9ZZIl/EVs/lB8iDdI277/tvNA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c1d8e77ac2ca4248886632c597debea233700b2b", + "rev": "3fe528dec572a26404f130893d2c22a35646247c", "type": "github" }, "original": { From 79dac10a99584de9db3449d7b490656d7e031fed Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 14 Jan 2022 15:06:20 +0100 Subject: [PATCH 217/904] zephyrus: add USB C dock interface --- hosts/zephyrus/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 4618fe3..4e3ae63 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -7,7 +7,7 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; - my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" ]; + my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" "enp43s0u1u1" ]; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From 428643f973c3d3ef03f51aa725e45c1119145084 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Jan 2022 23:58:19 +0100 Subject: [PATCH 218/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/57378ea2f62e9f450f420dc9d01cc06e0d3dd15e' (2022-01-11) → 'github:nix-community/emacs-overlay/cdd347f1b966415c5473b3e3f4640c0d0fd13b55' (2022-01-16) • Updated input 'home-manager': 'github:nix-community/home-manager/5209ea0d8c77399ec4987590e9738953f15f8d80' (2022-01-11) → 'github:nix-community/home-manager/46bba772f26f89b62811f487d2b0d5357c91bc32' (2022-01-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0ecf7d414811f831060cf55707c374d54fbb1dec' (2022-01-09) → 'github:NixOS/nixpkgs/5aaed40d22f0d9376330b6fa413223435ad6fee5' (2022-01-13) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/3fe528dec572a26404f130893d2c22a35646247c' (2022-01-11) → 'github:NixOS/nixpkgs/0a223c8d509cea6b4be3906f9c39820ff195fad2' (2022-01-15) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 778ccad..2c990e4 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "emacs-overlay": { "locked": { - "lastModified": 1641901534, - "narHash": "sha256-Nvm6Zj80fVtzmGsUFYlz9XGFyLnyAe9VoduPmDBu+js=", + "lastModified": 1642358862, + "narHash": "sha256-tttyyXdpOQYxFG3HkOOcK0dFxBpdaeWHRrIWWnQRZYA=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "57378ea2f62e9f450f420dc9d01cc06e0d3dd15e", + "rev": "cdd347f1b966415c5473b3e3f4640c0d0fd13b55", "type": "github" }, "original": { @@ -39,11 +39,11 @@ ] }, "locked": { - "lastModified": 1641915897, - "narHash": "sha256-C5Vw7B8BKA/kr9tWVYjEdD3AjstXFqoxkkzrOwfQZxk=", + "lastModified": 1642372264, + "narHash": "sha256-SRnw7qcHmvUBxby925Vm+nhPqq7YVs1qquNqv7TRyVY=", "owner": "nix-community", "repo": "home-manager", - "rev": "5209ea0d8c77399ec4987590e9738953f15f8d80", + "rev": "46bba772f26f89b62811f487d2b0d5357c91bc32", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641710811, - "narHash": "sha256-yVJ+CtwWZY8BnkNIJ/ue5a28yrRM6CkDF1LvmGmqqwM=", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1641865627, - "narHash": "sha256-B3b7KCThCx5bcDtWCX9ZZIl/EVs/lB8iDdI277/tvNA=", + "lastModified": 1642285376, + "narHash": "sha256-LfZBVKCrPOx5k9pUoJlRsBvdz7yn1qYHenCKuqwwFGo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3fe528dec572a26404f130893d2c22a35646247c", + "rev": "0a223c8d509cea6b4be3906f9c39820ff195fad2", "type": "github" }, "original": { From d7bf5fdbf41890e66530a34585634b290a6851c3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Jan 2022 16:59:20 +0100 Subject: [PATCH 219/904] pkgs: spot: bump to 2.10.3 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index ff1851b..f17e625 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ , python3 }: let - version = "2.10.2"; + version = "2.10.3"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-wcS6TxyHkZs9J0koDH6ZWafYKkpDqXoZ7KCjyiJgUGY="; + sha256 = "sha256-iX6VSGFzdI8rZe7L2ZojS39od/IYboaNp6zlZxgEAZ8="; }; } From c4fe135612df892f5b2c8e472c2fe1d0be070fff Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Jan 2022 21:56:41 +0100 Subject: [PATCH 220/904] secrets: setup agenix --- base/programs.nix | 2 ++ flake.lock | 54 +++++++++++++++++++++++++++++-------- flake.nix | 12 ++++++++- hosts/zephyrus/default.nix | 5 ++++ modules/default.nix | 1 + modules/secrets/default.nix | 24 +++++++++++++++++ modules/secrets/secrets.nix | 14 ++++++++++ 7 files changed, 100 insertions(+), 12 deletions(-) create mode 100644 modules/secrets/default.nix create mode 100644 modules/secrets/secrets.nix diff --git a/base/programs.nix b/base/programs.nix index 86a0668..ab3abc7 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -53,6 +53,8 @@ # nix pkgs lookup nix-index + + agenix ; inherit (pkgs.llvmPackages_11) diff --git a/flake.lock b/flake.lock index 2c990e4..a7dafe2 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "agenix": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1641576265, + "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=", + "owner": "ryantm", + "repo": "agenix", + "rev": "08b9c96878b2f9974fc8bde048273265ad632357", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "emacs-overlay": { "locked": { "lastModified": 1642358862, @@ -71,18 +89,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1642104392, - "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", - "type": "github" + "lastModified": 1618628710, + "narHash": "sha256-9xIoU+BrCpjs5nfWcd/GlU7XCVdnNKJPffoNTxgGfhs=", + "path": "/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source", + "rev": "7919518f0235106d050c77837df5e338fb94de5d", + "type": "path" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "type": "indirect" } }, "nixpkgs-unstable-small": { @@ -101,13 +116,30 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { + "agenix": "agenix", "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } diff --git a/flake.nix b/flake.nix index 9bc927c..16e9b08 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,12 @@ ref = "nixos-unstable-small"; }; + agenix = { + type = "github"; + owner = "ryantm"; + repo = "agenix"; + }; + emacs-overlay = { type = "github"; owner = "nix-community"; @@ -45,7 +51,7 @@ }; }; - outputs = { self, nixpkgs, home-manager, ... } @inputs: { + outputs = { self, nixpkgs, home-manager, agenix, ... } @inputs: { nixosModules = { home = { home-manager.useGlobalPkgs = true; @@ -74,9 +80,13 @@ inherit system; config.allowUnfree = true; }; + }) + + agenix.overlay ] ++ builtins.attrValues self.overlays; sharedModules = [ + agenix.nixosModules.age home-manager.nixosModule { nixpkgs.overlays = shared_overlays; } ] ++ (nixpkgs.lib.attrValues self.nixosModules); diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 231692f..8302757 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -53,6 +53,11 @@ in }; }; fwupd.enable = true; + openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; }; my.gui.enable = true; diff --git a/modules/default.nix b/modules/default.nix index 761f84e..dd987a9 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,6 +2,7 @@ { imports = [ ./sddm.nix + ./secrets ./wakeonwlan.nix ]; } diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix new file mode 100644 index 0000000..06636db --- /dev/null +++ b/modules/secrets/default.nix @@ -0,0 +1,24 @@ +{ config, lib, options, ... }: + +{ + config.age = { + secrets = + let + toName = lib.removeSuffix ".age"; + userExists = u: builtins.hasAttr u config.users.users; + # Only set the user if it exists, to avoid warnings + userIfExists = u: if userExists u then u else "root"; + toSecret = name: { owner ? "root", ... }: { + file = ./. + "/${name}"; + owner = lib.mkDefault (userIfExists owner); + }; + convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v); + secrets = import ./secrets.nix; + in + lib.mapAttrs' convertSecrets secrets; + + identityPaths = options.age.identityPaths.default ++ [ + "/home/alarsyo/.ssh/id_ed25519" + ]; + }; +} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix new file mode 100644 index 0000000..53ef8d1 --- /dev/null +++ b/modules/secrets/secrets.nix @@ -0,0 +1,14 @@ +let + alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"; + users = [ alarsyo ]; + + boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; + poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; + zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; + + machines = [ boreal poseidon zephyrus ]; + + all = users ++ machines; +in +{ +} From a0ead301947eacfb7e2a6795121cfd87e99e4675 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Jan 2022 21:57:00 +0100 Subject: [PATCH 221/904] services: restic: support custom secret filepaths --- services/restic-backup.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/services/restic-backup.nix b/services/restic-backup.nix index a4ee271..624deca 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -62,6 +62,16 @@ in { monthly = 6; }; }; + + passwordFile = mkOption { + type = types.str; + default = "/root/restic/password"; + }; + + environmentFile = mkOption { + type = types.str; + default = "/root/restic/creds"; + }; }; config = mkIf cfg.enable { @@ -73,8 +83,8 @@ in { paths = cfg.paths; repository = cfg.repo; - passwordFile = "/root/restic/password"; - environmentFile = "/root/restic/creds"; + passwordFile = cfg.passwordFile; + environmentFile = cfg.environmentFile; extraBackupArgs = [ "--verbose=2" ] ++ optional (builtins.length cfg.exclude != 0) excludeArg; From c3fcb0154f3741b63e8826225ba3389d2705e0b6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Jan 2022 22:00:51 +0100 Subject: [PATCH 222/904] zephyrus: setup restic backup with agenix secrets --- hosts/zephyrus/default.nix | 29 +++++++++++++++++++ .../restic-backup/zephyrus-credentials.age | 11 +++++++ .../restic-backup/zephyrus-password.age | 9 ++++++ modules/secrets/secrets.nix | 2 ++ 4 files changed, 51 insertions(+) create mode 100644 modules/secrets/restic-backup/zephyrus-credentials.age create mode 100644 modules/secrets/restic-backup/zephyrus-password.age diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 8302757..facb295 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -43,6 +43,35 @@ in tailscale.enable = true; pipewire.enable = true; + + restic-backup = { + enable = true; + repo = "b2:zephyrus-backup"; + passwordFile = config.age.secrets."restic-backup/zephyrus-password".path; + environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path; + + paths = [ + "/home/alarsyo" + ]; + exclude = [ + "/home/alarsyo/Downloads" + + # Rust builds using half my storage capacity + "/home/alarsyo/*/target" + "/home/alarsyo/work/rust/build" + + # don't backup nixpkgs + "/home/alarsyo/work/nixpkgs" + + # C build crap + "*.a" + "*.o" + "*.so" + + # ignore all dotfiles as .config and .cache can become quite big + "/home/alarsyo/.*" + ]; + }; }; services = { diff --git a/modules/secrets/restic-backup/zephyrus-credentials.age b/modules/secrets/restic-backup/zephyrus-credentials.age new file mode 100644 index 0000000..dfadadb --- /dev/null +++ b/modules/secrets/restic-backup/zephyrus-credentials.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 ZQuVNA KjrRurc5ztGrYO2wx0ToE8E4Yz2sbNwPi4zCGAJUK3k ++U1Ox1U4Z9ssleGchzMJGpQjFaRoqMYSLhKHXj1F2/U +-> ssh-ed25519 k2gHjw W35K39F0sREO2igYKaa3zr1LKgF6xiU5YtMq3RYqkC4 +YJV8kdjMJSoRX7iLw2bQXET9zOudFuhZeHqPqHkNjuc +-> (aAM-grease j{6WJ 3C& +Pfh0krD/ClkQcByosGU3CxPivvPei5tXWZHh6odkWxn29iqsKT6L1ihEgYJDlopA +8ODR4G4ax6ZY13O+qjc +--- ugjGDcsxbwlKmTN+4lUyrhD6GJPl0qk4i+4OLS2NRP0 +]#zpX7ә 1m%wF 4سcp+Q2pmxx>ň)E;~sx[S$z&rBSVz\SXrd\5Tf| +T \ No newline at end of file diff --git a/modules/secrets/restic-backup/zephyrus-password.age b/modules/secrets/restic-backup/zephyrus-password.age new file mode 100644 index 0000000..050d2cc --- /dev/null +++ b/modules/secrets/restic-backup/zephyrus-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 ZQuVNA H3/RLTRU8T3JY99f+b9xT5oIqPCDyxjRfFbJ7iR3/zE +CTLpdnGapstc+/epugi1CxIZ3T7JZgE4Ew14B2WuanY +-> ssh-ed25519 k2gHjw wEnvcV2UApJ1MMyIQgSSkF+zhG+fugEiCieCpPBdJyc +polPsTGun9e6Bq6rogQBrmT32GQXiixxlKmuRpDDM0c +-> Jt-grease rX6~ +RL6JmjlIQaG17HQQFY3hTYtTiL12Sr3RX/Scv6gO7gO8 +--- eUEOS9mtYxxW2bqzEpD+ZsyYjhHWCArPd2PiFn6wMF4 +*@-9pMDI{zükeK);+UOZ{B Sx/LIG9 1:Yݽ4x:Kfq9aO[jNXq,Z=*''tׄ !vW6nG&QwG \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 53ef8d1..5998d31 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -11,4 +11,6 @@ let all = users ++ machines; in { + "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; + "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; } From b0c90137dd634a044c5f2906ebdc5fc2e35a2dec Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Jan 2022 22:02:26 +0100 Subject: [PATCH 223/904] base: ignore lid switch on laptop --- base/gui-programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index c1dbbc6..51c23d4 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -26,6 +26,8 @@ in xkbVariant = "us"; libinput.enable = true; }; + + logind.lidSwitch = "ignore"; }; environment.systemPackages = builtins.attrValues { From 56f84fcb369d6418cf4eecbbcf5bb7e8af37d7ca Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Jan 2022 23:39:45 +0100 Subject: [PATCH 224/904] hosts: fix backup exclude wildcard --- hosts/boreal/default.nix | 2 +- hosts/zephyrus/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index f1b3d81..8116755 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -64,7 +64,7 @@ in "/home/alarsyo/Downloads" # Rust builds using half my storage capacity - "/home/alarsyo/*/target" + "/home/alarsyo/**/target" "/home/alarsyo/work/rust/build" # don't backup nixpkgs diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index facb295..ad9083e 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -57,7 +57,7 @@ in "/home/alarsyo/Downloads" # Rust builds using half my storage capacity - "/home/alarsyo/*/target" + "/home/alarsyo/**/target" "/home/alarsyo/work/rust/build" # don't backup nixpkgs From 1d0fd8d461459e225e6144a56f07f04438be0bcf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jan 2022 09:05:22 +0100 Subject: [PATCH 225/904] services: restic: allow configuring timer --- services/restic-backup.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/services/restic-backup.nix b/services/restic-backup.nix index 624deca..8d57f5c 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -72,6 +72,13 @@ in { type = types.str; default = "/root/restic/creds"; }; + + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "daily"; + }; + }; }; config = mkIf cfg.enable { @@ -89,9 +96,7 @@ in { extraBackupArgs = [ "--verbose=2" ] ++ optional (builtins.length cfg.exclude != 0) excludeArg; - timerConfig = { - OnCalendar = "daily"; - }; + timerConfig = cfg.timerConfig; pruneOpts = makePruneOpts cfg.prune; }; From 0589894ec6f27345aabb4a2f72384208812aa85f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jan 2022 09:05:36 +0100 Subject: [PATCH 226/904] zephyrus: configure timer for backup service --- hosts/zephyrus/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index ad9083e..0236f1d 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -50,6 +50,10 @@ in passwordFile = config.age.secrets."restic-backup/zephyrus-password".path; environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path; + timerConfig = { + OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day + }; + paths = [ "/home/alarsyo" ]; From e5d6210912c9f0a0a155a4233ac0b966122088f1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jan 2022 11:20:25 +0100 Subject: [PATCH 227/904] zephyrus: don't depend on git-crypt secrets at all --- hosts/zephyrus/default.nix | 3 --- services/restic-backup.nix | 1 - zephyrus.nix | 3 --- 3 files changed, 7 deletions(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 0236f1d..ef8f38a 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -3,9 +3,6 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: -let - secrets = config.my.secrets; -in { imports = [ # Include the results of the hardware scan. diff --git a/services/restic-backup.nix b/services/restic-backup.nix index 8d57f5c..66e531c 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -11,7 +11,6 @@ let ; cfg = config.my.services.restic-backup; - secrets = config.my.secrets; excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); makePruneOpts = pruneOpts: attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts; diff --git a/zephyrus.nix b/zephyrus.nix index e355eb3..ed011ae 100644 --- a/zephyrus.nix +++ b/zephyrus.nix @@ -10,9 +10,6 @@ # Service definitions ./services - # Configuration secrets - ./secrets - # Host-specific config ./hosts/zephyrus ]; From a83c9a4644232b9cd4e29487a533665dede872a9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jan 2022 11:41:37 +0100 Subject: [PATCH 228/904] secrets: move hashed passwords to agenix --- base/users.nix | 4 ++-- modules/secrets/secrets.nix | 3 +++ modules/secrets/users/alarsyo-hashed-password.age | Bin 0 -> 694 bytes modules/secrets/users/root-hashed-password.age | Bin 0 -> 619 bytes 4 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 modules/secrets/users/alarsyo-hashed-password.age create mode 100644 modules/secrets/users/root-hashed-password.age diff --git a/base/users.nix b/base/users.nix index 263163f..2af640f 100644 --- a/base/users.nix +++ b/base/users.nix @@ -5,10 +5,10 @@ in { users.mutableUsers = false; users.users.root = { - hashedPassword = secrets.shadow-hashed-password-root; + passwordFile = config.age.secrets."users/root-hashed-password".path; }; users.users.alarsyo = { - hashedPassword = secrets.shadow-hashed-password-alarsyo; + passwordFile = config.age.secrets."users/alarsyo-hashed-password".path; isNormalUser = true; extraGroups = [ "media" diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 5998d31..0a0d1cd 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -13,4 +13,7 @@ in { "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; + + "users/root-hashed-password.age".publicKeys = machines; + "users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ]; } diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age new file mode 100644 index 0000000000000000000000000000000000000000..9d80aa72837e8960690453faa7b6615c69c3c397 GIT binary patch literal 694 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dpv?A4$MsV z3Nf_|3r{f%aWg87sL=QEF7U}HugtIXu8ausc8scwEOQUeO6STq@C+-_PfmA@OereO zFU(5`FmW&T@-mI6G^#QwvM`SFvds1IEOk$fG(op5DzG%n&ru;S$iy!%JSW{P!aLA2 z%``M6H_|jL+1bdV&>|!#&pS6Y!q6o!r6@HyubeA5B{AD8&^0Z>r#LS+HOMbJqsYK0 zDJfLn(ksum*xfQQ%CR&=+ohni#1q}NDl^woi$H~_s)E$u!Yp_5#7v{8{IH0moOD+Y zS2KeuA0NL`zv3Kkzv2Mnkg(u#cV8|`@8XooJm1P(^9=6-6AKHo!ZQD~qLL~vw@~v8 zBcCXz?DF)Y!sMhPZC7;LBEx+Hv(psmQW{Zh&;vophjT?gp)ldw3n3%_Y`iK7pK|mIj`haw0FQo0Mx|uNB{r; literal 0 HcmV?d00001 diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age new file mode 100644 index 0000000000000000000000000000000000000000..b0ef183c39e301610cb269a98de8f0305c4535d5 GIT binary patch literal 619 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTS3M>utb5!tkO3gAi z&Z{hpEJ_dd%FIuTs4R9hOZLpFNDlQ)D+mhm3<)a@$f+vy2;|Bt49f8;2=(v{F^>%O zHBZhobc`@gOVamua!X0}$TRUWNQyA=H*t4#GeEbk%FMOYB2b|$Bc!Cb$hjgo*wNQO zKf}bMIJm?=C8<0+!_Pd;KRn6AJ229u%-1>7y_n0mB)d4T(kHpd+#|r#(9bKSI3z4I z%*!B3+s~-dH6l63-_tU;Bt6PG+!fun$Z+4l>~w_?iz=h+Oph`zH~&K4h=TNDpKOo3 z;!-1ntdxMPoI-y$OE2d_H`C&(tYof~lnjHw@CwVMeB(Sbk1X>fzd$#aM8hy+({eBK zjH-|C&!XtuX2!WJ|=3VN%3CUy6Hu!iN&c3QC7+Nmht5Zrf#{e&I(Zlam5OW zHIacnT)Fz?hR)^wUglmAK1n4N#-&jeC8nNkuIYyPMJZ9vm1bdKgrwQK}F?>P9?edWjR&GF23QWCR_|^mp@+@x_=-^Ji@Ng zw0E5*OGoAw{m1WQlXpBZ?-Nm9AJxC?x`+f{;gjM`H+7lf_dlGLr^MiEvf^yt(p7t( zJ5A7vy1-RbRg;$GF=>bI`WugKY<~Iot4gna#$m6p^jJ-WwjIJ9;wLsoaXTl-te>z} fbm1;@)`!0@Ylc1Bxq2VxYO%mO%VXj=wVn9^p Date: Tue, 18 Jan 2022 11:56:32 +0100 Subject: [PATCH 229/904] ci: build nixos configurations --- .github/workflows/cachix.yaml | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index e4c48ae..accf269 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -1,13 +1,16 @@ -name: "Build packages for cachix" +name: "Populate Cachix binary cache" on: push: paths: + - '**.nix' + - '**.age' - 'pkgs/**' - 'flake.nix' - 'flake.lock' - '.github/workflows/*' jobs: - build: + build-pkgs: + name: Build custom Nix packages runs-on: ubuntu-latest strategy: @@ -33,3 +36,27 @@ jobs: - name: Build package run: nix build --verbose -L .#"${{ matrix.name }}" + + build-configs: + name: Build NixOS configurations + runs-on: ubuntu-latest + needs: [ build-pkgs ] + + strategy: + matrix: + name: + - zephyrus + + steps: + - uses: actions/checkout@v2 + + - uses: cachix/install-nix-action@v16 + + - uses: cachix/cachix-action@v10 + with: + name: alarsyo + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + extraPullNames: "nix-community" + + - name: Build package + run: nix build --verbose -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel From 562701109f263b71971cd9190604f9c519578742 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jan 2022 12:01:50 +0100 Subject: [PATCH 230/904] home: i3bar: remove bluetooth mouse item --- home/default.nix | 1 - .../bluetooth-mouse-mac-address.secret | Bin 40 -> 0 bytes home/secrets/default.nix | 19 ------------------ home/x/i3bar.nix | 6 ------ 4 files changed, 26 deletions(-) delete mode 100644 home/secrets/bluetooth-mouse-mac-address.secret delete mode 100644 home/secrets/default.nix diff --git a/home/default.nix b/home/default.nix index 44341dd..7368d96 100644 --- a/home/default.nix +++ b/home/default.nix @@ -12,7 +12,6 @@ ./laptop.nix ./lorri.nix ./rofi.nix - ./secrets ./ssh.nix ./themes ./tmux.nix diff --git a/home/secrets/bluetooth-mouse-mac-address.secret b/home/secrets/bluetooth-mouse-mac-address.secret deleted file mode 100644 index cc6ff3c3207037ddb8d04186e57041211f35b93c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 40 xcmZQ@_Y83kiVO&0cvBgc_vCg`^^5Bk6PH Date: Tue, 18 Jan 2022 14:40:33 +0100 Subject: [PATCH 231/904] zephyrus: ensure home is mounted for agenix --- hosts/zephyrus/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix index 48d6162..cec5cce 100644 --- a/hosts/zephyrus/hardware-configuration.nix +++ b/hosts/zephyrus/hardware-configuration.nix @@ -29,6 +29,7 @@ in { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; fsType = "btrfs"; options = [ "subvol=@home" "compress=zstd" "noatime" ]; + neededForBoot = true; # agenix needs my key for some root secrets }; fileSystems."/nix" = From 38fb614309e79b1f754f9e0400d84b0e86227c9e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jan 2022 15:09:23 +0100 Subject: [PATCH 232/904] base: disable wifi when on ethernet --- base/gui-programs.nix | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 51c23d4..5be13c1 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -55,7 +55,40 @@ in inherit (pkgs.unstable) discord; }; - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + + dispatcherScripts = [ + { + source = + let + grep = "${pkgs.gnugrep}/bin/grep"; + nmcli = "${pkgs.networkmanager}/bin/nmcli"; + in pkgs.writeShellScript "disable_wifi_on_ethernet" '' + export LC_ALL=C + + enable_disable_wifi () + { + result=$(${nmcli} dev | ${grep} "ethernet" | ${grep} -w "connected") + if [ -n "$result" ]; then + ${nmcli} radio wifi off + else + ${nmcli} radio wifi on + fi + } + + if [ "$2" = "up" ]; then + enable_disable_wifi + fi + + if [ "$2" = "down" ]; then + enable_disable_wifi + fi + ''; + type = "basic"; + } + ]; + }; programs.nm-applet.enable = true; programs.steam.enable = true; From ceac41132e1e0ef8b11d42bff61239525d4dbaec Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Jan 2022 00:29:44 +0100 Subject: [PATCH 233/904] boreal: get rid of git crypt secrets for this host Also move to restic-backup --- .github/workflows/cachix.yaml | 1 + hosts/boreal/default.nix | 18 +++++------------- .../restic-backup/boreal-credentials.age | 10 ++++++++++ .../secrets/restic-backup/boreal-password.age | Bin 0 -> 542 bytes modules/secrets/secrets.nix | 2 ++ secrets/borg-backup/boreal-repo.secret | Bin 63 -> 0 bytes secrets/borg-backup/default.nix | 1 - 7 files changed, 18 insertions(+), 14 deletions(-) create mode 100644 modules/secrets/restic-backup/boreal-credentials.age create mode 100644 modules/secrets/restic-backup/boreal-password.age delete mode 100644 secrets/borg-backup/boreal-repo.secret diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index accf269..b9bebfb 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -45,6 +45,7 @@ jobs: strategy: matrix: name: + - boreal - zephyrus steps: diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 8116755..9175f92 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -3,9 +3,6 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: -let - secrets = config.my.secrets; -in { imports = [ # Include the results of the hardware scan. @@ -46,17 +43,12 @@ in # List services that you want to enable: my.services = { - borg-backup = { + restic-backup = { enable = true; - repo = secrets.borg-backup.boreal-repo; - # for a workstation, having backups spanning the last month should be - # enough - prune = { - keep = { - daily = 7; - weekly = 4; - }; - }; + repo = "b2:boreal-backup"; + passwordFile = config.age.secrets."restic-backup/boreal-password".path; + environmentFile = config.age.secrets."restic-backup/boreal-credentials".path; + paths = [ "/home/alarsyo" ]; diff --git a/modules/secrets/restic-backup/boreal-credentials.age b/modules/secrets/restic-backup/boreal-credentials.age new file mode 100644 index 0000000..e7827ac --- /dev/null +++ b/modules/secrets/restic-backup/boreal-credentials.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro +21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks +-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM +ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg +-> u5-grease +MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm +fg +--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw +D &vN1t8w<wd>s:G_ƚyu,%@Jh"EvX \ No newline at end of file diff --git a/modules/secrets/restic-backup/boreal-password.age b/modules/secrets/restic-backup/boreal-password.age new file mode 100644 index 0000000000000000000000000000000000000000..95176eefa2010d461ca5cdf1b774c0b1931b9cd0 GIT binary patch literal 542 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTS4EGJpPFHY>EG*M^ z@(p&(FUj(8DUH%j(Kc{133E#c^(hZX^K;8iFG~!~GV~8}D(1=yD>v}Ba4k2`H;(YG zGE8zRam>!}E;lQ*%*yo0_Hqu$O7(M3D$gsebVRo;+bG>5t6U*ZKQE{_I6~jlv&gX0 z%{Sb`tt3CuBqYo&%q-bBKO!nM&nPI}Js=|4*paJJ+ch%BGb%MFC?G5|!rj86MBgwd zFDxuFB}?Bp%+NV7I7HvI$S^EbKN)0Oq@lBFs&0BwYGQG!g0G=hxPfbNjY3jDyh4t3 zUA}fSmwQHvQB`KCVOBs;PL#KKwx^l4cXDx7j*q#Sx4%cSUvXA=Ms|p=caoP!NuWto zg;#-lXh0yBuCA^^a&S?pwo!zcPe__+RB^F(a;`X_q#H9r$b#%yA%fQv8d%`}Q$^Jf3yXN6hzltVy`Q z_84>5S0`<5c=SnLk_g>Zvh(7CWydZE+R2DM{rJErzlUedtN9WI%O1Qh5IWep(>6in)BUw~s#SOap8d_v literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 0a0d1cd..5e3fec2 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -11,6 +11,8 @@ let all = users ++ machines; in { + "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; + "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; diff --git a/secrets/borg-backup/boreal-repo.secret b/secrets/borg-backup/boreal-repo.secret deleted file mode 100644 index db1104e51ac95e4d24ff4db0562e7c546f2576b8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 63 zcmZQ@_Y83kiVO&0IP>VdVaHa7`fpP+yEd1EZv9-d-zAcv|JdxP3zxQEn15O$=! Date: Fri, 21 Jan 2022 00:41:24 +0100 Subject: [PATCH 234/904] ci: shorten workflow titles to fit in UI --- .github/workflows/cachix.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index b9bebfb..7316634 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -10,7 +10,7 @@ on: - '.github/workflows/*' jobs: build-pkgs: - name: Build custom Nix packages + name: Nix packages runs-on: ubuntu-latest strategy: @@ -38,7 +38,7 @@ jobs: run: nix build --verbose -L .#"${{ matrix.name }}" build-configs: - name: Build NixOS configurations + name: NixOS configs runs-on: ubuntu-latest needs: [ build-pkgs ] From 3958162fe0b4b15ea3b480ef2551e20f253ef590 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Jan 2022 00:47:21 +0100 Subject: [PATCH 235/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/cdd347f1b966415c5473b3e3f4640c0d0fd13b55' (2022-01-16) → 'github:nix-community/emacs-overlay/4075922d23e44a2b4c73e8c08f8b008ec6391ef2' (2022-01-20) • Updated input 'home-manager': 'github:nix-community/home-manager/46bba772f26f89b62811f487d2b0d5357c91bc32' (2022-01-16) → 'github:nix-community/home-manager/7eb5106548eaab99ebeb21c87f93092de54fe931' (2022-01-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5aaed40d22f0d9376330b6fa413223435ad6fee5' (2022-01-13) → 'github:NixOS/nixpkgs/6d8215281b2f87a5af9ed7425a26ac575da0438f' (2022-01-19) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/0a223c8d509cea6b4be3906f9c39820ff195fad2' (2022-01-15) → 'github:NixOS/nixpkgs/1c0f3cd8dfb451fcde1e164426ef9211f7c595c1' (2022-01-20) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a7dafe2..f77476a 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1642358862, - "narHash": "sha256-tttyyXdpOQYxFG3HkOOcK0dFxBpdaeWHRrIWWnQRZYA=", + "lastModified": 1642703365, + "narHash": "sha256-TgR0xJSGUt0kgk7KiF4NfFNPU7umDrAx/oFVqlvqmmM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "cdd347f1b966415c5473b3e3f4640c0d0fd13b55", + "rev": "4075922d23e44a2b4c73e8c08f8b008ec6391ef2", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1642372264, - "narHash": "sha256-SRnw7qcHmvUBxby925Vm+nhPqq7YVs1qquNqv7TRyVY=", + "lastModified": 1642676973, + "narHash": "sha256-bLQ6n0pXYaIuNSyJnm30JGCfjmuTi59qAmj8S2ExDXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "46bba772f26f89b62811f487d2b0d5357c91bc32", + "rev": "7eb5106548eaab99ebeb21c87f93092de54fe931", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1642285376, - "narHash": "sha256-LfZBVKCrPOx5k9pUoJlRsBvdz7yn1qYHenCKuqwwFGo=", + "lastModified": 1642694151, + "narHash": "sha256-e5IUzWN12iduNLlKZN/wlAxpfDl9FHKxxnPpyAQJyZ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0a223c8d509cea6b4be3906f9c39820ff195fad2", + "rev": "1c0f3cd8dfb451fcde1e164426ef9211f7c595c1", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1642104392, - "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "lastModified": 1642635915, + "narHash": "sha256-vabPA32j81xBO5m3+qXndWp5aqepe+vu96Wkd9UnngM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", + "rev": "6d8215281b2f87a5af9ed7425a26ac575da0438f", "type": "github" }, "original": { From 888185073089965538dbdc03eebbd760d8b3172b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Jan 2022 01:05:42 +0100 Subject: [PATCH 236/904] home: fix home-manager setting double definition --- home/lorri.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/lorri.nix b/home/lorri.nix index e2c5ebb..386d282 100644 --- a/home/lorri.nix +++ b/home/lorri.nix @@ -16,7 +16,6 @@ in services.lorri.enable = true; programs.direnv = { enable = true; - enableFishIntegration = true; # FIXME: proper file, not lorri.nix nix-direnv = { enable = true; From 096c2abb02b12efe46017d41cbf59d4bc08f7d49 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Jan 2022 01:40:53 +0100 Subject: [PATCH 237/904] secrets: list secrets used on host explicitly --- hosts/boreal/default.nix | 2 ++ hosts/boreal/secrets.nix | 19 +++++++++++++++++++ hosts/zephyrus/default.nix | 1 + hosts/zephyrus/secrets.nix | 19 +++++++++++++++++++ modules/secrets/default.nix | 15 --------------- 5 files changed, 41 insertions(+), 15 deletions(-) create mode 100644 hosts/boreal/secrets.nix create mode 100644 hosts/zephyrus/secrets.nix diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 9175f92..be11d05 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -9,6 +9,8 @@ ./hardware-configuration.nix ./home.nix + + ./secrets.nix ]; boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/hosts/boreal/secrets.nix b/hosts/boreal/secrets.nix new file mode 100644 index 0000000..65d91d1 --- /dev/null +++ b/hosts/boreal/secrets.nix @@ -0,0 +1,19 @@ +{ config, lib, options, ... }: + +{ + config.age = { + secrets = + let + toSecret = name: { ... }@attrs: { + file = ./../../modules/secrets + "/${name}.age"; + } // attrs; + in + lib.mapAttrs toSecret { + "restic-backup/boreal-credentials" = {}; + "restic-backup/boreal-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index ef8f38a..641e414 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -8,6 +8,7 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ./home.nix + ./secrets.nix ]; boot.kernelPackages = pkgs.linuxPackages; diff --git a/hosts/zephyrus/secrets.nix b/hosts/zephyrus/secrets.nix new file mode 100644 index 0000000..125bd3f --- /dev/null +++ b/hosts/zephyrus/secrets.nix @@ -0,0 +1,19 @@ +{ config, lib, options, ... }: + +{ + config.age = { + secrets = + let + toSecret = name: { ... }@attrs: { + file = ./../../modules/secrets + "/${name}.age"; + } // attrs; + in + lib.mapAttrs toSecret { + "restic-backup/zephyrus-credentials" = {}; + "restic-backup/zephyrus-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 06636db..dc5d2c9 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -2,21 +2,6 @@ { config.age = { - secrets = - let - toName = lib.removeSuffix ".age"; - userExists = u: builtins.hasAttr u config.users.users; - # Only set the user if it exists, to avoid warnings - userIfExists = u: if userExists u then u else "root"; - toSecret = name: { owner ? "root", ... }: { - file = ./. + "/${name}"; - owner = lib.mkDefault (userIfExists owner); - }; - convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v); - secrets = import ./secrets.nix; - in - lib.mapAttrs' convertSecrets secrets; - identityPaths = options.age.identityPaths.default ++ [ "/home/alarsyo/.ssh/id_ed25519" ]; From 791d55253b728d1a31c5391e971905a95d2776ff Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Jan 2022 13:24:59 +0100 Subject: [PATCH 238/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/4075922d23e44a2b4c73e8c08f8b008ec6391ef2' (2022-01-20) → 'github:nix-community/emacs-overlay/dcdd04c92e9175c82087536fcde3daae21837a75' (2022-01-24) • Updated input 'home-manager': 'github:nix-community/home-manager/7eb5106548eaab99ebeb21c87f93092de54fe931' (2022-01-20) → 'github:nix-community/home-manager/c47c350f6518ed39c2a16e4fadf9137b6c559ddc' (2022-01-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6d8215281b2f87a5af9ed7425a26ac575da0438f' (2022-01-19) → 'github:NixOS/nixpkgs/689b76bcf36055afdeb2e9852f5ecdd2bf483f87' (2022-01-23) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/1c0f3cd8dfb451fcde1e164426ef9211f7c595c1' (2022-01-20) → 'github:NixOS/nixpkgs/4ad9f4e242df6a8babd3f3787a2cf8bbdc60a0fb' (2022-01-24) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f77476a..3aae728 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1642703365, - "narHash": "sha256-TgR0xJSGUt0kgk7KiF4NfFNPU7umDrAx/oFVqlvqmmM=", + "lastModified": 1643020612, + "narHash": "sha256-19Brzzu2M7AvufZ+MU0m6jUXYl7+IX6NR0nM0OEx+5w=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4075922d23e44a2b4c73e8c08f8b008ec6391ef2", + "rev": "dcdd04c92e9175c82087536fcde3daae21837a75", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1642676973, - "narHash": "sha256-bLQ6n0pXYaIuNSyJnm30JGCfjmuTi59qAmj8S2ExDXI=", + "lastModified": 1642882610, + "narHash": "sha256-pmdgeJ9v6y+T0UfNQ/Z+Hdv5tPshFFra5JLF/byUA/Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "7eb5106548eaab99ebeb21c87f93092de54fe931", + "rev": "c47c350f6518ed39c2a16e4fadf9137b6c559ddc", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1642694151, - "narHash": "sha256-e5IUzWN12iduNLlKZN/wlAxpfDl9FHKxxnPpyAQJyZ8=", + "lastModified": 1642995822, + "narHash": "sha256-yeVgyKEq9gyOSGufK8+1vWdhhG2gOMc3cVjixh47LFM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1c0f3cd8dfb451fcde1e164426ef9211f7c595c1", + "rev": "4ad9f4e242df6a8babd3f3787a2cf8bbdc60a0fb", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1642635915, - "narHash": "sha256-vabPA32j81xBO5m3+qXndWp5aqepe+vu96Wkd9UnngM=", + "lastModified": 1642903813, + "narHash": "sha256-0lNfGW8sNfyTrixoQhVG00Drl/ECaf5GbfKAQ1ZDoyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6d8215281b2f87a5af9ed7425a26ac575da0438f", + "rev": "689b76bcf36055afdeb2e9852f5ecdd2bf483f87", "type": "github" }, "original": { From 9e511da8d726c921b8351ed4deb486dfeb3f1fc5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 30 Jan 2022 13:30:25 +0100 Subject: [PATCH 239/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/dcdd04c92e9175c82087536fcde3daae21837a75' (2022-01-24) → 'github:nix-community/emacs-overlay/261aed7731d92414fcb29f09a9bb7d4ed41d9455' (2022-01-30) • Updated input 'home-manager': 'github:nix-community/home-manager/c47c350f6518ed39c2a16e4fadf9137b6c559ddc' (2022-01-22) → 'github:nix-community/home-manager/acf824c9ed70f623b424c2ca41d0f6821014c67c' (2022-01-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/689b76bcf36055afdeb2e9852f5ecdd2bf483f87' (2022-01-23) → 'github:NixOS/nixpkgs/5bb20f9dc70e9ee16e21cc404b6508654931ce41' (2022-01-28) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/4ad9f4e242df6a8babd3f3787a2cf8bbdc60a0fb' (2022-01-24) → 'github:NixOS/nixpkgs/709f7b3c61dfa01db3ddc7356620a9c319a429d1' (2022-01-30) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3aae728..167de3d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1643020612, - "narHash": "sha256-19Brzzu2M7AvufZ+MU0m6jUXYl7+IX6NR0nM0OEx+5w=", + "lastModified": 1643538241, + "narHash": "sha256-16ZlVX049WZHHDwC/nozkNBTQxmwhIeh4NFZObiv9CA=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "dcdd04c92e9175c82087536fcde3daae21837a75", + "rev": "261aed7731d92414fcb29f09a9bb7d4ed41d9455", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1642882610, - "narHash": "sha256-pmdgeJ9v6y+T0UfNQ/Z+Hdv5tPshFFra5JLF/byUA/Y=", + "lastModified": 1643411645, + "narHash": "sha256-q1TjWmK1MeGNfcU8ud11v9ZTqq2UI8YiCVKCD2MeAEk=", "owner": "nix-community", "repo": "home-manager", - "rev": "c47c350f6518ed39c2a16e4fadf9137b6c559ddc", + "rev": "acf824c9ed70f623b424c2ca41d0f6821014c67c", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1642995822, - "narHash": "sha256-yeVgyKEq9gyOSGufK8+1vWdhhG2gOMc3cVjixh47LFM=", + "lastModified": 1643502397, + "narHash": "sha256-l7r8onTGYC3QgfN0oJ3NBhpJf/tRx7K30XkW2unfFno=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4ad9f4e242df6a8babd3f3787a2cf8bbdc60a0fb", + "rev": "709f7b3c61dfa01db3ddc7356620a9c319a429d1", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1642903813, - "narHash": "sha256-0lNfGW8sNfyTrixoQhVG00Drl/ECaf5GbfKAQ1ZDoyE=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "689b76bcf36055afdeb2e9852f5ecdd2bf483f87", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { From 5f8454285ee9ea3a12703bbb9b2bddea35e76e2d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 30 Jan 2022 15:59:08 +0100 Subject: [PATCH 240/904] base: nix: adapt renamed settings --- base/nix.nix | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/base/nix.nix b/base/nix.nix index dd9842b..48e41e4 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -8,15 +8,16 @@ experimental-features = nix-command flakes ''; - trustedUsers = [ "@wheel" ]; - - binaryCaches = [ - "https://alarsyo.cachix.org" - "https://nix-community.cachix.org" - ]; - binaryCachePublicKeys = [ - "alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; + settings = { + trusted-users = [ "@wheel" ]; + substituters = [ + "https://alarsyo.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; }; } From d5813bfdb60f71e17dfdd595e672e46fdd166e98 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 31 Jan 2022 16:21:13 +0100 Subject: [PATCH 241/904] flake: add temp fix for broken PAM in unstable See NixOS/nixpkgs#157112 --- flake.lock | 17 +++++++++++++++++ flake.nix | 10 ++++++++++ 2 files changed, 27 insertions(+) diff --git a/flake.lock b/flake.lock index 167de3d..1138b35 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,22 @@ "type": "indirect" } }, + "nixpkgs-fixed-pam": { + "locked": { + "lastModified": 1643302241, + "narHash": "sha256-cEIhdgbUkiptcSAZ52iuXvG72WNv6m4pR3Y4Lf8mP9s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ffdadd3ef9167657657d60daf3fe0f1b3176402d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ffdadd3ef9167657657d60daf3fe0f1b3176402d", + "type": "github" + } + }, "nixpkgs-unstable-small": { "locked": { "lastModified": 1643502397, @@ -140,6 +156,7 @@ "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "nixpkgs-fixed-pam": "nixpkgs-fixed-pam", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } diff --git a/flake.nix b/flake.nix index 16e9b08..afebe6f 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,13 @@ ref = "nixos-unstable-small"; }; + nixpkgs-fixed-pam = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + rev = "ffdadd3ef9167657657d60daf3fe0f1b3176402d"; + }; + agenix = { type = "github"; owner = "ryantm"; @@ -81,6 +88,9 @@ config.allowUnfree = true; }; + i3lock-color = super.i3lock-color.override { + pam = (import inputs.nixpkgs-fixed-pam { inherit system; }).pam; + }; }) agenix.overlay From 6afc0eb13a0c8c04f1ebdea0f38d2e06cc17fa95 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 2 Feb 2022 11:15:28 +0100 Subject: [PATCH 242/904] pkgs: spot: bump to 2.10.4 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index f17e625..99a5659 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ , python3 }: let - version = "2.10.3"; + version = "2.10.4"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-iX6VSGFzdI8rZe7L2ZojS39od/IYboaNp6zlZxgEAZ8="; + sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o="; }; } From 994343705fc6c43a4f14ee6eb6936d1b02070017 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 2 Feb 2022 17:49:59 +0100 Subject: [PATCH 243/904] add .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index e69de29..c4a847d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/result From 6fd28159a7522bb708983af06d87b182bab602e8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 14:27:38 +0100 Subject: [PATCH 244/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/261aed7731d92414fcb29f09a9bb7d4ed41d9455' (2022-01-30) → 'github:nix-community/emacs-overlay/02d47fdf48e54598f9838f01a9d172bfa206b63e' (2022-02-07) • Updated input 'home-manager': 'github:nix-community/home-manager/acf824c9ed70f623b424c2ca41d0f6821014c67c' (2022-01-28) → 'github:nix-community/home-manager/63dccc4e60422c1db2c3929b2fd1541f36b7e664' (2022-02-04) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5bb20f9dc70e9ee16e21cc404b6508654931ce41' (2022-01-28) → 'github:NixOS/nixpkgs/9f697d60e4d9f08eacf549502528bfaed859d33b' (2022-02-05) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/709f7b3c61dfa01db3ddc7356620a9c319a429d1' (2022-01-30) → 'github:NixOS/nixpkgs/64cb9c78e14d0ffc9ee627772a972aa4b59bbfd8' (2022-02-07) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 1138b35..bffc7d1 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1643538241, - "narHash": "sha256-16ZlVX049WZHHDwC/nozkNBTQxmwhIeh4NFZObiv9CA=", + "lastModified": 1644230579, + "narHash": "sha256-/3v0jBKY1QJPK6cdO0fZl+xK5E+GZhHcbgWb7RoFEN4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "261aed7731d92414fcb29f09a9bb7d4ed41d9455", + "rev": "02d47fdf48e54598f9838f01a9d172bfa206b63e", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1643411645, - "narHash": "sha256-q1TjWmK1MeGNfcU8ud11v9ZTqq2UI8YiCVKCD2MeAEk=", + "lastModified": 1643933104, + "narHash": "sha256-NZPuFxRsZKN8pjRuHPpzlMyt6JQhcjiduBG8bMghSjE=", "owner": "nix-community", "repo": "home-manager", - "rev": "acf824c9ed70f623b424c2ca41d0f6821014c67c", + "rev": "63dccc4e60422c1db2c3929b2fd1541f36b7e664", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1643502397, - "narHash": "sha256-l7r8onTGYC3QgfN0oJ3NBhpJf/tRx7K30XkW2unfFno=", + "lastModified": 1644225686, + "narHash": "sha256-XDslFfn44H93WjGytIhrPSduGIug1p4cPN/cEuHdIBI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "709f7b3c61dfa01db3ddc7356620a9c319a429d1", + "rev": "64cb9c78e14d0ffc9ee627772a972aa4b59bbfd8", "type": "github" }, "original": { @@ -134,11 +134,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1644033087, + "narHash": "sha256-beskas17YPhrcnanzywake9/z+k+xOWmavW24YUN8ng=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "9f697d60e4d9f08eacf549502528bfaed859d33b", "type": "github" }, "original": { From 47c00081694cf204c6083480f66fef25d751e585 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 14:28:11 +0100 Subject: [PATCH 245/904] Revert "flake: add temp fix for broken PAM in unstable" This reverts commit d5813bfdb60f71e17dfdd595e672e46fdd166e98. No longer necessary! --- flake.lock | 17 ----------------- flake.nix | 10 ---------- 2 files changed, 27 deletions(-) diff --git a/flake.lock b/flake.lock index bffc7d1..a5704c5 100644 --- a/flake.lock +++ b/flake.lock @@ -100,22 +100,6 @@ "type": "indirect" } }, - "nixpkgs-fixed-pam": { - "locked": { - "lastModified": 1643302241, - "narHash": "sha256-cEIhdgbUkiptcSAZ52iuXvG72WNv6m4pR3Y4Lf8mP9s=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ffdadd3ef9167657657d60daf3fe0f1b3176402d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ffdadd3ef9167657657d60daf3fe0f1b3176402d", - "type": "github" - } - }, "nixpkgs-unstable-small": { "locked": { "lastModified": 1644225686, @@ -156,7 +140,6 @@ "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "nixpkgs-fixed-pam": "nixpkgs-fixed-pam", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } diff --git a/flake.nix b/flake.nix index afebe6f..16e9b08 100644 --- a/flake.nix +++ b/flake.nix @@ -15,13 +15,6 @@ ref = "nixos-unstable-small"; }; - nixpkgs-fixed-pam = { - type = "github"; - owner = "NixOS"; - repo = "nixpkgs"; - rev = "ffdadd3ef9167657657d60daf3fe0f1b3176402d"; - }; - agenix = { type = "github"; owner = "ryantm"; @@ -88,9 +81,6 @@ config.allowUnfree = true; }; - i3lock-color = super.i3lock-color.override { - pam = (import inputs.nixpkgs-fixed-pam { inherit system; }).pam; - }; }) agenix.overlay From c07edc8fd27d1cb3b3ab792c154a4dde26e84c87 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 14:59:57 +0100 Subject: [PATCH 246/904] overlays: i3status-rust needs lm_sensors now --- overlays/i3status-rust/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/overlays/i3status-rust/default.nix b/overlays/i3status-rust/default.nix index 1b78021..2e4948a 100644 --- a/overlays/i3status-rust/default.nix +++ b/overlays/i3status-rust/default.nix @@ -10,6 +10,7 @@ final: prev: buildInputs = builtins.attrValues { inherit (final) dbus + lm_sensors openssl pulseaudio ; From d82c403da50ff6287acf7c96022fad962515aae0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 15:00:11 +0100 Subject: [PATCH 247/904] home: i3bar: i3status-rs no longer needs binaries --- home/x/i3bar.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index c1ec2c3..dc67f45 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -35,8 +35,7 @@ in config = mkIf isEnabled { home.packages = builtins.attrValues { inherit (pkgs) - iw # Used by `net` block - lm_sensors # Used by `temperature` block + # FIXME: is this useful? font-awesome ; }; From 8739ada74c9347269765cec9e273910a9b6484ea Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 16:06:11 +0100 Subject: [PATCH 248/904] ci: don't be so verbose --- .github/workflows/cachix.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 7316634..74cf5c1 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -35,7 +35,7 @@ jobs: extraPullNames: "nix-community" - name: Build package - run: nix build --verbose -L .#"${{ matrix.name }}" + run: nix build -L .#"${{ matrix.name }}" build-configs: name: NixOS configs @@ -60,4 +60,4 @@ jobs: extraPullNames: "nix-community" - name: Build package - run: nix build --verbose -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel + run: nix build -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel From 66006be93169ba38ced0dd937c61a0c0ea920254 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 17:11:01 +0100 Subject: [PATCH 249/904] home: tridactylrc: use tridactylrc-mode in emacs --- home/tridactylrc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/tridactylrc b/home/tridactylrc index a6a60e6..b683fa2 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -1,3 +1,5 @@ +" -*- tridactylrc -*- + " This wipes all existing settings. This means that if a setting in this file is " removed, then it will return to default. In other words, this file serves as " as an enforced single point of truth for Tridactyl's configuration. From 81193b919bfdcd628b1cbb0e0788dddad0424923 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 17:11:26 +0100 Subject: [PATCH 250/904] poseidon: include personal modules in config --- poseidon.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/poseidon.nix b/poseidon.nix index 2093e68..6e02ba3 100644 --- a/poseidon.nix +++ b/poseidon.nix @@ -5,6 +5,9 @@ # Default configuration ./base + # Module definitions + ./modules + # Service definitions ./services From 565b33dd3edd2b2b7ab9215515dd8c09fc2a9ab1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 17:16:52 +0100 Subject: [PATCH 251/904] poseidon: setup agenix secrets --- hosts/poseidon/default.nix | 1 + hosts/poseidon/secrets.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 hosts/poseidon/secrets.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index f458015..1e8d3eb 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -12,6 +12,7 @@ in ./hardware-configuration.nix ./home.nix + ./secrets.nix ]; # Use the GRUB 2 boot loader. diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix new file mode 100644 index 0000000..2b64a0d --- /dev/null +++ b/hosts/poseidon/secrets.nix @@ -0,0 +1,16 @@ +{ config, lib, options, ... }: + +{ + config.age = { + secrets = + let + toSecret = name: { ... }@attrs: { + file = ./../../modules/secrets + "/${name}.age"; + } // attrs; + in + lib.mapAttrs toSecret { + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} From 3e3d7153f9bc5d990f4708cc3fbe08db08addc9d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Feb 2022 17:24:33 +0100 Subject: [PATCH 252/904] services: nginx: fix acme option warning --- services/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nginx.nix b/services/nginx.nix index c765643..0fe607b 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -44,7 +44,7 @@ in security.acme = { acceptTerms = true; - email = "antoine97.martin@gmail.com"; + defaults.email = "antoine97.martin@gmail.com"; certs = let From 0a50a5c769557ba6c9cec87e378d954c5fea04fd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 8 Feb 2022 14:35:20 +0100 Subject: [PATCH 253/904] base: nix: get rid of extraOptions --- base/nix.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/base/nix.nix b/base/nix.nix index 48e41e4..c632aa9 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -4,11 +4,9 @@ nix = { package = pkgs.nixStable; - extraOptions = '' - experimental-features = nix-command flakes - ''; settings = { + experimental-features = [ "nix-command" "flakes" ]; trusted-users = [ "@wheel" ]; substituters = [ "https://alarsyo.cachix.org" From 86d73ecc81216dd6dfa88829ecef949839472ba2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Feb 2022 16:21:38 +0100 Subject: [PATCH 254/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/c9d000eea5d9bcecbf881ed3feca6db8764f73ed' (2022-02-14) → 'github:nix-community/emacs-overlay/d1471c0e9049772e84bfe11707ab8b9c133b49e8' (2022-02-21) • Updated input 'home-manager': 'github:nix-community/home-manager/7c2ae0bdd20ddcaafe41ef669226a1df67f8aa06' (2022-02-12) → 'github:nix-community/home-manager/0232fe1b75e6d7864fd82b5c72f6646f87838fc3' (2022-02-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/48d63e924a2666baf37f4f14a18f19347fbd54a2' (2022-02-10) → 'github:NixOS/nixpkgs/d5f237872975e6fb6f76eef1368b5634ffcd266f' (2022-02-20) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/2b8555151a90fac7afc04e43ad2e94027cd22b0b' (2022-02-14) → 'github:NixOS/nixpkgs/8e54a33514436d1e1c3481d7b45d02df7880a841' (2022-02-21) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a5704c5..c6d469f 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1644230579, - "narHash": "sha256-/3v0jBKY1QJPK6cdO0fZl+xK5E+GZhHcbgWb7RoFEN4=", + "lastModified": 1645440963, + "narHash": "sha256-DKSt+xkLe75THcYKkGuJU2+bv8wbZJtg5pldlOX9r0A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "02d47fdf48e54598f9838f01a9d172bfa206b63e", + "rev": "d1471c0e9049772e84bfe11707ab8b9c133b49e8", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1643933104, - "narHash": "sha256-NZPuFxRsZKN8pjRuHPpzlMyt6JQhcjiduBG8bMghSjE=", + "lastModified": 1645244400, + "narHash": "sha256-o7KCd6ySFZ9/LbS62aTeuFmBWtP7Tt3Q3RcNjYgTgZU=", "owner": "nix-community", "repo": "home-manager", - "rev": "63dccc4e60422c1db2c3929b2fd1541f36b7e664", + "rev": "0232fe1b75e6d7864fd82b5c72f6646f87838fc3", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1644225686, - "narHash": "sha256-XDslFfn44H93WjGytIhrPSduGIug1p4cPN/cEuHdIBI=", + "lastModified": 1645417563, + "narHash": "sha256-rBZK5XzKPhQtodK2WQJ4sDAXwBpu81m+QUlLj/h+J+8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64cb9c78e14d0ffc9ee627772a972aa4b59bbfd8", + "rev": "8e54a33514436d1e1c3481d7b45d02df7880a841", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1644033087, - "narHash": "sha256-beskas17YPhrcnanzywake9/z+k+xOWmavW24YUN8ng=", + "lastModified": 1645334861, + "narHash": "sha256-We9ECiMglthzbZ5S6Myqqf+RHzBFZPoM2qL5/jDkUjs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f697d60e4d9f08eacf549502528bfaed859d33b", + "rev": "d5f237872975e6fb6f76eef1368b5634ffcd266f", "type": "github" }, "original": { From 07770a093408dca5bc7a10979e28dc9eccd5f753 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 22 Feb 2022 18:11:07 +0100 Subject: [PATCH 255/904] home: i3bar: fix deprecated option for pom block --- home/x/i3bar.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index dc67f45..9e8246f 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -54,7 +54,7 @@ in block = "pomodoro"; length = 60; break_length = 10; - use_nag = true; + notifier = "i3nag"; } { block = "disk_space"; From cf9f6ab36b71fb697dd8a7c5d8a3c782144e4e55 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 24 Feb 2022 09:56:35 +0100 Subject: [PATCH 256/904] pkgs: make spot python module --- pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 2f4608f..97a694b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -3,5 +3,5 @@ sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); - spot = pkgs.callPackage ./spot {}; + spot = pkgs.python3Packages.toPythonModule (pkgs.callPackage ./spot {}); } From 125f2e28c26f6da24379925b267df13ca7e410b1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 26 Feb 2022 20:57:15 +0100 Subject: [PATCH 257/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/d1471c0e9049772e84bfe11707ab8b9c133b49e8' (2022-02-21) → 'github:nix-community/emacs-overlay/1a6ceb2d7500c3ff93a0385148d0f1f6a53222c0' (2022-02-26) • Updated input 'flake-utils': 'github:numtide/flake-utils/f7e004a55b120c02ecb6219596820fcd32ca8772' (2021-06-16) → 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) • Updated input 'home-manager': 'github:nix-community/home-manager/0232fe1b75e6d7864fd82b5c72f6646f87838fc3' (2022-02-19) → 'github:nix-community/home-manager/c7a13f76a78bb5c225ca5e08e9a109347d130792' (2022-02-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d5f237872975e6fb6f76eef1368b5634ffcd266f' (2022-02-20) → 'github:NixOS/nixpkgs/7f9b6e2babf232412682c09e57ed666d8f84ac2d' (2022-02-21) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/8e54a33514436d1e1c3481d7b45d02df7880a841' (2022-02-21) → 'github:NixOS/nixpkgs/17cbd972947f1fa3480118ff0774430d76af0e95' (2022-02-26) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index c6d469f..c571c16 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1645440963, - "narHash": "sha256-DKSt+xkLe75THcYKkGuJU2+bv8wbZJtg5pldlOX9r0A=", + "lastModified": 1645895176, + "narHash": "sha256-2osT9Jr7VCr0MJGHpOFzvehXfGCCtK3B6Ub5Hx7kKl8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d1471c0e9049772e84bfe11707ab8b9c133b49e8", + "rev": "1a6ceb2d7500c3ff93a0385148d0f1f6a53222c0", "type": "github" }, "original": { @@ -36,11 +36,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1645244400, - "narHash": "sha256-o7KCd6ySFZ9/LbS62aTeuFmBWtP7Tt3Q3RcNjYgTgZU=", + "lastModified": 1645867939, + "narHash": "sha256-p3vHHMM5W6ojmStJqKpLvdnzxxKGG015U7OK6PJE8lo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0232fe1b75e6d7864fd82b5c72f6646f87838fc3", + "rev": "c7a13f76a78bb5c225ca5e08e9a109347d130792", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1645417563, - "narHash": "sha256-rBZK5XzKPhQtodK2WQJ4sDAXwBpu81m+QUlLj/h+J+8=", + "lastModified": 1645875852, + "narHash": "sha256-r2QeA4wq+4tT0dq71PQI9drZzklBUrtQ8AZyEXTI3JA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e54a33514436d1e1c3481d7b45d02df7880a841", + "rev": "17cbd972947f1fa3480118ff0774430d76af0e95", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1645334861, - "narHash": "sha256-We9ECiMglthzbZ5S6Myqqf+RHzBFZPoM2qL5/jDkUjs=", + "lastModified": 1645433236, + "narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d5f237872975e6fb6f76eef1368b5634ffcd266f", + "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", "type": "github" }, "original": { From a00dc4fe03727b9c86de9b35deb1c15f829f3f1b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 1 Mar 2022 14:06:11 +0100 Subject: [PATCH 258/904] base: add rbw to gui programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 5be13c1..93bde62 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -41,6 +41,7 @@ in mpv obs-studio pavucontrol + rbw slack spotify tdesktop From 25b0c723928dac3c9eb8e66053977e0568d2175a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 4 Mar 2022 18:33:42 +0100 Subject: [PATCH 259/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/1a6ceb2d7500c3ff93a0385148d0f1f6a53222c0' (2022-02-26) → 'github:nix-community/emacs-overlay/2fc6f185dbbc0dbf35289648aab0a8dfd1bba320' (2022-03-04) • Updated input 'home-manager': 'github:nix-community/home-manager/c7a13f76a78bb5c225ca5e08e9a109347d130792' (2022-02-26) → 'github:nix-community/home-manager/d119cea3763977801ad66330668c1ab4346cb7f7' (2022-03-04) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7f9b6e2babf232412682c09e57ed666d8f84ac2d' (2022-02-21) → 'github:NixOS/nixpkgs/3e072546ea98db00c2364b81491b893673267827' (2022-03-02) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/17cbd972947f1fa3480118ff0774430d76af0e95' (2022-02-26) → 'github:NixOS/nixpkgs/fd8f5a0587fc7f989a25e15314281c500c99055d' (2022-03-03) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index c571c16..9616ee8 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1645895176, - "narHash": "sha256-2osT9Jr7VCr0MJGHpOFzvehXfGCCtK3B6Ub5Hx7kKl8=", + "lastModified": 1646414475, + "narHash": "sha256-Linz0Q0FaNYkHniXnlUdCYUI9qeHvcS/dbn13Q3w4Bg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "1a6ceb2d7500c3ff93a0385148d0f1f6a53222c0", + "rev": "2fc6f185dbbc0dbf35289648aab0a8dfd1bba320", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1645867939, - "narHash": "sha256-p3vHHMM5W6ojmStJqKpLvdnzxxKGG015U7OK6PJE8lo=", + "lastModified": 1646364779, + "narHash": "sha256-481vkO9b3h++bHzLbGDDhgpBoXQ0Wlo4lm4h5/EJMO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "c7a13f76a78bb5c225ca5e08e9a109347d130792", + "rev": "d119cea3763977801ad66330668c1ab4346cb7f7", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1645875852, - "narHash": "sha256-r2QeA4wq+4tT0dq71PQI9drZzklBUrtQ8AZyEXTI3JA=", + "lastModified": 1646299763, + "narHash": "sha256-bk/l6Wg5zR9OvvpO8EJ4dlFWdqyOcAjvqVHA1/9KtVk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17cbd972947f1fa3480118ff0774430d76af0e95", + "rev": "fd8f5a0587fc7f989a25e15314281c500c99055d", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1645433236, - "narHash": "sha256-4va4MvJ076XyPp5h8sm5eMQvCrJ6yZAbBmyw95dGyw4=", + "lastModified": 1646254136, + "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d", + "rev": "3e072546ea98db00c2364b81491b893673267827", "type": "github" }, "original": { From 4210e37496468c0630d4ac6773f1cbed0d0dbb42 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 4 Mar 2022 18:39:37 +0100 Subject: [PATCH 260/904] services: pipewire: disable wireplumber for now It got enabled by default, but it conflicts with media-session (which is now deprecated). Need to test wireplumber properly before switching to it though, I need my bluetooth codecs. --- services/pipewire.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/pipewire.nix b/services/pipewire.nix index 7f9a162..f2e2f25 100644 --- a/services/pipewire.nix +++ b/services/pipewire.nix @@ -32,6 +32,7 @@ in pulse.enable = true; jack.enable = true; + wireplumber.enable = false; media-session = { enable = true; config.bluez-monitor.rules = [ From 7e864564df1f4f253916740c60cde609937c4465 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 6 Mar 2022 16:44:42 +0100 Subject: [PATCH 261/904] gui-programs: don't disable wifi if hotspot on --- base/gui-programs.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 93bde62..ca10adf 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -72,7 +72,9 @@ in { result=$(${nmcli} dev | ${grep} "ethernet" | ${grep} -w "connected") if [ -n "$result" ]; then - ${nmcli} radio wifi off + if ! ${nmcli} dev | ${grep} -q "hotspot"; then + ${nmcli} radio wifi off + fi else ${nmcli} radio wifi on fi From 5b4950e552e20457c8e95cd90def4db95a467eb3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 13:23:13 +0100 Subject: [PATCH 262/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/d119cea3763977801ad66330668c1ab4346cb7f7' (2022-03-04) → 'github:nix-community/home-manager/afe96e7433c513bf82375d41473c57d1f66b4e68' (2022-03-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3e072546ea98db00c2364b81491b893673267827' (2022-03-02) → 'github:NixOS/nixpkgs/062a0c5437b68f950b081bbfc8a699d57a4ee026' (2022-03-05) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/fd8f5a0587fc7f989a25e15314281c500c99055d' (2022-03-03) → 'github:NixOS/nixpkgs/085e8934e46ffb8cb31a8197cf2cd8df2f384a8d' (2022-03-10) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 9616ee8..d5850ca 100644 --- a/flake.lock +++ b/flake.lock @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1646364779, - "narHash": "sha256-481vkO9b3h++bHzLbGDDhgpBoXQ0Wlo4lm4h5/EJMO4=", + "lastModified": 1646559628, + "narHash": "sha256-WDoqxH/IPTV8CkI15wwzvXYgXq9UPr8xd8WKziuaynw=", "owner": "nix-community", "repo": "home-manager", - "rev": "d119cea3763977801ad66330668c1ab4346cb7f7", + "rev": "afe96e7433c513bf82375d41473c57d1f66b4e68", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1646299763, - "narHash": "sha256-bk/l6Wg5zR9OvvpO8EJ4dlFWdqyOcAjvqVHA1/9KtVk=", + "lastModified": 1646903400, + "narHash": "sha256-yId/d2GrwF6CPddtBJg35jb9HuYKhtwH8+oLausAxC0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd8f5a0587fc7f989a25e15314281c500c99055d", + "rev": "085e8934e46ffb8cb31a8197cf2cd8df2f384a8d", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1646254136, - "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=", + "lastModified": 1646497237, + "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e072546ea98db00c2364b81491b893673267827", + "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026", "type": "github" }, "original": { From 7b0d026929796111ab7cb6d470dc9756dd4849a9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 13:56:12 +0100 Subject: [PATCH 263/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/08b9c96878b2f9974fc8bde048273265ad632357' (2022-01-07) → 'github:ryantm/agenix/764c975e74bce2f89a5106b68ec48e2b586f893c' (2022-03-09) • Updated input 'agenix/nixpkgs': 'path:/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source?lastModified=1618628710&narHash=sha256-9xIoU+BrCpjs5nfWcd%2fGlU7XCVdnNKJPffoNTxgGfhs=&rev=7919518f0235106d050c77837df5e338fb94de5d' (2021-04-17) → 'github:nixos/nixpkgs/e34c5379866833f41e2a36f309912fa675d687c7' (2021-12-04) --- flake.lock | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index d5850ca..a05eed0 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1641576265, - "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=", + "lastModified": 1646845404, + "narHash": "sha256-JENXFCI2HVqi0whBzt7MAW9PX3ziEaYqBhMux+4g+VM=", "owner": "ryantm", "repo": "agenix", - "rev": "08b9c96878b2f9974fc8bde048273265ad632357", + "rev": "764c975e74bce2f89a5106b68ec48e2b586f893c", "type": "github" }, "original": { @@ -89,15 +89,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1618628710, - "narHash": "sha256-9xIoU+BrCpjs5nfWcd/GlU7XCVdnNKJPffoNTxgGfhs=", - "path": "/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source", - "rev": "7919518f0235106d050c77837df5e338fb94de5d", - "type": "path" + "lastModified": 1638587357, + "narHash": "sha256-2ySMW3QARG8BsRPmwe7clTbdCuaObromOKewykP+UJc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e34c5379866833f41e2a36f309912fa675d687c7", + "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "nixos", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable-small": { From 3a146064072e3e06528a7c2a8887604ad9fe681a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 13:56:47 +0100 Subject: [PATCH 264/904] flake: use default agenix NixOS module --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 16e9b08..17ddf99 100644 --- a/flake.nix +++ b/flake.nix @@ -86,7 +86,7 @@ agenix.overlay ] ++ builtins.attrValues self.overlays; sharedModules = [ - agenix.nixosModules.age + agenix.nixosModule home-manager.nixosModule { nixpkgs.overlays = shared_overlays; } ] ++ (nixpkgs.lib.attrValues self.nixosModules); From 3edac96be2fe69882920fddaefe25eb27403c6c5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 15:49:12 +0100 Subject: [PATCH 265/904] services: pipewire: switch to wireplumber audio didn't work after flake.lock bump! --- services/pipewire.nix | 39 +-------------------------------------- 1 file changed, 1 insertion(+), 38 deletions(-) diff --git a/services/pipewire.nix b/services/pipewire.nix index f2e2f25..0be1e42 100644 --- a/services/pipewire.nix +++ b/services/pipewire.nix @@ -32,44 +32,7 @@ in pulse.enable = true; jack.enable = true; - wireplumber.enable = false; - media-session = { - enable = true; - config.bluez-monitor.rules = [ - { - # Matches all cards - matches = [{ "device.name" = "~bluez_card.*"; }]; - actions = { - "update-props" = { - "bluez5.reconnect-profiles" = [ - "a2dp_sink" - "hfp_hf" - "hsp_hs" - ]; - # mSBC provides better audio + microphone - "bluez5.msbc-support" = true; - # SBC XQ provides better audio - "bluez5.sbc-xq-support" = true; - }; - }; - } - { - matches = [ - # Matches all sources - { - "node.name" = "~bluez_input.*"; - } - # Matches all outputs - { - "node.name" = "~bluez_output.*"; - } - ]; - actions = { - "node.pause-on-idle" = false; - }; - } - ]; - }; + wireplumber.enable = true; }; # FIXME: a shame pactl isn't available by itself, eventually this should be From aa72401909d526dbad5a055a7561016dcc4afbbf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 16:26:28 +0100 Subject: [PATCH 266/904] services: matrix-synapse: migrate to new config format --- hosts/poseidon/default.nix | 1 - secrets/default.nix | 1 - .../matrix-registration-shared-secret.secret | Bin 87 -> 0 bytes services/matrix.nix | 150 ++++++++---------- 4 files changed, 68 insertions(+), 84 deletions(-) delete mode 100644 secrets/matrix-registration-shared-secret.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 1e8d3eb..bf708d5 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -100,7 +100,6 @@ in matrix = { enable = true; - registration_shared_secret = secrets.matrix-registration-shared-secret; emailConfig = secrets.matrixEmailConfig; }; diff --git a/secrets/default.nix b/secrets/default.nix index 12f8a19..d63ad9f 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -10,7 +10,6 @@ in { }; config.my.secrets = { - matrix-registration-shared-secret = fileContents ./matrix-registration-shared-secret.secret; shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret; shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret; miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; diff --git a/secrets/matrix-registration-shared-secret.secret b/secrets/matrix-registration-shared-secret.secret deleted file mode 100644 index be505fc4f301b666ed7ad40390e98743c4182f74..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 87 zcmZQ@_Y83kiVO&0P-SCS|7QvBRP(c2SWfDTGsq_yEng$Qsr35i#;=Q*Q?^>ps0sfh u7^`tFW|~pc{4=hLBDVaSP$n-MyDmG}sc>Fp%6=c+s)F`4dwZW=eGC8sJ0~ds diff --git a/services/matrix.nix b/services/matrix.nix index d5780b6..30a2e68 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -26,11 +26,11 @@ in { options.my.services.matrix = let inherit (lib) types; in { enable = mkEnableOption "Matrix Synapse"; - registration_shared_secret = mkOption { - type = types.str; + secretConfigFile = mkOption { + type = types.nullOr types.path; default = null; - example = "deadbeef"; - description = "Shared secret to register users"; + example = "/var/run/my_secrets/config.secret"; + description = "Secrets file included in configuration"; }; emailConfig = mkOption { @@ -76,99 +76,85 @@ in { services.matrix-synapse = { enable = true; - server_name = domain; - public_baseurl = "https://matrix.${domain}"; - registration_shared_secret = cfg.registration_shared_secret; - - listeners = [ - # Federation - { - bind_address = "::1"; - port = federationPort.private; - tls = false; # Terminated by nginx. - x_forwarded = true; - resources = [ { names = [ "federation" ]; compress = false; } ]; - } - - # Client - { - bind_address = "::1"; - port = clientPort.private; - tls = false; # Terminated by nginx. - x_forwarded = true; - resources = [ { names = [ "client" ]; compress = false; } ]; - } + extraConfigFiles = lib.optionals (cfg.secretConfigFile != null) [ + cfg.secretConfigFile ]; - account_threepid_delegates.msisdn = "https://vector.im"; + settings = let + logConfig = '' + version: 1 - extraConfig = '' - experimental_features: { spaces_enabled: true } - use_presence: false + # In systemd's journal, loglevel is implicitly stored, so let's omit it + # from the message text. + formatters: + journal_fmt: + format: '%(name)s: [%(request)s] %(message)s' - email: - # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. - # - smtp_host: "${cfg.emailConfig.smtpHost}" + filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" - # The port on the mail server for outgoing SMTP. Defaults to 25. - # - smtp_port: ${toString cfg.emailConfig.smtpPort} + handlers: + journal: + class: systemd.journal.JournalHandler + formatter: journal_fmt + filters: [context] + SYSLOG_IDENTIFIER: synapse - # Username/password for authentication to the SMTP server. By default, no - # authentication is attempted. - # - smtp_user: "${cfg.emailConfig.smtpUser}" - smtp_pass: "${cfg.emailConfig.smtpPass}" + root: + level: WARN + handlers: [journal] - # Uncomment the following to require TLS transport security for SMTP. - # By default, Synapse will connect over plain text, and will then switch to - # TLS via STARTTLS *if the SMTP server supports it*. If this option is set, - # Synapse will refuse to connect unless the server supports STARTTLS. - # - require_transport_security: true + disable_existing_loggers: False + ''; + in { + server_name = domain; + public_baseurl = "https://matrix.${domain}"; - # notif_from defines the "From" address to use when sending emails. - # It must be set if email sending is enabled. - # - # The placeholder '%(app)s' will be replaced by the application name, - # which is normally 'app_name' (below), but may be overridden by the - # Matrix client application. - # - # Note that the placeholder must be written '%(app)s', including the - # trailing 's'. - # - notif_from: "${cfg.emailConfig.notifFrom}" - ''; + account_threepid_delegates = { + msisdn = "https://vector.im"; + }; - logConfig = '' - version: 1 + listeners = [ + # Federation + { + bind_addresses = [ "::1" ]; + port = federationPort.private; + tls = false; # Terminated by nginx. + x_forwarded = true; + resources = [ { names = [ "federation" ]; compress = false; } ]; + } - # In systemd's journal, loglevel is implicitly stored, so let's omit it - # from the message text. - formatters: - journal_fmt: - format: '%(name)s: [%(request)s] %(message)s' + # Client + { + bind_addresses = [ "::1" ]; + port = clientPort.private; + tls = false; # Terminated by nginx. + x_forwarded = true; + resources = [ { names = [ "client" ]; compress = false; } ]; + } + ]; - filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" + experimental_features = { + spaces_enabled = true; + }; - handlers: - journal: - class: systemd.journal.JournalHandler - formatter: journal_fmt - filters: [context] - SYSLOG_IDENTIFIER: synapse + use_presence = false; - root: - level: WARN - handlers: [journal] + email = { + smtp_host = cfg.emailConfig.smtpHost; + smtp_port = cfg.emailConfig.smtpPort; + smtp_user = cfg.emailConfig.smtpUser; + smtp_pass = cfg.emailConfig.smtpPass; - disable_existing_loggers: False - ''; + require_transport_security = true; + notif_from = cfg.emailConfig.notifFrom; + }; + + log_config = pkgs.writeText "log_config.yaml" logConfig; + }; }; services.nginx = { From f4e2d1739da1fd0d51ed58bb9b372e93f580ffed Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 17:06:23 +0100 Subject: [PATCH 267/904] secrets: remove unused secrets --- secrets/default.nix | 2 -- secrets/shadow-hashed-password-alarsyo.secret | Bin 128 -> 0 bytes secrets/shadow-hashed-password-root.secret | Bin 128 -> 0 bytes 3 files changed, 2 deletions(-) delete mode 100644 secrets/shadow-hashed-password-alarsyo.secret delete mode 100644 secrets/shadow-hashed-password-root.secret diff --git a/secrets/default.nix b/secrets/default.nix index d63ad9f..08084b0 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -10,8 +10,6 @@ in { }; config.my.secrets = { - shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret; - shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret; miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; transmission-password = fileContents ./transmission.secret; nextcloud-admin-pass = ./nextcloud-admin-pass.secret; diff --git a/secrets/shadow-hashed-password-alarsyo.secret b/secrets/shadow-hashed-password-alarsyo.secret deleted file mode 100644 index d4afac81e8b4bf5802fc629df47af25dda38d346..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128 zcmZQ@_Y83kiVO&0Fp#^j^rvjCMre9r8N2)BSG_g6ILqXJF4rw_pS^HN#j(C`MF;n@ zHtuK1F^^0PT)l4p`@1|5$EBP31%C#9K6K4u_T%=#ha#ps_H91XwP4$fpOM-8-x^!* l9S&?d*1q Date: Fri, 11 Mar 2022 17:10:44 +0100 Subject: [PATCH 268/904] secrets: move gandi api key to agenix --- hosts/poseidon/secrets.nix | 2 ++ modules/secrets/gandi/api-key.age | 8 ++++++++ modules/secrets/secrets.nix | 2 ++ secrets/default.nix | 1 - secrets/gandi-api-key.secret | Bin 63 -> 0 bytes services/nginx.nix | 2 +- 6 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 modules/secrets/gandi/api-key.age delete mode 100644 secrets/gandi-api-key.secret diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 2b64a0d..f0722b6 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -9,6 +9,8 @@ } // attrs; in lib.mapAttrs toSecret { + "gandi/api-key" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/gandi/api-key.age b/modules/secrets/gandi/api-key.age new file mode 100644 index 0000000..cf9f9c9 --- /dev/null +++ b/modules/secrets/gandi/api-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 z6Eu8Q Z6nxu/Aj6YiouSwaHKO9o/VjDwkFeg1aUpxWDH0zYUc +nN/e7E4mRe0u6r845FlT9QPYTAAoG7YQZY+igYNNd7Y +-> LZ-grease 7/44AQ]n H&}_^ hIg#2Ic :cyUJma +cyKzugByeYVVqVRXfi/a7RkreaM9vVNw8z1Jn+MaLZs1paE44QEe2Y2bsXA9tmai +GSfOFlOBv82/Jhlc7xUK5w6RxgIBdmxtpEfRaUw +--- jnsdwFTZU4wzsxo0piNFBchQtCuFQohGALt42YukeVA +7wOp8҈eu!CbBRzIאN?C W[kGslZG9nL \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 5e3fec2..cecc74e 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -11,6 +11,8 @@ let all = users ++ machines; in { + "gandi/api-key.age".publicKeys = [ poseidon ]; + "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; diff --git a/secrets/default.nix b/secrets/default.nix index 08084b0..c17761a 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -15,7 +15,6 @@ in { nextcloud-admin-pass = ./nextcloud-admin-pass.secret; nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; lohr-shared-secret = fileContents ./lohr-shared-secret.secret; - gandiKey = fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; paperless = import ./paperless { inherit lib; }; diff --git a/secrets/gandi-api-key.secret b/secrets/gandi-api-key.secret deleted file mode 100644 index 06a9edabb961c3ea440cefc74e7bb645885d12ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 63 zcmZQ@_Y83kiVO&0`0%bY`PbLK$r@K`edV`rK9>JLODXsJja42q!m9S2%}&_r(>u%e VHP0_IHs9TfOP?L!emQT$MF7vPAVB~C diff --git a/services/nginx.nix b/services/nginx.nix index 0fe607b..42dc015 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -54,7 +54,7 @@ in "${domain}" = { extraDomainNames = [ "*.${domain}" ]; dnsProvider = "gandiv5"; - credentialsFile = pkgs.writeText "gandi-creds.env" gandiKey; + credentialsFile = config.age.secrets."gandi/api-key".path; group = "nginx"; }; }; From 3b99096af90bc33b74e938f413e7b2da3b6e1c87 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 17:20:52 +0100 Subject: [PATCH 269/904] services: borg-backup: no longer needed --- secrets/borg-backup/default.nix | 9 --- secrets/borg-backup/poseidon-repo.secret | Bin 63 -> 0 bytes secrets/default.nix | 1 - services/borg-backup.nix | 79 ----------------------- services/default.nix | 1 - 5 files changed, 90 deletions(-) delete mode 100644 secrets/borg-backup/default.nix delete mode 100644 secrets/borg-backup/poseidon-repo.secret delete mode 100644 services/borg-backup.nix diff --git a/secrets/borg-backup/default.nix b/secrets/borg-backup/default.nix deleted file mode 100644 index e9a3e7a..0000000 --- a/secrets/borg-backup/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib }: -let - inherit (lib) - fileContents - ; -in -{ - poseidon-repo = fileContents ./poseidon-repo.secret; -} diff --git a/secrets/borg-backup/poseidon-repo.secret b/secrets/borg-backup/poseidon-repo.secret deleted file mode 100644 index 1fce44a6f429c99986261c64e44724573872b11f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 63 zcmZQ@_Y83kiVO&0xL4R8rdeD&X=6!A;pFHO>zI4mpItUREzUI2!$scJ>rfKcOoN)2 UjB5%Cf`gB&-+y)5!O9i-05YK)v;Y7A diff --git a/secrets/default.nix b/secrets/default.nix index c17761a..278d2a1 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -16,7 +16,6 @@ in { nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; lohr-shared-secret = fileContents ./lohr-shared-secret.secret; - borg-backup = import ./borg-backup { inherit lib; }; paperless = import ./paperless { inherit lib; }; restic-backup = import ./restic-backup { inherit lib; }; diff --git a/services/borg-backup.nix b/services/borg-backup.nix deleted file mode 100644 index 92b91b0..0000000 --- a/services/borg-backup.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) - mkEnableOption - mkIf - mkOption - ; - cfg = config.my.services.borg-backup; -in { - options.my.services.borg-backup = let inherit (lib) types; in { - enable = mkEnableOption "Enable Borg backups for this host"; - - repo = mkOption { - type = types.str; - default = null; - example = "deadbeef@deadbeef.repo.borgbase.com:repo"; - description = "Borgbase repo info. Required."; - }; - - prune = mkOption { - type = types.attrs; - default = { - keep = { - daily = 7; - weekly = 4; - monthly = 6; - }; - }; - description = "pruning options for borg"; - }; - - paths = mkOption { - type = types.listOf types.str; - default = []; - example = [ - "/var/lib" - "/home" - ]; - description = "Paths to backup"; - }; - - exclude = mkOption { - type = types.listOf types.str; - default = []; - example = [ - # very large paths - "/var/lib/docker" - "/var/lib/systemd" - "/var/lib/libvirt" - - # temporary files created by cargo and `go build` - "**/target" - "/home/*/go/bin" - "/home/*/go/pkg" - ]; - description = "Paths to exclude from backup"; - }; - }; - - config = mkIf cfg.enable { - services.borgbackup.jobs."borgbase" = { - paths = cfg.paths; - exclude = cfg.exclude; - repo = cfg.repo; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat /root/borgbackup/passphrase"; - }; - environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key"; - extraCreateArgs = "--stats --list"; - extraPruneArgs = "--stats --list --save-space"; - doInit = true; - compression = "auto,zstd"; - startAt = "daily"; - prune = cfg.prune; - }; - }; -} diff --git a/services/default.nix b/services/default.nix index 9412e57..82e3bf4 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,7 +3,6 @@ { imports = [ ./vaultwarden.nix - ./borg-backup.nix ./fail2ban.nix ./fava.nix ./gitea From dad068ed6b2d6ec20e281dab3bfa92ad33e38008 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 17:26:54 +0100 Subject: [PATCH 270/904] secrets: move lohr to agenix --- hosts/poseidon/secrets.nix | 2 ++ modules/secrets/lohr/shared-secret.age | 8 ++++++++ modules/secrets/secrets.nix | 2 ++ secrets/default.nix | 1 - secrets/lohr-shared-secret.secret | Bin 86 -> 0 bytes services/lohr.nix | 3 +-- 6 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 modules/secrets/lohr/shared-secret.age delete mode 100644 secrets/lohr-shared-secret.secret diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index f0722b6..59e6393 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -11,6 +11,8 @@ lib.mapAttrs toSecret { "gandi/api-key" = {}; + "lohr/shared-secret" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/lohr/shared-secret.age b/modules/secrets/lohr/shared-secret.age new file mode 100644 index 0000000..e3fa903 --- /dev/null +++ b/modules/secrets/lohr/shared-secret.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 z6Eu8Q TbYGLV7JbzW40Eo9aNDfirmKXntiJnT60mbbzRLQJX4 +KHbJtr2hsfe7lsZ2VRTo7mWAgi33f8OJiuBDNfnCijE +-> U}J&0*-grease 0~7egWZ( bN0gqO I[r[CN15 +xL86runL +--- WrvrFFp0ZtCc0dXhfzaHOiFckW5u6qpm7SLEwgi8cyg +qQI [E>0 KE +UA'[Kpay8fɊZ`q7q"zC I{I!\%Eq¦yҔ3 \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index cecc74e..81720b3 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -13,6 +13,8 @@ in { "gandi/api-key.age".publicKeys = [ poseidon ]; + "lohr/shared-secret.age".publicKeys = [ poseidon ]; + "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; diff --git a/secrets/default.nix b/secrets/default.nix index 278d2a1..d97b4aa 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -14,7 +14,6 @@ in { transmission-password = fileContents ./transmission.secret; nextcloud-admin-pass = ./nextcloud-admin-pass.secret; nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; - lohr-shared-secret = fileContents ./lohr-shared-secret.secret; paperless = import ./paperless { inherit lib; }; restic-backup = import ./restic-backup { inherit lib; }; diff --git a/secrets/lohr-shared-secret.secret b/secrets/lohr-shared-secret.secret deleted file mode 100644 index a05809ee622fb56974b03f6a036a76c48bab6b27..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 86 zcmZQ@_Y83kiVO&0m>Rj^;5+lu?uiCz1`R%mPpk@_7cGr_)_Qa4|MUov)eqDf-DlXT s8Q2LGY?r#aN+2~v?a`(9Nt@X?ubTJSmToe5o2(zOBU*oDg;#$m08-f{+yDRo diff --git a/services/lohr.nix b/services/lohr.nix index d7442e8..db33155 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -44,9 +44,8 @@ in "ROCKET_PORT=${toString cfg.port}" "ROCKET_LOG_LEVEL=normal" "LOHR_HOME=${cfg.home}" - # NOTE: secret cannot contain a '%', it's interpreted by systemd - "'LOHR_SECRET=${secrets.lohr-shared-secret}'" ]; + EnvironmentFile = config.age.secrets."lohr/shared-secret".path; ExecStart = "${lohrPkg}/bin/lohr"; StateDirectory = "lohr"; WorkingDirectory = "/var/lib/lohr"; From 540968627c6d2cd4bc97ddb2eb8d7328e66bffcc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 17:42:16 +0100 Subject: [PATCH 271/904] secrets: move matrix to agenix --- hosts/poseidon/default.nix | 2 +- hosts/poseidon/secrets.nix | 4 ++ .../secrets/matrix-synapse/secret-config.age | Bin 0 -> 545 bytes modules/secrets/secrets.nix | 2 + secrets/default.nix | 2 - secrets/matrix-email-config.nix | Bin 262 -> 0 bytes services/matrix.nix | 37 ------------------ 7 files changed, 7 insertions(+), 40 deletions(-) create mode 100644 modules/secrets/matrix-synapse/secret-config.age delete mode 100644 secrets/matrix-email-config.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index bf708d5..f86e0ad 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -100,7 +100,7 @@ in matrix = { enable = true; - emailConfig = secrets.matrixEmailConfig; + secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; }; monitoring = { diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 59e6393..2c9f9c7 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -13,6 +13,10 @@ "lohr/shared-secret" = {}; + "matrix-synapse/secret-config" = { + owner = "matrix-synapse"; + }; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/matrix-synapse/secret-config.age b/modules/secrets/matrix-synapse/secret-config.age new file mode 100644 index 0000000000000000000000000000000000000000..6268e887723a2bdcb549ce685297d89d27e9d00a GIT binary patch literal 545 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyGIK4p2vo?9v74%ALH4K2^J2rMy3u5dK=@iKQ$^0#nI^>VB<&gUx34tGvA);CBp^Vjw+ zEH<}DDJ(B5aSzG#a;owub}Fih3=YbTEDfv*Gy&OG=j0P(;t{K)n_iTfSe&Y$>cR2ZD4?Nj8GXqo4f6&~ynQkfLx=o9ARQDs?WnUQH+Kmq=m1me;=^q|Zm>8LxQljsh8_MMtS`oWx z6YoiDj)xOY+@8(g655}+{K6MsFX66}0w=x1w4Kf$zqYN?>ABmRb&I!qtu>BT)b$T@ z&i|iblp=1sVg46k-SmbF+wRrOxF1j!$BJ^ib+d;*af%%jTq7Jo%?BeKP8o*xu*dt`QzGh@aLMfP-uO$_KK6{j?7EkH{af01`OMZ| ztNX+Gj-=$o{KYeG?pncaz;!mUFLss<_x>3lUxkHV-6mXKq4O~JK+TS+cX&*FGqVH)?f6p8D59)%pbQkB6MYrN9+e(AQlj8vu``DvZUmhR%- zS+S4B%vU!rLuAL9vz08&6-uYCz7#i0I#eewbx&UN$Gm?a|WzN8KfMN9X0K{YX{+r4_RKNy4d^y~~d7+gZ?e%rA1I zaOUZMpLbO4u+Gd7+8&maed~FulH!`}&qe>8Ej(Ry=HT;hi}w8YoA~1O&l--pRhbK4 YePElv{GL9?z5HjMuO*l^2MN9e0Czu#K>z>% diff --git a/services/matrix.nix b/services/matrix.nix index 30a2e68..231723a 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -32,37 +32,6 @@ in { example = "/var/run/my_secrets/config.secret"; description = "Secrets file included in configuration"; }; - - emailConfig = mkOption { - type = types.submodule { - options = { - smtpHost = mkOption { - type = types.str; - default = "localhost"; - }; - smtpPort = mkOption { - type = types.port; - default = 587; - description = '' - The port to use to connect to the SMTP host. - - Defaulting to STARTTLS port 587 because TLS port 465 isn't supported by synapse - See https://github.com/matrix-org/synapse/issues/8046 - ''; - }; - smtpUser = mkOption { - type = types.str; - }; - smtpPass = mkOption { - type = types.str; - }; - notifFrom = mkOption { - type = types.str; - example = "Your Friendly %(app)s homeserver "; - }; - }; - }; - }; }; config = mkIf cfg.enable { @@ -144,13 +113,7 @@ in { use_presence = false; email = { - smtp_host = cfg.emailConfig.smtpHost; - smtp_port = cfg.emailConfig.smtpPort; - smtp_user = cfg.emailConfig.smtpUser; - smtp_pass = cfg.emailConfig.smtpPass; - require_transport_security = true; - notif_from = cfg.emailConfig.notifFrom; }; log_config = pkgs.writeText "log_config.yaml" logConfig; From 165b30ef9c9e1b7f155c76466cf02c41080ecf71 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 18:14:50 +0100 Subject: [PATCH 272/904] secrets: move transmission secret to agenix --- hosts/poseidon/default.nix | 2 +- hosts/poseidon/secrets.nix | 4 ++++ modules/secrets/secrets.nix | 2 ++ modules/secrets/transmission/secret.age | Bin 0 -> 329 bytes secrets/default.nix | 1 - secrets/transmission.secret | Bin 87 -> 0 bytes services/matrix.nix | 3 ++- services/transmission.nix | 15 +++++++++------ 8 files changed, 18 insertions(+), 9 deletions(-) create mode 100644 modules/secrets/transmission/secret.age delete mode 100644 secrets/transmission.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index f86e0ad..8f02fce 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -142,7 +142,7 @@ in transmission = { enable = true; username = "alarsyo"; - password = secrets.transmission-password; + secretConfigFile = config.age.secrets."transmission/secret".path; }; }; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 2c9f9c7..962e4ff 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,6 +17,10 @@ owner = "matrix-synapse"; }; + "transmission/secret" = { + owner = "transmission"; + }; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index dcf6892..9e2b6a5 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -22,6 +22,8 @@ in "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; + "transmission/secret.age".publicKeys = [ poseidon ]; + "users/root-hashed-password.age".publicKeys = machines; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ]; } diff --git a/modules/secrets/transmission/secret.age b/modules/secrets/transmission/secret.age new file mode 100644 index 0000000000000000000000000000000000000000..038526dbf99378a07da0677c4527ac88c101d54f GIT binary patch literal 329 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyGIK4p2vkT8@b^zI zNc6VM2+jA@Pl^aJ%P%SMP0Yy3^)&YlG^6d9H3<>sHv z)f5`C{O8M+teN6x9!=iUc0*iq`h<+G)6uSNjCQJ8!Iw^Yl<>p{{3yT6xtw3C@ox9@ zTTT~NwDL0?FJjbw`Dn?m(`we2x4V8=xbV<&V-@YkmyAu-vzsCuudV#?^TU$+Ynww9 cA6QtcWl$OC^-MVIKyzm{QgfpE+tcb{Qp!UYPILG{mN`}RRA2wCyW39 diff --git a/services/matrix.nix b/services/matrix.nix index 231723a..eda880a 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -14,6 +14,7 @@ let mkEnableOption mkIf mkOption + optionals ; cfg = config.my.services.matrix; @@ -46,7 +47,7 @@ in { services.matrix-synapse = { enable = true; - extraConfigFiles = lib.optionals (cfg.secretConfigFile != null) [ + extraConfigFiles = optionals (cfg.secretConfigFile != null) [ cfg.secretConfigFile ]; diff --git a/services/transmission.nix b/services/transmission.nix index 5c6826b..bdc99b5 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -4,6 +4,7 @@ let mkEnableOption mkIf mkOption + optionalAttrs ; cfg = config.my.services.transmission; @@ -27,10 +28,11 @@ in description = "Name of the transmission RPC user"; }; - password = mkOption { - type = types.str; - example = "password"; - description = "Password of the transmission RPC user"; + secretConfigFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/var/run/secrets/transmission-secrets"; + description = "Path to secrets file to append to configuration"; }; }; @@ -50,7 +52,6 @@ in rpc-authentication-required = true; rpc-username = cfg.username; - rpc-password = cfg.password; rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; @@ -58,7 +59,9 @@ in # automatically allow transmission.settings.peer-port openFirewall = true; - }; + } // (optionalAttrs (cfg.secretConfigFile != null) { + credentialsFile = cfg.secretConfigFile; + }); services.nginx.virtualHosts."${webuiDomain}" = { forceSSL = true; From 2908bbb887f51b7969f90918fafa4b7dc14bf4a8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 18:25:40 +0100 Subject: [PATCH 273/904] secrets: move poseidon-restic to agenix --- hosts/poseidon/default.nix | 4 +++- hosts/poseidon/secrets.nix | 3 +++ .../restic-backup/poseidon-credentials.age | 10 ++++++++++ .../secrets/restic-backup/poseidon-password.age | Bin 0 -> 463 bytes modules/secrets/secrets.nix | 2 ++ secrets/default.nix | 1 - secrets/restic-backup/default.nix | 9 --------- secrets/restic-backup/poseidon-repo.secret | Bin 41 -> 0 bytes 8 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 modules/secrets/restic-backup/poseidon-credentials.age create mode 100644 modules/secrets/restic-backup/poseidon-password.age delete mode 100644 secrets/restic-backup/default.nix delete mode 100644 secrets/restic-backup/poseidon-repo.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 8f02fce..282e26d 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -65,7 +65,9 @@ in restic-backup = { enable = true; - repo = secrets.restic-backup.poseidon-repo; + repo = "b2:poseidon-backup"; + passwordFile = config.age.secrets."restic-backup/poseidon-password".path; + environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path; }; fail2ban = { diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 962e4ff..f058804 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,6 +17,9 @@ owner = "matrix-synapse"; }; + "restic-backup/poseidon-credentials" = {}; + "restic-backup/poseidon-password" = {}; + "transmission/secret" = { owner = "transmission"; }; diff --git a/modules/secrets/restic-backup/poseidon-credentials.age b/modules/secrets/restic-backup/poseidon-credentials.age new file mode 100644 index 0000000..0b3b3a1 --- /dev/null +++ b/modules/secrets/restic-backup/poseidon-credentials.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw oSO/cLGLMkjqRIjYewTqtOccb7CLSmODK+B6Kb/L/gk +cGU5gafJCeX/o3qqcNNPGIAXbAwm8sZi59QIDqcmWUA +-> ssh-ed25519 z6Eu8Q FMOXZNxOrbT95XR5R6tul1A+aiCP/QHRsCZraA/SZmw +UXjp7Z93U56hZ9f/OijkzZ1UCRf+VVwD0b1dY04lCVs +-> )-grease +qkTAz5YAzx5TLvSvmiAL1EDt3pYUgwdMMcRKDBdTBrvxeQE +--- EBQNvbSPDyq5SFKU517JyM024/zZx0DqoxMiP9jzlSs +rP+yjf>9Ȏ̷wt6sg/tS͗\fZꪝN?v +1I휹+uݾU-Cfn1`c-RCP'zB)F`VBKX \ No newline at end of file diff --git a/modules/secrets/restic-backup/poseidon-password.age b/modules/secrets/restic-backup/poseidon-password.age new file mode 100644 index 0000000000000000000000000000000000000000..b8ca418f643c3fbbc9b6f0eb19f41173035a12d9 GIT binary patch literal 463 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dp$~UHca#n zO)APxH4aa!)J{o_%&x4eGD#0kugtE%o#Uoi1>$&Nv>Z*xnr<#;65xD(p!Tb35&DIwJa%=$Lu%|Hq literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9e2b6a5..4516497 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -19,6 +19,8 @@ in "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; + "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ]; + "restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; diff --git a/secrets/default.nix b/secrets/default.nix index f47f8fc..726354d 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -15,6 +15,5 @@ in { nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; paperless = import ./paperless { inherit lib; }; - restic-backup = import ./restic-backup { inherit lib; }; }; } diff --git a/secrets/restic-backup/default.nix b/secrets/restic-backup/default.nix deleted file mode 100644 index e9a3e7a..0000000 --- a/secrets/restic-backup/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ lib }: -let - inherit (lib) - fileContents - ; -in -{ - poseidon-repo = fileContents ./poseidon-repo.secret; -} diff --git a/secrets/restic-backup/poseidon-repo.secret b/secrets/restic-backup/poseidon-repo.secret deleted file mode 100644 index db082cf2c1ff6419a2e6c357dc10e42f7f8b7d38..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 41 xcmZQ@_Y83kiVO&0XiwF?^k1TW<5}l(-m<>pw|%|azb^YAsr!DnJ Date: Fri, 11 Mar 2022 18:42:51 +0100 Subject: [PATCH 274/904] secrets: move nextcloud secrets to agenix --- hosts/poseidon/default.nix | 1 + hosts/poseidon/secrets.nix | 4 ++++ modules/secrets/nextcloud/admin-pass.age | Bin 0 -> 396 bytes modules/secrets/secrets.nix | 2 ++ secrets/default.nix | 2 -- secrets/nextcloud-admin-pass.secret | Bin 87 -> 0 bytes secrets/nextcloud-admin-user.secret | Bin 28 -> 0 bytes services/nextcloud.nix | 15 ++++++++++++--- 8 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 modules/secrets/nextcloud/admin-pass.age delete mode 100644 secrets/nextcloud-admin-pass.secret delete mode 100644 secrets/nextcloud-admin-user.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 282e26d..4ad98ac 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -117,6 +117,7 @@ in nextcloud = { enable = true; + adminpassFile = config.age.secrets."nextcloud/admin-pass".path; }; nuage = { diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index f058804..24785d6 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,6 +17,10 @@ owner = "matrix-synapse"; }; + "nextcloud/admin-pass" = { + owner = "nextcloud"; + }; + "restic-backup/poseidon-credentials" = {}; "restic-backup/poseidon-password" = {}; diff --git a/modules/secrets/nextcloud/admin-pass.age b/modules/secrets/nextcloud/admin-pass.age new file mode 100644 index 0000000000000000000000000000000000000000..e2c436e9048d506378309e018bd207be1dd97ec3 GIT binary patch literal 396 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyGIK4p2vl%!D>p6+ zu5$NC&2u)&jY{)1i7@mo%r_6p4+}2{NKG;^_Q`ef@G%Mv$>vJe*7gf7P0RB!&GRV< zEh{f5uy9V!G)|99im0;CH*zsFEYfyz@$)FjEC<;ZrV^{0UX+?xoT{K$!jY7?&7HsKMmg7=tl4z0Uo9vPr=wjv)6j&7Q6{zoSoM#*u?rxE97LZkC z>0^{>=ECLYR*|Tk>Fn%N;a46~5gC$ZnjD^#8ky*AVq9G5XPO_8QW4IjtE;Qv7g*-w zQJP!fY>;SVgw_1T{x*Ak2b+@#j2a*6gV^|VzB6$*Uy@nl`@4aI}}mrr#q_`PQ_ qyI;bx9a*tc-sr8#^k-22ap%jUm$lMMw=Qtfv*K8jB`wo@a6JHEy^R0> literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 4516497..e8215c1 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -17,6 +17,8 @@ in "matrix-synapse/secret-config.age".publicKeys = [ poseidon ]; + "nextcloud/admin-pass.age".publicKeys = [ poseidon ]; + "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ]; diff --git a/secrets/default.nix b/secrets/default.nix index 726354d..d514361 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -11,8 +11,6 @@ in { config.my.secrets = { miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; - nextcloud-admin-pass = ./nextcloud-admin-pass.secret; - nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; paperless = import ./paperless { inherit lib; }; }; diff --git a/secrets/nextcloud-admin-pass.secret b/secrets/nextcloud-admin-pass.secret deleted file mode 100644 index 49f51ea3444c20ee5acd455fc986386c9c10a598..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 87 zcmZQ@_Y83kiVO&0c)sKQuPwYe3{gLWW9A69_I{h@b4*_IIotLlRpJv)7nOylO_kXG u=1_&(@egr_-d|@nH}J0ylUNv+zSUK9`@v^QlV!?`bPvoiUDtT%mN@{@@+jK? diff --git a/secrets/nextcloud-admin-user.secret b/secrets/nextcloud-admin-user.secret deleted file mode 100644 index e653faf45a54d46c7c98d8c641b30d9a42b4507a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28 jcmZQ@_Y83kiVO&0$mq3WFFNr~|7$_K1&iDymi0;ig02aT diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 89a6bf5..909bd95 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -6,6 +6,7 @@ let inherit (lib) mkEnableOption mkIf + mkOption ; cfg = config.my.services.nextcloud; @@ -14,8 +15,16 @@ let dbName = "nextcloud"; in { - options.my.services.nextcloud = { + options.my.services.nextcloud = let inherit (lib) types; in { enable = mkEnableOption "NextCloud"; + + adminpassFile = mkOption { + type = types.path; + description = '' + Path to a file containing the admin's password, must be readable by + 'nextcloud' user. + ''; + }; }; config = mkIf cfg.enable { @@ -62,8 +71,8 @@ in dbname = dbName; dbhost = "/run/postgresql"; - adminuser = my.secrets.nextcloud-admin-user; - adminpassFile = "${my.secrets.nextcloud-admin-pass}"; + adminuser = "admin"; + adminpassFile = cfg.adminpassFile; }; }; From 8d755000552f650175ba24a95a071c6c753465e8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 18:47:53 +0100 Subject: [PATCH 275/904] secrets: move miniflux to agenix --- hosts/poseidon/default.nix | 2 +- hosts/poseidon/secrets.nix | 2 ++ modules/secrets/miniflux/admin-credentials.age | 9 +++++++++ modules/secrets/secrets.nix | 2 ++ secrets/default.nix | 2 -- secrets/miniflux-admin-credentials.secret | Bin 123 -> 0 bytes 6 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 modules/secrets/miniflux/admin-credentials.age delete mode 100644 secrets/miniflux-admin-credentials.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 4ad98ac..f978345 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -96,7 +96,7 @@ in miniflux = { enable = true; - adminCredentialsFile = "${../../secrets/miniflux-admin-credentials.secret}"; + adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path; privatePort = 8080; }; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 24785d6..ae5ba11 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,6 +17,8 @@ owner = "matrix-synapse"; }; + "miniflux/admin-credentials" = {}; + "nextcloud/admin-pass" = { owner = "nextcloud"; }; diff --git a/modules/secrets/miniflux/admin-credentials.age b/modules/secrets/miniflux/admin-credentials.age new file mode 100644 index 0000000..d25f5d9 --- /dev/null +++ b/modules/secrets/miniflux/admin-credentials.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 z6Eu8Q rtGozbVk8om9Y0HKwgMEdphYF8XPaivfvKeseSue0Eg +WhKe6jqNByj/+gRLA/QKHnHTrRKndVUq47/BzK2uU8w +-> \)kCW_wR-grease @l +QSDpyBcE6WRuOU6IpZ1mN+zboFtzw9THQ78ZV2eStjU1rCyuZhXgU2QD2p/PO4ns +JEntxUv/vw +--- ZsG0UUiIW92EsmHOvohl07MzjtzJlBuAm8A7sS5PfUU +>t +_{i7$"pb^^21&|P=_aʾW`T<9X|q[g)`8цy0JP%HM: ^K{-B@neI \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index e8215c1..2256b94 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -17,6 +17,8 @@ in "matrix-synapse/secret-config.age".publicKeys = [ poseidon ]; + "miniflux/admin-credentials.age".publicKeys = [ poseidon ]; + "nextcloud/admin-pass.age".publicKeys = [ poseidon ]; "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; diff --git a/secrets/default.nix b/secrets/default.nix index d514361..caa0d32 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -10,8 +10,6 @@ in { }; config.my.secrets = { - miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; - paperless = import ./paperless { inherit lib; }; }; } diff --git a/secrets/miniflux-admin-credentials.secret b/secrets/miniflux-admin-credentials.secret deleted file mode 100644 index 002cd97836ffc69d251a1717b7fa9f1c952df3d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 123 zcmZQ@_Y83kiVO&0$P`$4>9XhEWS&?~CzEYT(LxacGXmX2^s|mn=REyCCd0$1k~#I- zlr%1Wf$KlkL>+qn)%E4a5TjQm_LJ_(yj?AR$tq<9`=rOWL>5jFj*Km-pSWvl-2@xs f>dLCP_r8LB9#@(ZGxmJaTX52MiH7Iaq)rb2V5K&v From 2c3032c64291b23aaa30c0ade9c26aea3b32fe02 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 18:55:56 +0100 Subject: [PATCH 276/904] secrets: move paperless secrets to agenix --- hosts/poseidon/default.nix | 2 ++ hosts/poseidon/secrets.nix | 3 +++ modules/secrets/paperless/admin-password.age | 8 +++++++ modules/secrets/paperless/secret-key.age | Bin 0 -> 418 bytes modules/secrets/secrets.nix | 3 +++ secrets/default.nix | 1 - secrets/paperless/admin-password.secret | Bin 87 -> 0 bytes secrets/paperless/default.nix | 10 -------- secrets/paperless/secret-key-file.secret | Bin 151 -> 0 bytes services/paperless.nix | 23 +++++++++++++++---- 10 files changed, 34 insertions(+), 16 deletions(-) create mode 100644 modules/secrets/paperless/admin-password.age create mode 100644 modules/secrets/paperless/secret-key.age delete mode 100644 secrets/paperless/admin-password.secret delete mode 100644 secrets/paperless/default.nix delete mode 100644 secrets/paperless/secret-key-file.secret diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index f978345..58bdee3 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -127,6 +127,8 @@ in paperless = { enable = true; port = 8085; + passwordFile = config.age.secrets."paperless/admin-password".path; + secretKeyFile = config.age.secrets."paperless/secret-key".path; }; postgresql-backup = { diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index ae5ba11..ada3ee4 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -23,6 +23,9 @@ owner = "nextcloud"; }; + "paperless/admin-password" = {}; + "paperless/secret-key" = {}; + "restic-backup/poseidon-credentials" = {}; "restic-backup/poseidon-password" = {}; diff --git a/modules/secrets/paperless/admin-password.age b/modules/secrets/paperless/admin-password.age new file mode 100644 index 0000000..9974501 --- /dev/null +++ b/modules/secrets/paperless/admin-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 z6Eu8Q cKvo+xxPeYdCpJZgcN7Yo8x4zxqKL+08LjQip00NR1M +nLEraZgmUlMjNfF4SZ3DRTRENC3/5L02KFMjLWQcDkk +-> BA-grease "TTy +LVWJdA/Rht1hzx5ezY0+4JxHDPtyveBBmrZ/sIN6RFC9Y7Xb875Z+Se/YYcI9unf +RZcSrVU +--- TT+H8/aMObjfwOga2VeDrifPmttTdle97PFZL/H6b0w +<2f!tX+Q L P;wYx-4Ӊ8 LЄ:l(. \ No newline at end of file diff --git a/modules/secrets/paperless/secret-key.age b/modules/secrets/paperless/secret-key.age new file mode 100644 index 0000000000000000000000000000000000000000..0529df8bcf8381dcb0df2fd5430b5373244b0140 GIT binary patch literal 418 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyGIK4p2vms3$d0NE z^>j)NE(uPIObK?k^!9hQEH6lP%}%LsG7U0w_tsAKO83gGG~hDJa!-v&Nscfnu=EWy zv+!{;^Urm4PLIfTjS^Yf8IThZ z%B8ETs}P~>Zjw=$>|N>XZBps%Z|dR|=2GG16XxVoDZ&03^oL^K}?vfK)&c)ZX zlmGj5U$^;YpWOpx&u_jKmObU%rQ3Q>K73xZk&%bfyw-<^wHWKybqV!F1L+!FI6#!^`g<*b1VN{eP?S4X#rPApe(^b literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 2256b94..9aa0e53 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -21,6 +21,9 @@ in "nextcloud/admin-pass.age".publicKeys = [ poseidon ]; + "paperless/admin-password.age".publicKeys = [ poseidon ]; + "paperless/secret-key.age".publicKeys = [ poseidon ]; + "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ]; diff --git a/secrets/default.nix b/secrets/default.nix index caa0d32..5b4ab4a 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -10,6 +10,5 @@ in { }; config.my.secrets = { - paperless = import ./paperless { inherit lib; }; }; } diff --git a/secrets/paperless/admin-password.secret b/secrets/paperless/admin-password.secret deleted file mode 100644 index e8111fc9ea28556e37773cbec45b9a3f61b4118f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 87 zcmZQ@_Y83kiVO&0V3c(#{Fr5BzfNth$^RwBTk0I+X0T=avR(hbKde3AN99sUrYYt1 t6PGn?khoc8BpZ<5XZrfNs^05usiHq0cbGpEP}wIv@3!iv{z$(M^8h$-C#nDd diff --git a/secrets/paperless/default.nix b/secrets/paperless/default.nix deleted file mode 100644 index 69c4008..0000000 --- a/secrets/paperless/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib }: -let - inherit (lib) - fileContents - ; -in -{ - secretKey = fileContents ./secret-key-file.secret; - adminPassword = fileContents ./admin-password.secret; -} diff --git a/secrets/paperless/secret-key-file.secret b/secrets/paperless/secret-key-file.secret deleted file mode 100644 index 1f447d4d4e63202dfa9a7aa672ec3da4e9608db2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 151 zcmZQ@_Y83kiVO&0*!(bI_R%+iscLWLm>rNbJpO%#zlP1;3m>_iFHbt3r@!@_LaTO% z~lugnj$%@a|39- Date: Fri, 11 Mar 2022 18:59:48 +0100 Subject: [PATCH 277/904] secrets: remove old module --- boreal.nix | 3 --- poseidon.nix | 3 --- secrets/default.nix | 14 -------------- 3 files changed, 20 deletions(-) delete mode 100644 secrets/default.nix diff --git a/boreal.nix b/boreal.nix index 63b89d5..448fcfb 100644 --- a/boreal.nix +++ b/boreal.nix @@ -10,9 +10,6 @@ # Service definitions ./services - # Configuration secrets - ./secrets - # Host-specific config ./hosts/boreal ]; diff --git a/poseidon.nix b/poseidon.nix index 6e02ba3..2739352 100644 --- a/poseidon.nix +++ b/poseidon.nix @@ -11,9 +11,6 @@ # Service definitions ./services - # Configuration secrets - ./secrets - # Host-specific config ./hosts/poseidon ]; diff --git a/secrets/default.nix b/secrets/default.nix deleted file mode 100644 index 5b4ab4a..0000000 --- a/secrets/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, lib, config, ... }: -let - inherit (lib) - fileContents - mkOption - ; -in { - options.my.secrets = let inherit (lib) types; in mkOption { - type = types.attrs; - }; - - config.my.secrets = { - }; -} From 73229df4e458a63ec8cff3dc50938614d40ca337 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 19:02:19 +0100 Subject: [PATCH 278/904] get rid of git-crypt --- .git-crypt/.gitattributes | 4 ---- .../91FF02AD4EEBB9C7E08FF04D6BD29B53D3847632.gpg | Bin 726 -> 0 bytes .gitattributes | 3 --- 3 files changed, 7 deletions(-) delete mode 100644 .git-crypt/.gitattributes delete mode 100644 .git-crypt/keys/default/0/91FF02AD4EEBB9C7E08FF04D6BD29B53D3847632.gpg delete mode 100644 .gitattributes diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes deleted file mode 100644 index 665b10e..0000000 --- a/.git-crypt/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Do not edit this file. To specify the files to encrypt, create your own -# .gitattributes file in the directory where your files are. -* !filter !diff -*.gpg binary diff --git a/.git-crypt/keys/default/0/91FF02AD4EEBB9C7E08FF04D6BD29B53D3847632.gpg b/.git-crypt/keys/default/0/91FF02AD4EEBB9C7E08FF04D6BD29B53D3847632.gpg deleted file mode 100644 index 4a4cc593b01cdad915256bcd9d08599fda56930d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 726 zcmZo=;$dznOUkjCI%63l|6eIVIqmJH%Znzy@%jDnGWYM#!3G8uwug8ttLLoD{P4Bz zO36&|0G3qWxMh3))@|`~zB#W*_(kWxS;q`*OPuCuEay}HDZR+st#7u3@hNq~-!&z% z5<4%glAL?B?5UX=hljh6&wC;DLoSVWtr@SWVda?;d8Xj z%KA1%bDpYrprxqZA@}&CE~m{SYu6X=y+0|WcV(^oc)N;aGt;J;D^=mrFK-eN; zq)oWTe*8J+a2yMkZiLgTX1S|{^WMqE1TBrCg0 z{>xNNIfWli|6Syc{CMYFJmI(g#smJ39CQ7*?cOp)$9L7epISOQ zmvPpZW+iEDNISH-sJ?mc!|SWRCK;+u_f(#HsP9d{H<#2Wy$jdpOY`(^+1}QW>^e%?nF5y%urR88Y}mQr_>V%Z zinyu!e17Dg3h~~}Eq+jEYer66r`nVhtK1`#Rh&96tE5!S=REm};U&9ld&hUJbaR{Y zPuzIb?qqm+t!tlL@h;a_&3p#mg6qlL7Ze!!=AKoZcWb?x%cSpr`qn++wA-b))O+%@ zEl)RBdn@Fh3{jtCFOv0q+RUnJ?=#x$S43CDB{}tSU&+=xGI`ytxAwNVi=|Jq1(_c| srF`bS_pS@?+SfV9FTJ$US;tKGYsqP&Cs#Hso=|(OA(O-MpY-#q0K}AN0{{R3 diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index dca0b4c..0000000 --- a/.gitattributes +++ /dev/null @@ -1,3 +0,0 @@ -secrets/**/*.secret filter=git-crypt diff=git-crypt -secrets/matrix-email-config.nix filter=git-crypt diff=git-crypt -home/secrets/*.secret filter=git-crypt diff=git-crypt From b675af3794a2a885aa69e847531320c2a43160c9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 19:02:42 +0100 Subject: [PATCH 279/904] ci: add poseidon configuration to CI --- .github/workflows/cachix.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 74cf5c1..8659e99 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -46,6 +46,7 @@ jobs: matrix: name: - boreal + - poseidon - zephyrus steps: From f984ba51e699836de178debc89af83fae6a26d62 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 12 Mar 2022 13:52:29 +0100 Subject: [PATCH 280/904] services: matrix: re-enable presence --- services/matrix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/matrix.nix b/services/matrix.nix index eda880a..19c92f9 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -111,7 +111,7 @@ in { spaces_enabled = true; }; - use_presence = false; + use_presence = true; email = { require_transport_security = true; From 006fbdb41ab95cc49aa36a910685ffeb3ae3bf98 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Mar 2022 16:35:57 +0100 Subject: [PATCH 281/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/2fc6f185dbbc0dbf35289648aab0a8dfd1bba320' (2022-03-04) → 'github:nix-community/emacs-overlay/df459e39ce667fc1455a1fa05dc107ae624f671a' (2022-03-16) • Updated input 'home-manager': 'github:nix-community/home-manager/afe96e7433c513bf82375d41473c57d1f66b4e68' (2022-03-06) → 'github:nix-community/home-manager/8eb7c009f09f1f7b1ec151e5d537104acf42213a' (2022-03-13) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/03e7686c72345f237405c0b46b153dccd3ec9913' (2021-07-25) → 'github:NixOS/nixos-hardware/816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1' (2022-03-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/062a0c5437b68f950b081bbfc8a699d57a4ee026' (2022-03-05) → 'github:NixOS/nixpkgs/73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58' (2022-03-14) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/085e8934e46ffb8cb31a8197cf2cd8df2f384a8d' (2022-03-10) → 'github:NixOS/nixpkgs/6e3ee8957637a60f5072e33d78e05c0f65c54366' (2022-03-15) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a05eed0..0fd4a20 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1646414475, - "narHash": "sha256-Linz0Q0FaNYkHniXnlUdCYUI9qeHvcS/dbn13Q3w4Bg=", + "lastModified": 1647422196, + "narHash": "sha256-yS2GTkWklt3LMT9kAPCdfcYVWIylI+nURTNVa7KUK3M=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "2fc6f185dbbc0dbf35289648aab0a8dfd1bba320", + "rev": "df459e39ce667fc1455a1fa05dc107ae624f671a", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1646559628, - "narHash": "sha256-WDoqxH/IPTV8CkI15wwzvXYgXq9UPr8xd8WKziuaynw=", + "lastModified": 1647210221, + "narHash": "sha256-mUWwEq+ReRQjIqj28ClqmBDyKV4fr6C5ufqlXLzZFsk=", "owner": "nix-community", "repo": "home-manager", - "rev": "afe96e7433c513bf82375d41473c57d1f66b4e68", + "rev": "8eb7c009f09f1f7b1ec151e5d537104acf42213a", "type": "github" }, "original": { @@ -73,11 +73,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1627212500, - "narHash": "sha256-KMUQCT3JSqznp+dR6BTvbwLqPFErjNlotVpkp/P/ZmM=", + "lastModified": 1646825982, + "narHash": "sha256-uWvS4UFkdE4Iqk1pXhxkZqPsqI+Z2V9VRmLxGUFejbY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "03e7686c72345f237405c0b46b153dccd3ec9913", + "rev": "816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1646903400, - "narHash": "sha256-yId/d2GrwF6CPddtBJg35jb9HuYKhtwH8+oLausAxC0=", + "lastModified": 1647380550, + "narHash": "sha256-909TI9poX7CIUiFx203WL29YON6m/I6k0ExbZvR7bLM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "085e8934e46ffb8cb31a8197cf2cd8df2f384a8d", + "rev": "6e3ee8957637a60f5072e33d78e05c0f65c54366", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1646497237, - "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", + "lastModified": 1647297614, + "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026", + "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58", "type": "github" }, "original": { From a155d1b1858e5ffbeb7fa7aabf79e8739f654c27 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 18 Mar 2022 11:21:15 +0100 Subject: [PATCH 282/904] zephyrus: add chrysalis and udev rules --- hosts/zephyrus/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 641e414..4eefcd3 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -92,7 +92,9 @@ }; my.gui.enable = true; - environment.systemPackages = [ pkgs.arandr ]; + environment.systemPackages = [ pkgs.arandr pkgs.chrysalis ]; + + services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ]; hardware.bluetooth = { enable = true; From 8c21d60d8cf26d74495c814f12e03d99b38b0e8c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 18 Mar 2022 11:25:10 +0100 Subject: [PATCH 283/904] services: paperless: redis changes are upstreamed --- services/paperless.nix | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/services/paperless.nix b/services/paperless.nix index 7db2019..431acd3 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -58,26 +58,20 @@ in PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = "alarsyo"; - - # FIXME: upstream module should be fixed instead of setting the redis URL myself - PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}"; }; }; systemd.services = { paperless-ng-server.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; - BindReadOnlyPaths = [ config.services.redis.servers.paperless.unixSocket ]; }; paperless-ng-consumer.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; - BindReadOnlyPaths = [ config.services.redis.servers.paperless.unixSocket ]; }; paperless-ng-web.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; - BindReadOnlyPaths = [ config.services.redis.servers.paperless.unixSocket ]; }; }; @@ -92,11 +86,9 @@ in ]; }; - services.redis.servers.paperless.enable = true; - systemd.services.paperless-ng-server = { # Make sure the DB is available - after = [ "postgresql.service" "redis-paperless.service" ]; + after = [ "postgresql.service" ]; }; services.nginx.virtualHosts = { @@ -125,10 +117,6 @@ in }; }; - users.users.${config.services.paperless-ng.user} = { - extraGroups = [ config.services.redis.servers.paperless.user ]; - }; - my.services.restic-backup = mkIf cfg.enable { paths = [ config.services.paperless-ng.dataDir From 2644c71aa8e2851b33b75cf76a93d6cfa057c037 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 20 Mar 2022 23:01:32 +0100 Subject: [PATCH 284/904] services: transmission: only expose over Wireguard --- hosts/poseidon/default.nix | 1 - hosts/poseidon/secrets.nix | 4 ---- modules/secrets/secrets.nix | 2 -- modules/secrets/transmission/secret.age | Bin 329 -> 0 bytes services/transmission.nix | 21 ++++++++++++++++++--- 5 files changed, 18 insertions(+), 10 deletions(-) delete mode 100644 modules/secrets/transmission/secret.age diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 58bdee3..e509ac3 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -147,7 +147,6 @@ in transmission = { enable = true; username = "alarsyo"; - secretConfigFile = config.age.secrets."transmission/secret".path; }; }; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index ada3ee4..f9b390b 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -29,10 +29,6 @@ "restic-backup/poseidon-credentials" = {}; "restic-backup/poseidon-password" = {}; - "transmission/secret" = { - owner = "transmission"; - }; - "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9aa0e53..c8b4056 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -31,8 +31,6 @@ in "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; - "transmission/secret.age".publicKeys = [ poseidon ]; - "users/root-hashed-password.age".publicKeys = machines; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ]; } diff --git a/modules/secrets/transmission/secret.age b/modules/secrets/transmission/secret.age deleted file mode 100644 index 038526dbf99378a07da0677c4527ac88c101d54f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 329 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyGIK4p2vkT8@b^zI zNc6VM2+jA@Pl^aJ%P%SMP0Yy3^)&YlG^6d9H3<>sHv z)f5`C{O8M+teN6x9!=iUc0*iq`h<+G)6uSNjCQJ8!Iw^Yl<>p{{3yT6xtw3C@ox9@ zTTT~NwDL0?FJjbw`Dn?m(`we2x4V8=xbV<&V-@YkmyAu-vzsCuudV#?^TU$+Ynww9 c Date: Thu, 24 Mar 2022 17:22:02 +0100 Subject: [PATCH 285/904] ci: don't fail fast if one build fails --- .github/workflows/cachix.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 8659e99..bf4306a 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -14,6 +14,7 @@ jobs: runs-on: ubuntu-latest strategy: + fail-fast: false matrix: name: - emacsPgtkGcc @@ -43,6 +44,7 @@ jobs: needs: [ build-pkgs ] strategy: + fail-fast: false matrix: name: - boreal From 8ba0393f896d3250cf62d24534ef24d20064b12b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 24 Mar 2022 17:22:49 +0100 Subject: [PATCH 286/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/df459e39ce667fc1455a1fa05dc107ae624f671a' (2022-03-16) → 'github:nix-community/emacs-overlay/a8ebde25f295b1b9904e61976ea7c464c981d467' (2022-03-24) • Updated input 'home-manager': 'github:nix-community/home-manager/8eb7c009f09f1f7b1ec151e5d537104acf42213a' (2022-03-13) → 'github:nix-community/home-manager/ac9404115362c901ffe5c5c215f76f74b79d5eda' (2022-03-23) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1' (2022-03-09) → 'github:NixOS/nixos-hardware/c326257692902fe57d3d0f513ebf9c405ccd02ad' (2022-03-23) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58' (2022-03-14) → 'github:NixOS/nixpkgs/1ec61dd4167f04be8d05c45780818826132eea0d' (2022-03-21) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/6e3ee8957637a60f5072e33d78e05c0f65c54366' (2022-03-15) → 'github:NixOS/nixpkgs/7aa377336ec93fbb70150804679d222f14c5e87a' (2022-03-23) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 0fd4a20..f2c926a 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1647422196, - "narHash": "sha256-yS2GTkWklt3LMT9kAPCdfcYVWIylI+nURTNVa7KUK3M=", + "lastModified": 1648113098, + "narHash": "sha256-vFDXEWspO9xxn2j4tM6t8hq+EYMw92Zr7OXNihZ5PFM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "df459e39ce667fc1455a1fa05dc107ae624f671a", + "rev": "a8ebde25f295b1b9904e61976ea7c464c981d467", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1647210221, - "narHash": "sha256-mUWwEq+ReRQjIqj28ClqmBDyKV4fr6C5ufqlXLzZFsk=", + "lastModified": 1648078876, + "narHash": "sha256-oa3RA0Z0UwEZ1M5kQOT9oUVd4ew3XePOu2oDTenFd98=", "owner": "nix-community", "repo": "home-manager", - "rev": "8eb7c009f09f1f7b1ec151e5d537104acf42213a", + "rev": "ac9404115362c901ffe5c5c215f76f74b79d5eda", "type": "github" }, "original": { @@ -73,11 +73,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1646825982, - "narHash": "sha256-uWvS4UFkdE4Iqk1pXhxkZqPsqI+Z2V9VRmLxGUFejbY=", + "lastModified": 1648043664, + "narHash": "sha256-ghIudBWl0lgRg77GqwSBEPo7v0HouOkqjF/Va4NljGA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1", + "rev": "c326257692902fe57d3d0f513ebf9c405ccd02ad", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1647380550, - "narHash": "sha256-909TI9poX7CIUiFx203WL29YON6m/I6k0ExbZvR7bLM=", + "lastModified": 1648034513, + "narHash": "sha256-EMeo6i6B3aTBbAhfFYlr6OWCLcXbiePsQTDeAysnOaA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e3ee8957637a60f5072e33d78e05c0f65c54366", + "rev": "7aa377336ec93fbb70150804679d222f14c5e87a", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1647297614, - "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=", + "lastModified": 1647893727, + "narHash": "sha256-pOi7VdCb+s5Cwh5CS7YEZVRgH9uCmE87J5W7iXv29Ck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58", + "rev": "1ec61dd4167f04be8d05c45780818826132eea0d", "type": "github" }, "original": { From e19aff1d38c49e169847bb08ec9bfe2f4911121a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Mar 2022 11:49:49 +0200 Subject: [PATCH 287/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/a8ebde25f295b1b9904e61976ea7c464c981d467' (2022-03-24) → 'github:nix-community/emacs-overlay/26da73dd9129d267f0c8c26b591ab91050c4cdc9' (2022-03-30) • Updated input 'flake-utils': 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) → 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) • Updated input 'home-manager': 'github:nix-community/home-manager/ac9404115362c901ffe5c5c215f76f74b79d5eda' (2022-03-23) → 'github:nix-community/home-manager/888eac32bd657bfe0d024c8770130d80d1c02cd3' (2022-03-27) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c326257692902fe57d3d0f513ebf9c405ccd02ad' (2022-03-23) → 'github:NixOS/nixos-hardware/feceb4d24f582817d8f6e737cd40af9e162dee05' (2022-03-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1ec61dd4167f04be8d05c45780818826132eea0d' (2022-03-21) → 'github:NixOS/nixpkgs/ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510' (2022-03-27) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/7aa377336ec93fbb70150804679d222f14c5e87a' (2022-03-23) → 'github:NixOS/nixpkgs/00e27c78d3d2de6964096ceee8d70e5b487365e3' (2022-03-29) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index f2c926a..f3f4cbc 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1648113098, - "narHash": "sha256-vFDXEWspO9xxn2j4tM6t8hq+EYMw92Zr7OXNihZ5PFM=", + "lastModified": 1648610035, + "narHash": "sha256-eQ3/YRbabEJbmRKvo48NHZ2MtgyqnlQfjBXLkBcyqGk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "a8ebde25f295b1b9904e61976ea7c464c981d467", + "rev": "26da73dd9129d267f0c8c26b591ab91050c4cdc9", "type": "github" }, "original": { @@ -36,11 +36,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1648078876, - "narHash": "sha256-oa3RA0Z0UwEZ1M5kQOT9oUVd4ew3XePOu2oDTenFd98=", + "lastModified": 1648366999, + "narHash": "sha256-Sdm0lI2ZBc70EnMMmvfDVY7gIM3M4c2L86EdQ9tKRE4=", "owner": "nix-community", "repo": "home-manager", - "rev": "ac9404115362c901ffe5c5c215f76f74b79d5eda", + "rev": "888eac32bd657bfe0d024c8770130d80d1c02cd3", "type": "github" }, "original": { @@ -73,11 +73,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1648043664, - "narHash": "sha256-ghIudBWl0lgRg77GqwSBEPo7v0HouOkqjF/Va4NljGA=", + "lastModified": 1648141026, + "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c326257692902fe57d3d0f513ebf9c405ccd02ad", + "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1648034513, - "narHash": "sha256-EMeo6i6B3aTBbAhfFYlr6OWCLcXbiePsQTDeAysnOaA=", + "lastModified": 1648583894, + "narHash": "sha256-wdhgGO3yiBn7fMmI2jSfoondsh2O8Jt81e3H4RYnrHc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7aa377336ec93fbb70150804679d222f14c5e87a", + "rev": "00e27c78d3d2de6964096ceee8d70e5b487365e3", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1647893727, - "narHash": "sha256-pOi7VdCb+s5Cwh5CS7YEZVRgH9uCmE87J5W7iXv29Ck=", + "lastModified": 1648390671, + "narHash": "sha256-u69opCeHUx3CsdIerD0wVSR+DjfDQjnztObqfk9Trqc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1ec61dd4167f04be8d05c45780818826132eea0d", + "rev": "ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510", "type": "github" }, "original": { From 97f4ebee74aa8391cace8558b0a0569bb3ca6147 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Mar 2022 12:40:35 +0200 Subject: [PATCH 288/904] home: fish: enable nix auto run --- home/fish/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home/fish/default.nix b/home/fish/default.nix index 3f50c71..0e9d721 100644 --- a/home/fish/default.nix +++ b/home/fish/default.nix @@ -11,6 +11,12 @@ in options.my.home.fish.enable = (mkEnableOption "Fish shell") // { default = true; }; config = mkIf cfg.enable { + home.sessionVariables = { + # automatically prompt to run program in nix-shell if it's not installed + NIX_AUTO_RUN = "1"; + NIX_AUTO_RUN_INTERACTIVE = "1"; + }; + programs.fish = { enable = true; }; From 40c5551d9b922cb65626469a449e1e90b5606d51 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Mar 2022 12:48:50 +0200 Subject: [PATCH 289/904] zephyrus: don't auto enable dhcp on interfaces This should be handled by network manager since this is a laptop --- hosts/zephyrus/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 4eefcd3..d0c64ef 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -30,12 +30,6 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.interfaces.enp0s31f6.useDHCP = true; - networking.interfaces.wlp0s20f3.useDHCP = true; - # List services that you want to enable: my.services = { tailscale.enable = true; From 3f4e4d89c3f9ca0d611de5e73dcf73d808fecaf8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Mar 2022 11:10:39 +0200 Subject: [PATCH 290/904] home: i3: set tray to primary screen --- home/x/i3.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index 4dde0c4..996a1e1 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -51,6 +51,8 @@ in colors = i3Theme.bar; + trayOutput = "primary"; + # disable mouse scroll wheel in bar extraConfig = '' bindsym button4 nop From 7f9bd4e62a0b15e0635b7255a4294b852d4b128e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 1 Apr 2022 13:57:44 +0200 Subject: [PATCH 291/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/26da73dd9129d267f0c8c26b591ab91050c4cdc9' (2022-03-30) → 'github:nix-community/emacs-overlay/4993cb95c8e27e7ba9ca8dc93ffac4fb5af52d66' (2022-04-01) • Updated input 'home-manager': 'github:nix-community/home-manager/888eac32bd657bfe0d024c8770130d80d1c02cd3' (2022-03-27) → 'github:nix-community/home-manager/cf62e96bf7c72e6a88e0bd43165110f42e44cdb4' (2022-03-31) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510' (2022-03-27) → 'github:NixOS/nixpkgs/710fed5a2483f945b14f4a58af2cd3676b42d8c8' (2022-03-30) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/00e27c78d3d2de6964096ceee8d70e5b487365e3' (2022-03-29) → 'github:NixOS/nixpkgs/1063244793d9b2dc3db515ac5b70a85385ec9b10' (2022-03-30) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f3f4cbc..80b3ae8 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1648610035, - "narHash": "sha256-eQ3/YRbabEJbmRKvo48NHZ2MtgyqnlQfjBXLkBcyqGk=", + "lastModified": 1648810403, + "narHash": "sha256-PLRuNnavolMu0krnALHsU0avIsDAkE5Lnbly1LRF+1A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "26da73dd9129d267f0c8c26b591ab91050c4cdc9", + "rev": "4993cb95c8e27e7ba9ca8dc93ffac4fb5af52d66", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1648366999, - "narHash": "sha256-Sdm0lI2ZBc70EnMMmvfDVY7gIM3M4c2L86EdQ9tKRE4=", + "lastModified": 1648751066, + "narHash": "sha256-pYUSID9rSgYnl4PNa45/haCaHUKzY+Ul0fkqqSGflxs=", "owner": "nix-community", "repo": "home-manager", - "rev": "888eac32bd657bfe0d024c8770130d80d1c02cd3", + "rev": "cf62e96bf7c72e6a88e0bd43165110f42e44cdb4", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1648583894, - "narHash": "sha256-wdhgGO3yiBn7fMmI2jSfoondsh2O8Jt81e3H4RYnrHc=", + "lastModified": 1648673296, + "narHash": "sha256-dlQP4/escrnt8vm1WAbWrYeFvYF1F1K3m+9qsUHwL+I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00e27c78d3d2de6964096ceee8d70e5b487365e3", + "rev": "1063244793d9b2dc3db515ac5b70a85385ec9b10", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1648390671, - "narHash": "sha256-u69opCeHUx3CsdIerD0wVSR+DjfDQjnztObqfk9Trqc=", + "lastModified": 1648632716, + "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510", + "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", "type": "github" }, "original": { From 799ae3e92adbb72afa8a98cf80bf2b7c9fb7b6b0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 6 Apr 2022 16:24:06 +0200 Subject: [PATCH 292/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/764c975e74bce2f89a5106b68ec48e2b586f893c' (2022-03-09) → 'github:ryantm/agenix/0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01' (2022-04-02) • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/4993cb95c8e27e7ba9ca8dc93ffac4fb5af52d66' (2022-04-01) → 'github:nix-community/emacs-overlay/e8bcf0ddb6fe849c8eead988eaf837b68e6019a7' (2022-04-06) • Updated input 'home-manager': 'github:nix-community/home-manager/cf62e96bf7c72e6a88e0bd43165110f42e44cdb4' (2022-03-31) → 'github:nix-community/home-manager/07b941f0c45ac4af6732d96f4cb6142824eee3df' (2022-04-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/710fed5a2483f945b14f4a58af2cd3676b42d8c8' (2022-03-30) → 'github:NixOS/nixpkgs/bc4b9eef3ce3d5a90d8693e8367c9cbfc9fc1e13' (2022-04-03) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/1063244793d9b2dc3db515ac5b70a85385ec9b10' (2022-03-30) → 'github:NixOS/nixpkgs/b6966d911da89e5a7301aaef8b4f0a44c77e103c' (2022-04-06) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 80b3ae8..b609f28 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1646845404, - "narHash": "sha256-JENXFCI2HVqi0whBzt7MAW9PX3ziEaYqBhMux+4g+VM=", + "lastModified": 1648942457, + "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", "owner": "ryantm", "repo": "agenix", - "rev": "764c975e74bce2f89a5106b68ec48e2b586f893c", + "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1648810403, - "narHash": "sha256-PLRuNnavolMu0krnALHsU0avIsDAkE5Lnbly1LRF+1A=", + "lastModified": 1649240755, + "narHash": "sha256-AZGqbi9oLagkvdbD+6RdPRVA+nk5+xszYr9WUZzoGgE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4993cb95c8e27e7ba9ca8dc93ffac4fb5af52d66", + "rev": "e8bcf0ddb6fe849c8eead988eaf837b68e6019a7", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1648751066, - "narHash": "sha256-pYUSID9rSgYnl4PNa45/haCaHUKzY+Ul0fkqqSGflxs=", + "lastModified": 1649130493, + "narHash": "sha256-tp2UxeS1A5ESb+I/rh4GoD0DH7edOGdc2fsP6D8o27Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "cf62e96bf7c72e6a88e0bd43165110f42e44cdb4", + "rev": "07b941f0c45ac4af6732d96f4cb6142824eee3df", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1648673296, - "narHash": "sha256-dlQP4/escrnt8vm1WAbWrYeFvYF1F1K3m+9qsUHwL+I=", + "lastModified": 1649225869, + "narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1063244793d9b2dc3db515ac5b70a85385ec9b10", + "rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1648632716, - "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", + "lastModified": 1649012074, + "narHash": "sha256-vQUROcJ3FfT3GTB/nJrXwVvjuq8WfK0ImN+RUgDVN1c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", + "rev": "bc4b9eef3ce3d5a90d8693e8367c9cbfc9fc1e13", "type": "github" }, "original": { From b7b9ececa4c80f95217480ceec8fd4dcb7cde079 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 6 Apr 2022 16:38:24 +0200 Subject: [PATCH 293/904] ci: run flake check before building stuff --- .github/workflows/cachix.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index bf4306a..ed123c9 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -9,9 +9,27 @@ on: - 'flake.lock' - '.github/workflows/*' jobs: + flake-check: + name: Flake check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: cachix/install-nix-action@v16 + + - uses: cachix/cachix-action@v10 + with: + name: alarsyo + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + extraPullNames: "nix-community" + + - name: Build package + run: nix flake check + build-pkgs: name: Nix packages runs-on: ubuntu-latest + needs: [ flake-check ] strategy: fail-fast: false From aa4484b03b7c7e5f4e455e13dfda9efe9b581773 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Apr 2022 11:36:50 +0200 Subject: [PATCH 294/904] base: use gnome pinentry --- base/programs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index ab3abc7..ebc83e6 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -4,7 +4,7 @@ fish.enable = true; gnupg.agent = { enable = true; - pinentryFlavor = "curses"; + pinentryFlavor = "gnome3"; }; less.enable = true; mosh.enable = true; @@ -37,7 +37,7 @@ gnumake gnupg kakoune - pinentry-curses + pinentry-gnome python3 vim From 1de0a0a55e692c23a666d3bea6b5c354dd0a98f9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 9 Apr 2022 19:46:22 +0200 Subject: [PATCH 295/904] boreal: don't auto enable dhcp on interfaces Same as commit 40c5551d9b922cb65626469a449e1e90b5606d51 Reason is it creates a 90 seconds timeout when shutting down the machine if the interface isn't connected anymore. --- hosts/boreal/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index be11d05..61dad07 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -37,12 +37,6 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.interfaces.enp8s0.useDHCP = true; - networking.interfaces.wlp4s0.useDHCP = true; - # List services that you want to enable: my.services = { restic-backup = { From 4f0496ca99520b81f0b7fa65721dcc80db241b16 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 9 Apr 2022 21:35:15 +0200 Subject: [PATCH 296/904] home: mail: setup email syncing --- home/default.nix | 1 + home/mail.nix | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 home/mail.nix diff --git a/home/default.nix b/home/default.nix index 7368d96..d30671f 100644 --- a/home/default.nix +++ b/home/default.nix @@ -11,6 +11,7 @@ ./git.nix ./laptop.nix ./lorri.nix + ./mail.nix ./rofi.nix ./ssh.nix ./themes diff --git a/home/mail.nix b/home/mail.nix new file mode 100644 index 0000000..ffacc86 --- /dev/null +++ b/home/mail.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: +let + inherit (lib) + mkEnableOption + mkIf + ; + + myName = "Antoine Martin"; + email_perso = "antoine@alarsyo.net"; + email_lrde = "amartin@lrde.epita.fr"; + + cfg = config.my.home.mail; +in +{ + options.my.home.mail = { + # I *could* read email in a terminal emacs client on a server, but in + # practice I don't think it'll happen very often, so let's enable this only + # when I'm on a machine with a Xorg server. + enable = (mkEnableOption "email configuration") // { default = config.my.home.x.enable; }; + }; + + config = mkIf cfg.enable { + accounts.email = { + maildirBasePath = "${config.home.homeDirectory}/.mail"; + accounts = { + alarsyo = { + address = email_perso; + userName = email_perso; + realName = myName; + aliases = [ + "alarsyo@alarsyo.net" + "antoine@amartin.email" + ]; + flavor = "plain"; # default setting + passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}"; + primary = true; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + imap = { + host = "imap.migadu.com"; + port = 993; + tls.enable = true; + }; + smtp = { + host = "smtp.migadu.com"; + port = 465; + tls.enable = true; + }; + }; + }; + }; + + programs.mbsync.enable = true; + services.mbsync = { + enable = true; + postExec = "${pkgs.mu}/bin/mu index"; + }; + systemd.user.services.mbsync = { + # rbw invokes the agent to know if the agent is launched already, and + # needs its path for that. + # + # https://github.com/doy/rbw/blob/acd1173848b4db1c733af7d3f53d24aab900b542/src/bin/rbw/commands.rs#L1000 + Service.Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent"; + }; + + programs.mu.enable = true; + }; +} From b6077dabf34d60d6771b2d4142c84a0f3172a980 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 9 Apr 2022 22:23:25 +0200 Subject: [PATCH 297/904] home: setup rbw module --- base/gui-programs.nix | 1 - home/default.nix | 1 + home/rbw.nix | 25 +++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 home/rbw.nix diff --git a/base/gui-programs.nix b/base/gui-programs.nix index ca10adf..8bc9d33 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -41,7 +41,6 @@ in mpv obs-studio pavucontrol - rbw slack spotify tdesktop diff --git a/home/default.nix b/home/default.nix index d30671f..ab42092 100644 --- a/home/default.nix +++ b/home/default.nix @@ -12,6 +12,7 @@ ./laptop.nix ./lorri.nix ./mail.nix + ./rbw.nix ./rofi.nix ./ssh.nix ./themes diff --git a/home/rbw.nix b/home/rbw.nix new file mode 100644 index 0000000..34ac1b8 --- /dev/null +++ b/home/rbw.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +let + inherit (lib) + mkEnableOption + mkIf + ; + cfg = config.my.home.mail; +in +{ + options.my.home.rbw = { + enable = (mkEnableOption "rbw configuration"); + }; + + config = mkIf cfg.enable { + programs.rbw = { + enable = true; + settings = { + email = "antoine@alarsyo.net"; + base_url = "https://pass.alarsyo.net"; + lock_timeout = 60 * 60 * 12; + pinentry = pkgs.pinentry-gnome; + }; + }; + }; +} From 982f95ae8bc930a9b1b40b84bafc70c696305ecc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Apr 2022 00:58:56 +0200 Subject: [PATCH 298/904] home: mail: enable msmtp --- home/mail.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/mail.nix b/home/mail.nix index ffacc86..fb8b0bf 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -68,6 +68,8 @@ in Service.Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent"; }; + programs.msmtp.enable = true; + programs.mu.enable = true; }; } From e528ef1e38a0496e4df67260435ac04c6621fc02 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Apr 2022 00:59:05 +0200 Subject: [PATCH 299/904] home: mail: setup lrde account --- home/mail.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/home/mail.nix b/home/mail.nix index fb8b0bf..800ba84 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -52,6 +52,35 @@ in tls.enable = true; }; }; + lrde = { + address = email_lrde; + userName = "amartin"; + realName = myName; + flavor = "plain"; # default setting + passwordCommand = "${pkgs.rbw}/bin/rbw get lrde.epita.fr amartin"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + extraConfig.account = { + # otherwise mbsync tries GSSAPI, but I don't have Kerberos setup + # on this machine + AuthMechs = "LOGIN"; + }; + }; + msmtp.enable = true; + mu.enable = true; + imap = { + host = "imap.lrde.epita.fr"; + port = 993; + tls.enable = true; + }; + smtp = { + host = "smtp.lrde.epita.fr"; + port = 465; + tls.enable = true; + }; + }; }; }; From 86eef74e9c35cb553901e8044f791c71b691115a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Apr 2022 01:22:36 +0200 Subject: [PATCH 300/904] home: mail: custom mail check frequency --- home/mail.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/mail.nix b/home/mail.nix index 800ba84..f4efcfc 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -87,6 +87,9 @@ in programs.mbsync.enable = true; services.mbsync = { enable = true; + # sync every hour on the third minute, then every 16 minutes (to not hit + # servers right on plain hours) + frequency = "*:03/16"; postExec = "${pkgs.mu}/bin/mu index"; }; systemd.user.services.mbsync = { From fa0cda2673db6b7b8e674112a750c5a0abb5617f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Apr 2022 11:40:52 +0200 Subject: [PATCH 301/904] base: add alejandra to CLI programs --- base/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/programs.nix b/base/programs.nix index ebc83e6..ab4ce97 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -31,6 +31,7 @@ wget # development + alejandra git git-crypt git-lfs From 4f0d45e4d54f2a9cca794e68eb76d5d8e7fe7003 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Apr 2022 11:54:58 +0200 Subject: [PATCH 302/904] format all code with alejandra --- base/default.nix | 3 +- base/gui-programs.nix | 38 +-- base/networking.nix | 11 +- base/nix.nix | 7 +- base/programs.nix | 21 +- base/users.nix | 11 +- boreal.nix | 3 +- flake.nix | 171 +++++++------ home/alacritty.nix | 20 +- home/bat.nix | 17 +- home/default.nix | 3 +- home/emacs.nix | 27 +- home/env.nix | 3 +- home/firefox.nix | 18 +- home/fish/default.nix | 19 +- home/flameshot.nix | 15 +- home/git.nix | 34 +-- home/laptop.nix | 15 +- home/lorri.nix | 25 +- home/mail.nix | 18 +- home/rbw.nix | 18 +- home/rofi.nix | 18 +- home/ssh.nix | 21 +- home/themes/alacritty.nix | 120 ++++----- home/themes/bat.nix | 22 +- home/themes/color.nix | 24 +- home/themes/default.nix | 27 +- home/themes/i3.nix | 287 +++++++++++----------- home/themes/i3bar.nix | 40 +-- home/themes/solarizedLight/alacritty.nix | 8 +- home/themes/solarizedLight/colors.nix | 30 +-- home/themes/solarizedLight/i3.nix | 8 +- home/themes/solarizedLight/i3bar.nix | 8 +- home/tmux.nix | 22 +- home/tridactyl.nix | 17 +- home/x/cursor.nix | 18 +- home/x/default.nix | 16 +- home/x/i3.nix | 101 ++++---- home/x/i3bar.nix | 171 +++++++------ hosts/boreal/default.nix | 23 +- hosts/boreal/hardware-configuration.nix | 42 ++-- hosts/boreal/home.nix | 19 +- hosts/boreal/secrets.nix | 30 ++- hosts/poseidon/default.nix | 28 ++- hosts/poseidon/hardware-configuration.nix | 65 ++--- hosts/poseidon/home.nix | 4 +- hosts/poseidon/secrets.nix | 60 ++--- hosts/zephyrus/default.nix | 25 +- hosts/zephyrus/hardware-configuration.nix | 73 +++--- hosts/zephyrus/home.nix | 28 ++- hosts/zephyrus/secrets.nix | 30 ++- modules/default.nix | 3 +- modules/sddm.nix | 26 +- modules/secrets/default.nix | 15 +- modules/secrets/secrets.nix | 35 ++- modules/wakeonwlan.nix | 29 ++- overlays/i3status-rust/default.nix | 10 +- pkgs/default.nix | 3 +- pkgs/grafana-dashboards/default.nix | 3 +- pkgs/grafana-dashboards/nginx.nix | 53 ++-- pkgs/grafana-dashboards/node-exporter.nix | 53 ++-- pkgs/kaleidoscope-udev-rules/default.nix | 53 ++-- pkgs/sddm-sugar-candy/default.nix | 7 +- pkgs/spot/default.nix | 32 +-- poseidon.nix | 4 +- services/default.nix | 4 +- services/fail2ban.nix | 14 +- services/fava.nix | 25 +- services/gitea/default.nix | 24 +- services/jellyfin.nix | 14 +- services/lohr.nix | 34 +-- services/matrix.nix | 138 +++++++---- services/media.nix | 22 +- services/miniflux.nix | 20 +- services/monitoring.nix | 28 ++- services/navidrome.nix | 22 +- services/nextcloud.nix | 54 ++-- services/nginx.nix | 55 +++-- services/nuage.nix | 16 +- services/paperless.nix | 25 +- services/pipewire.nix | 20 +- services/postgresql-backup.nix | 19 +- services/postgresql.nix | 5 +- services/restic-backup.nix | 30 ++- services/tailscale.nix | 21 +- services/tgv.nix | 16 +- services/transmission.nix | 61 +++-- services/vaultwarden.nix | 25 +- zephyrus.nix | 3 +- 89 files changed, 1605 insertions(+), 1298 deletions(-) diff --git a/base/default.nix b/base/default.nix index 123b658..1607602 100644 --- a/base/default.nix +++ b/base/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { imports = [ ./gui-programs.nix ./networking.nix diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 8bc9d33..f23213e 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -1,12 +1,17 @@ -{ pkgs, lib, config, options, ... }: -let - inherit (lib) +{ + pkgs, + lib, + config, + options, + ... +}: let + inherit + (lib) mkEnableOption mkIf optional - ; -in -{ + ; +in { options.my.gui = { enable = mkEnableOption "System has some kind of screen attached"; isNvidia = mkEnableOption "System a NVIDIA GPU"; @@ -19,8 +24,10 @@ in xserver = { enable = true; # NOTE: could use `mkOptionDefault` but this feels more explicit - videoDrivers = if config.my.gui.isNvidia then [ "nvidia" ] - else options.services.xserver.videoDrivers.default; + videoDrivers = + if config.my.gui.isNvidia + then ["nvidia"] + else options.services.xserver.videoDrivers.default; windowManager.i3.enable = true; layout = "fr"; xkbVariant = "us"; @@ -31,7 +38,8 @@ in }; environment.systemPackages = builtins.attrValues { - inherit (pkgs) + inherit + (pkgs) element-desktop feh firefox @@ -48,7 +56,7 @@ in thunderbird virt-manager zathura - ; + ; inherit (pkgs.gnome) nautilus; @@ -60,11 +68,11 @@ in dispatcherScripts = [ { - source = - let - grep = "${pkgs.gnugrep}/bin/grep"; - nmcli = "${pkgs.networkmanager}/bin/nmcli"; - in pkgs.writeShellScript "disable_wifi_on_ethernet" '' + source = let + grep = "${pkgs.gnugrep}/bin/grep"; + nmcli = "${pkgs.networkmanager}/bin/nmcli"; + in + pkgs.writeShellScript "disable_wifi_on_ethernet" '' export LC_ALL=C enable_disable_wifi () diff --git a/base/networking.nix b/base/networking.nix index e059f5e..02c8982 100644 --- a/base/networking.nix +++ b/base/networking.nix @@ -1,11 +1,10 @@ -{ lib, ... }: -let - inherit (lib) +{lib, ...}: let + inherit + (lib) mkOption types - ; -in -{ + ; +in { options.my.networking.externalInterface = mkOption { type = types.nullOr types.str; default = null; diff --git a/base/nix.nix b/base/nix.nix index c632aa9..b016e0d 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -1,13 +1,12 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { nixpkgs.config.allowUnfree = true; nix = { package = pkgs.nixStable; settings = { - experimental-features = [ "nix-command" "flakes" ]; - trusted-users = [ "@wheel" ]; + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["@wheel"]; substituters = [ "https://alarsyo.cachix.org" "https://nix-community.cachix.org" diff --git a/base/programs.nix b/base/programs.nix index ab4ce97..3281f01 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { programs = { fish.enable = true; gnupg.agent = { @@ -20,8 +19,10 @@ }; environment.systemPackages = builtins.attrValues { - inherit (pkgs) + inherit + (pkgs) # shell usage + fd ripgrep sd @@ -29,8 +30,8 @@ tokei tree wget - # development + alejandra git git-crypt @@ -41,8 +42,8 @@ pinentry-gnome python3 vim - # terminal utilities + bottom dogdns du-dust @@ -51,16 +52,16 @@ tealdeer unzip zip - # nix pkgs lookup + nix-index - agenix - ; + ; - inherit (pkgs.llvmPackages_11) + inherit + (pkgs.llvmPackages_11) bintools clang - ; + ; }; } diff --git a/base/users.nix b/base/users.nix index 2af640f..6f5e441 100644 --- a/base/users.nix +++ b/base/users.nix @@ -1,8 +1,11 @@ -{ config, lib, pkgs, ... }: -let - secrets = config.my.secrets; -in { + config, + lib, + pkgs, + ... +}: let + secrets = config.my.secrets; +in { users.mutableUsers = false; users.users.root = { passwordFile = config.age.secrets."users/root-hashed-password".path; diff --git a/boreal.nix b/boreal.nix index 448fcfb..076f749 100644 --- a/boreal.nix +++ b/boreal.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { imports = [ # Default configuration ./base diff --git a/flake.nix b/flake.nix index 17ddf99..0933043 100644 --- a/flake.nix +++ b/flake.nix @@ -51,104 +51,121 @@ }; }; - outputs = { self, nixpkgs, home-manager, agenix, ... } @inputs: { - nixosModules = { - home = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alarsyo = import ./home; - home-manager.verbose = true; + outputs = { + self, + nixpkgs, + home-manager, + agenix, + ... + } @ inputs: + { + nixosModules = { + home = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alarsyo = import ./home; + home-manager.verbose = true; + }; + nix-path = { + nix.nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + ]; + }; }; - nix-path = { - nix.nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - ]; - }; - }; - overlays = import ./overlays; + overlays = import ./overlays; - nixosConfigurations = - let + nixosConfigurations = let system = "x86_64-linux"; - shared_overlays = [ - (self: super: { - packages = import ./pkgs { pkgs = super; }; + shared_overlays = + [ + (self: super: { + packages = import ./pkgs {pkgs = super;}; - # packages accessible through pkgs.unstable.package - unstable = import inputs.nixpkgs-unstable-small { - inherit system; - config.allowUnfree = true; - }; + # packages accessible through pkgs.unstable.package + unstable = import inputs.nixpkgs-unstable-small { + inherit system; + config.allowUnfree = true; + }; + }) - }) - - agenix.overlay - ] ++ builtins.attrValues self.overlays; - sharedModules = [ - agenix.nixosModule - home-manager.nixosModule - { nixpkgs.overlays = shared_overlays; } - ] ++ (nixpkgs.lib.attrValues self.nixosModules); + agenix.overlay + ] + ++ builtins.attrValues self.overlays; + sharedModules = + [ + agenix.nixosModule + home-manager.nixosModule + {nixpkgs.overlays = shared_overlays;} + ] + ++ (nixpkgs.lib.attrValues self.nixosModules); in { - poseidon = nixpkgs.lib.nixosSystem rec { inherit system; - modules = [ - ./poseidon.nix - ] ++ sharedModules; + modules = + [ + ./poseidon.nix + ] + ++ sharedModules; }; boreal = nixpkgs.lib.nixosSystem rec { inherit system; - modules = [ - ./boreal.nix + modules = + [ + ./boreal.nix - { - nixpkgs.overlays = [ - inputs.emacs-overlay.overlay + { + nixpkgs.overlays = [ + inputs.emacs-overlay.overlay - # uncomment this to build everything from scratch, fun but takes a - # while - # - # (self: super: { - # stdenv = super.impureUseNativeOptimizations super.stdenv; - # }) - ]; - } - ] ++ sharedModules; + # uncomment this to build everything from scratch, fun but takes a + # while + # + # (self: super: { + # stdenv = super.impureUseNativeOptimizations super.stdenv; + # }) + ]; + } + ] + ++ sharedModules; }; zephyrus = nixpkgs.lib.nixosSystem rec { inherit system; - modules = [ - ./zephyrus.nix + modules = + [ + ./zephyrus.nix - inputs.nixos-hardware.nixosModules.common-cpu-intel - inputs.nixos-hardware.nixosModules.common-pc-laptop - inputs.nixos-hardware.nixosModules.common-pc-ssd + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-ssd - { - nixpkgs.overlays = [ - inputs.emacs-overlay.overlay - ]; - } - ] ++ sharedModules; + { + nixpkgs.overlays = [ + inputs.emacs-overlay.overlay + ]; + } + ] + ++ sharedModules; }; - }; - } // inputs.flake-utils.lib.eachDefaultSystem (system: { - packages = - ( - inputs.flake-utils.lib.flattenTree - (import ./pkgs { pkgs = import nixpkgs { inherit system; }; }) - ) // { - emacsPgtkGcc = ( - import nixpkgs { - inherit system; - overlays = [ inputs.emacs-overlay.overlay ]; - } - ).emacsPgtkGcc; - }; - }); + } + // inputs.flake-utils.lib.eachDefaultSystem (system: { + packages = + ( + inputs.flake-utils.lib.flattenTree + (import ./pkgs {pkgs = import nixpkgs {inherit system;};}) + ) + // { + emacsPgtkGcc = + ( + import nixpkgs { + inherit system; + overlays = [inputs.emacs-overlay.overlay]; + } + ) + .emacsPgtkGcc; + }; + }); } diff --git a/home/alacritty.nix b/home/alacritty.nix index bf9665b..87843d2 100644 --- a/home/alacritty.nix +++ b/home/alacritty.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.alacritty; alacrittyTheme = config.my.theme.alacrittyTheme; -in -{ - options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // { default = config.my.home.x.enable; }; +in { + options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;}; config = mkIf cfg.enable { programs.alacritty = { @@ -39,7 +43,7 @@ in }; }; - home.packages = [ pkgs.iosevka-bin ]; + home.packages = [pkgs.iosevka-bin]; # make sure font is discoverable fonts.fontconfig.enable = true; diff --git a/home/bat.nix b/home/bat.nix index 2349985..f2bbfd2 100644 --- a/home/bat.nix +++ b/home/bat.nix @@ -1,16 +1,19 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.bat; batTheme = config.my.theme.batTheme; -in -{ +in { options.my.home.bat = { - enable = (mkEnableOption "bat code display tool") // { default = true; }; + enable = (mkEnableOption "bat code display tool") // {default = true;}; }; config = mkIf cfg.enable { diff --git a/home/default.nix b/home/default.nix index ab42092..faea7f2 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { imports = [ ./alacritty.nix ./bat.nix diff --git a/home/emacs.nix b/home/emacs.nix index c9ed8f6..536dc5b 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -1,30 +1,35 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; -in -{ + ; +in { options.my.home.emacs = { enable = mkEnableOption "Emacs daemon configuration"; }; config = mkIf config.my.home.emacs.enable { - - home.sessionPath = [ "${config.xdg.configHome}/emacs/bin" ]; + home.sessionPath = ["${config.xdg.configHome}/emacs/bin"]; home.sessionVariables = { EDITOR = "emacsclient -t"; }; home.packages = builtins.attrValues { - inherit (pkgs) + inherit + (pkgs) sqlite # needed by org-roam - + # fonts used by my config + emacs-all-the-icons-fonts iosevka-bin - ; + ; }; # make sure above fonts are discoverable fonts.fontconfig.enable = true; diff --git a/home/env.nix b/home/env.nix index 3996dfc..aaeb1b6 100644 --- a/home/env.nix +++ b/home/env.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{config, ...}: { home.sessionPath = [ "${config.home.homeDirectory}/.cargo/bin" "${config.home.homeDirectory}/.local/bin" diff --git a/home/firefox.nix b/home/firefox.nix index 1cfce8a..c633f33 100644 --- a/home/firefox.nix +++ b/home/firefox.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.firefox; -in -{ +in { options.my.home.firefox = { - enable = (mkEnableOption "firefox config") // { default = config.my.home.x.enable; }; + enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;}; }; config = mkIf cfg.enable { diff --git a/home/fish/default.nix b/home/fish/default.nix index 0e9d721..6fa9f00 100644 --- a/home/fish/default.nix +++ b/home/fish/default.nix @@ -1,14 +1,17 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.fish; -in -{ - options.my.home.fish.enable = (mkEnableOption "Fish shell") // { default = true; }; +in { + options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;}; config = mkIf cfg.enable { home.sessionVariables = { @@ -21,6 +24,6 @@ in enable = true; }; - xdg.configFile."fish/functions" = { source = ./. + "/functions"; }; + xdg.configFile."fish/functions" = {source = ./. + "/functions";}; }; } diff --git a/home/flameshot.nix b/home/flameshot.nix index 043d2ce..47e2886 100644 --- a/home/flameshot.nix +++ b/home/flameshot.nix @@ -1,13 +1,16 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.flameshot; -in -{ +in { options.my.home.flameshot = { enable = mkEnableOption "flameshot autolaunch"; }; diff --git a/home/git.nix b/home/git.nix index 61e8171..1ab8fbf 100644 --- a/home/git.nix +++ b/home/git.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.git; -in -{ - options.my.home.git.enable = (mkEnableOption "Git configuration") // { default = true; }; +in { + options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;}; config = mkIf cfg.enable { programs.git = { @@ -26,11 +30,11 @@ in userName = "Antoine Martin"; extraConfig = { - commit = { verbose = true; }; - core = { editor = "vim"; }; - init = { defaultBranch = "main"; }; - pull = { rebase = true; }; - rerere = { enabled = true; }; + commit = {verbose = true;}; + core = {editor = "vim";}; + init = {defaultBranch = "main";}; + pull = {rebase = true;}; + rerere = {enabled = true;}; }; aliases = { @@ -42,15 +46,15 @@ in includes = [ { condition = "gitdir:~/work/lrde/"; - contents = { user = { email = "amartin@lrde.epita.fr"; }; }; + contents = {user = {email = "amartin@lrde.epita.fr";};}; } { condition = "gitdir:~/work/prologin/"; - contents = { user = { email = "antoine.martin@prologin.org"; }; }; + contents = {user = {email = "antoine.martin@prologin.org";};}; } { condition = "gitdir:~/work/epita/"; - contents = { user = { email = "antoine4.martin@epita.fr"; }; }; + contents = {user = {email = "antoine4.martin@epita.fr";};}; } ]; }; diff --git a/home/laptop.nix b/home/laptop.nix index 8d30003..28f1467 100644 --- a/home/laptop.nix +++ b/home/laptop.nix @@ -1,10 +1,13 @@ -{ config, lib, ... }: -let - inherit (lib) - mkEnableOption - ; -in { + config, + lib, + ... +}: let + inherit + (lib) + mkEnableOption + ; +in { options.my.home.laptop = { enable = mkEnableOption "Laptop settings"; }; diff --git a/home/lorri.nix b/home/lorri.nix index 386d282..0d7e2e3 100644 --- a/home/lorri.nix +++ b/home/lorri.nix @@ -1,25 +1,28 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.lorri; -in -{ +in { options.my.home.lorri = { - enable = (mkEnableOption "lorri daemon setup") // { default = true; }; + enable = (mkEnableOption "lorri daemon setup") // {default = true;}; }; config = mkIf cfg.enable { services.lorri.enable = true; programs.direnv = { + enable = true; + # FIXME: proper file, not lorri.nix + nix-direnv = { enable = true; - # FIXME: proper file, not lorri.nix - nix-direnv = { - enable = true; - }; + }; }; }; } diff --git a/home/mail.nix b/home/mail.nix index f4efcfc..7301600 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -1,22 +1,26 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; myName = "Antoine Martin"; email_perso = "antoine@alarsyo.net"; email_lrde = "amartin@lrde.epita.fr"; cfg = config.my.home.mail; -in -{ +in { options.my.home.mail = { # I *could* read email in a terminal emacs client on a server, but in # practice I don't think it'll happen very often, so let's enable this only # when I'm on a machine with a Xorg server. - enable = (mkEnableOption "email configuration") // { default = config.my.home.x.enable; }; + enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;}; }; config = mkIf cfg.enable { diff --git a/home/rbw.nix b/home/rbw.nix index 34ac1b8..98ca2b0 100644 --- a/home/rbw.nix +++ b/home/rbw.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.mail; -in -{ +in { options.my.home.rbw = { - enable = (mkEnableOption "rbw configuration"); + enable = mkEnableOption "rbw configuration"; }; config = mkIf cfg.enable { diff --git a/home/rofi.nix b/home/rofi.nix index b5a9e91..5419209 100644 --- a/home/rofi.nix +++ b/home/rofi.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.rofi; -in -{ +in { options.my.home.rofi = { - enable = (mkEnableOption "rofi configuration") // { default = config.my.home.x.enable; }; + enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;}; }; config = mkIf cfg.enable { diff --git a/home/ssh.nix b/home/ssh.nix index fc5884e..4b65ea9 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -1,15 +1,18 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.ssh; -in -{ +in { options.my.home.ssh = { - enable = (mkEnableOption "ssh configuration") // { default = true; }; + enable = (mkEnableOption "ssh configuration") // {default = true;}; }; config = mkIf cfg.enable { @@ -17,8 +20,8 @@ in enable = true; matchBlocks = { - boreal = { hostname = "boreal.alarsyo.net"; }; - poseidon = { hostname = "poseidon.alarsyo.net"; }; + boreal = {hostname = "boreal.alarsyo.net";}; + poseidon = {hostname = "poseidon.alarsyo.net";}; pi = { hostname = "pi.alarsyo.net"; user = "pi"; diff --git a/home/themes/alacritty.nix b/home/themes/alacritty.nix index cc6943b..abdbdc7 100644 --- a/home/themes/alacritty.nix +++ b/home/themes/alacritty.nix @@ -1,11 +1,11 @@ -{ lib }: -let - inherit (lib) +{lib}: let + inherit + (lib) mkOption types - ; + ; - mkColorOption = import ./color.nix { inherit lib; }; + mkColorOption = import ./color.nix {inherit lib;}; primaryColorModule = types.submodule { options = { @@ -34,60 +34,60 @@ let }; }; in -types.submodule { - options = { - primary = mkOption { - type = primaryColorModule; - default = { - foreground = "#c5c8c6"; - background = "#1d1f21"; + types.submodule { + options = { + primary = mkOption { + type = primaryColorModule; + default = { + foreground = "#c5c8c6"; + background = "#1d1f21"; + }; + }; + cursor = mkOption { + type = cursorColorModule; + default = { + text = "#1d1f21"; + cursor = "#c5c8c6"; + }; + }; + normal = mkOption { + type = rainbowColorModule; + default = { + black = "#1d1f21"; + red = "#cc6666"; + green = "#b5bd68"; + yellow = "#f0c674"; + blue = "#81a2be"; + magenta = "#b294bb"; + cyan = "#8abeb7"; + white = "#c5c8c6"; + }; + }; + bright = mkOption { + type = rainbowColorModule; + default = { + black = "#666666"; + red = "#d54e53"; + green = "#b9ca4a"; + yellow = "#e7c547"; + blue = "#7aa6da"; + magenta = "#c397d8"; + cyan = "#70c0b1"; + white = "#eaeaea"; + }; + }; + dim = mkOption { + type = rainbowColorModule; + default = { + black = "#131415"; + red = "#864343"; + green = "#777c44"; + yellow = "#9e824c"; + blue = "#556a7d"; + magenta = "#75617b"; + cyan = "#5b7d78"; + white = "#828482"; + }; }; }; - cursor = mkOption { - type = cursorColorModule; - default = { - text = "#1d1f21"; - cursor = "#c5c8c6"; - }; - }; - normal = mkOption { - type = rainbowColorModule; - default = { - black = "#1d1f21"; - red = "#cc6666"; - green = "#b5bd68"; - yellow = "#f0c674"; - blue = "#81a2be"; - magenta = "#b294bb"; - cyan = "#8abeb7"; - white = "#c5c8c6"; - }; - }; - bright = mkOption { - type = rainbowColorModule; - default = { - black = "#666666"; - red = "#d54e53"; - green = "#b9ca4a"; - yellow = "#e7c547"; - blue = "#7aa6da"; - magenta = "#c397d8"; - cyan = "#70c0b1"; - white = "#eaeaea"; - }; - }; - dim = mkOption { - type = rainbowColorModule; - default = { - black = "#131415"; - red = "#864343"; - green = "#777c44"; - yellow = "#9e824c"; - blue = "#556a7d"; - magenta = "#75617b"; - cyan = "#5b7d78"; - white = "#828482"; - }; - }; - }; -} + } diff --git a/home/themes/bat.nix b/home/themes/bat.nix index df9565e..22e873e 100644 --- a/home/themes/bat.nix +++ b/home/themes/bat.nix @@ -1,15 +1,15 @@ -{ lib }: -let - inherit (lib) +{lib}: let + inherit + (lib) mkOption types - ; + ; in -types.submodule { - options = { - name = mkOption { - type = types.str; - default = ""; + types.submodule { + options = { + name = mkOption { + type = types.str; + default = ""; + }; }; - }; -} + } diff --git a/home/themes/color.nix b/home/themes/color.nix index 5c63963..c1aa5af 100644 --- a/home/themes/color.nix +++ b/home/themes/color.nix @@ -1,14 +1,18 @@ -{ lib }: -let - inherit (lib) +{lib}: let + inherit + (lib) mkOption types - ; + ; - mkColorOption = {default ? "#000000", description ? "" }: mkOption { - inherit description default; - example = "#abcdef"; - type = types.strMatching "#[0-9a-f]{6}"; - }; + mkColorOption = { + default ? "#000000", + description ? "", + }: + mkOption { + inherit description default; + example = "#abcdef"; + type = types.strMatching "#[0-9a-f]{6}"; + }; in -mkColorOption + mkColorOption diff --git a/home/themes/default.nix b/home/themes/default.nix index e19a474..19c4103 100644 --- a/home/themes/default.nix +++ b/home/themes/default.nix @@ -1,35 +1,38 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkOption types - ; + ; themeType = types.submodule { options = { alacrittyTheme = mkOption { - type = import ./alacritty.nix { inherit lib; }; + type = import ./alacritty.nix {inherit lib;}; default = {}; }; batTheme = mkOption { - type = import ./bat.nix { inherit lib; }; + type = import ./bat.nix {inherit lib;}; default = {}; }; i3Theme = mkOption { - type = import ./i3.nix { inherit lib; }; + type = import ./i3.nix {inherit lib;}; default = {}; }; i3BarTheme = mkOption { - type = import ./i3bar.nix { inherit lib; }; + type = import ./i3bar.nix {inherit lib;}; default = {}; }; }; }; -in -{ +in { options.my.theme = mkOption { - type = themeType; - default = {}; + type = themeType; + default = {}; }; options.my.themes = mkOption { diff --git a/home/themes/i3.nix b/home/themes/i3.nix index 6e5b3eb..cd784fd 100644 --- a/home/themes/i3.nix +++ b/home/themes/i3.nix @@ -1,11 +1,11 @@ -{ lib }: -let - inherit (lib) +{lib}: let + inherit + (lib) mkOption types - ; + ; - mkColorOption = import ./color.nix { inherit lib; }; + mkColorOption = import ./color.nix {inherit lib;}; barColorSetModule = types.submodule { options = { @@ -25,165 +25,164 @@ let }; }; in -types.submodule { - options = { - bar = mkOption { - type = types.submodule { - options = { - background = mkColorOption { - default = "#000000"; - description = "Background color of the bar."; - }; - - statusline = mkColorOption { - default = "#ffffff"; - description = "Text color to be used for the statusline."; - }; - - separator = mkColorOption { - default = "#666666"; - description = "Text color to be used for the separator."; - }; - - focusedWorkspace = mkOption { - type = barColorSetModule; - default = { - border = "#4c7899"; - background = "#285577"; - text = "#ffffff"; + types.submodule { + options = { + bar = mkOption { + type = types.submodule { + options = { + background = mkColorOption { + default = "#000000"; + description = "Background color of the bar."; }; - description = '' - Border, background and text color for a workspace button when the workspace has focus. - ''; - }; - activeWorkspace = mkOption { - type = barColorSetModule; - default = { - border = "#333333"; - background = "#5f676a"; - text = "#ffffff"; + statusline = mkColorOption { + default = "#ffffff"; + description = "Text color to be used for the statusline."; }; - description = '' - Border, background and text color for a workspace button when the workspace is active. - ''; - }; - inactiveWorkspace = mkOption { - type = barColorSetModule; - default = { - border = "#333333"; - background = "#222222"; - text = "#888888"; + separator = mkColorOption { + default = "#666666"; + description = "Text color to be used for the separator."; }; - description = '' - Border, background and text color for a workspace button when the workspace does not - have focus and is not active. - ''; - }; - urgentWorkspace = mkOption { - type = barColorSetModule; - default = { - border = "#2f343a"; - background = "#900000"; - text = "#ffffff"; + focusedWorkspace = mkOption { + type = barColorSetModule; + default = { + border = "#4c7899"; + background = "#285577"; + text = "#ffffff"; + }; + description = '' + Border, background and text color for a workspace button when the workspace has focus. + ''; }; - description = '' - Border, background and text color for a workspace button when the workspace contains - a window with the urgency hint set. - ''; - }; - bindingMode = mkOption { - type = barColorSetModule; - default = { - border = "#2f343a"; - background = "#900000"; - text = "#ffffff"; + activeWorkspace = mkOption { + type = barColorSetModule; + default = { + border = "#333333"; + background = "#5f676a"; + text = "#ffffff"; + }; + description = '' + Border, background and text color for a workspace button when the workspace is active. + ''; + }; + + inactiveWorkspace = mkOption { + type = barColorSetModule; + default = { + border = "#333333"; + background = "#222222"; + text = "#888888"; + }; + description = '' + Border, background and text color for a workspace button when the workspace does not + have focus and is not active. + ''; + }; + + urgentWorkspace = mkOption { + type = barColorSetModule; + default = { + border = "#2f343a"; + background = "#900000"; + text = "#ffffff"; + }; + description = '' + Border, background and text color for a workspace button when the workspace contains + a window with the urgency hint set. + ''; + }; + + bindingMode = mkOption { + type = barColorSetModule; + default = { + border = "#2f343a"; + background = "#900000"; + text = "#ffffff"; + }; + description = "Border, background and text color for the binding mode indicator"; }; - description = - "Border, background and text color for the binding mode indicator"; }; }; + + default = {}; }; - default = {}; - }; - - background = mkOption { - type = types.str; - default = "#ffffff"; - description = '' - Background color of the window. Only applications which do not cover - the whole area expose the color. - ''; - }; - - focused = mkOption { - type = colorSetModule; - default = { - border = "#4c7899"; - background = "#285577"; - text = "#ffffff"; - indicator = "#2e9ef4"; - childBorder = "#285577"; + background = mkOption { + type = types.str; + default = "#ffffff"; + description = '' + Background color of the window. Only applications which do not cover + the whole area expose the color. + ''; }; - description = "A window which currently has the focus."; - }; - focusedInactive = mkOption { - type = colorSetModule; - default = { - border = "#333333"; - background = "#5f676a"; - text = "#ffffff"; - indicator = "#484e50"; - childBorder = "#5f676a"; + focused = mkOption { + type = colorSetModule; + default = { + border = "#4c7899"; + background = "#285577"; + text = "#ffffff"; + indicator = "#2e9ef4"; + childBorder = "#285577"; + }; + description = "A window which currently has the focus."; }; - description = '' - A window which is the focused one of its container, - but it does not have the focus at the moment. - ''; - }; - unfocused = mkOption { - type = colorSetModule; - default = { - border = "#333333"; - background = "#222222"; - text = "#888888"; - indicator = "#292d2e"; - childBorder = "#222222"; + focusedInactive = mkOption { + type = colorSetModule; + default = { + border = "#333333"; + background = "#5f676a"; + text = "#ffffff"; + indicator = "#484e50"; + childBorder = "#5f676a"; + }; + description = '' + A window which is the focused one of its container, + but it does not have the focus at the moment. + ''; }; - description = "A window which is not focused."; - }; - urgent = mkOption { - type = colorSetModule; - default = { - border = "#2f343a"; - background = "#900000"; - text = "#ffffff"; - indicator = "#900000"; - childBorder = "#900000"; + unfocused = mkOption { + type = colorSetModule; + default = { + border = "#333333"; + background = "#222222"; + text = "#888888"; + indicator = "#292d2e"; + childBorder = "#222222"; + }; + description = "A window which is not focused."; }; - description = "A window which has its urgency hint activated."; - }; - placeholder = mkOption { - type = colorSetModule; - default = { - border = "#000000"; - background = "#0c0c0c"; - text = "#ffffff"; - indicator = "#000000"; - childBorder = "#0c0c0c"; + urgent = mkOption { + type = colorSetModule; + default = { + border = "#2f343a"; + background = "#900000"; + text = "#ffffff"; + indicator = "#900000"; + childBorder = "#900000"; + }; + description = "A window which has its urgency hint activated."; + }; + + placeholder = mkOption { + type = colorSetModule; + default = { + border = "#000000"; + background = "#0c0c0c"; + text = "#ffffff"; + indicator = "#000000"; + childBorder = "#0c0c0c"; + }; + description = '' + Background and text color are used to draw placeholder window + contents (when restoring layouts). Border and indicator are ignored. + ''; }; - description = '' - Background and text color are used to draw placeholder window - contents (when restoring layouts). Border and indicator are ignored. - ''; }; - }; -} + } diff --git a/home/themes/i3bar.nix b/home/themes/i3bar.nix index 3701116..0df2ff9 100644 --- a/home/themes/i3bar.nix +++ b/home/themes/i3bar.nix @@ -1,28 +1,28 @@ -{ lib }: -let - inherit (lib) +{lib}: let + inherit + (lib) mkOption types - ; + ; - mkColorOption = import ./color.nix { inherit lib; }; + mkColorOption = import ./color.nix {inherit lib;}; in -types.submodule { - options = { - theme = mkOption { - type = types.submodule { - options = { - name = mkOption { - type = types.str; - default = "plain"; - }; - overrides = mkOption { - type = types.attrsOf types.str; - default = {}; + types.submodule { + options = { + theme = mkOption { + type = types.submodule { + options = { + name = mkOption { + type = types.str; + default = "plain"; + }; + overrides = mkOption { + type = types.attrsOf types.str; + default = {}; + }; }; }; + default = {}; }; - default = {}; }; - }; -} + } diff --git a/home/themes/solarizedLight/alacritty.nix b/home/themes/solarizedLight/alacritty.nix index fb22436..7c69411 100644 --- a/home/themes/solarizedLight/alacritty.nix +++ b/home/themes/solarizedLight/alacritty.nix @@ -1,5 +1,6 @@ let - inherit (import ./colors.nix) + inherit + (import ./colors.nix) base0 base00 base01 @@ -16,9 +17,8 @@ let red violet yellow - ; -in -{ + ; +in { primary = { background = base3; foreground = base00; diff --git a/home/themes/solarizedLight/colors.nix b/home/themes/solarizedLight/colors.nix index f4c69b7..2426f51 100644 --- a/home/themes/solarizedLight/colors.nix +++ b/home/themes/solarizedLight/colors.nix @@ -1,18 +1,18 @@ { - base03 = "#002b36"; # brblack - base02 = "#073642"; # black - base01 = "#586e75"; # brgreen - base00 = "#657b83"; # bryellow - base0 = "#839496"; # brblue - base1 = "#93a1a1"; # brcyan - base2 = "#eee8d5"; # white - base3 = "#fdf6e3"; # brwhite - yellow = "#b58900"; # yellow - orange = "#cb4b16"; # brred - red = "#dc322f"; # red + base03 = "#002b36"; # brblack + base02 = "#073642"; # black + base01 = "#586e75"; # brgreen + base00 = "#657b83"; # bryellow + base0 = "#839496"; # brblue + base1 = "#93a1a1"; # brcyan + base2 = "#eee8d5"; # white + base3 = "#fdf6e3"; # brwhite + yellow = "#b58900"; # yellow + orange = "#cb4b16"; # brred + red = "#dc322f"; # red magenta = "#d33682"; # magenta - violet = "#6c71c4"; # brmagenta - blue = "#268bd2"; # blue - cyan = "#2aa198"; # cyan - green = "#859900"; # green + violet = "#6c71c4"; # brmagenta + blue = "#268bd2"; # blue + cyan = "#2aa198"; # cyan + green = "#859900"; # green } diff --git a/home/themes/solarizedLight/i3.nix b/home/themes/solarizedLight/i3.nix index df9634a..a5762ce 100644 --- a/home/themes/solarizedLight/i3.nix +++ b/home/themes/solarizedLight/i3.nix @@ -1,5 +1,6 @@ let - inherit (import ./colors.nix) + inherit + (import ./colors.nix) base00 base2 base3 @@ -8,9 +9,8 @@ let orange red yellow - ; -in -{ + ; +in { bar = { background = base3; statusline = yellow; diff --git a/home/themes/solarizedLight/i3bar.nix b/home/themes/solarizedLight/i3bar.nix index 5b37775..0e450c2 100644 --- a/home/themes/solarizedLight/i3bar.nix +++ b/home/themes/solarizedLight/i3bar.nix @@ -1,5 +1,6 @@ let - inherit (import ./colors.nix) + inherit + (import ./colors.nix) base00 base2 base3 @@ -7,9 +8,8 @@ let green red yellow - ; -in -{ + ; +in { theme = { name = "solarized-light"; overrides = { diff --git a/home/tmux.nix b/home/tmux.nix index 86d6995..3f72959 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.tmux; -in -{ +in { options.my.home.tmux = { - enable = (mkEnableOption "tmux dotfiles") // { default = true; }; + enable = (mkEnableOption "tmux dotfiles") // {default = true;}; }; config = mkIf cfg.enable { @@ -19,7 +23,9 @@ in terminal = "screen-256color"; clock24 = true; - plugins = let inherit (pkgs) tmuxPlugins; in [ + plugins = let + inherit (pkgs) tmuxPlugins; + in [ { plugin = tmuxPlugins.cpu; extraConfig = '' diff --git a/home/tridactyl.nix b/home/tridactyl.nix index 9be9906..8b4647c 100644 --- a/home/tridactyl.nix +++ b/home/tridactyl.nix @@ -1,15 +1,18 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.tridactyl; -in -{ +in { options.my.home.tridactyl = { - enable = (mkEnableOption "tridactyl code display tool") // { default = config.my.home.firefox.enable; }; + enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;}; }; config = mkIf cfg.enable { diff --git a/home/x/cursor.nix b/home/x/cursor.nix index aa4ead7..ae2c2ed 100644 --- a/home/x/cursor.nix +++ b/home/x/cursor.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.home.x.cursor; -in -{ - options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // { default = config.my.home.x.enable; }; +in { + options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;}; config = mkIf cfg.enable { xsession.pointerCursor = { diff --git a/home/x/default.nix b/home/x/default.nix index 4953b9a..5cc058b 100644 --- a/home/x/default.nix +++ b/home/x/default.nix @@ -1,10 +1,14 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) - mkEnableOption - ; -in { + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + ; +in { imports = [ ./cursor.nix ./i3.nix diff --git a/home/x/i3.nix b/home/x/i3.nix index 996a1e1..d528a24 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -1,9 +1,14 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkIf mkOptionDefault - ; + ; isEnabled = config.my.home.x.enable; @@ -20,14 +25,13 @@ let logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; i3Theme = config.my.theme.i3Theme; -in -{ +in { config = mkIf isEnabled { my.home = { flameshot.enable = true; }; - home.packages = [ pkgs.betterlockscreen ]; + home.packages = [pkgs.betterlockscreen]; xsession.windowManager.i3 = { enable = true; @@ -35,39 +39,38 @@ in config = { inherit modifier; - bars = - let - barConfigPath = - config.xdg.configFile."i3status-rust/config-top.toml".target; - in - [ - { - statusCommand = "i3status-rs ${barConfigPath}"; - position = "top"; - fonts = { - names = [ "DejaVuSansMono" "FontAwesome5Free" ]; - size = 9.0; - }; + bars = let + barConfigPath = + config.xdg.configFile."i3status-rust/config-top.toml".target; + in [ + { + statusCommand = "i3status-rs ${barConfigPath}"; + position = "top"; + fonts = { + names = ["DejaVuSansMono" "FontAwesome5Free"]; + size = 9.0; + }; - colors = i3Theme.bar; + colors = i3Theme.bar; - trayOutput = "primary"; + trayOutput = "primary"; - # disable mouse scroll wheel in bar - extraConfig = '' - bindsym button4 nop - bindsym button5 nop - ''; - } - ]; + # disable mouse scroll wheel in bar + extraConfig = '' + bindsym button4 nop + bindsym button5 nop + ''; + } + ]; colors = { - inherit (i3Theme) + inherit + (i3Theme) focused focusedInactive unfocused urgent - ; + ; }; focus = { @@ -78,7 +81,7 @@ in workspaceAutoBackAndForth = true; fonts = { - names = [ "DejaVu Sans Mono" ]; + names = ["DejaVu Sans Mono"]; size = 8.0; }; @@ -104,40 +107,44 @@ in "${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run"; }; - modes = - let - makeModeBindings = attrs: attrs // { + modes = let + makeModeBindings = attrs: + attrs + // { "Escape" = "mode default"; "Return" = "mode default"; }; - in - mkOptionDefault { - "${logoutMode}" = makeModeBindings { - "l" = "exec --no-startup-id i3-msg exit, mode default"; - "s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; - "p" = "exec --no-startup-id systemctl poweroff, mode default"; - "r" = "exec --no-startup-id systemctl reboot, mode default"; - }; + in + mkOptionDefault { + "${logoutMode}" = makeModeBindings { + "l" = "exec --no-startup-id i3-msg exit, mode default"; + "s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; + "p" = "exec --no-startup-id systemctl poweroff, mode default"; + "r" = "exec --no-startup-id systemctl reboot, mode default"; }; + }; terminal = myTerminal; assigns = { "10" = [ - { class = "Slack"; } - { class = "discord"; } + {class = "Slack";} + {class = "discord";} ]; }; window.commands = [ - { command = "border pixel 2"; criteria = { class = "Alacritty"; }; } + { + command = "border pixel 2"; + criteria = {class = "Alacritty";}; + } # NOTE: should be done with an assign command, but Spotify doesn't set # its class until after initialization, so has to be done this way. # # See https://i3wm.org/docs/userguide.html#assign_workspace { - criteria = { class = "Spotify"; }; + criteria = {class = "Spotify";}; command = "move --no-auto-back-and-forth to workspace 8"; } ]; diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 9e8246f..6498e21 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -1,18 +1,22 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) lists mkIf mkOption optional types - ; + ; isEnabled = config.my.home.x.enable; i3BarTheme = config.my.theme.i3BarTheme; cfg = config.my.home.x.i3bar; -in -{ +in { options.my.home.x.i3bar = { temperature.chip = mkOption { type = types.str; @@ -27,17 +31,19 @@ in networking.throughput_interfaces = mkOption { type = types.listOf types.str; - example = [ "wlp1s0" ]; - default = [ ]; + example = ["wlp1s0"]; + default = []; }; }; config = mkIf isEnabled { home.packages = builtins.attrValues { - inherit (pkgs) + inherit + (pkgs) # FIXME: is this useful? + font-awesome - ; + ; }; programs.i3status-rust = { @@ -49,81 +55,86 @@ in theme = i3BarTheme.theme.name; settings = i3BarTheme; - blocks = [ - { - block = "pomodoro"; - length = 60; - break_length = 10; - notifier = "i3nag"; - } - { - block = "disk_space"; - path = "/"; - alias = "/"; - info_type = "available"; - unit = "GB"; - interval = 60; - warning = 20.0; - alert = 10.0; - } - { - block = "memory"; - display_type = "memory"; - format_mem = "{mem_used;G}/{mem_total;G}"; - warning_mem = 70.0; - critical_mem = 90.0; - # don't show swap - clickable = false; - } - { - block = "cpu"; - interval = 1; - format = "{barchart}"; - } - { - block = "temperature"; - collapsed = false; - interval = 10; - format = "{max}"; - chip = cfg.temperature.chip; - inputs = cfg.temperature.inputs; - } - ] ++ (lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) - (map - (interface: - { + blocks = + [ + { + block = "pomodoro"; + length = 60; + break_length = 10; + notifier = "i3nag"; + } + { + block = "disk_space"; + path = "/"; + alias = "/"; + info_type = "available"; + unit = "GB"; + interval = 60; + warning = 20.0; + alert = 10.0; + } + { + block = "memory"; + display_type = "memory"; + format_mem = "{mem_used;G}/{mem_total;G}"; + warning_mem = 70.0; + critical_mem = 90.0; + # don't show swap + clickable = false; + } + { + block = "cpu"; + interval = 1; + format = "{barchart}"; + } + { + block = "temperature"; + collapsed = false; + interval = 10; + format = "{max}"; + chip = cfg.temperature.chip; + inputs = cfg.temperature.inputs; + } + ] + ++ ( + lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) + (map + (interface: { block = "net"; device = interface; interval = 1; hide_inactive = true; }) - - cfg.networking.throughput_interfaces) - ) ++ [ - { - block = "networkmanager"; - primary_only = true; - } - { - block = "sound"; - driver = "pulseaudio"; - } - ] ++ (optional config.my.home.laptop.enable - { - block = "battery"; - } - ) ++ [ - # { - # block = "notify"; - # } - { - block = "time"; - interval = 5; - format = "%a %d/%m %T"; - locale = "fr_FR"; - timezone = "Europe/Paris"; - } - ]; + cfg.networking.throughput_interfaces) + ) + ++ [ + { + block = "networkmanager"; + primary_only = true; + } + { + block = "sound"; + driver = "pulseaudio"; + } + ] + ++ ( + optional config.my.home.laptop.enable + { + block = "battery"; + } + ) + ++ [ + # { + # block = "notify"; + # } + { + block = "time"; + interval = 5; + format = "%a %d/%m %T"; + locale = "fr_FR"; + timezone = "Europe/Paris"; + } + ]; }; }; }; diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 61dad07..19771f2 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -1,17 +1,20 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix - ./home.nix + ./home.nix - ./secrets.nix - ]; + ./secrets.nix + ]; boot.kernelPackages = pkgs.linuxPackages_latest; @@ -27,7 +30,7 @@ services.btrfs = { autoScrub = { enable = true; - fileSystems = [ "/" ]; + fileSystems = ["/"]; }; }; @@ -93,7 +96,7 @@ "rfkill-release" ]; - services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ]; + services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules]; hardware.bluetooth = { enable = true; diff --git a/hosts/boreal/hardware-configuration.nix b/hosts/boreal/hardware-configuration.nix index d094221..cc68a01 100644 --- a/hosts/boreal/hardware-configuration.nix +++ b/hosts/boreal/hardware-configuration.nix @@ -1,30 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3"; - fsType = "btrfs"; - options = [ "subvol=nixos" "compress=zstd:1" "noatime" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3"; + fsType = "btrfs"; + options = ["subvol=nixos" "compress=zstd:1" "noatime"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/17C7-368D"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/17C7-368D"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = []; hardware.cpu.amd.updateMicrocode = true; } diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index aabbe6d..24b44de 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -1,26 +1,31 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { home-manager.users.alarsyo = { # Keyboard settings & i3 settings my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; - my.home.x.i3bar.temperature.inputs = [ "Tccd1" ]; - my.home.x.i3bar.networking.throughput_interfaces = [ "enp8s0" "wlp4s0" ]; + my.home.x.i3bar.temperature.inputs = ["Tccd1"]; + my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"]; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; home.packages = builtins.attrValues { - inherit (pkgs) + inherit + (pkgs) # some websites only work there :( + chromium - # dev + rustup - # keyboard goodness + chrysalis - ; + ; inherit (pkgs.packages) spot; }; diff --git a/hosts/boreal/secrets.nix b/hosts/boreal/secrets.nix index 65d91d1..5d5947b 100644 --- a/hosts/boreal/secrets.nix +++ b/hosts/boreal/secrets.nix @@ -1,19 +1,23 @@ -{ config, lib, options, ... }: - { + config, + lib, + options, + ... +}: { config.age = { - secrets = - let - toSecret = name: { ... }@attrs: { + secrets = let + toSecret = name: {...} @ attrs: + { file = ./../../modules/secrets + "/${name}.age"; - } // attrs; - in - lib.mapAttrs toSecret { - "restic-backup/boreal-credentials" = {}; - "restic-backup/boreal-password" = {}; + } + // attrs; + in + lib.mapAttrs toSecret { + "restic-backup/boreal-credentials" = {}; + "restic-backup/boreal-password" = {}; - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; }; } diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index e509ac3..2d61d53 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -1,31 +1,33 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: -let - secrets = config.my.secrets; -in { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + config, + lib, + pkgs, + ... +}: let + secrets = config.my.secrets; +in { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix - ./home.nix - ./secrets.nix - ]; + ./home.nix + ./secrets.nix + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.supportedFilesystems = [ "btrfs" ]; + boot.supportedFilesystems = ["btrfs"]; services.btrfs = { autoScrub = { enable = true; - fileSystems = [ "/" ]; + fileSystems = ["/"]; }; }; diff --git a/hosts/poseidon/hardware-configuration.nix b/hosts/poseidon/hardware-configuration.nix index 847f37a..fd1d735 100644 --- a/hosts/poseidon/hardware-configuration.nix +++ b/hosts/poseidon/hardware-configuration.nix @@ -1,40 +1,45 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: -let - inherit (lib) - mkDefault - ; -in { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + config, + lib, + pkgs, + modulesPath, + ... +}: let + inherit + (lib) + mkDefault + ; +in { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["ahci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989"; + fsType = "btrfs"; + options = [ + "subvol=@nixos" + "compress=zstd" + "noatime" ]; + }; - boot.initrd.availableKernelModules = [ "ahci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989"; - fsType = "btrfs"; - options = [ - "subvol=@nixos" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";} + ]; powerManagement.cpuFreqGovernor = mkDefault "ondemand"; } diff --git a/hosts/poseidon/home.nix b/hosts/poseidon/home.nix index acdd4fd..3bb7dab 100644 --- a/hosts/poseidon/home.nix +++ b/hosts/poseidon/home.nix @@ -1,7 +1,5 @@ -{ config, ... }: -{ +{config, ...}: { home-manager.users.alarsyo = { - my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; } diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index f9b390b..66f6673 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -1,36 +1,40 @@ -{ config, lib, options, ... }: - { + config, + lib, + options, + ... +}: { config.age = { - secrets = - let - toSecret = name: { ... }@attrs: { + secrets = let + toSecret = name: {...} @ attrs: + { file = ./../../modules/secrets + "/${name}.age"; - } // attrs; - in - lib.mapAttrs toSecret { - "gandi/api-key" = {}; + } + // attrs; + in + lib.mapAttrs toSecret { + "gandi/api-key" = {}; - "lohr/shared-secret" = {}; + "lohr/shared-secret" = {}; - "matrix-synapse/secret-config" = { - owner = "matrix-synapse"; - }; - - "miniflux/admin-credentials" = {}; - - "nextcloud/admin-pass" = { - owner = "nextcloud"; - }; - - "paperless/admin-password" = {}; - "paperless/secret-key" = {}; - - "restic-backup/poseidon-credentials" = {}; - "restic-backup/poseidon-password" = {}; - - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; + "matrix-synapse/secret-config" = { + owner = "matrix-synapse"; }; + + "miniflux/admin-credentials" = {}; + + "nextcloud/admin-pass" = { + owner = "nextcloud"; + }; + + "paperless/admin-password" = {}; + "paperless/secret-key" = {}; + + "restic-backup/poseidon-credentials" = {}; + "restic-backup/poseidon-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; }; } diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index d0c64ef..60a5f74 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -1,15 +1,18 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, lib, pkgs, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./home.nix - ./secrets.nix - ]; + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./home.nix + ./secrets.nix + ]; boot.kernelPackages = pkgs.linuxPackages; @@ -20,7 +23,7 @@ services.btrfs = { autoScrub = { enable = true; - fileSystems = [ "/" ]; + fileSystems = ["/"]; }; }; @@ -86,9 +89,9 @@ }; my.gui.enable = true; - environment.systemPackages = [ pkgs.arandr pkgs.chrysalis ]; + environment.systemPackages = [pkgs.arandr pkgs.chrysalis]; - services.udev.packages = [ pkgs.packages.kaleidoscope-udev-rules ]; + services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules]; hardware.bluetooth = { enable = true; diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix index cec5cce..a973019 100644 --- a/hosts/zephyrus/hardware-configuration.nix +++ b/hosts/zephyrus/hardware-configuration.nix @@ -1,49 +1,54 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: -let - inherit (lib) - mkDefault - ; -in { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: let + inherit + (lib) + mkDefault + ; +in { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = [ "subvol=@" "compress=zstd" "noatime" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@" "compress=zstd" "noatime"]; + }; boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297"; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = [ "subvol=@home" "compress=zstd" "noatime" ]; - neededForBoot = true; # agenix needs my key for some root secrets - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@home" "compress=zstd" "noatime"]; + neededForBoot = true; # agenix needs my key for some root secrets + }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = [ "subvol=@nix" "compress=zstd" "noatime" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@nix" "compress=zstd" "noatime"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D9DA-F46C"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D9DA-F46C"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = []; powerManagement.cpuFreqGovernor = mkDefault "powersave"; diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 4e3ae63..fdb5c3c 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { home-manager.users.alarsyo = { my.home.laptop.enable = true; @@ -7,25 +10,26 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; - my.home.x.i3bar.networking.throughput_interfaces = [ "enp0s31f6" "wlp0s20f3" "enp43s0u1u1" ]; + my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"]; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; home.packages = builtins.attrValues { - inherit (pkgs) - # some websites only work there :( - chromium - - darktable - - # dev - rustup + inherit + (pkgs) + # some websites only work there :( + + chromium + darktable + # dev + + rustup ; - inherit (pkgs.packages) spot; + inherit (pkgs.packages) spot; - inherit (pkgs.wineWowPackages) stable; + inherit (pkgs.wineWowPackages) stable; }; }; } diff --git a/hosts/zephyrus/secrets.nix b/hosts/zephyrus/secrets.nix index 125bd3f..22afdfd 100644 --- a/hosts/zephyrus/secrets.nix +++ b/hosts/zephyrus/secrets.nix @@ -1,19 +1,23 @@ -{ config, lib, options, ... }: - { + config, + lib, + options, + ... +}: { config.age = { - secrets = - let - toSecret = name: { ... }@attrs: { + secrets = let + toSecret = name: {...} @ attrs: + { file = ./../../modules/secrets + "/${name}.age"; - } // attrs; - in - lib.mapAttrs toSecret { - "restic-backup/zephyrus-credentials" = {}; - "restic-backup/zephyrus-password" = {}; + } + // attrs; + in + lib.mapAttrs toSecret { + "restic-backup/zephyrus-credentials" = {}; + "restic-backup/zephyrus-password" = {}; - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; }; } diff --git a/modules/default.nix b/modules/default.nix index dd987a9..ec72f4c 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { imports = [ ./sddm.nix ./secrets diff --git a/modules/sddm.nix b/modules/sddm.nix index 9c66ddc..ee50f5e 100644 --- a/modules/sddm.nix +++ b/modules/sddm.nix @@ -1,13 +1,17 @@ -{ config, lib, pkgs, ... }: -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.displayManager.sddm; -in -{ +in { options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; config = mkIf cfg.enable { @@ -17,15 +21,17 @@ in }; environment.systemPackages = builtins.attrValues { - inherit (pkgs.packages) + inherit + (pkgs.packages) sddm-sugar-candy - ; + ; - inherit (pkgs.libsForQt5.qt5) + inherit + (pkgs.libsForQt5.qt5) qtgraphicaleffects qtquickcontrols2 qtsvg - ; + ; }; }; } diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index dc5d2c9..2710b66 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -1,9 +1,14 @@ -{ config, lib, options, ... }: - { + config, + lib, + options, + ... +}: { config.age = { - identityPaths = options.age.identityPaths.default ++ [ - "/home/alarsyo/.ssh/id_ed25519" - ]; + identityPaths = + options.age.identityPaths.default + ++ [ + "/home/alarsyo/.ssh/id_ed25519" + ]; }; } diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index c8b4056..09abfd4 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -1,36 +1,35 @@ let alarsyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"; - users = [ alarsyo ]; + users = [alarsyo]; boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; - machines = [ boreal poseidon zephyrus ]; + machines = [boreal poseidon zephyrus]; all = users ++ machines; -in -{ - "gandi/api-key.age".publicKeys = [ poseidon ]; +in { + "gandi/api-key.age".publicKeys = [poseidon]; - "lohr/shared-secret.age".publicKeys = [ poseidon ]; + "lohr/shared-secret.age".publicKeys = [poseidon]; - "matrix-synapse/secret-config.age".publicKeys = [ poseidon ]; + "matrix-synapse/secret-config.age".publicKeys = [poseidon]; - "miniflux/admin-credentials.age".publicKeys = [ poseidon ]; + "miniflux/admin-credentials.age".publicKeys = [poseidon]; - "nextcloud/admin-pass.age".publicKeys = [ poseidon ]; + "nextcloud/admin-pass.age".publicKeys = [poseidon]; - "paperless/admin-password.age".publicKeys = [ poseidon ]; - "paperless/secret-key.age".publicKeys = [ poseidon ]; + "paperless/admin-password.age".publicKeys = [poseidon]; + "paperless/secret-key.age".publicKeys = [poseidon]; - "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; - "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; - "restic-backup/poseidon-password.age".publicKeys = [ alarsyo poseidon ]; - "restic-backup/poseidon-credentials.age".publicKeys = [ alarsyo poseidon ]; - "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; - "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; + "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; + "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; + "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; + "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; + "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; + "restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus]; "users/root-hashed-password.age".publicKeys = machines; - "users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ]; + "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; } diff --git a/modules/wakeonwlan.nix b/modules/wakeonwlan.nix index 096515d..d8aae40 100644 --- a/modules/wakeonwlan.nix +++ b/modules/wakeonwlan.nix @@ -1,23 +1,27 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) concatStringsSep literalExample mapAttrs' mkIf mkOption nameValuePair - ; + ; cfg = config.my.wakeonwlan; mkWowlanService = name: cfg: nameValuePair "wowlan-${name}" { description = "Enable WoWLAN for interface ${name}"; - requires = [ "network.target" ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + requires = ["network.target"]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; serviceConfig = { Type = "oneshot"; }; @@ -25,11 +29,12 @@ let ${pkgs.iw}/bin/iw ${name} wowlan enable ${concatStringsSep " " cfg.methods} ''; }; -in -{ - options.my.wakeonwlan = let inherit (lib) types; in { +in { + options.my.wakeonwlan = let + inherit (lib) types; + in { interfaces = mkOption { - default = { }; + default = {}; description = "Wireless interfaces where you want to enable WoWLAN"; example = literalExample '' { diff --git a/overlays/i3status-rust/default.nix b/overlays/i3status-rust/default.nix index 2e4948a..e3487ca 100644 --- a/overlays/i3status-rust/default.nix +++ b/overlays/i3status-rust/default.nix @@ -1,5 +1,4 @@ -final: prev: -{ +final: prev: { # overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and # `notmuch`'s tests were briefly broken. the features I'm disabling, I don't # need anyway: (at the time of writing) @@ -8,13 +7,14 @@ final: prev: # - maildir i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: { buildInputs = builtins.attrValues { - inherit (final) + inherit + (final) dbus lm_sensors openssl pulseaudio - ; + ; }; - cargoBuildFeatures = [ "pulseaudio" ]; + cargoBuildFeatures = ["pulseaudio"]; }); } diff --git a/pkgs/default.nix b/pkgs/default.nix index 97a694b..19307a1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,4 @@ -{ pkgs }: -{ +{pkgs}: { sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); diff --git a/pkgs/grafana-dashboards/default.nix b/pkgs/grafana-dashboards/default.nix index f489974..f0618de 100644 --- a/pkgs/grafana-dashboards/default.nix +++ b/pkgs/grafana-dashboards/default.nix @@ -1,5 +1,4 @@ -{ callPackage }: -{ +{callPackage}: { nginx = callPackage ./nginx.nix {}; node-exporter = callPackage ./node-exporter.nix {}; } diff --git a/pkgs/grafana-dashboards/nginx.nix b/pkgs/grafana-dashboards/nginx.nix index e707159..53ca94b 100644 --- a/pkgs/grafana-dashboards/nginx.nix +++ b/pkgs/grafana-dashboards/nginx.nix @@ -1,32 +1,37 @@ -{ stdenv, fetchFromGitHub, lib, ... }: -let - inherit (lib) +{ + stdenv, + fetchFromGitHub, + lib, + ... +}: let + inherit + (lib) licenses - ; + ; version = "0.9.0"; in -stdenv.mkDerivation { - inherit version; - pname = "grafana-dashboard-nginx"; + stdenv.mkDerivation { + inherit version; + pname = "grafana-dashboard-nginx"; - dontBuild = true; + dontBuild = true; - src = fetchFromGitHub { - owner = "nginxinc"; - repo = "nginx-prometheus-exporter"; - rev = "v${version}"; - sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf"; - }; + src = fetchFromGitHub { + owner = "nginxinc"; + repo = "nginx-prometheus-exporter"; + rev = "v${version}"; + sha256 = "sha256:04y5vpj2kv2ygdzxy3crpnx4mhpkm1ns2995kxgvjlhnyck7a5rf"; + }; - installPhase = '' - mkdir -p $out - cp grafana/dashboard.json $out/dashboard.json - ''; + installPhase = '' + mkdir -p $out + cp grafana/dashboard.json $out/dashboard.json + ''; - meta = { - description = "grafana dashboard for NGINX exporter"; - homepage = "https://github.com/nginxinc/nginx-prometheus-exporter"; - license = licenses.asl20; - }; -} + meta = { + description = "grafana dashboard for NGINX exporter"; + homepage = "https://github.com/nginxinc/nginx-prometheus-exporter"; + license = licenses.asl20; + }; + } diff --git a/pkgs/grafana-dashboards/node-exporter.nix b/pkgs/grafana-dashboards/node-exporter.nix index 55fbb6d..42f5961 100644 --- a/pkgs/grafana-dashboards/node-exporter.nix +++ b/pkgs/grafana-dashboards/node-exporter.nix @@ -1,32 +1,37 @@ -{ stdenv, fetchFromGitHub, lib, ... }: -let - inherit (lib) +{ + stdenv, + fetchFromGitHub, + lib, + ... +}: let + inherit + (lib) licenses - ; + ; version = "7d61c79619e5749e629758ecd96748c010028120"; in -stdenv.mkDerivation { - version = "master-${version}"; - pname = "grafana-dashboard-node-exporter"; + stdenv.mkDerivation { + version = "master-${version}"; + pname = "grafana-dashboard-node-exporter"; - dontBuild = true; + dontBuild = true; - src = fetchFromGitHub { - owner = "rfrail3"; - repo = "grafana-dashboards"; - rev = version; - sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6"; - }; + src = fetchFromGitHub { + owner = "rfrail3"; + repo = "grafana-dashboards"; + rev = version; + sha256 = "sha256:1z6i76jdiw3jjigbmbqvyi8kyj4ngw0y73fv9yksr2ncjfqlhhv6"; + }; - installPhase = '' - mkdir -p $out - cp prometheus/node-exporter-full.json $out/node-exporter-full.json - ''; + installPhase = '' + mkdir -p $out + cp prometheus/node-exporter-full.json $out/node-exporter-full.json + ''; - meta = { - description = "grafana dashboard for node exporter"; - homepage = "https://github.com/rfrail3/grafana-dashboards"; - license = licenses.lgpl3Only; - }; -} + meta = { + description = "grafana dashboard for node exporter"; + homepage = "https://github.com/rfrail3/grafana-dashboards"; + license = licenses.lgpl3Only; + }; + } diff --git a/pkgs/kaleidoscope-udev-rules/default.nix b/pkgs/kaleidoscope-udev-rules/default.nix index aaeaea9..1af8ffc 100644 --- a/pkgs/kaleidoscope-udev-rules/default.nix +++ b/pkgs/kaleidoscope-udev-rules/default.nix @@ -1,33 +1,36 @@ -{ stdenv, lib, fetchFromGitHub }: - -let - inherit (lib) +{ + stdenv, + lib, + fetchFromGitHub, +}: let + inherit + (lib) licenses - ; + ; version = "1.99.3"; in -stdenv.mkDerivation { - inherit version; - pname = "kaleidoscope-udev-rules"; + stdenv.mkDerivation { + inherit version; + pname = "kaleidoscope-udev-rules"; - dontBuild = true; + dontBuild = true; - src = fetchFromGitHub { - owner = "keyboardio"; - repo = "Kaleidoscope"; - rev = "v${version}"; - sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM="; - }; + src = fetchFromGitHub { + owner = "keyboardio"; + repo = "Kaleidoscope"; + rev = "v${version}"; + sha256 = "sha256-4WIl/Hj23j9GLzdMcyEQvg9X7HI4WSInrLkYCkj6yhM="; + }; - installPhase = '' - mkdir -p $out/lib/udev/rules.d - cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/ - ''; + installPhase = '' + mkdir -p $out/lib/udev/rules.d + cp etc/60-kaleidoscope.rules $out/lib/udev/rules.d/ + ''; - meta = { - description = "udev rules for kaleidoscope firmware keyboards"; - homepage = "https://github.com/keyboardio/Kaleidoscope"; - license = licenses.gpl3Only; - }; -} + meta = { + description = "udev rules for kaleidoscope firmware keyboards"; + homepage = "https://github.com/keyboardio/Kaleidoscope"; + license = licenses.gpl3Only; + }; + } diff --git a/pkgs/sddm-sugar-candy/default.nix b/pkgs/sddm-sugar-candy/default.nix index f90b6b8..3a31537 100644 --- a/pkgs/sddm-sugar-candy/default.nix +++ b/pkgs/sddm-sugar-candy/default.nix @@ -1,4 +1,7 @@ -{ stdenv, fetchFromGitLab }: +{ + stdenv, + fetchFromGitLab, +}: stdenv.mkDerivation rec { pname = "sddm-sugar-candy"; # latest master commit, no recent tags :( @@ -10,7 +13,7 @@ stdenv.mkDerivation rec { cp -aR . $out/share/sddm/themes/sugar-candy ''; - patches = [ ./custom-conf.patch ]; + patches = [./custom-conf.patch]; src = fetchFromGitLab { domain = "framagit.org"; diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 99a5659..e3df73b 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -1,20 +1,20 @@ -{ stdenv -, fetchurl -, python3 -}: -let +{ + stdenv, + fetchurl, + python3, +}: let version = "2.10.4"; in -stdenv.mkDerivation { - inherit version; - pname = "spot"; + stdenv.mkDerivation { + inherit version; + pname = "spot"; - buildInputs = [ - python3 - ]; + buildInputs = [ + python3 + ]; - src = fetchurl { - url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o="; - }; -} + src = fetchurl { + url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; + sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o="; + }; + } diff --git a/poseidon.nix b/poseidon.nix index 2739352..ecb36c6 100644 --- a/poseidon.nix +++ b/poseidon.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { imports = [ # Default configuration ./base diff --git a/services/default.nix b/services/default.nix index 82e3bf4..9c4af4f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,6 +1,4 @@ -{ ... }: - -{ +{...}: { imports = [ ./vaultwarden.nix ./fail2ban.nix diff --git a/services/fail2ban.nix b/services/fail2ban.nix index ccc12f2..0f368c4 100644 --- a/services/fail2ban.nix +++ b/services/fail2ban.nix @@ -1,10 +1,14 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.services.fail2ban; in { diff --git a/services/fava.nix b/services/fava.nix index e283022..59494ad 100644 --- a/services/fava.nix +++ b/services/fava.nix @@ -1,19 +1,24 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.fava; my = config.my; domain = config.networking.domain; secrets = config.my.secrets; -in -{ - options.my.services.fava = let inherit (lib) types; in { +in { + options.my.services.fava = let + inherit (lib) types; + in { enable = mkEnableOption "Fava"; home = mkOption { @@ -39,7 +44,7 @@ in config = mkIf cfg.enable { systemd.services.fava = { - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { Environment = []; ExecStart = "${pkgs.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.home}/${cfg.filePath}"; @@ -55,7 +60,7 @@ in createHome = true; group = "fava"; }; - users.groups.fava = { }; + users.groups.fava = {}; services.nginx.virtualHosts = { "fava.${domain}" = { diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 408d29d..6796d88 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -1,18 +1,24 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.gitea; my = config.my; domain = config.networking.domain; in { - options.my.services.gitea = let inherit (lib) types; in { + options.my.services.gitea = let + inherit (lib) types; + in { enable = mkEnableOption "Personal Git hosting with Gitea"; privatePort = mkOption { @@ -33,11 +39,11 @@ in { # the systemd service for the gitea module seems to hardcode the group as # gitea, so, uh, just in case? - extraGroups = [ "gitea" ]; + extraGroups = ["gitea"]; isSystemUser = true; }; - users.groups.git = { }; + users.groups.git = {}; services.gitea = { enable = true; @@ -88,7 +94,7 @@ in { }; services.postgresqlBackup = { - databases = [ "gitea" ]; + databases = ["gitea"]; }; services.nginx = { diff --git a/services/jellyfin.nix b/services/jellyfin.nix index f485d65..4a4ceea 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -1,10 +1,14 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.services.jellyfin; my = config.my; diff --git a/services/lohr.nix b/services/lohr.nix index db33155..b4c54bc 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -1,24 +1,28 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.lohr; my = config.my; domain = config.networking.domain; secrets = config.my.secrets; - lohrPkg = - let - flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; - in + lohrPkg = let + flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; + in flake.defaultPackage."x86_64-linux"; # FIXME: use correct system -in -{ - options.my.services.lohr = let inherit (lib) types; in { +in { + options.my.services.lohr = let + inherit (lib) types; + in { enable = mkEnableOption "Lohr Mirroring Daemon"; home = mkOption { @@ -38,7 +42,7 @@ in config = mkIf cfg.enable { systemd.services.lohr = { - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { Environment = [ "ROCKET_PORT=${toString cfg.port}" @@ -52,7 +56,7 @@ in User = "lohr"; Group = "lohr"; }; - path = [ pkgs.git ]; + path = [pkgs.git]; }; users.users.lohr = { @@ -61,7 +65,7 @@ in createHome = true; group = "lohr"; }; - users.groups.lohr = { }; + users.groups.lohr = {}; services.nginx.virtualHosts = { "lohr.${domain}" = { diff --git a/services/matrix.nix b/services/matrix.nix index 19c92f9..82cfb88 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -7,24 +7,36 @@ # - https://github.com/delroth/infra.delroth.net/blob/master/roles/matrix-synapse.nix # - https://nixos.org/manual/nixos/stable/index.html#module-services-matrix # -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption optionals - ; + ; cfg = config.my.services.matrix; my = config.my; - federationPort = { public = 8448; private = 11338; }; - clientPort = { public = 443; private = 11339; }; + federationPort = { + public = 8448; + private = 11338; + }; + clientPort = { + public = 443; + private = 11339; + }; domain = config.networking.domain; in { - options.my.services.matrix = let inherit (lib) types; in { + options.my.services.matrix = let + inherit (lib) types; + in { enable = mkEnableOption "Matrix Synapse"; secretConfigFile = mkOption { @@ -41,7 +53,7 @@ in { }; services.postgresqlBackup = { - databases = [ "matrix-synapse" ]; + databases = ["matrix-synapse"]; }; services.matrix-synapse = { @@ -90,20 +102,30 @@ in { listeners = [ # Federation { - bind_addresses = [ "::1" ]; + bind_addresses = ["::1"]; port = federationPort.private; - tls = false; # Terminated by nginx. + tls = false; # Terminated by nginx. x_forwarded = true; - resources = [ { names = [ "federation" ]; compress = false; } ]; + resources = [ + { + names = ["federation"]; + compress = false; + } + ]; } # Client { - bind_addresses = [ "::1" ]; + bind_addresses = ["::1"]; port = clientPort.private; - tls = false; # Terminated by nginx. + tls = false; # Terminated by nginx. x_forwarded = true; - resources = [ { names = [ "client" ]; compress = false; } ]; + resources = [ + { + names = ["client"]; + compress = false; + } + ]; } ]; @@ -127,26 +149,32 @@ in { onlySSL = true; useACMEHost = domain; - locations = - let - proxyToClientPort = { - proxyPass = "http://[::1]:${toString clientPort.private}"; - }; - in { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; - - "/_matrix" = proxyToClientPort; - "/_synapse/client" = proxyToClientPort; + locations = let + proxyToClientPort = { + proxyPass = "http://[::1]:${toString clientPort.private}"; }; + in { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; + + "/_matrix" = proxyToClientPort; + "/_synapse/client" = proxyToClientPort; + }; listen = [ - { addr = "0.0.0.0"; port = clientPort.public; ssl = true; } - { addr = "[::]"; port = clientPort.public; ssl = true; } + { + addr = "0.0.0.0"; + port = clientPort.public; + ssl = true; + } + { + addr = "[::]"; + port = clientPort.public; + ssl = true; + } ]; - }; # same as above, but listening on the federation port @@ -162,32 +190,37 @@ in { }; listen = [ - { addr = "0.0.0.0"; port = federationPort.public; ssl = true; } - { addr = "[::]"; port = federationPort.public; ssl = true; } + { + addr = "0.0.0.0"; + port = federationPort.public; + ssl = true; + } + { + addr = "[::]"; + port = federationPort.public; + ssl = true; + } ]; - }; "${domain}" = { forceSSL = true; useACMEHost = domain; - locations."= /.well-known/matrix/server".extraConfig = - let - server = { "m.server" = "matrix.${domain}:${toString federationPort.public}"; }; - in '' + locations."= /.well-known/matrix/server".extraConfig = let + server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";}; + in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://matrix.${domain}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in '' + locations."= /.well-known/matrix/client".extraConfig = let + client = { + "m.homeserver" = {"base_url" = "https://matrix.${domain}";}; + "m.identity_server" = {"base_url" = "https://vector.im";}; + }; + # ACAO required to allow element-web on any URL to request this json file + in '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON client}'; @@ -227,7 +260,7 @@ in { }; # For administration tools. - environment.systemPackages = [ pkgs.matrix-synapse ]; + environment.systemPackages = [pkgs.matrix-synapse]; networking.firewall.allowedTCPPorts = [ clientPort.public @@ -236,10 +269,11 @@ in { my.services.restic-backup = let dataDir = config.services.matrix-synapse.dataDir; - in mkIf cfg.enable { - paths = [ dataDir ]; - # this is just caching for other servers media, doesn't need backup - exclude = [ "${dataDir}/media/remote_*" ]; - }; + in + mkIf cfg.enable { + paths = [dataDir]; + # this is just caching for other servers media, doesn't need backup + exclude = ["${dataDir}/media/remote_*"]; + }; }; } diff --git a/services/media.nix b/services/media.nix index 175319e..0d4ee7f 100644 --- a/services/media.nix +++ b/services/media.nix @@ -1,17 +1,21 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkIf - ; + ; mediaServices = builtins.attrValues { - inherit (config.my.services) + inherit + (config.my.services) jellyfin transmission - ; + ; }; needed = builtins.any (service: service.enable) mediaServices; -in -{ - config.users.groups.media = mkIf needed { }; +in { + config.users.groups.media = mkIf needed {}; } diff --git a/services/miniflux.nix b/services/miniflux.nix index 0670711..5738d8e 100644 --- a/services/miniflux.nix +++ b/services/miniflux.nix @@ -1,18 +1,24 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.miniflux; my = config.my; domain = config.networking.domain; in { - options.my.services.miniflux = let inherit (lib) types; in { + options.my.services.miniflux = let + inherit (lib) types; + in { enable = mkEnableOption "Serve a Miniflux instance"; adminCredentialsFile = mkOption { @@ -34,7 +40,7 @@ in { # services.postgresql is automatically enabled by services.miniflux, let's # back it up services.postgresqlBackup = { - databases = [ "miniflux" ]; + databases = ["miniflux"]; }; services.miniflux = { diff --git a/services/monitoring.nix b/services/monitoring.nix index 82e20fd..57731ff 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -1,16 +1,22 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.monitoring; domain = config.networking.domain; in { - options.my.services.monitoring = let inherit (lib) types; in { + options.my.services.monitoring = let + inherit (lib) types; + in { enable = mkEnableOption "Enable monitoring"; domain = mkOption { @@ -74,7 +80,7 @@ in { exporters = { node = { enable = true; - enabledCollectors = [ "systemd" ]; + enabledCollectors = ["systemd"]; port = 9100; listenAddress = "127.0.0.1"; }; @@ -87,9 +93,11 @@ in { scrapeConfigs = [ { job_name = config.networking.hostName; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; - }]; + static_configs = [ + { + targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; + } + ]; } ]; }; diff --git a/services/navidrome.nix b/services/navidrome.nix index bb350ff..75e6d53 100644 --- a/services/navidrome.nix +++ b/services/navidrome.nix @@ -1,17 +1,23 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption optional - ; + ; cfg = config.my.services.navidrome; domain = config.networking.domain; in { - options.my.services.navidrome = let inherit (lib) types; in { + options.my.services.navidrome = let + inherit (lib) types; + in { enable = mkEnableOption "Navidrome"; musicFolder = { path = mkOption { @@ -34,8 +40,8 @@ in { }; my.services.restic-backup = { - paths = [ "/var/lib/navidrome" ] ++ optional cfg.musicFolder.backup cfg.musicFolder.path; - exclude = [ "/var/lib/navidrome/cache" ]; + paths = ["/var/lib/navidrome"] ++ optional cfg.musicFolder.backup cfg.musicFolder.path; + exclude = ["/var/lib/navidrome/cache"]; }; services.nginx.virtualHosts."music.${domain}" = { diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 909bd95..0ec642f 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,21 +1,26 @@ -{ lib, config, pkgs, ... }: - +{ + lib, + config, + pkgs, + ... +}: # TODO: setup prometheus exporter - let - inherit (lib) + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.nextcloud; my = config.my; domain = config.networking.domain; dbName = "nextcloud"; -in -{ - options.my.services.nextcloud = let inherit (lib) types; in { +in { + options.my.services.nextcloud = let + inherit (lib) types; + in { enable = mkEnableOption "NextCloud"; adminpassFile = mkOption { @@ -31,7 +36,7 @@ in services.postgresql = { enable = true; - ensureDatabases = [ dbName ]; + ensureDatabases = [dbName]; ensureUsers = [ { name = "nextcloud"; @@ -43,13 +48,13 @@ in }; # not handled by module - systemd.services.nextcloud-setup= { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + systemd.services.nextcloud-setup = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; }; services.postgresqlBackup = { - databases = [ dbName ]; + databases = [dbName]; }; services.nextcloud = { @@ -87,16 +92,17 @@ in my.services.restic-backup = let nextcloudHome = config.services.nextcloud.home; - in mkIf cfg.enable { - paths = [ nextcloudHome ]; - exclude = [ - # borg can fail if *.part files disappear during backup - "${nextcloudHome}/data/*/uploads" - # image previews can take up a lot of space - "${nextcloudHome}/data/appdata_*/preview" - # specific account for huge files I don't care about losing - "${nextcloudHome}/data/misc" - ]; - }; + in + mkIf cfg.enable { + paths = [nextcloudHome]; + exclude = [ + # borg can fail if *.part files disappear during backup + "${nextcloudHome}/data/*/uploads" + # image previews can take up a lot of space + "${nextcloudHome}/data/appdata_*/preview" + # specific account for huge files I don't care about losing + "${nextcloudHome}/data/misc" + ]; + }; }; } diff --git a/services/nginx.nix b/services/nginx.nix index 42dc015..a69d1ac 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -1,16 +1,20 @@ # Part of config shamelessly stolen from: # # https://github.com/delroth/infra.delroth.net -{ config, lib, pkgs, ... }: -let - inherit (lib) - mkIf - ; -in { + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkIf + ; +in { # Whenever something defines an nginx vhost, ensure that nginx defaults are # properly set. - config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) { + config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != ["localhost"]) { services.nginx = { enable = true; statusPage = true; # For monitoring scraping. @@ -21,7 +25,7 @@ in recommendedProxySettings = true; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; services.prometheus = { exporters.nginx = { @@ -32,12 +36,14 @@ in scrapeConfigs = [ { job_name = "nginx"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = ["127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; @@ -46,18 +52,17 @@ in acceptTerms = true; defaults.email = "antoine97.martin@gmail.com"; - certs = - let - domain = config.networking.domain; - gandiKey = config.my.secrets.gandiKey; - in { - "${domain}" = { - extraDomainNames = [ "*.${domain}" ]; - dnsProvider = "gandiv5"; - credentialsFile = config.age.secrets."gandi/api-key".path; - group = "nginx"; - }; + certs = let + domain = config.networking.domain; + gandiKey = config.my.secrets.gandiKey; + in { + "${domain}" = { + extraDomainNames = ["*.${domain}"]; + dnsProvider = "gandiv5"; + credentialsFile = config.age.secrets."gandi/api-key".path; + group = "nginx"; }; + }; }; }; } diff --git a/services/nuage.nix b/services/nuage.nix index 4c2e65a..52bb402 100644 --- a/services/nuage.nix +++ b/services/nuage.nix @@ -1,15 +1,17 @@ -{ config, lib, ... }: - -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.services.nuage; my = config.my; -in -{ +in { options.my.services.nuage = { enable = mkEnableOption "Nuage redirect"; }; diff --git a/services/paperless.nix b/services/paperless.nix index 431acd3..9ed9537 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -1,19 +1,24 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.paperless; my = config.my; domain = config.networking.domain; paperlessDomain = "paperless.${domain}"; -in -{ - options.my.services.paperless = let inherit (lib) types; in { +in { + options.my.services.paperless = let + inherit (lib) types; + in { enable = mkEnableOption "Paperless"; port = mkOption { @@ -77,7 +82,7 @@ in services.postgresql = { enable = true; - ensureDatabases = [ "paperless" ]; + ensureDatabases = ["paperless"]; ensureUsers = [ { name = "paperless"; @@ -88,7 +93,7 @@ in systemd.services.paperless-ng-server = { # Make sure the DB is available - after = [ "postgresql.service" ]; + after = ["postgresql.service"]; }; services.nginx.virtualHosts = { diff --git a/services/pipewire.nix b/services/pipewire.nix index 0be1e42..04d8135 100644 --- a/services/pipewire.nix +++ b/services/pipewire.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, options, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + options, + ... +}: let + inherit + (lib) mkEnableOption mkIf optionalAttrs - ; + ; cfg = config.my.services.pipewire; my = config.my; -in -{ +in { options.my.services.pipewire = { enable = mkEnableOption "Pipewire sound backend"; }; @@ -37,6 +41,6 @@ in # FIXME: a shame pactl isn't available by itself, eventually this should be # replaced by pw-cli or a wrapper, I guess? - environment.systemPackages = [ pkgs.pulseaudio ]; + environment.systemPackages = [pkgs.pulseaudio]; }); } diff --git a/services/postgresql-backup.nix b/services/postgresql-backup.nix index c3642b7..0d8ec05 100644 --- a/services/postgresql-backup.nix +++ b/services/postgresql-backup.nix @@ -1,10 +1,14 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.services.postgresql-backup; in { @@ -20,12 +24,11 @@ in { }; my.services.restic-backup = mkIf cfg.enable { - paths = [ "/var/backup/postgresql" ]; + paths = ["/var/backup/postgresql"]; # no need to store previously backed up files, as borg does the snapshoting # for us - exclude = [ "/var/backup/postgresql/*.prev.sql.gz" ]; + exclude = ["/var/backup/postgresql/*.prev.sql.gz"]; }; }; - } diff --git a/services/postgresql.nix b/services/postgresql.nix index 742f0f2..9a37212 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { package = pkgs.postgresql_13; diff --git a/services/restic-backup.nix b/services/restic-backup.nix index 66e531c..cad1127 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -1,21 +1,27 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) attrsets concatStringsSep mkEnableOption mkIf mkOption optional - ; + ; cfg = config.my.services.restic-backup; excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude)); makePruneOpts = pruneOpts: attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts; in { - options.my.services.restic-backup = let inherit (lib) types; in { + options.my.services.restic-backup = let + inherit (lib) types; + in { enable = mkEnableOption "Enable Restic backups for this host"; repo = mkOption { @@ -23,12 +29,11 @@ in { default = null; example = "/mnt/hdd"; description = "Restic backup repo"; - }; paths = mkOption { type = types.listOf types.str; - default = [ ]; + default = []; example = [ "/var/lib" "/home" @@ -38,7 +43,7 @@ in { exclude = mkOption { type = types.listOf types.str; - default = [ ]; + default = []; example = [ # very large paths "/var/lib/docker" @@ -81,7 +86,7 @@ in { }; config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.restic ]; + environment.systemPackages = [pkgs.restic]; services.restic.backups.backblaze = { initialize = true; @@ -92,8 +97,9 @@ in { passwordFile = cfg.passwordFile; environmentFile = cfg.environmentFile; - extraBackupArgs = [ "--verbose=2" ] - ++ optional (builtins.length cfg.exclude != 0) excludeArg; + extraBackupArgs = + ["--verbose=2"] + ++ optional (builtins.length cfg.exclude != 0) excludeArg; timerConfig = cfg.timerConfig; diff --git a/services/tailscale.nix b/services/tailscale.nix index 4da1d6b..ff3a4b1 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -1,14 +1,17 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.services.tailscale; -in -{ +in { options.my.services.tailscale = { enable = mkEnableOption "Tailscale"; @@ -23,8 +26,8 @@ in }; networking.firewall = { - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; }; # enable IP forwarding to use as exit node diff --git a/services/tgv.nix b/services/tgv.nix index 295a672..25426c9 100644 --- a/services/tgv.nix +++ b/services/tgv.nix @@ -1,15 +1,17 @@ -{ config, lib, ... }: - -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf - ; + ; cfg = config.my.services.tgv; my = config.my; -in -{ +in { options.my.services.tgv = { enable = mkEnableOption "TGV redirect"; }; diff --git a/services/transmission.nix b/services/transmission.nix index 7fb7f69..822070c 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -1,11 +1,15 @@ -{ config, lib, ... }: -let - inherit (lib) +{ + config, + lib, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption optionalAttrs - ; + ; cfg = config.my.services.transmission; @@ -16,9 +20,10 @@ let transmissionPeerPort = 30251; downloadBase = "/media/torrents/"; -in -{ - options.my.services.transmission = let inherit (lib) types; in { +in { + options.my.services.transmission = let + inherit (lib) types; + in { enable = mkEnableOption "Transmission torrent client"; username = mkOption { @@ -37,32 +42,34 @@ in }; config = mkIf cfg.enable { - services.transmission = { - enable = true; - group = "media"; + services.transmission = + { + enable = true; + group = "media"; - settings = { - download-dir = "${downloadBase}/complete"; - incomplete-dir = "${downloadBase}/incomplete"; + settings = { + download-dir = "${downloadBase}/complete"; + incomplete-dir = "${downloadBase}/incomplete"; - peer-port = transmissionPeerPort; + peer-port = transmissionPeerPort; - rpc-enabled = true; - rpc-port = transmissionRpcPort; - rpc-authentication-required = false; + rpc-enabled = true; + rpc-port = transmissionRpcPort; + rpc-authentication-required = false; - rpc-whitelist-enabled = true; - rpc-whitelist = "127.0.0.1"; + rpc-whitelist-enabled = true; + rpc-whitelist = "127.0.0.1"; - rpc-host-whitelist-enabled = true; - rpc-host-whitelist = webuiDomain; - }; + rpc-host-whitelist-enabled = true; + rpc-host-whitelist = webuiDomain; + }; - # automatically allow transmission.settings.peer-port - openFirewall = true; - } // (optionalAttrs (cfg.secretConfigFile != null) { - credentialsFile = cfg.secretConfigFile; - }); + # automatically allow transmission.settings.peer-port + openFirewall = true; + } + // (optionalAttrs (cfg.secretConfigFile != null) { + credentialsFile = cfg.secretConfigFile; + }); services.nginx.virtualHosts."${webuiDomain}" = { forceSSL = true; diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 505678c..2d8d370 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -1,18 +1,24 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) mkEnableOption mkIf mkOption - ; + ; cfg = config.my.services.vaultwarden; my = config.my; domain = config.networking.domain; in { - options.my.services.vaultwarden = let inherit (lib) types; in { + options.my.services.vaultwarden = let + inherit (lib) types; + in { enable = mkEnableOption "Vaultwarden"; privatePort = mkOption { @@ -36,7 +42,7 @@ in { }; services.postgresqlBackup = { - databases = [ "vaultwarden" ]; + databases = ["vaultwarden"]; }; services.vaultwarden = { @@ -82,8 +88,8 @@ in { # FIXME: should be renamed to vaultwarden eventually my.services.restic-backup = mkIf cfg.enable { - paths = [ "/var/lib/bitwarden_rs" ]; - exclude = [ "/var/lib/bitwarden_rs/icon_cache" ]; + paths = ["/var/lib/bitwarden_rs"]; + exclude = ["/var/lib/bitwarden_rs/icon_cache"]; }; services.fail2ban.jails = { @@ -119,5 +125,4 @@ in { ''; }; }; - } diff --git a/zephyrus.nix b/zephyrus.nix index ed011ae..e818e48 100644 --- a/zephyrus.nix +++ b/zephyrus.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { imports = [ # Default configuration ./base From 6781155bcc9ec491cec1bcb82e3ef0164c4bae2f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Apr 2022 11:57:03 +0200 Subject: [PATCH 303/904] ci: add formatting check --- .github/workflows/cachix.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index ed123c9..7785177 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -9,6 +9,17 @@ on: - 'flake.lock' - '.github/workflows/*' jobs: + format-check: + name: Format check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: cachix/install-nix-action@v16 + + - name: Run alejandra + run: nix run nixpkgs#alejandra -- --check . + flake-check: name: Flake check runs-on: ubuntu-latest @@ -29,7 +40,7 @@ jobs: build-pkgs: name: Nix packages runs-on: ubuntu-latest - needs: [ flake-check ] + needs: [ flake-check, format-check ] strategy: fail-fast: false From 530dc5a3c2b39cdd42aee6f0a05d6ec8e6bccb6c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Apr 2022 00:05:23 +0200 Subject: [PATCH 304/904] home: mail: don't refresh email automatically Turns out it doesn't work anyway if I have mu4e opened in emacs anyway, because it keeps a lockfile in place while it's running, so might as well just refresh the client / setup a timer in mu4e. --- home/mail.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/home/mail.nix b/home/mail.nix index 7301600..4f7e097 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -89,23 +89,7 @@ in { }; programs.mbsync.enable = true; - services.mbsync = { - enable = true; - # sync every hour on the third minute, then every 16 minutes (to not hit - # servers right on plain hours) - frequency = "*:03/16"; - postExec = "${pkgs.mu}/bin/mu index"; - }; - systemd.user.services.mbsync = { - # rbw invokes the agent to know if the agent is launched already, and - # needs its path for that. - # - # https://github.com/doy/rbw/blob/acd1173848b4db1c733af7d3f53d24aab900b542/src/bin/rbw/commands.rs#L1000 - Service.Environment = "RBW_AGENT=${pkgs.rbw}/bin/rbw-agent"; - }; - programs.msmtp.enable = true; - programs.mu.enable = true; }; } From 1644a30ce04a9d74f897bdd98490e6c9538839b9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Apr 2022 17:15:32 +0200 Subject: [PATCH 305/904] home: rbw: add a service --- home/rbw.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/home/rbw.nix b/home/rbw.nix index 98ca2b0..10d2178 100644 --- a/home/rbw.nix +++ b/home/rbw.nix @@ -25,5 +25,28 @@ in { pinentry = pkgs.pinentry-gnome; }; }; + + # `rbw-agent` should be launched on first call to `rbw`, so this shouldn't + # be necessary. + # + # However, if for instance `rbw` if first called by the emacs-daemon (when + # accessing an IMAP account password), then restarting the user service + # associated to the emacs daemon also kills the rbw-agent it spawned, + # resetting the lock status and prompting for a passphrase again. + # + # This user service makes sure the rbw-agent is started when the user + # session launches. + systemd.user.services.rbw = { + Unit.Description = "rbw agent autostart"; + + Install.WantedBy = ["default.target"]; + + Service = { + ExecStart = "${pkgs.rbw}/bin/rbw-agent"; + Restart = "on-abort"; + Type = "forking"; + PIDFile = "%t/rbw/pidfile"; + }; + }; }; } From dbb3cd222578658add40236f27d7cab741d60180 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Apr 2022 21:59:13 +0200 Subject: [PATCH 306/904] home: i3: add shortcut to open org-agenda --- home/x/i3.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index d528a24..dd2cab1 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -87,7 +87,8 @@ in { keybindings = mkOptionDefault { "${modifier}+Shift+e" = ''mode "${logoutMode}"''; - "${modifier}+i" = "exec emacsclient -c"; + "${modifier}+i" = "exec emacsclient --create-frame"; + "${modifier}+o" = "exec emacsclient --create-frame --eval '(load \"${config.xdg.configHome}/doom/launch-agenda.el\")'"; # Volume handling "XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%"; From 2826696e4240d89714f643d1ed711e337f5a0c5f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Apr 2022 22:11:48 +0200 Subject: [PATCH 307/904] home: fish: add magit alias --- home/fish/functions/magit.fish | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 home/fish/functions/magit.fish diff --git a/home/fish/functions/magit.fish b/home/fish/functions/magit.fish new file mode 100644 index 0000000..27e2306 --- /dev/null +++ b/home/fish/functions/magit.fish @@ -0,0 +1,3 @@ +function magit + emacsclient --tty --eval '(magit-status)' --suppress-output +end From 9fe38c7f9d960dd7ecfdd03dbf763edad1b9d6b1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Apr 2022 15:40:28 +0200 Subject: [PATCH 308/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/e8bcf0ddb6fe849c8eead988eaf837b68e6019a7' (2022-04-06) → 'github:nix-community/emacs-overlay/ce5ae7e90a5e1dcdabddada5ad0881c9e17c7abe' (2022-04-14) • Updated input 'home-manager': 'github:nix-community/home-manager/07b941f0c45ac4af6732d96f4cb6142824eee3df' (2022-04-05) → 'github:nix-community/home-manager/92f58b6728e7c631a7ea0ed68cd21bb29a4876ff' (2022-04-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bc4b9eef3ce3d5a90d8693e8367c9cbfc9fc1e13' (2022-04-03) → 'github:NixOS/nixpkgs/ff9efb0724de5ae0f9db9df2debefced7eb1571d' (2022-04-13) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/b6966d911da89e5a7301aaef8b4f0a44c77e103c' (2022-04-06) → 'github:NixOS/nixpkgs/ce932dbcf14884c7c76888ebf8cf80f789250afd' (2022-04-14) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b609f28..350b27f 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1649240755, - "narHash": "sha256-AZGqbi9oLagkvdbD+6RdPRVA+nk5+xszYr9WUZzoGgE=", + "lastModified": 1649932382, + "narHash": "sha256-5c+lLeVsHVRfslaXNrEY8BR2xOdagQEG6cuO7lqRWzI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "e8bcf0ddb6fe849c8eead988eaf837b68e6019a7", + "rev": "ce5ae7e90a5e1dcdabddada5ad0881c9e17c7abe", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1649130493, - "narHash": "sha256-tp2UxeS1A5ESb+I/rh4GoD0DH7edOGdc2fsP6D8o27Y=", + "lastModified": 1649887921, + "narHash": "sha256-h2LZzn5LLwIFvVFLCdR8+VWluEP3U1I5y+0mDZjFjAk=", "owner": "nix-community", "repo": "home-manager", - "rev": "07b941f0c45ac4af6732d96f4cb6142824eee3df", + "rev": "92f58b6728e7c631a7ea0ed68cd21bb29a4876ff", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1649225869, - "narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=", + "lastModified": 1649913345, + "narHash": "sha256-iq4xs54MREQYtPPNRqxsI7gK/C97Bef1lWOceFAQ6EA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c", + "rev": "ce932dbcf14884c7c76888ebf8cf80f789250afd", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1649012074, - "narHash": "sha256-vQUROcJ3FfT3GTB/nJrXwVvjuq8WfK0ImN+RUgDVN1c=", + "lastModified": 1649809588, + "narHash": "sha256-f6sgDj9A8FXTVyA2zkxA66YX+j6BftxE9VHTeIMhEKE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc4b9eef3ce3d5a90d8693e8367c9cbfc9fc1e13", + "rev": "ff9efb0724de5ae0f9db9df2debefced7eb1571d", "type": "github" }, "original": { From 3569a4c3b8938be40a6f902253762f7aba40aa41 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 15 Apr 2022 16:17:14 +0200 Subject: [PATCH 309/904] services: paperless: fix service name --- services/paperless.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/services/paperless.nix b/services/paperless.nix index 9ed9537..90197ce 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -44,7 +44,7 @@ in { }; config = mkIf cfg.enable { - services.paperless-ng = { + services.paperless = { enable = true; port = cfg.port; passwordFile = cfg.passwordFile; @@ -67,15 +67,15 @@ in { }; systemd.services = { - paperless-ng-server.serviceConfig = { + paperless-server.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; - paperless-ng-consumer.serviceConfig = { + paperless-consumer.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; - paperless-ng-web.serviceConfig = { + paperless-web.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; }; @@ -91,7 +91,7 @@ in { ]; }; - systemd.services.paperless-ng-server = { + systemd.services.paperless-server = { # Make sure the DB is available after = ["postgresql.service"]; }; @@ -124,8 +124,8 @@ in { my.services.restic-backup = mkIf cfg.enable { paths = [ - config.services.paperless-ng.dataDir - config.services.paperless-ng.mediaDir + config.services.paperless.dataDir + config.services.paperless.mediaDir ]; }; }; From b33632919983018f05f0bdaa4519173bb27d1cc8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Apr 2022 09:33:27 +0200 Subject: [PATCH 310/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/ce5ae7e90a5e1dcdabddada5ad0881c9e17c7abe' (2022-04-14) → 'github:nix-community/emacs-overlay/13b55e2157a30257d77d7c4bebbeb318a51dbcb4' (2022-04-19) • Updated input 'home-manager': 'github:nix-community/home-manager/92f58b6728e7c631a7ea0ed68cd21bb29a4876ff' (2022-04-13) → 'github:nix-community/home-manager/8d38ca886880265d523a66fe3da4d42e92ab0748' (2022-04-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ff9efb0724de5ae0f9db9df2debefced7eb1571d' (2022-04-13) → 'github:NixOS/nixpkgs/1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887' (2022-04-17) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/ce932dbcf14884c7c76888ebf8cf80f789250afd' (2022-04-14) → 'github:NixOS/nixpkgs/e33fe968df5a2503290682278399b1198f7ba56f' (2022-04-18) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 350b27f..a8fca4d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1649932382, - "narHash": "sha256-5c+lLeVsHVRfslaXNrEY8BR2xOdagQEG6cuO7lqRWzI=", + "lastModified": 1650340419, + "narHash": "sha256-b96xIoT/4RCXZMEHDNfU91JMOt4L1Q5If2Oq3P2ocuM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "ce5ae7e90a5e1dcdabddada5ad0881c9e17c7abe", + "rev": "13b55e2157a30257d77d7c4bebbeb318a51dbcb4", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1649887921, - "narHash": "sha256-h2LZzn5LLwIFvVFLCdR8+VWluEP3U1I5y+0mDZjFjAk=", + "lastModified": 1650301786, + "narHash": "sha256-9rz9NqL+mC+BIggn2emuzZ+3MYogxVBTdsFK7E3Vv1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "92f58b6728e7c631a7ea0ed68cd21bb29a4876ff", + "rev": "8d38ca886880265d523a66fe3da4d42e92ab0748", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1649913345, - "narHash": "sha256-iq4xs54MREQYtPPNRqxsI7gK/C97Bef1lWOceFAQ6EA=", + "lastModified": 1650310433, + "narHash": "sha256-g/vnahqnjZ18eNm9Zoeho1eUBhvEevY/6bIIlKQHI08=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce932dbcf14884c7c76888ebf8cf80f789250afd", + "rev": "e33fe968df5a2503290682278399b1198f7ba56f", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1649809588, - "narHash": "sha256-f6sgDj9A8FXTVyA2zkxA66YX+j6BftxE9VHTeIMhEKE=", + "lastModified": 1650161686, + "narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff9efb0724de5ae0f9db9df2debefced7eb1571d", + "rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887", "type": "github" }, "original": { From 5ebc6a054151f75d9fb06dd9d32ff023478e000d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 20 Apr 2022 11:57:50 +0200 Subject: [PATCH 311/904] home: setup base icon theme for gtk2 --- base/gui-programs.nix | 4 ++++ home/default.nix | 1 + home/gtk.nix | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 home/gtk.nix diff --git a/base/gui-programs.nix b/base/gui-programs.nix index f23213e..75d4eff 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -102,6 +102,10 @@ in { programs.nm-applet.enable = true; programs.steam.enable = true; + # this is necessary to set GTK stuff in home manager + # FIXME: better interdependency between this and the home part + programs.dconf.enable = true; + # NOTE: needed for home emacs configuration nixpkgs.config.input-fonts.acceptLicense = true; }; diff --git a/home/default.nix b/home/default.nix index faea7f2..436c74c 100644 --- a/home/default.nix +++ b/home/default.nix @@ -8,6 +8,7 @@ ./fish ./flameshot.nix ./git.nix + ./gtk.nix ./laptop.nix ./lorri.nix ./mail.nix diff --git a/home/gtk.nix b/home/gtk.nix new file mode 100644 index 0000000..762c413 --- /dev/null +++ b/home/gtk.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.my.home.gtk; +in { + options.my.home.gtk = with lib; { + enable = (mkEnableOption "GTK configuration") // {default = config.my.home.x.enable;}; + }; + + config.gtk = lib.mkIf cfg.enable { + enable = true; + + font = { + package = pkgs.dejavu_fonts; + name = "DejaVu Sans"; + }; + + gtk2 = { + # No garbage polluting my $HOME + configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; + }; + + iconTheme = { + package = pkgs.gnome.gnome-themes-extra; + name = "Adwaita"; + }; + + theme = { + package = pkgs.gnome.gnome-themes-extra; + name = "Adwaita"; + }; + }; +} From 920e599ea4ec794a4df42d1148cc40dde1403c36 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Apr 2022 08:50:37 +0200 Subject: [PATCH 312/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/13b55e2157a30257d77d7c4bebbeb318a51dbcb4' (2022-04-19) → 'github:nix-community/emacs-overlay/4356a0643b98868883425711daa02dde1290b2ed' (2022-04-26) • Updated input 'home-manager': 'github:nix-community/home-manager/8d38ca886880265d523a66fe3da4d42e92ab0748' (2022-04-18) → 'github:nix-community/home-manager/223a73c2ba7d358b23666937cb13a59b31df511c' (2022-04-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887' (2022-04-17) → 'github:NixOS/nixpkgs/87d34a6b8982e901b8e50096b8e79ebc0e66cda0' (2022-04-24) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/e33fe968df5a2503290682278399b1198f7ba56f' (2022-04-18) → 'github:NixOS/nixpkgs/7f4a8f37d4621b27fc0c4eeb3880ecf1cb055371' (2022-04-25) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a8fca4d..517d1d8 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1650340419, - "narHash": "sha256-b96xIoT/4RCXZMEHDNfU91JMOt4L1Q5If2Oq3P2ocuM=", + "lastModified": 1650946623, + "narHash": "sha256-YGoR+ypDCii9Kl4bZ2NgOh0DLV6xSjcyM2rZsAWVdCM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "13b55e2157a30257d77d7c4bebbeb318a51dbcb4", + "rev": "4356a0643b98868883425711daa02dde1290b2ed", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1650301786, - "narHash": "sha256-9rz9NqL+mC+BIggn2emuzZ+3MYogxVBTdsFK7E3Vv1k=", + "lastModified": 1650920743, + "narHash": "sha256-7xxdtLp295HswhyEjr991QJsBFeadUo43NiAsHnQ5+8=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d38ca886880265d523a66fe3da4d42e92ab0748", + "rev": "223a73c2ba7d358b23666937cb13a59b31df511c", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1650310433, - "narHash": "sha256-g/vnahqnjZ18eNm9Zoeho1eUBhvEevY/6bIIlKQHI08=", + "lastModified": 1650923622, + "narHash": "sha256-M98iI5KKM5+JfBL94PMEwG1Ybs4+/2RFSgLpJU/XFLg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e33fe968df5a2503290682278399b1198f7ba56f", + "rev": "7f4a8f37d4621b27fc0c4eeb3880ecf1cb055371", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1650161686, - "narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=", + "lastModified": 1650831523, + "narHash": "sha256-6pDZ08SAXsUx5rOP391x+TG39ENP/XA8VMa1tQvgEjc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887", + "rev": "87d34a6b8982e901b8e50096b8e79ebc0e66cda0", "type": "github" }, "original": { From 9b2320b2a4f652e42e27a084b3b70f8a2b783b2d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Apr 2022 10:46:56 +0200 Subject: [PATCH 313/904] emacs: rename PgtkGcc to PgtkNativeComp --- .github/workflows/cachix.yaml | 2 +- flake.nix | 4 ++-- home/emacs.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 7785177..965aa9f 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -46,7 +46,7 @@ jobs: fail-fast: false matrix: name: - - emacsPgtkGcc + - emacsPgtkNativeComp - grafanaDashboards/nginx - grafanaDashboards/node-exporter - kaleidoscope-udev-rules diff --git a/flake.nix b/flake.nix index 0933043..6d516eb 100644 --- a/flake.nix +++ b/flake.nix @@ -158,14 +158,14 @@ (import ./pkgs {pkgs = import nixpkgs {inherit system;};}) ) // { - emacsPgtkGcc = + emacsPgtkNativeComp = ( import nixpkgs { inherit system; overlays = [inputs.emacs-overlay.overlay]; } ) - .emacsPgtkGcc; + .emacsPgtkNativeComp; }; }); } diff --git a/home/emacs.nix b/home/emacs.nix index 536dc5b..c3081c9 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -42,7 +42,7 @@ in { programs.emacs = { enable = true; - package = pkgs.emacsPgtkGcc; + package = pkgs.emacsPgtkNativeComp; }; }; } From afa86b08f7d67ac293b84c3d0b83316b9aa30b06 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Apr 2022 15:28:07 +0200 Subject: [PATCH 314/904] zephyrus: enable intel microcode --- hosts/zephyrus/hardware-configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix index a973019..21c98d3 100644 --- a/hosts/zephyrus/hardware-configuration.nix +++ b/hosts/zephyrus/hardware-configuration.nix @@ -52,5 +52,8 @@ in { powerManagement.cpuFreqGovernor = mkDefault "powersave"; - hardware.enableRedistributableFirmware = true; + hardware = { + enableRedistributableFirmware = true; + cpu.intel.updateMicrocode = true; + }; } From 99f2ef62a36468778385f969294edd369e6bd828 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Apr 2022 15:28:16 +0200 Subject: [PATCH 315/904] zephyrus: enable swapfile --- hosts/zephyrus/hardware-configuration.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix index 21c98d3..d9e1c75 100644 --- a/hosts/zephyrus/hardware-configuration.nix +++ b/hosts/zephyrus/hardware-configuration.nix @@ -48,7 +48,18 @@ in { fsType = "vfat"; }; - swapDevices = []; + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; + fsType = "btrfs"; + options = ["subvol=@swap" "compress=zstd" "noatime"]; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 1024 * 8; # half of RAM size + } + ]; powerManagement.cpuFreqGovernor = mkDefault "powersave"; From e4a533363d03be3569d3762b3b5107a10eee36dc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Apr 2022 16:24:20 +0200 Subject: [PATCH 316/904] services: paperless: fix service name --- services/paperless.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless.nix b/services/paperless.nix index 90197ce..3c1aee7 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -67,7 +67,7 @@ in { }; systemd.services = { - paperless-server.serviceConfig = { + paperless-scheduler.serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; From 480219b07e293b92443a3be48f067c5c37c131bb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 May 2022 13:05:11 +0200 Subject: [PATCH 317/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/4356a0643b98868883425711daa02dde1290b2ed' (2022-04-26) → 'github:nix-community/emacs-overlay/015c8c2cfd4f62d7f317e777ebaef0df39e7a748' (2022-05-02) • Updated input 'home-manager': 'github:nix-community/home-manager/223a73c2ba7d358b23666937cb13a59b31df511c' (2022-04-25) → 'github:nix-community/home-manager/26858fc0dbed71fa0609490fc2f2643e0d175328' (2022-05-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/87d34a6b8982e901b8e50096b8e79ebc0e66cda0' (2022-04-24) → 'github:NixOS/nixpkgs/e10da1c7f542515b609f8dfbcf788f3d85b14936' (2022-04-26) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/7f4a8f37d4621b27fc0c4eeb3880ecf1cb055371' (2022-04-25) → 'github:NixOS/nixpkgs/6766fb6503ae1ebebc2a9704c162b2aef351f921' (2022-04-28) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 517d1d8..25dae3b 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1650946623, - "narHash": "sha256-YGoR+ypDCii9Kl4bZ2NgOh0DLV6xSjcyM2rZsAWVdCM=", + "lastModified": 1651465270, + "narHash": "sha256-x6xJ++tBB7l02lok3mBTYykefjamF9BgK/9BbeQlxoQ=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4356a0643b98868883425711daa02dde1290b2ed", + "rev": "015c8c2cfd4f62d7f317e777ebaef0df39e7a748", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1650920743, - "narHash": "sha256-7xxdtLp295HswhyEjr991QJsBFeadUo43NiAsHnQ5+8=", + "lastModified": 1651415224, + "narHash": "sha256-O/EzwxUMa1OawWEwhS10Xki7RX3+hSgaJJziHeI4d7c=", "owner": "nix-community", "repo": "home-manager", - "rev": "223a73c2ba7d358b23666937cb13a59b31df511c", + "rev": "26858fc0dbed71fa0609490fc2f2643e0d175328", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1650923622, - "narHash": "sha256-M98iI5KKM5+JfBL94PMEwG1Ybs4+/2RFSgLpJU/XFLg=", + "lastModified": 1651114127, + "narHash": "sha256-/lLC0wkMZkAdA5e1W76SnJzbhfOGDvync3VRHJMtAKk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7f4a8f37d4621b27fc0c4eeb3880ecf1cb055371", + "rev": "6766fb6503ae1ebebc2a9704c162b2aef351f921", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1650831523, - "narHash": "sha256-6pDZ08SAXsUx5rOP391x+TG39ENP/XA8VMa1tQvgEjc=", + "lastModified": 1651007983, + "narHash": "sha256-GNay7yDPtLcRcKCNHldug85AhAvBpTtPEJWSSDYBw8U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87d34a6b8982e901b8e50096b8e79ebc0e66cda0", + "rev": "e10da1c7f542515b609f8dfbcf788f3d85b14936", "type": "github" }, "original": { From d61c80cec4095efef625daecca71ad6b4231abea Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 May 2022 13:26:00 +0200 Subject: [PATCH 318/904] services: lohr: add ssh to path SSH binary path is no longer hard coded in the git binary, see https://github.com/NixOS/nixpkgs/commit/cae8d1a2ed7ee3bd0a3f029b452ce6ef25537278 --- services/lohr.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/lohr.nix b/services/lohr.nix index b4c54bc..c7a5acf 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -56,7 +56,10 @@ in { User = "lohr"; Group = "lohr"; }; - path = [pkgs.git]; + path = [ + pkgs.git + pkgs.openssh + ]; }; users.users.lohr = { From 128b498f77d9afac228f2f3dde9a19c463aaf285 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 May 2022 17:04:34 +0200 Subject: [PATCH 319/904] home: mail: separate email channels Provide a "full" channel that synchronized everything, and a lightweight "main" channel that fetches just what I need quickly. --- home/mail.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/home/mail.nix b/home/mail.nix index 4f7e097..69dac83 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -42,6 +42,26 @@ in { enable = true; create = "both"; expunge = "both"; + groups = { + alarsyo-main.channels.alarsyo-main = { + patterns = ["INBOX" "Sent" "Drafts" "Junk" "Trash"]; + extraConfig = { + Create = "Both"; + Expunge = "Both"; + Remove = "None"; + SyncState = "*"; + }; + }; + alarsyo-full.channels.alarsyo-full = { + patterns = ["*" "!INBOX" "!Sent" "!Drafts" "!Junk" "!Trash"]; + extraConfig = { + Create = "Both"; + Expunge = "Both"; + Remove = "None"; + SyncState = "*"; + }; + }; + }; }; msmtp.enable = true; mu.enable = true; From b5d8b8458c58321fae0edd89e6951e8dae6d56c1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 May 2022 17:05:26 +0200 Subject: [PATCH 320/904] home: mail: don't sync archives by default --- home/mail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/mail.nix b/home/mail.nix index 69dac83..663d322 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -86,6 +86,7 @@ in { enable = true; create = "both"; expunge = "both"; + patterns = ["*" "!Archives*"]; extraConfig.account = { # otherwise mbsync tries GSSAPI, but I don't have Kerberos setup # on this machine From f763de8de800559b81b171824d270f5211506541 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 May 2022 16:04:28 +0200 Subject: [PATCH 321/904] pkgs: spot: update to 2.10.5 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index e3df73b..a79b1e3 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.10.4"; + version = "2.10.5"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-6GKc22zOgwd4JpYM0B7OUhPar5ooPW9iqvaa+gYjR4o="; + sha256 = "sha256-40uaMF1VjTMCJWqZZe5fRAGyINyyvlJExksxJqeESio="; }; } From cdf5de76587d66f42a57375226edbc7de4d3582d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 May 2022 16:09:46 +0200 Subject: [PATCH 322/904] home: emacs: ship libvterm and pdftools with emacs --- home/emacs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/emacs.nix b/home/emacs.nix index c3081c9..627f91c 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -43,6 +43,7 @@ in { programs.emacs = { enable = true; package = pkgs.emacsPgtkNativeComp; + extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools]; }; }; } From b373a92335bee651d3419bd6df40a9f13445e23b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 8 May 2022 00:02:37 +0200 Subject: [PATCH 323/904] services: tgv: remove service --- hosts/poseidon/default.nix | 4 ---- services/default.nix | 1 - services/tgv.nix | 29 ----------------------------- 3 files changed, 34 deletions(-) delete mode 100644 services/tgv.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 2d61d53..7c3bd67 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -142,10 +142,6 @@ in { exitNode = true; }; - tgv = { - enable = true; - }; - transmission = { enable = true; username = "alarsyo"; diff --git a/services/default.nix b/services/default.nix index 9c4af4f..6ae5973 100644 --- a/services/default.nix +++ b/services/default.nix @@ -20,7 +20,6 @@ ./postgresql.nix ./restic-backup.nix ./tailscale.nix - ./tgv.nix ./transmission.nix ]; } diff --git a/services/tgv.nix b/services/tgv.nix deleted file mode 100644 index 25426c9..0000000 --- a/services/tgv.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit - (lib) - mkEnableOption - mkIf - ; - - cfg = config.my.services.tgv; - my = config.my; -in { - options.my.services.tgv = { - enable = mkEnableOption "TGV redirect"; - }; - - config = mkIf cfg.enable { - services.nginx.virtualHosts = { - "tgv.sexy" = { - forceSSL = true; - enableACME = true; - - locations."/".return = "301 http://www.mlgtraffic.net/"; - }; - }; - }; -} From fb09f2a6cdc3b0301d9249ae347ac84d3fafab22 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 01:23:14 +0200 Subject: [PATCH 324/904] home: mail: add prologin email --- home/mail.nix | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/home/mail.nix b/home/mail.nix index 663d322..121574e 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -6,6 +6,7 @@ }: let inherit (lib) + mapAttrs mkEnableOption mkIf ; @@ -13,8 +14,41 @@ myName = "Antoine Martin"; email_perso = "antoine@alarsyo.net"; email_lrde = "amartin@lrde.epita.fr"; + email_prologin = "antoine.martin@prologin.org"; cfg = config.my.home.mail; + + make_mbsync_channel = patterns: { + farPattern = patterns.far; + nearPattern = patterns.near; + extraConfig = { + Create = "Both"; + Expunge = "Both"; + Remove = "None"; + SyncState = "*"; + }; + }; + make_mbsync_channels = mapAttrs (_: value: make_mbsync_channel value); + + gmail_far_near_patterns = { + sent = { + far = "[Gmail]/Sent Mail"; + near = "Sent"; + }; + drafts = { + far = "[Gmail]/Drafts"; + near = "Drafts"; + }; + junk = { + far = "[Gmail]/Spam"; + near = "Junk"; + }; + trash = { + far = "[Gmail]/Trash"; + near = "Trash"; + }; + }; + gmail_mbsync_channels = make_mbsync_channels gmail_far_near_patterns; in { options.my.home.mail = { # I *could* read email in a terminal emacs client on a server, but in @@ -106,6 +140,58 @@ in { tls.enable = true; }; }; + prologin = { + address = email_prologin; + userName = email_prologin; + realName = myName; + aliases = [ + "alarsyo@prologin.org" + ]; + flavor = "plain"; # default setting + passwordCommand = "${pkgs.rbw}/bin/rbw get google.com ${email_prologin}-mailpass"; + primary = false; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + groups = { + prologin-main.channels = + { + main = { + patterns = ["INBOX" "membres@"]; + extraConfig = { + Create = "Both"; + Expunge = "Both"; + Remove = "None"; + SyncState = "*"; + }; + }; + } + // gmail_mbsync_channels; + prologin-info.channels.prologin-info = { + patterns = ["info@" "info@gcc"]; + extraConfig = { + Create = "Both"; + Expunge = "Both"; + Remove = "None"; + SyncState = "*"; + }; + }; + }; + }; + msmtp.enable = true; + mu.enable = true; + imap = { + host = "imap.gmail.com"; + port = 993; + tls.enable = true; + }; + smtp = { + host = "smtp.gmail.com"; + port = 465; + tls.enable = true; + }; + }; }; }; From d2e2cfeb8f20dfb0c3818e87806f64c8b785b2b5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 01:51:11 +0200 Subject: [PATCH 325/904] home: mail: use make_mbsync_channels func --- home/mail.nix | 75 +++++++++++++++++++++------------------------------ 1 file changed, 31 insertions(+), 44 deletions(-) diff --git a/home/mail.nix b/home/mail.nix index 121574e..d03fbf9 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -10,6 +10,10 @@ mkEnableOption mkIf ; + inherit + (builtins) + typeOf + ; myName = "Antoine Martin"; email_perso = "antoine@alarsyo.net"; @@ -18,16 +22,25 @@ cfg = config.my.home.mail; - make_mbsync_channel = patterns: { - farPattern = patterns.far; - nearPattern = patterns.near; - extraConfig = { - Create = "Both"; - Expunge = "Both"; - Remove = "None"; - SyncState = "*"; + make_mbsync_channel = patterns: + ( + if (typeOf patterns) == "list" + then { + inherit patterns; + } + else { + farPattern = patterns.far; + nearPattern = patterns.near; + } + ) + // { + extraConfig = { + Create = "Both"; + Expunge = "Both"; + Remove = "None"; + SyncState = "*"; + }; }; - }; make_mbsync_channels = mapAttrs (_: value: make_mbsync_channel value); gmail_far_near_patterns = { @@ -77,23 +90,11 @@ in { create = "both"; expunge = "both"; groups = { - alarsyo-main.channels.alarsyo-main = { - patterns = ["INBOX" "Sent" "Drafts" "Junk" "Trash"]; - extraConfig = { - Create = "Both"; - Expunge = "Both"; - Remove = "None"; - SyncState = "*"; - }; + alarsyo-main.channels = make_mbsync_channels { + main = ["INBOX" "Sent" "Drafts" "Junk" "Trash"]; }; - alarsyo-full.channels.alarsyo-full = { - patterns = ["*" "!INBOX" "!Sent" "!Drafts" "!Junk" "!Trash"]; - extraConfig = { - Create = "Both"; - Expunge = "Both"; - Remove = "None"; - SyncState = "*"; - }; + alarsyo-full.channels = make_mbsync_channels { + full = ["*" "!INBOX" "!Sent" "!Drafts" "!Junk" "!Trash"]; }; }; }; @@ -156,26 +157,12 @@ in { expunge = "both"; groups = { prologin-main.channels = - { - main = { - patterns = ["INBOX" "membres@"]; - extraConfig = { - Create = "Both"; - Expunge = "Both"; - Remove = "None"; - SyncState = "*"; - }; - }; - } + (make_mbsync_channels { + main = ["INBOX" "membres@"]; + }) // gmail_mbsync_channels; - prologin-info.channels.prologin-info = { - patterns = ["info@" "info@gcc"]; - extraConfig = { - Create = "Both"; - Expunge = "Both"; - Remove = "None"; - SyncState = "*"; - }; + prologin-info.channels = make_mbsync_channels { + info = ["info@" "info@gcc"]; }; }; }; From d0cb004d7a35cb3d98c0caae0b1a383f370d6fa2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 01:52:32 +0200 Subject: [PATCH 326/904] ci: shorten workflow name This way step names aren't cropped in the UI --- .github/workflows/cachix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 965aa9f..00782b2 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -1,4 +1,4 @@ -name: "Populate Cachix binary cache" +name: "Cachix" on: push: paths: From 9fcffa716968c227392af7f48a9e82d1a8a47c43 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 01:54:28 +0200 Subject: [PATCH 327/904] ci: rework NUR hook workflow names --- .github/workflows/nur-update.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nur-update.yaml b/.github/workflows/nur-update.yaml index 87feeb6..a02b173 100644 --- a/.github/workflows/nur-update.yaml +++ b/.github/workflows/nur-update.yaml @@ -1,3 +1,4 @@ +name: "NUR" on: push: branches: @@ -8,7 +9,7 @@ on: jobs: update-nur: - name: "Update NUR repo" + name: "Ping NUR repo hook" runs-on: ubuntu-latest steps: - name: curl nur endpoint From f9363955810ae4bd2296f254e8f147060d7d8a1e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 01:58:42 +0200 Subject: [PATCH 328/904] ci: don't trigger workflows if another one is modified --- .github/workflows/cachix.yaml | 2 +- .github/workflows/nur-update.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 00782b2..f0eb080 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -7,7 +7,7 @@ on: - 'pkgs/**' - 'flake.nix' - 'flake.lock' - - '.github/workflows/*' + - '.github/workflows/cachix.yaml' jobs: format-check: name: Format check diff --git a/.github/workflows/nur-update.yaml b/.github/workflows/nur-update.yaml index a02b173..6319379 100644 --- a/.github/workflows/nur-update.yaml +++ b/.github/workflows/nur-update.yaml @@ -5,7 +5,7 @@ on: - 'main' paths: - 'pkgs/**' - - '.github/workflows/*' + - '.github/workflows/nur-update.yaml' jobs: update-nur: From 1175b46af896fbeff92e7dc476b37055b2cd87de Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 02:04:05 +0200 Subject: [PATCH 329/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/015c8c2cfd4f62d7f317e777ebaef0df39e7a748' (2022-05-02) → 'github:nix-community/emacs-overlay/7cb7c8c550ae9e746cbc65bfea7bd005409bf0a4' (2022-05-08) • Updated input 'home-manager': 'github:nix-community/home-manager/26858fc0dbed71fa0609490fc2f2643e0d175328' (2022-05-01) → 'github:nix-community/home-manager/882bd8118bdbff3a6e53e5ced393932b351ce2f6' (2022-05-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e10da1c7f542515b609f8dfbcf788f3d85b14936' (2022-04-26) → 'github:NixOS/nixpkgs/c777cdf5c564015d5f63b09cc93bef4178b19b01' (2022-05-05) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/6766fb6503ae1ebebc2a9704c162b2aef351f921' (2022-04-28) → 'github:NixOS/nixpkgs/afb8c54d8463f5035f6ece71cb54ba899378680f' (2022-05-08) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 25dae3b..5980f63 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1651465270, - "narHash": "sha256-x6xJ++tBB7l02lok3mBTYykefjamF9BgK/9BbeQlxoQ=", + "lastModified": 1652038791, + "narHash": "sha256-dTQdPbsq+WCEo9B72+MLT+rqtVjD+ryfc6DJbR/iMHQ=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "015c8c2cfd4f62d7f317e777ebaef0df39e7a748", + "rev": "7cb7c8c550ae9e746cbc65bfea7bd005409bf0a4", "type": "github" }, "original": { @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1651415224, - "narHash": "sha256-O/EzwxUMa1OawWEwhS10Xki7RX3+hSgaJJziHeI4d7c=", + "lastModified": 1651886851, + "narHash": "sha256-kbXOJSf1uho0/7P54nZkJdJY3oAelIjyc6tfiRhaXJI=", "owner": "nix-community", "repo": "home-manager", - "rev": "26858fc0dbed71fa0609490fc2f2643e0d175328", + "rev": "882bd8118bdbff3a6e53e5ced393932b351ce2f6", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1651114127, - "narHash": "sha256-/lLC0wkMZkAdA5e1W76SnJzbhfOGDvync3VRHJMtAKk=", + "lastModified": 1652027045, + "narHash": "sha256-HrvhQn772bJG4KwfOhNkrPZaX9Jltb0DhX6pLNc32c4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6766fb6503ae1ebebc2a9704c162b2aef351f921", + "rev": "afb8c54d8463f5035f6ece71cb54ba899378680f", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1651007983, - "narHash": "sha256-GNay7yDPtLcRcKCNHldug85AhAvBpTtPEJWSSDYBw8U=", + "lastModified": 1651726670, + "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e10da1c7f542515b609f8dfbcf788f3d85b14936", + "rev": "c777cdf5c564015d5f63b09cc93bef4178b19b01", "type": "github" }, "original": { From ad56bf45c9014f5260baeab252ec548a773245d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 9 May 2022 03:36:09 +0200 Subject: [PATCH 330/904] home: x: use new options for cursor --- home/x/cursor.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/x/cursor.nix b/home/x/cursor.nix index ae2c2ed..04378b0 100644 --- a/home/x/cursor.nix +++ b/home/x/cursor.nix @@ -15,12 +15,13 @@ in { options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;}; config = mkIf cfg.enable { - xsession.pointerCursor = { + home.pointerCursor = { package = pkgs.capitaine-cursors; name = "capitaine-cursors"; # available sizes for capitaine-cursors are: # 24, 30, 36, 48, 60, 72 size = 30; + x11.enable = true; }; }; } From df628162884aad703029a5bc5cdd60dc2fb8d7ec Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 15 May 2022 19:32:28 +0200 Subject: [PATCH 331/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/7cb7c8c550ae9e746cbc65bfea7bd005409bf0a4' (2022-05-08) → 'github:nix-community/emacs-overlay/972925e3f1b6724eaf6a896f1ae9390d205fcaae' (2022-05-15) • Added input 'emacs-overlay/flake-utils': 'github:numtide/flake-utils/12806d31a381e7cd169a6bac35590e7b36dc5fe5' (2022-05-14) • Added input 'emacs-overlay/nixpkgs': 'github:NixOS/nixpkgs/118ec238bfb788a34f1d53c4d95931fadfa70367' (2022-05-15) • Updated input 'home-manager': 'github:nix-community/home-manager/882bd8118bdbff3a6e53e5ced393932b351ce2f6' (2022-05-07) → 'github:nix-community/home-manager/273598f53e04f0111dca5724b37640e3907edaaf' (2022-05-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c777cdf5c564015d5f63b09cc93bef4178b19b01' (2022-05-05) → 'github:NixOS/nixpkgs/fb222e008681fce4608e94f2d1dfdf3d03a364c4' (2022-05-13) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/afb8c54d8463f5035f6ece71cb54ba899378680f' (2022-05-08) → 'github:NixOS/nixpkgs/129ad108e0c4963dc6c1d281f52f8dded6669e81' (2022-05-15) --- flake.lock | 61 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 47 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 5980f63..dd111b4 100644 --- a/flake.lock +++ b/flake.lock @@ -19,12 +19,16 @@ } }, "emacs-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2" + }, "locked": { - "lastModified": 1652038791, - "narHash": "sha256-dTQdPbsq+WCEo9B72+MLT+rqtVjD+ryfc6DJbR/iMHQ=", + "lastModified": 1652613188, + "narHash": "sha256-vHp4U0y0w0ntf4LF8zk0FTbTkwiiJtbs78eSYQVSABw=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "7cb7c8c550ae9e746cbc65bfea7bd005409bf0a4", + "rev": "972925e3f1b6724eaf6a896f1ae9390d205fcaae", "type": "github" }, "original": { @@ -35,6 +39,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1652557277, + "narHash": "sha256-jSes9DaIVMdmwBB78KkFUVrlDzawmD62vrUg0GS2500=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "12806d31a381e7cd169a6bac35590e7b36dc5fe5", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1648297722, "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", @@ -57,11 +76,11 @@ ] }, "locked": { - "lastModified": 1651886851, - "narHash": "sha256-kbXOJSf1uho0/7P54nZkJdJY3oAelIjyc6tfiRhaXJI=", + "lastModified": 1652452043, + "narHash": "sha256-nh3mdVB/Kk5ag1uRMAlKo8r+ssN3HNxwbLsqRG4xZkw=", "owner": "nix-community", "repo": "home-manager", - "rev": "882bd8118bdbff3a6e53e5ced393932b351ce2f6", + "rev": "273598f53e04f0111dca5724b37640e3907edaaf", "type": "github" }, "original": { @@ -105,11 +124,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1652027045, - "narHash": "sha256-HrvhQn772bJG4KwfOhNkrPZaX9Jltb0DhX6pLNc32c4=", + "lastModified": 1652575538, + "narHash": "sha256-1piTQ0YrV7IGweOTj5+2PkIh0WTnAc9174Sik5PrF5I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "afb8c54d8463f5035f6ece71cb54ba899378680f", + "rev": "129ad108e0c4963dc6c1d281f52f8dded6669e81", "type": "github" }, "original": { @@ -121,11 +140,25 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1651726670, - "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=", + "lastModified": 1652574577, + "narHash": "sha256-MoSWPtue4Wi9+kRDxUbLWEBCL8Bswaa8kVMh2JYpSJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c777cdf5c564015d5f63b09cc93bef4178b19b01", + "rev": "118ec238bfb788a34f1d53c4d95931fadfa70367", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1652467128, + "narHash": "sha256-1wuQ7QgPQ3tugYcoVMJ3pUzl4wVdBzKZr9qtJAgA4VI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fb222e008681fce4608e94f2d1dfdf3d03a364c4", "type": "github" }, "original": { @@ -139,10 +172,10 @@ "inputs": { "agenix": "agenix", "emacs-overlay": "emacs-overlay", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } From a4d3e6b6f8854c49dc63c37455a6b42caaed5291 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 15 May 2022 19:45:42 +0200 Subject: [PATCH 332/904] services: tailscale: loosen firewall policy See https://github.com/tailscale/tailscale/issues/4432 --- services/tailscale.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/tailscale.nix b/services/tailscale.nix index ff3a4b1..41fe9f8 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -28,6 +28,8 @@ in { networking.firewall = { trustedInterfaces = ["tailscale0"]; allowedUDPPorts = [config.services.tailscale.port]; + # needed for exit node usage + checkReversePath = mkIf (!cfg.exitNode) "loose"; }; # enable IP forwarding to use as exit node From f54d1ce5b27b304e61226227f3c8adc65ee3dcc6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 15 May 2022 20:05:07 +0200 Subject: [PATCH 333/904] emacs: use standard nixpkgs build Now that native comp is stable I don't need the overlay, which triggered a full emacs build almost everytime I bumped it. --- .github/workflows/cachix.yaml | 1 - flake.lock | 54 ++--------------------------------- flake.nix | 33 +++------------------ home/emacs.nix | 2 +- 4 files changed, 7 insertions(+), 83 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index f0eb080..ccde1ae 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -46,7 +46,6 @@ jobs: fail-fast: false matrix: name: - - emacsPgtkNativeComp - grafanaDashboards/nginx - grafanaDashboards/node-exporter - kaleidoscope-udev-rules diff --git a/flake.lock b/flake.lock index dd111b4..6767feb 100644 --- a/flake.lock +++ b/flake.lock @@ -18,42 +18,7 @@ "type": "github" } }, - "emacs-overlay": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1652613188, - "narHash": "sha256-vHp4U0y0w0ntf4LF8zk0FTbTkwiiJtbs78eSYQVSABw=", - "owner": "nix-community", - "repo": "emacs-overlay", - "rev": "972925e3f1b6724eaf6a896f1ae9390d205fcaae", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "emacs-overlay", - "type": "github" - } - }, "flake-utils": { - "locked": { - "lastModified": 1652557277, - "narHash": "sha256-jSes9DaIVMdmwBB78KkFUVrlDzawmD62vrUg0GS2500=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "12806d31a381e7cd169a6bac35590e7b36dc5fe5", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1648297722, "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", @@ -139,20 +104,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1652574577, - "narHash": "sha256-MoSWPtue4Wi9+kRDxUbLWEBCL8Bswaa8kVMh2JYpSJg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "118ec238bfb788a34f1d53c4d95931fadfa70367", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1652467128, "narHash": "sha256-1wuQ7QgPQ3tugYcoVMJ3pUzl4wVdBzKZr9qtJAgA4VI=", @@ -171,11 +122,10 @@ "root": { "inputs": { "agenix": "agenix", - "emacs-overlay": "emacs-overlay", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } diff --git a/flake.nix b/flake.nix index 6d516eb..bf6fc2c 100644 --- a/flake.nix +++ b/flake.nix @@ -21,13 +21,6 @@ repo = "agenix"; }; - emacs-overlay = { - type = "github"; - owner = "nix-community"; - repo = "emacs-overlay"; - ref = "master"; - }; - home-manager = { type = "github"; owner = "nix-community"; @@ -117,8 +110,6 @@ { nixpkgs.overlays = [ - inputs.emacs-overlay.overlay - # uncomment this to build everything from scratch, fun but takes a # while # @@ -140,12 +131,6 @@ inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-ssd - - { - nixpkgs.overlays = [ - inputs.emacs-overlay.overlay - ]; - } ] ++ sharedModules; }; @@ -153,19 +138,9 @@ } // inputs.flake-utils.lib.eachDefaultSystem (system: { packages = - ( - inputs.flake-utils.lib.flattenTree - (import ./pkgs {pkgs = import nixpkgs {inherit system;};}) - ) - // { - emacsPgtkNativeComp = - ( - import nixpkgs { - inherit system; - overlays = [inputs.emacs-overlay.overlay]; - } - ) - .emacsPgtkNativeComp; - }; + inputs.flake-utils.lib.flattenTree + (import ./pkgs { + pkgs = import nixpkgs {inherit system;}; + }); }); } diff --git a/home/emacs.nix b/home/emacs.nix index 627f91c..6e642fc 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -42,7 +42,7 @@ in { programs.emacs = { enable = true; - package = pkgs.emacsPgtkNativeComp; + package = pkgs.emacsNativeComp; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools]; }; }; From b766e3e5daaabfc6540908fd91e663b41b6e8ab5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 May 2022 11:09:12 +0200 Subject: [PATCH 334/904] home: i3: bump font awesome font selector --- home/x/i3.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index dd2cab1..2508b2a 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -47,7 +47,7 @@ in { statusCommand = "i3status-rs ${barConfigPath}"; position = "top"; fonts = { - names = ["DejaVuSansMono" "FontAwesome5Free"]; + names = ["DejaVuSansMono" "FontAwesome6Free"]; size = 9.0; }; From 4e96af37d3575996387c3d9e31b41ff499faee6d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 May 2022 12:24:46 +0200 Subject: [PATCH 335/904] zephyrus: use tmpfs for /tmp --- hosts/zephyrus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 60a5f74..da27aad 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -20,6 +20,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.tmpOnTmpfs = true; + services.btrfs = { autoScrub = { enable = true; From e0bb7e52f2ab51edaf2ee514628ac1b702bb6976 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 23 May 2022 15:32:30 +0200 Subject: [PATCH 336/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/273598f53e04f0111dca5724b37640e3907edaaf' (2022-05-13) → 'github:nix-community/home-manager/94780dd888881bf35165dfdd334a57ef6b14ead8' (2022-05-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fb222e008681fce4608e94f2d1dfdf3d03a364c4' (2022-05-13) → 'github:NixOS/nixpkgs/dfd82985c273aac6eced03625f454b334daae2e8' (2022-05-20) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/129ad108e0c4963dc6c1d281f52f8dded6669e81' (2022-05-15) → 'github:NixOS/nixpkgs/98bcd08cb1778d103bac1149621b3568014aadbd' (2022-05-20) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6767feb..41982bb 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1652452043, - "narHash": "sha256-nh3mdVB/Kk5ag1uRMAlKo8r+ssN3HNxwbLsqRG4xZkw=", + "lastModified": 1653153149, + "narHash": "sha256-8B/tWWZziFq4DqnAm9uO7M4Z4PNfllYg5+teX1e5yDQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "273598f53e04f0111dca5724b37640e3907edaaf", + "rev": "94780dd888881bf35165dfdd334a57ef6b14ead8", "type": "github" }, "original": { @@ -89,11 +89,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1652575538, - "narHash": "sha256-1piTQ0YrV7IGweOTj5+2PkIh0WTnAc9174Sik5PrF5I=", + "lastModified": 1653086549, + "narHash": "sha256-9Gt55P+hh70m/vx0zS5iJrMFrU4Rf0uO+nG9NFxTW1U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "129ad108e0c4963dc6c1d281f52f8dded6669e81", + "rev": "98bcd08cb1778d103bac1149621b3568014aadbd", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1652467128, - "narHash": "sha256-1wuQ7QgPQ3tugYcoVMJ3pUzl4wVdBzKZr9qtJAgA4VI=", + "lastModified": 1653060744, + "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb222e008681fce4608e94f2d1dfdf3d03a364c4", + "rev": "dfd82985c273aac6eced03625f454b334daae2e8", "type": "github" }, "original": { From cdd6068aeb19f1c798c22aa87ff759a9ea0a8a38 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 23 May 2022 15:36:53 +0200 Subject: [PATCH 337/904] services: nextcloud: bump to 24 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 0ec642f..330548e 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,7 +62,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud23; + package = pkgs.nextcloud24; maxUploadSize = "1G"; From 0350a4d11e2401f7bcae47a182286f982aa9fea7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 28 May 2022 14:03:30 +0200 Subject: [PATCH 338/904] home: emacs: add lilypond to emacs packages The lilypond-mode is shipped with lilypond itself --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 6e642fc..5853397 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -43,7 +43,7 @@ in { programs.emacs = { enable = true; package = pkgs.emacsNativeComp; - extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools]; + extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond]; }; }; } From 71efd78ad23a544a6ba8af97ccca3af077625090 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 30 May 2022 09:53:38 +0200 Subject: [PATCH 339/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/94780dd888881bf35165dfdd334a57ef6b14ead8' (2022-05-21) → 'github:nix-community/home-manager/64831f938bd413cefde0b0cf871febc494afaa4f' (2022-05-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/dfd82985c273aac6eced03625f454b334daae2e8' (2022-05-20) → 'github:NixOS/nixpkgs/83658b28fe638a170a19b8933aa008b30640fbd1' (2022-05-26) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/98bcd08cb1778d103bac1149621b3568014aadbd' (2022-05-20) → 'github:NixOS/nixpkgs/f6c4da49202d79cdab2fdf2bfa3019cde23f007e' (2022-05-29) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 41982bb..2e21878 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1653153149, - "narHash": "sha256-8B/tWWZziFq4DqnAm9uO7M4Z4PNfllYg5+teX1e5yDQ=", + "lastModified": 1653518057, + "narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=", "owner": "nix-community", "repo": "home-manager", - "rev": "94780dd888881bf35165dfdd334a57ef6b14ead8", + "rev": "64831f938bd413cefde0b0cf871febc494afaa4f", "type": "github" }, "original": { @@ -89,11 +89,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1653086549, - "narHash": "sha256-9Gt55P+hh70m/vx0zS5iJrMFrU4Rf0uO+nG9NFxTW1U=", + "lastModified": 1653839487, + "narHash": "sha256-UFTixs7vCadS50/J0Q5tIFSeXrDJs7lCKHi+a3V9oVQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "98bcd08cb1778d103bac1149621b3568014aadbd", + "rev": "f6c4da49202d79cdab2fdf2bfa3019cde23f007e", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1653060744, - "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", + "lastModified": 1653581809, + "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfd82985c273aac6eced03625f454b334daae2e8", + "rev": "83658b28fe638a170a19b8933aa008b30640fbd1", "type": "github" }, "original": { From 5f510a01ff4cb4621a65daca89a7a3a156a56b95 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 30 May 2022 09:57:43 +0200 Subject: [PATCH 340/904] pkgs: bump spot to 2.10.6 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index a79b1e3..37039c7 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.10.5"; + version = "2.10.6"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-40uaMF1VjTMCJWqZZe5fRAGyINyyvlJExksxJqeESio="; + sha256 = "sha256-xYjRy1PM6j5ZL5lAKxTC9DZ7NJ7O+OF7bTkd8Ua8i6Q="; }; } From 6c2b4889e29527354f9b2c8169243a688d46f9a8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Jun 2022 16:29:06 +0200 Subject: [PATCH 341/904] secrets: rekey secrets to make them editable from my key --- modules/secrets/gandi/api-key.age | 17 ++++++++++------- modules/secrets/lohr/shared-secret.age | 16 +++++++++------- .../secrets/matrix-synapse/secret-config.age | Bin 545 -> 699 bytes modules/secrets/miniflux/admin-credentials.age | 17 +++++++++-------- modules/secrets/nextcloud/admin-pass.age | Bin 396 -> 527 bytes modules/secrets/paperless/admin-password.age | Bin 368 -> 466 bytes modules/secrets/paperless/secret-key.age | Bin 418 -> 556 bytes modules/secrets/secrets.nix | 14 +++++++------- 8 files changed, 35 insertions(+), 29 deletions(-) diff --git a/modules/secrets/gandi/api-key.age b/modules/secrets/gandi/api-key.age index cf9f9c9..2c80cf9 100644 --- a/modules/secrets/gandi/api-key.age +++ b/modules/secrets/gandi/api-key.age @@ -1,8 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 z6Eu8Q Z6nxu/Aj6YiouSwaHKO9o/VjDwkFeg1aUpxWDH0zYUc -nN/e7E4mRe0u6r845FlT9QPYTAAoG7YQZY+igYNNd7Y --> LZ-grease 7/44AQ]n H&}_^ hIg#2Ic :cyUJma -cyKzugByeYVVqVRXfi/a7RkreaM9vVNw8z1Jn+MaLZs1paE44QEe2Y2bsXA9tmai -GSfOFlOBv82/Jhlc7xUK5w6RxgIBdmxtpEfRaUw ---- jnsdwFTZU4wzsxo0piNFBchQtCuFQohGALt42YukeVA -7wOp8҈eu!CbBRzIאN?C W[kGslZG9nL \ No newline at end of file +-> ssh-ed25519 k2gHjw cPZECs2fo+sOznfaXiZjieBB6nwe4D7s5shh6YE/VWY +Oi/B1v/9NkPORSllIxrFltkXVFUwFZcgJlcxUdGWjT0 +-> ssh-ed25519 z6Eu8Q G3/FgigyszNLmNCXiAxeWgsALohxZ+ZLLvhRg38CBxk +Z/OiV82zpOJhewVWvJSZUOCNzixFHvWl53cT/MIcZjo +-> -%^%:-grease +CkySRq28PocmIYUy7teSU9JkV8/tq/JIR83vFkuRSIYascFHgQrUhEbjy05uLMAe +Sw +--- LvigUOnTKMr+/oIUFVCWXM59d0Q9qePiZ1zqm8s/4lI +u>ܭȃuI͜jXN?ISGY7Smf +ApWo \ No newline at end of file diff --git a/modules/secrets/lohr/shared-secret.age b/modules/secrets/lohr/shared-secret.age index e3fa903..a9dc0f2 100644 --- a/modules/secrets/lohr/shared-secret.age +++ b/modules/secrets/lohr/shared-secret.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 z6Eu8Q TbYGLV7JbzW40Eo9aNDfirmKXntiJnT60mbbzRLQJX4 -KHbJtr2hsfe7lsZ2VRTo7mWAgi33f8OJiuBDNfnCijE --> U}J&0*-grease 0~7egWZ( bN0gqO I[r[CN15 -xL86runL ---- WrvrFFp0ZtCc0dXhfzaHOiFckW5u6qpm7SLEwgi8cyg -qQI [E>0 KE -UA'[Kpay8fɊZ`q7q"zC I{I!\%Eq¦yҔ3 \ No newline at end of file +-> ssh-ed25519 k2gHjw RKzmvlLJzkvoFfPW17H0oSnPk1SZziQxcMCqVQfyQ1A +0R5bcUYcqzJaUHWW0j3EgWnzlOvKmLOA7rIwEjEs+UI +-> ssh-ed25519 z6Eu8Q dg3GZIAzPsuXVaV2uRtYNDN+RMBgKaYw4eux13IjQ00 +VJeVMuNxJHiJkwNY/8N9HQ+DTUzmOGPdDUoInlV+ScA +-> cq?k-grease >>)4[\ _:DBA*P +LUtE0e0sxIay8ngpt5Y7jD9zNtZbiBTJGvVrzXE/vXOAPwu1e6sUigclYJ3H/wax +Hwnx5zPDSu1BG07dUZeaNQdUpS4l +--- xY+ulUElyTv6MG3VLtkPyrLxav+0C6ifdWfRO14YGl4 +udLr.iӪ9ۇXg9}TNq-E vou֛ȉcE]"ЮA1jZɭ@,wTۯ \ No newline at end of file diff --git a/modules/secrets/matrix-synapse/secret-config.age b/modules/secrets/matrix-synapse/secret-config.age index 6268e887723a2bdcb549ce685297d89d27e9d00a..8ec58e864c8e26d1843c179c3f19c542f53e6cdc 100644 GIT binary patch delta 674 zcmZ3;vYT~+YJIj*x<^*If=8vBXH-;%c0_8BTUD~5MYvCLkcXvZiJ!Aqd10PWV0yAg zL0XkrSdOzVmxV!@xqeA-a74awdbWk7g=MHgT6$VlRaRwYVz7T=mA;!#MnzdhpmC}v zm#&>cadC!jYKoDmsiCDpm6>a)MW8}@W?8CJQKd(2QGHITfsvDMgh7F^Us-8DgsW$j zQ)XULL4|+5wsy9kaZomwTWX?yNu*a`esXDeda-A4M6!8inY&qmqf4=inYO->N11zK zW_YrjNr(l=I&WP|-Snc=#Nt$i7{#Dah4`@AiWmh~OMiu0*F3!t@1QWQkn)tOVE2Ns zlBBSDa~D^$G)s#jx5RYkg7knKqY$4c^Wv&-uR@<7cSDQZsLaSvrwo0ALd(G7a!c=I z6ANuGf3EzDT&LX1u;dD3|Ga{7E?r$+1?}uaPcH-CBG00*68|V8Z4aYxpRCXbQ+MaW z(k$l)GygJuM^8uJqVS?*E>Q+?>s+xj6OQewx0g_fymZ|D;IV}&TlxHZmOYGrF|EHM z*~0MagWs2`{2r+nzS-)|(V*mR%bCr8;M}>dAt4j*9Z-=xd$Z*6558lqJC?ktJ7OiJ z@n=!h&#H%J#|kFNA7A%O>w3sqsVj3Ydb?b(QPY@k=lKj8pvKzWavb}Zj zjx{)37#3OY|5NtOl#BB&Y~0EB_lDy4I(Mz_Q<aDWtg;|pOe>}e~%aGQNKsw(f0u#hGW93%5#lwM9#}_&qt?`)ui<=M3_H U{kGkC^q&2SYdxqFho zg=4ChW2JFES7COzbF#6%L6Vujws&E%xkXB0d0B~jNT!!ll}E8tQB`DcP;O*tU{#cos&%=mbOokQ=(;_Q&xDeM@VH- zl%r3Wi$|4Zm1RbzagkqEShh=Pa)1e!uCA^^aG0^1p^=GYQA(0|VOhGbZ=R)BNvLm_ zc2=HYcBOxKL}6lNZc2&1Z*C};TWCe>rcJyjtvMb}IB|P6gG*?C=JE?)e7%IbP70j# z64Q1%fBahgwo0exZg18t-tM*5I9gHHKg>D*e}++txb24dUxanj8!l|SS2N?D@XQ^x zG1UT*Os}l8>)PLP`m*vzxunHNKX{b2qt6EpZ)xA;W72i+`>9Rk}dwxhbxbIDBoYaO{ Uw^s42EIl!^ZQ2j<+8U#80AIk>h5!Hn diff --git a/modules/secrets/miniflux/admin-credentials.age b/modules/secrets/miniflux/admin-credentials.age index d25f5d9..ee534fb 100644 --- a/modules/secrets/miniflux/admin-credentials.age +++ b/modules/secrets/miniflux/admin-credentials.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 z6Eu8Q rtGozbVk8om9Y0HKwgMEdphYF8XPaivfvKeseSue0Eg -WhKe6jqNByj/+gRLA/QKHnHTrRKndVUq47/BzK2uU8w --> \)kCW_wR-grease @l -QSDpyBcE6WRuOU6IpZ1mN+zboFtzw9THQ78ZV2eStjU1rCyuZhXgU2QD2p/PO4ns -JEntxUv/vw ---- ZsG0UUiIW92EsmHOvohl07MzjtzJlBuAm8A7sS5PfUU ->t -_{i7$"pb^^21&|P=_aʾW`T<9X|q[g)`8цy0JP%HM: ^K{-B@neI \ No newline at end of file +-> ssh-ed25519 k2gHjw umRb1g5kQ/Po2R/zhowom5ljJ/q7SlV5splxWhhrLAY +J1KanwTv45zm4w6VgCHlR8W5R0/sgGopu9Tpf8oaAfw +-> ssh-ed25519 z6Eu8Q IbEJS+0HaPjGwyEXfHs4xyWTg2G/CCK52eRsccBmKE0 +9qnTazbu5kEsSvQpTidZDHyWba/s2bm21QAlFj5P5rA +-> crn+o$-grease r:p72m h8=b)mD~ [_D Xr$ZF~4x +GK7R58b57oUi5tRTV4LcgAGbZ8qEI6W1QAWEG3DmDFGQBDmypo0Cq25ep4hpB/MO +co50CY6zOo9i7Lxc4YXDI9+YJd7HQ7a0Q5t66Wca6+T7y6Y3sMX2bcgqb3wQpg +--- QFYckrszPLUOS3lio/9OVQ5JVl5/NSyPa7d1Me1cU6Y +l+iK1 }>tyzPM1^ x8׾ vv^xٚ!B)m* IJD0JN6`mmwݜVIxV+_Xy҉D` \ No newline at end of file diff --git a/modules/secrets/nextcloud/admin-pass.age b/modules/secrets/nextcloud/admin-pass.age index e2c436e9048d506378309e018bd207be1dd97ec3..07d68b24e266e306487acfbd5348fd4135fa02f8 100644 GIT binary patch delta 500 zcmeBS?q`{xTAyu{?vYilpr2P+>6c+(=9d%_UJ#TPqF>|_=osN{pzZFL8xfe2rf(LR zWD=#FR1%oaRhj6VnQG)`9A)Vjkd~ou5apQXoa0)Mmm1*Zp&yi%SR5LbmQhr0lx-Zy zrE8~9T%4hsnqp*XYG|oYW#(FH5vWjXUR-4o9*~}qRUZ-L*bu0UX@{->tEvM=~T{@m|hX&?-rhzu>chp0UFF+!Mc-A{z_;MsR32J?6Oh&SL3Jq1*nGFJ58Wzsm^#+bOk9 delta 368 zcmeBY>0zFrT3==6T51uf;Nn(pTozpA?va}3Y?K?7=4%pR=v|m^9+V#zUJ#I)WMb@- z>*V2M6dIDvm9DMr7hIZ_=VO}ZQxaNMUQl4+oSbQ#9+?zTWub56VrW>T?d0O;QIc8C zrE8}UrV^{0UX+?xoT{K$!jmXYLaM?=9}!2 z8t7u?5)@bz?iHx-Zk%Tv818P7Zx)bMW$9y-Y39P^=T?!Zo$2iCQ{h)0QV|)FW||zH zlp2}nZDL$p>1UcBkx~)PrK_u};1^it<58Mh;cSp-WaR9WuAS#m9%^9_P!$#xpDTV$C_N|=$4rCD~RfxdxZR&Yr`gt0+(VP0XVQ)NzaRbD|zRcWLz zm#&>cadC!jYKoDmsiCDpm6>a)MW8}dR&KJtr)y?rUcHfPKxB?lfk|+BV7Zf{S89N3 zxOS*zagdplW1eA3W?(v(N4i&KsB5Tyad>X2n_;4nt4~fzaA;$2unxfFeiVT?Jo5j|jtJBSSBXq9E@O z({O{-qA=r1qmuG;|D^oDe1m}UaH9&}!pxKsSFVECCx+5O^^*iY`OUhwNmFr i?ygC_XH_m0JY2(KaLCf++~Zje>9V!omrr`^S_}X`EueA$ delta 340 zcmcb_{DEnLYJHWNYpF$`Lb7*RzIH`LKx$-)bAeY>da|E+WWGg(NmWImw~w}gg-=#s zW`Ti$Uyz|MSDue+QDRhjZfK5gmS38iNpO_0OHfFVtDm#6zNwFak++*~mQQ$KvP*V0 zm#&?HlcR2WQEFmws)ABTNF|p~Sh!b;qkd3EiD5=nMZIZiRiuHoiC2Y(OF&6wS*nv$ zZc&tev8SI|kejn*qtsrFno`l#jlLS&~6HmyMC|4B?w;ds!wa?w|2t z-od{U&j|Q#=`EQVp}l>LK;YDUJ^ky?^1S!q4v=iR`SG{)583PG6DNL)+;g=;w_~Qs q^vj(;U$R^9EmL^!vy=7dg_i5rp6&m1RmiF}=j$cadC!jYKoDmsiCDpm6>a)MW8~YZ?LgPiLt(=dA(>B;(~7)2qk^3Bq|k8V@CXaD%J4G7RC79Mhnx(ya2(V9&tx zK>u{E?MhA}%g?8Bew?$VMsfG;=2J_;J=!Eq>&tyK%3>Wi>M-Rj^!shN{jy>5C@YGQFJm%f{RQl*=>lXg~8dY*BWMSWRhuA#4&enqZda8N}_nto7V zlA&8@h>=%CVs@~*V~(q(x2dO@V`e~3L@1Z8uC79aw!2A2VX}9nv$sj5v%jf}SC~tM zmrt0JtEH)dx4uDnYI1&2VYy3AXgL>O(@y^H*L~gQn|*c Date: Fri, 10 Jun 2022 16:56:15 +0200 Subject: [PATCH 342/904] hades: init --- flake.nix | 9 +++ hades.nix | 23 ++++++ hosts/hades/default.nix | 71 ++++++++++++++++++ hosts/hades/hardware-configuration.nix | 29 +++++++ hosts/hades/home.nix | 5 ++ hosts/hades/secrets.nix | 20 +++++ modules/secrets/secrets.nix | 3 +- .../secrets/users/alarsyo-hashed-password.age | Bin 694 -> 793 bytes .../secrets/users/root-hashed-password.age | Bin 619 -> 821 bytes 9 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 hades.nix create mode 100644 hosts/hades/default.nix create mode 100644 hosts/hades/hardware-configuration.nix create mode 100644 hosts/hades/home.nix create mode 100644 hosts/hades/secrets.nix diff --git a/flake.nix b/flake.nix index bf6fc2c..5ed22ed 100644 --- a/flake.nix +++ b/flake.nix @@ -102,6 +102,15 @@ ++ sharedModules; }; + hades = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = + [ + ./hades.nix + ] + ++ sharedModules; + }; + boreal = nixpkgs.lib.nixosSystem rec { inherit system; modules = diff --git a/hades.nix b/hades.nix new file mode 100644 index 0000000..26018f0 --- /dev/null +++ b/hades.nix @@ -0,0 +1,23 @@ +{...}: { + imports = [ + # Default configuration + ./base + + # Module definitions + ./modules + + # Service definitions + ./services + + # Host-specific config + ./hosts/hades + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? +} diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix new file mode 100644 index 0000000..95e529a --- /dev/null +++ b/hosts/hades/default.nix @@ -0,0 +1,71 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + lib, + pkgs, + ... +}: let + secrets = config.my.secrets; +in { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + + ./home.nix + ./secrets.nix + ]; + + boot.loader.systemd-boot.enable = false; + boot.loader.grub = { + enable = true; + efiSupport = false; + devices = ["/dev/sda" "/dev/sdb"]; + }; + + boot.tmpOnTmpfs = true; + + networking.hostName = "hades"; # Define your hostname. + networking.domain = "alarsyo.net"; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + networking.useDHCP = false; + networking.interfaces.enp35s0.ipv4.addresses = [ + { + address = "95.217.121.60"; + prefixLength = 26; + } + ]; + networking.interfaces.enp35s0.ipv6.addresses = [ + { + address = "2a01:4f9:4a:3649::2"; + prefixLength = 64; + } + ]; + networking.defaultGateway = "95.217.121.1"; + networking.defaultGateway6 = { + address = "fe80::1"; + interface = "enp35s0"; + }; + networking.nameservers = ["1.1.1.1" "1.0.0.1"]; + my.networking.externalInterface = "enp35s0"; + + # List services that you want to enable: + my.services = { + tailscale = { + enable = true; + exitNode = true; + }; + }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.permitRootLogin = "no"; + services.openssh.passwordAuthentication = false; + + # Takes a long while to build + documentation.nixos.enable = false; +} diff --git a/hosts/hades/hardware-configuration.nix b/hosts/hades/hardware-configuration.nix new file mode 100644 index 0000000..57882a3 --- /dev/null +++ b/hosts/hades/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["ahci" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/2a24010c-14bd-439b-b30b-d0e18db69952"; + fsType = "ext4"; + }; + + swapDevices = []; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/hades/home.nix b/hosts/hades/home.nix new file mode 100644 index 0000000..3bb7dab --- /dev/null +++ b/hosts/hades/home.nix @@ -0,0 +1,5 @@ +{config, ...}: { + home-manager.users.alarsyo = { + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + }; +} diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix new file mode 100644 index 0000000..3fbc379 --- /dev/null +++ b/hosts/hades/secrets.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 7e1ce4b..68137cc 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -3,10 +3,11 @@ let users = [alarsyo]; boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; + hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; - machines = [boreal poseidon zephyrus]; + machines = [boreal hades poseidon zephyrus]; all = users ++ machines; in { diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index 9d80aa72837e8960690453faa7b6615c69c3c397..f9a9f83c1edaf2939968fd91df928d4e88cebc77 100644 GIT binary patch delta 746 zcmdnSI+JaJ>g0Sz_IkI}0F#I)uYwYv^5Rl$H-GccV8XDjN=vM3#kXK)vQ5x(ST$x&yS`ulTCF3S{SV-H6zU0q!T<8)t>{Os`1Lf=%kOtU~I3+EF5jKYk7z+zXw@={Oz62p3r z!tk^*%dpCPt~*CfEiX>dSU9gyS*mgcW-OjLt1xUtti#boN7T&hownpCcPg z|MI@~$nT0c%Wyq0nd!(mDaS6KAd&V9iXT~jDKGwze%F6$m!?|EgKfte4wkK%WXm_{ zo@Ltl5QCk^^6rGT+$o&G^(fpsA@>%S>G48d(LXQ3op|)GPOtVTzs5KF#1)@khfQ|@ E07kI|t^fc4 delta 627 zcmbQqwvBay>g2nO?BQX>ftl%EA*PmL;VEVzZbqdM75YBj1wI+&mHCz4l@USSj!~77 zW$wXQ>0J2+o?#{W$?2|uaBxKNDVH`ayL)R zG>Xa(i%7~zclB^JGpO?M@hkN!&hhpu4loW03odu}<+AiHPN~fEt;{vg@Gda1urMnu z^G_=(sq%6QHP0~eiE_#=PcJG=PAbxN<O-(T}H8r$Uhz$1)%uZJbD9!Y7 z_RjHi^-C$Y%+3r8u6Hdk$+vKHD$jJxHYp9yaS1eW(l5_9a13$e(svIENcFCCvGnrF z_RR|}Pj*VI49aoKDi8HBa!M)-@Xs{LHTNpZ&37sWSr_3O?_lnyn_iTfSe&YmZt1QU z6r!Da4iR$NsXY3gr~ZJM0UrK_u};9X)E7-CuPnr-QrSLSIM;BT2&Vxpbn zo8w_z5fYV}=u;f%ksje^nwk^n$(7L>a;CE-Q*PxHX^%sSr;K~Oa*Dg+j`nfTU-Kre=Suscsk>5=)_xx+nxD1ud9B& zrx(U4yJ6qe7~woaGlrixbdtQD9eXwHm!QBMiM3C|#i<+`Xu(qSUd%J;T>Y z+a)`-I3jBq#Kd<%0^!$7X!5bfl0*QC^lu+jj7l)#W8eeH^H<5Jhm(286~ zSF@;$B*#?O0$&49|6+98q5@09{2Ud^oD1BYTn*E5qf(5#os9h~ow8gjgUq6$JPq7Z z9jk(pvhs{Fg9D4qG7Y%A3w?6RqbwaW!pg(bQ~jL0P25eYQqv8K9gQPh%go9POp>%y z-Q2xGN&?Ys%Qi~)$SPOR*DeVwHO|a3PfRLx%q;TH&k8Nh%`!^~Of>N|(DyXg_6i9r zNzyJz&G6-N@(nZhs5FW2H8KqfFAXk_sLUu$@z4);j&zMQHq%eZ^3N`^^v=u6Ffakx z7O$_XZ*?G z98pkN=hI>uRa|k>@<*_Z=;RM&PYae=?3q2)S>Dm(-DEZ<|N7U{x4YMMx|B7jEIPPfygBj@ zThz(NxBf2W%etc`y*F~xBIg|&S3kAZdMMqVbX8*yYu_ZzT(5=Y+>dyhS~ooWe@-#! zMxE*N&mX6ihE3%4o%(C1&ELb#87`$~)LS?DJd%z&lC7)!Wy71@2gEl{JU$%&L9-#P delta 570 zcmdnW_L^ma>g0Sz_HbXP)GTx3yvoAJqV!;|%>1;7%3@cuWY4UM&r4iN{Wk|D}sX^eGT+8OgxH%OZ-!k%Cj^4%+vhClT5q=BTdSDoip8wxr|G)i}Nad zl8eke0z3`wU64@`_8146;%JvT_Rj-7LMF3*AhMtFn^0 zQc^Mu0>djTlk$!8%sjHpll%hRToMh#j7`hE%rmM&vP`l|jGY`yg1yQ?*7=yIl_te| zW$UIFr6v}qDnwZ&>s!W`E10_Fx;iUF6~q-QB-TU*`f%mymm4~l`+J#tMflVwl~fp) zMpcxUdb+u$8|D|KL^)TQg@qMz>FVk#l$e)#yEx^Q6**cO7ZiAe1!-3}K1pb_jQfpV%D5?VKR9e!^POg}cmIAO60q8TM@F>V2H6#RBgv LkBQ^dcIF2F+VIZA From fe7bc61d964502addd55c1b1e98160035c54db69 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Jun 2022 17:13:30 +0200 Subject: [PATCH 343/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/64831f938bd413cefde0b0cf871febc494afaa4f' (2022-05-25) → 'github:nix-community/home-manager/70824bb5c790b820b189f62f643f795b1d2ade2e' (2022-06-07) • Added input 'home-manager/flake-compat': 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19) • Added input 'home-manager/nmd': 'gitlab:rycee/nmd/9e7a20e6ee3f6751f699f79c0b299390f81f7bcd' (2022-05-23) • Added input 'home-manager/nmt': 'gitlab:rycee/nmt/d83601002c99b78c89ea80e5e6ba21addcfe12ae' (2022-03-23) • Added input 'home-manager/utils': 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/83658b28fe638a170a19b8933aa008b30640fbd1' (2022-05-26) → 'github:NixOS/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/f6c4da49202d79cdab2fdf2bfa3019cde23f007e' (2022-05-29) → 'github:NixOS/nixpkgs/a58de450c514aa1bc5a4999f92656ab6b600dc59' (2022-06-10) --- flake.lock | 87 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 77 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 2e21878..f5e8575 100644 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1648297722, @@ -36,16 +52,20 @@ }, "home-manager": { "inputs": { + "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" - ] + ], + "nmd": "nmd", + "nmt": "nmt", + "utils": "utils" }, "locked": { - "lastModified": 1653518057, - "narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=", + "lastModified": 1654628474, + "narHash": "sha256-Llm9X8Af15uC9IMStxqjCfO15WgYTqTnsQq8wMcpp5Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "64831f938bd413cefde0b0cf871febc494afaa4f", + "rev": "70824bb5c790b820b189f62f643f795b1d2ade2e", "type": "github" }, "original": { @@ -89,11 +109,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1653839487, - "narHash": "sha256-UFTixs7vCadS50/J0Q5tIFSeXrDJs7lCKHi+a3V9oVQ=", + "lastModified": 1654819923, + "narHash": "sha256-s3m3dbCVWw7XAFbkIJyPKtlqgbcDD+2BrBOGTRn0fIw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f6c4da49202d79cdab2fdf2bfa3019cde23f007e", + "rev": "a58de450c514aa1bc5a4999f92656ab6b600dc59", "type": "github" }, "original": { @@ -105,11 +125,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1653581809, - "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", + "lastModified": 1654682581, + "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "83658b28fe638a170a19b8933aa008b30640fbd1", + "rev": "e0169d7a9d324afebf5679551407756c77af8930", "type": "github" }, "original": { @@ -119,6 +139,38 @@ "type": "github" } }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1653339422, + "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", + "owner": "rycee", + "repo": "nmd", + "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmt": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -128,6 +180,21 @@ "nixpkgs": "nixpkgs_2", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } + }, + "utils": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", From 3c036b51644fdbef35c21afd30472b00267b3088 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Jun 2022 18:01:58 +0200 Subject: [PATCH 344/904] ci: add hades to build outputs --- .github/workflows/cachix.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index ccde1ae..d13d888 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -76,6 +76,7 @@ jobs: matrix: name: - boreal + - hades - poseidon - zephyrus From 558ba2a685b2bf9849fff27dd2e826602069f577 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 02:25:46 +0200 Subject: [PATCH 345/904] hades: enable fail2ban --- hosts/hades/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 95e529a..7873034 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -59,6 +59,8 @@ in { enable = true; exitNode = true; }; + + fail2ban.enable = true; }; # Enable the OpenSSH daemon. From baa239dc72559b4bb1e002e30a501eae6bfaf8e1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 15:33:59 +0200 Subject: [PATCH 346/904] hades: setup restic backups --- hosts/hades/default.nix | 12 ++++++++++-- hosts/hades/secrets.nix | 3 +++ .../secrets/restic-backup/hades-credentials.age | Bin 0 -> 438 bytes modules/secrets/restic-backup/hades-password.age | 10 ++++++++++ modules/secrets/secrets.nix | 2 ++ 5 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 modules/secrets/restic-backup/hades-credentials.age create mode 100644 modules/secrets/restic-backup/hades-password.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 7873034..cb47d27 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -55,12 +55,20 @@ in { # List services that you want to enable: my.services = { + fail2ban.enable = true; + + restic-backup = { + enable = true; + repo = "b2:hades-backup-alarsyo"; + passwordFile = config.age.secrets."restic-backup/hades-password".path; + environmentFile = config.age.secrets."restic-backup/hades-credentials".path; + paths = ["/home/alarsyo"]; + }; + tailscale = { enable = true; exitNode = true; }; - - fail2ban.enable = true; }; # Enable the OpenSSH daemon. diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 3fbc379..f562d22 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,6 +13,9 @@ // attrs; in lib.mapAttrs toSecret { + "restic-backup/hades-credentials" = {}; + "restic-backup/hades-password" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/restic-backup/hades-credentials.age b/modules/secrets/restic-backup/hades-credentials.age new file mode 100644 index 0000000000000000000000000000000000000000..30a9e02e45ee8ddb1bfe740d4ba281bc3b874bbc GIT binary patch literal 438 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dp#noNHlN{ z^9j$6^sh4a2q@06u<#EKEY}Xo%gv3*H8t=sa0)QY_At*5HQ|b|EJ=)VGj!1pD#|fS z%*pi$4)XOfaL@Ek_pmG}Hmo#D3{K81G|PxG3PrcAAi|>3C|x1AD%Uc~&)d>0sxrbc zDm%N#JI5m|)!)?JCn+V}HMua~$tT?0xp-`~9|E!8X2GSS)GJTbtd z($mr@!Ym@hBQn&`CBo9oq%hl~Bpqa1nX;K~dQoa(ajHU`jY^acm#MdLpnIjGHPmzCNgkNR3VYo?}nPp*CmYKGRL1td6w@I#re}=zzTBWm3fN6?`lf$$l8QA(w;mk$ V#Xc) ssh-ed25519 k2gHjw tz1jNUQvZEVHqehFVapGqTzuRS42q/cMxyMxxKq+LzM +kA2ZKO7MJijITas44VeEKSNl801EmGea9k35OXiZ+BE +-> ssh-ed25519 pX8y2g xjtYR+DLpZ8aWXSGnZwbW1LYgIzcFWirKzCFJ8XcFmk +bDXZMuNZexO3Cj0RmzjGA33Xt6eMV1zTqjkw+hFUB54 +-> XL-grease ]SR-r g<"^}r I> PHC +i5h9MKFYUKNt +--- arx3EqdP9sGpt3TmJDAHNaF03UL+hfJTle+FSdlP/6A +}vjAz΍TGWvB 0<;ZY{ŽL<\ō>4o~,蚫^4^yl\Ftgd +GƲ*" \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 68137cc..455f7b0 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -26,6 +26,8 @@ in { "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; + "restic-backup/hades-password.age".publicKeys = [alarsyo hades]; + "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; From 990c035c3b4cdf115aa2cf0873906354346a32e9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 17:18:58 +0200 Subject: [PATCH 347/904] services: use subdomain for ACME cert Avoids conflicts now that I have multiple servers sharing the config --- services/fava.nix | 8 +++++++- services/gitea/default.nix | 6 +++++- services/jellyfin.nix | 6 +++++- services/lohr.nix | 8 +++++++- services/matrix.nix | 13 +++++++++---- services/miniflux.nix | 6 +++++- services/monitoring.nix | 8 ++++++-- services/navidrome.nix | 6 +++++- services/nextcloud.nix | 6 +++++- services/nginx.nix | 5 +++-- services/paperless.nix | 6 +++++- services/transmission.nix | 6 +++++- services/vaultwarden.nix | 6 +++++- 13 files changed, 72 insertions(+), 18 deletions(-) diff --git a/services/fava.nix b/services/fava.nix index 59494ad..8e796f5 100644 --- a/services/fava.nix +++ b/services/fava.nix @@ -13,7 +13,11 @@ cfg = config.my.services.fava; my = config.my; + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; + secrets = config.my.secrets; in { options.my.services.fava = let @@ -65,7 +69,7 @@ in { services.nginx.virtualHosts = { "fava.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; listen = [ # FIXME: hardcoded tailscale IP @@ -86,5 +90,7 @@ in { }; }; }; + + security.acme.certs.${fqdn}.extraDomainNames = ["fava.${domain}"]; }; } diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 6796d88..c6472fb 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -15,6 +15,8 @@ my = config.my; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; in { options.my.services.gitea = let inherit (lib) types; @@ -101,7 +103,7 @@ in { virtualHosts = { "git.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; @@ -110,6 +112,8 @@ in { }; }; + security.acme.certs.${fqdn}.extraDomainNames = ["git.${domain}"]; + systemd.services.gitea.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.gitea.stateDir}/custom/templates"; }; } diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 4a4ceea..3160770 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -14,6 +14,8 @@ my = config.my; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; # hardcoded in NixOS module :( jellyfinPort = 8096; @@ -31,12 +33,14 @@ in { # Proxy to Jellyfin services.nginx.virtualHosts."jellyfin.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."/" = { proxyPass = "http://localhost:${toString jellyfinPort}/"; proxyWebsockets = true; }; }; + + security.acme.certs.${fqdn}.extraDomainNames = ["jellyfin.${domain}"]; }; } diff --git a/services/lohr.nix b/services/lohr.nix index c7a5acf..a86a0b3 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -13,7 +13,11 @@ cfg = config.my.services.lohr; my = config.my; + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; + secrets = config.my.secrets; lohrPkg = let flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; @@ -73,12 +77,14 @@ in { services.nginx.virtualHosts = { "lohr.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; }; }; + + security.acme.certs.${fqdn}.extraDomainNames = ["lohr.${domain}"]; }; } diff --git a/services/matrix.nix b/services/matrix.nix index 82cfb88..eab7e37 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -32,7 +32,10 @@ public = 443; private = 11339; }; + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; in { options.my.services.matrix = let inherit (lib) types; @@ -147,7 +150,7 @@ in { virtualHosts = { "matrix.${domain}" = { onlySSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations = let proxyToClientPort = { @@ -181,7 +184,7 @@ in { "matrix.${domain}_federation" = rec { onlySSL = true; serverName = "matrix.${domain}"; - useACMEHost = domain; + useACMEHost = fqdn; locations."/".return = "404"; @@ -205,7 +208,7 @@ in { "${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."= /.well-known/matrix/server".extraConfig = let server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";}; @@ -230,7 +233,7 @@ in { # Element Web app deployment # "chat.${domain}" = { - useACMEHost = domain; + useACMEHost = fqdn; forceSSL = true; root = pkgs.element-web.override { @@ -259,6 +262,8 @@ in { }; }; + security.acme.certs.${fqdn}.extraDomainNames = ["chat.${domain}" "matrix.${domain}" domain]; + # For administration tools. environment.systemPackages = [pkgs.matrix-synapse]; diff --git a/services/miniflux.nix b/services/miniflux.nix index 5738d8e..b4cf78e 100644 --- a/services/miniflux.nix +++ b/services/miniflux.nix @@ -15,6 +15,8 @@ my = config.my; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; in { options.my.services.miniflux = let inherit (lib) types; @@ -60,7 +62,7 @@ in { virtualHosts = { "reader.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; @@ -68,5 +70,7 @@ in { }; }; }; + + security.acme.certs.${fqdn}.extraDomainNames = ["reader.${domain}"]; }; } diff --git a/services/monitoring.nix b/services/monitoring.nix index 57731ff..a648578 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -13,6 +13,8 @@ cfg = config.my.services.monitoring; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; in { options.my.services.monitoring = let inherit (lib) types; @@ -103,15 +105,17 @@ in { }; services.nginx = { - virtualHosts.${config.services.grafana.domain} = { + virtualHosts.${cfg.domain} = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; proxyWebsockets = true; }; forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; }; }; + + security.acme.certs.${fqdn}.extraDomainNames = [cfg.domain]; }; } diff --git a/services/navidrome.nix b/services/navidrome.nix index 75e6d53..c901495 100644 --- a/services/navidrome.nix +++ b/services/navidrome.nix @@ -14,6 +14,8 @@ cfg = config.my.services.navidrome; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; in { options.my.services.navidrome = let inherit (lib) types; @@ -46,7 +48,7 @@ in { services.nginx.virtualHosts."music.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; listen = [ # FIXME: hardcoded tailscale IP @@ -67,5 +69,7 @@ in { proxyWebsockets = true; }; }; + + security.acme.certs.${fqdn}.extraDomainNames = ["music.${domain}"]; }; } diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 330548e..7349970 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -16,6 +16,8 @@ let cfg = config.my.services.nextcloud; my = config.my; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; dbName = "nextcloud"; in { options.my.services.nextcloud = let @@ -85,11 +87,13 @@ in { virtualHosts = { "cloud.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; }; }; }; + security.acme.certs.${fqdn}.extraDomainNames = ["cloud.${domain}"]; + my.services.restic-backup = let nextcloudHome = config.services.nextcloud.home; in diff --git a/services/nginx.nix b/services/nginx.nix index a69d1ac..d84425c 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -54,10 +54,11 @@ in { certs = let domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; gandiKey = config.my.secrets.gandiKey; in { - "${domain}" = { - extraDomainNames = ["*.${domain}"]; + "${fqdn}" = { dnsProvider = "gandiv5"; credentialsFile = config.age.secrets."gandi/api-key".path; group = "nginx"; diff --git a/services/paperless.nix b/services/paperless.nix index 3c1aee7..415d35e 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -14,6 +14,8 @@ cfg = config.my.services.paperless; my = config.my; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; paperlessDomain = "paperless.${domain}"; in { options.my.services.paperless = let @@ -99,7 +101,7 @@ in { services.nginx.virtualHosts = { "${paperlessDomain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; listen = [ # FIXME: hardcoded tailscale IP @@ -122,6 +124,8 @@ in { }; }; + security.acme.certs.${fqdn}.extraDomainNames = [paperlessDomain]; + my.services.restic-backup = mkIf cfg.enable { paths = [ config.services.paperless.dataDir diff --git a/services/transmission.nix b/services/transmission.nix index 822070c..c2f4944 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -14,6 +14,8 @@ cfg = config.my.services.transmission; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; webuiDomain = "transmission.${domain}"; transmissionRpcPort = 9091; @@ -73,7 +75,7 @@ in { services.nginx.virtualHosts."${webuiDomain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}"; @@ -91,5 +93,7 @@ in { } ]; }; + + security.acme.certs.${fqdn}.extraDomainNames = [webuiDomain]; }; } diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 2d8d370..43ffc85 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -15,6 +15,8 @@ my = config.my; domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; in { options.my.services.vaultwarden = let inherit (lib) types; @@ -68,7 +70,7 @@ in { virtualHosts = { "pass.${domain}" = { forceSSL = true; - useACMEHost = domain; + useACMEHost = fqdn; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; @@ -86,6 +88,8 @@ in { }; }; + security.acme.certs.${fqdn}.extraDomainNames = ["pass.${domain}"]; + # FIXME: should be renamed to vaultwarden eventually my.services.restic-backup = mkIf cfg.enable { paths = ["/var/lib/bitwarden_rs"]; From 973415fe4d28cabd6a8ea2c9d3c64f38f3138b12 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 17:20:12 +0200 Subject: [PATCH 348/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08) → 'github:NixOS/nixpkgs/90cd5459a1fd707819b9a3fb9c852beaaac3b79a' (2022-06-11) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/a58de450c514aa1bc5a4999f92656ab6b600dc59' (2022-06-10) → 'github:NixOS/nixpkgs/d64abb978cc2fa4b88b074a64d1b456183c8db17' (2022-06-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f5e8575..6529b81 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1654819923, - "narHash": "sha256-s3m3dbCVWw7XAFbkIJyPKtlqgbcDD+2BrBOGTRn0fIw=", + "lastModified": 1655000332, + "narHash": "sha256-G4rs6nRox0146D6uI+zLxl8PwKXEO4PngyNXtY82DJI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a58de450c514aa1bc5a4999f92656ab6b600dc59", + "rev": "d64abb978cc2fa4b88b074a64d1b456183c8db17", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1654682581, - "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=", + "lastModified": 1654953433, + "narHash": "sha256-TwEeh4r50NdWHFAHQSyjCk2cZxgwUfcCCAJOhPdXB28=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e0169d7a9d324afebf5679551407756c77af8930", + "rev": "90cd5459a1fd707819b9a3fb9c852beaaac3b79a", "type": "github" }, "original": { From eab8a279a1fee9f00161ac4acb2146172feed8f1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 17:59:41 +0200 Subject: [PATCH 349/904] hosts: move miniflux from poseidon to hades --- hosts/hades/default.nix | 6 +++++ hosts/hades/secrets.nix | 4 ++++ hosts/poseidon/default.nix | 6 ----- hosts/poseidon/secrets.nix | 2 -- modules/secrets/gandi/api-key.age | 21 +++++++++--------- .../secrets/miniflux/admin-credentials.age | Bin 597 -> 558 bytes modules/secrets/secrets.nix | 4 ++-- 7 files changed, 23 insertions(+), 20 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index cb47d27..4fd34ee 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -57,6 +57,12 @@ in { my.services = { fail2ban.enable = true; + miniflux = { + enable = true; + adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path; + privatePort = 8080; + }; + restic-backup = { enable = true; repo = "b2:hades-backup-alarsyo"; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index f562d22..656fb2e 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,6 +13,10 @@ // attrs; in lib.mapAttrs toSecret { + "gandi/api-key" = {}; + + "miniflux/admin-credentials" = {}; + "restic-backup/hades-credentials" = {}; "restic-backup/hades-password" = {}; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 7c3bd67..b05967f 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -96,12 +96,6 @@ in { port = 8083; }; - miniflux = { - enable = true; - adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path; - privatePort = 8080; - }; - matrix = { enable = true; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 66f6673..719d569 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -21,8 +21,6 @@ owner = "matrix-synapse"; }; - "miniflux/admin-credentials" = {}; - "nextcloud/admin-pass" = { owner = "nextcloud"; }; diff --git a/modules/secrets/gandi/api-key.age b/modules/secrets/gandi/api-key.age index 2c80cf9..9a2e915 100644 --- a/modules/secrets/gandi/api-key.age +++ b/modules/secrets/gandi/api-key.age @@ -1,11 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 k2gHjw cPZECs2fo+sOznfaXiZjieBB6nwe4D7s5shh6YE/VWY -Oi/B1v/9NkPORSllIxrFltkXVFUwFZcgJlcxUdGWjT0 --> ssh-ed25519 z6Eu8Q G3/FgigyszNLmNCXiAxeWgsALohxZ+ZLLvhRg38CBxk -Z/OiV82zpOJhewVWvJSZUOCNzixFHvWl53cT/MIcZjo --> -%^%:-grease -CkySRq28PocmIYUy7teSU9JkV8/tq/JIR83vFkuRSIYascFHgQrUhEbjy05uLMAe -Sw ---- LvigUOnTKMr+/oIUFVCWXM59d0Q9qePiZ1zqm8s/4lI -u>ܭȃuI͜jXN?ISGY7Smf -ApWo \ No newline at end of file +-> ssh-ed25519 k2gHjw E972A3kem7+3ul2Ai8TV8EVkF9upClr46y1pbN+AfDY +qZdZuv+F9c46uxKWYdBKp6AGkTA5IEjcBwDlBHpEbCU +-> ssh-ed25519 pX8y2g WEBknhwaTqfVzaLQRg1tfEY/aGZDFnH0PvXOZ3pC1k8 +A23ELihRVsx8jhTcJAy3a1/saKWPc6ojf8HhPHj0niw +-> ssh-ed25519 z6Eu8Q IsN3L8xlk8VwrqUByYiUhthAk06KCn6hcYlZrodk/Vg +lX/SjRJIZEt1/Q6iLKFiUTHB4eH8ig4WJN79mU/AVUw +-> &r29]-grease #} +100ULy2nfLIOODMNPyvq0ATuGdVBAgwcXAs +--- VkOZ7Vy9R4QPqvgAveJae/L4/nuDnQ/bAoN7UEKzxyw +wQ{3ɔ3 +m2e?. M:Df);t {zRo 񲛇E#cTE9H67qA_Lb} \ No newline at end of file diff --git a/modules/secrets/miniflux/admin-credentials.age b/modules/secrets/miniflux/admin-credentials.age index ee534fb684f738e45a223e393e7f14bed881e097..11c576f36bbbd3c601e6e95c5b89e0947be9a194 100644 GIT binary patch delta 525 zcmcc0vW{hfPJM{0rM7E$YPLmMZfKNWfK!Tpx_*?YNr;g}c70Pj-@%cAklLc1mzbfki+`xMf6Aj+05Tg+ZdFi@8a1T6$zbRz_Z;374*&LUD11 zZfc5=si~o*LP3N@rBS+qnRiBEv3YT7icy+be!hRXQ+=VCb4iv-PN=_6PNYkTrE8F% ziDj9kk&j_ES87PPp^34VL4|>KzOz@NrHNsBaY>F#T2xrBp=WYwqN$&ezF%&nn_*Qt z$U3FsNC(~YqSVCVR0T65B}*5sfV_g>#N-H(YFK7My%90|BP_qzI$B42J6UP$6(kv(QWUj0bpQ;MaDql~N%A6=S!=l0{ zW4EvfkAmFPps?U96K|J@$aIt3FypX_g50R$ykst2U0sFb(vpyTzo_KIa{W|`yi^lE zvw$o&XM@mCr;vPYr_}TypK`OnP{;fTKVPo;@1H+5} delta 564 zcmZ3-a+PI*PJL-^P?BM~X?CD~K)z9sepN<(d48^GPL`K`p?Pplm}zlAPDOY|Mv;$W zB$t<=cVb?7NSTRgRjx_7Sy;NWM^2DMxM`4qesQ{cenF{aNI{xKexhSqIhU@TLUD11 zZfc5=si~o*LY0|osYRfIXOgQ|u(p9mVnCLAd8KPaTD?cHNkwINNV<``zO%EpsZnZB zadNU#uD7cJmt|pINMcn|scE)rad25+K}cpwl#54Ycv7N%u~Aa4kzt@?j$4*#fN7B< z$hzdBJneiH-Snc=#Nt$iBC7&(qg;gy3)>{kT$eh9=y(@}h$59Jw>pywE_ZM9AXAGZ zQ}g`#&`i^kppY;VpX78$_oOI`LRU|-aKk{ya94L@ms}S&_dq9?+{%J{1Lr~`)6@c! zi~=WpUw^LTd{YDGNV6*ce9KI8pNeFY$OsotOYKOn6myS2^F)I{(-JeY@Z>}@?GW=y zvqfvg+8ifSql=2NxU0@!qPiSTJqz z^?gzb)0d0(U-*0W%sqj3uU|I2FDr}domO%6<}5`?Crz1Ltr^@x4b7h2%v-(wY;-a3 zdbmhN*Uv2BBy;XmzB6y@JNGuPe0DeYPx;+BU&EexRxAzEj_-+BSb3>)>X~PIUG~jO F0090>%)bBt diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 455f7b0..bf0f8ec 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -11,13 +11,13 @@ let all = users ++ machines; in { - "gandi/api-key.age".publicKeys = [alarsyo poseidon]; + "gandi/api-key.age".publicKeys = [alarsyo hades poseidon]; "lohr/shared-secret.age".publicKeys = [alarsyo poseidon]; "matrix-synapse/secret-config.age".publicKeys = [alarsyo poseidon]; - "miniflux/admin-credentials.age".publicKeys = [alarsyo poseidon]; + "miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; "nextcloud/admin-pass.age".publicKeys = [alarsyo poseidon]; From cc1b9f47949b8d0dc8a8bcb8f2280a3964eeeebc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 20:17:08 +0200 Subject: [PATCH 350/904] hosts: move matrix to hades --- hosts/hades/default.nix | 5 +++++ hosts/hades/secrets.nix | 4 ++++ hosts/poseidon/default.nix | 5 ----- hosts/poseidon/secrets.nix | 4 ---- .../secrets/matrix-synapse/secret-config.age | Bin 699 -> 717 bytes modules/secrets/secrets.nix | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 4fd34ee..f08fe5e 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -57,6 +57,11 @@ in { my.services = { fail2ban.enable = true; + matrix = { + enable = true; + secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; + }; + miniflux = { enable = true; adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 656fb2e..9e07681 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -15,6 +15,10 @@ lib.mapAttrs toSecret { "gandi/api-key" = {}; + "matrix-synapse/secret-config" = { + owner = "matrix-synapse"; + }; + "miniflux/admin-credentials" = {}; "restic-backup/hades-credentials" = {}; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index b05967f..0695469 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -96,11 +96,6 @@ in { port = 8083; }; - matrix = { - enable = true; - secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; - }; - monitoring = { enable = true; domain = "monitoring.${config.networking.domain}"; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 719d569..de918e3 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,10 +17,6 @@ "lohr/shared-secret" = {}; - "matrix-synapse/secret-config" = { - owner = "matrix-synapse"; - }; - "nextcloud/admin-pass" = { owner = "nextcloud"; }; diff --git a/modules/secrets/matrix-synapse/secret-config.age b/modules/secrets/matrix-synapse/secret-config.age index 8ec58e864c8e26d1843c179c3f19c542f53e6cdc..eb23b3bda2f2742f24f2779e51020ed4045283d9 100644 GIT binary patch delta 685 zcmdnZdX{y9PJOV2k85srSbj#RX{w*6V^y(VURZuosYQ}@c8WoEWL zT1sB9QKYLQmtU1ZSea{HS#C*QRZv*CUwCk+tC4qvi-kv2ZiY#5PJv;7wquc3NKt_a z$htuPJmU!6^rFAbY^pL73gK(~tz*O(VQa|m| z^wP32uL>i>46opzVjq2v{1UH9mvH0aaBuVURDV-0U0q#;6oWGDL_^Db7j07u$6^!x zOtU0kqa-I+KldWzhzJwch}@E7KX;Reppd|NE*_?XmV(KG{0~aHL*84jzYzZ=EB#XH zuhYNW=iSJzxmKK7{aJQjTUYAt8GMUR{Rv*orK=fRSFHT=%d z@yp*2dKMg;}-ubQ9SGh5z`eF4t zn6`z0q(O7BgvW^=7AgB~o delta 667 zcmX@hx|?-^PQ6E^n`cy1hIT}1kXu!YiMGZT*OvX@YaymZ{Y{@}5NDqH#ddzL+ne=)7UBH6<5>x18y zs{9_Q7rxo*&e5RcZp)d?f8gA?uOT55?;TK)JbSa`@ejUZtvi;ys5@dMrSWG`)z7Mj zX2%L9$sb?$OzV2cTB$2@FM7LNuu;>PaOe3ImABt=-g3rqGqM}HMzXzi@s2e(To@MV z|5NtOl#BD~FKpb&_xFb4_d0j2?^BtlK2$vZKxEg8`+q#YF61?N!i5tb5B~MO z^C2}Pp!m_kw3}>qGvyOL7qi{{;`{u)Ux0&{+Q~Dw`#X=R|7YV{WZ}wNJ4>$q^aLl9 zlxF`5yNA+!U7kGmrZT>N8@BFkdc~P%mkYN_ceO>g_&qt?`)sMmq2~d45W)Ze diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index bf0f8ec..e3c78e6 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -15,7 +15,7 @@ in { "lohr/shared-secret.age".publicKeys = [alarsyo poseidon]; - "matrix-synapse/secret-config.age".publicKeys = [alarsyo poseidon]; + "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; "miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; From 9593e8b460759155d3dfd9da655da8e83016aae4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 21:00:19 +0200 Subject: [PATCH 351/904] services: matrix: remove unneeded mkIf --- services/matrix.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/services/matrix.nix b/services/matrix.nix index eab7e37..e0ca675 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -274,11 +274,10 @@ in { my.services.restic-backup = let dataDir = config.services.matrix-synapse.dataDir; - in - mkIf cfg.enable { - paths = [dataDir]; - # this is just caching for other servers media, doesn't need backup - exclude = ["${dataDir}/media/remote_*"]; - }; + in { + paths = [dataDir]; + # this is just caching for other servers media, doesn't need backup + exclude = ["${dataDir}/media/remote_*"]; + }; }; } From 1f8c38eebeab0c236e307663fdd84dfc1df0398e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 12 Jun 2022 21:00:36 +0200 Subject: [PATCH 352/904] services: matrix: make sure db and role exist --- services/matrix.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/services/matrix.nix b/services/matrix.nix index e0ca675..f09fc9f 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -53,6 +53,14 @@ in { config = mkIf cfg.enable { services.postgresql = { enable = true; + + ensureDatabases = ["matrix-synapse"]; + ensureUsers = [ + { + name = "matrix-synapse"; + ensurePermissions."DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; + } + ]; }; services.postgresqlBackup = { From 45aaa7c103395b0d6e638b661325cb1d159044a3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 13 Jun 2022 16:42:22 +0200 Subject: [PATCH 353/904] base: improve auto wifi off script Added some logging and better event-specific handling --- base/gui-programs.nix | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 75d4eff..cacbcc1 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -74,26 +74,35 @@ in { in pkgs.writeShellScript "disable_wifi_on_ethernet" '' export LC_ALL=C + date >> /tmp/disable_wifi_on_ethernet.log + echo START "$@" >> /tmp/disable_wifi_on_ethernet.log - enable_disable_wifi () + beginswith() { case $2 in "$1"*) true;; *) false;; esac; } + + is_ethernet_interface () { - result=$(${nmcli} dev | ${grep} "ethernet" | ${grep} -w "connected") - if [ -n "$result" ]; then - if ! ${nmcli} dev | ${grep} -q "hotspot"; then - ${nmcli} radio wifi off - fi - else - ${nmcli} radio wifi on - fi + local type="$(${nmcli} dev show "$1" | grep 'GENERAL\.TYPE:' | awk '{ print $2 }')" + test "$type" = "ethernet" || beginswith enp "$1" } - if [ "$2" = "up" ]; then - enable_disable_wifi - fi + hotspot_enabled () + { + ${nmcli} dev | ${grep} -q "hotspot" + } - if [ "$2" = "down" ]; then - enable_disable_wifi + if is_ethernet_interface "$1" && ! hotspot_enabled; then + echo "change in ethernet and not in hotspot mode" >> /tmp/disable_wifi_on_ethernet.log + if [ "$2" = "up" ]; then + echo "turning wifi off" >> /tmp/disable_wifi_on_ethernet.log + nmcli radio wifi off + fi + + if [ "$2" = "down" ]; then + echo "turning wifi on" >> /tmp/disable_wifi_on_ethernet.log + nmcli radio wifi on + fi fi + echo END "$@" >> /tmp/disable_wifi_on_ethernet.log ''; type = "basic"; } From ee549958d18595f3f2c30610a973ed4e5bfb10a9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Jun 2022 17:51:04 +0200 Subject: [PATCH 354/904] hosts: move gitea to hades --- hosts/hades/default.nix | 5 +++++ hosts/poseidon/default.nix | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index f08fe5e..a0bb987 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -57,6 +57,11 @@ in { my.services = { fail2ban.enable = true; + gitea = { + enable = true; + privatePort = 8082; + }; + matrix = { enable = true; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 0695469..1e63889 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -82,11 +82,6 @@ in { filePath = "accounts/current.beancount"; }; - gitea = { - enable = true; - privatePort = 8082; - }; - jellyfin = { enable = true; }; From fe66278f254230dbe15693fd94876d713915d18b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Jun 2022 17:58:05 +0200 Subject: [PATCH 355/904] services: gitea: note about ensureDatabases --- services/gitea/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/gitea/default.nix b/services/gitea/default.nix index c6472fb..11ef52d 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -95,6 +95,8 @@ in { ]; }; + # NOTE: no need to use postgresql.ensureDatabases because the gitea module + # takes care of this automatically services.postgresqlBackup = { databases = ["gitea"]; }; From 3dc21e88a848894159f97a92f47dbdf4ae6a9643 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Jun 2022 18:06:53 +0200 Subject: [PATCH 356/904] hades: enable postgres backups --- hosts/hades/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index a0bb987..46d7524 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -73,6 +73,10 @@ in { privatePort = 8080; }; + postgresql-backup = { + enable = true; + }; + restic-backup = { enable = true; repo = "b2:hades-backup-alarsyo"; From 42e681bb8169f06b11e0ae1b428ad3e420cb7f94 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Jun 2022 19:28:06 +0200 Subject: [PATCH 357/904] services: gitea: factorize gitea user --- services/gitea/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 11ef52d..9dfb236 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -17,6 +17,8 @@ domain = config.networking.domain; hostname = config.networking.hostName; fqdn = "${hostname}.${domain}"; + + giteaUser = "git"; in { options.my.services.gitea = let inherit (lib) types; @@ -33,11 +35,11 @@ in { config = mkIf cfg.enable { # use git as user to have `git clone git@git.domain` - users.users.git = { + users.users.${giteaUser} = { description = "Gitea Service"; home = config.services.gitea.stateDir; useDefaultShell = true; - group = "git"; + group = giteaUser; # the systemd service for the gitea module seems to hardcode the group as # gitea, so, uh, just in case? @@ -45,11 +47,11 @@ in { isSystemUser = true; }; - users.groups.git = {}; + users.groups.${giteaUser} = {}; services.gitea = { enable = true; - user = "git"; + user = giteaUser; domain = "git.${domain}"; appName = "Personal Forge"; rootUrl = "https://git.${domain}/"; @@ -80,7 +82,7 @@ in { database = { type = "postgres"; # user needs to be the same as gitea user - user = "git"; + user = giteaUser; }; }; From 1b200779b2d21744da8b469a751438e682e3893b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Jun 2022 19:36:18 +0200 Subject: [PATCH 358/904] services: postgresql-backup: enable with postgres --- hosts/hades/default.nix | 4 ---- hosts/poseidon/default.nix | 4 ---- services/postgresql-backup.nix | 4 +++- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 46d7524..a0bb987 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -73,10 +73,6 @@ in { privatePort = 8080; }; - postgresql-backup = { - enable = true; - }; - restic-backup = { enable = true; repo = "b2:hades-backup-alarsyo"; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 1e63889..22590a6 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -117,10 +117,6 @@ in { secretKeyFile = config.age.secrets."paperless/secret-key".path; }; - postgresql-backup = { - enable = true; - }; - tailscale = { enable = true; exitNode = true; diff --git a/services/postgresql-backup.nix b/services/postgresql-backup.nix index 0d8ec05..f5518af 100644 --- a/services/postgresql-backup.nix +++ b/services/postgresql-backup.nix @@ -13,7 +13,9 @@ cfg = config.my.services.postgresql-backup; in { options.my.services.postgresql-backup = { - enable = mkEnableOption "Backup SQL databases"; + enable = + (mkEnableOption "Backup SQL databases") + // {default = config.services.postgresql.enable;}; }; config = mkIf cfg.enable { From 6e4c9cfd54d21725f22e64148d7fb9041cb47ff7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 20 Jun 2022 12:54:29 +0200 Subject: [PATCH 359/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01' (2022-04-02) → 'github:ryantm/agenix/7e5e58b98c3dcbf497543ff6f22591552ebfe65b' (2022-05-16) • Updated input 'flake-utils': 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) → 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) • Updated input 'home-manager': 'github:nix-community/home-manager/70824bb5c790b820b189f62f643f795b1d2ade2e' (2022-06-07) → 'github:nix-community/home-manager/3d8265c5efd5e4d3ad8a90686bc81d49353fdb08' (2022-06-19) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/feceb4d24f582817d8f6e737cd40af9e162dee05' (2022-03-24) → 'github:NixOS/nixos-hardware/0cab18a48de7914ef8cad35dca0bb36868f3e1af' (2022-06-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/90cd5459a1fd707819b9a3fb9c852beaaac3b79a' (2022-06-11) → 'github:NixOS/nixpkgs/e0a42267f73ea52adc061a64650fddc59906fc99' (2022-06-18) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/d64abb978cc2fa4b88b074a64d1b456183c8db17' (2022-06-12) → 'github:NixOS/nixpkgs/5823018b1b27b9675a51a84a7fc9cdd44327fa3e' (2022-06-19) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 6529b81..211254e 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1648942457, - "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", + "lastModified": 1652712410, + "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", "owner": "ryantm", "repo": "agenix", - "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", + "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", "type": "github" }, "original": { @@ -36,11 +36,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1648297722, - "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1654628474, - "narHash": "sha256-Llm9X8Af15uC9IMStxqjCfO15WgYTqTnsQq8wMcpp5Q=", + "lastModified": 1655679417, + "narHash": "sha256-rUM/VDIQAMm0pLAVBizQoR9I8TELRmak7SsJLaO/NBg=", "owner": "nix-community", "repo": "home-manager", - "rev": "70824bb5c790b820b189f62f643f795b1d2ade2e", + "rev": "3d8265c5efd5e4d3ad8a90686bc81d49353fdb08", "type": "github" }, "original": { @@ -77,11 +77,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1648141026, - "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=", + "lastModified": 1654057797, + "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05", + "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", "type": "github" }, "original": { @@ -109,11 +109,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1655000332, - "narHash": "sha256-G4rs6nRox0146D6uI+zLxl8PwKXEO4PngyNXtY82DJI=", + "lastModified": 1655661709, + "narHash": "sha256-WkYIFUt+nRcTvAZCw597AG1luNxNGNucfPkBA/wA5Qo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d64abb978cc2fa4b88b074a64d1b456183c8db17", + "rev": "5823018b1b27b9675a51a84a7fc9cdd44327fa3e", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1654953433, - "narHash": "sha256-TwEeh4r50NdWHFAHQSyjCk2cZxgwUfcCCAJOhPdXB28=", + "lastModified": 1655567057, + "narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "90cd5459a1fd707819b9a3fb9c852beaaac3b79a", + "rev": "e0a42267f73ea52adc061a64650fddc59906fc99", "type": "github" }, "original": { From e115466baa788ec13044d5b31490d415a2d221a7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 20 Jun 2022 13:35:36 +0200 Subject: [PATCH 360/904] base: add cachix and jq to programs --- base/programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/programs.nix b/base/programs.nix index 3281f01..eee3889 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -30,6 +30,7 @@ tokei tree wget + jq # development alejandra @@ -56,6 +57,7 @@ nix-index agenix + cachix ; inherit From 6a692448227674f2a97396e5f9316e1b728337a2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 8 Jun 2022 06:14:31 +0200 Subject: [PATCH 361/904] boreal: use tmpfs for /tmp --- hosts/boreal/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 19771f2..1d04ac5 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -22,6 +22,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.tmpOnTmpfs = true; + boot.supportedFilesystems = [ "btrfs" "ntfs" From 487fd04b68a15e1a22f17faaa3f91d6bdf72509b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 25 Jun 2022 16:35:29 +0200 Subject: [PATCH 362/904] home: tridactylrc: add primevideo --- home/tridactylrc | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tridactylrc b/home/tridactylrc index b683fa2..25b724f 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -31,4 +31,5 @@ set editorcmd emacsclient -c set yankto both blacklistadd netflix.com +blacklistadd primevideo.com blacklistadd localhost From 1bd6eff747e02bcd5954e2686074379ee7633da8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Jun 2022 18:36:54 +0200 Subject: [PATCH 363/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/3d8265c5efd5e4d3ad8a90686bc81d49353fdb08' (2022-06-19) → 'github:nix-community/home-manager/be3adf9920febf26ff5221ed5c8c76a43b2d94d6' (2022-06-27) • Removed input 'home-manager/flake-compat' • Removed input 'home-manager/nmd' • Removed input 'home-manager/nmt' • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e0a42267f73ea52adc061a64650fddc59906fc99' (2022-06-18) → 'github:NixOS/nixpkgs/f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5' (2022-06-26) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/5823018b1b27b9675a51a84a7fc9cdd44327fa3e' (2022-06-19) → 'github:NixOS/nixpkgs/c3d95a02e904e1ef9bb78c59d36eadc15e3428b7' (2022-06-26) --- flake.lock | 69 +++++++----------------------------------------------- 1 file changed, 9 insertions(+), 60 deletions(-) diff --git a/flake.lock b/flake.lock index 211254e..e0f1e19 100644 --- a/flake.lock +++ b/flake.lock @@ -18,22 +18,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1653893745, @@ -52,20 +36,17 @@ }, "home-manager": { "inputs": { - "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" ], - "nmd": "nmd", - "nmt": "nmt", "utils": "utils" }, "locked": { - "lastModified": 1655679417, - "narHash": "sha256-rUM/VDIQAMm0pLAVBizQoR9I8TELRmak7SsJLaO/NBg=", + "lastModified": 1656313134, + "narHash": "sha256-VCEXqyq/+Ffu+TlDoIt2iepERFVVvmZ2flHNyVb0dPs=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d8265c5efd5e4d3ad8a90686bc81d49353fdb08", + "rev": "be3adf9920febf26ff5221ed5c8c76a43b2d94d6", "type": "github" }, "original": { @@ -109,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1655661709, - "narHash": "sha256-WkYIFUt+nRcTvAZCw597AG1luNxNGNucfPkBA/wA5Qo=", + "lastModified": 1656243367, + "narHash": "sha256-8M5D+wpibrAvOcgbe3X13dhYZsGYhExfPnjrn+BA6oo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5823018b1b27b9675a51a84a7fc9cdd44327fa3e", + "rev": "c3d95a02e904e1ef9bb78c59d36eadc15e3428b7", "type": "github" }, "original": { @@ -125,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1655567057, - "narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=", + "lastModified": 1656239181, + "narHash": "sha256-wW1xRFBn376yGloXZ4QzBE4hjipMawpV18Lshd9QSPw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e0a42267f73ea52adc061a64650fddc59906fc99", + "rev": "f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5", "type": "github" }, "original": { @@ -139,38 +120,6 @@ "type": "github" } }, - "nmd": { - "flake": false, - "locked": { - "lastModified": 1653339422, - "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", - "owner": "rycee", - "repo": "nmd", - "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmt": { - "flake": false, - "locked": { - "lastModified": 1648075362, - "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", - "owner": "rycee", - "repo": "nmt", - "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmt", - "type": "gitlab" - } - }, "root": { "inputs": { "agenix": "agenix", From 58cc97b44f0a8855de5b3c4e0b2b27ebc2b22046 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 1 Jul 2022 15:25:52 +0200 Subject: [PATCH 364/904] flake: pin mu to 1.6.11 Waiting for Doom Emacs to support 1.8.x --- flake.lock | 17 +++++++++++++++++ flake.nix | 8 ++++++++ 2 files changed, 25 insertions(+) diff --git a/flake.lock b/flake.lock index e0f1e19..f46977b 100644 --- a/flake.lock +++ b/flake.lock @@ -88,6 +88,22 @@ "type": "github" } }, + "nixpkgs-mu-1-6-11": { + "locked": { + "lastModified": 1656166034, + "narHash": "sha256-r3v8um8KLJVm1XFGmovKeEBUtdoSTOWP+qKJztIbERQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0100c5e564462ca83aed241c58a3427783737a26", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0100c5e564462ca83aed241c58a3427783737a26", + "type": "github" + } + }, "nixpkgs-unstable-small": { "locked": { "lastModified": 1656243367, @@ -127,6 +143,7 @@ "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "nixpkgs-mu-1-6-11": "nixpkgs-mu-1-6-11", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } }, diff --git a/flake.nix b/flake.nix index 5ed22ed..fe2d846 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,13 @@ ref = "nixos-unstable"; }; + nixpkgs-mu-1-6-11 = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + rev = "0100c5e564462ca83aed241c58a3427783737a26"; + }; + nixpkgs-unstable-small = { type = "github"; owner = "NixOS"; @@ -74,6 +81,7 @@ [ (self: super: { packages = import ./pkgs {pkgs = super;}; + mu = (import inputs.nixpkgs-mu-1-6-11 {inherit system;}).mu; # packages accessible through pkgs.unstable.package unstable = import inputs.nixpkgs-unstable-small { From e57c2fe93ffea8ed8a388045655df75cb0eadba9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Jul 2022 14:58:33 +0200 Subject: [PATCH 365/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/be3adf9920febf26ff5221ed5c8c76a43b2d94d6' (2022-06-27) → 'github:nix-community/home-manager/f2445620d177e295e711c1b2bc6c01ed6df26c16' (2022-07-04) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5' (2022-06-26) → 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/c3d95a02e904e1ef9bb78c59d36eadc15e3428b7' (2022-06-26) → 'github:NixOS/nixpkgs/fe04d2c054fc7f78bd4bab13193548080c788e42' (2022-07-02) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index f46977b..fee70e2 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1656313134, - "narHash": "sha256-VCEXqyq/+Ffu+TlDoIt2iepERFVVvmZ2flHNyVb0dPs=", + "lastModified": 1656927578, + "narHash": "sha256-ZSFrM/1PlJOqCb3mN88ZUh9dkQvNLU/nkoQ2tu02/FM=", "owner": "nix-community", "repo": "home-manager", - "rev": "be3adf9920febf26ff5221ed5c8c76a43b2d94d6", + "rev": "f2445620d177e295e711c1b2bc6c01ed6df26c16", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1656243367, - "narHash": "sha256-8M5D+wpibrAvOcgbe3X13dhYZsGYhExfPnjrn+BA6oo=", + "lastModified": 1656793342, + "narHash": "sha256-jFUd6+FxL0F5dxxxw3vyG3jTrEvo6SqYkZCnb84+ZmQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c3d95a02e904e1ef9bb78c59d36eadc15e3428b7", + "rev": "fe04d2c054fc7f78bd4bab13193548080c788e42", "type": "github" }, "original": { @@ -122,11 +122,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1656239181, - "narHash": "sha256-wW1xRFBn376yGloXZ4QzBE4hjipMawpV18Lshd9QSPw=", + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", "type": "github" }, "original": { From 66543089dd82aed6cdb9ce0d98f76e15f86ec613 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 12 Jul 2022 11:34:32 +0200 Subject: [PATCH 366/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f2445620d177e295e711c1b2bc6c01ed6df26c16' (2022-07-04) → 'github:nix-community/home-manager/0639aa34f1c2e584598c19a38990e81ad2b86ae2' (2022-07-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) → 'github:NixOS/nixpkgs/5f43d8b088d3771274bcfb69d3c7435b1121ac88' (2022-07-10) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/fe04d2c054fc7f78bd4bab13193548080c788e42' (2022-07-02) → 'github:NixOS/nixpkgs/de5b3dd17034e6106e75746e81618e5bd408de8a' (2022-07-10) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fee70e2..ff25afa 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1656927578, - "narHash": "sha256-ZSFrM/1PlJOqCb3mN88ZUh9dkQvNLU/nkoQ2tu02/FM=", + "lastModified": 1657615706, + "narHash": "sha256-WKa/8I6Qo5CEGyZVYHo7CXQ/dR1bs5dvvhV+kY2L3xs=", "owner": "nix-community", "repo": "home-manager", - "rev": "f2445620d177e295e711c1b2bc6c01ed6df26c16", + "rev": "0639aa34f1c2e584598c19a38990e81ad2b86ae2", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1656793342, - "narHash": "sha256-jFUd6+FxL0F5dxxxw3vyG3jTrEvo6SqYkZCnb84+ZmQ=", + "lastModified": 1657425264, + "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe04d2c054fc7f78bd4bab13193548080c788e42", + "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a", "type": "github" }, "original": { @@ -122,11 +122,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1657447684, + "narHash": "sha256-FCP9AuU1q6PE3vOeM5SFf58f/UKPBAsoSGDUGamNBbo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88", "type": "github" }, "original": { From f4e04e75bd23e52f454e77b76e2e1407116f93c7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 12 Jul 2022 11:35:31 +0200 Subject: [PATCH 367/904] home: fish: add dock2 temp functions --- home/fish/functions/dock2.fish | 16 ++++++++++++++++ home/fish/functions/undock2.fish | 8 ++++++++ 2 files changed, 24 insertions(+) create mode 100644 home/fish/functions/dock2.fish create mode 100644 home/fish/functions/undock2.fish diff --git a/home/fish/functions/dock2.fish b/home/fish/functions/dock2.fish new file mode 100644 index 0000000..2fc244f --- /dev/null +++ b/home/fish/functions/dock2.fish @@ -0,0 +1,16 @@ +function dock2 + xrandr \ + --output eDP-1 --mode 1920x1080 --pos 2560x0 --rotate normal \ + --output DP-1 --primary --mode 2560x1440 --pos 0x0 --rotate normal \ + --output HDMI-1 --off \ + --output DP-2 --off \ + --output HDMI-2 --off + + i3-msg -q '[workspace="1"]' move workspace to output DP-1 2>/dev/null + i3-msg -q '[workspace="2"]' move workspace to output DP-1 2>/dev/null + i3-msg -q '[workspace="3"]' move workspace to output DP-1 2>/dev/null + i3-msg -q '[workspace="4"]' move workspace to output DP-1 2>/dev/null + i3-msg -q '[workspace="9"]' move workspace to output DP-1 2>/dev/null + + i3-msg -q '[workspace="10"]' move workspace to output eDP-1 2>/dev/null +end diff --git a/home/fish/functions/undock2.fish b/home/fish/functions/undock2.fish new file mode 100644 index 0000000..d9da856 --- /dev/null +++ b/home/fish/functions/undock2.fish @@ -0,0 +1,8 @@ +function undock2 + xrandr \ + --output eDP-1 --primary --mode 1920x1080 --rotate normal \ + --output DP-1 --off \ + --output HDMI-1 --off \ + --output DP-2 --off \ + --output HDMI-2 --off +end From 48b45dd102e6dc352aa54f2f7f981f5a4353f3ef Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 16 Jul 2022 20:13:01 +0200 Subject: [PATCH 368/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/0639aa34f1c2e584598c19a38990e81ad2b86ae2' (2022-07-12) → 'github:nix-community/home-manager/4c5106ed0f3168ff2df21b646aef67e86cbfc11c' (2022-07-15) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5f43d8b088d3771274bcfb69d3c7435b1121ac88' (2022-07-10) → 'github:NixOS/nixpkgs/4a01ca36d6bfc133bc617e661916a81327c9bbc8' (2022-07-14) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/de5b3dd17034e6106e75746e81618e5bd408de8a' (2022-07-10) → 'github:NixOS/nixpkgs/5eb9bf5565c1aa2b375613ed22bdf55f1fd58e29' (2022-07-14) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ff25afa..5f1ba02 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1657615706, - "narHash": "sha256-WKa/8I6Qo5CEGyZVYHo7CXQ/dR1bs5dvvhV+kY2L3xs=", + "lastModified": 1657887110, + "narHash": "sha256-8VV0/kZed2z8fGtEc2zr+WLxTow+JTIlMjnSisyv0GQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "0639aa34f1c2e584598c19a38990e81ad2b86ae2", + "rev": "4c5106ed0f3168ff2df21b646aef67e86cbfc11c", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1657425264, - "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=", + "lastModified": 1657784809, + "narHash": "sha256-+Qigmk3dfdXSqJgDmAomjsad8n+QxZGuBMMgdxEicBs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a", + "rev": "5eb9bf5565c1aa2b375613ed22bdf55f1fd58e29", "type": "github" }, "original": { @@ -122,11 +122,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1657447684, - "narHash": "sha256-FCP9AuU1q6PE3vOeM5SFf58f/UKPBAsoSGDUGamNBbo=", + "lastModified": 1657802959, + "narHash": "sha256-9+JWARSdlL8KiH3ymnKDXltE1vM+/WEJ78F5B1kjXys=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88", + "rev": "4a01ca36d6bfc133bc617e661916a81327c9bbc8", "type": "github" }, "original": { From 9f45a918b22b95e51eb70289c10149794dde15c3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Jul 2022 17:10:25 +0200 Subject: [PATCH 369/904] Revert "flake: pin mu to 1.6.11" This reverts commit 58cc97b44f0a8855de5b3c4e0b2b27ebc2b22046. Doom now supports mu 1.8 ! --- flake.lock | 17 ----------------- flake.nix | 8 -------- 2 files changed, 25 deletions(-) diff --git a/flake.lock b/flake.lock index 5f1ba02..59817c7 100644 --- a/flake.lock +++ b/flake.lock @@ -88,22 +88,6 @@ "type": "github" } }, - "nixpkgs-mu-1-6-11": { - "locked": { - "lastModified": 1656166034, - "narHash": "sha256-r3v8um8KLJVm1XFGmovKeEBUtdoSTOWP+qKJztIbERQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0100c5e564462ca83aed241c58a3427783737a26", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0100c5e564462ca83aed241c58a3427783737a26", - "type": "github" - } - }, "nixpkgs-unstable-small": { "locked": { "lastModified": 1657784809, @@ -143,7 +127,6 @@ "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "nixpkgs-mu-1-6-11": "nixpkgs-mu-1-6-11", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } }, diff --git a/flake.nix b/flake.nix index fe2d846..5ed22ed 100644 --- a/flake.nix +++ b/flake.nix @@ -8,13 +8,6 @@ ref = "nixos-unstable"; }; - nixpkgs-mu-1-6-11 = { - type = "github"; - owner = "NixOS"; - repo = "nixpkgs"; - rev = "0100c5e564462ca83aed241c58a3427783737a26"; - }; - nixpkgs-unstable-small = { type = "github"; owner = "NixOS"; @@ -81,7 +74,6 @@ [ (self: super: { packages = import ./pkgs {pkgs = super;}; - mu = (import inputs.nixpkgs-mu-1-6-11 {inherit system;}).mu; # packages accessible through pkgs.unstable.package unstable = import inputs.nixpkgs-unstable-small { From 82421994f20ef0ab0d46a4a95946336f03243bef Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Jul 2022 14:56:48 +0200 Subject: [PATCH 370/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/4c5106ed0f3168ff2df21b646aef67e86cbfc11c' (2022-07-15) → 'github:nix-community/home-manager/dbed4c794d20d51027fc1107f063ec5be027dafc' (2022-07-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4a01ca36d6bfc133bc617e661916a81327c9bbc8' (2022-07-14) → 'github:NixOS/nixpkgs/5a0e0d73b944157328d54c4ded1cf2f0146a86a5' (2022-07-25) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/5eb9bf5565c1aa2b375613ed22bdf55f1fd58e29' (2022-07-14) → 'github:NixOS/nixpkgs/5516b991bcc4c7a786a7d7eb5bb4a1d8dae0031b' (2022-07-24) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 59817c7..40dca91 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1657887110, - "narHash": "sha256-8VV0/kZed2z8fGtEc2zr+WLxTow+JTIlMjnSisyv0GQ=", + "lastModified": 1658751516, + "narHash": "sha256-Y/3dHoTjbvYBtWd+TTBQJUIgDPO9d+Gqt05C5dyR7E4=", "owner": "nix-community", "repo": "home-manager", - "rev": "4c5106ed0f3168ff2df21b646aef67e86cbfc11c", + "rev": "dbed4c794d20d51027fc1107f063ec5be027dafc", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1657784809, - "narHash": "sha256-+Qigmk3dfdXSqJgDmAomjsad8n+QxZGuBMMgdxEicBs=", + "lastModified": 1658697568, + "narHash": "sha256-z+khz31o1F5hpIcz3yT9HFe/ASmo+T3jXAMVbYrkTE8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5eb9bf5565c1aa2b375613ed22bdf55f1fd58e29", + "rev": "5516b991bcc4c7a786a7d7eb5bb4a1d8dae0031b", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1657802959, - "narHash": "sha256-9+JWARSdlL8KiH3ymnKDXltE1vM+/WEJ78F5B1kjXys=", + "lastModified": 1658737577, + "narHash": "sha256-xosJ5nJT9HX+b6UWsSX6R+ap4AdZOCrl/r+IKFp2ASQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a01ca36d6bfc133bc617e661916a81327c9bbc8", + "rev": "5a0e0d73b944157328d54c4ded1cf2f0146a86a5", "type": "github" }, "original": { From 07bb19db3ee81a3a9da9f227a1bc82cb2fdec797 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 1 Aug 2022 14:06:50 +0200 Subject: [PATCH 371/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/dbed4c794d20d51027fc1107f063ec5be027dafc' (2022-07-25) → 'github:nix-community/home-manager/7146638e9ef74aba6736cbbf12dbe60e1ed24c1e' (2022-07-31) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5a0e0d73b944157328d54c4ded1cf2f0146a86a5' (2022-07-25) → 'github:NixOS/nixpkgs/7b9be38c7250b22d829ab6effdee90d5e40c6e5c' (2022-07-30) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/5516b991bcc4c7a786a7d7eb5bb4a1d8dae0031b' (2022-07-24) → 'github:NixOS/nixpkgs/a54fb7fc4ce8a2973097851eabfdb068a19d2211' (2022-08-01) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 40dca91..12906dd 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1658751516, - "narHash": "sha256-Y/3dHoTjbvYBtWd+TTBQJUIgDPO9d+Gqt05C5dyR7E4=", + "lastModified": 1659232160, + "narHash": "sha256-RYKbKAYooiART2RUEpUnP7tAYM6+2i1m9+QI14wljZU=", "owner": "nix-community", "repo": "home-manager", - "rev": "dbed4c794d20d51027fc1107f063ec5be027dafc", + "rev": "7146638e9ef74aba6736cbbf12dbe60e1ed24c1e", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1658697568, - "narHash": "sha256-z+khz31o1F5hpIcz3yT9HFe/ASmo+T3jXAMVbYrkTE8=", + "lastModified": 1659327012, + "narHash": "sha256-zpdsLCH+cdx/K89QtzADNwwEzU/iJ9YT8UCVp3veLWQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5516b991bcc4c7a786a7d7eb5bb4a1d8dae0031b", + "rev": "a54fb7fc4ce8a2973097851eabfdb068a19d2211", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1658737577, - "narHash": "sha256-xosJ5nJT9HX+b6UWsSX6R+ap4AdZOCrl/r+IKFp2ASQ=", + "lastModified": 1659219666, + "narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a0e0d73b944157328d54c4ded1cf2f0146a86a5", + "rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c", "type": "github" }, "original": { From 902e230233eeff3755b1486f9083b766197fe658 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Aug 2022 10:04:16 +0200 Subject: [PATCH 372/904] home: tridactyl: add youtube to blacklist --- home/tridactylrc | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tridactylrc b/home/tridactylrc index 25b724f..70c3504 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -32,4 +32,5 @@ set yankto both blacklistadd netflix.com blacklistadd primevideo.com +blacklistadd youtube.com blacklistadd localhost From 193892715adfcd48a2fa2ed583ab836dc11c5739 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 10 Aug 2022 10:08:59 +0200 Subject: [PATCH 373/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/7146638e9ef74aba6736cbbf12dbe60e1ed24c1e' (2022-07-31) → 'github:nix-community/home-manager/c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8' (2022-08-08) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7b9be38c7250b22d829ab6effdee90d5e40c6e5c' (2022-07-30) → 'github:NixOS/nixpkgs/39d7f929fbcb1446ad7aa7441b04fb30625a4190' (2022-08-08) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/a54fb7fc4ce8a2973097851eabfdb068a19d2211' (2022-08-01) → 'github:NixOS/nixpkgs/6898b758b69222959b16a96412a572bd341a4bc7' (2022-08-09) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 12906dd..1ea714d 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1659232160, - "narHash": "sha256-RYKbKAYooiART2RUEpUnP7tAYM6+2i1m9+QI14wljZU=", + "lastModified": 1659978484, + "narHash": "sha256-VkErPc8pXcuFQG7jkkaUOEMORe81oweRNlAYZJ2+aRI=", "owner": "nix-community", "repo": "home-manager", - "rev": "7146638e9ef74aba6736cbbf12dbe60e1ed24c1e", + "rev": "c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1659327012, - "narHash": "sha256-zpdsLCH+cdx/K89QtzADNwwEzU/iJ9YT8UCVp3veLWQ=", + "lastModified": 1660033331, + "narHash": "sha256-SQ6fzeYpiHhi4r8Htq+dtehF8ECgy5PbxLJ9bmzKl04=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a54fb7fc4ce8a2973097851eabfdb068a19d2211", + "rev": "6898b758b69222959b16a96412a572bd341a4bc7", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1659219666, - "narHash": "sha256-pzYr5fokQPHv7CmUXioOhhzDy/XyWOIXP4LZvv/T7Mk=", + "lastModified": 1659981942, + "narHash": "sha256-uCFiP/B/NXOWzhN6TKfMbSxtVMk1bVnCrnJRjCF6RmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7b9be38c7250b22d829ab6effdee90d5e40c6e5c", + "rev": "39d7f929fbcb1446ad7aa7441b04fb30625a4190", "type": "github" }, "original": { From f8f4f3cc814ba64aca3e78f8b8afef3624ebf0af Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 29 Aug 2022 12:12:10 +0200 Subject: [PATCH 374/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8' (2022-08-08) → 'github:nix-community/home-manager/d89bdff445eadff03fe414e9c30486bc8166b72b' (2022-08-27) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/39d7f929fbcb1446ad7aa7441b04fb30625a4190' (2022-08-08) → 'github:NixOS/nixpkgs/324c8aaf25b2f2027af7798e5582ce3040a793b6' (2022-08-27) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/6898b758b69222959b16a96412a572bd341a4bc7' (2022-08-09) → 'github:NixOS/nixpkgs/767a1251bf27d89868e86a4e2f6a2b37781e546b' (2022-08-29) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 1ea714d..c35fc9b 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1659978484, - "narHash": "sha256-VkErPc8pXcuFQG7jkkaUOEMORe81oweRNlAYZJ2+aRI=", + "lastModified": 1661573386, + "narHash": "sha256-pBEg8iY00Af/SAtU2dlmOAv+2x7kScaGlFRDjNoVJO8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8", + "rev": "d89bdff445eadff03fe414e9c30486bc8166b72b", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1660033331, - "narHash": "sha256-SQ6fzeYpiHhi4r8Htq+dtehF8ECgy5PbxLJ9bmzKl04=", + "lastModified": 1661757213, + "narHash": "sha256-f52E4WkJSUxuollb5YgPG7aw1Qbe6eOEtpWd2TM9MxM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6898b758b69222959b16a96412a572bd341a4bc7", + "rev": "767a1251bf27d89868e86a4e2f6a2b37781e546b", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1659981942, - "narHash": "sha256-uCFiP/B/NXOWzhN6TKfMbSxtVMk1bVnCrnJRjCF6RmU=", + "lastModified": 1661628722, + "narHash": "sha256-oR/7NhG7pPkACToUtaaT6hH+rONE2z5/4NzjoUwEZt8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "39d7f929fbcb1446ad7aa7441b04fb30625a4190", + "rev": "324c8aaf25b2f2027af7798e5582ce3040a793b6", "type": "github" }, "original": { From 77b5936a0b5d9b8f3b519948c10a17b7bc75849c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 29 Aug 2022 13:23:25 +0200 Subject: [PATCH 375/904] poseidon: remove nuage service Didn't renew the domain name --- hosts/poseidon/default.nix | 4 ---- services/default.nix | 1 - services/nuage.nix | 41 -------------------------------------- 3 files changed, 46 deletions(-) delete mode 100644 services/nuage.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 22590a6..18d1829 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -106,10 +106,6 @@ in { adminpassFile = config.age.secrets."nextcloud/admin-pass".path; }; - nuage = { - enable = true; - }; - paperless = { enable = true; port = 8085; diff --git a/services/default.nix b/services/default.nix index 6ae5973..e6d6ff3 100644 --- a/services/default.nix +++ b/services/default.nix @@ -13,7 +13,6 @@ ./navidrome.nix ./nextcloud.nix ./nginx.nix - ./nuage.nix ./paperless.nix ./pipewire.nix ./postgresql-backup.nix diff --git a/services/nuage.nix b/services/nuage.nix deleted file mode 100644 index 52bb402..0000000 --- a/services/nuage.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit - (lib) - mkEnableOption - mkIf - ; - - cfg = config.my.services.nuage; - my = config.my; -in { - options.my.services.nuage = { - enable = mkEnableOption "Nuage redirect"; - }; - - config = mkIf cfg.enable { - services.nginx.virtualHosts = { - "stratocumulus.org" = { - forceSSL = true; - enableACME = true; - - locations."/".return = "301 https://petit-nuage.org"; - }; - "petit.stratocumulus.org" = { - forceSSL = true; - enableACME = true; - - locations."/".return = "301 https://petit-nuage.org"; - }; - "gros.stratocumulus.org" = { - forceSSL = true; - enableACME = true; - - locations."/".return = "301 https://gros-nuage.org"; - }; - }; - }; -} From 6b82bc4e37fd3d8706337cf001e1f2ec9b1af73c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 29 Aug 2022 13:28:59 +0200 Subject: [PATCH 376/904] services: gitea: fix renamed options --- services/gitea/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 9dfb236..6124fe7 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -57,21 +57,21 @@ in { rootUrl = "https://git.${domain}/"; httpAddress = "127.0.0.1"; httpPort = cfg.privatePort; - log.level = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ] lfs.enable = true; - # NOTE: temporarily remove this for initial setup - disableRegistration = true; - - # only send cookies via HTTPS - cookieSecure = true; - settings = { + log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ] other.SHOW_FOOTER_VERSION = false; repository = { ENABLE_PUSH_CREATE_USER = true; DEFAULT_BRANCH = "main"; }; + + # NOTE: temporarily remove this for initial setup + service.DISABLE_REGISTRATION = true; + + # only send cookies via HTTPS + session.COOKIE_SECURE = true; }; # NixOS module uses `gitea dump` to backup repositories and the database, From 656824943c943b6f0bee28c3a6be00297e0b22ba Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Sep 2022 11:02:29 +0200 Subject: [PATCH 377/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/7e5e58b98c3dcbf497543ff6f22591552ebfe65b' (2022-05-16) → 'github:ryantm/agenix/c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e' (2022-09-03) • Updated input 'home-manager': 'github:nix-community/home-manager/d89bdff445eadff03fe414e9c30486bc8166b72b' (2022-08-27) → 'github:nix-community/home-manager/5bd66dc6cd967033489c69d486402b75d338eeb6' (2022-08-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/324c8aaf25b2f2027af7798e5582ce3040a793b6' (2022-08-27) → 'github:NixOS/nixpkgs/2da64a81275b68fdad38af669afeda43d401e94b' (2022-09-01) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/767a1251bf27d89868e86a4e2f6a2b37781e546b' (2022-08-29) → 'github:NixOS/nixpkgs/9f867325b5da6c4c9211707abdb481e1d0b3e589' (2022-09-01) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index c35fc9b..6fbb2e3 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1652712410, - "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "lastModified": 1662241716, + "narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=", "owner": "ryantm", "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e", "type": "github" }, "original": { @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1661573386, - "narHash": "sha256-pBEg8iY00Af/SAtU2dlmOAv+2x7kScaGlFRDjNoVJO8=", + "lastModified": 1661824092, + "narHash": "sha256-nSWLWytlXbeLrx5A+r5Pso7CvVrX5EgmIIXW/EXvPHQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "d89bdff445eadff03fe414e9c30486bc8166b72b", + "rev": "5bd66dc6cd967033489c69d486402b75d338eeb6", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1661757213, - "narHash": "sha256-f52E4WkJSUxuollb5YgPG7aw1Qbe6eOEtpWd2TM9MxM=", + "lastModified": 1662070595, + "narHash": "sha256-fYrdaUXhV4oPhkehHRwj78d1VjATnK4SF0fElEQUyLw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "767a1251bf27d89868e86a4e2f6a2b37781e546b", + "rev": "9f867325b5da6c4c9211707abdb481e1d0b3e589", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1661628722, - "narHash": "sha256-oR/7NhG7pPkACToUtaaT6hH+rONE2z5/4NzjoUwEZt8=", + "lastModified": 1662019588, + "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "324c8aaf25b2f2027af7798e5582ce3040a793b6", + "rev": "2da64a81275b68fdad38af669afeda43d401e94b", "type": "github" }, "original": { From 335e24f77db2a468002e6c888d2e324afb6a2db5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 7 Sep 2022 11:05:19 +0200 Subject: [PATCH 378/904] home: tweak docking workspaces --- home/fish/functions/dock.fish | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/home/fish/functions/dock.fish b/home/fish/functions/dock.fish index 0eb28e3..326050b 100644 --- a/home/fish/functions/dock.fish +++ b/home/fish/functions/dock.fish @@ -13,7 +13,8 @@ function dock i3-msg -q '[workspace="2"]' move workspace to output DP-1-1 2>/dev/null i3-msg -q '[workspace="3"]' move workspace to output DP-1-1 2>/dev/null i3-msg -q '[workspace="4"]' move workspace to output DP-1-1 2>/dev/null - i3-msg -q '[workspace="9"]' move workspace to output DP-1-1 2>/dev/null + i3-msg -q '[workspace="10"]' move workspace to output DP-1-1 2>/dev/null - i3-msg -q '[workspace="10"]' move workspace to output eDP-1 2>/dev/null + i3-msg -q '[workspace="8"]' move workspace to output eDP-1 2>/dev/null + i3-msg -q '[workspace="9"]' move workspace to output eDP-1 2>/dev/null end From d09dee87ef5a6497126ded8fd6fd8753f1847323 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 9 Sep 2022 11:19:12 +0200 Subject: [PATCH 379/904] nix: collect garbage weekly --- base/nix.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/base/nix.nix b/base/nix.nix index b016e0d..b5923a7 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -4,6 +4,13 @@ nix = { package = pkgs.nixStable; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 60d"; + persistent = true; + }; + settings = { experimental-features = ["nix-command" "flakes"]; trusted-users = ["@wheel"]; From e0f0dfdabec7e43cfcbad7fbf2839e7733004e6f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Sep 2022 17:15:13 +0200 Subject: [PATCH 380/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/5bd66dc6cd967033489c69d486402b75d338eeb6' (2022-08-30) → 'github:nix-community/home-manager/60c6bfe322944d04bb38e76b64effcbd01258824' (2022-09-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2da64a81275b68fdad38af669afeda43d401e94b' (2022-09-01) → 'github:NixOS/nixpkgs/5f326e2a403e1cebaec378e72ceaf5725983376d' (2022-09-12) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/9f867325b5da6c4c9211707abdb481e1d0b3e589' (2022-09-01) → 'github:NixOS/nixpkgs/3ff5deafc470403d5cb7ec8edbc7b21b719d2894' (2022-09-14) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6fbb2e3..2e2a832 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1661824092, - "narHash": "sha256-nSWLWytlXbeLrx5A+r5Pso7CvVrX5EgmIIXW/EXvPHQ=", + "lastModified": 1663099612, + "narHash": "sha256-ucokjFDRwCFWbcGiqxz0mfHv82UqwyW7RXY6ZgKSl80=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bd66dc6cd967033489c69d486402b75d338eeb6", + "rev": "60c6bfe322944d04bb38e76b64effcbd01258824", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1662070595, - "narHash": "sha256-fYrdaUXhV4oPhkehHRwj78d1VjATnK4SF0fElEQUyLw=", + "lastModified": 1663122717, + "narHash": "sha256-J+3/eIqCQEJkoJdlSws/5sTl3NmGwV8I8nG8p7BnveY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f867325b5da6c4c9211707abdb481e1d0b3e589", + "rev": "3ff5deafc470403d5cb7ec8edbc7b21b719d2894", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1662019588, - "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=", + "lastModified": 1662996720, + "narHash": "sha256-XvLQ3SuXnDMJMpM1sv1ifPjBuRytiDYhB12H/BNTjgY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2da64a81275b68fdad38af669afeda43d401e94b", + "rev": "5f326e2a403e1cebaec378e72ceaf5725983376d", "type": "github" }, "original": { From a45280b8b6ad9a9e86d531e984deb8db772286c1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Sep 2022 11:55:06 +0200 Subject: [PATCH 381/904] home: i3: tweak pomodoro length to fit one hour --- home/x/i3bar.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 6498e21..fc2ecd0 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -59,7 +59,7 @@ in { [ { block = "pomodoro"; - length = 60; + length = 50; break_length = 10; notifier = "i3nag"; } From e670b6ed4f083c504fc61be48404148c13c872e6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 20 Sep 2022 15:20:42 +0200 Subject: [PATCH 382/904] zephyrus: enable experimental bluetoothd allows seeing battery level easily with bluetoothctl info MAC_ADDRESS --- hosts/zephyrus/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index da27aad..8bced4c 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -98,6 +98,7 @@ hardware.bluetooth = { enable = true; powerOnBoot = false; + settings.General.Experimental = true; }; programs.light.enable = true; From e84a51b3b8fe65e147dc954fa516f63268b84878 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 24 Sep 2022 00:14:38 +0200 Subject: [PATCH 383/904] overlays: provide updated chrysalis package --- hosts/boreal/default.nix | 2 +- hosts/zephyrus/default.nix | 2 +- overlays/chrysalis/default.nix | 37 ++++++++++++++++++++++++++++++++++ overlays/default.nix | 1 + 4 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 overlays/chrysalis/default.nix diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 1d04ac5..30f339a 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -98,7 +98,7 @@ "rfkill-release" ]; - services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules]; + services.udev.packages = [pkgs.chrysalis]; hardware.bluetooth = { enable = true; diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 8bced4c..2eff70d 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -93,7 +93,7 @@ environment.systemPackages = [pkgs.arandr pkgs.chrysalis]; - services.udev.packages = [pkgs.packages.kaleidoscope-udev-rules]; + services.udev.packages = [pkgs.chrysalis]; hardware.bluetooth = { enable = true; diff --git a/overlays/chrysalis/default.nix b/overlays/chrysalis/default.nix new file mode 100644 index 0000000..2c58a0e --- /dev/null +++ b/overlays/chrysalis/default.nix @@ -0,0 +1,37 @@ +final: prev: { + chrysalis = let + pname = "chrysalis"; + version = "0.11.3"; + name = "${pname}-${version}-binary"; + in + prev.appimageTools.wrapAppImage rec { + inherit name; + + src = prev.appimageTools.extract { + inherit name; + src = prev.fetchurl { + url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage"; + sha256 = "sha256-N0M1lZvPKAT+UXZgn68DaDupzXJupcOE06gFxKP6W0o="; + }; + }; + + multiPkgs = null; + extraPkgs = p: + (prev.appimageTools.defaultFhsEnvArgs.multiPkgs p) + ++ [ + p.glib + ]; + + # Also expose the udev rules here, so it can be used as: + # services.udev.packages = [ pkgs.chrysalis ]; + # to allow non-root modifications to the keyboards. + + extraInstallCommands = '' + mv $out/bin/${name} $out/bin/${pname} + mkdir -p $out/lib/udev/rules.d + ln -s \ + --target-directory=$out/lib/udev/rules.d \ + ${src}/resources/static/udev/60-kaleidoscope.rules + ''; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix index 1f747a6..67e397d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,3 +1,4 @@ { i3status-rust = import ./i3status-rust; + chrysalis = import ./chrysalis; } From a52be770024cdc8f4b5df86ac0ee3740cc199527 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 26 Sep 2022 12:48:14 +0200 Subject: [PATCH 384/904] home: i3: setup playerctl --- home/x/i3.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index 2508b2a..2a3a3b5 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -31,7 +31,7 @@ in { flameshot.enable = true; }; - home.packages = [pkgs.betterlockscreen]; + home.packages = [pkgs.betterlockscreen pkgs.playerctl]; xsession.windowManager.i3 = { enable = true; @@ -96,8 +96,13 @@ in { "XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle"; "XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle"; - "XF86AudioPlay" = "exec --no-startup-id dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Play"; - "XF86AudioPause" = "exec --no-startup-id dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.Pause"; + # I need play-pause everywhere because somehow, keycode 172 seems to + # be interpreted as pause everytime when sent by my keyboard. Ugh, + # computers. + "XF86AudioPlay" = "exec --no-startup-id playerctl play-pause"; + "XF86AudioPause" = "exec --no-startup-id playerctl play-pause"; + "XF86AudioPrev" = "exec --no-startup-id playerctl previous"; + "XF86AudioNext" = "exec --no-startup-id playerctl next"; "XF86MonBrightnessDown" = "exec --no-startup-id light -U 5"; "XF86MonBrightnessUp" = "exec --no-startup-id light -A 5"; From 1516d4a3805d41503ebbdd7009d660e882678ee3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Sep 2022 19:33:10 +0200 Subject: [PATCH 385/904] overlays: update chrysalis overlay --- overlays/chrysalis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlays/chrysalis/default.nix b/overlays/chrysalis/default.nix index 2c58a0e..7aadf4c 100644 --- a/overlays/chrysalis/default.nix +++ b/overlays/chrysalis/default.nix @@ -1,7 +1,7 @@ final: prev: { chrysalis = let pname = "chrysalis"; - version = "0.11.3"; + version = "0.11.5"; name = "${pname}-${version}-binary"; in prev.appimageTools.wrapAppImage rec { @@ -11,7 +11,7 @@ final: prev: { inherit name; src = prev.fetchurl { url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage"; - sha256 = "sha256-N0M1lZvPKAT+UXZgn68DaDupzXJupcOE06gFxKP6W0o="; + sha256 = "sha256-3GdObGW91nDqOAlHcaI/4wnbl2EG2RGGzpwY+XYQ0u4="; }; }; From 187f5b0db201746f8541b0bc63ce743d0667e688 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 3 Oct 2022 15:00:53 +0200 Subject: [PATCH 386/904] overlays: update chrysalis overlay --- overlays/chrysalis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlays/chrysalis/default.nix b/overlays/chrysalis/default.nix index 7aadf4c..9eee4ea 100644 --- a/overlays/chrysalis/default.nix +++ b/overlays/chrysalis/default.nix @@ -1,7 +1,7 @@ final: prev: { chrysalis = let pname = "chrysalis"; - version = "0.11.5"; + version = "0.11.6"; name = "${pname}-${version}-binary"; in prev.appimageTools.wrapAppImage rec { @@ -11,7 +11,7 @@ final: prev: { inherit name; src = prev.fetchurl { url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage"; - sha256 = "sha256-3GdObGW91nDqOAlHcaI/4wnbl2EG2RGGzpwY+XYQ0u4="; + sha256 = "sha256-EZHVfjEQiCx7UrFSTz+y6Auy/bXoNZ9lRtnmaI6/4TQ="; }; }; From 35816a814c18f03b805fa539dc26c5ebdfb7dcab Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Oct 2022 22:33:36 +0200 Subject: [PATCH 387/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e' (2022-09-03) → 'github:ryantm/agenix/6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0' (2022-09-25) • Updated input 'home-manager': 'github:nix-community/home-manager/60c6bfe322944d04bb38e76b64effcbd01258824' (2022-09-13) → 'github:nix-community/home-manager/e4e639dd4dc3e431aa5b5f95325f9a66ac7e0dd9' (2022-10-03) • Updated input 'home-manager/utils': 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) → 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5f326e2a403e1cebaec378e72ceaf5725983376d' (2022-09-12) → 'github:NixOS/nixpkgs/fd54651f5ffb4a36e8463e0c327a78442b26cbe7' (2022-10-03) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/3ff5deafc470403d5cb7ec8edbc7b21b719d2894' (2022-09-14) → 'github:NixOS/nixpkgs/490a05c4a82236a86e1e1a4822f714c972e8c4f0' (2022-10-04) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 2e2a832..a1ff1d3 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1662241716, - "narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1663099612, - "narHash": "sha256-ucokjFDRwCFWbcGiqxz0mfHv82UqwyW7RXY6ZgKSl80=", + "lastModified": 1664783440, + "narHash": "sha256-KlMwR7mUf5h8MPnzV7nGFUAt6ih/euW5xgvZ5x+hwvI=", "owner": "nix-community", "repo": "home-manager", - "rev": "60c6bfe322944d04bb38e76b64effcbd01258824", + "rev": "e4e639dd4dc3e431aa5b5f95325f9a66ac7e0dd9", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1663122717, - "narHash": "sha256-J+3/eIqCQEJkoJdlSws/5sTl3NmGwV8I8nG8p7BnveY=", + "lastModified": 1664859869, + "narHash": "sha256-OPM2eN7Ja8iZVJMhHH+dTB4v2fn7FLX38rSLLHvyWj0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3ff5deafc470403d5cb7ec8edbc7b21b719d2894", + "rev": "490a05c4a82236a86e1e1a4822f714c972e8c4f0", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1662996720, - "narHash": "sha256-XvLQ3SuXnDMJMpM1sv1ifPjBuRytiDYhB12H/BNTjgY=", + "lastModified": 1664780719, + "narHash": "sha256-Oxe6la5dSqRfJogjtY4sRzJjDDqvroJIVkcGEOT87MA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f326e2a403e1cebaec378e72ceaf5725983376d", + "rev": "fd54651f5ffb4a36e8463e0c327a78442b26cbe7", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "utils": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { From 514e3c0469cac851b6b0484e7aec26758932e038 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Oct 2022 23:31:14 +0200 Subject: [PATCH 388/904] base: gui: fix discord not opening firefox links --- base/gui-programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index cacbcc1..51a7638 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -60,7 +60,7 @@ in { inherit (pkgs.gnome) nautilus; - inherit (pkgs.unstable) discord; + discord = pkgs.unstable.discord.override {nss = pkgs.nss_latest;}; }; networking.networkmanager = { From 04fa72f1086802f1d37f6f0e1dc4c3e174376fca Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Oct 2022 23:34:14 +0200 Subject: [PATCH 389/904] home: set BROWSER variable If it can help troubleshoot some link problems, let's set it just in case, for future me --- home/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/default.nix b/home/default.nix index 436c74c..fa7f6ea 100644 --- a/home/default.nix +++ b/home/default.nix @@ -24,4 +24,8 @@ home.stateVersion = "21.05"; home.username = "alarsyo"; + + home.sessionVariables = { + BROWSER = "firefox"; + }; } From 96b6a8e9677a90648ee7b3dc6909b68f271f2cb2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 10 Oct 2022 14:25:25 +0200 Subject: [PATCH 390/904] home: i3: add bluetooth on shortcut --- home/x/i3.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index 2a3a3b5..cfbac78 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -87,6 +87,7 @@ in { keybindings = mkOptionDefault { "${modifier}+Shift+e" = ''mode "${logoutMode}"''; + "${modifier}+b" = "exec --no-startup-id bluetoothctl power on"; "${modifier}+i" = "exec emacsclient --create-frame"; "${modifier}+o" = "exec emacsclient --create-frame --eval '(load \"${config.xdg.configHome}/doom/launch-agenda.el\")'"; From b89cb9da16ba345f85f41b7a7d147c468100c2bd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 10 Oct 2022 14:50:05 +0200 Subject: [PATCH 391/904] overlays: update chrysalis to 0.11.8 --- overlays/chrysalis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlays/chrysalis/default.nix b/overlays/chrysalis/default.nix index 9eee4ea..8132527 100644 --- a/overlays/chrysalis/default.nix +++ b/overlays/chrysalis/default.nix @@ -1,7 +1,7 @@ final: prev: { chrysalis = let pname = "chrysalis"; - version = "0.11.6"; + version = "0.11.8"; name = "${pname}-${version}-binary"; in prev.appimageTools.wrapAppImage rec { @@ -11,7 +11,7 @@ final: prev: { inherit name; src = prev.fetchurl { url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage"; - sha256 = "sha256-EZHVfjEQiCx7UrFSTz+y6Auy/bXoNZ9lRtnmaI6/4TQ="; + sha256 = "sha256-yyb6sRCPjHCK0tkuHTffw2NkZHcqw9tIdHbbBiKLGu8="; }; }; From 4699acc3a58de3399df0ace927f4c213c592fcbf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 10 Oct 2022 14:51:00 +0200 Subject: [PATCH 392/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e4e639dd4dc3e431aa5b5f95325f9a66ac7e0dd9' (2022-10-03) → 'github:nix-community/home-manager/e1f1160284198a68ea8c7fffbbb1436f99e46ef9' (2022-10-08) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fd54651f5ffb4a36e8463e0c327a78442b26cbe7' (2022-10-03) → 'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/490a05c4a82236a86e1e1a4822f714c972e8c4f0' (2022-10-04) → 'github:NixOS/nixpkgs/ce1a1bdb98547274597258330b46c86b71e87e5b' (2022-10-09) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index a1ff1d3..82180c7 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1664783440, - "narHash": "sha256-KlMwR7mUf5h8MPnzV7nGFUAt6ih/euW5xgvZ5x+hwvI=", + "lastModified": 1665271265, + "narHash": "sha256-4Nn0T5YoR3bBLFnPy6Tkc8zzmzMTBjSGZq05c5hKhEI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e639dd4dc3e431aa5b5f95325f9a66ac7e0dd9", + "rev": "e1f1160284198a68ea8c7fffbbb1436f99e46ef9", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1664859869, - "narHash": "sha256-OPM2eN7Ja8iZVJMhHH+dTB4v2fn7FLX38rSLLHvyWj0=", + "lastModified": 1665293210, + "narHash": "sha256-qQTfWlvaEfyuIpnD9dU5f2B/YoZbmSq+T5B7ryOgciM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "490a05c4a82236a86e1e1a4822f714c972e8c4f0", + "rev": "ce1a1bdb98547274597258330b46c86b71e87e5b", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1664780719, - "narHash": "sha256-Oxe6la5dSqRfJogjtY4sRzJjDDqvroJIVkcGEOT87MA=", + "lastModified": 1665259268, + "narHash": "sha256-ONFhHBLv5nZKhwV/F2GOH16197PbvpyWhoO0AOyktkU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd54651f5ffb4a36e8463e0c327a78442b26cbe7", + "rev": "c5924154f000e6306030300592f4282949b2db6c", "type": "github" }, "original": { From 96eb80191577e08ac8880d254b96860c36aa99fe Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 10 Oct 2022 22:26:05 +0200 Subject: [PATCH 393/904] boreal: add darktable to home --- hosts/boreal/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 24b44de..f7c84b5 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -19,6 +19,7 @@ # some websites only work there :( chromium + darktable # dev rustup From c425b456f139e6920a341c27161a25ea2b8c4112 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Oct 2022 21:18:59 +0200 Subject: [PATCH 394/904] hades: add docker and docker-compose --- hosts/hades/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index a0bb987..bead92d 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -92,6 +92,12 @@ in { services.openssh.permitRootLogin = "no"; services.openssh.passwordAuthentication = false; + virtualisation.docker.enable = true; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; + # Takes a long while to build documentation.nixos.enable = false; } From 7205d180ecbbe4d326b829fe4e6385a7ecdbab5c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Oct 2022 21:36:27 +0200 Subject: [PATCH 395/904] services: photoprism: init --- services/default.nix | 1 + services/photoprism.nix | 84 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 services/photoprism.nix diff --git a/services/default.nix b/services/default.nix index e6d6ff3..c129d03 100644 --- a/services/default.nix +++ b/services/default.nix @@ -14,6 +14,7 @@ ./nextcloud.nix ./nginx.nix ./paperless.nix + ./photoprism.nix ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix diff --git a/services/photoprism.nix b/services/photoprism.nix new file mode 100644 index 0000000..442f3f9 --- /dev/null +++ b/services/photoprism.nix @@ -0,0 +1,84 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.photoprism; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.photoprism = let + inherit (lib) types; + in { + enable = mkEnableOption "Photoprism config"; + + home = mkOption { + type = types.str; + default = "/var/lib/photoprism"; + example = "/var/lib/photoprism"; + description = "Home for the photoprism service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 2342; + example = 8080; + description = "Internal port for Photoprism webapp"; + }; + }; + + config = mkIf cfg.enable { + users.users.photoprism = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "photoprism"; + }; + users.groups.photoprism = {}; + + services.nginx.virtualHosts = { + "photoprism.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.115.172.44"; + port = 443; + ssl = true; + } + { + addr = "100.115.172.44"; + port = 80; + ssl = false; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["photoprism.${domain}"]; + + my.services.restic-backup = mkIf cfg.enable { + paths = [ + cfg.home + ]; + }; + }; +} From 431f2c1df669694a0a9ec5d4c119faf0fcb7909a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Oct 2022 21:37:23 +0200 Subject: [PATCH 396/904] hades: enable photoprism --- hosts/hades/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index bead92d..fb67fd9 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -73,6 +73,11 @@ in { privatePort = 8080; }; + photoprism = { + enable = true; + port = 8084; + }; + restic-backup = { enable = true; repo = "b2:hades-backup-alarsyo"; From 6e8585d68e081c450384833aa94e1369f932cce6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Oct 2022 22:36:05 +0200 Subject: [PATCH 397/904] services: photoprism: increase nginx timeout --- services/photoprism.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/services/photoprism.nix b/services/photoprism.nix index 442f3f9..8408d67 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -70,6 +70,12 @@ in { proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyWebsockets = true; }; + + extraConfig = '' + proxy_connect_timeout 600; + proxy_read_timeout 600; + proxy_send_timeout 600; + ''; }; }; From f53690184746d70ded1597c38e6981e5f701bbd5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 12 Oct 2022 00:34:07 +0200 Subject: [PATCH 398/904] services: photoprism: don't backup storage folder --- services/photoprism.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/photoprism.nix b/services/photoprism.nix index 8408d67..967aacd 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -85,6 +85,9 @@ in { paths = [ cfg.home ]; + exclude = [ + "${cfg.home}/storage" + ]; }; }; } From 9612efeb21810ceb9949792d6ffaf8c59e880a56 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 12 Oct 2022 02:19:02 +0200 Subject: [PATCH 399/904] services: photoprism: bump max body size --- services/photoprism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/photoprism.nix b/services/photoprism.nix index 967aacd..30d38e2 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -75,6 +75,7 @@ in { proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; + client_max_body_size 100m; ''; }; }; From a116894bbae8f34a4709e21060d2ab9d8b34402a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 13 Oct 2022 11:13:13 +0200 Subject: [PATCH 400/904] services: photoprism: log access in specific file --- services/photoprism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/photoprism.nix b/services/photoprism.nix index 30d38e2..ca539d8 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -76,6 +76,7 @@ in { proxy_read_timeout 600; proxy_send_timeout 600; client_max_body_size 100m; + access_log syslog:server=unix:/dev/log,tag=photoprism; ''; }; }; From a4db741ed4775895c42f21e201f673b5c6216cca Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 13 Oct 2022 11:47:24 +0200 Subject: [PATCH 401/904] services: photoprism: add fail2ban rules --- services/photoprism.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/services/photoprism.nix b/services/photoprism.nix index ca539d8..9ba4191 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -91,5 +91,23 @@ in { "${cfg.home}/storage" ]; }; + + services.fail2ban.jails = { + photoprism = '' + enabled = true + filter = photoprism-failed-login + port = http,https + maxretry = 3 + ''; + }; + + environment.etc = { + "fail2ban/filter.d/photoprism-failed-login.conf".text = '' + [Definition] + failregex = ^.* photoprism: - .*"POST \/api\/v1\/session HTTP[^"]*" 400 .*$ + ignoreregex = + journalmatch = _SYSTEMD_UNIT=nginx.service _TRANSPORT=syslog + ''; + }; }; } From ab3573ce2a00ccef14a0d6b412b44f24a26b2dfc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 13 Oct 2022 13:29:27 +0200 Subject: [PATCH 402/904] services: photoprism: remove wireguard --- services/photoprism.nix | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/services/photoprism.nix b/services/photoprism.nix index 9ba4191..f7f6628 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -52,20 +52,6 @@ in { forceSSL = true; useACMEHost = fqdn; - listen = [ - # FIXME: hardcoded tailscale IP - { - addr = "100.115.172.44"; - port = 443; - ssl = true; - } - { - addr = "100.115.172.44"; - port = 80; - ssl = false; - } - ]; - locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyWebsockets = true; From 0d4c6f46627e236782a0c0eb0b9d9b5874d6d8e3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 20 Oct 2022 11:05:12 +0200 Subject: [PATCH 403/904] hosts: cleanup host-specific gui software --- base/gui-programs.nix | 1 + hosts/boreal/home.nix | 3 --- hosts/zephyrus/default.nix | 2 -- hosts/zephyrus/home.nix | 1 + 4 files changed, 2 insertions(+), 5 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 51a7638..0952df2 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -40,6 +40,7 @@ in { environment.systemPackages = builtins.attrValues { inherit (pkgs) + chrysalis element-desktop feh firefox diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index f7c84b5..248877b 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -23,9 +23,6 @@ # dev rustup - # keyboard goodness - - chrysalis ; inherit (pkgs.packages) spot; diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 2eff70d..6c2ff03 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -91,8 +91,6 @@ }; my.gui.enable = true; - environment.systemPackages = [pkgs.arandr pkgs.chrysalis]; - services.udev.packages = [pkgs.chrysalis]; hardware.bluetooth = { diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index fdb5c3c..8adfb97 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -25,6 +25,7 @@ # dev rustup + arandr ; inherit (pkgs.packages) spot; From 4582f9a375dccf6a5819e23975eb2c2a7bcdbad8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 20 Oct 2022 11:05:26 +0200 Subject: [PATCH 404/904] base: add evince to gui software --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 0952df2..87227b9 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -42,6 +42,7 @@ in { (pkgs) chrysalis element-desktop + evince feh firefox ffmpeg From fc6c87e0e6c19195bea50fb2afbb2a63cffe058e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 25 Oct 2022 19:55:32 +0200 Subject: [PATCH 405/904] boreal: switch to stable linux kernel --- hosts/boreal/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 30f339a..6661e08 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -16,7 +16,7 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From fbdafe47365f0f60ee5038567fe4c1e663c6b11d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 10:23:22 +0200 Subject: [PATCH 406/904] pkgs: bump spot to 2.11.2 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 37039c7..eb0f7d0 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.10.6"; + version = "2.11.2"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-xYjRy1PM6j5ZL5lAKxTC9DZ7NJ7O+OF7bTkd8Ua8i6Q="; + sha256 = "sha256-PmNFjw2khj4c0NLP6FGhAV0yIgXX5AbGqdlWgLnqdU4="; }; } From 3f9c244d6a8fa4345cfc935aeaecc07d864159e6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 11:51:45 +0200 Subject: [PATCH 407/904] poseidon: disable monitoring service --- hosts/poseidon/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 18d1829..d225b0f 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -91,11 +91,6 @@ in { port = 8083; }; - monitoring = { - enable = true; - domain = "monitoring.${config.networking.domain}"; - }; - navidrome = { enable = true; musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; From ed22bdbc4615235365cb4cb074abc47ca286b31f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 11:57:54 +0200 Subject: [PATCH 408/904] poseidon: disable fava service --- hosts/poseidon/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index d225b0f..4f6bba2 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -76,12 +76,6 @@ in { enable = true; }; - fava = { - enable = true; - port = 8084; - filePath = "accounts/current.beancount"; - }; - jellyfin = { enable = true; }; From a761d3201fbf02e2885a8e13106ddde248cb8e71 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 12:25:33 +0200 Subject: [PATCH 409/904] poseidon: move nextcloud to hades --- hosts/hades/default.nix | 5 +++++ hosts/hades/secrets.nix | 4 ++++ hosts/poseidon/default.nix | 5 ----- hosts/poseidon/secrets.nix | 4 ---- modules/secrets/nextcloud/admin-pass.age | 17 ++++++++--------- modules/secrets/secrets.nix | 2 +- 6 files changed, 18 insertions(+), 19 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index fb67fd9..ab84504 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -73,6 +73,11 @@ in { privatePort = 8080; }; + nextcloud = { + enable = true; + adminpassFile = config.age.secrets."nextcloud/admin-pass".path; + }; + photoprism = { enable = true; port = 8084; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 9e07681..7215825 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -21,6 +21,10 @@ "miniflux/admin-credentials" = {}; + "nextcloud/admin-pass" = { + owner = "nextcloud"; + }; + "restic-backup/hades-credentials" = {}; "restic-backup/hades-password" = {}; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 4f6bba2..77b36da 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -90,11 +90,6 @@ in { musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; }; - nextcloud = { - enable = true; - adminpassFile = config.age.secrets."nextcloud/admin-pass".path; - }; - paperless = { enable = true; port = 8085; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index de918e3..1d87c3c 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,10 +17,6 @@ "lohr/shared-secret" = {}; - "nextcloud/admin-pass" = { - owner = "nextcloud"; - }; - "paperless/admin-password" = {}; "paperless/secret-key" = {}; diff --git a/modules/secrets/nextcloud/admin-pass.age b/modules/secrets/nextcloud/admin-pass.age index 07d68b2..b3ac83d 100644 --- a/modules/secrets/nextcloud/admin-pass.age +++ b/modules/secrets/nextcloud/admin-pass.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 k2gHjw /nyyNh06NbTWpRfT/rLQAXG0+GNmXQdf/6Yb4Z+btQo -yaCie2N3Z9NPfh/0ZAnClEpnePJH/RfasUVfhrw2k3Q --> ssh-ed25519 z6Eu8Q s7sz4WPghjXRJG5UjehcN6hOQgBSmJChgzh3mOtNIBw -agxROFWabDtUNgCLd2J1mkfuBfpRNH+mVgPdvVlSB2k --> *%`s-grease -/i/nNtLTcvD09HOByxCo+T3g9p9EMbjTjdaR99OAxESjL2NscJpZiwyO2Urqp6Rg -iWs2mFpV6F3Xj4/Eag+ckaR+spR+F4brdCWCgf56gqrOTP92bSq4MHBTbbg ---- 0cVGprd9WbckTSXnFk7OG6OzDspB+gu2MX7vW8MJnKo - ݔHĂ3A 8s͇[yɆ:;ot܅MshådلbsڏKNqX(B8OB \ No newline at end of file +-> ssh-ed25519 k2gHjw md0WbIE3MSWLqqerCD4ljh4U+4fWaOhKZxl9RQt+HDo +8Wj+hn5wwzgA6D1zQEaP1WIfmmK6pXVy2ZX5OQ/N0pU +-> ssh-ed25519 pX8y2g ByOhNTkxCHFkOQAOrID+bZEQzwesbnKluY6G5sSUhlg +AybKPZKzELtvWTT/Kmc+zs7KC4GB9214GUdnWMhGnmo +-> QK!x#/y-grease c|K1% \ug . >WFn:bI +Cgx9qaPIUk1hGKtQYJ6kNk/+bHTJ +--- YwtEWMiVxfvMGE1ngDiy/dALw/Y9YAxduaqlVgPNqdk +zF(Ã8?VJvH(kԂ9o\!ʿN7@Y#19mV}ZضQWEǒ}v/< hT3vN 1 \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index e3c78e6..81d7372 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -19,7 +19,7 @@ in { "miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; - "nextcloud/admin-pass.age".publicKeys = [alarsyo poseidon]; + "nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; "paperless/admin-password.age".publicKeys = [alarsyo poseidon]; "paperless/secret-key.age".publicKeys = [alarsyo poseidon]; From bfdd8912c3f8f639cacf5aebeef56efdcba8366a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 15:40:12 +0200 Subject: [PATCH 410/904] poseidon: move navidrome to hades --- hosts/hades/default.nix | 5 +++++ hosts/poseidon/default.nix | 5 ----- services/navidrome.nix | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index ab84504..82ce8b9 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -73,6 +73,11 @@ in { privatePort = 8080; }; + navidrome = { + enable = true; + musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; + }; + nextcloud = { enable = true; adminpassFile = config.age.secrets."nextcloud/admin-pass".path; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 77b36da..0e09da0 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -85,11 +85,6 @@ in { port = 8083; }; - navidrome = { - enable = true; - musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs"; - }; - paperless = { enable = true; port = 8085; diff --git a/services/navidrome.nix b/services/navidrome.nix index c901495..ead8a5c 100644 --- a/services/navidrome.nix +++ b/services/navidrome.nix @@ -53,12 +53,12 @@ in { listen = [ # FIXME: hardcoded tailscale IP { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 443; ssl = true; } { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 80; ssl = false; } From 9e608ae7254a9052b7f0f67757be65a1b1c77a28 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 15:54:27 +0200 Subject: [PATCH 411/904] poseidon: move jellyfin service to hades --- hosts/hades/default.nix | 4 ++++ hosts/poseidon/default.nix | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 82ce8b9..4ca8a71 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -62,6 +62,10 @@ in { privatePort = 8082; }; + jellyfin = { + enable = true; + }; + matrix = { enable = true; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 0e09da0..ea8223a 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -76,10 +76,6 @@ in { enable = true; }; - jellyfin = { - enable = true; - }; - lohr = { enable = true; port = 8083; From cfc789e76f1d15772e40732a385e5bed409a036f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 17:29:13 +0200 Subject: [PATCH 412/904] poseidon: move transmission to hades --- hosts/hades/default.nix | 5 +++++ hosts/poseidon/default.nix | 5 ----- services/transmission.nix | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 4ca8a71..27e0673 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -104,6 +104,11 @@ in { enable = true; exitNode = true; }; + + transmission = { + enable = true; + username = "alarsyo"; + }; }; # Enable the OpenSSH daemon. diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index ea8223a..d3c263f 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -92,11 +92,6 @@ in { enable = true; exitNode = true; }; - - transmission = { - enable = true; - username = "alarsyo"; - }; }; # Enable the OpenSSH daemon. diff --git a/services/transmission.nix b/services/transmission.nix index c2f4944..e78cb07 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -82,12 +82,12 @@ in { listen = [ # FIXME: hardcoded tailscale IP { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 443; ssl = true; } { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 80; ssl = false; } From 0afbd97e5af4a827610727032cd77cdc7baa9da4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 17:42:52 +0200 Subject: [PATCH 413/904] services: transmission: update option name --- services/transmission.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/transmission.nix b/services/transmission.nix index e78cb07..8f29018 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -67,7 +67,7 @@ in { }; # automatically allow transmission.settings.peer-port - openFirewall = true; + openPeerPorts = true; } // (optionalAttrs (cfg.secretConfigFile != null) { credentialsFile = cfg.secretConfigFile; From cf8e29f0f5546dcd96e0513e0cf077d572cf2db6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Oct 2022 23:31:11 +0200 Subject: [PATCH 414/904] overlays: chrysalis: update to 0.12.0 --- overlays/chrysalis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlays/chrysalis/default.nix b/overlays/chrysalis/default.nix index 8132527..ab21b0e 100644 --- a/overlays/chrysalis/default.nix +++ b/overlays/chrysalis/default.nix @@ -1,7 +1,7 @@ final: prev: { chrysalis = let pname = "chrysalis"; - version = "0.11.8"; + version = "0.12.0"; name = "${pname}-${version}-binary"; in prev.appimageTools.wrapAppImage rec { @@ -11,7 +11,7 @@ final: prev: { inherit name; src = prev.fetchurl { url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage"; - sha256 = "sha256-yyb6sRCPjHCK0tkuHTffw2NkZHcqw9tIdHbbBiKLGu8="; + sha256 = "sha256-sQoEO1UII4Gbp7UbHCCyejsd94lkBbi93TH325EamFc="; }; }; From ae5dae649e663333ece2292edfb09e4dc6c47a18 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 1 Nov 2022 17:32:12 +0100 Subject: [PATCH 415/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0' (2022-09-25) → 'github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288' (2022-10-15) • Updated input 'agenix/nixpkgs': 'github:nixos/nixpkgs/e34c5379866833f41e2a36f309912fa675d687c7' (2021-12-04) → 'github:NixOS/nixpkgs/4428e23312933a196724da2df7ab78eb5e67a88e' (2022-10-14) • Updated input 'home-manager': 'github:nix-community/home-manager/e1f1160284198a68ea8c7fffbbb1436f99e46ef9' (2022-10-08) → 'github:nix-community/home-manager/722e8d65d3aba6f527100cc2d1539e4ca04d066f' (2022-10-31) • Updated input 'home-manager/utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08) → 'github:NixOS/nixpkgs/d40fea9aeb8840fea0d377baa4b38e39b9582458' (2022-10-31) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/ce1a1bdb98547274597258330b46c86b71e87e5b' (2022-10-09) → 'github:NixOS/nixpkgs/adf91a16c0354ba34f27c00c8ed3f4c73f2fd4d5' (2022-11-01) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 82180c7..6429ed8 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1664140963, - "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", + "lastModified": 1665870395, + "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", "owner": "ryantm", "repo": "agenix", - "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", + "rev": "a630400067c6d03c9b3e0455347dc8559db14288", "type": "github" }, "original": { @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1665271265, - "narHash": "sha256-4Nn0T5YoR3bBLFnPy6Tkc8zzmzMTBjSGZq05c5hKhEI=", + "lastModified": 1667234164, + "narHash": "sha256-oPMAvHZBDgamjmIQly5+sw2LtfKwY7qcWZZwKiwKQy8=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1f1160284198a68ea8c7fffbbb1436f99e46ef9", + "rev": "722e8d65d3aba6f527100cc2d1539e4ca04d066f", "type": "github" }, "original": { @@ -74,27 +74,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1638587357, - "narHash": "sha256-2ySMW3QARG8BsRPmwe7clTbdCuaObromOKewykP+UJc=", - "owner": "nixos", + "lastModified": 1665732960, + "narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "e34c5379866833f41e2a36f309912fa675d687c7", + "rev": "4428e23312933a196724da2df7ab78eb5e67a88e", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-21.11", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1665293210, - "narHash": "sha256-qQTfWlvaEfyuIpnD9dU5f2B/YoZbmSq+T5B7ryOgciM=", + "lastModified": 1667301035, + "narHash": "sha256-o8sbiXh7vcIHgpAe/WdU5f7Kq/s3BD0ccyNSVAy7oKk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce1a1bdb98547274597258330b46c86b71e87e5b", + "rev": "adf91a16c0354ba34f27c00c8ed3f4c73f2fd4d5", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1665259268, - "narHash": "sha256-ONFhHBLv5nZKhwV/F2GOH16197PbvpyWhoO0AOyktkU=", + "lastModified": 1667231093, + "narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5924154f000e6306030300592f4282949b2db6c", + "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "utils": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667077288, + "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", "type": "github" }, "original": { From da0cefc923f54f95beb05d7f9a53cb3d37b6623d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 3 Nov 2022 22:53:53 +0100 Subject: [PATCH 416/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/722e8d65d3aba6f527100cc2d1539e4ca04d066f' (2022-10-31) → 'github:nix-community/home-manager/93335810751f0404fe424e61ad58bc8e94bf8e9d' (2022-11-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d40fea9aeb8840fea0d377baa4b38e39b9582458' (2022-10-31) → 'github:NixOS/nixpkgs/636051e353461f073ac55d5d42c1ed062a345046' (2022-11-02) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/adf91a16c0354ba34f27c00c8ed3f4c73f2fd4d5' (2022-11-01) → 'github:NixOS/nixpkgs/9d28889ac87433e34a8085c08eb2909369a971ec' (2022-11-02) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6429ed8..5c9fe61 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1667234164, - "narHash": "sha256-oPMAvHZBDgamjmIQly5+sw2LtfKwY7qcWZZwKiwKQy8=", + "lastModified": 1667468181, + "narHash": "sha256-806/nrDW6e7bl4/oJEdAykYz/NaBuTUi7EUYArw2oic=", "owner": "nix-community", "repo": "home-manager", - "rev": "722e8d65d3aba6f527100cc2d1539e4ca04d066f", + "rev": "93335810751f0404fe424e61ad58bc8e94bf8e9d", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1667301035, - "narHash": "sha256-o8sbiXh7vcIHgpAe/WdU5f7Kq/s3BD0ccyNSVAy7oKk=", + "lastModified": 1667410462, + "narHash": "sha256-GWZh1/ENadYdyhz07ppJzUuF9Xf3nDhSJ3psZKJ6/+U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "adf91a16c0354ba34f27c00c8ed3f4c73f2fd4d5", + "rev": "9d28889ac87433e34a8085c08eb2909369a971ec", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1667231093, - "narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=", + "lastModified": 1667426640, + "narHash": "sha256-zJFPcWL9i0Y1BqzqEa8RKx+SiUgupHhYqPDCaFmlBpw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", + "rev": "636051e353461f073ac55d5d42c1ed062a345046", "type": "github" }, "original": { From caf51025357a05385447d8340f5973302203fe5e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 5 Nov 2022 16:15:33 +0100 Subject: [PATCH 417/904] poseidon: move paperless to hades --- hosts/hades/default.nix | 7 +++++++ hosts/hades/secrets.nix | 3 +++ hosts/poseidon/default.nix | 7 ------- hosts/poseidon/secrets.nix | 3 --- modules/secrets/paperless/admin-password.age | Bin 466 -> 554 bytes modules/secrets/paperless/secret-key.age | 19 ++++++++----------- modules/secrets/secrets.nix | 4 ++-- services/paperless.nix | 4 ++-- 8 files changed, 22 insertions(+), 25 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 27e0673..c44a4a1 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -87,6 +87,13 @@ in { adminpassFile = config.age.secrets."nextcloud/admin-pass".path; }; + paperless = { + enable = true; + port = 8085; + passwordFile = config.age.secrets."paperless/admin-password".path; + secretKeyFile = config.age.secrets."paperless/secret-key".path; + }; + photoprism = { enable = true; port = 8084; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 7215825..28b5d07 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -25,6 +25,9 @@ owner = "nextcloud"; }; + "paperless/admin-password" = {}; + "paperless/secret-key" = {}; + "restic-backup/hades-credentials" = {}; "restic-backup/hades-password" = {}; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index d3c263f..037db1e 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -81,13 +81,6 @@ in { port = 8083; }; - paperless = { - enable = true; - port = 8085; - passwordFile = config.age.secrets."paperless/admin-password".path; - secretKeyFile = config.age.secrets."paperless/secret-key".path; - }; - tailscale = { enable = true; exitNode = true; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 1d87c3c..238e7ea 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,9 +17,6 @@ "lohr/shared-secret" = {}; - "paperless/admin-password" = {}; - "paperless/secret-key" = {}; - "restic-backup/poseidon-credentials" = {}; "restic-backup/poseidon-password" = {}; diff --git a/modules/secrets/paperless/admin-password.age b/modules/secrets/paperless/admin-password.age index 4735d2984922d78ade41ec17d0f52a2ec3c9da7d..62639ad3bf46f4e138e4788df4599b50c711d555 100644 GIT binary patch delta 521 zcmcb_yozOlPQ7zphNY{vXOc^DNS;@Sfn%CxVN^WlVxf_IhU@TLUD11 zZfc5=si~o*LP3N@rBS*l)WqUcg)mD;O&50!g%F#{R2PFp8?NlcDr48ILQ|8x%qrhX-^3($ zqmX*1Dlh%~N{cYhQ16Ps&UXYH_x#K6#kloV~_in1~zUk`H^)65K`l8}f>Oa1aFH}CL}GSA{N zZzu06^A!I;E-qbNU4=-qG~-l%i`+oRB>nnyM|TtFyrhb#L~|c)w=gH?6yq{uaH`mwV@`3pazb<`Do2UV+GZ#3A{)OJOL{rIu-w$itK z=hzNOPW<>yr!t`~FP7iw==*oJT`^@AA_6@>wjAFvW&Xcpe+}~)zxo%Zo{f;ZYasCQ K+7ZX}+6LibsT*xwd&ukawVK zBv)v0hFfHrOG=oLkEL05rGdVIVODTSK!mYDc41y&s8eN5a#dbINL6X1FPE;JLUD11 zZfc5=si~o*LY0|osYRedR90@Xzo%mq)r+WvFYYe{pzjsheS6aW^n=6PoJw_%oN|;xv$*jz4-!zpIn+R&hJxY@a#)DWVKS~MeeRiy=PS} b6+B$SVsOaP{<)}<`JFY diff --git a/modules/secrets/paperless/secret-key.age b/modules/secrets/paperless/secret-key.age index 63e99fc..7870c7a 100644 --- a/modules/secrets/paperless/secret-key.age +++ b/modules/secrets/paperless/secret-key.age @@ -1,12 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 k2gHjw hTWIhs//PCC1vsJrn+UL42FtqRzIKAzfQaVF8gU9iAo -B+BnsXp6J/NLViCMTd6vqj+JbTkkahjqabVvPIU5q9g --> ssh-ed25519 z6Eu8Q YMS3Ht3/97IcTJ31XsmnHhKIo41ewzuGAbnhWJA/qWg -8oiUduRgbcjz3EaP0VEUewVirgdoc7XVogscdceE4Ew --> --grease zku kAX26^8 N0 -Z/CvenJrdHzvk/YZq06fR25xnn2plwbUW3WX86yWv1e7IBYSqnKm9snd5VRRK/R3 -1EWv55qpuPBr ---- BRKnk4UzqUkM4po7qwV3omMv2KSEl5RzujwUSIQgQOg -"Be |!ۃʤWH5wL(v]A,lN14kY1 HZP:n+p)Yq/]i5'=؆OF -E -Ξ8"=ŏs(Xr ۀ \ No newline at end of file +-> ssh-ed25519 k2gHjw CoGvifgWo1JvHjx3PKJa3jR3lKrvgvKnTTui1w6UR0I +gcadr6WbTzyrPD3h3oDifFj/pMZKIzUfDXL6e6610Is +-> ssh-ed25519 pX8y2g MBFa4xDU6CaH6amzlGTmFXIcAXLq2xykRd0WkeUEkQo +91jV5LUuhvOVKSg2cz3TMKI2SaZvCTzXL/xyUWbYJAg +-> lkH}'\W;-grease nZ K\MP7 HUsh +vWwsKxuBXKwpTBkYERd7kPo +--- xohFX48WGxRFVYQzdbSl7l2Go90FSUPH5ml6OalKJwQ +sƀh!,(QlkV~U !B0 ~A!2np`L&{}3%{[)t/njb^{1G[G0  mo :naQ\mfG;(S \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 81d7372..c5e3a36 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -21,8 +21,8 @@ in { "nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; - "paperless/admin-password.age".publicKeys = [alarsyo poseidon]; - "paperless/secret-key.age".publicKeys = [alarsyo poseidon]; + "paperless/admin-password.age".publicKeys = [alarsyo hades]; + "paperless/secret-key.age".publicKeys = [alarsyo hades]; "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; diff --git a/services/paperless.nix b/services/paperless.nix index 415d35e..8a4bd15 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -106,12 +106,12 @@ in { listen = [ # FIXME: hardcoded tailscale IP { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 443; ssl = true; } { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 80; ssl = false; } From e783c7f1fa5f2345222d2f55e28079f003cf2243 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 5 Nov 2022 17:04:41 +0100 Subject: [PATCH 418/904] zephyrus: don't backup go dir --- hosts/zephyrus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 6c2ff03..b6f4440 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -64,6 +64,8 @@ # don't backup nixpkgs "/home/alarsyo/work/nixpkgs" + "/home/alarsyo/go" + # C build crap "*.a" "*.o" From 1f29508108d748340caadb0b1db20e12a8f8fe3e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Nov 2022 16:33:39 +0100 Subject: [PATCH 419/904] services: nextcloud: add to media group --- services/media.nix | 1 + services/nextcloud.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/services/media.nix b/services/media.nix index 0d4ee7f..37aa6d1 100644 --- a/services/media.nix +++ b/services/media.nix @@ -12,6 +12,7 @@ inherit (config.my.services) jellyfin + nextcloud transmission ; }; diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 7349970..951cb0d 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -83,6 +83,8 @@ in { }; }; + users.groups.media.members = ["nextcloud"]; + services.nginx = { virtualHosts = { "cloud.${domain}" = { From 4c056076221520bdd18d61e15a3da2a2599cfd17 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Nov 2022 22:37:52 +0100 Subject: [PATCH 420/904] hades: add pleroma service --- hosts/hades/default.nix | 6 ++ hosts/hades/secrets.nix | 4 + modules/secrets/pleroma/pleroma-config.age | Bin 0 -> 956 bytes modules/secrets/secrets.nix | 2 + services/default.nix | 1 + services/pleroma.nix | 112 +++++++++++++++++++++ 6 files changed, 125 insertions(+) create mode 100644 modules/secrets/pleroma/pleroma-config.age create mode 100644 services/pleroma.nix diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index c44a4a1..d573e98 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -99,6 +99,12 @@ in { port = 8084; }; + pleroma = { + enable = true; + port = 8086; + secretConfigFile = config.age.secrets."pleroma/pleroma-config".path; + }; + restic-backup = { enable = true; repo = "b2:hades-backup-alarsyo"; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 28b5d07..40373ec 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -28,6 +28,10 @@ "paperless/admin-password" = {}; "paperless/secret-key" = {}; + "pleroma/pleroma-config" = { + owner = "pleroma"; + }; + "restic-backup/hades-credentials" = {}; "restic-backup/hades-password" = {}; diff --git a/modules/secrets/pleroma/pleroma-config.age b/modules/secrets/pleroma/pleroma-config.age new file mode 100644 index 0000000000000000000000000000000000000000..9b1463967dbb6cdc6356fc2db12d938a5f6fd633 GIT binary patch literal 956 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dp&CE&CfMT z%}MvSGzfCfbB;20HpnRsDe(zOOmqt^H#LkfNDr+nF7PYQDCSD83JFQ7tjI|!^$l~= zugLJNNVYUd)pxE6H!h0EaLX=92{f3C|w~aJ3P%bInOV!z|S=z z)571)D6On4z_irNL_f1C${^A_ySUV|*fTfGEuX8vD8Rospu*7Kslub!AjKro%`+*~ zD6QB#z0@z&EVSII$hq9D*fBfE-4$e8O_9BiwQhP*YGQFJSE`3WrIE8wqCs#$qDeqO zqLZITsk6CvfQLmfm#(g^LTN#fp^IO7dPt^WL~&J~sbz?9T9|Kcv5U5$QA)m9VVR+` zZ-_;eVR2Q@PB#I#sfI$6`b22P=bOgr4t{FR%RkY|{eMsFOAZYn=q^ zLd`yUWSAd0Kj9_AYsOux49#czYPwy1>D!kvyR-9+{@WADEO83%&u<7s>|7~je)RUr zl;i_z6a?clgOyb#vfs0MZg+pG#uJX1iKRx$Utc8ZWE`w9>AA!qH~F?w^xN%)>wFe@ zUfR8F#^3YHraX7(Qf^dA{qM@i!*YKH*NYbmR*D_l@oEzH9~p(7PkwcxO@=Z*zUph9 z&}{Hn$lH6qG>7Xh6Qjk;D`Jk(mo#EOEZDF+uUm4f*PXRTAMf28ao{;4W6;jOnViRT zwoDB8^=_LUPXrs|5y|QQcbOk@SYi_^seP-+KHjiHVa6Qa-g_aU=d1;fr`D|Q5sv4V zdvX5RDUX#^+;S4jOTvHV9v8hibCR$2ncsC=|8X5G3@i9uAalNR&JVtgcf2>Q*(jKk tQ&FtrarY Date: Tue, 8 Nov 2022 12:03:12 +0100 Subject: [PATCH 421/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/93335810751f0404fe424e61ad58bc8e94bf8e9d' (2022-11-03) → 'github:nix-community/home-manager/d20e3d070c78271356a2d5d73c01f1de94586087' (2022-11-08) • Updated input 'home-manager/utils': 'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/636051e353461f073ac55d5d42c1ed062a345046' (2022-11-02) → 'github:NixOS/nixpkgs/667e5581d16745bcda791300ae7e2d73f49fff25' (2022-11-07) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/9d28889ac87433e34a8085c08eb2909369a971ec' (2022-11-02) → 'github:NixOS/nixpkgs/295778ad21806918c16176164497f2793e2133f4' (2022-11-08) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 5c9fe61..00f8652 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1667468181, - "narHash": "sha256-806/nrDW6e7bl4/oJEdAykYz/NaBuTUi7EUYArw2oic=", + "lastModified": 1667898954, + "narHash": "sha256-VqHVeoxcOl9M6yQ+LV3yTWMb0h5Rl5yixn9PCY/MJJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "93335810751f0404fe424e61ad58bc8e94bf8e9d", + "rev": "d20e3d070c78271356a2d5d73c01f1de94586087", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1667410462, - "narHash": "sha256-GWZh1/ENadYdyhz07ppJzUuF9Xf3nDhSJ3psZKJ6/+U=", + "lastModified": 1667879206, + "narHash": "sha256-fHiB8mIUotFpbvugTJ9ImYJ6q0ry2QVFHYox6YRHHaE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d28889ac87433e34a8085c08eb2909369a971ec", + "rev": "295778ad21806918c16176164497f2793e2133f4", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1667426640, - "narHash": "sha256-zJFPcWL9i0Y1BqzqEa8RKx+SiUgupHhYqPDCaFmlBpw=", + "lastModified": 1667811565, + "narHash": "sha256-HYml7RdQPQ7X13VNe2CoDMqmifsXbt4ACTKxHRKQE3Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "636051e353461f073ac55d5d42c1ed062a345046", + "rev": "667e5581d16745bcda791300ae7e2d73f49fff25", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "utils": { "locked": { - "lastModified": 1667077288, - "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { From f0677c32a42eb2c82bc12ef71dccd4cf37f87f14 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 9 Nov 2022 16:35:42 +0100 Subject: [PATCH 422/904] base: add lsusb / lspci to base programs --- base/programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/programs.nix b/base/programs.nix index eee3889..a18695f 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -31,6 +31,8 @@ tree wget jq + pciutils + usbutils # development alejandra From 9a68486370ee4c997bb764dedf4c09989633d3af Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Nov 2022 15:48:11 +0100 Subject: [PATCH 423/904] services: nextcloud: bump version --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 951cb0d..acf8007 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -64,7 +64,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; maxUploadSize = "1G"; From 751f3746c706df64c287f9e88a979a6ed075fb6e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Nov 2022 19:28:38 +0100 Subject: [PATCH 424/904] base: switch to gpg-agent for ssh agent --- base/programs.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index a18695f..554ec02 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -3,16 +3,11 @@ fish.enable = true; gnupg.agent = { enable = true; + enableSSHSupport = true; pinentryFlavor = "gnome3"; }; less.enable = true; mosh.enable = true; - ssh = { - startAgent = true; - extraConfig = '' - AddKeysToAgent yes - ''; - }; # setcap wrapper for network permissions bandwhich.enable = true; From fd9cd57ff6d73e6ae21c8ac737a4c27407691095 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Nov 2022 19:28:56 +0100 Subject: [PATCH 425/904] base: use yubikey ssh key for login --- base/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/users.nix b/base/users.nix index 6f5e441..1b1077f 100644 --- a/base/users.nix +++ b/base/users.nix @@ -22,6 +22,7 @@ in { ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad" ]; }; From d8573cad9e95d9874f09fa7ab2f3e46e73522cfe Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Nov 2022 20:30:51 +0100 Subject: [PATCH 426/904] base: move gpg agent to gui programs It'll only get used on machines I can physically access --- base/gui-programs.nix | 6 ++++++ base/programs.nix | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 87227b9..11480d3 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -20,6 +20,12 @@ in { config = mkIf config.my.gui.enable { my.displayManager.sddm.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryFlavor = "gnome3"; + }; + services = { xserver = { enable = true; diff --git a/base/programs.nix b/base/programs.nix index 554ec02..91d4ebf 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -1,11 +1,6 @@ {pkgs, ...}: { programs = { fish.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryFlavor = "gnome3"; - }; less.enable = true; mosh.enable = true; From 733f46d70a8dcb278b37672a1990f3a8ad8419c2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Nov 2022 23:46:17 +0100 Subject: [PATCH 427/904] base: centralize openssh settings --- base/programs.nix | 8 ++++++++ hosts/boreal/default.nix | 6 +----- hosts/hades/default.nix | 2 -- hosts/poseidon/default.nix | 2 -- hosts/zephyrus/default.nix | 6 +----- 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index 91d4ebf..194a371 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -8,6 +8,14 @@ bandwhich.enable = true; }; + services.openssh = { + passwordAuthentication = false; + permitRootLogin = "no"; + extraConfig = '' + StreamLocalBindUnlink yes + ''; + }; + environment.systemPackages = builtins.attrValues { inherit (pkgs) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 6661e08..7241b8a 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -79,11 +79,7 @@ }; services = { - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; + openssh.enable = true; }; my.gui = { enable = true; diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index d573e98..cb6b639 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -126,8 +126,6 @@ in { # Enable the OpenSSH daemon. services.openssh.enable = true; - services.openssh.permitRootLogin = "no"; - services.openssh.passwordAuthentication = false; virtualisation.docker.enable = true; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 037db1e..30fc071 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -89,8 +89,6 @@ in { # Enable the OpenSSH daemon. services.openssh.enable = true; - services.openssh.permitRootLogin = "no"; - services.openssh.passwordAuthentication = false; # Takes a long while to build documentation.nixos.enable = false; diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index b6f4440..dbfd570 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -85,11 +85,7 @@ }; }; fwupd.enable = true; - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; + openssh.enable = true; }; my.gui.enable = true; From 630d511f9f7fc829e8e55a368143051c1e0f2f11 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Nov 2022 23:50:46 +0100 Subject: [PATCH 428/904] secrets: remove home key from age id paths --- modules/secrets/default.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 2710b66..d6ef6ee 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -4,11 +4,4 @@ options, ... }: { - config.age = { - identityPaths = - options.age.identityPaths.default - ++ [ - "/home/alarsyo/.ssh/id_ed25519" - ]; - }; } From 3227363b37f9a8225331d8feaf8e993ddf9ffefc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Nov 2022 00:36:30 +0100 Subject: [PATCH 429/904] home: ssh: setup gpg ssh agent socket forwarding --- home/ssh.nix | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/home/ssh.nix b/home/ssh.nix index 4b65ea9..3f80b3b 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -19,10 +19,23 @@ in { programs.ssh = { enable = true; - matchBlocks = { - boreal = {hostname = "boreal.alarsyo.net";}; - poseidon = {hostname = "poseidon.alarsyo.net";}; - pi = { + matchBlocks = let + addGPGAgentForwarding = hostConf: + { + remoteForwards = [ + { + # shhhh this is a path but it works + bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; + host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; + } + ]; + } + // hostConf; + in { + boreal = addGPGAgentForwarding {hostname = "boreal.alarsyo.net";}; + hades = addGPGAgentForwarding {hostname = "hades.alarsyo.net";}; + poseidon = addGPGAgentForwarding {hostname = "poseidon.alarsyo.net";}; + pi = addGPGAgentForwarding { hostname = "pi.alarsyo.net"; user = "pi"; }; From c60c8217b3521f6730230f1b3aa2fa1d86e3ab31 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Nov 2022 00:37:38 +0100 Subject: [PATCH 430/904] home: setup ssh_auth_sock --- home/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/home/default.nix b/home/default.nix index fa7f6ea..6aa9f82 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,4 +1,4 @@ -{...}: { +{config, ...}: { imports = [ ./alacritty.nix ./bat.nix @@ -25,7 +25,11 @@ home.username = "alarsyo"; - home.sessionVariables = { + home.sessionVariables = let + gpgPackage = config.programs.gpg.package; + in { BROWSER = "firefox"; + # FIXME: only set if gpg-agent not in use, otherwise home manager already does that + SSH_AUTH_SOCK = "$(${gpgPackage}/bin/gpgconf --list-dirs agent-ssh-socket)"; }; } From 7fa05cbbe9c17a7f49f9615b00bfefd2a7fe4e3a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Nov 2022 00:49:30 +0100 Subject: [PATCH 431/904] home: rofi: disable mosh mosh doesn't support agent forwarding --- home/rofi.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/home/rofi.nix b/home/rofi.nix index 5419209..96c7447 100644 --- a/home/rofi.nix +++ b/home/rofi.nix @@ -21,9 +21,6 @@ in { enable = true; terminal = "${pkgs.alacritty}/bin/alacritty"; - extraConfig = { - ssh-client = "${pkgs.mosh}/bin/mosh"; - }; }; }; } From f6cd2b02d5061462089659ab379f15725d6d1b97 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Nov 2022 12:02:40 +0100 Subject: [PATCH 432/904] ci: update all actions to latest version Fixes NodeJS runtime warnings in CI --- .github/workflows/cachix.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index d13d888..91cb4ff 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -13,9 +13,9 @@ jobs: name: Format check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v18 - name: Run alejandra run: nix run nixpkgs#alejandra -- --check . @@ -24,11 +24,11 @@ jobs: name: Flake check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v18 - - uses: cachix/cachix-action@v10 + - uses: cachix/cachix-action@v12 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -53,11 +53,11 @@ jobs: - spot steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v18 - - uses: cachix/cachix-action@v10 + - uses: cachix/cachix-action@v12 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -81,11 +81,11 @@ jobs: - zephyrus steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v16 + - uses: cachix/install-nix-action@v18 - - uses: cachix/cachix-action@v10 + - uses: cachix/cachix-action@v12 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From 5bc4c74b6b1eb444085bcc8be9c7d4688e8d8346 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Nov 2022 12:39:33 +0100 Subject: [PATCH 433/904] zephyrus: don't backup qcow images --- hosts/zephyrus/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index dbfd570..a498e4a 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -71,6 +71,9 @@ "*.o" "*.so" + # test vms + "*.qcow2" + # ignore all dotfiles as .config and .cache can become quite big "/home/alarsyo/.*" ]; From 38e7944600021a18fb0278815837e646619c24f6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 23 Nov 2022 00:38:27 +0100 Subject: [PATCH 434/904] zephyrus: don't backup secrets --- hosts/zephyrus/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index a498e4a..b267958 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -74,6 +74,9 @@ # test vms "*.qcow2" + # secrets stay offline + "/home/alarsyo/**/secrets" + # ignore all dotfiles as .config and .cache can become quite big "/home/alarsyo/.*" ]; From 7bf8a1456d0db88c4f44f6c2f9c251de35acc8c5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 23 Nov 2022 00:38:38 +0100 Subject: [PATCH 435/904] home: ssh: add included config file to ssh_config --- home/ssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/ssh.nix b/home/ssh.nix index 3f80b3b..0959bef 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -49,6 +49,8 @@ in { proxyJump = "ssh.lrde.epita.fr"; }; }; + + includes = ["prologin_config"]; }; }; } From e06f1d51b9d3c8506ed9f68109602a64b715e86f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 15:42:06 +0100 Subject: [PATCH 436/904] servers: enable vnstatd --- hosts/hades/default.nix | 6 ++++-- hosts/poseidon/default.nix | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index cb6b639..8402d77 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -124,8 +124,10 @@ in { }; }; - # Enable the OpenSSH daemon. - services.openssh.enable = true; + services = { + openssh.enable = true; + vnstat.enable = true; + }; virtualisation.docker.enable = true; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 30fc071..eea84dd 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -87,8 +87,10 @@ in { }; }; - # Enable the OpenSSH daemon. - services.openssh.enable = true; + services = { + openssh.enable = true; + vnstat.enable = true; + }; # Takes a long while to build documentation.nixos.enable = false; From 6f3a579cd6bfd0f86680797950d38d2ad5874e1e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 15:45:40 +0100 Subject: [PATCH 437/904] home: git: setup global ignores --- home/git.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/git.nix b/home/git.nix index 1ab8fbf..cf53348 100644 --- a/home/git.nix +++ b/home/git.nix @@ -57,6 +57,11 @@ in { contents = {user = {email = "antoine4.martin@epita.fr";};}; } ]; + + ignores = [ + "/.direnv/" + "/.envrc" + ]; }; }; } From d0402bf51c2d63a2f55ae029da93f9bb33899436 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 15:45:48 +0100 Subject: [PATCH 438/904] zephyrus: docker's back --- hosts/zephyrus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index b267958..721e854 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -83,6 +83,8 @@ }; }; + virtualisation.docker.enable = true; + services = { tlp = { settings = { From 1aed5480c02ac997391575266ccdaf1fa0be4240 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 18:56:01 +0100 Subject: [PATCH 439/904] zephyrus: enable udisks2 --- hosts/zephyrus/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 721e854..fc17a28 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -98,6 +98,7 @@ my.gui.enable = true; services.udev.packages = [pkgs.chrysalis]; + services.udisks2.enable = true; hardware.bluetooth = { enable = true; From a694d46ae44fbd46d0907401aadcb894f95787b5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 18:56:10 +0100 Subject: [PATCH 440/904] flake: bump nixpkgs to 22.11-beta --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 00f8652..d784b86 100644 --- a/flake.lock +++ b/flake.lock @@ -106,16 +106,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1667811565, - "narHash": "sha256-HYml7RdQPQ7X13VNe2CoDMqmifsXbt4ACTKxHRKQE3Q=", + "lastModified": 1669061335, + "narHash": "sha256-hq6EILj/H/z+kpGyU9X3cy1F6vaRKmNFnRY1y36U6Ow=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "667e5581d16745bcda791300ae7e2d73f49fff25", + "rev": "bb029673bface2fc9fb807f209f63ca06478a72d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "22.11-beta", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 5ed22ed..f76f2a7 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-unstable"; + ref = "22.11-beta"; }; nixpkgs-unstable-small = { From a1b8e397d1898be58aeb74a009b846be1df72235 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 23:21:01 +0100 Subject: [PATCH 441/904] overlays: add hugin fix --- hosts/boreal/home.nix | 2 ++ overlays/default.nix | 1 + overlays/hugin/default.nix | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 overlays/hugin/default.nix diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 248877b..f522fb3 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -20,6 +20,8 @@ chromium darktable + hugin + enblend-enfuse # dev rustup diff --git a/overlays/default.nix b/overlays/default.nix index 67e397d..0ab200f 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,4 +1,5 @@ { i3status-rust = import ./i3status-rust; chrysalis = import ./chrysalis; + hugin = import ./hugin; } diff --git a/overlays/hugin/default.nix b/overlays/hugin/default.nix new file mode 100644 index 0000000..f6f0209 --- /dev/null +++ b/overlays/hugin/default.nix @@ -0,0 +1,34 @@ +final: prev: { + # hugin needs glew-egl since wxGTK30 upgrade: + # https://bugs.archlinux.org/task/75406 + hugin = prev.hugin.overrideAttrs (oldAttrs: { + buildInputs = with final; [ + boost + cairo + exiv2 + fftw + flann + gettext + glew + ilmbase + lcms2 + lensfun + libjpeg + libpng + libtiff + xorg.libX11 + xorg.libXi + xorg.libXmu + libGLU + libGL + openexr + panotools + sqlite + vigra + (wxGTK31.override { + withEGL = false; + }) + zlib + ]; + }); +} From bfb710a2f51150fc75a6221a156f375783aab098 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Nov 2022 23:21:09 +0100 Subject: [PATCH 442/904] home: add xdg_data_home to session vars hugin crashes if this is undefined --- home/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/default.nix b/home/default.nix index 6aa9f82..97d2b3c 100644 --- a/home/default.nix +++ b/home/default.nix @@ -31,5 +31,6 @@ BROWSER = "firefox"; # FIXME: only set if gpg-agent not in use, otherwise home manager already does that SSH_AUTH_SOCK = "$(${gpgPackage}/bin/gpgconf --list-dirs agent-ssh-socket)"; + XDG_DATA_HOME = "$HOME/.local/share"; }; } From 941551efb58da1a923c18f5555ac342112736ba7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Dec 2022 10:51:27 +0100 Subject: [PATCH 443/904] flake: move to nixos-22.11 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index d784b86..fda927c 100644 --- a/flake.lock +++ b/flake.lock @@ -106,16 +106,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1669061335, - "narHash": "sha256-hq6EILj/H/z+kpGyU9X3cy1F6vaRKmNFnRY1y36U6Ow=", + "lastModified": 1669834992, + "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb029673bface2fc9fb807f209f63ca06478a72d", + "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", "type": "github" }, "original": { "owner": "NixOS", - "ref": "22.11-beta", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index f76f2a7..3528f56 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "22.11-beta"; + ref = "nixos-22.11"; }; nixpkgs-unstable-small = { From 3d240ceaee131cdfe7ec85398ce1f07c274a469a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Dec 2022 11:00:29 +0100 Subject: [PATCH 444/904] flake: move home-manager to release-22.11 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index fda927c..ff70d5c 100644 --- a/flake.lock +++ b/flake.lock @@ -42,16 +42,16 @@ "utils": "utils" }, "locked": { - "lastModified": 1667898954, - "narHash": "sha256-VqHVeoxcOl9M6yQ+LV3yTWMb0h5Rl5yixn9PCY/MJJo=", + "lastModified": 1669724862, + "narHash": "sha256-GwLonjmyhnTGQRNfKcUCgMSKYj49ZehjjJulaM/yH18=", "owner": "nix-community", "repo": "home-manager", - "rev": "d20e3d070c78271356a2d5d73c01f1de94586087", + "rev": "e891b060e7d11bb8f7dedb86a41d804891a6f5a9", "type": "github" }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "release-22.11", "repo": "home-manager", "type": "github" } diff --git a/flake.nix b/flake.nix index 3528f56..12d264d 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "master"; + ref = "release-22.11"; inputs.nixpkgs.follows = "nixpkgs"; }; From a493a1054974eb6ef9720d4899a50b3cdf82210c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Dec 2022 15:11:20 +0100 Subject: [PATCH 445/904] home: i3: use playerctld --- home/x/i3.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index cfbac78..29f17b2 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -33,6 +33,9 @@ in { home.packages = [pkgs.betterlockscreen pkgs.playerctl]; + # used to control music + services.playerctld.enable = true; + xsession.windowManager.i3 = { enable = true; From 61a9813019712bb3d9eeeaee931c09ec708160d4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Dec 2022 11:54:57 +0100 Subject: [PATCH 446/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e891b060e7d11bb8f7dedb86a41d804891a6f5a9' (2022-11-29) → 'github:nix-community/home-manager/0e8125916b420e41bf0d23a0aa33fadd0328beb3' (2022-12-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/596a8e828c5dfa504f91918d0fa4152db3ab5502' (2022-11-30) → 'github:NixOS/nixpkgs/e169cf5b3b1e6cc4a25ff15087c2621605f83409' (2022-12-04) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/295778ad21806918c16176164497f2793e2133f4' (2022-11-08) → 'github:NixOS/nixpkgs/5b9b93b9be4234aaf9cd53e3247a927225095514' (2022-12-05) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ff70d5c..2fd6568 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1669724862, - "narHash": "sha256-GwLonjmyhnTGQRNfKcUCgMSKYj49ZehjjJulaM/yH18=", + "lastModified": 1670253003, + "narHash": "sha256-/tJIy4+FbsQyslq1ipyicZ2psOEd8dvl4OJ9lfisjd0=", "owner": "nix-community", "repo": "home-manager", - "rev": "e891b060e7d11bb8f7dedb86a41d804891a6f5a9", + "rev": "0e8125916b420e41bf0d23a0aa33fadd0328beb3", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1667879206, - "narHash": "sha256-fHiB8mIUotFpbvugTJ9ImYJ6q0ry2QVFHYox6YRHHaE=", + "lastModified": 1670230006, + "narHash": "sha256-a6XPSCwCQQPdIedTXQKFXTkpgB7vm/iwFje8PEju5HM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "295778ad21806918c16176164497f2793e2133f4", + "rev": "5b9b93b9be4234aaf9cd53e3247a927225095514", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1669834992, - "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", + "lastModified": 1670193339, + "narHash": "sha256-oHTAhX4p6+uxcabq0rKL4EyKWPbDLGKec88ocPIU/2Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", + "rev": "e169cf5b3b1e6cc4a25ff15087c2621605f83409", "type": "github" }, "original": { From abcf14ba98be18110f9e3d790af375afc64cc741 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Dec 2022 18:32:22 +0100 Subject: [PATCH 447/904] zephyrus: add gdb and valgrind everywhere --- hosts/zephyrus/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 8adfb97..93cc0f9 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -25,6 +25,8 @@ # dev rustup + gdb + valgrind arandr ; From ae47ba3b414b309bf938b3b2a0988cefd1bcee91 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Dec 2022 12:45:46 +0100 Subject: [PATCH 448/904] home: fish: add bluetooth aliases and abbrevs --- home/fish/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/home/fish/default.nix b/home/fish/default.nix index 6fa9f00..b415982 100644 --- a/home/fish/default.nix +++ b/home/fish/default.nix @@ -22,6 +22,16 @@ in { programs.fish = { enable = true; + shellAliases = { + "bt" = "bluetoothctl"; + }; + shellAbbrs = { + "bton" = "bluetoothctl power on"; + "btoff" = "bluetoothctl power off"; + "btcon" = "bluetoothctl connect"; + "btdis" = "bluetoothctl disconnect"; + "btinfo" = "bluetoothctl info"; + }; }; xdg.configFile."fish/functions" = {source = ./. + "/functions";}; From 2477807458b82de6572b8ee37bc4995d91bf8014 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Dec 2022 15:22:58 +0100 Subject: [PATCH 449/904] switch pinentry to qt --- base/gui-programs.nix | 2 +- base/programs.nix | 2 +- home/rbw.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 11480d3..709b38b 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -23,7 +23,7 @@ in { programs.gnupg.agent = { enable = true; enableSSHSupport = true; - pinentryFlavor = "gnome3"; + pinentryFlavor = "qt"; }; services = { diff --git a/base/programs.nix b/base/programs.nix index 194a371..a918598 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -40,7 +40,7 @@ gnumake gnupg kakoune - pinentry-gnome + pinentry-qt python3 vim # terminal utilities diff --git a/home/rbw.nix b/home/rbw.nix index 10d2178..974226e 100644 --- a/home/rbw.nix +++ b/home/rbw.nix @@ -22,7 +22,7 @@ in { email = "antoine@alarsyo.net"; base_url = "https://pass.alarsyo.net"; lock_timeout = 60 * 60 * 12; - pinentry = pkgs.pinentry-gnome; + pinentry = pkgs.pinentry-qt; }; }; From e09bb7e5135c2186fea7d1f9339014775f82a03b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Dec 2022 15:23:47 +0100 Subject: [PATCH 450/904] boreal: enable X11 forwarding --- hosts/boreal/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 7241b8a..45b7d44 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -79,7 +79,10 @@ }; services = { - openssh.enable = true; + openssh = { + enable = true; + forwardX11 = true; + }; }; my.gui = { enable = true; From d7816612efff7b0adf000571c7119f73085997a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Dec 2022 22:08:14 +0100 Subject: [PATCH 451/904] zephyrus: add zotero --- hosts/zephyrus/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix index 93cc0f9..ab33920 100644 --- a/hosts/zephyrus/home.nix +++ b/hosts/zephyrus/home.nix @@ -28,6 +28,7 @@ gdb valgrind arandr + zotero ; inherit (pkgs.packages) spot; From eea3120286efcd710e4bc9c185c44bfd016b147b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 14 Dec 2022 22:08:59 +0100 Subject: [PATCH 452/904] home: add jellyfin to tridactyl blacklist --- home/tridactylrc | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tridactylrc b/home/tridactylrc index 70c3504..9c15b82 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -30,6 +30,7 @@ set editorcmd emacsclient -c " copy all the things set yankto both +blacklistadd jellyfin.alarsyo.net blacklistadd netflix.com blacklistadd primevideo.com blacklistadd youtube.com From f3d1b6e11fde47794f26aab09b97275960964a20 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 15 Dec 2022 04:40:32 +0100 Subject: [PATCH 453/904] pkgs: spot: bump to 2.11.3 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index eb0f7d0..8c4418c 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.11.2"; + version = "2.11.3"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-PmNFjw2khj4c0NLP6FGhAV0yIgXX5AbGqdlWgLnqdU4="; + sha256 = "sha256-wyyL5lzyLZQgxTPH51isWwgle+qmdJgPZHv7ZeaVM0M="; }; } From 8f8cdc62835e663c70fe7f07f213b5659813d982 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 15 Dec 2022 10:47:48 +0100 Subject: [PATCH 454/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e169cf5b3b1e6cc4a25ff15087c2621605f83409' (2022-12-04) → 'github:NixOS/nixpkgs/265caf30fa0a5148395b62777389b57eb0a537fd' (2022-12-13) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/5b9b93b9be4234aaf9cd53e3247a927225095514' (2022-12-05) → 'github:NixOS/nixpkgs/f9b0bd5202a0df10856c9fe4cba0074aa0968047' (2022-12-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2fd6568..727e79c 100644 --- a/flake.lock +++ b/flake.lock @@ -90,11 +90,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1670230006, - "narHash": "sha256-a6XPSCwCQQPdIedTXQKFXTkpgB7vm/iwFje8PEju5HM=", + "lastModified": 1671005503, + "narHash": "sha256-L5pMUoEAxmqwyAivNKvTcNhxL3xY58Zjh3XYtVO2LaQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5b9b93b9be4234aaf9cd53e3247a927225095514", + "rev": "f9b0bd5202a0df10856c9fe4cba0074aa0968047", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1670193339, - "narHash": "sha256-oHTAhX4p6+uxcabq0rKL4EyKWPbDLGKec88ocPIU/2Y=", + "lastModified": 1670946965, + "narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e169cf5b3b1e6cc4a25ff15087c2621605f83409", + "rev": "265caf30fa0a5148395b62777389b57eb0a537fd", "type": "github" }, "original": { From 45540e57a85bf1120b1895b480388de046205dc3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 15 Dec 2022 11:49:48 +0100 Subject: [PATCH 455/904] base: switch Discord to stable channel as well The SKIP_HOST_UPDATE workaround is enough --- base/gui-programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 709b38b..b3ec19a 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -68,7 +68,7 @@ in { inherit (pkgs.gnome) nautilus; - discord = pkgs.unstable.discord.override {nss = pkgs.nss_latest;}; + discord = pkgs.discord.override {nss = pkgs.nss_latest;}; }; networking.networkmanager = { From 82eb87a388a3cbf7f61b8bba38d6cb0c4acee805 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Dec 2022 01:25:05 +0100 Subject: [PATCH 456/904] services: matrix: expose healthcheck --- services/matrix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/matrix.nix b/services/matrix.nix index f09fc9f..92a7b5c 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -172,6 +172,7 @@ in { "/_matrix" = proxyToClientPort; "/_synapse/client" = proxyToClientPort; + "/health" = proxyToClientPort; }; listen = [ From 1c535b8a99ac4e68a5bc342ad1b4c63dc1f88930 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Dec 2022 01:27:41 +0100 Subject: [PATCH 457/904] services: nextcloud: disable openssl 1.1 support I'm not using SSE --- services/nextcloud.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index acf8007..f1e67e4 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,6 +62,8 @@ in { services.nextcloud = { enable = true; + enableBrokenCiphersForSSE = false; + hostName = "cloud.${domain}"; https = true; package = pkgs.nextcloud25; From 35ee93cbbc27b5d927219cceeb0c8f3be5f918a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Dec 2022 01:42:05 +0100 Subject: [PATCH 458/904] services: pleroma: enable healthcheck --- services/pleroma.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/pleroma.nix b/services/pleroma.nix index 2593c81..cdddc43 100644 --- a/services/pleroma.nix +++ b/services/pleroma.nix @@ -61,7 +61,8 @@ in { email: "contact+pleroma@alarsyo.net", notify_email: "pleroma@alarsyo.net", limit: 5000, - registrations_open: false + registrations_open: false, + healthcheck: true config :pleroma, :media_proxy, enabled: false, From f506774ccaf3b8629d9cb2019f0576cd79b63a72 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 20 Dec 2022 13:47:36 +0100 Subject: [PATCH 459/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/265caf30fa0a5148395b62777389b57eb0a537fd' (2022-12-13) → 'github:NixOS/nixpkgs/0938d73bb143f4ae037143572f11f4338c7b2d1c' (2022-12-17) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 727e79c..4fce956 100644 --- a/flake.lock +++ b/flake.lock @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1670946965, - "narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=", + "lastModified": 1671313200, + "narHash": "sha256-itZTrtHeDJjV696+ur0/TzkTqb5y3Eb57WRLRPK3rwA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "265caf30fa0a5148395b62777389b57eb0a537fd", + "rev": "0938d73bb143f4ae037143572f11f4338c7b2d1c", "type": "github" }, "original": { From d6bead2f3f135330a5dac9875f93a56dceb3cc3a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 Jan 2023 18:43:00 +0100 Subject: [PATCH 460/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/0e8125916b420e41bf0d23a0aa33fadd0328beb3' (2022-12-05) → 'github:nix-community/home-manager/89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706' (2022-12-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0938d73bb143f4ae037143572f11f4338c7b2d1c' (2022-12-17) → 'github:NixOS/nixpkgs/6a0d2701705c3cf6f42c15aa92b7885f1f8a477f' (2022-12-30) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 4fce956..8934edd 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1670253003, - "narHash": "sha256-/tJIy4+FbsQyslq1ipyicZ2psOEd8dvl4OJ9lfisjd0=", + "lastModified": 1672244468, + "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", "owner": "nix-community", "repo": "home-manager", - "rev": "0e8125916b420e41bf0d23a0aa33fadd0328beb3", + "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1671313200, - "narHash": "sha256-itZTrtHeDJjV696+ur0/TzkTqb5y3Eb57WRLRPK3rwA=", + "lastModified": 1672441588, + "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0938d73bb143f4ae037143572f11f4338c7b2d1c", + "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", "type": "github" }, "original": { From 93420b0108a363450b334580fee5c6a3aa845876 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Jan 2023 14:11:20 +0100 Subject: [PATCH 461/904] zephyrus: switch to latest kernel getting sound problems on 5.15.82 --- hosts/zephyrus/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index fc17a28..c997c1b 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -14,7 +14,7 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages; + boot.kernelPackages = pkgs.linuxPackages_latest; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From 736f5c59903506ae7234d49db399efcd6f18c39b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Jan 2023 14:13:01 +0100 Subject: [PATCH 462/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6a0d2701705c3cf6f42c15aa92b7885f1f8a477f' (2022-12-30) → 'github:NixOS/nixpkgs/8c54d842d9544361aac5f5b212ba04e4089e8efe' (2023-01-08) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8934edd..2d7f3d1 100644 --- a/flake.lock +++ b/flake.lock @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1672441588, - "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", + "lastModified": 1673163619, + "narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", + "rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe", "type": "github" }, "original": { From 4f11818498cafa1e1f77b92d5accc5a004b5ca7b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Jan 2023 14:37:40 +0100 Subject: [PATCH 463/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8c54d842d9544361aac5f5b212ba04e4089e8efe' (2023-01-08) → 'github:NixOS/nixpkgs/ab1254087f4cdf4af74b552d7fc95175d9bdbb49' (2023-01-22) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2d7f3d1..6946ce0 100644 --- a/flake.lock +++ b/flake.lock @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1673163619, - "narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=", + "lastModified": 1674407282, + "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe", + "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", "type": "github" }, "original": { From 98394281bfcf2dae48e4c477ecf2d5ad14616fbf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Jan 2023 14:40:51 +0100 Subject: [PATCH 464/904] Revert "zephyrus: switch to latest kernel" This reverts commit 93420b0108a363450b334580fee5c6a3aa845876. --- hosts/zephyrus/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index c997c1b..fc17a28 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -14,7 +14,7 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From cab7845ee7d989152a09b5f0a910832b8fdceea4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 29 Jan 2023 01:35:51 +0100 Subject: [PATCH 465/904] services: scribe: setup scribe service --- hosts/hades/default.nix | 5 +++ services/default.nix | 1 + services/scribe.nix | 71 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 services/scribe.nix diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 8402d77..5e446aa 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -113,6 +113,11 @@ in { paths = ["/home/alarsyo"]; }; + scribe = { + enable = true; + port = 8087; + }; + tailscale = { enable = true; exitNode = true; diff --git a/services/default.nix b/services/default.nix index 44c7def..68f98de 100644 --- a/services/default.nix +++ b/services/default.nix @@ -20,6 +20,7 @@ ./postgresql-backup.nix ./postgresql.nix ./restic-backup.nix + ./scribe.nix ./tailscale.nix ./transmission.nix ]; diff --git a/services/scribe.nix b/services/scribe.nix new file mode 100644 index 0000000..09e5836 --- /dev/null +++ b/services/scribe.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.scribe; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.scribe = let + inherit (lib) types; + in { + enable = mkEnableOption "Scribe config"; + + home = mkOption { + type = types.str; + default = "/var/lib/scribe"; + example = "/var/lib/scribe"; + description = "Home for the scribe service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 2343; + example = 8080; + description = "Internal port for Scribe service"; + }; + }; + + config = mkIf cfg.enable { + users.users.scribe = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "scribe"; + }; + users.groups.scribe = {}; + + services.nginx.virtualHosts = { + "scribe.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + + extraConfig = '' + proxy_connect_timeout 600; + proxy_read_timeout 600; + proxy_send_timeout 600; + client_max_body_size 200m; + ''; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["scribe.${domain}"]; + }; +} From 7adda18f5b1ba74182bf55d8d4dc3f769f52c97e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 1 Feb 2023 15:52:13 +0100 Subject: [PATCH 466/904] base: add signal-desktop to gui-programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index b3ec19a..a37270d 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -57,6 +57,7 @@ in { mpv obs-studio pavucontrol + signal-desktop slack spotify tdesktop From e63430aca41d54b788f482e9fb1975c1d9f24812 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Feb 2023 14:23:53 +0100 Subject: [PATCH 467/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706' (2022-12-28) → 'github:nix-community/home-manager/65c47ced082e3353113614f77b1bc18822dc731f' (2023-01-23) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ab1254087f4cdf4af74b552d7fc95175d9bdbb49' (2023-01-22) → 'github:NixOS/nixpkgs/cff83d5032a21aad4f69bf284e95b5f564f4a54e' (2023-02-05) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6946ce0..dcd8873 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1672244468, - "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", + "lastModified": 1674440933, + "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", "owner": "nix-community", "repo": "home-manager", - "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", + "rev": "65c47ced082e3353113614f77b1bc18822dc731f", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1674407282, - "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", + "lastModified": 1675600654, + "narHash": "sha256-ipsDTkzRq1CAl2g5tYd7ugjVMSKF6KLh9F+5Kso0lT0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", + "rev": "cff83d5032a21aad4f69bf284e95b5f564f4a54e", "type": "github" }, "original": { From 906230939736b7ecdfeea460c95f0b74f1944dd9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 7 Feb 2023 15:54:57 +0100 Subject: [PATCH 468/904] zephyrus: enable libvirtd --- base/users.nix | 1 + hosts/zephyrus/default.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/base/users.nix b/base/users.nix index 1b1077f..1e9d845 100644 --- a/base/users.nix +++ b/base/users.nix @@ -19,6 +19,7 @@ in { "video" # for `light` permissions "docker" "wheel" # Enable ‘sudo’ for the user. + "libvirtd" ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index fc17a28..05355c7 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -84,6 +84,8 @@ }; virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; services = { tlp = { From 7f55cb5d1b2660461b659fb22acb9ba560519cb3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 Feb 2023 13:14:19 +0100 Subject: [PATCH 469/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/65c47ced082e3353113614f77b1bc18822dc731f' (2023-01-23) → 'github:nix-community/home-manager/29280978234b73423f4eb708cbb999295f76b42a' (2023-02-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cff83d5032a21aad4f69bf284e95b5f564f4a54e' (2023-02-05) → 'github:NixOS/nixpkgs/50c23cd4ff6c8344e0b4d438b027b3afabfe58dd' (2023-02-23) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dcd8873..a815848 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1674440933, - "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", + "lastModified": 1677284824, + "narHash": "sha256-I3gDxmGjyXdtOR5S8sIeCO8pT+5OR69f/g5EVoQUdsY=", "owner": "nix-community", "repo": "home-manager", - "rev": "65c47ced082e3353113614f77b1bc18822dc731f", + "rev": "29280978234b73423f4eb708cbb999295f76b42a", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1675600654, - "narHash": "sha256-ipsDTkzRq1CAl2g5tYd7ugjVMSKF6KLh9F+5Kso0lT0=", + "lastModified": 1677179781, + "narHash": "sha256-+peLp16ruWLuTFHo0ZUbLlS1/meS/+RsWQQ9bUAzOh8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cff83d5032a21aad4f69bf284e95b5f564f4a54e", + "rev": "50c23cd4ff6c8344e0b4d438b027b3afabfe58dd", "type": "github" }, "original": { From de311586e800b89c866e21aedc4bc927d2611a31 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 28 Feb 2023 13:41:13 +0100 Subject: [PATCH 470/904] base: programs: add `file` --- base/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/programs.nix b/base/programs.nix index a918598..3c5d4e4 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -22,6 +22,7 @@ # shell usage fd + file ripgrep sd tmux From 8d27afa424124d5362d1e5cbe2774d07e38c7489 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Mar 2023 16:04:20 +0100 Subject: [PATCH 471/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/29280978234b73423f4eb708cbb999295f76b42a' (2023-02-25) → 'github:nix-community/home-manager/86bb69b0b1e10d99a30c4352f230f03106dd0f8a' (2023-03-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/50c23cd4ff6c8344e0b4d438b027b3afabfe58dd' (2023-02-23) → 'github:NixOS/nixpkgs/47c003416297e4d59a5e3e7a8b15cdbdf5110560' (2023-03-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index a815848..391ddc6 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1677284824, - "narHash": "sha256-I3gDxmGjyXdtOR5S8sIeCO8pT+5OR69f/g5EVoQUdsY=", + "lastModified": 1677757546, + "narHash": "sha256-tA1ukoluctzLVyWRaKtD4KlTwgXbUsGB5vcyni1OJ9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "29280978234b73423f4eb708cbb999295f76b42a", + "rev": "86bb69b0b1e10d99a30c4352f230f03106dd0f8a", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1677179781, - "narHash": "sha256-+peLp16ruWLuTFHo0ZUbLlS1/meS/+RsWQQ9bUAzOh8=", + "lastModified": 1678072060, + "narHash": "sha256-6a9Tbjhir5HxDx4uw0u6Z+LHUfYf7tsT9QxF9FN/32w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50c23cd4ff6c8344e0b4d438b027b3afabfe58dd", + "rev": "47c003416297e4d59a5e3e7a8b15cdbdf5110560", "type": "github" }, "original": { From f58005a6897fd5e1ea9831df90363adb3a740b82 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Mar 2023 16:19:17 +0100 Subject: [PATCH 472/904] poseidon: bump vaultwarden wait for stable to catchup with latest release --- hosts/poseidon/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index eea84dd..d2509c9 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -58,6 +58,8 @@ in { my.networking.externalInterface = "eno1"; # List services that you want to enable: + services.vaultwarden.package = pkgs.unstable.vaultwarden; + services.vaultwarden.webVaultPackage = pkgs.unstable.vaultwarden-vault; my.services = { vaultwarden = { enable = true; From 4c9cfd609112611b7177a096492f0231a5c3d949 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Mar 2023 16:22:20 +0100 Subject: [PATCH 473/904] ci: bump cachix install-nix-action to v20 --- .github/workflows/cachix.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 91cb4ff..87851e7 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@v20 - name: Run alejandra run: nix run nixpkgs#alejandra -- --check . @@ -26,7 +26,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@v20 - uses: cachix/cachix-action@v12 with: @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@v20 - uses: cachix/cachix-action@v12 with: @@ -83,7 +83,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@v20 - uses: cachix/cachix-action@v12 with: From e69e866a8f6de510fefc1e911ef5b66ee64ec691 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Mar 2023 13:16:06 +0100 Subject: [PATCH 474/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288' (2022-10-15) → 'github:ryantm/agenix/03b51fe8e459a946c4b88dcfb6446e45efb2c24e' (2023-03-04) • Added input 'agenix/darwin': 'github:lnl7/nix-darwin/87b9d090ad39b25b2400029c64825fc2a8868943' (2023-01-09) • Added input 'agenix/darwin/nixpkgs': follows 'agenix/nixpkgs' • Updated input 'agenix/nixpkgs': 'github:NixOS/nixpkgs/4428e23312933a196724da2df7ab78eb5e67a88e' (2022-10-14) → 'github:NixOS/nixpkgs/a08d6979dd7c82c4cef0dcc6ac45ab16051c1169' (2023-03-01) • Updated input 'home-manager': 'github:nix-community/home-manager/86bb69b0b1e10d99a30c4352f230f03106dd0f8a' (2023-03-02) → 'github:nix-community/home-manager/b0be47978de5cfd729a79c3f57ace4c86364ff45' (2023-03-08) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/47c003416297e4d59a5e3e7a8b15cdbdf5110560' (2023-03-06) → 'github:NixOS/nixpkgs/824f886682fc893e6dbf27114e5001ebf2770ea1' (2023-03-10) --- flake.lock | 47 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 391ddc6..4b9339a 100644 --- a/flake.lock +++ b/flake.lock @@ -2,14 +2,15 @@ "nodes": { "agenix": { "inputs": { + "darwin": "darwin", "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1665870395, - "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", + "lastModified": 1677969766, + "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", "owner": "ryantm", "repo": "agenix", - "rev": "a630400067c6d03c9b3e0455347dc8559db14288", + "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", "type": "github" }, "original": { @@ -18,6 +19,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1653893745, @@ -42,11 +65,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1677757546, - "narHash": "sha256-tA1ukoluctzLVyWRaKtD4KlTwgXbUsGB5vcyni1OJ9I=", + "lastModified": 1678285456, + "narHash": "sha256-2rIk5OFGQmoFX1MWntKGPVCZvy5yQMX3ZCYz7i8+yb0=", "owner": "nix-community", "repo": "home-manager", - "rev": "86bb69b0b1e10d99a30c4352f230f03106dd0f8a", + "rev": "b0be47978de5cfd729a79c3f57ace4c86364ff45", "type": "github" }, "original": { @@ -74,11 +97,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665732960, - "narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=", + "lastModified": 1677676435, + "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4428e23312933a196724da2df7ab78eb5e67a88e", + "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", "type": "github" }, "original": { @@ -106,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1678072060, - "narHash": "sha256-6a9Tbjhir5HxDx4uw0u6Z+LHUfYf7tsT9QxF9FN/32w=", + "lastModified": 1678426640, + "narHash": "sha256-3Q4KN0XAXQT7YE3A8n3LzLtRNUCo0U++W3gl+5NhKHs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47c003416297e4d59a5e3e7a8b15cdbdf5110560", + "rev": "824f886682fc893e6dbf27114e5001ebf2770ea1", "type": "github" }, "original": { From 99cd1d316c12141ae844fc1f7c733c4472c39bce Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Mar 2023 13:17:24 +0100 Subject: [PATCH 475/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/f9b0bd5202a0df10856c9fe4cba0074aa0968047' (2022-12-14) → 'github:NixOS/nixpkgs/1e21dd61028bca1ed1d70a76bc8bd988ae366275' (2023-03-11) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4b9339a..44bc4a4 100644 --- a/flake.lock +++ b/flake.lock @@ -113,11 +113,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1671005503, - "narHash": "sha256-L5pMUoEAxmqwyAivNKvTcNhxL3xY58Zjh3XYtVO2LaQ=", + "lastModified": 1678510587, + "narHash": "sha256-Jb6/OsFlvUotDhs9Xtk/G5SLXCHsnVnVdn5trgSiNQA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f9b0bd5202a0df10856c9fe4cba0074aa0968047", + "rev": "1e21dd61028bca1ed1d70a76bc8bd988ae366275", "type": "github" }, "original": { From 9d251ea460ad08240270945bcd200405d7dc1403 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Mar 2023 13:21:56 +0100 Subject: [PATCH 476/904] flake: nixosModule is deprecated --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 12d264d..90441e4 100644 --- a/flake.nix +++ b/flake.nix @@ -87,8 +87,8 @@ ++ builtins.attrValues self.overlays; sharedModules = [ - agenix.nixosModule - home-manager.nixosModule + agenix.nixosModules.default + home-manager.nixosModules.default {nixpkgs.overlays = shared_overlays;} ] ++ (nixpkgs.lib.attrValues self.nixosModules); From 097ec513e3e7148ea6a7fa727315c71588362c3f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Mar 2023 13:23:51 +0100 Subject: [PATCH 477/904] flake: overlay is deprecated --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 90441e4..fe78e43 100644 --- a/flake.nix +++ b/flake.nix @@ -82,7 +82,7 @@ }; }) - agenix.overlay + agenix.overlays.default ] ++ builtins.attrValues self.overlays; sharedModules = From 76cf4ed11ee8220d774c32e67ce534d34d353943 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Mar 2023 13:28:46 +0100 Subject: [PATCH 478/904] pkgs: spot: bump to 2.11.4 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 8c4418c..7e43d30 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.11.3"; + version = "2.11.4"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-wyyL5lzyLZQgxTPH51isWwgle+qmdJgPZHv7ZeaVM0M="; + sha256 = "sha256-keysYgKBnqHeRTSQLORX7G7sBXPXMFhNZJTQawvKoLQ="; }; } From 78c553e09d3298fd51821f5f736f254d887c45c9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 11 Mar 2023 13:33:06 +0100 Subject: [PATCH 479/904] ci: update nur-update URL --- .github/workflows/nur-update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nur-update.yaml b/.github/workflows/nur-update.yaml index 6319379..30b2deb 100644 --- a/.github/workflows/nur-update.yaml +++ b/.github/workflows/nur-update.yaml @@ -14,4 +14,4 @@ jobs: steps: - name: curl nur endpoint run: | - curl -XPOST https://nur-update.herokuapp.com/update?repo=alarsyo + curl -XPOST https://nur-update.nix-community.org/update?repo=alarsyo From c322c41007fb73048528dbed0403fdf04b338267 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 20 Mar 2023 18:08:00 +0100 Subject: [PATCH 480/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/b0be47978de5cfd729a79c3f57ace4c86364ff45' (2023-03-08) → 'github:nix-community/home-manager/9154cd519a8942728038819682d6b3ff33f321bb' (2023-03-17) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/824f886682fc893e6dbf27114e5001ebf2770ea1' (2023-03-10) → 'github:NixOS/nixpkgs/eac7da7b519a5aefe92c33c90b4450a24ebe0ab3' (2023-03-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 44bc4a4..9ba2a7b 100644 --- a/flake.lock +++ b/flake.lock @@ -65,11 +65,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1678285456, - "narHash": "sha256-2rIk5OFGQmoFX1MWntKGPVCZvy5yQMX3ZCYz7i8+yb0=", + "lastModified": 1679067101, + "narHash": "sha256-tMI1inGT9u4KWQml0w30dhWqQPlth1e9K/68sfDkEQA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0be47978de5cfd729a79c3f57ace4c86364ff45", + "rev": "9154cd519a8942728038819682d6b3ff33f321bb", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1678426640, - "narHash": "sha256-3Q4KN0XAXQT7YE3A8n3LzLtRNUCo0U++W3gl+5NhKHs=", + "lastModified": 1679224734, + "narHash": "sha256-1Ab3xY7Wgo1h1TNwRt6fp2XjV+KUo+hP1Bolh0KiDJs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "824f886682fc893e6dbf27114e5001ebf2770ea1", + "rev": "eac7da7b519a5aefe92c33c90b4450a24ebe0ab3", "type": "github" }, "original": { From 5d4e38d930c55d5200aa34ae6674414f5adfdf2a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 21 Mar 2023 10:52:49 +0100 Subject: [PATCH 481/904] poseidon: vaultwarden 1.27 is now in stable --- hosts/poseidon/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index d2509c9..ead5c0c 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -57,9 +57,6 @@ in { ]; my.networking.externalInterface = "eno1"; - # List services that you want to enable: - services.vaultwarden.package = pkgs.unstable.vaultwarden; - services.vaultwarden.webVaultPackage = pkgs.unstable.vaultwarden-vault; my.services = { vaultwarden = { enable = true; From 174c1e6e58834d153c03282ce4bc27f178c89e04 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Mar 2023 18:51:20 +0200 Subject: [PATCH 482/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/9154cd519a8942728038819682d6b3ff33f321bb' (2023-03-17) → 'github:nix-community/home-manager/83110c259889230b324bb2d35bef78bf5f214a1f' (2023-03-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/eac7da7b519a5aefe92c33c90b4450a24ebe0ab3' (2023-03-19) → 'github:NixOS/nixpkgs/da26ae9f6ce2c9ab380c0f394488892616fc5a6a' (2023-03-25) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9ba2a7b..c070d4f 100644 --- a/flake.lock +++ b/flake.lock @@ -65,11 +65,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1679067101, - "narHash": "sha256-tMI1inGT9u4KWQml0w30dhWqQPlth1e9K/68sfDkEQA=", + "lastModified": 1679738842, + "narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=", "owner": "nix-community", "repo": "home-manager", - "rev": "9154cd519a8942728038819682d6b3ff33f321bb", + "rev": "83110c259889230b324bb2d35bef78bf5f214a1f", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1679224734, - "narHash": "sha256-1Ab3xY7Wgo1h1TNwRt6fp2XjV+KUo+hP1Bolh0KiDJs=", + "lastModified": 1679748960, + "narHash": "sha256-BP8XcYHyj1NxQi04RpyNW8e7KiXSoI+Fy1tXIK2GfdA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eac7da7b519a5aefe92c33c90b4450a24ebe0ab3", + "rev": "da26ae9f6ce2c9ab380c0f394488892616fc5a6a", "type": "github" }, "original": { From abf73800ec0a77cdbfe72dd3d77f17d22759e27c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Mar 2023 12:40:44 +0200 Subject: [PATCH 483/904] base: add gimp plugins --- base/gui-programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index a37270d..51b0a40 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -52,7 +52,7 @@ in { feh firefox ffmpeg - gimp + gimp-with-plugins imagemagick mpv obs-studio From 1d0b9bd66ed6c2a78bcbd6f60bd9664d4621e78e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 3 Apr 2023 17:19:16 +0200 Subject: [PATCH 484/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/da26ae9f6ce2c9ab380c0f394488892616fc5a6a' (2023-03-25) → 'github:NixOS/nixpkgs/884e3b68be02ff9d61a042bc9bd9dd2a358f95da' (2023-04-01) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c070d4f..f4444c0 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1679748960, - "narHash": "sha256-BP8XcYHyj1NxQi04RpyNW8e7KiXSoI+Fy1tXIK2GfdA=", + "lastModified": 1680334310, + "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da26ae9f6ce2c9ab380c0f394488892616fc5a6a", + "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", "type": "github" }, "original": { From 10b238d6e30659d6a6755874a2f8dfdf632b80a2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Apr 2023 20:24:34 +0200 Subject: [PATCH 485/904] base: add xcolor to gui programs --- base/gui-programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 51b0a40..539b2bf 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -64,6 +64,7 @@ in { teams thunderbird virt-manager + xcolor zathura ; From a68ccdf7ab9653f238d2e8137a459987b98ab401 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 14 Apr 2023 09:25:09 +0200 Subject: [PATCH 486/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/83110c259889230b324bb2d35bef78bf5f214a1f' (2023-03-25) → 'github:nix-community/home-manager/f9edbedaf015013eb35f8caacbe0c9666bbc16af' (2023-04-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/884e3b68be02ff9d61a042bc9bd9dd2a358f95da' (2023-04-01) → 'github:NixOS/nixpkgs/87edbd74246ccdfa64503f334ed86fa04010bab9' (2023-04-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f4444c0..747a62e 100644 --- a/flake.lock +++ b/flake.lock @@ -65,11 +65,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1679738842, - "narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=", + "lastModified": 1681092193, + "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", "owner": "nix-community", "repo": "home-manager", - "rev": "83110c259889230b324bb2d35bef78bf5f214a1f", + "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1680334310, - "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", + "lastModified": 1681269223, + "narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", + "rev": "87edbd74246ccdfa64503f334ed86fa04010bab9", "type": "github" }, "original": { From 1891a440f403d39b7af3f87dfe9f1066dabcda23 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 26 Apr 2023 19:41:29 +0200 Subject: [PATCH 487/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/87edbd74246ccdfa64503f334ed86fa04010bab9' (2023-04-12) → 'github:NixOS/nixpkgs/60c0f762658916a4a5b5a36b3e06486f8301daf4' (2023-04-26) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 747a62e..69e52f2 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681269223, - "narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=", + "lastModified": 1682493015, + "narHash": "sha256-KiMOAe8u83QDF40Z25kWMkZbqr9U+mvjvEJy5Qvw0nw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87edbd74246ccdfa64503f334ed86fa04010bab9", + "rev": "60c0f762658916a4a5b5a36b3e06486f8301daf4", "type": "github" }, "original": { From c5aafbccd4a174e7d0a51153397d8135d6d14d92 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 27 Apr 2023 11:58:37 +0200 Subject: [PATCH 488/904] pkgs: spot: bump to 2.11.5 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 7e43d30..7d7df77 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.11.4"; + version = "2.11.5"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-keysYgKBnqHeRTSQLORX7G7sBXPXMFhNZJTQawvKoLQ="; + sha256 = "sha256-Os/VzREtAFdqwjS66zThxq34wDFV1M2pc+Yxesi9F3Q="; }; } From 32ae1de3a645e745075e4d1124512ea973a4e419 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 10 May 2023 14:27:19 +0200 Subject: [PATCH 489/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/60c0f762658916a4a5b5a36b3e06486f8301daf4' (2023-04-26) → 'github:NixOS/nixpkgs/a08e061a4ee8329747d54ddf1566d34c55c895eb' (2023-05-09) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 69e52f2..3b56908 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1682493015, - "narHash": "sha256-KiMOAe8u83QDF40Z25kWMkZbqr9U+mvjvEJy5Qvw0nw=", + "lastModified": 1683627095, + "narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "60c0f762658916a4a5b5a36b3e06486f8301daf4", + "rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb", "type": "github" }, "original": { From fdc3dfb1e6ac88c2133559c1fbca23243d351564 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 23 May 2023 14:35:36 +0200 Subject: [PATCH 490/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a08e061a4ee8329747d54ddf1566d34c55c895eb' (2023-05-09) → 'github:NixOS/nixpkgs/b0671cbf1e5c443f7fbfd4941ee0f8a151435114' (2023-05-21) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3b56908..f72f746 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1683627095, - "narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=", + "lastModified": 1684661732, + "narHash": "sha256-2/Xo/UmUUoMXc0T5tzoUsYjMLLMjEfzRWDAQB0WwtW0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb", + "rev": "b0671cbf1e5c443f7fbfd4941ee0f8a151435114", "type": "github" }, "original": { From f603634ec98f6ed1ba1fdee9a98a4ea58c27082c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Jun 2023 17:53:01 +0200 Subject: [PATCH 491/904] flake: bump to 23.05 --- flake.lock | 34 +++++++++------------------------- flake.nix | 4 ++-- 2 files changed, 11 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f72f746..fcf32c1 100644 --- a/flake.lock +++ b/flake.lock @@ -61,20 +61,19 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1681092193, - "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", + "lastModified": 1685599623, + "narHash": "sha256-Tob4CMOVHue0D3RzguDBCtUmX5ji2PsdbQDbIOIKvsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", + "rev": "93db05480c0c0f30382d3e80779e8386dcb4f9dd", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "home-manager", "type": "github" } @@ -129,16 +128,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1684661732, - "narHash": "sha256-2/Xo/UmUUoMXc0T5tzoUsYjMLLMjEfzRWDAQB0WwtW0=", + "lastModified": 1685533922, + "narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0671cbf1e5c443f7fbfd4941ee0f8a151435114", + "rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } @@ -152,21 +151,6 @@ "nixpkgs": "nixpkgs_2", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } - }, - "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fe78e43..3a918c3 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-22.11"; + ref = "nixos-23.05"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-22.11"; + ref = "release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From a7fdb7cebb774f87be12188e065e88e936806711 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Jun 2023 19:14:17 +0200 Subject: [PATCH 492/904] home: i3bar: adapt to v0.30 breaking changes --- home/x/i3.nix | 2 +- home/x/i3bar.nix | 38 +++++++++++++++++++------------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index 29f17b2..4c583df 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -47,7 +47,7 @@ in { config.xdg.configFile."i3status-rust/config-top.toml".target; in [ { - statusCommand = "i3status-rs ${barConfigPath}"; + statusCommand = "i3status-rs ~/${barConfigPath}"; position = "top"; fonts = { names = ["DejaVuSansMono" "FontAwesome6Free"]; diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index fc2ecd0..b9e77e0 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -52,46 +52,42 @@ in { bars = { top = { icons = "awesome5"; - theme = i3BarTheme.theme.name; - settings = i3BarTheme; + settings.theme = { + theme = i3BarTheme.theme.name; + overrides = i3BarTheme.theme.overrides; + }; blocks = [ { block = "pomodoro"; - length = 50; - break_length = 10; - notifier = "i3nag"; + notify_cmd = "i3nag"; + blocking_cmd = true; } { block = "disk_space"; path = "/"; - alias = "/"; info_type = "available"; - unit = "GB"; interval = 60; warning = 20.0; alert = 10.0; + alert_unit = "GB"; } { block = "memory"; - display_type = "memory"; - format_mem = "{mem_used;G}/{mem_total;G}"; + format = " $icon $mem_used.eng(prefix:G)/$mem_total.eng(prefix:G) "; warning_mem = 70.0; critical_mem = 90.0; - # don't show swap - clickable = false; } { block = "cpu"; interval = 1; - format = "{barchart}"; + format = " $icon $barchart "; } { block = "temperature"; - collapsed = false; interval = 10; - format = "{max}"; + format = " $icon $max "; chip = cfg.temperature.chip; inputs = cfg.temperature.inputs; } @@ -103,14 +99,18 @@ in { block = "net"; device = interface; interval = 1; - hide_inactive = true; + missing_format = ""; }) cfg.networking.throughput_interfaces) ) ++ [ { - block = "networkmanager"; - primary_only = true; + block = "net"; + format = " $icon $ip {SSID: $ssid|}"; + theme_overrides = { + idle_bg = {link = "good_bg";}; + idle_fg = {link = "good_fg";}; + }; } { block = "sound"; @@ -121,6 +121,7 @@ in { optional config.my.home.laptop.enable { block = "battery"; + format = " $icon $percentage ($power) "; } ) ++ [ @@ -130,8 +131,7 @@ in { { block = "time"; interval = 5; - format = "%a %d/%m %T"; - locale = "fr_FR"; + format = " $icon $timestamp.datetime(f:'%a %d/%m %T', l:fr_FR) "; timezone = "Europe/Paris"; } ]; From e237da22a62c05a18950b41e79249daa64e5c099 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Jun 2023 19:23:39 +0200 Subject: [PATCH 493/904] base: switch to new sshd settings format --- base/programs.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index 3c5d4e4..b9406bd 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -9,11 +9,11 @@ }; services.openssh = { - passwordAuthentication = false; - permitRootLogin = "no"; - extraConfig = '' - StreamLocalBindUnlink yes - ''; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + StreamLocalBindUnlink = true; + }; }; environment.systemPackages = builtins.attrValues { From 7131d6ed73bfaf30a1a9d17e680e5d125f192053 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Jun 2023 19:24:08 +0200 Subject: [PATCH 494/904] hosts: switch to new tmpfs setting name --- hosts/boreal/default.nix | 2 +- hosts/hades/default.nix | 2 +- hosts/zephyrus/default.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 45b7d44..c6d9c3f 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -22,7 +22,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.tmpOnTmpfs = true; + boot.tmp.useTmpfs = true; boot.supportedFilesystems = [ "btrfs" diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 5e446aa..5e16523 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -24,7 +24,7 @@ in { devices = ["/dev/sda" "/dev/sdb"]; }; - boot.tmpOnTmpfs = true; + boot.tmp.useTmpfs = true; networking.hostName = "hades"; # Define your hostname. networking.domain = "alarsyo.net"; diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix index 05355c7..4e1b423 100644 --- a/hosts/zephyrus/default.nix +++ b/hosts/zephyrus/default.nix @@ -20,7 +20,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.tmpOnTmpfs = true; + boot.tmp.useTmpfs = true; services.btrfs = { autoScrub = { From 5a87733a958c1d360131ff990ca4499c7d628dc5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Jun 2023 13:10:03 +0200 Subject: [PATCH 495/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d' (2023-05-31) → 'github:NixOS/nixpkgs/e7603eba51f2c7820c0a182c6bbb351181caa8e7' (2023-06-04) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fcf32c1..56950b9 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1685533922, - "narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=", + "lastModified": 1685865905, + "narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d", + "rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7", "type": "github" }, "original": { From c2cf932f596d13a660e65fa8de10d4f6f24faecb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Jun 2023 13:16:18 +0200 Subject: [PATCH 496/904] hosts: poseidon: remove deprecated grub version --- hosts/poseidon/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index ead5c0c..b06224d 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -19,7 +19,6 @@ in { # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; - boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only boot.supportedFilesystems = ["btrfs"]; From a79e0bfd217e6b60c9b38c5cc55d0510bfc6933f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Jun 2023 12:17:07 +0200 Subject: [PATCH 497/904] services: nextcloud: bump to 26 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index f1e67e4..9d34899 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -66,7 +66,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud25; + package = pkgs.nextcloud26; maxUploadSize = "1G"; From 7bd64222fc87795934fb2bce496cdc7494772086 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Jun 2023 12:20:52 +0200 Subject: [PATCH 498/904] services: gitea: new settings format --- services/gitea/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 6124fe7..21c9c43 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -52,14 +52,16 @@ in { services.gitea = { enable = true; user = giteaUser; - domain = "git.${domain}"; appName = "Personal Forge"; - rootUrl = "https://git.${domain}/"; - httpAddress = "127.0.0.1"; - httpPort = cfg.privatePort; lfs.enable = true; settings = { + server = { + ROOT_URL = "https://git.${domain}/"; + DOMAIN = "git.${domain}"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = cfg.privatePort; + }; log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ] other.SHOW_FOOTER_VERSION = false; repository = { From c1ce6e0f13587cddaee369a76eb5e9f4ce0f1ddf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jun 2023 13:28:21 +0200 Subject: [PATCH 499/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e7603eba51f2c7820c0a182c6bbb351181caa8e7' (2023-06-04) → 'github:NixOS/nixpkgs/d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2' (2023-06-10) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 56950b9..6c48929 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1685865905, - "narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=", + "lastModified": 1686431482, + "narHash": "sha256-oPVQ/0YP7yC2ztNsxvWLrV+f0NQ2QAwxbrZ+bgGydEM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7", + "rev": "d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2", "type": "github" }, "original": { From fd1bf1193a8717da65288a50bfd34c182b80e18e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Jun 2023 18:33:51 +0200 Subject: [PATCH 500/904] base: programs: switch to LLVM 16 --- base/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/programs.nix b/base/programs.nix index b9406bd..5d69fe2 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -62,7 +62,7 @@ ; inherit - (pkgs.llvmPackages_11) + (pkgs.llvmPackages_16) bintools clang ; From b500661ebff26b1fcc630dda8cd21b61f69ba60c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Jun 2023 17:37:35 +0200 Subject: [PATCH 501/904] base: install okular --- base/gui-programs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 539b2bf..a44d527 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -70,6 +70,8 @@ in { inherit (pkgs.gnome) nautilus; + inherit (pkgs.libsForQt5) okular; + discord = pkgs.discord.override {nss = pkgs.nss_latest;}; }; From fbb6c81ef2656f203fbba7909d8c3f26078d8973 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 26 Jun 2023 18:01:27 +0200 Subject: [PATCH 502/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/93db05480c0c0f30382d3e80779e8386dcb4f9dd' (2023-06-01) → 'github:nix-community/home-manager/6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4' (2023-06-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2' (2023-06-10) → 'github:NixOS/nixpkgs/35130d4b4f0b8c50ed2aceb909a538c66c91d4a0' (2023-06-25) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6c48929..d91dec9 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1685599623, - "narHash": "sha256-Tob4CMOVHue0D3RzguDBCtUmX5ji2PsdbQDbIOIKvsc=", + "lastModified": 1687647567, + "narHash": "sha256-Ua90LZYJO7/7KW/KK/AqijhIekd+wxPwbVKXuBYzJeQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "93db05480c0c0f30382d3e80779e8386dcb4f9dd", + "rev": "6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1686431482, - "narHash": "sha256-oPVQ/0YP7yC2ztNsxvWLrV+f0NQ2QAwxbrZ+bgGydEM=", + "lastModified": 1687729501, + "narHash": "sha256-mTLkMePoHUWvTCf3NuKbeYEea/tsikSIKBWwb9OfRr4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2", + "rev": "35130d4b4f0b8c50ed2aceb909a538c66c91d4a0", "type": "github" }, "original": { From 9b7977e5d582b47a9466a7b71d12bc85f63ef0a1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 11 Jul 2023 20:39:24 +0200 Subject: [PATCH 503/904] base: enable natural scrolling for touchpad --- base/gui-programs.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index a44d527..5d7b8f7 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -37,7 +37,12 @@ in { windowManager.i3.enable = true; layout = "fr"; xkbVariant = "us"; - libinput.enable = true; + libinput = { + enable = true; + touchpad = { + naturalScrolling = true; + }; + }; }; logind.lidSwitch = "ignore"; From e605a2a93be7e087d83e41e24c36a31ad2a8f52d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Jul 2023 15:16:59 +0200 Subject: [PATCH 504/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4' (2023-06-24) → 'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/35130d4b4f0b8c50ed2aceb909a538c66c91d4a0' (2023-06-25) → 'github:NixOS/nixpkgs/53657afe29748b3e462f1f892287b7e254c26d77' (2023-07-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d91dec9..1987e52 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1687647567, - "narHash": "sha256-Ua90LZYJO7/7KW/KK/AqijhIekd+wxPwbVKXuBYzJeQ=", + "lastModified": 1687871164, + "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", "owner": "nix-community", "repo": "home-manager", - "rev": "6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4", + "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1687729501, - "narHash": "sha256-mTLkMePoHUWvTCf3NuKbeYEea/tsikSIKBWwb9OfRr4=", + "lastModified": 1689605451, + "narHash": "sha256-u2qp2k9V1smCfk6rdUcgMKvBj3G9jVvaPHyeXinjN9E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "35130d4b4f0b8c50ed2aceb909a538c66c91d4a0", + "rev": "53657afe29748b3e462f1f892287b7e254c26d77", "type": "github" }, "original": { From c730a5e957462487b67a4385adfd6ddde2264180 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 22 Aug 2023 14:10:12 +0200 Subject: [PATCH 505/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27) → 'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/53657afe29748b3e462f1f892287b7e254c26d77' (2023-07-17) → 'github:NixOS/nixpkgs/475d5ae2c4cb87b904545bdb547af05681198fcc' (2023-08-20) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1987e52..cfc9bd0 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1687871164, - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", + "lastModified": 1692099905, + "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=", "owner": "nix-community", "repo": "home-manager", - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", + "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1689605451, - "narHash": "sha256-u2qp2k9V1smCfk6rdUcgMKvBj3G9jVvaPHyeXinjN9E=", + "lastModified": 1692525914, + "narHash": "sha256-MUgZ9/9mE/EbEQA6JPdcQHkjoR5fgvaKhpy6UO67uEc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53657afe29748b3e462f1f892287b7e254c26d77", + "rev": "475d5ae2c4cb87b904545bdb547af05681198fcc", "type": "github" }, "original": { From 657a0b94e72973dd625fa83a08ba82b36087ad23 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 22 Aug 2023 15:58:48 +0200 Subject: [PATCH 506/904] pkgs: spot: bump to 2.11.6 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 7d7df77..5aba50e 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.11.5"; + version = "2.11.6"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-Os/VzREtAFdqwjS66zThxq34wDFV1M2pc+Yxesi9F3Q="; + sha256 = "sha256-ppJ5T4nA2zlWulkZvdUxPjcuDeNAAKkCLynhxukcU4o="; }; } From 174cc9b72e0a20461d46f99994872e8846f5f84d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 28 Aug 2023 14:04:30 +0200 Subject: [PATCH 507/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f' (2023-08-15) → 'github:nix-community/home-manager/5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c' (2023-08-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/475d5ae2c4cb87b904545bdb547af05681198fcc' (2023-08-20) → 'github:NixOS/nixpkgs/ea5234e7073d5f44728c499192544a84244bf35a' (2023-08-28) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index cfc9bd0..95eb3e2 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1692099905, - "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=", + "lastModified": 1693208669, + "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f", + "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1692525914, - "narHash": "sha256-MUgZ9/9mE/EbEQA6JPdcQHkjoR5fgvaKhpy6UO67uEc=", + "lastModified": 1693183237, + "narHash": "sha256-c7OtyBkZ/vZE/WosBpRGRtkbWZjDHGJP7fg1FyB9Dsc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "475d5ae2c4cb87b904545bdb547af05681198fcc", + "rev": "ea5234e7073d5f44728c499192544a84244bf35a", "type": "github" }, "original": { From 2c28a64682cd146a289bd3cc33722470fd354c84 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Aug 2023 11:42:04 +0200 Subject: [PATCH 508/904] services: paperless: give more workers --- services/paperless.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/paperless.nix b/services/paperless.nix index 8a4bd15..e68d778 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -65,6 +65,9 @@ in { PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = "alarsyo"; + + PAPERLESS_TASK_WORKERS = 3; + PAPERLESS_THREADS_PER_WORKER = 4; }; }; From 48cf1265e39808ee80054dc9c294b6e48b66179b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Aug 2023 11:43:24 +0200 Subject: [PATCH 509/904] services: paperless: update deprecated ocr setting --- services/paperless.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/paperless.nix b/services/paperless.nix index e68d778..f2ecf66 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -60,7 +60,8 @@ in { PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; PAPERLESS_OCR_LANGUAGE = "fra+eng"; - PAPERLESS_OCR_MODE = "skip_noarchive"; + PAPERLESS_OCR_MODE = "skip"; + PAPERLESS_OCR_SKIP_ARCHIVE_FILE = "with_text"; PAPERLESS_TIME_ZONE = config.time.timeZone; From 2423f9a473ea1d26755726ce9fcef1d59b487c6b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Sep 2023 13:34:41 +0200 Subject: [PATCH 510/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c' (2023-08-28) → 'github:nix-community/home-manager/07682fff75d41f18327a871088d20af2710d4744' (2023-09-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ea5234e7073d5f44728c499192544a84244bf35a' (2023-08-28) → 'github:NixOS/nixpkgs/55ac2a9d2024f15c56adf20da505b29659911da8' (2023-09-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 95eb3e2..8a1b6d2 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1693208669, - "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693183237, - "narHash": "sha256-c7OtyBkZ/vZE/WosBpRGRtkbWZjDHGJP7fg1FyB9Dsc=", + "lastModified": 1695272228, + "narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea5234e7073d5f44728c499192544a84244bf35a", + "rev": "55ac2a9d2024f15c56adf20da505b29659911da8", "type": "github" }, "original": { From e31a34719d6a90442a811407b56378d158bc1e25 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Sep 2023 13:35:35 +0200 Subject: [PATCH 511/904] hosts: add hephaestus --- flake.nix | 14 +++ hephaestus.nix | 23 ++++ hosts/hephaestus/default.nix | 98 ++++++++++++++++++ hosts/hephaestus/hardware-configuration.nix | 41 ++++++++ hosts/hephaestus/home.nix | 39 +++++++ hosts/hephaestus/secrets.nix | 20 ++++ modules/secrets/secrets.nix | 3 +- .../secrets/users/alarsyo-hashed-password.age | Bin 793 -> 926 bytes .../secrets/users/root-hashed-password.age | Bin 821 -> 909 bytes 9 files changed, 237 insertions(+), 1 deletion(-) create mode 100644 hephaestus.nix create mode 100644 hosts/hephaestus/default.nix create mode 100644 hosts/hephaestus/hardware-configuration.nix create mode 100644 hosts/hephaestus/home.nix create mode 100644 hosts/hephaestus/secrets.nix diff --git a/flake.nix b/flake.nix index 3a918c3..c9aada9 100644 --- a/flake.nix +++ b/flake.nix @@ -143,6 +143,20 @@ ] ++ sharedModules; }; + + hephaestus = nixpkgs.lib.nixosSystem rec { + inherit system; + modules = + [ + ./hephaestus.nix + + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-gpu-amd + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-ssd + ] + ++ sharedModules; + }; }; } // inputs.flake-utils.lib.eachDefaultSystem (system: { diff --git a/hephaestus.nix b/hephaestus.nix new file mode 100644 index 0000000..1bb452a --- /dev/null +++ b/hephaestus.nix @@ -0,0 +1,23 @@ +{...}: { + imports = [ + # Default configuration + ./base + + # Module definitions + ./modules + + # Service definitions + ./services + + # Host-specific config + ./hosts/hephaestus + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix new file mode 100644 index 0000000..8611e1e --- /dev/null +++ b/hosts/hephaestus/default.nix @@ -0,0 +1,98 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./home.nix + ./secrets.nix + ]; + + boot.kernelPackages = pkgs.linuxPackages; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + boot.tmp.useTmpfs = true; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + + networking.hostName = "hephaestus"; # Define your hostname. + networking.domain = "alarsyo.net"; + + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # List services that you want to enable: + my.services = { + tailscale.enable = true; + pipewire.enable = true; + }; + + virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + + services = { + tlp = { + settings = { + START_CHARGE_THRESH_BAT0 = 70; + STOP_CHARGE_THRESH_BAT0 = 80; + }; + }; + fwupd.enable = true; + openssh.enable = true; + }; + + my.gui.enable = true; + my.displayManager.sddm.enable = lib.mkForce false; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + settings.General.Experimental = true; + }; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_NUMERIC = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + LC_TIME = "fr_FR.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + # Configure console keymap + console.keyMap = "us"; +} diff --git a/hosts/hephaestus/hardware-configuration.nix b/hosts/hephaestus/hardware-configuration.nix new file mode 100644 index 0000000..4a44055 --- /dev/null +++ b/hosts/hephaestus/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/826A-23F7"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix new file mode 100644 index 0000000..2b20617 --- /dev/null +++ b/hosts/hephaestus/home.nix @@ -0,0 +1,39 @@ +{ + config, + pkgs, + ... +}: { + home-manager.users.alarsyo = { + my.home.laptop.enable = true; + + # Keyboard settings & i3 settings + my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; + my.home.x.i3bar.temperature.inputs = ["Tccd1"]; + my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0"]; + my.home.emacs.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + + home.packages = builtins.attrValues { + inherit + (pkgs) + # some websites only work there :( + + chromium + darktable + # dev + + rustup + gdb + valgrind + arandr + zotero + ; + + inherit (pkgs.packages) spot; + + inherit (pkgs.wineWowPackages) stable; + }; + }; +} diff --git a/hosts/hephaestus/secrets.nix b/hosts/hephaestus/secrets.nix new file mode 100644 index 0000000..3fbc379 --- /dev/null +++ b/hosts/hephaestus/secrets.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 112685e..0accd18 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -4,10 +4,11 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; + hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; - machines = [boreal hades poseidon zephyrus]; + machines = [boreal hades hephaestus poseidon zephyrus]; all = users ++ machines; in { diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index f9a9f83c1edaf2939968fd91df928d4e88cebc77..1e7abbe3906d474d9d11daa02ec9c31a37944d9f 100644 GIT binary patch delta 838 zcmbQqHjjORPJL=hl3AI*SGr@md0}Wtakg=Jeu-g@ONc>wX<<=Dc9_3Op_z%fV~Ku5 zK37Cegn@a1zEM(TsZ&*WYLIbuhNr%hk*TS^iD!9MX1HsnziYa`nOAOAK9{bYLUD11 zZfc5=si~o*LP3N@rBS*bHSZ1)dZ+%v!XJB|*l1ENqc|@*bo{^Dh zMo?&pQE^x(mw#AtrmL%~sYOVzd3v^2m{E4HxoL)vL6vrHRi3`5WwKjjRG?+9Nt$yy zx^=;kx!M_y3dR{e>EZf5;elqEIVFY}ktrUuEFM}=DyhmsX5v1 zCR`?lIhLhWk!AX3MTstc!A|Z)Ngn1Ip+02>$&qf6W~RY883m=mNu@;|#S=e@hr7EP z8<|)b8|NmOrlnarYlrw52Nxz*m6eAZL`7v5IwhH!B^O&Hd1qzhb6Gg%r>9t!_!$-Z zS-1q}dV7VYl{#mpWd`|r7r2-^=b1VC_#{>Z8Wm<`PmX644>u~v@vU$QbxJBT4o-GW ziEzrxE-NX~FU$$hPI1?_(Dt`T_i%E~@Uh78XdDFe@=5yC~T=Oh3ue+ub9} zA|N;_G|J1+02Bl9i4KvK_8y_S=|!oD#io4|Lc3zZ0p?RpjlUr79mRq2CfOC3DdZu%jM{c1{ zPKB$Xd6IK7murrTX}*!8iIJs$qKQ+uTV8p3WLRFVS%8^=xmj39exQDqW09djVs?1` zx;GB!u^t6 zTs=~=3f+o*0`iJ8N`pOvD^tr-OCpVvytDN!ih^?sbF-a%xv~qqyz+xR{EaQWa*QiV z+&wZ)T&gNeOtQ+8ygjs?^j*!JjRM>w^BnU$(Ss@5DBUBgTp>I}KfT;1B|I!NFI+p& zD8IbEyvWDhC(AF5=IJqL#Jj|>r*EBNA&6mqRx!5wyAkr;NJKrcO$E485IVmH} zHK@ovJT%KyJFC3h-%VTJASl?cEFWZDYK*&`fpx5zZhBE_VsWZMjjB<4Uaq16mt~5v zv4L{NrdgnqMZI&0e@0OH(c7!M0-!2g}w>vgMm}&oXU&h{4Wd vd3V%8TkaH2;d&JAosfHr%k+35@1GapPCWWor&oKFU*ns7;)>6&!=}3c%uD|? diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age index 0eff2bd9fdc3617698476bd5896a0828f2e51559..b373fa4646a546a93df31bcc1316b51dd34535cc 100644 GIT binary patch delta 839 zcmdnW*2_LYr#{~#veY2hF`^>PsVv9BF~_;GFyBJo-9IhG$Su+$EVU}ssmR&W#iSy_ zfGfi}G1%D5*(tNYH@PggINLcW-`LqBRXfZ-wcIFQ+b1{2HNV8TLf^;4l}p!7p}06h zH#Nn`)YQ;Yp&-Jd(kNXaDxlKM(!@B>BcRkdKiJzMv_8MmKPn_SC8gLs$0yx5s3Ii9 zD9WS4%stD5D>%`@*(}t-6!$S3) zgH7_ie9Ll8eG5_o4FV#aEA#R!Qyio6463w~T}{pNBk~GOe2juZxm>)olglDK6GM!h zbNn2`Eqzl1k|V+$JuTd;N)ol*D=S?+Jwm)vEyElq$1zIOn;BVn__&6n;WKcx#p!98>W~Tdut~KWm!Z7mFfou=BHJK zJ30G$B$xSxx%im`7bNK?6=s72sa7|=C^fM-RUyVVDJDQ6TGiaQFeqO^Lm}NbAeSr1 zH#aG)s=mt6LE46A-NPvNg@P3B&=eB~xRNojVa?u8PMPk6pM_H17Hi|M(hBI|0Zj&3-{E~RsB z$yt`e;%Yj^8P);USc{kIM5=D;UfU!8wa|WoBB=%()~ttGLL*xhNzmyg1Rlz|F%nF(W59)T=BpC?em@Aj!|g zm#f0q*VHg0FTlW~q#)QW+_%yw(LX5EGAFGfD8)Ou#4M}0)Gaco$UVT>fJ@g-p}06h zH#Nn`)YQ;Yp&-Jd(kNY_BHX>Gs-o1f!ac*+N!ukk)GaS9JjKk?IXg2is8XBB z-X`uQRjKKQ#g4|2u4QKB1tv+_sc!CGAtiz6p_FZu?vYilps!sLR%)D?WuBN+>X=#N zpI@I9TAZ6@mJ*m~;%lJqX|C-R5>}F=U67jL%jM)7X6{jG65(rP8Wdg{Tpm%GQJUhR zAM70I8fk2%pOWRDU1aH|yy|ALhN4wD1ytpva%*EZ+-_4h+xZ8i#a*1k!axn2v)xgYU1wQhL$|D0mdjXKlkpFd734V%d8JN4I2o4<#fGh9l~sJCwP Xc_bZmBwJVc%Z4|*4~TD^cziklvy=`y From 30ab470de64ab3a40addc02e6b780a83a75d72b6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Sep 2023 13:35:44 +0200 Subject: [PATCH 512/904] base: gui: remove unused messaging clients --- base/gui-programs.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 5d7b8f7..da189b8 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -52,7 +52,6 @@ in { inherit (pkgs) chrysalis - element-desktop evince feh firefox @@ -62,8 +61,6 @@ in { mpv obs-studio pavucontrol - signal-desktop - slack spotify tdesktop teams From ed7357693ea189e36e7f848dce0927ed671d30f1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Sep 2023 17:19:49 +0200 Subject: [PATCH 513/904] hephaestus: make brightness configurable --- hosts/hephaestus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 8611e1e..1921cec 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -95,4 +95,6 @@ # Configure console keymap console.keyMap = "us"; + + programs.light.enable = true; } From b2105526512f73897932aeaaa4cb13fe44f4fa3e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 25 Sep 2023 15:50:30 +0200 Subject: [PATCH 514/904] hephaestus: run alejandra on config --- hosts/hephaestus/default.nix | 2 +- hosts/hephaestus/hardware-configuration.nix | 42 +++++++++++---------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 1921cec..fdf8125 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -71,7 +71,7 @@ settings.General.Experimental = true; }; - # Select internationalisation properties. + # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { diff --git a/hosts/hephaestus/hardware-configuration.nix b/hosts/hephaestus/hardware-configuration.nix index 4a44055..7a033a7 100644 --- a/hosts/hephaestus/hardware-configuration.nix +++ b/hosts/hephaestus/hardware-configuration.nix @@ -1,32 +1,36 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/826A-23F7"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/826A-23F7"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's From dd652a495a3be4c7ae68c78ae4eb0a84313e218a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Sep 2023 16:57:08 +0200 Subject: [PATCH 515/904] hephaestus: enable dunst --- hosts/hephaestus/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index 2b20617..3c4e9eb 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -15,6 +15,9 @@ my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + # TODO: place in global home conf + services.dunst.enable = true; + home.packages = builtins.attrValues { inherit (pkgs) From ff14a8a0a5fc03e7a0b1f8c3cf5d8997399952b5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Sep 2023 16:57:46 +0200 Subject: [PATCH 516/904] hephaestus: proper sensor config --- hosts/hephaestus/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index 3c4e9eb..21ab96c 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -9,7 +9,7 @@ # Keyboard settings & i3 settings my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; - my.home.x.i3bar.temperature.inputs = ["Tccd1"]; + my.home.x.i3bar.temperature.inputs = ["Tctl"]; my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0"]; my.home.emacs.enable = true; From 4ae6e9d5e90a0de337caf0a49d246c5544e62064 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Sep 2023 17:02:36 +0200 Subject: [PATCH 517/904] hephaestus: add dock interface to tp display --- hosts/hephaestus/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index 21ab96c..b33aa2a 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -10,7 +10,7 @@ my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = ["Tctl"]; - my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0"]; + my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"]; my.home.emacs.enable = true; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; From 3ffeed96fc88afc90f7af7faff7debc11a19abc5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Sep 2023 17:09:31 +0200 Subject: [PATCH 518/904] overlays: remove i3status-rust from overlays --- overlays/default.nix | 1 - overlays/i3status-rust/default.nix | 20 -------------------- 2 files changed, 21 deletions(-) delete mode 100644 overlays/i3status-rust/default.nix diff --git a/overlays/default.nix b/overlays/default.nix index 0ab200f..daf02d0 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,4 @@ { - i3status-rust = import ./i3status-rust; chrysalis = import ./chrysalis; hugin = import ./hugin; } diff --git a/overlays/i3status-rust/default.nix b/overlays/i3status-rust/default.nix deleted file mode 100644 index e3487ca..0000000 --- a/overlays/i3status-rust/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -final: prev: { - # overlay created because nixpkgs's `i3status-rust` depended on `notmuch`, and - # `notmuch`'s tests were briefly broken. the features I'm disabling, I don't - # need anyway: (at the time of writing) - # - # - notmuch - # - maildir - i3status-rust = prev.i3status-rust.overrideAttrs (oldAttrs: { - buildInputs = builtins.attrValues { - inherit - (final) - dbus - lm_sensors - openssl - pulseaudio - ; - }; - cargoBuildFeatures = ["pulseaudio"]; - }); -} From 715e31fa88060d84b0680c878512a1efa8a07cd8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Sep 2023 17:39:47 +0200 Subject: [PATCH 519/904] hephaestus: setup restic backups --- hosts/hephaestus/default.nix | 43 +++++++++++++++++++ hosts/hephaestus/secrets.nix | 3 ++ .../restic-backup/hephaestus-credentials.age | 9 ++++ .../restic-backup/hephaestus-password.age | 9 ++++ modules/secrets/secrets.nix | 2 + 5 files changed, 66 insertions(+) create mode 100644 modules/secrets/restic-backup/hephaestus-credentials.age create mode 100644 modules/secrets/restic-backup/hephaestus-password.age diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index fdf8125..e03ea08 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -45,6 +45,49 @@ my.services = { tailscale.enable = true; pipewire.enable = true; + + restic-backup = { + enable = true; + repo = "b2:hephaestus-backup"; + passwordFile = config.age.secrets."restic-backup/hephaestus-password".path; + environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path; + + timerConfig = { + OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day + }; + + paths = [ + "/home/alarsyo" + ]; + exclude = [ + "/home/alarsyo/Downloads" + + # Rust builds using half my storage capacity + "/home/alarsyo/**/target" + "/home/alarsyo/work/rust/build" + + # don't backup nixpkgs + "/home/alarsyo/work/nixpkgs" + + "/home/alarsyo/go" + + # C build crap + "*.a" + "*.o" + "*.so" + + ".direnv" + + # test vms + "*.qcow2" + + # secrets stay offline + "/home/alarsyo/**/secrets" + + # ignore all dotfiles as .config and .cache can become quite big + "/home/alarsyo/.*" + ]; + }; }; virtualisation.docker.enable = true; diff --git a/hosts/hephaestus/secrets.nix b/hosts/hephaestus/secrets.nix index 3fbc379..dc35e6d 100644 --- a/hosts/hephaestus/secrets.nix +++ b/hosts/hephaestus/secrets.nix @@ -13,6 +13,9 @@ // attrs; in lib.mapAttrs toSecret { + "restic-backup/hephaestus-credentials" = {}; + "restic-backup/hephaestus-password" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/restic-backup/hephaestus-credentials.age b/modules/secrets/restic-backup/hephaestus-credentials.age new file mode 100644 index 0000000..77a80ed --- /dev/null +++ b/modules/secrets/restic-backup/hephaestus-credentials.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk +xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E +-> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels +Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw +-> j-c8-grease +WeQ +--- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs +85|Qx_5': A?ڡ ؊oAx)rd!(Ѩ5~\Ld"^ZZ^V/5˕ݦa诲ḷo]O/Eue \ No newline at end of file diff --git a/modules/secrets/restic-backup/hephaestus-password.age b/modules/secrets/restic-backup/hephaestus-password.age new file mode 100644 index 0000000..3ed4290 --- /dev/null +++ b/modules/secrets/restic-backup/hephaestus-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c +Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro +-> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M +SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs +-> !!6BS-grease GsH7hĩے2cH^X_zv'!Zkš_0}Yoje<.^[q4pP \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 0accd18..9f9fc38 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -31,6 +31,8 @@ in { "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; + "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; + "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; From e36dff2de0b0454158de4d60d8013b37e3c56adc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 26 Sep 2023 17:40:39 +0200 Subject: [PATCH 520/904] ci: zephyrus is dead, long live hephaestus --- .github/workflows/cachix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 87851e7..7628346 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -77,8 +77,8 @@ jobs: name: - boreal - hades + - hephaestus - poseidon - - zephyrus steps: - uses: actions/checkout@v3 From ddfc121354b95beae8f6b73179ead126a178e7ce Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 28 Sep 2023 12:02:20 +0200 Subject: [PATCH 521/904] home: i3bar: ip may not be immediately available --- home/x/i3bar.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index b9e77e0..568ab91 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -106,7 +106,7 @@ in { ++ [ { block = "net"; - format = " $icon $ip {SSID: $ssid|}"; + format = " $icon {$ip SSID: $ssid|}"; theme_overrides = { idle_bg = {link = "good_bg";}; idle_fg = {link = "good_fg";}; From 8e13905c36c8cee2a37c01fb81b8412cc864a3a5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 29 Sep 2023 13:55:43 +0200 Subject: [PATCH 522/904] home: fish: adapt dock functions to new laptop --- home/fish/functions/dock.fish | 22 +++++++++++----------- home/fish/functions/undock.fish | 9 ++++----- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/home/fish/functions/dock.fish b/home/fish/functions/dock.fish index 326050b..50ba309 100644 --- a/home/fish/functions/dock.fish +++ b/home/fish/functions/dock.fish @@ -1,19 +1,19 @@ function dock xrandr \ - --output eDP-1 --mode 1920x1080 --pos 1920x0 --rotate normal \ - --output DP-1-1 --primary --mode 1920x1200 --pos 0x0 --rotate normal \ - --output DP-1-2 --off \ - --output DP-1-3 --off \ - --output DP-1 --off \ + --output eDP-1 --mode 1920x1080 --pos 1920x120 --rotate normal \ --output HDMI-1 --off \ + --output DP-1 --off \ --output DP-2 --off \ - --output HDMI-2 --off + --output DP-3 --off \ + --output DP-4 --primary --mode 1920x1200 --pos 0x0 --rotate normal \ + --output DP-5 --off \ + --output DP-6 --off - i3-msg -q '[workspace="1"]' move workspace to output DP-1-1 2>/dev/null - i3-msg -q '[workspace="2"]' move workspace to output DP-1-1 2>/dev/null - i3-msg -q '[workspace="3"]' move workspace to output DP-1-1 2>/dev/null - i3-msg -q '[workspace="4"]' move workspace to output DP-1-1 2>/dev/null - i3-msg -q '[workspace="10"]' move workspace to output DP-1-1 2>/dev/null + i3-msg -q '[workspace="1"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="2"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="3"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="4"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="10"]' move workspace to output DP-4 2>/dev/null i3-msg -q '[workspace="8"]' move workspace to output eDP-1 2>/dev/null i3-msg -q '[workspace="9"]' move workspace to output eDP-1 2>/dev/null diff --git a/home/fish/functions/undock.fish b/home/fish/functions/undock.fish index 89cafe6..c855cb7 100644 --- a/home/fish/functions/undock.fish +++ b/home/fish/functions/undock.fish @@ -1,11 +1,10 @@ function undock xrandr \ --output eDP-1 --primary --mode 1920x1080 --pos 0x0 --rotate normal \ - --output DP-1-1 --off \ - --output DP-1-2 --off \ - --output DP-1-3 --off \ - --output DP-1 --off \ --output HDMI-1 --off \ + --output DP-1 --off \ --output DP-2 --off \ - --output HDMI-2 --off + --output DP-3 --off \ + --output DP-4 --off \ + --output DP-5 --off end From 5c4ed7c8adfedc11e0cdf6a53e166a895e0a55f2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 29 Sep 2023 14:09:57 +0200 Subject: [PATCH 523/904] home: i3bar: show IP when on wired connection --- home/x/i3bar.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 568ab91..a5bd981 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -106,7 +106,7 @@ in { ++ [ { block = "net"; - format = " $icon {$ip SSID: $ssid|}"; + format = " $icon {$ip|} {SSID: $ssid|}"; theme_overrides = { idle_bg = {link = "good_bg";}; idle_fg = {link = "good_fg";}; From 45460ec4bc41b8c4bb56730702c7a83ba1351207 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 29 Sep 2023 17:26:00 +0200 Subject: [PATCH 524/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/0cab18a48de7914ef8cad35dca0bb36868f3e1af' (2022-06-01) → 'github:NixOS/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8a1b6d2..2be9d90 100644 --- a/flake.lock +++ b/flake.lock @@ -80,11 +80,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1654057797, - "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", + "lastModified": 1695887975, + "narHash": "sha256-u3+5FR12dI305jCMb0fJNQx2qwoQ54lv1tPoEWp0hmg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", + "rev": "adcfd6aa860d1d129055039696bc457af7d50d0e", "type": "github" }, "original": { From ad2f7cd27bb6c42d179a34ac2c311dc55683c6d7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 29 Sep 2023 17:28:16 +0200 Subject: [PATCH 525/904] hephaestus: don't need opencl --- hosts/hephaestus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index e03ea08..68f8901 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -14,6 +14,8 @@ ./secrets.nix ]; + hardware.amdgpu.opencl = false; + boot.kernelPackages = pkgs.linuxPackages; # Use the systemd-boot EFI boot loader. From ab7e7c737b4ce1f39344541d0531096159981460 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Oct 2023 16:51:52 +0200 Subject: [PATCH 526/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/55ac2a9d2024f15c56adf20da505b29659911da8' (2023-09-21) → 'github:NixOS/nixpkgs/bd1cde45c77891214131cbbea5b1203e485a9d51' (2023-10-11) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2be9d90..8bc63cf 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1695272228, - "narHash": "sha256-4uw2OdJPVyjdB+xcDst9SecrNIpxKXJ2usN3M5HVa7o=", + "lastModified": 1696983906, + "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55ac2a9d2024f15c56adf20da505b29659911da8", + "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51", "type": "github" }, "original": { From befcf0348e63ded14d12eb81b21652d7fbaa9f59 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Oct 2023 16:58:36 +0200 Subject: [PATCH 527/904] base: remove teams from programs, marked insecure --- base/gui-programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index da189b8..31ee485 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -63,7 +63,6 @@ in { pavucontrol spotify tdesktop - teams thunderbird virt-manager xcolor From 4ac09c1fb4e9f3a769adc68c05bf0a764b4e2cc3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Oct 2023 13:41:51 +0200 Subject: [PATCH 528/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bd1cde45c77891214131cbbea5b1203e485a9d51' (2023-10-11) → 'github:NixOS/nixpkgs/80c1aab725151632ddc2a20caeb914e76dd0673c' (2023-10-18) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8bc63cf..9c2e1c5 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1696983906, - "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=", + "lastModified": 1697655685, + "narHash": "sha256-79Kuv+QdgsVc+rkibuAgWHnh8IXrLBTOKg5nM0Qvux0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51", + "rev": "80c1aab725151632ddc2a20caeb914e76dd0673c", "type": "github" }, "original": { From bfd439a2c491eecd3884e968acde4a691de3ca74 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 25 Oct 2023 18:42:11 +0200 Subject: [PATCH 529/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/80c1aab725151632ddc2a20caeb914e76dd0673c' (2023-10-18) → 'github:NixOS/nixpkgs/b3ddf9649fdac7db15aeea95cb3114c13594d265' (2023-10-22) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9c2e1c5..d4256c8 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697655685, - "narHash": "sha256-79Kuv+QdgsVc+rkibuAgWHnh8IXrLBTOKg5nM0Qvux0=", + "lastModified": 1697957990, + "narHash": "sha256-LlyEQ4z1immaiZV+MQMUXM3KpNoRY/xZVm8mmN5j3yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80c1aab725151632ddc2a20caeb914e76dd0673c", + "rev": "b3ddf9649fdac7db15aeea95cb3114c13594d265", "type": "github" }, "original": { From c19bed53e491c365eeb8e0468c71537cade726af Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 9 Nov 2023 10:04:48 +0100 Subject: [PATCH 530/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b3ddf9649fdac7db15aeea95cb3114c13594d265' (2023-10-22) → 'github:NixOS/nixpkgs/41de143fda10e33be0f47eab2bfe08a50f234267' (2023-11-06) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d4256c8..423b329 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697957990, - "narHash": "sha256-LlyEQ4z1immaiZV+MQMUXM3KpNoRY/xZVm8mmN5j3yg=", + "lastModified": 1699291058, + "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3ddf9649fdac7db15aeea95cb3114c13594d265", + "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", "type": "github" }, "original": { From 4db861150af8f08684ffc1812d7d769395fe5a26 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 9 Nov 2023 11:24:20 +0100 Subject: [PATCH 531/904] flake: allow insecure zotero package marked insecure because of a chromium CVE --- flake.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index c9aada9..f89408f 100644 --- a/flake.nix +++ b/flake.nix @@ -89,7 +89,14 @@ [ agenix.nixosModules.default home-manager.nixosModules.default - {nixpkgs.overlays = shared_overlays;} + { + nixpkgs = { + overlays = shared_overlays; + config.permittedInsecurePackages = [ + "zotero-6.0.26" + ]; + }; + } ] ++ (nixpkgs.lib.attrValues self.nixosModules); in { From aa26fcd6111380896b7598cbb1a991a6c8f4da82 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 9 Nov 2023 11:25:11 +0100 Subject: [PATCH 532/904] overlays: remove chrysalis --- overlays/chrysalis/default.nix | 37 ---------------------------------- overlays/default.nix | 1 - 2 files changed, 38 deletions(-) delete mode 100644 overlays/chrysalis/default.nix diff --git a/overlays/chrysalis/default.nix b/overlays/chrysalis/default.nix deleted file mode 100644 index ab21b0e..0000000 --- a/overlays/chrysalis/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -final: prev: { - chrysalis = let - pname = "chrysalis"; - version = "0.12.0"; - name = "${pname}-${version}-binary"; - in - prev.appimageTools.wrapAppImage rec { - inherit name; - - src = prev.appimageTools.extract { - inherit name; - src = prev.fetchurl { - url = "https://github.com/keyboardio/${pname}/releases/download/v${version}/${pname}-${version}.AppImage"; - sha256 = "sha256-sQoEO1UII4Gbp7UbHCCyejsd94lkBbi93TH325EamFc="; - }; - }; - - multiPkgs = null; - extraPkgs = p: - (prev.appimageTools.defaultFhsEnvArgs.multiPkgs p) - ++ [ - p.glib - ]; - - # Also expose the udev rules here, so it can be used as: - # services.udev.packages = [ pkgs.chrysalis ]; - # to allow non-root modifications to the keyboards. - - extraInstallCommands = '' - mv $out/bin/${name} $out/bin/${pname} - mkdir -p $out/lib/udev/rules.d - ln -s \ - --target-directory=$out/lib/udev/rules.d \ - ${src}/resources/static/udev/60-kaleidoscope.rules - ''; - }; -} diff --git a/overlays/default.nix b/overlays/default.nix index daf02d0..a11d035 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,4 +1,3 @@ { - chrysalis = import ./chrysalis; hugin = import ./hugin; } From 1fa853989e8b97b809069937940e16f34e02ee9c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Nov 2023 15:14:39 +0100 Subject: [PATCH 533/904] home: fish: dock function changes --- home/fish/functions/dock.fish | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/home/fish/functions/dock.fish b/home/fish/functions/dock.fish index 50ba309..6b7a0e0 100644 --- a/home/fish/functions/dock.fish +++ b/home/fish/functions/dock.fish @@ -4,16 +4,15 @@ function dock --output HDMI-1 --off \ --output DP-1 --off \ --output DP-2 --off \ - --output DP-3 --off \ - --output DP-4 --primary --mode 1920x1200 --pos 0x0 --rotate normal \ - --output DP-5 --off \ - --output DP-6 --off + --output DP-3 --primary --mode 1920x1200 --pos 0x0 --rotate normal \ + --output DP-4 --off \ + --output DP-5 --off - i3-msg -q '[workspace="1"]' move workspace to output DP-4 2>/dev/null - i3-msg -q '[workspace="2"]' move workspace to output DP-4 2>/dev/null - i3-msg -q '[workspace="3"]' move workspace to output DP-4 2>/dev/null - i3-msg -q '[workspace="4"]' move workspace to output DP-4 2>/dev/null - i3-msg -q '[workspace="10"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="1"]' move workspace to output DP-3 2>/dev/null + i3-msg -q '[workspace="2"]' move workspace to output DP-3 2>/dev/null + i3-msg -q '[workspace="3"]' move workspace to output DP-3 2>/dev/null + i3-msg -q '[workspace="4"]' move workspace to output DP-3 2>/dev/null + i3-msg -q '[workspace="10"]' move workspace to output DP-3 2>/dev/null i3-msg -q '[workspace="8"]' move workspace to output eDP-1 2>/dev/null i3-msg -q '[workspace="9"]' move workspace to output eDP-1 2>/dev/null From 183b2c4de6c8b0834b62bcb453951f596df89055 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 10:39:28 +0100 Subject: [PATCH 534/904] hades: enable vaultwarden --- hosts/hades/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 5e16523..0c43bea 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -127,6 +127,12 @@ in { enable = true; username = "alarsyo"; }; + + vaultwarden = { + enable = true; + privatePort = 8081; + websocketPort = 3012; + }; }; services = { From 2825409d83e27be448231ecad165ba08484a6b42 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 10:56:04 +0100 Subject: [PATCH 535/904] services: vaultwarden: create database and user --- services/vaultwarden.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 43ffc85..14e4a16 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -41,6 +41,16 @@ in { config = mkIf cfg.enable { services.postgresql = { enable = true; + + ensureDatabases = ["vaultwarden"]; + ensureUsers = [ + { + name = "vaultwarden"; + ensurePermissions = { + "DATABASE vaultwarden" = "ALL PRIVILEGES"; + }; + } + ]; }; services.postgresqlBackup = { From 812405fbbda0d6f961d0b2755ded17605afa25da Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 11:18:19 +0100 Subject: [PATCH 536/904] poseidon: remove vaultwarden --- hosts/poseidon/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index b06224d..d5fabb3 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -57,12 +57,6 @@ in { my.networking.externalInterface = "eno1"; my.services = { - vaultwarden = { - enable = true; - privatePort = 8081; - websocketPort = 3012; - }; - restic-backup = { enable = true; repo = "b2:poseidon-backup"; From 67b81babf24fe03b33aa70d336c4c900010a9e2f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 11:23:36 +0100 Subject: [PATCH 537/904] hades: enable lohr --- hosts/hades/default.nix | 5 +++++ hosts/hades/secrets.nix | 2 ++ modules/secrets/lohr/shared-secret.age | 18 +++++++++--------- modules/secrets/secrets.nix | 2 +- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 0c43bea..1b54f72 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -66,6 +66,11 @@ in { enable = true; }; + lohr = { + enable = true; + port = 8083; + }; + matrix = { enable = true; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 40373ec..9f5b3c9 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -15,6 +15,8 @@ lib.mapAttrs toSecret { "gandi/api-key" = {}; + "lohr/shared-secret" = {}; + "matrix-synapse/secret-config" = { owner = "matrix-synapse"; }; diff --git a/modules/secrets/lohr/shared-secret.age b/modules/secrets/lohr/shared-secret.age index a9dc0f2..9765da2 100644 --- a/modules/secrets/lohr/shared-secret.age +++ b/modules/secrets/lohr/shared-secret.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 k2gHjw RKzmvlLJzkvoFfPW17H0oSnPk1SZziQxcMCqVQfyQ1A -0R5bcUYcqzJaUHWW0j3EgWnzlOvKmLOA7rIwEjEs+UI --> ssh-ed25519 z6Eu8Q dg3GZIAzPsuXVaV2uRtYNDN+RMBgKaYw4eux13IjQ00 -VJeVMuNxJHiJkwNY/8N9HQ+DTUzmOGPdDUoInlV+ScA --> cq?k-grease >>)4[\ _:DBA*P -LUtE0e0sxIay8ngpt5Y7jD9zNtZbiBTJGvVrzXE/vXOAPwu1e6sUigclYJ3H/wax -Hwnx5zPDSu1BG07dUZeaNQdUpS4l ---- xY+ulUElyTv6MG3VLtkPyrLxav+0C6ifdWfRO14YGl4 -udLr.iӪ9ۇXg9}TNq-E vou֛ȉcE]"ЮA1jZɭ@,wTۯ \ No newline at end of file +-> ssh-ed25519 k2gHjw R7jnkS7fFFSouPgvjrCnyfWNHOanOWKVUDp4Fd2xqFU +MdWD5E8dWfDHqFNTDCqOlyMhwpfEtqhlpnx3opft70w +-> ssh-ed25519 pX8y2g /CAWr94ucfxWKLWQPSQD2fl09TuUZELywWoZgHZS0AY +NeDHZc2ooKl2Bp0nAEY9P/Apdramb2TpHWpx0jkceyk +-> bzN-grease F &,%3jl~w &]8&d*N6 5UJ +58BUbsIwRkkUrNoSbgbMo/o1tKttXP2YWIJs9cbfXrT6XcO+Km0g90LPbYCmsqTZ +pr8TINM2Wd8RQw +--- 7K7sEw2zIWhuR3intlPGFipaVhHli+tWHqmyobRjLYo +oۄ[\lN/X:uN k{ me0A=,h_,4S&9h1/ypaz2рT,RU \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9f9fc38..524c4d8 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -14,7 +14,7 @@ let in { "gandi/api-key.age".publicKeys = [alarsyo hades poseidon]; - "lohr/shared-secret.age".publicKeys = [alarsyo poseidon]; + "lohr/shared-secret.age".publicKeys = [alarsyo hades]; "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; From a26349b6cdf762158e886ad4f177cf1521e9b4f6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 11:41:40 +0100 Subject: [PATCH 538/904] poseidon: remove lohr --- hosts/poseidon/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index d5fabb3..83c7069 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -68,11 +68,6 @@ in { enable = true; }; - lohr = { - enable = true; - port = 8083; - }; - tailscale = { enable = true; exitNode = true; From 96d553b33adfb9750660bcd8ad11861859b4a63a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 11:42:09 +0100 Subject: [PATCH 539/904] flake: format --- flake.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index f89408f..73ef6d6 100644 --- a/flake.nix +++ b/flake.nix @@ -91,11 +91,11 @@ home-manager.nixosModules.default { nixpkgs = { - overlays = shared_overlays; - config.permittedInsecurePackages = [ - "zotero-6.0.26" - ]; - }; + overlays = shared_overlays; + config.permittedInsecurePackages = [ + "zotero-6.0.26" + ]; + }; } ] ++ (nixpkgs.lib.attrValues self.nixosModules); From c75d51fb4440c08c9ec929b0fb41eb873a647ee2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 11:59:51 +0100 Subject: [PATCH 540/904] ci: bump install-nix-action --- .github/workflows/cachix.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 7628346..7c5f16d 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v23 - name: Run alejandra run: nix run nixpkgs#alejandra -- --check . @@ -26,7 +26,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v23 - uses: cachix/cachix-action@v12 with: @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v23 - uses: cachix/cachix-action@v12 with: @@ -83,7 +83,7 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v23 - uses: cachix/cachix-action@v12 with: From 3039f71dba1e9e75046ef7afc65c3db75e83f887 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 12:01:30 +0100 Subject: [PATCH 541/904] ci: bump checkout action to v4 --- .github/workflows/cachix.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 7c5f16d..6563e90 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -13,7 +13,7 @@ jobs: name: Format check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 @@ -24,7 +24,7 @@ jobs: name: Flake check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 @@ -53,7 +53,7 @@ jobs: - spot steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 @@ -81,7 +81,7 @@ jobs: - poseidon steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 From 513fec07588d5974fcbf91a99eb94cb04dc98f72 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 12:16:04 +0100 Subject: [PATCH 542/904] overlays: remove hugin --- overlays/default.nix | 1 - overlays/hugin/default.nix | 34 ---------------------------------- 2 files changed, 35 deletions(-) delete mode 100644 overlays/hugin/default.nix diff --git a/overlays/default.nix b/overlays/default.nix index a11d035..2c63c08 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,3 +1,2 @@ { - hugin = import ./hugin; } diff --git a/overlays/hugin/default.nix b/overlays/hugin/default.nix deleted file mode 100644 index f6f0209..0000000 --- a/overlays/hugin/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -final: prev: { - # hugin needs glew-egl since wxGTK30 upgrade: - # https://bugs.archlinux.org/task/75406 - hugin = prev.hugin.overrideAttrs (oldAttrs: { - buildInputs = with final; [ - boost - cairo - exiv2 - fftw - flann - gettext - glew - ilmbase - lcms2 - lensfun - libjpeg - libpng - libtiff - xorg.libX11 - xorg.libXi - xorg.libXmu - libGLU - libGL - openexr - panotools - sqlite - vigra - (wxGTK31.override { - withEGL = false; - }) - zlib - ]; - }); -} From c087caf46e146a4c9c165b09634135e892a5e98c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Nov 2023 13:19:09 +0100 Subject: [PATCH 543/904] services: postgresql: upgrade to 14 Followed https://nixos.org/manual/nixos/stable/#module-postgresql and everything seems to have gone just fine. --- services/postgresql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/postgresql.nix b/services/postgresql.nix index 9a37212..e336aa6 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -5,6 +5,6 @@ }: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { - package = pkgs.postgresql_13; + package = pkgs.postgresql_14; }; } From 007b08deee72b2f9b9210bedc3e3d19ac5c4bf36 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 23 Nov 2023 12:01:03 +0100 Subject: [PATCH 544/904] hephaestus: try fancy boot screen --- hosts/hephaestus/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 68f8901..f60ad04 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -22,6 +22,10 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.systemd.enable = true; + boot.plymouth.enable = true; + boot.kernelParams = ["quiet"]; + boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; From 953f45799cb1f946579e9950d5a7e052d771e23d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 23 Nov 2023 12:02:00 +0100 Subject: [PATCH 545/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/07682fff75d41f18327a871088d20af2710d4744' (2023-09-19) → 'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/41de143fda10e33be0f47eab2bfe08a50f234267' (2023-11-06) → 'github:NixOS/nixpkgs/f741f8a839912e272d7e87ccf4b9dbc6012cdaf9' (2023-11-20) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 423b329..3f699b0 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1700392168, + "narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1699291058, - "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", + "lastModified": 1700501263, + "narHash": "sha256-M0U063Ba2DKL4lMYI7XW13Rsk5tfUXnIYiAVa39AV/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", + "rev": "f741f8a839912e272d7e87ccf4b9dbc6012cdaf9", "type": "github" }, "original": { From ca33374bbc68566409fd545e3aebe5107ec583b9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Nov 2023 17:47:01 +0100 Subject: [PATCH 546/904] hephaestus: enable tlp for real --- hosts/hephaestus/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index f60ad04..679e719 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -102,6 +102,7 @@ services = { tlp = { + enable = true; settings = { START_CHARGE_THRESH_BAT0 = 70; STOP_CHARGE_THRESH_BAT0 = 80; @@ -141,6 +142,7 @@ # Enable the KDE Plasma Desktop Environment. services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; + services.power-profiles-daemon.enable = false; # Configure console keymap console.keyMap = "us"; From 298a564b9b16129d2fd5696089a2d447e789fbaf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Nov 2023 17:47:25 +0100 Subject: [PATCH 547/904] hephaestus: disable fancy boot screen --- hosts/hephaestus/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 679e719..a388fb6 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -22,9 +22,9 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.systemd.enable = true; - boot.plymouth.enable = true; - boot.kernelParams = ["quiet"]; + # boot.initrd.systemd.enable = true; + # boot.plymouth.enable = true; + # boot.kernelParams = ["quiet"]; boot.initrd.secrets = { "/crypto_keyfile.bin" = null; From 97e03b4493316e1671bb93b9a653d2d15635d6ae Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Nov 2023 01:26:52 +0100 Subject: [PATCH 548/904] hephaestus: edit some locale stuff --- hosts/hephaestus/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index a388fb6..f5cf2e4 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -130,10 +130,8 @@ LC_MEASUREMENT = "fr_FR.UTF-8"; LC_MONETARY = "fr_FR.UTF-8"; LC_NAME = "fr_FR.UTF-8"; - LC_NUMERIC = "fr_FR.UTF-8"; LC_PAPER = "fr_FR.UTF-8"; LC_TELEPHONE = "fr_FR.UTF-8"; - LC_TIME = "fr_FR.UTF-8"; }; # Enable the X11 windowing system. From c266a6005905b7f341c78b97aea2de44a787755e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Nov 2023 03:46:40 +0100 Subject: [PATCH 549/904] flake: bump NixOS to 23.11 --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 3f699b0..9ae8be3 100644 --- a/flake.lock +++ b/flake.lock @@ -64,16 +64,16 @@ ] }, "locked": { - "lastModified": 1700392168, - "narHash": "sha256-v5LprEFx3u4+1vmds9K0/i7sHjT0IYGs7u9v54iz/OA=", + "lastModified": 1700814205, + "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=", "owner": "nix-community", "repo": "home-manager", - "rev": "28535c3a34d79071f2ccb68671971ce0c0984d7e", + "rev": "aeb2232d7a32530d3448318790534d196bf9427a", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -128,16 +128,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1700501263, - "narHash": "sha256-M0U063Ba2DKL4lMYI7XW13Rsk5tfUXnIYiAVa39AV/0=", + "lastModified": 1701156937, + "narHash": "sha256-jpMJOFvOTejx211D8z/gz0ErRtQPy6RXxgD2ZB86mso=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f741f8a839912e272d7e87ccf4b9dbc6012cdaf9", + "rev": "7c4c20509c4363195841faa6c911777a134acdf3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 73ef6d6..21c4a5b 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-23.05"; + ref = "nixos-23.11"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-23.05"; + ref = "release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; From 45a252d17afe2088b8cf8a9b5b6a23eadb880002 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Nov 2023 03:47:24 +0100 Subject: [PATCH 550/904] home: firefox: remove deprecation warning the tridactyl-specific option was removed --- home/firefox.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/firefox.nix b/home/firefox.nix index c633f33..3411adf 100644 --- a/home/firefox.nix +++ b/home/firefox.nix @@ -20,9 +20,9 @@ in { programs.firefox = { enable = true; package = pkgs.firefox.override { - cfg = { - enableTridactylNative = true; - }; + nativeMessagingHosts = [ + pkgs.tridactyl-native + ]; }; }; }; From d199eaf7b2347feb41ac001d2bff909f23d37130 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Nov 2023 03:54:39 +0100 Subject: [PATCH 551/904] base: users: don't use deprecated passwordFile opt --- base/users.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/users.nix b/base/users.nix index 1e9d845..acbbc0d 100644 --- a/base/users.nix +++ b/base/users.nix @@ -8,10 +8,10 @@ in { users.mutableUsers = false; users.users.root = { - passwordFile = config.age.secrets."users/root-hashed-password".path; + hashedPasswordFile = config.age.secrets."users/root-hashed-password".path; }; users.users.alarsyo = { - passwordFile = config.age.secrets."users/alarsyo-hashed-password".path; + hashedPasswordFile = config.age.secrets."users/alarsyo-hashed-password".path; isNormalUser = true; extraGroups = [ "media" From 003d1c801dbf019ace7b5efdef3c9277bc3caee9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 Nov 2023 14:08:25 +0100 Subject: [PATCH 552/904] home: emacs: add mu4e to emacs packages 23.11 removed mu4e from the mu package --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 5853397..2bad59d 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -43,7 +43,7 @@ in { programs.emacs = { enable = true; package = pkgs.emacsNativeComp; - extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond]; + extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; }; }; } From 1bd88ce3dfda0bdbc0bec3ad6692ecd553e9a3e7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 09:20:13 +0100 Subject: [PATCH 553/904] services: nginx: use enable option conditional enabling caused circular dependencies somehow --- services/nginx.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/services/nginx.nix b/services/nginx.nix index d84425c..6781549 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -9,12 +9,19 @@ }: let inherit (lib) + mkEnableOption mkIf ; + + cfg = config.my.services.nginx; in { + options.my.services.nginx = { + enable = mkEnableOption "Nginx reverse proxy"; + }; + # Whenever something defines an nginx vhost, ensure that nginx defaults are # properly set. - config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != ["localhost"]) { + config = mkIf (cfg.enable) { services.nginx = { enable = true; statusPage = true; # For monitoring scraping. From d1b49fb8a5825c703db9dfb44656b65ae67e3558 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 09:20:44 +0100 Subject: [PATCH 554/904] hades: enable nginx module --- hosts/hades/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 1b54f72..deaa941 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -92,6 +92,8 @@ in { adminpassFile = config.age.secrets."nextcloud/admin-pass".path; }; + nginx.enable = true; + paperless = { enable = true; port = 8085; From f7490e5bad5f5ace72f0fb50db89e1a2d04be03f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 09:20:54 +0100 Subject: [PATCH 555/904] home: emacs: use socket activation --- home/emacs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/emacs.nix b/home/emacs.nix index 2bad59d..3e5325c 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -38,6 +38,7 @@ in { enable = true; # generate emacsclient desktop file client.enable = true; + socketActivation.enable = true; }; programs.emacs = { From 2b8341ea9c190cf83e2cbf9d34aa2e37b15f3783 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 09:31:24 +0100 Subject: [PATCH 556/904] services: fail2ban: migrate to new options --- services/fail2ban.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/services/fail2ban.nix b/services/fail2ban.nix index 0f368c4..6cb1bda 100644 --- a/services/fail2ban.nix +++ b/services/fail2ban.nix @@ -19,11 +19,9 @@ in { config = mkIf cfg.enable { services.fail2ban = { enable = true; + bantime = "6h"; bantime-increment.enable = true; - jails.DEFAULT = '' - bantime = 6h - findtime = 6h - ''; + jails.DEFAULT.settings.findtime = "6h"; }; }; } From f3d2d291c50f3ccf8e17c8e892e7d5b7369e4f1e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 09:41:12 +0100 Subject: [PATCH 557/904] services: gitea: adapt to 23.11 postgres changes --- services/gitea/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 21c9c43..8ac33b3 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -85,6 +85,9 @@ in { type = "postgres"; # user needs to be the same as gitea user user = giteaUser; + # FIXME: change database name to match 23.11 postgres changes around ensureDatabase + createDatabase = false; + socket = "/run/postgresql"; }; }; @@ -102,7 +105,7 @@ in { # NOTE: no need to use postgresql.ensureDatabases because the gitea module # takes care of this automatically services.postgresqlBackup = { - databases = ["gitea"]; + databases = [config.services.gitea.database.name]; }; services.nginx = { From 6e88cf1851db44836128473590119764e9caa512 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 09:41:25 +0100 Subject: [PATCH 558/904] services: nextcloud: remove deprecated option --- services/nextcloud.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 9d34899..3f964c2 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,8 +62,6 @@ in { services.nextcloud = { enable = true; - enableBrokenCiphersForSSE = false; - hostName = "cloud.${domain}"; https = true; package = pkgs.nextcloud26; From 7493e0fbac4b8fc7f8636fed8fbfa9e0952829b2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 10:20:03 +0100 Subject: [PATCH 559/904] services: nextcloud: upgrade to nextcloud 27 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 3f964c2..756c145 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -64,7 +64,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud26; + package = pkgs.nextcloud27; maxUploadSize = "1G"; From da89731feda8b35a7c88ddc612f38acd5114ad31 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 12:17:06 +0100 Subject: [PATCH 560/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7c4c20509c4363195841faa6c911777a134acdf3' (2023-11-28) → 'github:NixOS/nixpkgs/933d7dc155096e7575d207be6fb7792bc9f34f6d' (2023-12-02) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9ae8be3..764aa73 100644 --- a/flake.lock +++ b/flake.lock @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1701156937, - "narHash": "sha256-jpMJOFvOTejx211D8z/gz0ErRtQPy6RXxgD2ZB86mso=", + "lastModified": 1701539137, + "narHash": "sha256-nVO/5QYpf1GwjvtpXhyxx5M3U/WN0MwBro4Lsk+9mL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7c4c20509c4363195841faa6c911777a134acdf3", + "rev": "933d7dc155096e7575d207be6fb7792bc9f34f6d", "type": "github" }, "original": { From 172ca43383f7017930b9230bc5f55870363d96c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 12:37:37 +0100 Subject: [PATCH 561/904] home: rbw: start service with graphical session otherwise it needed to be restarted to have access to DISPLAY related env variables --- home/rbw.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/home/rbw.nix b/home/rbw.nix index 974226e..2c36d63 100644 --- a/home/rbw.nix +++ b/home/rbw.nix @@ -37,9 +37,13 @@ in { # This user service makes sure the rbw-agent is started when the user # session launches. systemd.user.services.rbw = { - Unit.Description = "rbw agent autostart"; + Unit = { + Description = "rbw agent autostart"; + After = "graphical-session.target"; + PartOf = "graphical-session.target"; + }; - Install.WantedBy = ["default.target"]; + Install.WantedBy = ["graphical-session.target"]; Service = { ExecStart = "${pkgs.rbw}/bin/rbw-agent"; From 0a6b9a92908f67dc0180d33696cc77c563fff9c0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 13:59:21 +0100 Subject: [PATCH 562/904] services: setup microbin service --- hosts/hades/default.nix | 6 ++ hosts/hades/secrets.nix | 2 + modules/secrets/microbin/secret-config.age | Bin 0 -> 522 bytes modules/secrets/secrets.nix | 2 + services/default.nix | 1 + services/microbin.nix | 82 +++++++++++++++++++++ 6 files changed, 93 insertions(+) create mode 100644 modules/secrets/microbin/secret-config.age create mode 100644 services/microbin.nix diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index deaa941..0cb891b 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -76,6 +76,12 @@ in { secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; }; + microbin = { + enable = true; + privatePort = 8088; + passwordFile = config.age.secrets."microbin/secret-config".path; + }; + miniflux = { enable = true; adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 9f5b3c9..23b2cdb 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -21,6 +21,8 @@ owner = "matrix-synapse"; }; + "microbin/secret-config" = {}; + "miniflux/admin-credentials" = {}; "nextcloud/admin-pass" = { diff --git a/modules/secrets/microbin/secret-config.age b/modules/secrets/microbin/secret-config.age new file mode 100644 index 0000000000000000000000000000000000000000..e8750049724605d4109bab269aa83e5506ab3e77 GIT binary patch literal 522 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%DpxQtE_L)Z za(7NO4hZzkN^#9gw3C|$uPH_*?-G2PwSE#1=C zBEUJRAT7l#)yLA<-?Y>_!re6^(6z8EG{`AA!k4Qo*+|=^*f%7!#66|7JUb}OFE1sx zAT-Ct*ex{6P~Xz9IIqAZwa`pk+Y@A)Rz!hos-~L1ZhBE_VsWZMrm?R>tf{s_Wt^TS zSGbd9zL%3_j)`Y+g`aV@M|OH?W@e?ffnk}kL19s31(&X_u0mO0mRV6sdTEH0TTWn! zXO@Y%Z;5fLd1{(tdbx?ec~XXXPPl7WMnz__FPGNh_m5N~ImIt6^Z)N}AM<(I7sJ=v zZ%Ii!n~}4m{h93t5lxXJzV-9xS_|r@-JN@hBi_8I z?x4h^>!)V03)DVJGV_*8Oqjm#_mWwwpSR|g{}GVNyW#P(GSkFz!TP>{MGv=HX!T89 zvB&u9Hu3rL6Y`Iih&vqFpC$9%Vb+cXE|FIbPCat4^wF&c` Date: Tue, 5 Dec 2023 15:57:02 +0100 Subject: [PATCH 563/904] services: gitea: change database name I've renamed the database by hand --- services/gitea/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 8ac33b3..06f9b7d 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -85,9 +85,7 @@ in { type = "postgres"; # user needs to be the same as gitea user user = giteaUser; - # FIXME: change database name to match 23.11 postgres changes around ensureDatabase - createDatabase = false; - socket = "/run/postgresql"; + name = giteaUser; }; }; From 78c16d680264a49f6779c196b996c84aa91c3940 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 16:00:25 +0100 Subject: [PATCH 564/904] services: remove usage of ensurePermissions Deprecated in favor of ensureDBOwnership --- services/matrix.nix | 2 +- services/nextcloud.nix | 4 +--- services/paperless.nix | 2 +- services/vaultwarden.nix | 4 +--- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/services/matrix.nix b/services/matrix.nix index 92a7b5c..3e8f00e 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -58,7 +58,7 @@ in { ensureUsers = [ { name = "matrix-synapse"; - ensurePermissions."DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 756c145..39e39c7 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -42,9 +42,7 @@ in { ensureUsers = [ { name = "nextcloud"; - ensurePermissions = { - "DATABASE ${dbName}" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; diff --git a/services/paperless.nix b/services/paperless.nix index f2ecf66..92bd8e4 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -92,7 +92,7 @@ in { ensureUsers = [ { name = "paperless"; - ensurePermissions."DATABASE paperless" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix index 14e4a16..17cede7 100644 --- a/services/vaultwarden.nix +++ b/services/vaultwarden.nix @@ -46,9 +46,7 @@ in { ensureUsers = [ { name = "vaultwarden"; - ensurePermissions = { - "DATABASE vaultwarden" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; From b08234bcc0fca8a97601833aeb283c2ec82f2a16 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Dec 2023 16:51:55 +0100 Subject: [PATCH 565/904] services: postgres: upgrade to 15 --- services/postgresql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/postgresql.nix b/services/postgresql.nix index e336aa6..1d39111 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -5,6 +5,6 @@ }: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { - package = pkgs.postgresql_14; + package = pkgs.postgresql_15; }; } From b904971b04866cd4f295e17c37f2df2859cd4d01 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Dec 2023 15:59:25 +0100 Subject: [PATCH 566/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24) → 'github:nix-community/home-manager/6761b8188b860f374b457eddfdb05c82eef9752f' (2023-12-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/933d7dc155096e7575d207be6fb7792bc9f34f6d' (2023-12-02) → 'github:NixOS/nixpkgs/b4372c4924d9182034066c823df76d6eaf1f4ec4' (2023-12-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 764aa73..fcdce90 100644 --- a/flake.lock +++ b/flake.lock @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1700814205, - "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=", + "lastModified": 1702195709, + "narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=", "owner": "nix-community", "repo": "home-manager", - "rev": "aeb2232d7a32530d3448318790534d196bf9427a", + "rev": "6761b8188b860f374b457eddfdb05c82eef9752f", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1701539137, - "narHash": "sha256-nVO/5QYpf1GwjvtpXhyxx5M3U/WN0MwBro4Lsk+9mL0=", + "lastModified": 1701952659, + "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "933d7dc155096e7575d207be6fb7792bc9f34f6d", + "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", "type": "github" }, "original": { From c2c4035d98cef8f8ed123d88be7e73efc818de9b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Dec 2023 16:41:18 +0100 Subject: [PATCH 567/904] flake: pin flake nixpkgs in system registry --- flake.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 21c4a5b..7d88315 100644 --- a/flake.nix +++ b/flake.nix @@ -60,9 +60,14 @@ home-manager.verbose = true; }; nix-path = { - nix.nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - ]; + nix = { + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + ]; + registry = { + nixpkgs.flake = inputs.nixpkgs; + }; + }; }; }; From 4816c69eb14c33ce19290741bbd3feb79859bcf2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 12:05:34 +0100 Subject: [PATCH 568/904] hosts: remove zephyrus --- flake.nix | 13 --- hosts/zephyrus/default.nix | 112 ---------------------- hosts/zephyrus/hardware-configuration.nix | 70 -------------- hosts/zephyrus/home.nix | 39 -------- hosts/zephyrus/secrets.nix | 23 ----- modules/secrets/secrets.nix | 5 +- zephyrus.nix | 23 ----- 7 files changed, 1 insertion(+), 284 deletions(-) delete mode 100644 hosts/zephyrus/default.nix delete mode 100644 hosts/zephyrus/hardware-configuration.nix delete mode 100644 hosts/zephyrus/home.nix delete mode 100644 hosts/zephyrus/secrets.nix delete mode 100644 zephyrus.nix diff --git a/flake.nix b/flake.nix index 7d88315..600b12c 100644 --- a/flake.nix +++ b/flake.nix @@ -143,19 +143,6 @@ ++ sharedModules; }; - zephyrus = nixpkgs.lib.nixosSystem rec { - inherit system; - modules = - [ - ./zephyrus.nix - - inputs.nixos-hardware.nixosModules.common-cpu-intel - inputs.nixos-hardware.nixosModules.common-pc-laptop - inputs.nixos-hardware.nixosModules.common-pc-ssd - ] - ++ sharedModules; - }; - hephaestus = nixpkgs.lib.nixosSystem rec { inherit system; modules = diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix deleted file mode 100644 index 4e1b423..0000000 --- a/hosts/zephyrus/default.nix +++ /dev/null @@ -1,112 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - lib, - pkgs, - ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./home.nix - ./secrets.nix - ]; - - boot.kernelPackages = pkgs.linuxPackages; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.tmp.useTmpfs = true; - - services.btrfs = { - autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - }; - - networking.hostName = "zephyrus"; # Define your hostname. - networking.domain = "alarsyo.net"; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # List services that you want to enable: - my.services = { - tailscale.enable = true; - - pipewire.enable = true; - - restic-backup = { - enable = true; - repo = "b2:zephyrus-backup"; - passwordFile = config.age.secrets."restic-backup/zephyrus-password".path; - environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path; - - timerConfig = { - OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day - }; - - paths = [ - "/home/alarsyo" - ]; - exclude = [ - "/home/alarsyo/Downloads" - - # Rust builds using half my storage capacity - "/home/alarsyo/**/target" - "/home/alarsyo/work/rust/build" - - # don't backup nixpkgs - "/home/alarsyo/work/nixpkgs" - - "/home/alarsyo/go" - - # C build crap - "*.a" - "*.o" - "*.so" - - # test vms - "*.qcow2" - - # secrets stay offline - "/home/alarsyo/**/secrets" - - # ignore all dotfiles as .config and .cache can become quite big - "/home/alarsyo/.*" - ]; - }; - }; - - virtualisation.docker.enable = true; - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - - services = { - tlp = { - settings = { - START_CHARGE_THRESH_BAT0 = 70; - STOP_CHARGE_THRESH_BAT0 = 80; - }; - }; - fwupd.enable = true; - openssh.enable = true; - }; - my.gui.enable = true; - - services.udev.packages = [pkgs.chrysalis]; - services.udisks2.enable = true; - - hardware.bluetooth = { - enable = true; - powerOnBoot = false; - settings.General.Experimental = true; - }; - - programs.light.enable = true; -} diff --git a/hosts/zephyrus/hardware-configuration.nix b/hosts/zephyrus/hardware-configuration.nix deleted file mode 100644 index d9e1c75..0000000 --- a/hosts/zephyrus/hardware-configuration.nix +++ /dev/null @@ -1,70 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: let - inherit - (lib) - mkDefault - ; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = ["subvol=@" "compress=zstd" "noatime"]; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297"; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = ["subvol=@home" "compress=zstd" "noatime"]; - neededForBoot = true; # agenix needs my key for some root secrets - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = ["subvol=@nix" "compress=zstd" "noatime"]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D9DA-F46C"; - fsType = "vfat"; - }; - - fileSystems."/swap" = { - device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642"; - fsType = "btrfs"; - options = ["subvol=@swap" "compress=zstd" "noatime"]; - }; - - swapDevices = [ - { - device = "/swap/swapfile"; - size = 1024 * 8; # half of RAM size - } - ]; - - powerManagement.cpuFreqGovernor = mkDefault "powersave"; - - hardware = { - enableRedistributableFirmware = true; - cpu.intel.updateMicrocode = true; - }; -} diff --git a/hosts/zephyrus/home.nix b/hosts/zephyrus/home.nix deleted file mode 100644 index ab33920..0000000 --- a/hosts/zephyrus/home.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - pkgs, - ... -}: { - home-manager.users.alarsyo = { - my.home.laptop.enable = true; - - # Keyboard settings & i3 settings - my.home.x.enable = true; - my.home.x.i3bar.temperature.chip = "coretemp-isa-*"; - my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"]; - my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"]; - my.home.emacs.enable = true; - - my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - - home.packages = builtins.attrValues { - inherit - (pkgs) - # some websites only work there :( - - chromium - darktable - # dev - - rustup - gdb - valgrind - arandr - zotero - ; - - inherit (pkgs.packages) spot; - - inherit (pkgs.wineWowPackages) stable; - }; - }; -} diff --git a/hosts/zephyrus/secrets.nix b/hosts/zephyrus/secrets.nix deleted file mode 100644 index 22afdfd..0000000 --- a/hosts/zephyrus/secrets.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - options, - ... -}: { - config.age = { - secrets = let - toSecret = name: {...} @ attrs: - { - file = ./../../modules/secrets + "/${name}.age"; - } - // attrs; - in - lib.mapAttrs toSecret { - "restic-backup/zephyrus-credentials" = {}; - "restic-backup/zephyrus-password" = {}; - - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; - }; -} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 3b4229f..cb0cb5e 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -6,9 +6,8 @@ let hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; - zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus"; - machines = [boreal hades hephaestus poseidon zephyrus]; + machines = [boreal hades hephaestus poseidon]; all = users ++ machines; in { @@ -37,8 +36,6 @@ in { "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; - "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; - "restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus]; "users/root-hashed-password.age".publicKeys = machines; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; diff --git a/zephyrus.nix b/zephyrus.nix deleted file mode 100644 index e818e48..0000000 --- a/zephyrus.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - imports = [ - # Default configuration - ./base - - # Module definitions - ./modules - - # Service definitions - ./services - - # Host-specific config - ./hosts/zephyrus - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? -} From d5239805a0b90ac18ce9bf716553e010019e930b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 12:08:18 +0100 Subject: [PATCH 569/904] hosts: remove poseidon --- flake.nix | 9 --- hosts/poseidon/default.nix | 84 ----------------------- hosts/poseidon/hardware-configuration.nix | 45 ------------ hosts/poseidon/home.nix | 5 -- hosts/poseidon/secrets.nix | 27 -------- modules/secrets/secrets.nix | 7 +- poseidon.nix | 23 ------- 7 files changed, 2 insertions(+), 198 deletions(-) delete mode 100644 hosts/poseidon/default.nix delete mode 100644 hosts/poseidon/hardware-configuration.nix delete mode 100644 hosts/poseidon/home.nix delete mode 100644 hosts/poseidon/secrets.nix delete mode 100644 poseidon.nix diff --git a/flake.nix b/flake.nix index 600b12c..9c829c1 100644 --- a/flake.nix +++ b/flake.nix @@ -105,15 +105,6 @@ ] ++ (nixpkgs.lib.attrValues self.nixosModules); in { - poseidon = nixpkgs.lib.nixosSystem rec { - inherit system; - modules = - [ - ./poseidon.nix - ] - ++ sharedModules; - }; - hades = nixpkgs.lib.nixosSystem rec { inherit system; modules = diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix deleted file mode 100644 index 83c7069..0000000 --- a/hosts/poseidon/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - lib, - pkgs, - ... -}: let - secrets = config.my.secrets; -in { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - - ./home.nix - ./secrets.nix - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - boot.supportedFilesystems = ["btrfs"]; - - services.btrfs = { - autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - }; - - networking.hostName = "poseidon"; # Define your hostname. - networking.domain = "alarsyo.net"; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.eno1.ipv4.addresses = [ - { - address = "163.172.11.110"; - prefixLength = 24; - } - ]; - networking.defaultGateway = { - address = "163.172.11.1"; - interface = "eno1"; - }; - networking.nameservers = [ - "62.210.16.6" - "62.210.16.7" - ]; - my.networking.externalInterface = "eno1"; - - my.services = { - restic-backup = { - enable = true; - repo = "b2:poseidon-backup"; - passwordFile = config.age.secrets."restic-backup/poseidon-password".path; - environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path; - }; - - fail2ban = { - enable = true; - }; - - tailscale = { - enable = true; - exitNode = true; - }; - }; - - services = { - openssh.enable = true; - vnstat.enable = true; - }; - - # Takes a long while to build - documentation.nixos.enable = false; -} diff --git a/hosts/poseidon/hardware-configuration.nix b/hosts/poseidon/hardware-configuration.nix deleted file mode 100644 index fd1d735..0000000 --- a/hosts/poseidon/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: let - inherit - (lib) - mkDefault - ; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["ahci" "usbhid"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989"; - fsType = "btrfs"; - options = [ - "subvol=@nixos" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";} - ]; - - powerManagement.cpuFreqGovernor = mkDefault "ondemand"; -} diff --git a/hosts/poseidon/home.nix b/hosts/poseidon/home.nix deleted file mode 100644 index 3bb7dab..0000000 --- a/hosts/poseidon/home.nix +++ /dev/null @@ -1,5 +0,0 @@ -{config, ...}: { - home-manager.users.alarsyo = { - my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - }; -} diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix deleted file mode 100644 index 238e7ea..0000000 --- a/hosts/poseidon/secrets.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - options, - ... -}: { - config.age = { - secrets = let - toSecret = name: {...} @ attrs: - { - file = ./../../modules/secrets + "/${name}.age"; - } - // attrs; - in - lib.mapAttrs toSecret { - "gandi/api-key" = {}; - - "lohr/shared-secret" = {}; - - "restic-backup/poseidon-credentials" = {}; - "restic-backup/poseidon-password" = {}; - - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; - }; -} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index cb0cb5e..28760e7 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -5,13 +5,12 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; - poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon"; - machines = [boreal hades hephaestus poseidon]; + machines = [boreal hades hephaestus]; all = users ++ machines; in { - "gandi/api-key.age".publicKeys = [alarsyo hades poseidon]; + "gandi/api-key.age".publicKeys = [alarsyo hades]; "lohr/shared-secret.age".publicKeys = [alarsyo hades]; @@ -34,8 +33,6 @@ in { "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; - "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; - "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "users/root-hashed-password.age".publicKeys = machines; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; diff --git a/poseidon.nix b/poseidon.nix deleted file mode 100644 index ecb36c6..0000000 --- a/poseidon.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - imports = [ - # Default configuration - ./base - - # Module definitions - ./modules - - # Service definitions - ./services - - # Host-specific config - ./hosts/poseidon - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? -} From c3fd5af18f2f92f39599cfe11339ba934c00705c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 17:29:54 +0100 Subject: [PATCH 570/904] hosts: add thanatos --- .github/workflows/cachix.yaml | 2 +- flake.lock | 38 ++++++++++++- flake.nix | 18 ++++++ hosts/thanatos/default.nix | 43 +++++++++++++++ hosts/thanatos/disko-configuration.nix | 52 ++++++++++++++++++ hosts/thanatos/hardware-configuration.nix | 29 ++++++++++ hosts/thanatos/home.nix | 5 ++ hosts/thanatos/secrets.nix | 20 +++++++ modules/secrets/secrets.nix | 5 +- .../secrets/users/alarsyo-hashed-password.age | 31 +++++------ .../secrets/users/root-hashed-password.age | Bin 909 -> 792 bytes thanatos.nix | 23 ++++++++ 12 files changed, 246 insertions(+), 20 deletions(-) create mode 100644 hosts/thanatos/default.nix create mode 100644 hosts/thanatos/disko-configuration.nix create mode 100644 hosts/thanatos/hardware-configuration.nix create mode 100644 hosts/thanatos/home.nix create mode 100644 hosts/thanatos/secrets.nix create mode 100644 thanatos.nix diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 6563e90..9b4646b 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -78,7 +78,7 @@ jobs: - boreal - hades - hephaestus - - poseidon + - thanatos steps: - uses: actions/checkout@v4 diff --git a/flake.lock b/flake.lock index fcdce90..38be2d0 100644 --- a/flake.lock +++ b/flake.lock @@ -41,6 +41,25 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1702479765, + "narHash": "sha256-wjNYsFhciYoJkZ/FBKvFj55k+vkLbu6C2qYQ7K+s8pI=", + "owner": "nix-community", + "repo": "disko", + "rev": "bd8fbc3f274288ac905bcea66bc2a5428abde458", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1653893745, @@ -127,6 +146,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1697915759, + "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1701952659, "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", @@ -145,10 +180,11 @@ "root": { "inputs": { "agenix": "agenix", + "disko": "disko", "flake-utils": "flake-utils", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } diff --git a/flake.nix b/flake.nix index 9c829c1..6675c5f 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,13 @@ repo = "nixos-hardware"; ref = "master"; }; + + disko = { + type = "github"; + owner = "nix-community"; + repo = "disko"; + ref = "master"; + }; }; outputs = { @@ -49,6 +56,7 @@ nixpkgs, home-manager, agenix, + disko, ... } @ inputs: { @@ -147,6 +155,16 @@ ] ++ sharedModules; }; + + thanatos = nixpkgs.lib.nixosSystem { + inherit system; + modules = + [ + disko.nixosModules.default + ./thanatos.nix + ] + ++ sharedModules; + }; }; } // inputs.flake-utils.lib.eachDefaultSystem (system: { diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix new file mode 100644 index 0000000..5a6711d --- /dev/null +++ b/hosts/thanatos/default.nix @@ -0,0 +1,43 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + lib, + pkgs, + ... +}: let + secrets = config.my.secrets; +in { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./disko-configuration.nix + ./home.nix + ./secrets.nix + ]; + + boot.loader.grub.enable = true; + boot.tmp.useTmpfs = true; + + networking.hostName = "thanatos"; # Define your hostname. + networking.domain = "lrde.epita.fr"; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # List services that you want to enable: + my.services = { + tailscale.enable = true; + }; + + services = { + openssh.enable = true; + }; + + virtualisation.docker.enable = true; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; +} diff --git a/hosts/thanatos/disko-configuration.nix b/hosts/thanatos/disko-configuration.nix new file mode 100644 index 0000000..23357cd --- /dev/null +++ b/hosts/thanatos/disko-configuration.nix @@ -0,0 +1,52 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/ata-CT250MX500SSD1_2301E69A20C4"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "8G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/thanatos/hardware-configuration.nix b/hosts/thanatos/hardware-configuration.nix new file mode 100644 index 0000000..f9e41a6 --- /dev/null +++ b/hosts/thanatos/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/thanatos/home.nix b/hosts/thanatos/home.nix new file mode 100644 index 0000000..3bb7dab --- /dev/null +++ b/hosts/thanatos/home.nix @@ -0,0 +1,5 @@ +{config, ...}: { + home-manager.users.alarsyo = { + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + }; +} diff --git a/hosts/thanatos/secrets.nix b/hosts/thanatos/secrets.nix new file mode 100644 index 0000000..3fbc379 --- /dev/null +++ b/hosts/thanatos/secrets.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 28760e7..9c042d0 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -5,8 +5,9 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; + thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades hephaestus]; + machines = [boreal hades hephaestus thanatos]; all = users ++ machines; in { @@ -34,6 +35,6 @@ in { "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; - "users/root-hashed-password.age".publicKeys = machines; + "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; } diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index 1e7abbe..38b12ac 100644 --- a/modules/secrets/users/alarsyo-hashed-password.age +++ b/modules/secrets/users/alarsyo-hashed-password.age @@ -1,17 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 YWMQkg edb6vOJgAg7qUtsk3wot1lDT0guqrhkVO4q647At/Xo -XlX07p/2byuBzWeR3khI/B255/4IwjiWEiOEgO6Jmzo --> ssh-ed25519 pX8y2g yn4fQ1E54ReKViSKMjyIQWfbHlqwXmAn225hRUt2sVU -OVciEEE58TS7gkJV2kS75hL0z+mzn/I9cFYZQ9m4fCg --> ssh-ed25519 SYm+hA 3hLgW/LWQ6ilt1hYdHsA6M4YvSkrQauES77Mk0elkG4 -41l9uzYv/6raDNSBGrbH7hULv0cYFY65SlhpuSburHs --> ssh-ed25519 z6Eu8Q GE324833mb5ff9C+TN3SqazvwW0ZZiqBb56cs8bKjho -8Aogd9tN2sN8DSmKJUfuCifiRMKpD7Cn6CLLazQ2qjk --> ssh-ed25519 ZQuVNA 2plMxBUBbv3ScEdXBnkvtt/qlP+dG/8+O8gHBChL8lI -1GpPm9oFARwDQfTT25isUZlGKn6BaanIQoiLDzlxzww --> ssh-ed25519 k2gHjw JlNEYLQixP7LEb0FJu5O54pu1B72WWsml5ELNcFESEc -r8QUuLhEEFyst0JeWd1jahkrcMV/b9KGHj8PSZUZJ10 --> _a@Yy?HU-grease /wJ2a` WIyE6 ewMVR h,D)T -wAOK28XvNSpz ---- hlIXSQ9X6OM5/uPv+3PMfkuIfiKWpkbdWNHed+q/Hr8 -{gh1Å\PyЯ@sHq8Jxw<翕kVħ T(N.;/)DWz{uNl%vކ50K0ͩnn8\kJOC7oً4cї \ No newline at end of file +-> ssh-ed25519 YWMQkg nA65XHF5xsaW5JPGfWYLDtCq0DQQpN6FBbbnDKL23BY +JyzLfx9QXRV4jXQWvsXMEO7Y9Maf6VAQZU0QiEyA0rs +-> ssh-ed25519 pX8y2g 0AuwR4Dv6bulcow+LOd6XsF/U+Ly8fQDIuHcksijCk4 +TXyxasso2OmK8RswWOk6oP7+q6iS2WTwYsy0CF07gtc +-> ssh-ed25519 SYm+hA coVEtWHcu5Zc17TuVLTzWe7RiXjJ53wjjRfLidwjUgg +fx5hl1hPiRxQLHIN2mrvB9tc+xMTwqHM1DXZY75s/MA +-> ssh-ed25519 6UUuZw 2bfWgdMEj+POlLejgzl3GZN1M3xt5Qoif9M2BwGV4QA +9pLL7KegernUFqbNklKDho5IRgw9VVZGaphgmcfnohQ +-> ssh-ed25519 k2gHjw yxVoANLjqXRU97oymWtIEr4ZQ9OVvlRsC2Y2jsvkJWY +Q37kBzgMyWkpcLO/3FFMtmDO16/17+i57DmALUDL/kE +-> >)/-grease VfMC'D<: eQJ #XT +OcrPfgaTtzKItA7HfjeBUc68U7ol1sewRCFKg0iAeSVT1jiv3/O7hkz5MbMAsuoi +D8hkNjdXn3TDBVc1OcIS2iX5xOdpvP3ePs6TgX9H +--- mAY7j62sU6rXvZu84PkvkMqZ5M139fV/RlJidRYCo9Q +Xb;\hJ #Ⱦ>3PzQ{J Xe3Q!5$|MD;KZS.XS?з1j)H[hkƫ|g= \ No newline at end of file diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age index b373fa4646a546a93df31bcc1316b51dd34535cc..0988a496e8a79da8fb6e050550452c058ffe7668 100644 GIT binary patch delta 741 zcmeBWpTRakr#@3#-y+gI*f+z#*Eq_cuq-MyDbF!Cs;bD`A~~mf$HS>C-6g#^C^988Dm=Y1xzx}*9LB`MNk z;z#lNfTREy%Zv=~5XVA)xAI7XAit7AgA%`}yxekUb0-6*aOY�ux^+*FXcV!u*KH zqTo{ZlJLL?Gq)T+&-5_o?DC*WQ;$^r;IK^NFpr|70FS`3f;0nkpO}S)mPVB;m=sjH zX6L#F2St`U8YhPadDo|emv~v0n|hlYRhkw075YU4C28lUR^+=oa)ml2np!&N1SFOi z7Uh@}={q@vdt{_08b&(#IAvBQ=6jUoM;4{$Wk+RXqg$74ll~zAmgQ_vmQiLN9tg6|sJ2))y(l%YIF-x8FgHD=(lsO3*P=W% zP}|EpAl0YLBPhuvqS!^dDm^FCG|1D$$fCF~C?hmD-#@}Qz=BIxS69JJ-=p5tvZT<= zv?wJf$eR#TGTB)&!WRk{~U(BMz5 z&kfYIYSUJ45M3JLotRx&akuj9;aA^8_2Q56nO>@UA8FS1s>MOl`_em>mqMo|Wqn;F w{gP#!#iVC9TRwX(P*-kPchNGu-A3fbPsVv9BF~_;GFyBJo-9IhG$Su+$EVU}ssmR&W#iSy_ zfGfi}G1%D5*(tNYH@PggINLcW-`LqBRXfZ-wcIFQ+b1{2HNV8TLf^;4l}p!7p}06h zH#Nn`)YQ;Yp&-Jd(kNXaDxlKM(!@B>BcRkdKiJzM)Gfc#KPn_SC8gLs$0yx5s3Ii9 zD9WS4%stD5D>%`@*(}t^_a>s0RpH!K-mRbZVgz7s7 zo8)`>mgSoI7Ni6k1k^`5SLWqerZ`6B8B}Q}yPBHkN8}Zn_!tF+a=CbECznNfCWaV0 z=lD5>Tl%I3Bu9ihdRn+wl_YArS5~@udW3kTT823mqgxjhSQ_T%s9An3Zg9n9k*zmtt&~Vq)yAofwp55fN0X z9~hXQRu%5#?CX(S<`?GTXA)eHq@Prn4fb8FZhBE_VsWZMjBip*fI_sYxo=@mzJi8A zx^X}*SCDURQdm`?vtzPFNP$J3QDv5+n?Z=Fg|mmLVOWK>TcBBKM6PMNOMSR;M0jR? zl~1ydQ;A!tueo1vre&r@uql^mO1WiNUanbCc7?f@Us{NlbEIjQU!HeHg>Pb*aejz% zQL?k4V^CS1Sz3@;T8@ilKwc7;uCA^^WrTKlaAZzUu&JMKsCHVmV|a$Yc}96qZe?PT zlc%qNWmQOWg`<9IVx})wX}#Sx=JM{BhEFXPeq>BxQ!7}g|8(v#!|uuFf|%6!PHw>{cN7XU)h?>y>9u+O?r~j>`L7WB_5yfe0A*Eyz&>*b4^9o)l?nb zaEx6_=iHLBEQiI_j5DkQuCW#`*NIf!)V;Px{%fKA1j~H_KbKcL`eCD7Tohlxm6!T> LhVPzdUo1la_%SAT diff --git a/thanatos.nix b/thanatos.nix new file mode 100644 index 0000000..e0c2c2d --- /dev/null +++ b/thanatos.nix @@ -0,0 +1,23 @@ +{...}: { + imports = [ + # Default configuration + ./base + + # Module definitions + ./modules + + # Service definitions + ./services + + # Host-specific config + ./hosts/thanatos + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} From f9c3ebc5c2a06204f3ce47e4ff4d3b0fe3fec3c9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 17:39:14 +0100 Subject: [PATCH 571/904] base: programs: enable tmux globally --- base/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/programs.nix b/base/programs.nix index 5d69fe2..60b9f8a 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -3,6 +3,7 @@ fish.enable = true; less.enable = true; mosh.enable = true; + tmux.enable = true; # setcap wrapper for network permissions bandwhich.enable = true; From 2a49eea1bfa9f59b7543e9ff2e176ae1df2e6580 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 17:39:30 +0100 Subject: [PATCH 572/904] base: programs: cleanup path --- base/programs.nix | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index 60b9f8a..0f82f19 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -22,11 +22,11 @@ (pkgs) # shell usage + bat fd file ripgrep sd - tmux tokei tree wget @@ -35,37 +35,24 @@ usbutils # development + agenix alejandra git git-crypt git-lfs gnumake gnupg - kakoune pinentry-qt python3 vim # terminal utilities - bottom dogdns du-dust htop ldns # drill - tealdeer unzip zip - # nix pkgs lookup - - nix-index - agenix - cachix - ; - - inherit - (pkgs.llvmPackages_16) - bintools - clang ; }; } From 89c861c9742ae70d09d13b6b2eaa27f40573efe6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 17:43:53 +0100 Subject: [PATCH 573/904] services: tailscale: refacto --- hosts/boreal/default.nix | 5 ++++- hosts/hades/default.nix | 2 +- hosts/hephaestus/default.nix | 6 +++++- hosts/thanatos/default.nix | 5 ++++- services/tailscale.nix | 22 +++++++++------------- 5 files changed, 23 insertions(+), 17 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index c6d9c3f..f820f69 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -75,7 +75,10 @@ pipewire.enable = true; - tailscale.enable = true; + tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; }; services = { diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 0cb891b..0e4191b 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -133,7 +133,7 @@ in { tailscale = { enable = true; - exitNode = true; + useRoutingFeatures = "server"; }; transmission = { diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index f5cf2e4..5d4cced 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -49,7 +49,11 @@ # List services that you want to enable: my.services = { - tailscale.enable = true; + tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + pipewire.enable = true; restic-backup = { diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix index 5a6711d..15cf5ce 100644 --- a/hosts/thanatos/default.nix +++ b/hosts/thanatos/default.nix @@ -28,7 +28,10 @@ in { # List services that you want to enable: my.services = { - tailscale.enable = true; + tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; }; services = { diff --git a/services/tailscale.nix b/services/tailscale.nix index 41fe9f8..b963b94 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -8,34 +8,30 @@ (lib) mkEnableOption mkIf + mkOption + types ; cfg = config.my.services.tailscale; in { options.my.services.tailscale = { enable = mkEnableOption "Tailscale"; - - # NOTE: still have to do `tailscale up --advertise-exit-node` - exitNode = mkEnableOption "Use as exit node"; + useRoutingFeatures = mkOption { + type = types.enum ["none" "client" "server" "both"]; + default = "none"; + }; }; config = mkIf cfg.enable { services.tailscale = { enable = true; package = pkgs.tailscale; + openFirewall = true; + useRoutingFeatures = cfg.useRoutingFeatures; }; networking.firewall = { - trustedInterfaces = ["tailscale0"]; - allowedUDPPorts = [config.services.tailscale.port]; - # needed for exit node usage - checkReversePath = mkIf (!cfg.exitNode) "loose"; - }; - - # enable IP forwarding to use as exit node - boot.kernel.sysctl = mkIf cfg.exitNode { - "net.ipv6.conf.all.forwarding" = true; - "net.ipv4.ip_forward" = true; + trustedInterfaces = [config.services.tailscale.interfaceName]; }; }; } From de09c23a639c7d214da426c105e47b5e513276e7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 17:44:22 +0100 Subject: [PATCH 574/904] flake: enable redistributable firmware --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 6675c5f..a9b8ed6 100644 --- a/flake.nix +++ b/flake.nix @@ -109,6 +109,7 @@ "zotero-6.0.26" ]; }; + hardware.enableRedistributableFirmware = true; } ] ++ (nixpkgs.lib.attrValues self.nixosModules); From eeb2f7fadfaad56e1b1c72aa7a728876a0dc919c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Dec 2023 17:44:58 +0100 Subject: [PATCH 575/904] flake: remove zotero from insecure packages --- flake.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index a9b8ed6..54c4d61 100644 --- a/flake.nix +++ b/flake.nix @@ -105,9 +105,7 @@ { nixpkgs = { overlays = shared_overlays; - config.permittedInsecurePackages = [ - "zotero-6.0.26" - ]; + config.permittedInsecurePackages = []; }; hardware.enableRedistributableFirmware = true; } From 5b5612390d2ac9d79e24ba089f274690166846cd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Dec 2023 13:45:10 +0100 Subject: [PATCH 576/904] home: ssh: thanatos config --- home/ssh.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/home/ssh.nix b/home/ssh.nix index 0959bef..2c1f9a6 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -34,12 +34,19 @@ in { in { boreal = addGPGAgentForwarding {hostname = "boreal.alarsyo.net";}; hades = addGPGAgentForwarding {hostname = "hades.alarsyo.net";}; - poseidon = addGPGAgentForwarding {hostname = "poseidon.alarsyo.net";}; + thanatos = addGPGAgentForwarding {hostname = "thanatos.alarsyo.net";}; pi = addGPGAgentForwarding { hostname = "pi.alarsyo.net"; user = "pi"; }; + "thanatos.lrde.epita.fr" = + lib.hm.dag.entryBefore ["*.lrde.epita.fr"] + (addGPGAgentForwarding { + hostname = "lee.lrde.epita.fr"; + user = "alarsyo"; + }); + "*.lrde.epita.fr" = { user = "amartin"; }; From 9442388ca68685a6f572ff758fa6b1997d5f481c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Dec 2023 22:40:29 +0100 Subject: [PATCH 577/904] services: immich: create --- services/default.nix | 1 + services/immich.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 services/immich.nix diff --git a/services/default.nix b/services/default.nix index 221159c..86d2fe6 100644 --- a/services/default.nix +++ b/services/default.nix @@ -4,6 +4,7 @@ ./fail2ban.nix ./fava.nix ./gitea + ./immich.nix ./jellyfin.nix ./lohr.nix ./matrix.nix diff --git a/services/immich.nix b/services/immich.nix new file mode 100644 index 0000000..507e48e --- /dev/null +++ b/services/immich.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.immich; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.immich = let + inherit (lib) types; + in { + enable = mkEnableOption "Immich config"; + + home = mkOption { + type = types.str; + default = "/var/lib/immich"; + example = "/var/lib/immich"; + description = "Home for the immich service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + example = 8080; + description = "Internal port for Immich webapp"; + }; + }; + + config = mkIf cfg.enable { + users.users.immich = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "immich"; + }; + users.groups.immich = {}; + + services.nginx.virtualHosts = { + "immich.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + + extraConfig = '' + proxy_connect_timeout 600; + proxy_read_timeout 600; + proxy_send_timeout 600; + client_max_body_size 100m; + access_log syslog:server=unix:/dev/log,tag=immich; + ''; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["immich.${domain}"]; + }; +} From 37df6b7a66d2d23cc7b2c209dc4e0842dc0ed114 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Dec 2023 22:40:47 +0100 Subject: [PATCH 578/904] hades: enable immich --- hosts/hades/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 0e4191b..4f4c02e 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -62,6 +62,11 @@ in { privatePort = 8082; }; + immich = { + enable = true; + port = 8089; + }; + jellyfin = { enable = true; }; From cf545bdb3c7a8b14eb46b6d893ea7906dc9237e3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 16 Dec 2023 14:17:20 +0100 Subject: [PATCH 579/904] services: immich: listen through tailscale only --- services/immich.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/services/immich.nix b/services/immich.nix index 507e48e..89e4721 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -51,6 +51,20 @@ in { forceSSL = true; useACMEHost = fqdn; + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.115.172.44"; + port = 443; + ssl = true; + } + { + addr = "100.115.172.44"; + port = 80; + ssl = false; + } + ]; + locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyWebsockets = true; From 818227f533b493dbf50406d1e779fc8d088a5eda Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Dec 2023 12:39:30 +0100 Subject: [PATCH 580/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/6761b8188b860f374b457eddfdb05c82eef9752f' (2023-12-10) → 'github:nix-community/home-manager/1488651d02c1a7a15e284210f0d380a62d8d8cef' (2023-12-17) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b4372c4924d9182034066c823df76d6eaf1f4ec4' (2023-12-07) → 'github:NixOS/nixpkgs/1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f' (2023-12-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 38be2d0..f1b2d93 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1702195709, - "narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=", + "lastModified": 1702814678, + "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=", "owner": "nix-community", "repo": "home-manager", - "rev": "6761b8188b860f374b457eddfdb05c82eef9752f", + "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1701952659, - "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", + "lastModified": 1702780907, + "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", + "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", "type": "github" }, "original": { From 69a0931550b1d29f25eabc7fbeb65948c6d73410 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Dec 2023 17:58:38 +0100 Subject: [PATCH 581/904] pkgs: add ansel to packages --- .github/workflows/cachix.yaml | 1 + pkgs/ansel/default.nix | 155 ++++++++++++++++++++++++++++++++++ pkgs/default.nix | 1 + 3 files changed, 157 insertions(+) create mode 100644 pkgs/ansel/default.nix diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 9b4646b..0a0e362 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -46,6 +46,7 @@ jobs: fail-fast: false matrix: name: + - ansel - grafanaDashboards/nginx - grafanaDashboards/node-exporter - kaleidoscope-udev-rules diff --git a/pkgs/ansel/default.nix b/pkgs/ansel/default.nix new file mode 100644 index 0000000..733590c --- /dev/null +++ b/pkgs/ansel/default.nix @@ -0,0 +1,155 @@ +{ + cmake, + colord, + colord-gtk, + curl, + dav1d, + desktop-file-utils, + exiftool, + exiv2, + fetchFromGitHub, + glib, + gmic, + graphicsmagick, + gtk3, + icu, + intltool, + isocodes, + jasper, + json-glib, + lcms, + lensfun, + lib, + libXdmcp, + libXtst, + libaom, + libavif, + libdatrie, + libde265, + libepoxy, + libffi, + libgcrypt, + libgpg-error, + libheif, + libjpeg, + libpsl, + librsvg, + libsecret, + libselinux, + libsepol, + libsoup, + libsysprof-capture, + libthai, + libwebp, + libxkbcommon, + libxml2, + libxslt, + llvmPackages, + openexr_3, + openjpeg, + osm-gps-map, + pcre, + pcre2, + perlPackages, + pkg-config, + pugixml, + python3Packages, + rav1e, + sqlite, + stdenv, + util-linux, + wrapGAppsHook, + x265, +}: +stdenv.mkDerivation { + pname = "ansel"; + version = "unstable-2023-12-15"; + + src = fetchFromGitHub { + owner = "aurelienpierreeng"; + repo = "ansel"; + rev = "53c609cd274b6b893ed10214ac6877941d1b486b"; + hash = "sha256-ed3rKdJRO+QQdn+C4DANoztXxtoMvHudBvJQogoaHT0="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + desktop-file-utils + exiftool + intltool + libxml2 + llvmPackages.clang + llvmPackages.llvm + pkg-config + perlPackages.perl + python3Packages.jsonschema + wrapGAppsHook + ]; + + buildInputs = [ + colord + colord-gtk + curl + dav1d + exiv2 + json-glib + glib + gmic + graphicsmagick + gtk3 + icu + isocodes + jasper + lcms + lensfun + libaom + libavif + libdatrie + libde265 + libepoxy + libffi + libgcrypt + libgpg-error + libheif + libjpeg + libpsl + librsvg + libsecret + libselinux + libsepol + libsoup + libsysprof-capture + libthai + libwebp + libXdmcp + libxkbcommon + libxslt + libXtst + openexr_3 + openjpeg + osm-gps-map + pcre + pcre2 + perlPackages.Po4a + pugixml + rav1e + sqlite + util-linux + x265 + ]; + + preFixup = '' + gappsWrapperArgs+=( + --prefix LD_LIBRARY_PATH ":" "$out/lib/ansel" + ) + ''; + + meta = { + description = "A darktable fork minus the bloat plus some design vision"; + homepage = "https://ansel.photos/"; + license = lib.licenses.gpl3Plus; + mainProgram = "ansel"; + platforms = lib.platforms.linux; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 19307a1..fc7fdd0 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,5 @@ {pkgs}: { + ansel = pkgs.callPackage ./ansel {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); From 213870b85df04ea13fb5cde701141ffe3b682d02 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Dec 2023 17:58:48 +0100 Subject: [PATCH 582/904] hephaestus: install ansel in home packages --- hosts/hephaestus/home.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index b33aa2a..3e0f454 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -34,7 +34,11 @@ zotero ; - inherit (pkgs.packages) spot; + inherit + (pkgs.packages) + ansel + spot + ; inherit (pkgs.wineWowPackages) stable; }; From 4d9c570572172200dfb9ad2aa82699a2961d1e9d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 4 Jan 2024 09:46:58 +0100 Subject: [PATCH 583/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/1488651d02c1a7a15e284210f0d380a62d8d8cef' (2023-12-17) → 'github:nix-community/home-manager/7e398b3d76bc1503171b1364c9d4a07ac06f3851' (2024-01-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f' (2023-12-17) → 'github:NixOS/nixpkgs/2d2ea8eab9e400618748ab1a6a108255233b602c' (2024-01-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f1b2d93..e7afbe4 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1702814678, - "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=", + "lastModified": 1704099619, + "narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=", "owner": "nix-community", "repo": "home-manager", - "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef", + "rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1702780907, - "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", + "lastModified": 1704145853, + "narHash": "sha256-G/1AMt9ibpeMlcxvD1vNaC8imGaK+g7zZ99e29BLgWw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", + "rev": "2d2ea8eab9e400618748ab1a6a108255233b602c", "type": "github" }, "original": { From 9cda33602337533f0c9889236daad58ba7561b63 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 4 Jan 2024 11:24:32 +0100 Subject: [PATCH 584/904] home: emacs: bump to v29 --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 3e5325c..47d3776 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -43,7 +43,7 @@ in { programs.emacs = { enable = true; - package = pkgs.emacsNativeComp; + package = pkgs.emacs29; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; }; }; From 6e2745f5316cec9a90313132031eae43936caf1b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Jan 2024 12:30:07 +0100 Subject: [PATCH 585/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/7e398b3d76bc1503171b1364c9d4a07ac06f3851' (2024-01-01) → 'github:nix-community/home-manager/924d91e1e4c802fd8e60279a022dbae5acb36f2d' (2024-01-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2d2ea8eab9e400618748ab1a6a108255233b602c' (2024-01-01) → 'github:NixOS/nixpkgs/b8dd8be3c790215716e7c12b247f45ca525867e2' (2024-01-15) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e7afbe4..f9de534 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1704099619, - "narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=", + "lastModified": 1705273357, + "narHash": "sha256-JAlkxgJbWh7+auiT0rJL3IUXXtkULRqygfxQA6mvLgc=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851", + "rev": "924d91e1e4c802fd8e60279a022dbae5acb36f2d", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1704145853, - "narHash": "sha256-G/1AMt9ibpeMlcxvD1vNaC8imGaK+g7zZ99e29BLgWw=", + "lastModified": 1705331948, + "narHash": "sha256-qjQXfvrAT1/RKDFAMdl8Hw3m4tLVvMCc8fMqzJv0pP4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d2ea8eab9e400618748ab1a6a108255233b602c", + "rev": "b8dd8be3c790215716e7c12b247f45ca525867e2", "type": "github" }, "original": { From faa04477913bc67f17a72ec802d2267200f7673f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Jan 2024 12:55:24 +0100 Subject: [PATCH 586/904] pkgs: ansel: bump --- pkgs/ansel/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/ansel/default.nix b/pkgs/ansel/default.nix index 733590c..43f5998 100644 --- a/pkgs/ansel/default.nix +++ b/pkgs/ansel/default.nix @@ -63,13 +63,13 @@ }: stdenv.mkDerivation { pname = "ansel"; - version = "unstable-2023-12-15"; + version = "unstable-2024-01-05"; src = fetchFromGitHub { owner = "aurelienpierreeng"; repo = "ansel"; - rev = "53c609cd274b6b893ed10214ac6877941d1b486b"; - hash = "sha256-ed3rKdJRO+QQdn+C4DANoztXxtoMvHudBvJQogoaHT0="; + rev = "e2c4a0a60cd80f741dd3d3c6ab72be9ac11234fb"; + hash = "sha256-Kg020MHy9fn1drCk+66f25twqczvD/5evutDODqOjYM="; fetchSubmodules = true; }; From 6305d176d2c9d1627612c90fdf8330abd16f9dd2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Jan 2024 14:39:37 +0100 Subject: [PATCH 587/904] home: ssh: update thanatos LRDE DNS name --- home/ssh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/ssh.nix b/home/ssh.nix index 2c1f9a6..12e11a2 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -43,7 +43,6 @@ in { "thanatos.lrde.epita.fr" = lib.hm.dag.entryBefore ["*.lrde.epita.fr"] (addGPGAgentForwarding { - hostname = "lee.lrde.epita.fr"; user = "alarsyo"; }); From fa70eaa673cb9135b7842a56450c36831ed20c4e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 22 Jan 2024 13:51:09 +0100 Subject: [PATCH 588/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/924d91e1e4c802fd8e60279a022dbae5acb36f2d' (2024-01-14) → 'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b8dd8be3c790215716e7c12b247f45ca525867e2' (2024-01-15) → 'github:NixOS/nixpkgs/1b64fc1287991a9cce717a01c1973ef86cb1af0b' (2024-01-20) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f9de534..3e218ca 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1705273357, - "narHash": "sha256-JAlkxgJbWh7+auiT0rJL3IUXXtkULRqygfxQA6mvLgc=", + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "924d91e1e4c802fd8e60279a022dbae5acb36f2d", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1705331948, - "narHash": "sha256-qjQXfvrAT1/RKDFAMdl8Hw3m4tLVvMCc8fMqzJv0pP4=", + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b8dd8be3c790215716e7c12b247f45ca525867e2", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", "type": "github" }, "original": { From 13612629efb9529b14a83956be1a6ca2b6df9ce3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 22 Jan 2024 14:05:22 +0100 Subject: [PATCH 589/904] home: tridactyl: blacklist calendar.google.com --- home/tridactylrc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/tridactylrc b/home/tridactylrc index 9c15b82..e3611ef 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -30,8 +30,9 @@ set editorcmd emacsclient -c " copy all the things set yankto both +blacklistadd calendar.google.com blacklistadd jellyfin.alarsyo.net +blacklistadd localhost blacklistadd netflix.com blacklistadd primevideo.com blacklistadd youtube.com -blacklistadd localhost From 5b7791ed31aae5b92de9fedc116460850a0a98b3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 29 Jan 2024 17:37:03 +0100 Subject: [PATCH 590/904] home: fish: update dock function --- home/fish/functions/dock.fish | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/home/fish/functions/dock.fish b/home/fish/functions/dock.fish index 6b7a0e0..fa97a4b 100644 --- a/home/fish/functions/dock.fish +++ b/home/fish/functions/dock.fish @@ -1,10 +1,11 @@ function dock xrandr \ - --output eDP-1 --mode 1920x1080 --pos 1920x120 --rotate normal \ + --output eDP-1 --mode 1920x1080 --pos 0x120 --rotate normal \ --output HDMI-1 --off \ --output DP-1 --off \ --output DP-2 --off \ - --output DP-3 --primary --mode 1920x1200 --pos 0x0 --rotate normal \ + --output DP-3 --primary --mode 1920x1200 --pos 1920x0 --rotate normal \ + --output DP-4 --mode 1920x1200 --pos 3840x0 --rotate normal \ --output DP-4 --off \ --output DP-5 --off @@ -12,8 +13,11 @@ function dock i3-msg -q '[workspace="2"]' move workspace to output DP-3 2>/dev/null i3-msg -q '[workspace="3"]' move workspace to output DP-3 2>/dev/null i3-msg -q '[workspace="4"]' move workspace to output DP-3 2>/dev/null - i3-msg -q '[workspace="10"]' move workspace to output DP-3 2>/dev/null + i3-msg -q '[workspace="5"]' move workspace to output DP-3 2>/dev/null - i3-msg -q '[workspace="8"]' move workspace to output eDP-1 2>/dev/null - i3-msg -q '[workspace="9"]' move workspace to output eDP-1 2>/dev/null + i3-msg -q '[workspace="7"]' move workspace to output eDP-1 2>/dev/null + + i3-msg -q '[workspace="8"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="9"]' move workspace to output DP-4 2>/dev/null + i3-msg -q '[workspace="10"]' move workspace to output DP-4 2>/dev/null end From e0ce6a780353f4edf109ac5d34f9c364fa1ac5cd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 30 Jan 2024 14:45:25 +0100 Subject: [PATCH 591/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1b64fc1287991a9cce717a01c1973ef86cb1af0b' (2024-01-20) → 'github:NixOS/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3e218ca..93320b5 100644 --- a/flake.lock +++ b/flake.lock @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1706373441, + "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", "type": "github" }, "original": { From c8ef03c40cf0964238356e03b6597c8d8981598b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Feb 2024 16:13:37 +0100 Subject: [PATCH 592/904] hephaestus: setup autorandr --- hosts/hephaestus/default.nix | 47 ++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 5d4cced..a315717 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -146,6 +146,53 @@ services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = false; + services.autorandr = { + enable = true; + profiles = { + default = { + fingerprint = { + "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; + }; + config = { + "eDP-1" = { + enable = true; + crtc = 0; + primary = true; + position = "0x0"; + mode = "1920x1080"; + }; + }; + }; + dock = { + fingerprint = { + "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; + "DP-3" = "00ffffffffffff0026cd0f610101010101190103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303530313030333630000000fd00324b1e4b11000a202020202020000000fc0058323438350a20202020202020008a"; + "DP-4" = "00ffffffffffff0026cd0f610101010108180103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303430383030333330000000fd00324b1e4b11000a202020202020000000fc0058323438350a202020202020200081"; + }; + config = { + "eDP-1" = { + enable = true; + primary = false; + position = "0x120"; + mode = "1920x1080"; + }; + "DP-3" = { + enable = true; + primary = true; + position = "1920x0"; + mode = "1920x1200"; + }; + "DP-4" = { + enable = true; + primary = false; + position = "3840x0"; + mode = "1920x1200"; + }; + }; + }; + }; + }; + # Configure console keymap console.keyMap = "us"; From 789392155ce2b3f9b61dadfa73fce5530af24d53 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Feb 2024 16:13:56 +0100 Subject: [PATCH 593/904] home: i3: setup default workspace outputs --- home/x/i3.nix | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index 4c583df..b41d0c3 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -143,6 +143,52 @@ in { ]; }; + # TODO: make it configurable per machine + workspaceOutputAssign = [ + { + workspace = "1"; + output = ["DP-3" "eDP-1"]; + } + { + workspace = "2"; + output = ["DP-3" "eDP-1"]; + } + { + workspace = "3"; + output = ["DP-3" "eDP-1"]; + } + { + workspace = "4"; + output = ["DP-3" "eDP-1"]; + } + { + workspace = "5"; + output = ["DP-3" "eDP-1"]; + } + + { + workspace = "6"; + output = ["eDP-1"]; + } + { + workspace = "7"; + output = ["eDP-1"]; + } + + { + workspace = "8"; + output = ["DP-4" "eDP-1"]; + } + { + workspace = "9"; + output = ["DP-4" "eDP-1"]; + } + { + workspace = "10"; + output = ["DP-4" "eDP-1"]; + } + ]; + window.commands = [ { command = "border pixel 2"; From a3687b008e0f602d60341dbc3b4aa54afb729c17 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Feb 2024 17:07:24 +0100 Subject: [PATCH 594/904] hephaestus: add closed lid dock config --- hosts/hephaestus/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index a315717..0a0f3bc 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -190,6 +190,26 @@ }; }; }; + dock-lid-closed = { + fingerprint = { + "DP-3" = "00ffffffffffff0026cd0f610101010101190103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303530313030333630000000fd00324b1e4b11000a202020202020000000fc0058323438350a20202020202020008a"; + "DP-4" = "00ffffffffffff0026cd0f610101010108180103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303430383030333330000000fd00324b1e4b11000a202020202020000000fc0058323438350a202020202020200081"; + }; + config = { + "DP-3" = { + enable = true; + primary = true; + position = "1920x0"; + mode = "1920x1200"; + }; + "DP-4" = { + enable = true; + primary = false; + position = "3840x0"; + mode = "1920x1200"; + }; + }; + }; }; }; From 39f44daabe1e2fc2f6ac7590023c0d08f5e46983 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Feb 2024 17:07:41 +0100 Subject: [PATCH 595/904] hephaestus: add lid-listener service for autorandr --- hosts/hephaestus/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 0a0f3bc..6c03c62 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -213,6 +213,30 @@ }; }; + systemd.services.autorandr-lid-listener = { + wantedBy = ["multi-user.target"]; + description = "Listening for lid events to invoke autorandr"; + + serviceConfig = { + Type = "simple"; + ExecStart = let + stdbufExe = lib.getExe' pkgs.coreutils "stdbuf"; + libinputExe = lib.getExe' pkgs.libinput "libinput"; + grepExe = lib.getExe pkgs.gnugrep; + autorandrExe = lib.getExe pkgs.autorandr; + in + pkgs.writeShellScript "lid-listener.sh" '' + ${stdbufExe} -oL ${libinputExe} debug-events | + ${grepExe} -E --line-buffered '^[[:space:]-]+event[0-9]+[[:space:]]+SWITCH_TOGGLE[[:space:]]' | + while read line; do + ${pkgs.systemd}/bin/systemctl start --no-block autorandr.service + done + ''; + Restart = "always"; + RestartSec = "30"; + }; + }; + # Configure console keymap console.keyMap = "us"; From 80ec02ec8175258ec2eff216121bfacd5baf403f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Feb 2024 17:25:13 +0100 Subject: [PATCH 596/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19) → 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27) → 'github:NixOS/nixpkgs/9f2ee8c91ac42da3ae6c6a1d21555f283458247e' (2024-02-05) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 93320b5..33e78a9 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1705659542, - "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", "type": "github" }, "original": { @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1706373441, - "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", + "lastModified": 1707091808, + "narHash": "sha256-LahKBAfGbY836gtpVNnWwBTIzN7yf/uYM/S0g393r0Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", + "rev": "9f2ee8c91ac42da3ae6c6a1d21555f283458247e", "type": "github" }, "original": { From 5181b26bd71dab57859c15f0c443621647a0feaa Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 6 Feb 2024 17:54:03 +0100 Subject: [PATCH 597/904] ci: update cachix actions --- .github/workflows/cachix.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 0a0e362..c88bece 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v23 + - uses: cachix/install-nix-action@v25 - name: Run alejandra run: nix run nixpkgs#alejandra -- --check . @@ -26,9 +26,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v23 + - uses: cachix/install-nix-action@v25 - - uses: cachix/cachix-action@v12 + - uses: cachix/cachix-action@v14 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -56,9 +56,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v23 + - uses: cachix/install-nix-action@v25 - - uses: cachix/cachix-action@v12 + - uses: cachix/cachix-action@v14 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -84,9 +84,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v23 + - uses: cachix/install-nix-action@v25 - - uses: cachix/cachix-action@v12 + - uses: cachix/cachix-action@v14 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From f002faacca2d3369c5b627a32040f353a12828ff Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Feb 2024 11:31:55 +0100 Subject: [PATCH 598/904] home: i3: shortcut to trigger autorandr Sometimes it doesn't fire automagically, let's make it easy to trigger it manually --- home/x/i3.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/x/i3.nix b/home/x/i3.nix index b41d0c3..aad17eb 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -115,6 +115,8 @@ in { "${modifier}+l" = "exec --no-startup-id betterlockscreen --lock"; "${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run"; + + "${modifier}+Shift+a" = ''exec --no-startup-id autorandr --change''; }; modes = let From 84c69b6d9030dd1e0d77b59847e9015343160ee7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 Feb 2024 16:17:06 +0100 Subject: [PATCH 599/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9f2ee8c91ac42da3ae6c6a1d21555f283458247e' (2024-02-05) → 'github:NixOS/nixpkgs/809cca784b9f72a5ad4b991e0e7bcf8890f9c3a6' (2024-02-11) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 33e78a9..92525ad 100644 --- a/flake.lock +++ b/flake.lock @@ -163,11 +163,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1707091808, - "narHash": "sha256-LahKBAfGbY836gtpVNnWwBTIzN7yf/uYM/S0g393r0Y=", + "lastModified": 1707650010, + "narHash": "sha256-dOhphIA4MGrH4ElNCy/OlwmN24MsnEqFjRR6+RY7jZw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f2ee8c91ac42da3ae6c6a1d21555f283458247e", + "rev": "809cca784b9f72a5ad4b991e0e7bcf8890f9c3a6", "type": "github" }, "original": { From fcd41088fd352bec143a5a368aac260d518408bc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Feb 2024 12:37:25 +0100 Subject: [PATCH 600/904] hephaestus: switch around DP-3 and DP-4 I moved desks and plugged them not how they used to be. Switching them here is easier than IRL. --- hosts/hephaestus/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 6c03c62..2c02611 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -178,14 +178,14 @@ }; "DP-3" = { enable = true; - primary = true; - position = "1920x0"; + primary = false; + position = "3840x0"; mode = "1920x1200"; }; "DP-4" = { enable = true; - primary = false; - position = "3840x0"; + primary = true; + position = "1920x0"; mode = "1920x1200"; }; }; @@ -198,14 +198,14 @@ config = { "DP-3" = { enable = true; - primary = true; - position = "1920x0"; + primary = false; + position = "3840x0"; mode = "1920x1200"; }; "DP-4" = { enable = true; - primary = false; - position = "3840x0"; + primary = true; + position = "1920x0"; mode = "1920x1200"; }; }; From 9d8d62f5c2362e75befc99f1ebb5dc88147f4a43 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Feb 2024 12:38:57 +0100 Subject: [PATCH 601/904] home: i3: switch around DP-3 and DP-4 I moved desks and plugged them not how they used to be. Switching them here is easier than IRL. --- home/x/i3.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index aad17eb..dfa56be 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -149,23 +149,23 @@ in { workspaceOutputAssign = [ { workspace = "1"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { workspace = "2"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { workspace = "3"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { workspace = "4"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { workspace = "5"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { @@ -179,15 +179,15 @@ in { { workspace = "8"; - output = ["DP-4" "eDP-1"]; + output = ["DP-3" "eDP-1"]; } { workspace = "9"; - output = ["DP-4" "eDP-1"]; + output = ["DP-3" "eDP-1"]; } { workspace = "10"; - output = ["DP-4" "eDP-1"]; + output = ["DP-3" "eDP-1"]; } ]; From 93f11656c7589229de407c9cc76852f760f495ae Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Feb 2024 13:27:03 +0100 Subject: [PATCH 602/904] hephaestus: switch 2-screen setup --- hosts/hephaestus/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 2c02611..afd21c3 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -199,13 +199,13 @@ "DP-3" = { enable = true; primary = false; - position = "3840x0"; + position = "1920x0"; mode = "1920x1200"; }; "DP-4" = { enable = true; primary = true; - position = "1920x0"; + position = "0x0"; mode = "1920x1200"; }; }; From b0821dd3f3f82870059cc136f1c8c86789060c52 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Feb 2024 13:08:05 +0100 Subject: [PATCH 603/904] home: git: disable maintenance prefetch task I don't want to get prompted for SSH credentials at random moments, and I don't think I need prefetch on any repositories (to be fair I don't think I need automated scheduled maintenance on any of my repositories, but hey, the option's there). --- home/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/git.nix b/home/git.nix index cf53348..11a57ae 100644 --- a/home/git.nix +++ b/home/git.nix @@ -35,6 +35,7 @@ in { init = {defaultBranch = "main";}; pull = {rebase = true;}; rerere = {enabled = true;}; + maintenance.prefetch.enabled = false; }; aliases = { From d9f54c15a7871873bce48c2c7e58c4088f2780c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 19 Feb 2024 16:47:58 +0100 Subject: [PATCH 604/904] screen upgrade! --- home/x/i3.nix | 12 +++++------ hosts/hephaestus/default.nix | 42 +++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/home/x/i3.nix b/home/x/i3.nix index dfa56be..665a237 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -157,15 +157,15 @@ in { } { workspace = "3"; - output = ["DP-4" "eDP-1"]; + output = ["DP-5" "eDP-1"]; } { workspace = "4"; - output = ["DP-4" "eDP-1"]; + output = ["DP-5" "eDP-1"]; } { workspace = "5"; - output = ["DP-4" "eDP-1"]; + output = ["DP-5" "eDP-1"]; } { @@ -179,15 +179,15 @@ in { { workspace = "8"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { workspace = "9"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } { workspace = "10"; - output = ["DP-3" "eDP-1"]; + output = ["DP-4" "eDP-1"]; } ]; diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index afd21c3..8eb7d45 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -166,47 +166,49 @@ dock = { fingerprint = { "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; - "DP-3" = "00ffffffffffff0026cd0f610101010101190103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303530313030333630000000fd00324b1e4b11000a202020202020000000fc0058323438350a20202020202020008a"; - "DP-4" = "00ffffffffffff0026cd0f610101010108180103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303430383030333330000000fd00324b1e4b11000a202020202020000000fc0058323438350a202020202020200081"; + "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; + "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; }; config = { "eDP-1" = { enable = true; primary = false; - position = "0x120"; + position = "3000x840"; mode = "1920x1080"; }; - "DP-3" = { - enable = true; - primary = false; - position = "3840x0"; - mode = "1920x1200"; - }; "DP-4" = { enable = true; primary = true; + position = "0x420"; + mode = "1920x1080"; + }; + "DP-5" = { + enable = true; + primary = false; position = "1920x0"; - mode = "1920x1200"; + mode = "1920x1080"; + rotate = "left"; }; }; }; dock-lid-closed = { fingerprint = { - "DP-3" = "00ffffffffffff0026cd0f610101010101190103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303530313030333630000000fd00324b1e4b11000a202020202020000000fc0058323438350a20202020202020008a"; - "DP-4" = "00ffffffffffff0026cd0f610101010108180103813420782a4ca5a7554da226105054adcf0031468180818c9500950fb300a940d1c0283c80a070b023403020360006442100001a000000ff0031313230303430383030333330000000fd00324b1e4b11000a202020202020000000fc0058323438350a202020202020200081"; + "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; + "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; }; config = { - "DP-3" = { - enable = true; - primary = false; - position = "1920x0"; - mode = "1920x1200"; - }; "DP-4" = { enable = true; primary = true; - position = "0x0"; - mode = "1920x1200"; + position = "0x420"; + mode = "1920x1080"; + }; + "DP-5" = { + enable = true; + primary = false; + position = "1920x0"; + mode = "1920x1080"; + rotate = "left"; }; }; }; From 692fa8cd209f9d4411ce90520c203cb9fef3898c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Feb 2024 18:36:59 +0100 Subject: [PATCH 605/904] home: i3bar: setup restic backup status "LED" --- home/x/i3bar.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index a5bd981..580b65e 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -91,6 +91,22 @@ in { chip = cfg.temperature.chip; inputs = cfg.temperature.inputs; } + { + block = "custom"; + # TODO: get service name programmatically somehow + command = let + systemctl = lib.getExe' pkgs.systemd "systemctl"; + in + pkgs.writeShellScript "check-restic.sh" '' + BACKUP_STATUS=Good + if ${systemctl} is-failed --quiet restic-backups-backblaze.service; then + BACKUP_STATUS=Critical + fi + echo "{\"state\": \"$BACKUP_STATUS\", \"text\": \"Backup\"}" + ''; + json = true; + interval = 60; + } ] ++ ( lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0) From b18652a73dfca5f1ba19b6b5f5c61387c04e8fd9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Feb 2024 16:34:22 +0100 Subject: [PATCH 606/904] home: tridactyl: disable redirection to old reddit --- home/tridactylrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/tridactylrc b/home/tridactylrc index e3611ef..7601c0e 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -19,7 +19,7 @@ bind , nohlsearch set findcase smart " New reddit is bad -autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") +" autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") " Orange site / Reddit / Lobste.rs specific hints to toggle comments bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"] From 09ed731496875c4bc547d290b2a2073a1dcc5936 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 01:56:35 +0100 Subject: [PATCH 607/904] hosts: add talos --- flake.nix | 11 ++ hosts/talos/default.nix | 120 ++++++++++++++++++ hosts/talos/disko-config.nix | 67 ++++++++++ hosts/talos/hardware-configuration.nix | 29 +++++ hosts/talos/home.nix | 57 +++++++++ hosts/talos/secrets.nix | 23 ++++ modules/secrets/secrets.nix | 3 +- .../secrets/users/alarsyo-hashed-password.age | Bin 863 -> 836 bytes .../secrets/users/root-hashed-password.age | 28 ++-- talos.nix | 23 ++++ 10 files changed, 346 insertions(+), 15 deletions(-) create mode 100644 hosts/talos/default.nix create mode 100644 hosts/talos/disko-config.nix create mode 100644 hosts/talos/hardware-configuration.nix create mode 100644 hosts/talos/home.nix create mode 100644 hosts/talos/secrets.nix create mode 100644 talos.nix diff --git a/flake.nix b/flake.nix index 54c4d61..db27a66 100644 --- a/flake.nix +++ b/flake.nix @@ -155,6 +155,17 @@ ++ sharedModules; }; + talos = nixpkgs.lib.nixosSystem { + inherit system; + modules = + [ + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + disko.nixosModules.default + ./talos.nix + ] + ++ sharedModules; + }; + thanatos = nixpkgs.lib.nixosSystem { inherit system; modules = diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix new file mode 100644 index 0000000..418c652 --- /dev/null +++ b/hosts/talos/default.nix @@ -0,0 +1,120 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./disko-config.nix + + ./home.nix + ./secrets.nix + ]; + + hardware.amdgpu.opencl = false; + + boot.kernelPackages = pkgs.linuxPackages_6_6; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot = { + enable = true; + editor = false; + consoleMode = "auto"; + }; + boot.loader.efi.canTouchEfiVariables = true; + + boot.tmp.useTmpfs = true; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + + networking.hostName = "talos"; # Define your hostname. + networking.domain = "alarsyo.net"; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + programs = { + dconf.enable = true; + light.enable = true; + }; + services = { + fwupd.enable = true; + openssh.enable = true; + }; + virtualisation = { + docker.enable = true; + libvirtd.enable = true; + }; + + my.services = { + tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + + pipewire.enable = true; + }; + + my.gui.enable = true; + my.displayManager.sddm.enable = lib.mkForce false; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + settings.General.Experimental = true; + }; + + # Configure console keymap + console.keyMap = "us"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.xserver.displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + services.xserver.desktopManager.plasma5.enable = true; + services.power-profiles-daemon.enable = true; + + #programs.hyprland.enable = true; + #programs.sway = { + # enable = true; + # wrapperFeatures.gtk = true; + #}; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; +} diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix new file mode 100644 index 0000000..9f9ae7b --- /dev/null +++ b/hosts/talos/disko-config.nix @@ -0,0 +1,67 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@persist" = { + mountpoint = "/persist"; + mountOptions = ["compress=zstd" "noatime"]; + }; + "@swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "8G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/talos/hardware-configuration.nix b/hosts/talos/hardware-configuration.nix new file mode 100644 index 0000000..1d0808e --- /dev/null +++ b/hosts/talos/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix new file mode 100644 index 0000000..5b266e6 --- /dev/null +++ b/hosts/talos/home.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + pkgs, + ... +}: { + home-manager.users.alarsyo = { + home.stateVersion = lib.mkForce "23.11"; + + my.home.laptop.enable = true; + + # Keyboard settings & i3 settings + my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; + my.home.x.i3bar.temperature.inputs = ["Tctl"]; + my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"]; + my.home.emacs.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + + # TODO: place in global home conf + services.dunst.enable = true; + + home.packages = builtins.attrValues { + inherit + (pkgs) + # some websites only work there :( + + #chromium + + #darktable + + ## dev + + # + + #rustup + + #gdb + + #valgrind + + arandr + #zotero + + ; + + #inherit + # (pkgs.packages) + # ansel + # spot + # ; + + #inherit (pkgs.wineWowPackages) stable; + }; + }; +} diff --git a/hosts/talos/secrets.nix b/hosts/talos/secrets.nix new file mode 100644 index 0000000..387f511 --- /dev/null +++ b/hosts/talos/secrets.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + #"restic-backup/hephaestus-credentials" = {}; + #"restic-backup/hephaestus-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9c042d0..2496adb 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -5,9 +5,10 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; + talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades hephaestus thanatos]; + machines = [boreal hades hephaestus talos thanatos]; all = users ++ machines; in { diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index 38b12accb020c04422710553bdf46bb52f37ee10..dfbbc689bf07585002b19933c6eb4a0bdd1e63c7 100644 GIT binary patch delta 746 zcmcc5c7$z$PJOUncA>swRalaXM{a&_lxMDaPPTJ-WSL)LmWfAjZhDb{e^73gcX60O zGM9h8bB?xKlxc8=L4I~dxPP8om1U`RNp_jHQ*o|uRF#u1k?mhDAoWet}^`v9Ei!esM}+scC?liBn}xx z#E;_j?&Z#Ae%c-$#bHhs;o6mXp+QLj86^Q}`AH@z&biuoULh9QmTq1pC6&osh8`v* zRbFn{B^e>X={aWkoQEC!d5$T=n z>g7{WRhd*(?&@alUL5RSn1P#FTA7=^f2o;&d8J=* zc9BJ}er`!Qm#(g^f=fx5WtP5^fon*ZPiAm(rMp*{TT-#7Z*qB9YO+U^MS757v16`t zs6~}`I@i9*ZMyQUA9`+Y+uHwo-@yZNma66x{Z7oE!~4C$LyO}fllw>3I>jo6PfOZ- zqxhGtaak9*z_80#VzTV_hO3s2_n-YZe7-B$WB$jeEiZmQJGE8sV}0}Q$!~fmS8+Y+ T)ZEXj(f`xvxZdjTi#7lN3+@b5 delta 793 zcmX@YcAss6PJN!EnQ4TFn`uRHVz{YSfO}eaq>oF9bD@DtU|@ltnVVBmQl5*qkCCxc zB$roZl}}oQWne^5m`PSdV0c+^gs-c=d8DOpVwzc)V_;OML13n9rK3SnF_*5LLUD11 zZfc5=si~o*LP3N@rBS+qfn#ZTkcmr~SyE|Ea(=nCkDGsrSwyj$eyFxjrA1nxi)X1v za&~cMmUFfVS4c!;kw`o4~n&oYYF8zrTMr>FS3 zW@!ib=lG;%rB~$`yGQvM`Wjc1mKraR5h!8IS zAaWHXDr6QV|{<~ zjO;2?-y~nh;?n#~E*Fc8Y`?6Oh&l7Nb@W+qvBArqKLAnQVWxS?6Pd%!YET;Lu1RdF#Vt$ugsL7NauXZoItLB z5f_uJV=}x%f68%QQNDI!-*P+SfU3VU0#Cd+f314I*E|K@OA&Wd**3j44pjUszjTM` zQI$Wt8)|%yxmbJu+8iY{C0I{RZnuEYj@J<{`q_f**B)3f=fZZwEX~zxJfcr$WFK3- LcIA?7HR-kh+z1oG diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age index 0988a49..6a15e89 100644 --- a/modules/secrets/users/root-hashed-password.age +++ b/modules/secrets/users/root-hashed-password.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 YWMQkg i+/8YGSMh0M3Z0qvZebnAmZzr78cnp0TDMUr/FvSyj8 -YQm2rXUoM2l1zh4AD6LHBvgDgsRYdiZWgycu1OabiaA --> ssh-ed25519 pX8y2g Vrn1mB2TH0EGY6uB9hfRu3LaLNp5hjwgLCV4xHQ3UDc -2zZBeLqqs6PAAywIs7v3aLb4tFydwrV6iqGJcZkDbY8 --> ssh-ed25519 SYm+hA PbPD9hhKTAqOFwY0RNtq0tNZnmwC7B0BWCcEp4MBEQ0 -qoXYrSuGtWQX6FlNIgVCkwRy5He/SVi3VHrbPHQvpf0 --> ssh-ed25519 6UUuZw 4pyEkmESRYwA3cURKdWtJ9w5K72y6qNqNXRb+oexoGA -UBa59ClPat1rl4r/BBWHhea1YBLBiyaoHvoYrgnkZhk --> ssh-ed25519 k2gHjw Ef7VgulblvO2b6gUlSa7MqAJMm/0E4z9kOLGuuy+MyY -ede5dtwJpTaDdtFGtNdrv+dfF/V/qmCR+vjC0vhv7WQ --> 2}s-grease -H1mgdyEhmM8weQ+JKPeLvHRb4XsD+zglY5RI428sqRhUSoOX3P8 ---- F/H59tq65rdlR0xSltrmJ8FJZaLVIQPAiruY0R8xpYM -b$(cmQ-:+'TKakyxy._5~Y6@Kʒj8لI'#9W<'֨i׈ZOz \ No newline at end of file +-> ssh-ed25519 YWMQkg mb17MHdKPO5SDXOslq38CjHLKy063L1KyN2wT85fGlE +3JnWLwx2cNmBC1vpS9KAwZQIy7B/vqLZ9QwQYNY4wMQ +-> ssh-ed25519 pX8y2g mvykS4XrUSwe68MteVV52u95oySHdzRlMGVFjhQQrx8 +ztoGz8OrTMRH/0NPfnQXrVBA0Uyuuc2b0dlOXToq85U +-> ssh-ed25519 SYm+hA TiL9r8l1nIvOMUpFaYmZ/5d6DRxcMHMICjrTfmbC7Wc +GfivQi5vzTUfYDVjwSxNA8t/tKtRu0QAGE+kPr4u1+I +-> ssh-ed25519 nh0dAQ 9agb3Zl/7+mAIH7bcIXbY2KrHDZAjugAfKbQ0OAhIQQ +kPzKALS6Wrr5zUJngqjwGV6w5prKMWlj/WY2qi2ck4M +-> ssh-ed25519 6UUuZw 36Uu//D8HuiRHFN0GOAyLxI0J3yBrTSBXuBG9pTVZA8 +KTMmUW8MvVtUm4Xjyz0JGDdz4H7Y5KxLPDeYPc0dfl4 +-> ssh-ed25519 k2gHjw D3OD07mu/YnR3xVhhbX4UoChpAWSG4CYIkmQZclsjQc +kgqZizkSgB5p+1ZRd0tP/bBxZ92jt6fvAcNZe3MmgoE +--- ZuL2dvQ6+hac47fRdRWl4VHl2sRIvnF80d37EZKq94I +J)Fr@+4rF OL5|㞵ˮq[ Pm;aH Date: Sun, 3 Mar 2024 01:57:24 +0100 Subject: [PATCH 608/904] ci: add talos to hosts --- .github/workflows/cachix.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index c88bece..c3ebe42 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -79,6 +79,7 @@ jobs: - boreal - hades - hephaestus + - talos - thanatos steps: From 92d370a10a4963f51933bc371c738c7ce46ddfab Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 02:01:42 +0100 Subject: [PATCH 609/904] flake: bump all inputs --- flake.lock | 116 +++++++++++++++++++++++++++++++++++++++-------------- flake.nix | 2 +- 2 files changed, 87 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 92525ad..d57ce97 100644 --- a/flake.lock +++ b/flake.lock @@ -3,14 +3,16 @@ "agenix": { "inputs": { "darwin": "darwin", - "nixpkgs": "nixpkgs" + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" }, "locked": { - "lastModified": 1677969766, - "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "owner": "ryantm", "repo": "agenix", - "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "type": "github" }, "original": { @@ -27,11 +29,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -46,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1702479765, - "narHash": "sha256-wjNYsFhciYoJkZ/FBKvFj55k+vkLbu6C2qYQ7K+s8pI=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "bd8fbc3f274288ac905bcea66bc2a5428abde458", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -61,22 +63,46 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { "owner": "numtide", - "ref": "master", + "ref": "main", "repo": "flake-utils", "type": "github" } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -99,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1695887975, - "narHash": "sha256-u3+5FR12dI305jCMb0fJNQx2qwoQ54lv1tPoEWp0hmg=", + "lastModified": 1709410583, + "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "adcfd6aa860d1d129055039696bc457af7d50d0e", + "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", "type": "github" }, "original": { @@ -115,11 +141,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -131,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1678510587, - "narHash": "sha256-Jb6/OsFlvUotDhs9Xtk/G5SLXCHsnVnVdn5trgSiNQA=", + "lastModified": 1709357594, + "narHash": "sha256-C6BNtZewmFbBuPgqAUa/o3pZ4nYZJkQfFB1nhQbBFEc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e21dd61028bca1ed1d70a76bc8bd988ae366275", + "rev": "b8698cd8d62c42cf3e2b3a95224c57173b73e494", "type": "github" }, "original": { @@ -147,11 +173,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697915759, - "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=", + "lastModified": 1708815994, + "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e", + "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", "type": "github" }, "original": { @@ -163,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1707650010, - "narHash": "sha256-dOhphIA4MGrH4ElNCy/OlwmN24MsnEqFjRR6+RY7jZw=", + "lastModified": 1709309926, + "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "809cca784b9f72a5ad4b991e0e7bcf8890f9c3a6", + "rev": "79baff8812a0d68e24a836df0a364c678089e2c7", "type": "github" }, "original": { @@ -182,11 +208,41 @@ "agenix": "agenix", "disko": "disko", "flake-utils": "flake-utils", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index db27a66..08bf4ef 100644 --- a/flake.nix +++ b/flake.nix @@ -33,7 +33,7 @@ type = "github"; owner = "numtide"; repo = "flake-utils"; - ref = "master"; + ref = "main"; }; nixos-hardware = { From 33aca9d297c2b2024edabfda72abfa7d7df28a9d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 02:42:30 +0100 Subject: [PATCH 610/904] home: don't hardcode stateversion --- home/default.nix | 2 -- hosts/boreal/home.nix | 2 ++ hosts/hades/home.nix | 1 + hosts/hephaestus/home.nix | 1 + hosts/talos/home.nix | 3 +-- hosts/thanatos/home.nix | 2 ++ 6 files changed, 7 insertions(+), 4 deletions(-) diff --git a/home/default.nix b/home/default.nix index 97d2b3c..2c74b55 100644 --- a/home/default.nix +++ b/home/default.nix @@ -21,8 +21,6 @@ ./x ]; - home.stateVersion = "21.05"; - home.username = "alarsyo"; home.sessionVariables = let diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index f522fb3..1f18d17 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -4,6 +4,8 @@ ... }: { home-manager.users.alarsyo = { + home.stateVersion = "20.09"; + # Keyboard settings & i3 settings my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; diff --git a/hosts/hades/home.nix b/hosts/hades/home.nix index 3bb7dab..a3737e5 100644 --- a/hosts/hades/home.nix +++ b/hosts/hades/home.nix @@ -1,5 +1,6 @@ {config, ...}: { home-manager.users.alarsyo = { + home.stateVersion = "22.05"; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; } diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index 3e0f454..defb789 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -4,6 +4,7 @@ ... }: { home-manager.users.alarsyo = { + home.stateVersion = "23.05"; my.home.laptop.enable = true; # Keyboard settings & i3 settings diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 5b266e6..c678ca8 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -1,11 +1,10 @@ { config, - lib, pkgs, ... }: { home-manager.users.alarsyo = { - home.stateVersion = lib.mkForce "23.11"; + home.stateVersion = "23.11"; my.home.laptop.enable = true; diff --git a/hosts/thanatos/home.nix b/hosts/thanatos/home.nix index 3bb7dab..bacc60b 100644 --- a/hosts/thanatos/home.nix +++ b/hosts/thanatos/home.nix @@ -1,5 +1,7 @@ {config, ...}: { home-manager.users.alarsyo = { + home.stateVersion = "23.11"; + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; } From fad2af4451d3f80eb8d4cdc93397adbbe865ab30 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 02:44:38 +0100 Subject: [PATCH 611/904] talos: install various home software --- hosts/talos/home.nix | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index c678ca8..345e117 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -25,32 +25,24 @@ (pkgs) # some websites only work there :( - #chromium - - #darktable - - ## dev - - # - - #rustup - - #gdb - - #valgrind + chromium + darktable + # dev + rustup + gdb + valgrind arandr - #zotero - + zotero ; - #inherit - # (pkgs.packages) - # ansel - # spot - # ; + inherit + (pkgs.packages) + ansel + spot + ; - #inherit (pkgs.wineWowPackages) stable; + inherit (pkgs.wineWowPackages) stable; }; }; } From cafcdc89d7670960a213240edb4736821d0aac87 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 02:58:06 +0100 Subject: [PATCH 612/904] base: remove unneeded discord override --- base/gui-programs.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 31ee485..9a24bbd 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -53,6 +53,7 @@ in { (pkgs) chrysalis evince + discord feh firefox ffmpeg @@ -72,8 +73,6 @@ in { inherit (pkgs.gnome) nautilus; inherit (pkgs.libsForQt5) okular; - - discord = pkgs.discord.override {nss = pkgs.nss_latest;}; }; networking.networkmanager = { From 524e5759755f6a508f821552546768cfd6c1977d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 02:58:38 +0100 Subject: [PATCH 613/904] base: remove a few programs from list --- base/gui-programs.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 9a24bbd..9ca0aa5 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -51,8 +51,6 @@ in { environment.systemPackages = builtins.attrValues { inherit (pkgs) - chrysalis - evince discord feh firefox @@ -70,8 +68,6 @@ in { zathura ; - inherit (pkgs.gnome) nautilus; - inherit (pkgs.libsForQt5) okular; }; From 69674b104ef81b063254fe915efee478e24e445f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 03:02:09 +0100 Subject: [PATCH 614/904] base: remove firefox it's installed from home-manager anyway --- base/gui-programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 9ca0aa5..6c4c656 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -53,7 +53,6 @@ in { (pkgs) discord feh - firefox ffmpeg gimp-with-plugins imagemagick From 2b77681552f07ce405c5845001198e7801158c09 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 03:03:03 +0100 Subject: [PATCH 615/904] home: don't enable i3 by default --- base/gui-programs.nix | 1 - home/x/i3.nix | 7 ++++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 6c4c656..76e90f6 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -34,7 +34,6 @@ in { if config.my.gui.isNvidia then ["nvidia"] else options.services.xserver.videoDrivers.default; - windowManager.i3.enable = true; layout = "fr"; xkbVariant = "us"; libinput = { diff --git a/home/x/i3.nix b/home/x/i3.nix index 665a237..0fefa09 100644 --- a/home/x/i3.nix +++ b/home/x/i3.nix @@ -6,11 +6,12 @@ }: let inherit (lib) + mkEnableOption mkIf mkOptionDefault ; - isEnabled = config.my.home.x.enable; + isEnabled = config.my.home.x.i3.enable; myTerminal = # FIXME: fix when terminal is setup in home @@ -26,6 +27,10 @@ i3Theme = config.my.theme.i3Theme; in { + options.my.home.x.i3 = { + enable = mkEnableOption "i3wm configuration"; + }; + config = mkIf isEnabled { my.home = { flameshot.enable = true; From bb0ea0a5c8ce1fcf1cf0aed1e308f01e9fd8980e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 03:29:01 +0100 Subject: [PATCH 616/904] talos: dconf already enabled globally --- hosts/talos/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 418c652..0376135 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -51,7 +51,6 @@ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; programs = { - dconf.enable = true; light.enable = true; }; services = { From 8b7ae654942b5e70cd637247bed02cfad8dd5743 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 03:29:14 +0100 Subject: [PATCH 617/904] base: remove dodgy networkmanager script --- base/gui-programs.nix | 46 +------------------------------------------ 1 file changed, 1 insertion(+), 45 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 76e90f6..b485354 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -69,51 +69,7 @@ in { inherit (pkgs.libsForQt5) okular; }; - networking.networkmanager = { - enable = true; - - dispatcherScripts = [ - { - source = let - grep = "${pkgs.gnugrep}/bin/grep"; - nmcli = "${pkgs.networkmanager}/bin/nmcli"; - in - pkgs.writeShellScript "disable_wifi_on_ethernet" '' - export LC_ALL=C - date >> /tmp/disable_wifi_on_ethernet.log - echo START "$@" >> /tmp/disable_wifi_on_ethernet.log - - beginswith() { case $2 in "$1"*) true;; *) false;; esac; } - - is_ethernet_interface () - { - local type="$(${nmcli} dev show "$1" | grep 'GENERAL\.TYPE:' | awk '{ print $2 }')" - test "$type" = "ethernet" || beginswith enp "$1" - } - - hotspot_enabled () - { - ${nmcli} dev | ${grep} -q "hotspot" - } - - if is_ethernet_interface "$1" && ! hotspot_enabled; then - echo "change in ethernet and not in hotspot mode" >> /tmp/disable_wifi_on_ethernet.log - if [ "$2" = "up" ]; then - echo "turning wifi off" >> /tmp/disable_wifi_on_ethernet.log - nmcli radio wifi off - fi - - if [ "$2" = "down" ]; then - echo "turning wifi on" >> /tmp/disable_wifi_on_ethernet.log - nmcli radio wifi on - fi - fi - echo END "$@" >> /tmp/disable_wifi_on_ethernet.log - ''; - type = "basic"; - } - ]; - }; + networking.networkmanager.enable = true; programs.nm-applet.enable = true; programs.steam.enable = true; From 47e47488bc84f4ac39febd8891c32af836e4e4be Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 04:02:31 +0100 Subject: [PATCH 618/904] talos: remove darktable --- hosts/talos/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 345e117..f42b383 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -26,7 +26,6 @@ # some websites only work there :( chromium - darktable # dev rustup From c47c084a55e790de019b28ae6ba6c4aacaf82e9b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 3 Mar 2024 04:11:59 +0100 Subject: [PATCH 619/904] base: remove unused programs --- base/programs.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index 0f82f19..cc111fb 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -26,31 +26,22 @@ fd file ripgrep - sd - tokei tree wget - jq pciutils usbutils # development - agenix - alejandra git git-crypt git-lfs gnumake gnupg - pinentry-qt python3 vim # terminal utilities - dogdns - du-dust htop - ldns # drill unzip zip ; From 6e8253fd8956846b4a5c288623960aec240bd84a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 14:23:27 +0100 Subject: [PATCH 620/904] talos: switch to kernel 6.7 --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 0376135..59f84dd 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -18,7 +18,7 @@ hardware.amdgpu.opencl = false; - boot.kernelPackages = pkgs.linuxPackages_6_6; + boot.kernelPackages = pkgs.linuxPackages_6_7; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot = { From 2ec0602006736d9f7f9480bd0a1a08c9e08bf816 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 16:04:50 +0100 Subject: [PATCH 621/904] talos: set Wi-Fi regulatory domain --- hosts/talos/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 59f84dd..7377884 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -19,6 +19,9 @@ hardware.amdgpu.opencl = false; boot.kernelPackages = pkgs.linuxPackages_6_7; + # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could + # lead to bad Wi-Fi performance + boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot = { From 3d10eef3ac05e9c975286ad84d5c393dbce74ce9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 16:05:01 +0100 Subject: [PATCH 622/904] flake: override power-profiles-daemon 0.20 from unstable brings a lot of improvements over 0.13 from 23.11 for newer AMD laptops --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index 08bf4ef..476d7cc 100644 --- a/flake.nix +++ b/flake.nix @@ -93,6 +93,8 @@ inherit system; config.allowUnfree = true; }; + + power-profiles-daemon = self.unstable.power-profiles-daemon; }) agenix.overlays.default From 3e23486ecbb7a1a7207e2155ef18d82b913640aa Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 16:24:00 +0100 Subject: [PATCH 623/904] talos: explicitely enable wifi powersave this way I know what to toggle if I want to switch it off in the future --- hosts/talos/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 7377884..ccce527 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -44,7 +44,10 @@ networking.domain = "alarsyo.net"; # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.networkmanager = { + enable = true; + wifi.powersave = true; + }; # Set your time zone. time.timeZone = "Europe/Paris"; From 847b50a841de298552e47626ac8d48f1d516a70b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 16:31:32 +0100 Subject: [PATCH 624/904] flake: add alejandra to devShell --- flake.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 476d7cc..281824b 100644 --- a/flake.nix +++ b/flake.nix @@ -179,11 +179,18 @@ }; }; } - // inputs.flake-utils.lib.eachDefaultSystem (system: { + // inputs.flake-utils.lib.eachDefaultSystem (system: let + pkgs = import nixpkgs {inherit system;}; + in { packages = inputs.flake-utils.lib.flattenTree (import ./pkgs { pkgs = import nixpkgs {inherit system;}; }); + devShells.default = pkgs.mkShellNoCC { + buildInputs = [ + pkgs.alejandra + ]; + }; }); } From a8e243365e39ebbfd8a2295c7edfd6ac2d15fa27 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 18:53:00 +0100 Subject: [PATCH 625/904] base: place arandr in gui programs --- base/gui-programs.nix | 1 + hosts/hephaestus/home.nix | 1 - hosts/talos/home.nix | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index b485354..9c7fc1d 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -50,6 +50,7 @@ in { environment.systemPackages = builtins.attrValues { inherit (pkgs) + arandr discord feh ffmpeg diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index defb789..1178b1c 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -31,7 +31,6 @@ rustup gdb valgrind - arandr zotero ; diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index f42b383..366faf6 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -31,7 +31,6 @@ rustup gdb valgrind - arandr zotero ; From f18238cd5c0252101547565864b7a44e40504ddb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 18:53:50 +0100 Subject: [PATCH 626/904] talos: remove unneeded stuff from home packages --- hosts/talos/home.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 366faf6..0f547f1 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -23,14 +23,7 @@ home.packages = builtins.attrValues { inherit (pkgs) - # some websites only work there :( - - chromium - # dev - - rustup - gdb - valgrind + chromium # some websites only work there :( zotero ; @@ -39,8 +32,6 @@ ansel spot ; - - inherit (pkgs.wineWowPackages) stable; }; }; } From 226e72655151e507984495e1e2f6c1a07d6134d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 19:21:23 +0100 Subject: [PATCH 627/904] home: move lorri file to direnv --- home/default.nix | 2 +- home/{lorri.nix => direnv.nix} | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) rename home/{lorri.nix => direnv.nix} (55%) diff --git a/home/default.nix b/home/default.nix index 2c74b55..6cdce61 100644 --- a/home/default.nix +++ b/home/default.nix @@ -2,6 +2,7 @@ imports = [ ./alacritty.nix ./bat.nix + ./direnv.nix ./emacs.nix ./env.nix ./firefox.nix @@ -10,7 +11,6 @@ ./git.nix ./gtk.nix ./laptop.nix - ./lorri.nix ./mail.nix ./rbw.nix ./rofi.nix diff --git a/home/lorri.nix b/home/direnv.nix similarity index 55% rename from home/lorri.nix rename to home/direnv.nix index 0d7e2e3..9c1b086 100644 --- a/home/lorri.nix +++ b/home/direnv.nix @@ -9,17 +9,15 @@ mkIf ; - cfg = config.my.home.lorri; + cfg = config.my.home.direnv; in { - options.my.home.lorri = { - enable = (mkEnableOption "lorri daemon setup") // {default = true;}; + options.my.home.direnv = { + enable = (mkEnableOption "setup direnv usage") // {default = true;}; }; config = mkIf cfg.enable { - services.lorri.enable = true; programs.direnv = { enable = true; - # FIXME: proper file, not lorri.nix nix-direnv = { enable = true; }; From 4985d670bb7bb686501351efed56f29181f2d1d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 19:33:08 +0100 Subject: [PATCH 628/904] flake: avoid one evaluation of nixpkgs --- flake.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 281824b..4e0a282 100644 --- a/flake.nix +++ b/flake.nix @@ -180,13 +180,11 @@ }; } // inputs.flake-utils.lib.eachDefaultSystem (system: let - pkgs = import nixpkgs {inherit system;}; + pkgs = nixpkgs.legacyPackages.${system}; in { packages = inputs.flake-utils.lib.flattenTree - (import ./pkgs { - pkgs = import nixpkgs {inherit system;}; - }); + (import ./pkgs {inherit pkgs;}); devShells.default = pkgs.mkShellNoCC { buildInputs = [ pkgs.alejandra From 95c116c2e850376b83394c87ea0141b47dbfc4ad Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 19:56:08 +0100 Subject: [PATCH 629/904] flake: disable power-profiles-daemon override It seems to conflict with some KDE settings UI, let's revisit when I got rid of Plasma --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 4e0a282..f77d912 100644 --- a/flake.nix +++ b/flake.nix @@ -94,7 +94,7 @@ config.allowUnfree = true; }; - power-profiles-daemon = self.unstable.power-profiles-daemon; + # power-profiles-daemon = self.unstable.power-profiles-daemon; }) agenix.overlays.default From 7be4514da365645bcfc805ca780ac29ae521e2d7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Mar 2024 22:43:28 +0100 Subject: [PATCH 630/904] emacs: use Pure GTK build --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 47d3776..091846e 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -43,7 +43,7 @@ in { programs.emacs = { enable = true; - package = pkgs.emacs29; + package = pkgs.emacs29-pgtk; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; }; }; From cd715f1a03174a08ef66aabc8c099837fa8747c7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Mar 2024 05:07:46 +0100 Subject: [PATCH 631/904] talos: setup restic backups --- hosts/talos/default.nix | 43 ++++++++++++++++++ hosts/talos/secrets.nix | 4 +- .../restic-backup/talos-credentials.age | 7 +++ .../secrets/restic-backup/talos-password.age | Bin 0 -> 387 bytes modules/secrets/secrets.nix | 2 + 5 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 modules/secrets/restic-backup/talos-credentials.age create mode 100644 modules/secrets/restic-backup/talos-password.age diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index ccce527..4fee350 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -75,6 +75,49 @@ }; pipewire.enable = true; + + restic-backup = { + enable = true; + repo = "b2:talos-backup"; + passwordFile = config.age.secrets."restic-backup/talos-password".path; + environmentFile = config.age.secrets."restic-backup/talos-credentials".path; + + timerConfig = { + OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day + }; + + paths = [ + "/home/alarsyo" + ]; + exclude = [ + "/home/alarsyo/Downloads" + + # Rust builds using half my storage capacity + "/home/alarsyo/**/target" + "/home/alarsyo/work/rust/build" + + # don't backup nixpkgs + "/home/alarsyo/work/nixpkgs" + + "/home/alarsyo/go" + + # C build crap + "*.a" + "*.o" + "*.so" + + ".direnv" + + # test vms + "*.qcow2" + + # secrets stay offline + "/home/alarsyo/**/secrets" + + # ignore all dotfiles as .config and .cache can become quite big + "/home/alarsyo/.*" + ]; + }; }; my.gui.enable = true; diff --git a/hosts/talos/secrets.nix b/hosts/talos/secrets.nix index 387f511..e5fae61 100644 --- a/hosts/talos/secrets.nix +++ b/hosts/talos/secrets.nix @@ -13,8 +13,8 @@ // attrs; in lib.mapAttrs toSecret { - #"restic-backup/hephaestus-credentials" = {}; - #"restic-backup/hephaestus-password" = {}; + "restic-backup/talos-credentials" = {}; + "restic-backup/talos-password" = {}; "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; diff --git a/modules/secrets/restic-backup/talos-credentials.age b/modules/secrets/restic-backup/talos-credentials.age new file mode 100644 index 0000000..967a671 --- /dev/null +++ b/modules/secrets/restic-backup/talos-credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw WWJQxqfxQzLmBFPpTzuKBMhAl+ZxnQdvnaDvfpwxR00 +tEsf6xSw/MP/qJnr/SyLlkEEf/LaI7IxjVzaxRwh5FI +-> ssh-ed25519 nh0dAQ yRu0VZqx+DuB3SSQaVtg+txuRu9OyJDfLDNCKg9XYk0 +xTpucapaejG2EMrZLIDt46JD3QYM4XXT1Y2F77HPQO8 +--- uZjO0dDIFesU2B/GkjpqrOJas1+K6hGbQAdFV/t1GOk +BV͵\ 8 ۑ[%l^>9\E5j(6g;(I7CS4v6iSXC`OT\;Iݜ6_ky-qKlKӠh?t \ No newline at end of file diff --git a/modules/secrets/restic-backup/talos-password.age b/modules/secrets/restic-backup/talos-password.age new file mode 100644 index 0000000000000000000000000000000000000000..244ab8dc30fcae543ab25652ad3581ff651d49f3 GIT binary patch literal 387 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dp&9_cP=O_ zEH^I>({|RkC{A^C3P{qf3dz!rG;`7qOApI-DK-o9Nj5IXP3H2?kF*HRFe=WiD2&K6 z)i=uY^h)wKuXN9LF)Ft3cg&9pGRiK<4azXoPe->cFT)_kF;Jl>H^MPB*Cf;>D%~)o zI4>kSprkCU(9S79Zk&rurpqcI|Qd+3ppq^sX*itSSA% zHd;H>i|>}v8qv2>yonFO|9BLu3VQBYSKTx*@?lV4!m2!rz#KuH>xY*;-}$;|QLmiz VgbQ+~<%_lzEKm=$4{2nu0szn!iy8m` literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 2496adb..f9c389c 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -35,6 +35,8 @@ in { "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; + "restic-backup/talos-password.age".publicKeys = [alarsyo talos]; + "restic-backup/talos-credentials.age".publicKeys = [alarsyo talos]; "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; From 6c32b3f262319203869ef4cb8c25ea6a355298c2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Mar 2024 05:08:09 +0100 Subject: [PATCH 632/904] base: enable cups for GUI hosts --- base/gui-programs.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 9c7fc1d..b141890 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -45,6 +45,11 @@ in { }; logind.lidSwitch = "ignore"; + + printing = { + enable = true; + cups-pdf.enable = true; + }; }; environment.systemPackages = builtins.attrValues { From 9e98e96c31564939ee516ba93f9554e90a05cc20 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 5 Mar 2024 05:19:57 +0100 Subject: [PATCH 633/904] services: restic: tone down the verbosity --- services/restic-backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/restic-backup.nix b/services/restic-backup.nix index cad1127..d3d3e63 100644 --- a/services/restic-backup.nix +++ b/services/restic-backup.nix @@ -98,7 +98,7 @@ in { environmentFile = cfg.environmentFile; extraBackupArgs = - ["--verbose=2"] + ["--verbose=1"] ++ optional (builtins.length cfg.exclude != 0) excludeArg; timerConfig = cfg.timerConfig; From e84c66e8127f3cf447debe51445eae4ebadec816 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Mar 2024 00:13:30 +0100 Subject: [PATCH 634/904] flake: add unstable nixpkgs to registry --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index f77d912..4f3c492 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,7 @@ ]; registry = { nixpkgs.flake = inputs.nixpkgs; + unstable.flake = inputs.nixpkgs-unstable-small; }; }; }; From d660110cecb8b0c4e49c41687a812f5fb543d5f6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Mar 2024 21:40:08 +0100 Subject: [PATCH 635/904] hephaestus: re-enable i3wm --- hosts/hephaestus/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index 1178b1c..2c9bd36 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -9,6 +9,7 @@ # Keyboard settings & i3 settings my.home.x.enable = true; + my.home.x.i3.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = ["Tctl"]; my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"]; From 4a8f736cdb9ea78e7358251004e9211ffd3aeb30 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Mar 2024 21:40:32 +0100 Subject: [PATCH 636/904] hephaestus: switch to latest kernel LTS --- hosts/hephaestus/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix index 8eb7d45..4efc538 100644 --- a/hosts/hephaestus/default.nix +++ b/hosts/hephaestus/default.nix @@ -16,7 +16,7 @@ hardware.amdgpu.opencl = false; - boot.kernelPackages = pkgs.linuxPackages; + boot.kernelPackages = pkgs.linuxPackages_6_6; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From 9d50cbd67b71d8a38c86685752bea053f78cb9dc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Mar 2024 16:00:12 +0100 Subject: [PATCH 637/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/79baff8812a0d68e24a836df0a364c678089e2c7' (2024-03-01) → 'github:NixOS/nixpkgs/b94a96839afcc56de3551aa7472b8d9a3e77e05d' (2024-03-09) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d57ce97..2154f33 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1709309926, - "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", + "lastModified": 1710021367, + "narHash": "sha256-FuMVdWqXMT38u1lcySYyv93A7B8wU0EGzUr4t4jQu8g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "79baff8812a0d68e24a836df0a364c678089e2c7", + "rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d", "type": "github" }, "original": { From db4ed090c0815f068028c5ba28496bc411787347 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Mar 2024 17:22:45 +0100 Subject: [PATCH 638/904] todo: add todo file for long term planning --- todo.org | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 todo.org diff --git a/todo.org b/todo.org new file mode 100644 index 0000000..814009b --- /dev/null +++ b/todo.org @@ -0,0 +1,5 @@ +* TODO Take a look at goldwarden when 24.05 releases + +https://github.com/quexten/goldwarden + +* TODO Setup sway correctly From 9f7ed34392bb1e2a395693df0df31bd3de27ccd8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Mar 2024 19:45:30 +0100 Subject: [PATCH 639/904] talos: add framework-tool to packages --- hosts/talos/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 4fee350..33726d7 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -155,6 +155,10 @@ services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = true; + environment.systemPackages = [ + pkgs.framework-tool + ]; + #programs.hyprland.enable = true; #programs.sway = { # enable = true; From 752362fc8bf8d0b12ec2e10fbd8082d8cfa11097 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 13 Mar 2024 14:37:40 +0100 Subject: [PATCH 640/904] talos: make room in partition table --- hosts/talos/disko-config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix index 9f9ae7b..71d7c81 100644 --- a/hosts/talos/disko-config.nix +++ b/hosts/talos/disko-config.nix @@ -20,7 +20,7 @@ }; }; luks = { - size = "100%"; + size = "60%"; content = { type = "luks"; name = "crypted"; @@ -51,6 +51,7 @@ mountpoint = "/persist"; mountOptions = ["compress=zstd" "noatime"]; }; + "@snapshots" = {}; "@swap" = { mountpoint = "/.swapvol"; swap.swapfile.size = "8G"; From 9243f630de065a780e595c2c80a85c26c4100a06 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Mar 2024 02:34:36 +0100 Subject: [PATCH 641/904] talos: fix disko-config --- hosts/talos/disko-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix index 71d7c81..5146330 100644 --- a/hosts/talos/disko-config.nix +++ b/hosts/talos/disko-config.nix @@ -20,7 +20,7 @@ }; }; luks = { - size = "60%"; + size = "600G"; content = { type = "luks"; name = "crypted"; From 8c86cafd967c28bdc6f9000b776173486f093f79 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Mar 2024 11:39:36 +0100 Subject: [PATCH 642/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b94a96839afcc56de3551aa7472b8d9a3e77e05d' (2024-03-09) → 'github:NixOS/nixpkgs/51063ed4f2343a59fdeebb279bb81d87d453942b' (2024-03-12) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2154f33..493ea0e 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1710021367, - "narHash": "sha256-FuMVdWqXMT38u1lcySYyv93A7B8wU0EGzUr4t4jQu8g=", + "lastModified": 1710283656, + "narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d", + "rev": "51063ed4f2343a59fdeebb279bb81d87d453942b", "type": "github" }, "original": { From b6d7aae9713d45aa0c4a0f646ec1f41d56a00761 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 14 Mar 2024 11:49:27 +0100 Subject: [PATCH 643/904] talos: don't need virtualisation right now --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 33726d7..4def4d9 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -65,7 +65,7 @@ }; virtualisation = { docker.enable = true; - libvirtd.enable = true; + libvirtd.enable = false; }; my.services = { From 24f78a96c375234eff5c08a9dda43aac875909bc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Mar 2024 18:05:55 +0100 Subject: [PATCH 644/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/51063ed4f2343a59fdeebb279bb81d87d453942b' (2024-03-12) → 'github:NixOS/nixpkgs/614b4613980a522ba49f0d194531beddbb7220d3' (2024-03-17) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 493ea0e..69cdd51 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1710283656, - "narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=", + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "51063ed4f2343a59fdeebb279bb81d87d453942b", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", "type": "github" }, "original": { From 0dd641b580fb22e3e835583ff52410a828c94225 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 27 Mar 2024 18:07:20 +0100 Subject: [PATCH 645/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03) → 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/614b4613980a522ba49f0d194531beddbb7220d3' (2024-03-17) → 'github:NixOS/nixpkgs/44733514b72e732bd49f5511bd0203dea9b9a434' (2024-03-26) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 69cdd51..90f07e7 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1706981411, - "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "owner": "nix-community", "repo": "home-manager", - "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1711460390, + "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "type": "github" }, "original": { From 9967ba273cc55e507ea430325c45c7c9edd30626 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 1 Apr 2024 22:30:54 +0200 Subject: [PATCH 646/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/bde7dd352c07d43bd5b8245e6c39074a391fdd46' (2024-03-01) → 'github:nix-community/disko/611c9ea53250f7bb22286b3d26872280a0e608f9' (2024-04-01) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/9a9dae8f6319600fa9aebde37f340975cab4b8c0' (2024-02-24) → 'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29) • Updated input 'flake-utils': 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28) → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/59e37017b9ed31dee303dbbd4531c594df95cfbc' (2024-03-02) → 'github:NixOS/nixos-hardware/9a763a7acc4cfbb8603bb0231fec3eda864f81c0' (2024-03-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/44733514b72e732bd49f5511bd0203dea9b9a434' (2024-03-26) → 'github:NixOS/nixpkgs/219951b495fc2eac67b1456824cc1ec1fd2ee659' (2024-03-28) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/b8698cd8d62c42cf3e2b3a95224c57173b73e494' (2024-03-02) → 'github:NixOS/nixpkgs/8bea75f6bdceecb9a349e7425ae2ca5c91c01b9c' (2024-04-01) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 90f07e7..6729a6d 100644 --- a/flake.lock +++ b/flake.lock @@ -48,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1709286488, - "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", + "lastModified": 1711934712, + "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=", "owner": "nix-community", "repo": "disko", - "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", + "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9", "type": "github" }, "original": { @@ -67,11 +67,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709410583, - "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", + "lastModified": 1711352745, + "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", + "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1709357594, - "narHash": "sha256-C6BNtZewmFbBuPgqAUa/o3pZ4nYZJkQfFB1nhQbBFEc=", + "lastModified": 1711983799, + "narHash": "sha256-Wo9rOsVxGIMcLmFilSai2Fi7kN50doxsuksoTIXPytI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b8698cd8d62c42cf3e2b3a95224c57173b73e494", + "rev": "8bea75f6bdceecb9a349e7425ae2ca5c91c01b9c", "type": "github" }, "original": { @@ -173,11 +173,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1708815994, - "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", + "lastModified": 1711715736, + "narHash": "sha256-9slQ609YqT9bT/MNX9+5k5jltL9zgpn36DpFB7TkttM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", + "rev": "807c549feabce7eddbf259dbdcec9e0600a0660d", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1711668574, + "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", "type": "github" }, "original": { From 2e93dc6f7786f6095dae4957c2f74bbaddad064c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Apr 2024 17:38:13 +0200 Subject: [PATCH 647/904] hades: disable photoprism --- hosts/hades/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 4f4c02e..a7b6544 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -112,11 +112,6 @@ in { secretKeyFile = config.age.secrets."paperless/secret-key".path; }; - photoprism = { - enable = true; - port = 8084; - }; - pleroma = { enable = true; port = 8086; From 3b942d062501187669daf1825229f940e28704ab Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 8 Apr 2024 10:25:21 +0200 Subject: [PATCH 648/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19) → 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/219951b495fc2eac67b1456824cc1ec1fd2ee659' (2024-03-28) → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6729a6d..1992332 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1710888565, - "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "lastModified": 1712386041, + "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1711668574, - "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", + "lastModified": 1712437997, + "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", + "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", "type": "github" }, "original": { From 4307b6d9a85e8ebcf37ce725bfb3cabc01ec4a16 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 12 Apr 2024 10:47:50 +0200 Subject: [PATCH 649/904] talos: switch to Linux 6.8 --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 4def4d9..51704b4 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -18,7 +18,7 @@ hardware.amdgpu.opencl = false; - boot.kernelPackages = pkgs.linuxPackages_6_7; + boot.kernelPackages = pkgs.linuxPackages_6_8; # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; From f794c86483c81c21b675ccdc3eb990580cb9f8c1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Apr 2024 17:25:48 +0200 Subject: [PATCH 650/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06) → 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1992332..f96262e 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1712437997, - "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", + "lastModified": 1713145326, + "narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", + "rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e", "type": "github" }, "original": { From 279fecb93b1c31de3e2b2577f320ec02baf1d390 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Apr 2024 19:38:44 +0200 Subject: [PATCH 651/904] talos: set default sddm session --- hosts/talos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 51704b4..9da872c 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -152,6 +152,7 @@ enable = true; wayland.enable = true; }; + services.xserver.displayManager.defaultSession = "plasmawayland"; services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = true; From 0bb8be31a12de54ebe9f270efd18e09a1f37dace Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 22 Apr 2024 17:05:44 +0200 Subject: [PATCH 652/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15) → 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f96262e..433fc78 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1713145326, - "narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=", + "lastModified": 1713725259, + "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e", + "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", "type": "github" }, "original": { From b12753161ba9b51b1d89ade11431d66bd591a84b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 2 May 2024 14:20:53 +0200 Subject: [PATCH 653/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06) → 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411' (2024-04-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21) → 'github:NixOS/nixpkgs/0638fe2715d998fa81d173aad264eb671ce2ebc1' (2024-05-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 433fc78..93e2f37 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1712386041, - "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", + "lastModified": 1714043624, + "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", + "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1713725259, - "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", + "lastModified": 1714531828, + "narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", + "rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1", "type": "github" }, "original": { From 0274ad73e0600d2befe7d49fcbcb4ba919ad2964 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 13 May 2024 01:03:32 +0200 Subject: [PATCH 654/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411' (2024-04-25) → 'github:nix-community/home-manager/ab5542e9dbd13d0100f8baae2bc2d68af901f4b4' (2024-05-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0638fe2715d998fa81d173aad264eb671ce2ebc1' (2024-05-01) → 'github:NixOS/nixpkgs/71bae31b7dbc335528ca7e96f479ec93462323ff' (2024-05-11) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 93e2f37..7c9105a 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1714043624, - "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", + "lastModified": 1715381426, + "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", "owner": "nix-community", "repo": "home-manager", - "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", + "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1714531828, - "narHash": "sha256-ILsf3bdY/hNNI/Hu5bSt2/KbmHaAVhBbNUOdGztTHEg=", + "lastModified": 1715395895, + "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0638fe2715d998fa81d173aad264eb671ce2ebc1", + "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff", "type": "github" }, "original": { From e7f29e5f1783e5827609ceba571ee8dec85c17cc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 24 May 2024 16:24:48 +0200 Subject: [PATCH 655/904] pkgs: spot: bump to 2.12 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 5aba50e..d454097 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.11.6"; + version = "2.12"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-ppJ5T4nA2zlWulkZvdUxPjcuDeNAAKkCLynhxukcU4o="; + sha256 = "sha256-JroHatV+xz0vrlSC1T4W2pXEeCJwdkfnhNjHzsDRBFU="; }; } From 298dd249f55fd7bcf709241cfe2e793656ab041c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 24 May 2024 16:25:06 +0200 Subject: [PATCH 656/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/71bae31b7dbc335528ca7e96f479ec93462323ff' (2024-05-11) → 'github:NixOS/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7c9105a..b8ea09f 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1715395895, - "narHash": "sha256-DreMqi6+qa21ffLQqhMQL2XRUkAGt3N7iVB5FhJKie4=", + "lastModified": 1716361217, + "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71bae31b7dbc335528ca7e96f479ec93462323ff", + "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", "type": "github" }, "original": { From 443b76f23537be73231ab898a76cd0492be6a310 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 21:38:21 +0200 Subject: [PATCH 657/904] services: forgejo: init --- services/default.nix | 1 + services/forgejo/default.nix | 126 +++++++++++++++++++++++++++ services/forgejo/templates/home.tmpl | 17 ++++ 3 files changed, 144 insertions(+) create mode 100644 services/forgejo/default.nix create mode 100644 services/forgejo/templates/home.tmpl diff --git a/services/default.nix b/services/default.nix index 86d2fe6..1498830 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,6 +3,7 @@ ./vaultwarden.nix ./fail2ban.nix ./fava.nix + ./forgejo ./gitea ./immich.nix ./jellyfin.nix diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix new file mode 100644 index 0000000..a6aa174 --- /dev/null +++ b/services/forgejo/default.nix @@ -0,0 +1,126 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.forgejo; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; + + forgejoUser = "git"; +in { + options.my.services.forgejo = let + inherit (lib) types; + in { + enable = mkEnableOption "Personal Git hosting with Forgejo"; + + privatePort = mkOption { + type = types.port; + default = 8082; + example = 8082; + description = "Port to serve the app"; + }; + }; + + config = mkIf cfg.enable { + # use git as user to have `git clone git@git.domain` + users.users.${forgejoUser} = { + description = "Forgejo Service"; + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = forgejoUser; + + # the systemd service for the forgejo module seems to hardcode the group as + # forgejo, so, uh, just in case? + extraGroups = ["forgejo"]; + + isSystemUser = true; + }; + users.groups.${forgejoUser} = {}; + + services.forgejo = { + enable = true; + user = forgejoUser; + appName = "Personal Forge"; + lfs.enable = true; + + settings = { + server = { + ROOT_URL = "https://git.${domain}/"; + DOMAIN = "git.${domain}"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = cfg.privatePort; + }; + log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ] + other.SHOW_FOOTER_VERSION = false; + repository = { + ENABLE_PUSH_CREATE_USER = true; + DEFAULT_BRANCH = "main"; + }; + + # NOTE: temporarily remove this for initial setup + service.DISABLE_REGISTRATION = true; + + # only send cookies via HTTPS + session.COOKIE_SECURE = true; + }; + + # NixOS module uses `forgejo dump` to backup repositories and the database, + # but it produces a single .zip file that's not very restic friendly. + # I configure my backup system manually below. + dump.enable = false; + + database = { + type = "postgres"; + # user needs to be the same as forgejo user + user = forgejoUser; + name = forgejoUser; + }; + }; + + # FIXME: Borg *could* be backing up files while they're being edited by + # forgejo, so it may produce corrupt files in the snapshot if I push stuff + # around midnight. I'm not sure how `forgejo dump` handles this either, + # though. + my.services.restic-backup = { + paths = [ + config.services.forgejo.lfs.contentDir + config.services.forgejo.repositoryRoot + ]; + }; + + # NOTE: no need to use postgresql.ensureDatabases because the forgejo module + # takes care of this automatically + services.postgresqlBackup = { + databases = [config.services.forgejo.database.name]; + }; + + services.nginx = { + virtualHosts = { + "git.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; + }; + }; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["git.${domain}"]; + + systemd.services.forgejo.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.forgejo.stateDir}/custom/templates"; + }; +} diff --git a/services/forgejo/templates/home.tmpl b/services/forgejo/templates/home.tmpl new file mode 100644 index 0000000..c2d3ee2 --- /dev/null +++ b/services/forgejo/templates/home.tmpl @@ -0,0 +1,17 @@ +{{template "base/head" .}} +
+
+
+
+ +
+
+

+ {{AppName}} +

+

alarsyo's personal projects are hosted here

+
+
+
+
+{{template "base/footer" .}} From a4a025b9396bec789e44a0e9bd0f295e984911f2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 22:19:06 +0200 Subject: [PATCH 658/904] forgejo: use user name for stateDir --- services/forgejo/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix index a6aa174..13c2bfb 100644 --- a/services/forgejo/default.nix +++ b/services/forgejo/default.nix @@ -53,6 +53,9 @@ in { enable = true; user = forgejoUser; appName = "Personal Forge"; + group = config.users.users.${forgejoUser}.group; + stateDir = "/var/lib/${forgejoUser}"; + lfs.enable = true; settings = { From 1059d52334a5eaa0a66263f3b4efc0247cf5c93a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 22:47:55 +0200 Subject: [PATCH 659/904] services: forgejo: use new appName setting --- services/forgejo/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix index 13c2bfb..516dfbe 100644 --- a/services/forgejo/default.nix +++ b/services/forgejo/default.nix @@ -52,7 +52,6 @@ in { services.forgejo = { enable = true; user = forgejoUser; - appName = "Personal Forge"; group = config.users.users.${forgejoUser}.group; stateDir = "/var/lib/${forgejoUser}"; @@ -77,6 +76,8 @@ in { # only send cookies via HTTPS session.COOKIE_SECURE = true; + + DEFAULT.APP_NAME = "Personal Forge"; }; # NixOS module uses `forgejo dump` to backup repositories and the database, From d75eb9d028b67520f2bf8898268c1c5b5d2fcaf5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 22:48:08 +0200 Subject: [PATCH 660/904] services: forgejo: show version in footer --- services/forgejo/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix index 516dfbe..9d40402 100644 --- a/services/forgejo/default.nix +++ b/services/forgejo/default.nix @@ -65,7 +65,6 @@ in { HTTP_PORT = cfg.privatePort; }; log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ] - other.SHOW_FOOTER_VERSION = false; repository = { ENABLE_PUSH_CREATE_USER = true; DEFAULT_BRANCH = "main"; From d98e2611c5e2c5c0b77a5f38426d273a403f3f89 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 22:51:48 +0200 Subject: [PATCH 661/904] hades: switch from gitea to forgejo --- hosts/hades/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index a7b6544..2729712 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -57,7 +57,7 @@ in { my.services = { fail2ban.enable = true; - gitea = { + forgejo = { enable = true; privatePort = 8082; }; From 4bc82f655d4e38d0bca7ea7e9c607b5ec4807f4f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 23:44:27 +0200 Subject: [PATCH 662/904] services: nextcloud: bump to 28 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 39e39c7..a0a05bb 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,7 +62,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud27; + package = pkgs.nextcloud28; maxUploadSize = "1G"; From b89709199e0340a945a7f697b20b195cfd16a334 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 23:56:00 +0200 Subject: [PATCH 663/904] services: nextcloud: bump to 29 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index a0a05bb..8c9ee12 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,7 +62,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; maxUploadSize = "1G"; From da83517ab0bf8bb919e355133bfe335cab2f3c15 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 May 2024 01:32:49 +0200 Subject: [PATCH 664/904] home: hide ignore mode in tridactyl --- home/tridactylrc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/tridactylrc b/home/tridactylrc index 7601c0e..9b74c6c 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -18,6 +18,8 @@ bind , nohlsearch " case insensitive if lowercase, case sensitive if using some uppercase letters set findcase smart +set modeindicatormodes {"ignore": "false"} + " New reddit is bad " autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") From db03c81eeb76cd58168cfa2ff26628deaa66a0cd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 May 2024 01:54:19 +0200 Subject: [PATCH 665/904] flake: bump NixOS to 24.05 --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index b8ea09f..ed2a454 100644 --- a/flake.lock +++ b/flake.lock @@ -109,16 +109,16 @@ ] }, "locked": { - "lastModified": 1715381426, - "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -189,16 +189,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1716966868, + "narHash": "sha256-I5dlFm936SkuUu9haYabEBCUPeX6EuXLT1uFkEM/lbY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "rev": "fafeae3d248c41c6c8a2ab5e09f9e2d3de706ef8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 4f3c492..34faf67 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-23.11"; + ref = "nixos-24.05"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-23.11"; + ref = "release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From 8bfdb62a528edec8ac9c34434edf62f189375925 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 26 May 2024 23:40:55 +0200 Subject: [PATCH 666/904] base: update pinentry option --- base/gui-programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index b141890..e592fbf 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -23,7 +23,7 @@ in { programs.gnupg.agent = { enable = true; enableSSHSupport = true; - pinentryFlavor = "qt"; + pinentryPackage = pkgs.pinentry-qt; }; services = { From 0438a91039f6ae6218a2719a24273c0f1b1b2a06 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 May 2024 01:45:26 +0200 Subject: [PATCH 667/904] adapt displayManager options --- hosts/talos/default.nix | 4 ++-- modules/sddm.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 9da872c..16d0d00 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -148,11 +148,11 @@ services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm = { + services.displayManager.sddm = { enable = true; wayland.enable = true; }; - services.xserver.displayManager.defaultSession = "plasmawayland"; + services.displayManager.defaultSession = "plasmawayland"; services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = true; diff --git a/modules/sddm.nix b/modules/sddm.nix index ee50f5e..41941ba 100644 --- a/modules/sddm.nix +++ b/modules/sddm.nix @@ -15,7 +15,7 @@ in { options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; config = mkIf cfg.enable { - services.xserver.displayManager.sddm = { + services.displayManager.sddm = { enable = true; theme = "sugar-candy"; }; From 3225652d575492a2019aeac7e36e49bfef3a8dc1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 May 2024 01:45:57 +0200 Subject: [PATCH 668/904] adapt xserver options --- base/gui-programs.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index e592fbf..7431a12 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -34,13 +34,16 @@ in { if config.my.gui.isNvidia then ["nvidia"] else options.services.xserver.videoDrivers.default; - layout = "fr"; - xkbVariant = "us"; - libinput = { - enable = true; - touchpad = { - naturalScrolling = true; - }; + xkb = { + layout = "fr"; + variant = "us"; + }; + }; + + libinput = { + enable = true; + touchpad = { + naturalScrolling = true; }; }; From b7dc2ce532b6cfb5638a32fcfcafa29bd272b656 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 30 May 2024 13:08:30 +0200 Subject: [PATCH 669/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/8cb01a0e717311680e0cbca06a76cbceba6f3ed6' (2024-02-13) → 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24) • Updated input 'disko': 'github:nix-community/disko/611c9ea53250f7bb22286b3d26872280a0e608f9' (2024-04-01) → 'github:nix-community/disko/8ea5bcccc03111bdedaeaae9380dfab61e9deb33' (2024-05-30) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29) → 'github:NixOS/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4' (2024-05-28) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/9a763a7acc4cfbb8603bb0231fec3eda864f81c0' (2024-03-25) → 'github:NixOS/nixos-hardware/8251761f93d6f5b91cee45ac09edb6e382641009' (2024-05-29) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/8bea75f6bdceecb9a349e7425ae2ca5c91c01b9c' (2024-04-01) → 'github:NixOS/nixpkgs/1f1bda965c8e6e19d7656caf4821632b7e77d317' (2024-05-29) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ed2a454..edb0d7a 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -48,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1711934712, - "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=", + "lastModified": 1717032306, + "narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=", "owner": "nix-community", "repo": "disko", - "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9", + "rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1711352745, - "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=", + "lastModified": 1716987116, + "narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0", + "rev": "8251761f93d6f5b91cee45ac09edb6e382641009", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1711983799, - "narHash": "sha256-Wo9rOsVxGIMcLmFilSai2Fi7kN50doxsuksoTIXPytI=", + "lastModified": 1717011309, + "narHash": "sha256-VKnhQoXMNqX6uOUSKTsmRVBWz+TbTaz1nejq4oTN0z4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bea75f6bdceecb9a349e7425ae2ca5c91c01b9c", + "rev": "1f1bda965c8e6e19d7656caf4821632b7e77d317", "type": "github" }, "original": { @@ -173,11 +173,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1711715736, - "narHash": "sha256-9slQ609YqT9bT/MNX9+5k5jltL9zgpn36DpFB7TkttM=", + "lastModified": 1716914467, + "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807c549feabce7eddbf259dbdcec9e0600a0660d", + "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", "type": "github" }, "original": { From 29a0fa6a253e38c6c1458ae69ab4a8ceee9c645e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 31 May 2024 16:16:21 +0200 Subject: [PATCH 670/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fafeae3d248c41c6c8a2ab5e09f9e2d3de706ef8' (2024-05-29) → 'github:NixOS/nixpkgs/d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8' (2024-05-30) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index edb0d7a..0497e98 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716966868, - "narHash": "sha256-I5dlFm936SkuUu9haYabEBCUPeX6EuXLT1uFkEM/lbY=", + "lastModified": 1717090882, + "narHash": "sha256-Up5tvtY9YlVEyVn9hfZcxFQi5qVhQ5hdVNGPQOUchNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fafeae3d248c41c6c8a2ab5e09f9e2d3de706ef8", + "rev": "d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8", "type": "github" }, "original": { From 19dcc7ea01e037530b42cbdbe32b21fb760b3429 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Jun 2024 15:00:28 +0200 Subject: [PATCH 671/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8' (2024-05-30) → 'github:NixOS/nixpkgs/b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1' (2024-06-01) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 0497e98..e0f24e3 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717090882, - "narHash": "sha256-Up5tvtY9YlVEyVn9hfZcxFQi5qVhQ5hdVNGPQOUchNw=", + "lastModified": 1717281328, + "narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8", + "rev": "b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1", "type": "github" }, "original": { From 6b7f821e7db7836972d12ae461bd78a7b7f57268 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Jun 2024 16:53:37 +0200 Subject: [PATCH 672/904] talos: switch to Plasma 6 --- hosts/talos/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 16d0d00..f2def3e 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -152,8 +152,7 @@ enable = true; wayland.enable = true; }; - services.displayManager.defaultSession = "plasmawayland"; - services.xserver.desktopManager.plasma5.enable = true; + services.desktopManager.plasma6.enable = true; services.power-profiles-daemon.enable = true; environment.systemPackages = [ From f80fcd4a55ad59c31dc9a624b2caaf045fed08eb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 09:49:57 +0200 Subject: [PATCH 673/904] talos: try out zed --- hosts/talos/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index f2def3e..5c28e33 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -157,6 +157,8 @@ environment.systemPackages = [ pkgs.framework-tool + + pkgs.zed-editor ]; #programs.hyprland.enable = true; From 6a4b7790fd7a8318c4d0bdd9833f4c86ce2101c6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:32:24 +0200 Subject: [PATCH 674/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/1f1bda965c8e6e19d7656caf4821632b7e77d317' (2024-05-29) → 'github:NixOS/nixpkgs/bf3faad723ca984fc4ea95c1cee1d975a8ca2a28' (2024-06-07) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e0f24e3..4420824 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1717011309, - "narHash": "sha256-VKnhQoXMNqX6uOUSKTsmRVBWz+TbTaz1nejq4oTN0z4=", + "lastModified": 1717737457, + "narHash": "sha256-hqHp0W7ibfdu5DFc6EG3S3c+GSAbti7VUldFXSf/WiI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f1bda965c8e6e19d7656caf4821632b7e77d317", + "rev": "bf3faad723ca984fc4ea95c1cee1d975a8ca2a28", "type": "github" }, "original": { From b8bb582c148e63b132b037421f9b14ce58a55cdb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:34:58 +0200 Subject: [PATCH 675/904] talos: use unstable for zed --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 5c28e33..4b4e7e9 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -158,7 +158,7 @@ environment.systemPackages = [ pkgs.framework-tool - pkgs.zed-editor + pkgs.unstable.zed-editor ]; #programs.hyprland.enable = true; From a3926692d44986a8665f9691a636bd11be632031 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:35:17 +0200 Subject: [PATCH 676/904] talos: framework-tool is added by nixos-hardware --- hosts/talos/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 4b4e7e9..ede0970 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -156,8 +156,6 @@ services.power-profiles-daemon.enable = true; environment.systemPackages = [ - pkgs.framework-tool - pkgs.unstable.zed-editor ]; From 87435ca138b31b8a12920e87f7fa5134d4cbd8d5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:45:48 +0200 Subject: [PATCH 677/904] flake: remove nix-path module, obsolete in 24.05 --- flake.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/flake.nix b/flake.nix index 34faf67..c14627c 100644 --- a/flake.nix +++ b/flake.nix @@ -67,17 +67,6 @@ home-manager.users.alarsyo = import ./home; home-manager.verbose = true; }; - nix-path = { - nix = { - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - ]; - registry = { - nixpkgs.flake = inputs.nixpkgs; - unstable.flake = inputs.nixpkgs-unstable-small; - }; - }; - }; }; overlays = import ./overlays; From 36ff0da78910700abfe41dfb0ea32143d667877d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:51:01 +0200 Subject: [PATCH 678/904] hephaestus: phase out host --- .github/workflows/cachix.yaml | 1 - flake.nix | 14 - hephaestus.nix | 23 -- hosts/hephaestus/default.nix | 246 ------------------ hosts/hephaestus/hardware-configuration.nix | 45 ---- hosts/hephaestus/home.nix | 47 ---- hosts/hephaestus/secrets.nix | 23 -- .../restic-backup/hephaestus-credentials.age | 9 - .../restic-backup/hephaestus-password.age | 9 - modules/secrets/secrets.nix | 5 +- 10 files changed, 1 insertion(+), 421 deletions(-) delete mode 100644 hephaestus.nix delete mode 100644 hosts/hephaestus/default.nix delete mode 100644 hosts/hephaestus/hardware-configuration.nix delete mode 100644 hosts/hephaestus/home.nix delete mode 100644 hosts/hephaestus/secrets.nix delete mode 100644 modules/secrets/restic-backup/hephaestus-credentials.age delete mode 100644 modules/secrets/restic-backup/hephaestus-password.age diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index c3ebe42..ee0f60a 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -78,7 +78,6 @@ jobs: name: - boreal - hades - - hephaestus - talos - thanatos diff --git a/flake.nix b/flake.nix index c14627c..4493122 100644 --- a/flake.nix +++ b/flake.nix @@ -133,20 +133,6 @@ ++ sharedModules; }; - hephaestus = nixpkgs.lib.nixosSystem rec { - inherit system; - modules = - [ - ./hephaestus.nix - - inputs.nixos-hardware.nixosModules.common-cpu-amd - inputs.nixos-hardware.nixosModules.common-gpu-amd - inputs.nixos-hardware.nixosModules.common-pc-laptop - inputs.nixos-hardware.nixosModules.common-pc-ssd - ] - ++ sharedModules; - }; - talos = nixpkgs.lib.nixosSystem { inherit system; modules = diff --git a/hephaestus.nix b/hephaestus.nix deleted file mode 100644 index 1bb452a..0000000 --- a/hephaestus.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - imports = [ - # Default configuration - ./base - - # Module definitions - ./modules - - # Service definitions - ./services - - # Host-specific config - ./hosts/hephaestus - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix deleted file mode 100644 index 4efc538..0000000 --- a/hosts/hephaestus/default.nix +++ /dev/null @@ -1,246 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - lib, - pkgs, - ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./home.nix - ./secrets.nix - ]; - - hardware.amdgpu.opencl = false; - - boot.kernelPackages = pkgs.linuxPackages_6_6; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # boot.initrd.systemd.enable = true; - # boot.plymouth.enable = true; - # boot.kernelParams = ["quiet"]; - - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - - boot.tmp.useTmpfs = true; - - services.btrfs = { - autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - }; - - networking.hostName = "hephaestus"; # Define your hostname. - networking.domain = "alarsyo.net"; - - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # List services that you want to enable: - my.services = { - tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - pipewire.enable = true; - - restic-backup = { - enable = true; - repo = "b2:hephaestus-backup"; - passwordFile = config.age.secrets."restic-backup/hephaestus-password".path; - environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path; - - timerConfig = { - OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day - }; - - paths = [ - "/home/alarsyo" - ]; - exclude = [ - "/home/alarsyo/Downloads" - - # Rust builds using half my storage capacity - "/home/alarsyo/**/target" - "/home/alarsyo/work/rust/build" - - # don't backup nixpkgs - "/home/alarsyo/work/nixpkgs" - - "/home/alarsyo/go" - - # C build crap - "*.a" - "*.o" - "*.so" - - ".direnv" - - # test vms - "*.qcow2" - - # secrets stay offline - "/home/alarsyo/**/secrets" - - # ignore all dotfiles as .config and .cache can become quite big - "/home/alarsyo/.*" - ]; - }; - }; - - virtualisation.docker.enable = true; - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - - services = { - tlp = { - enable = true; - settings = { - START_CHARGE_THRESH_BAT0 = 70; - STOP_CHARGE_THRESH_BAT0 = 80; - }; - }; - fwupd.enable = true; - openssh.enable = true; - }; - - my.gui.enable = true; - my.displayManager.sddm.enable = lib.mkForce false; - - hardware.bluetooth = { - enable = true; - powerOnBoot = false; - settings.General.Experimental = true; - }; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "fr_FR.UTF-8"; - LC_IDENTIFICATION = "fr_FR.UTF-8"; - LC_MEASUREMENT = "fr_FR.UTF-8"; - LC_MONETARY = "fr_FR.UTF-8"; - LC_NAME = "fr_FR.UTF-8"; - LC_PAPER = "fr_FR.UTF-8"; - LC_TELEPHONE = "fr_FR.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.power-profiles-daemon.enable = false; - - services.autorandr = { - enable = true; - profiles = { - default = { - fingerprint = { - "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; - }; - config = { - "eDP-1" = { - enable = true; - crtc = 0; - primary = true; - position = "0x0"; - mode = "1920x1080"; - }; - }; - }; - dock = { - fingerprint = { - "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; - "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; - "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; - }; - config = { - "eDP-1" = { - enable = true; - primary = false; - position = "3000x840"; - mode = "1920x1080"; - }; - "DP-4" = { - enable = true; - primary = true; - position = "0x420"; - mode = "1920x1080"; - }; - "DP-5" = { - enable = true; - primary = false; - position = "1920x0"; - mode = "1920x1080"; - rotate = "left"; - }; - }; - }; - dock-lid-closed = { - fingerprint = { - "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; - "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; - }; - config = { - "DP-4" = { - enable = true; - primary = true; - position = "0x420"; - mode = "1920x1080"; - }; - "DP-5" = { - enable = true; - primary = false; - position = "1920x0"; - mode = "1920x1080"; - rotate = "left"; - }; - }; - }; - }; - }; - - systemd.services.autorandr-lid-listener = { - wantedBy = ["multi-user.target"]; - description = "Listening for lid events to invoke autorandr"; - - serviceConfig = { - Type = "simple"; - ExecStart = let - stdbufExe = lib.getExe' pkgs.coreutils "stdbuf"; - libinputExe = lib.getExe' pkgs.libinput "libinput"; - grepExe = lib.getExe pkgs.gnugrep; - autorandrExe = lib.getExe pkgs.autorandr; - in - pkgs.writeShellScript "lid-listener.sh" '' - ${stdbufExe} -oL ${libinputExe} debug-events | - ${grepExe} -E --line-buffered '^[[:space:]-]+event[0-9]+[[:space:]]+SWITCH_TOGGLE[[:space:]]' | - while read line; do - ${pkgs.systemd}/bin/systemctl start --no-block autorandr.service - done - ''; - Restart = "always"; - RestartSec = "30"; - }; - }; - - # Configure console keymap - console.keyMap = "us"; - - programs.light.enable = true; -} diff --git a/hosts/hephaestus/hardware-configuration.nix b/hosts/hephaestus/hardware-configuration.nix deleted file mode 100644 index 7a033a7..0000000 --- a/hosts/hephaestus/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b"; - fsType = "btrfs"; - options = ["subvol=@"]; - }; - - boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/826A-23F7"; - fsType = "vfat"; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix deleted file mode 100644 index 2c9bd36..0000000 --- a/hosts/hephaestus/home.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - ... -}: { - home-manager.users.alarsyo = { - home.stateVersion = "23.05"; - my.home.laptop.enable = true; - - # Keyboard settings & i3 settings - my.home.x.enable = true; - my.home.x.i3.enable = true; - my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; - my.home.x.i3bar.temperature.inputs = ["Tctl"]; - my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"]; - my.home.emacs.enable = true; - - my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - - # TODO: place in global home conf - services.dunst.enable = true; - - home.packages = builtins.attrValues { - inherit - (pkgs) - # some websites only work there :( - - chromium - darktable - # dev - - rustup - gdb - valgrind - zotero - ; - - inherit - (pkgs.packages) - ansel - spot - ; - - inherit (pkgs.wineWowPackages) stable; - }; - }; -} diff --git a/hosts/hephaestus/secrets.nix b/hosts/hephaestus/secrets.nix deleted file mode 100644 index dc35e6d..0000000 --- a/hosts/hephaestus/secrets.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - options, - ... -}: { - config.age = { - secrets = let - toSecret = name: {...} @ attrs: - { - file = ./../../modules/secrets + "/${name}.age"; - } - // attrs; - in - lib.mapAttrs toSecret { - "restic-backup/hephaestus-credentials" = {}; - "restic-backup/hephaestus-password" = {}; - - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; - }; -} diff --git a/modules/secrets/restic-backup/hephaestus-credentials.age b/modules/secrets/restic-backup/hephaestus-credentials.age deleted file mode 100644 index 77a80ed..0000000 --- a/modules/secrets/restic-backup/hephaestus-credentials.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk -xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E --> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels -Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw --> j-c8-grease -WeQ ---- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs -85|Qx_5': A?ڡ ؊oAx)rd!(Ѩ5~\Ld"^ZZ^V/5˕ݦa诲ḷo]O/Eue \ No newline at end of file diff --git a/modules/secrets/restic-backup/hephaestus-password.age b/modules/secrets/restic-backup/hephaestus-password.age deleted file mode 100644 index 3ed4290..0000000 --- a/modules/secrets/restic-backup/hephaestus-password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c -Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro --> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M -SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs --> !!6BS-grease GsH7hĩے2cH^X_zv'!Zkš_0}Yoje<.^[q4pP \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index f9c389c..34dc294 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -4,11 +4,10 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; - hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades hephaestus talos thanatos]; + machines = [boreal hades talos thanatos]; all = users ++ machines; in { @@ -33,8 +32,6 @@ in { "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; - "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; - "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "restic-backup/talos-password.age".publicKeys = [alarsyo talos]; "restic-backup/talos-credentials.age".publicKeys = [alarsyo talos]; From b6b246f6f484b15a69038878dcd9cfa72618bae6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:54:35 +0200 Subject: [PATCH 679/904] boreal: use new option syntax for supported FS --- hosts/boreal/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index f820f69..ed2cbd8 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -24,10 +24,10 @@ boot.tmp.useTmpfs = true; - boot.supportedFilesystems = [ - "btrfs" - "ntfs" - ]; + boot.supportedFilesystems = { + btrfs = true; + ntfs = true; + }; services.btrfs = { autoScrub = { From 6a0f69e5c16bfe4d6af0e0b302e14b65f9af8006 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 16:18:42 +0200 Subject: [PATCH 680/904] services: nextcloud: switch to new settings --- services/nextcloud.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 8c9ee12..55c4e33 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -67,10 +67,6 @@ in { maxUploadSize = "1G"; config = { - overwriteProtocol = "https"; - - defaultPhoneRegion = "FR"; - dbtype = "pgsql"; dbuser = "nextcloud"; dbname = dbName; @@ -79,6 +75,11 @@ in { adminuser = "admin"; adminpassFile = cfg.adminpassFile; }; + + settings = { + default_phone_region = "FR"; + overwriteprotocol = "https"; + }; }; users.groups.media.members = ["nextcloud"]; From 6c2c9f186997a9de0a28f767b441e99428134162 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 16:19:20 +0200 Subject: [PATCH 681/904] services: paperless: switch to new settings --- services/paperless.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless.nix b/services/paperless.nix index 92bd8e4..20180d2 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -50,7 +50,7 @@ in { enable = true; port = cfg.port; passwordFile = cfg.passwordFile; - extraConfig = { + settings = { # Postgres settings PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBUSER = "paperless"; From 9dedcc4ced98ea443aecb1e6c0f71661ec51d30f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 16:34:29 +0200 Subject: [PATCH 682/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/a631666f5ec18271e86a5cde998cba68c33d9ac6' (2024-05-26) → 'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1' (2024-06-01) → 'github:NixOS/nixpkgs/0b8e7a1ae5a94da2e1ee3f3030a32020f6254105' (2024-06-05) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 4420824..7081278 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "845a5c4c073f74105022533907703441e0464bc3", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717281328, - "narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=", + "lastModified": 1717555607, + "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1", + "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", "type": "github" }, "original": { From f278b7a5c56b00d5ed3c2d479165bb31a37cd4db Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 16:37:32 +0200 Subject: [PATCH 683/904] talos: bump linux kernel --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index ede0970..f1b662b 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -18,7 +18,7 @@ hardware.amdgpu.opencl = false; - boot.kernelPackages = pkgs.linuxPackages_6_8; + boot.kernelPackages = pkgs.linuxPackages_6_9; # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; From acad12b95a7044c719f554bffc319f813a157bd5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 16:40:37 +0200 Subject: [PATCH 684/904] flake: add backup extension to home-manager --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 4493122..95a9c9b 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ { nixosModules = { home = { + home-manager.backupFileExtension = "hm-backup"; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.alarsyo = import ./home; From ffb3f7c1282876f399c9b5a911764444a9d69863 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 14 Jun 2024 12:12:29 +0200 Subject: [PATCH 685/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0b8e7a1ae5a94da2e1ee3f3030a32020f6254105' (2024-06-05) → 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7081278..bb59af1 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717555607, - "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", + "lastModified": 1718208800, + "narHash": "sha256-US1tAChvPxT52RV8GksWZS415tTS7PV42KTc2PNDBmc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", + "rev": "cc54fb41d13736e92229c21627ea4f22199fee6b", "type": "github" }, "original": { From 77e3d8a0f8f3a7c4c645db9200eab29df8a3f233 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 20 Jun 2024 18:39:23 +0200 Subject: [PATCH 686/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04) → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12) → 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index bb59af1..78a9fa2 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1718530513, + "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "owner": "nix-community", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1718208800, - "narHash": "sha256-US1tAChvPxT52RV8GksWZS415tTS7PV42KTc2PNDBmc=", + "lastModified": 1718717462, + "narHash": "sha256-qddfQLMaWR2gxfEzUM/zFZVK6H1kTv9WBQSBQxbP3MU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cc54fb41d13736e92229c21627ea4f22199fee6b", + "rev": "938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631", "type": "github" }, "original": { From 505e16bc0c1591208ac1d3794503c2d933a4a815 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 20 Jun 2024 18:44:02 +0200 Subject: [PATCH 687/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/8251761f93d6f5b91cee45ac09edb6e382641009' (2024-05-29) → 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 78a9fa2..d6808aa 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716987116, - "narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", + "lastModified": 1718894893, + "narHash": "sha256-hxQBUtDbFOCCW1CsFZTS9Q5Ov1ZKdJgbBZHSez1M6iA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8251761f93d6f5b91cee45ac09edb6e382641009", + "rev": "083823b7904e43a4fc1c7229781417e875359a42", "type": "github" }, "original": { From 9941433a8dc1154cebf1c6399eec28eaccd11e53 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 20 Jun 2024 18:48:06 +0200 Subject: [PATCH 688/904] talos: disable amdgpu --- hosts/talos/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index f1b662b..5aa8e27 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -16,8 +16,6 @@ ./secrets.nix ]; - hardware.amdgpu.opencl = false; - boot.kernelPackages = pkgs.linuxPackages_6_9; # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance From f3356d17da585f282d366a9420ca96e146026ba9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Jun 2024 15:09:23 +0200 Subject: [PATCH 689/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20) → 'github:NixOS/nixos-hardware/c3e48cbd88414f583ff08804eb57b0da4c194f9e' (2024-06-23) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18) → 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d6808aa..f2184e8 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1718894893, - "narHash": "sha256-hxQBUtDbFOCCW1CsFZTS9Q5Ov1ZKdJgbBZHSez1M6iA=", + "lastModified": 1719145664, + "narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "083823b7904e43a4fc1c7229781417e875359a42", + "rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1718717462, - "narHash": "sha256-qddfQLMaWR2gxfEzUM/zFZVK6H1kTv9WBQSBQxbP3MU=", + "lastModified": 1719145550, + "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631", + "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", "type": "github" }, "original": { From b83f110fa75bae14ad5dd8761c45c9bdb261ba64 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 28 Jun 2024 22:26:34 +0200 Subject: [PATCH 690/904] talos: virtualbox things --- hosts/talos/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 5aa8e27..79f6635 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -64,6 +64,9 @@ virtualisation = { docker.enable = true; libvirtd.enable = false; + virtualbox.host = { + enable = false; + }; }; my.services = { @@ -108,6 +111,8 @@ # test vms "*.qcow2" + "*.vbox" + "*.vdi" # secrets stay offline "/home/alarsyo/**/secrets" From 59f24701a3c76208813e2e9faf572ab6276004f8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 1 Jul 2024 15:59:07 +0200 Subject: [PATCH 691/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16) → 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c3e48cbd88414f583ff08804eb57b0da4c194f9e' (2024-06-23) → 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23) → 'github:NixOS/nixpkgs/7dca15289a1c2990efbe4680f0923ce14139b042' (2024-06-30) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index f2184e8..b8eea6c 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1718530513, - "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1fddf0967c33754271761d91a3d921772b30d0e", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719145664, - "narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1719145550, - "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", + "lastModified": 1719707984, + "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", + "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "type": "github" }, "original": { From dedbbed14b2643facdd0ca9ed10475d8982c5d08 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Jul 2024 20:27:35 +0200 Subject: [PATCH 692/904] services: add mealie --- services/default.nix | 1 + services/mealie.nix | 55 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 services/mealie.nix diff --git a/services/default.nix b/services/default.nix index 1498830..51e37bf 100644 --- a/services/default.nix +++ b/services/default.nix @@ -9,6 +9,7 @@ ./jellyfin.nix ./lohr.nix ./matrix.nix + ./mealie.nix ./media.nix ./microbin.nix ./miniflux.nix diff --git a/services/mealie.nix b/services/mealie.nix new file mode 100644 index 0000000..26f3c6e --- /dev/null +++ b/services/mealie.nix @@ -0,0 +1,55 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.mealie; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.mealie = let + inherit (lib) types; + in { + enable = mkEnableOption "Mealie"; + port = mkOption { + type = types.port; + example = 8080; + description = "Internal port for Mealie webapp"; + }; + }; + + config = mkIf cfg.enable { + services.mealie = { + enable = true; + listenAddress = "127.0.0.1"; + port = cfg.port; + }; + + services.nginx.virtualHosts."mealie.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}/"; + proxyWebsockets = true; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["mealie.${domain}"]; + + my.services.restic-backup = { + paths = ["/var/lib/mealie"]; + }; + }; +} From 78907fe1309dcb26229026f38790a5f0112cf21f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Jul 2024 20:39:24 +0200 Subject: [PATCH 693/904] hades: enable mealie --- hosts/hades/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 2729712..e181392 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -81,6 +81,11 @@ in { secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; }; + mealie = { + enable = true; + port = 8090; + }; + microbin = { enable = true; privatePort = 8088; From 43570753948c192952cde112e110475851473ea2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Jul 2024 20:51:17 +0200 Subject: [PATCH 694/904] services: bump max body size for photo services --- services/immich.nix | 2 +- services/photoprism.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/immich.nix b/services/immich.nix index 89e4721..b1415df 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -74,7 +74,7 @@ in { proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; - client_max_body_size 100m; + client_max_body_size 500m; access_log syslog:server=unix:/dev/log,tag=immich; ''; }; diff --git a/services/photoprism.nix b/services/photoprism.nix index f7f6628..3c2d2df 100644 --- a/services/photoprism.nix +++ b/services/photoprism.nix @@ -61,7 +61,7 @@ in { proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; - client_max_body_size 100m; + client_max_body_size 500m; access_log syslog:server=unix:/dev/log,tag=photoprism; ''; }; From 4f3e6550727a555ee4d28bda46cdc89ce8386c27 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Jul 2024 21:08:56 +0200 Subject: [PATCH 695/904] acme: switch to OVH API --- hosts/hades/secrets.nix | 4 ++-- modules/secrets/ovh/credentials.age | 7 +++++++ modules/secrets/secrets.nix | 2 ++ services/nginx.nix | 4 ++-- 4 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 modules/secrets/ovh/credentials.age diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 23b2cdb..55ec422 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,8 +13,6 @@ // attrs; in lib.mapAttrs toSecret { - "gandi/api-key" = {}; - "lohr/shared-secret" = {}; "matrix-synapse/secret-config" = { @@ -29,6 +27,8 @@ owner = "nextcloud"; }; + "ovh/credentials" = {}; + "paperless/admin-password" = {}; "paperless/secret-key" = {}; diff --git a/modules/secrets/ovh/credentials.age b/modules/secrets/ovh/credentials.age new file mode 100644 index 0000000..ab487ae --- /dev/null +++ b/modules/secrets/ovh/credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8 +ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo +-> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM +SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8 +--- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M +XeaLQ H2*ZT P;(jC̀k viħk`]mB ,,?!{%e(Su-SD=H#q=U;=O G+_oP]RL$ֳ\0N!"&%N<,v1ʑj1 \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 34dc294..40ca77c 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -23,6 +23,8 @@ in { "nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; + "ovh/credentials.age".publicKeys = [alarsyo hades]; + "paperless/admin-password.age".publicKeys = [alarsyo hades]; "paperless/secret-key.age".publicKeys = [alarsyo hades]; diff --git a/services/nginx.nix b/services/nginx.nix index 6781549..e17c29b 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -66,8 +66,8 @@ in { gandiKey = config.my.secrets.gandiKey; in { "${fqdn}" = { - dnsProvider = "gandiv5"; - credentialsFile = config.age.secrets."gandi/api-key".path; + dnsProvider = "ovh"; + credentialsFile = config.age.secrets."ovh/credentials".path; group = "nginx"; }; }; From 93b6c20e41793abd73538805082d926a3b300456 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Jul 2024 21:16:59 +0200 Subject: [PATCH 696/904] services: mealie: don't allow signups --- services/mealie.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/mealie.nix b/services/mealie.nix index 26f3c6e..3f46e29 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -34,6 +34,10 @@ in { enable = true; listenAddress = "127.0.0.1"; port = cfg.port; + + settings = { + ALLOW_SIGNUP = "false"; + }; }; services.nginx.virtualHosts."mealie.${domain}" = { From 0ed148eb6629b0885ffc528629fa0c296c715974 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 3 Jul 2024 21:29:29 +0200 Subject: [PATCH 697/904] services: mealie: use postgres --- services/mealie.nix | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/services/mealie.nix b/services/mealie.nix index 3f46e29..7ceebe0 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -37,9 +37,48 @@ in { settings = { ALLOW_SIGNUP = "false"; + BASE_URL = "https://mealie.${domain}"; + TZ = config.time.timeZone; + + # Use PostgreSQL + DB_ENGINE = "postgres"; + + # Settings for Mealie 1.2 + POSTGRES_USER = "mealie"; + POSTGRES_PASSWORD = ""; + POSTGRES_SERVER = "/run/postgresql"; + # Pydantic and/or mealie doesn't handle the URI correctly, hijack it + # with query parameters... + POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; + + # Settings for Mealie 1.7+, when that gets into NixOS stable + # POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; }; + systemd.services = { + mealie = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + }; + }; + + # Set-up database + services.postgresql = { + enable = true; + ensureDatabases = [ "mealie" ]; + ensureUsers = [ + { + name = "mealie"; + ensureDBOwnership = true; + } + ]; + }; + + services.postgresqlBackup = { + databases = ["mealie"]; + }; + services.nginx.virtualHosts."mealie.${domain}" = { forceSSL = true; useACMEHost = fqdn; From 639303c2bfbad916108c2dce652e644d18868d05 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 5 Jul 2024 18:06:58 +0200 Subject: [PATCH 698/904] services: mealie: switch to unstable --- services/mealie.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/services/mealie.nix b/services/mealie.nix index 7ceebe0..c7ac736 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -32,6 +32,7 @@ in { config = mkIf cfg.enable { services.mealie = { enable = true; + package = pkgs.unstable.mealie; listenAddress = "127.0.0.1"; port = cfg.port; @@ -44,15 +45,15 @@ in { DB_ENGINE = "postgres"; # Settings for Mealie 1.2 - POSTGRES_USER = "mealie"; - POSTGRES_PASSWORD = ""; - POSTGRES_SERVER = "/run/postgresql"; - # Pydantic and/or mealie doesn't handle the URI correctly, hijack it - # with query parameters... - POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; + #POSTGRES_USER = "mealie"; + #POSTGRES_PASSWORD = ""; + #POSTGRES_SERVER = "/run/postgresql"; + ## Pydantic and/or mealie doesn't handle the URI correctly, hijack it + ## with query parameters... + #POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; # Settings for Mealie 1.7+, when that gets into NixOS stable - # POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; + POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; }; From 3d5ad2420c0979e6c346439fd8665f4c598082bc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 12 Jul 2024 13:24:19 +0200 Subject: [PATCH 699/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) → 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) → 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7dca15289a1c2990efbe4680f0923ce14139b042' (2024-06-30) → 'github:NixOS/nixpkgs/a046c1202e11b62cbede5385ba64908feb7bfac4' (2024-07-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b8eea6c..a0adce8 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1719827385, - "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "owner": "nix-community", "repo": "home-manager", - "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719681865, - "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", + "lastModified": 1720737798, + "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", + "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1719707984, - "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", + "lastModified": 1720691131, + "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", + "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", "type": "github" }, "original": { From d4c13347314354f5b993ea93e75a756eb445b065 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 22 Jul 2024 20:03:54 +0200 Subject: [PATCH 700/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11) → 'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a046c1202e11b62cbede5385ba64908feb7bfac4' (2024-07-11) → 'github:NixOS/nixpkgs/63d37ccd2d178d54e7fb691d7ec76000740ea24a' (2024-07-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index a0adce8..41262bf 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1720737798, - "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", + "lastModified": 1721413321, + "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", + "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1720691131, - "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", + "lastModified": 1721548954, + "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", + "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", "type": "github" }, "original": { From 2a26eb16e27a9d7490c463971722119631dd705c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 30 Jul 2024 15:53:47 +0200 Subject: [PATCH 701/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19) → 'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/63d37ccd2d178d54e7fb691d7ec76000740ea24a' (2024-07-21) → 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 41262bf..c58692b 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1721413321, - "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1721548954, - "narHash": "sha256-7cCC8+Tdq1+3OPyc3+gVo9dzUNkNIQfwSDJ2HSi2u3o=", + "lastModified": 1722087241, + "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63d37ccd2d178d54e7fb691d7ec76000740ea24a", + "rev": "8c50662509100d53229d4be607f1a3a31157fa12", "type": "github" }, "original": { From aba4f6a7f959c8fa062680327f1d921c179043e9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 30 Jul 2024 16:35:04 +0200 Subject: [PATCH 702/904] talos: switch to 6.10 kernel --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 79f6635..9ed3dd0 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -16,7 +16,7 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages_6_9; + boot.kernelPackages = pkgs.linuxPackages_6_10; # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; From 596b0220182f3da1b58aa1331d4111b8d7d9adac Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 Aug 2024 21:49:11 +0200 Subject: [PATCH 703/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) → 'github:NixOS/nixpkgs/8b5b6723aca5a51edf075936439d9cd3947b7b2c' (2024-08-04) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c58692b..fd14f39 100644 --- a/flake.lock +++ b/flake.lock @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1722791413, + "narHash": "sha256-rCTrlCWvHzMCNcKxPE3Z/mMK2gDZ+BvvpEVyRM4tKmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "8b5b6723aca5a51edf075936439d9cd3947b7b2c", "type": "github" }, "original": { From fbe837f1913be69c36dc2a080055c74c9f0a21d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 13 Aug 2024 16:14:17 +0200 Subject: [PATCH 704/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30) → 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8b5b6723aca5a51edf075936439d9cd3947b7b2c' (2024-08-04) → 'github:NixOS/nixpkgs/a731b45590a5169542990c36ffcde6cebd9a3356' (2024-08-11) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index fd14f39..6f16111 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1723310128, + "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1722791413, - "narHash": "sha256-rCTrlCWvHzMCNcKxPE3Z/mMK2gDZ+BvvpEVyRM4tKmU=", + "lastModified": 1723400035, + "narHash": "sha256-WoKZDlBEdMhP+hjquBAh0BhUJbcH2+U8g2mHOr1mv8I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8b5b6723aca5a51edf075936439d9cd3947b7b2c", + "rev": "a731b45590a5169542990c36ffcde6cebd9a3356", "type": "github" }, "original": { From 0b5f4c1dbe3e123ad8b94a51a37ec254bdb0d4dd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 Sep 2024 18:52:25 +0200 Subject: [PATCH 705/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10) → 'github:NixOS/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a731b45590a5169542990c36ffcde6cebd9a3356' (2024-08-11) → 'github:NixOS/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6f16111..6c45879 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1723310128, - "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1723400035, - "narHash": "sha256-WoKZDlBEdMhP+hjquBAh0BhUJbcH2+U8g2mHOr1mv8I=", + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a731b45590a5169542990c36ffcde6cebd9a3356", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "type": "github" }, "original": { From 6224155e9cc747974ac626e9ca95b6cff1a7bae6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 Sep 2024 19:04:59 +0200 Subject: [PATCH 706/904] pkgs: remove ansel It's in NixOS 24.05! --- .github/workflows/cachix.yaml | 1 - hosts/talos/home.nix | 2 +- pkgs/ansel/default.nix | 155 ---------------------------------- pkgs/default.nix | 1 - 4 files changed, 1 insertion(+), 158 deletions(-) delete mode 100644 pkgs/ansel/default.nix diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index ee0f60a..c14e1ea 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -46,7 +46,6 @@ jobs: fail-fast: false matrix: name: - - ansel - grafanaDashboards/nginx - grafanaDashboards/node-exporter - kaleidoscope-udev-rules diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 0f547f1..f445684 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -23,13 +23,13 @@ home.packages = builtins.attrValues { inherit (pkgs) + ansel chromium # some websites only work there :( zotero ; inherit (pkgs.packages) - ansel spot ; }; diff --git a/pkgs/ansel/default.nix b/pkgs/ansel/default.nix deleted file mode 100644 index 43f5998..0000000 --- a/pkgs/ansel/default.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - cmake, - colord, - colord-gtk, - curl, - dav1d, - desktop-file-utils, - exiftool, - exiv2, - fetchFromGitHub, - glib, - gmic, - graphicsmagick, - gtk3, - icu, - intltool, - isocodes, - jasper, - json-glib, - lcms, - lensfun, - lib, - libXdmcp, - libXtst, - libaom, - libavif, - libdatrie, - libde265, - libepoxy, - libffi, - libgcrypt, - libgpg-error, - libheif, - libjpeg, - libpsl, - librsvg, - libsecret, - libselinux, - libsepol, - libsoup, - libsysprof-capture, - libthai, - libwebp, - libxkbcommon, - libxml2, - libxslt, - llvmPackages, - openexr_3, - openjpeg, - osm-gps-map, - pcre, - pcre2, - perlPackages, - pkg-config, - pugixml, - python3Packages, - rav1e, - sqlite, - stdenv, - util-linux, - wrapGAppsHook, - x265, -}: -stdenv.mkDerivation { - pname = "ansel"; - version = "unstable-2024-01-05"; - - src = fetchFromGitHub { - owner = "aurelienpierreeng"; - repo = "ansel"; - rev = "e2c4a0a60cd80f741dd3d3c6ab72be9ac11234fb"; - hash = "sha256-Kg020MHy9fn1drCk+66f25twqczvD/5evutDODqOjYM="; - fetchSubmodules = true; - }; - - nativeBuildInputs = [ - cmake - desktop-file-utils - exiftool - intltool - libxml2 - llvmPackages.clang - llvmPackages.llvm - pkg-config - perlPackages.perl - python3Packages.jsonschema - wrapGAppsHook - ]; - - buildInputs = [ - colord - colord-gtk - curl - dav1d - exiv2 - json-glib - glib - gmic - graphicsmagick - gtk3 - icu - isocodes - jasper - lcms - lensfun - libaom - libavif - libdatrie - libde265 - libepoxy - libffi - libgcrypt - libgpg-error - libheif - libjpeg - libpsl - librsvg - libsecret - libselinux - libsepol - libsoup - libsysprof-capture - libthai - libwebp - libXdmcp - libxkbcommon - libxslt - libXtst - openexr_3 - openjpeg - osm-gps-map - pcre - pcre2 - perlPackages.Po4a - pugixml - rav1e - sqlite - util-linux - x265 - ]; - - preFixup = '' - gappsWrapperArgs+=( - --prefix LD_LIBRARY_PATH ":" "$out/lib/ansel" - ) - ''; - - meta = { - description = "A darktable fork minus the bloat plus some design vision"; - homepage = "https://ansel.photos/"; - license = lib.licenses.gpl3Plus; - mainProgram = "ansel"; - platforms = lib.platforms.linux; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index fc7fdd0..19307a1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,4 @@ {pkgs}: { - ansel = pkgs.callPackage ./ansel {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); From 8f0fd2893471aaeb4ccd61f3917dd0768d75fcc8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 10 Sep 2024 14:21:02 +0200 Subject: [PATCH 707/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) → 'github:nix-community/home-manager/208df2e558b73b6a1f0faec98493cb59a25f62ba' (2024-09-07) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28) → 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) → 'github:NixOS/nixpkgs/f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9' (2024-09-08) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6c45879..85dc88a 100644 --- a/flake.lock +++ b/flake.lock @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1725703823, + "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725001927, - "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "lastModified": 1725826545, + "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", "type": "github" }, "original": { From 714938ef60716c36f60f79819554a8d08bd9df5f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 Sep 2024 11:45:49 +0200 Subject: [PATCH 708/904] flake: add lix to configuration --- flake.lock | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 7 +++++ 2 files changed, 91 insertions(+) diff --git a/flake.lock b/flake.lock index 85dc88a..3d32eae 100644 --- a/flake.lock +++ b/flake.lock @@ -81,6 +81,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -123,6 +156,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1723503926, + "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", + "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723510904, + "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", + "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -209,6 +277,7 @@ "disko": "disko", "flake-utils": "flake-utils", "home-manager": "home-manager_2", + "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" @@ -243,6 +312,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 95a9c9b..2689e2e 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,11 @@ repo = "disko"; ref = "master"; }; + + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -57,6 +62,7 @@ home-manager, agenix, disko, + lix-module, ... } @ inputs: { @@ -95,6 +101,7 @@ [ agenix.nixosModules.default home-manager.nixosModules.default + lix-module.nixosModules.default { nixpkgs = { overlays = shared_overlays; From d6b7ff54190a3b9747b8354d5bbafc14102b6da8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 Sep 2024 11:47:29 +0200 Subject: [PATCH 709/904] home: fish: update nfl alias --- home/fish/functions/nfl.fish | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/home/fish/functions/nfl.fish b/home/fish/functions/nfl.fish index bac1d05..48674c4 100644 --- a/home/fish/functions/nfl.fish +++ b/home/fish/functions/nfl.fish @@ -1,7 +1,4 @@ function nfl set -l flags "--commit-lock-file" - for flake in $argv - set -a flags "--update-input" "$flake" - end - nix flake lock $flags + nix flake update $flags $argv end From fdc9ea7c0333b82cbe4b364bbc10f5e6327fda24 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 Sep 2024 11:48:35 +0200 Subject: [PATCH 710/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09) → 'github:NixOS/nixos-hardware/b9ab7e57c5d1d456cdeef252d345f3bca9c55851' (2024-09-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9' (2024-09-08) → 'github:NixOS/nixpkgs/8f7492cce28977fbf8bd12c72af08b1f6c7c3e49' (2024-09-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 3d32eae..709c6fe 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1726454253, + "narHash": "sha256-ikQs0QZGmCfk5cJ2N5nTT6oULMvWgxN6ebk4WsOq9io=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "b9ab7e57c5d1d456cdeef252d345f3bca9c55851", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725826545, - "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", + "lastModified": 1726320982, + "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49", "type": "github" }, "original": { From c39768bfbc61425086fe086e5981f944f3c38e7c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 30 Sep 2024 14:26:10 +0200 Subject: [PATCH 711/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/208df2e558b73b6a1f0faec98493cb59a25f62ba' (2024-09-07) → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b9ab7e57c5d1d456cdeef252d345f3bca9c55851' (2024-09-16) → 'github:NixOS/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8f7492cce28977fbf8bd12c72af08b1f6c7c3e49' (2024-09-14) → 'github:NixOS/nixpkgs/fbca5e745367ae7632731639de5c21f29c8744ed' (2024-09-28) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 709c6fe..9eead5c 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1725703823, - "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726454253, - "narHash": "sha256-ikQs0QZGmCfk5cJ2N5nTT6oULMvWgxN6ebk4WsOq9io=", + "lastModified": 1727665282, + "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b9ab7e57c5d1d456cdeef252d345f3bca9c55851", + "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1726320982, - "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=", + "lastModified": 1727540905, + "narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49", + "rev": "fbca5e745367ae7632731639de5c21f29c8744ed", "type": "github" }, "original": { From 7ebd52c5787a52f7e94eaf0a216d1551b93c198c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 9 Oct 2024 14:48:37 +0200 Subject: [PATCH 712/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30) → 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fbca5e745367ae7632731639de5c21f29c8744ed' (2024-09-28) → 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9eead5c..736f7fd 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727665282, - "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1727540905, - "narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=", + "lastModified": 1728328465, + "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbca5e745367ae7632731639de5c21f29c8744ed", + "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", "type": "github" }, "original": { From 7dd83a25019b28e41f1e97918ab2f4fd072b17d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Oct 2024 13:38:02 +0200 Subject: [PATCH 713/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07) → 'github:NixOS/nixos-hardware/cc2d3c0e060f981905d52337340ee6ec8b8eb037' (2024-10-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07) → 'github:NixOS/nixpkgs/a9b86fc2290b69375c5542b622088eb6eca2a7c3' (2024-10-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 736f7fd..4059625 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1729509737, + "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1728328465, - "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", + "lastModified": 1729307008, + "narHash": "sha256-QUvb6epgKi9pCu9CttRQW4y5NqJ+snKr1FZpG/x3Wtc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", + "rev": "a9b86fc2290b69375c5542b622088eb6eca2a7c3", "type": "github" }, "original": { From eef9ae1ba5935b3723f4a89839cabb8ec2aed479 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Oct 2024 14:07:40 +0200 Subject: [PATCH 714/904] services: mealie: format --- services/mealie.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/services/mealie.nix b/services/mealie.nix index c7ac736..b16694a 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -59,15 +59,15 @@ in { systemd.services = { mealie = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = ["postgresql.service"]; + requires = ["postgresql.service"]; }; }; # Set-up database services.postgresql = { enable = true; - ensureDatabases = [ "mealie" ]; + ensureDatabases = ["mealie"]; ensureUsers = [ { name = "mealie"; From 5835387f06bf6f36dacfecde7cd536d1d31810ca Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Oct 2024 14:12:45 +0200 Subject: [PATCH 715/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/bf3faad723ca984fc4ea95c1cee1d975a8ca2a28' (2024-06-07) → 'github:NixOS/nixpkgs/a5e6a9e979367ee14f65d9c38119c30272f8455f' (2024-10-21) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4059625..ab9fa7a 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1717737457, - "narHash": "sha256-hqHp0W7ibfdu5DFc6EG3S3c+GSAbti7VUldFXSf/WiI=", + "lastModified": 1729493358, + "narHash": "sha256-Ti+Y9nWt5Fcs3JlarxLPgIOVlbqQo7jobz/qOwOaziM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bf3faad723ca984fc4ea95c1cee1d975a8ca2a28", + "rev": "a5e6a9e979367ee14f65d9c38119c30272f8455f", "type": "github" }, "original": { From 6fa6efc8bb0729ab7ab762f772b7dd784b558bdf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 21 Oct 2024 16:56:09 +0200 Subject: [PATCH 716/904] services: mealie: use unstable module --- services/mealie.nix | 79 +++++++++++++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 28 deletions(-) diff --git a/services/mealie.nix b/services/mealie.nix index b16694a..8333c4c 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -17,6 +17,8 @@ domain = config.networking.domain; hostname = config.networking.hostName; fqdn = "${hostname}.${domain}"; + pkg = pkgs.unstable.mealie; + listenAddress = "127.0.0.1"; in { options.my.services.mealie = let inherit (lib) types; @@ -27,40 +29,61 @@ in { example = 8080; description = "Internal port for Mealie webapp"; }; + credentialsFile = lib.mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/secrets/mealie-credentials.env"; + description = '' + File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD` + or sensitive LDAP options. + + Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`. + ''; + }; }; - config = mkIf cfg.enable { - services.mealie = { - enable = true; - package = pkgs.unstable.mealie; - listenAddress = "127.0.0.1"; - port = cfg.port; + # FIXME(NixOS 24.11) Copy pasted from nixpkgs master module, because some needed changes weren't in stable yet. + config = mkIf cfg.enable (let + settings = { + ALLOW_SIGNUP = "false"; + BASE_URL = "https://mealie.${domain}"; + TZ = config.time.timeZone; - settings = { - ALLOW_SIGNUP = "false"; - BASE_URL = "https://mealie.${domain}"; - TZ = config.time.timeZone; + # Use PostgreSQL + DB_ENGINE = "postgres"; - # Use PostgreSQL - DB_ENGINE = "postgres"; - - # Settings for Mealie 1.2 - #POSTGRES_USER = "mealie"; - #POSTGRES_PASSWORD = ""; - #POSTGRES_SERVER = "/run/postgresql"; - ## Pydantic and/or mealie doesn't handle the URI correctly, hijack it - ## with query parameters... - #POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; - - # Settings for Mealie 1.7+, when that gets into NixOS stable - POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; - }; + # Settings for Mealie 1.7+ + POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; - + in { systemd.services = { mealie = { - after = ["postgresql.service"]; + after = ["network-online.target" "postgresql.service"]; requires = ["postgresql.service"]; + wants = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + + description = "Mealie, a self hosted recipe manager and meal planner"; + + environment = + { + PRODUCTION = "true"; + API_PORT = toString cfg.port; + BASE_URL = "http://localhost:${toString cfg.port}"; + DATA_DIR = "/var/lib/mealie"; + CRF_MODEL_PATH = "/var/lib/mealie/model.crfmodel"; + } + // (builtins.mapAttrs (_: val: toString val) settings); + + serviceConfig = { + DynamicUser = true; + User = "mealie"; + ExecStartPre = "${pkg}/libexec/init_db"; + ExecStart = "${lib.getExe pkg} -b ${listenAddress}:${builtins.toString cfg.port}"; + EnvironmentFile = lib.mkIf (cfg.credentialsFile != null) cfg.credentialsFile; + StateDirectory = "mealie"; + StandardOutput = "journal"; + }; }; }; @@ -85,7 +108,7 @@ in { useACMEHost = fqdn; locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}/"; + proxyPass = "http://${listenAddress}:${toString cfg.port}/"; proxyWebsockets = true; }; }; @@ -95,5 +118,5 @@ in { my.services.restic-backup = { paths = ["/var/lib/mealie"]; }; - }; + }); } From 096dadc821e5a1404bb9cec9fb53c1db87a748f7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 25 Oct 2024 14:31:51 +0200 Subject: [PATCH 717/904] services: immich: increase upload max size --- services/immich.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/immich.nix b/services/immich.nix index b1415df..511e9e0 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -74,7 +74,7 @@ in { proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; - client_max_body_size 500m; + client_max_body_size 1000m; access_log syslog:server=unix:/dev/log,tag=immich; ''; }; From 5c72051f7106c48a92d5b0a589762f893dcbaf3e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 25 Oct 2024 14:39:37 +0200 Subject: [PATCH 718/904] flake: upgrade lix to 2.91.1 --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index ab9fa7a..450f929 100644 --- a/flake.lock +++ b/flake.lock @@ -159,15 +159,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1723503926, - "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", - "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" } }, "lix-module": { @@ -180,15 +180,15 @@ ] }, "locked": { - "lastModified": 1723510904, - "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", - "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 2689e2e..909e821 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From 2776dce09c314e9d7c61b8b43240004d0911f3a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Oct 2024 17:35:38 +0100 Subject: [PATCH 719/904] talos: bump kernel to 6.11 --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 9ed3dd0..5ee9cd2 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -16,7 +16,7 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages_6_10; + boot.kernelPackages = pkgs.linuxPackages_6_11; # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; From e12f7feefcedfb2775d0351e24a27085fd795ba6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Oct 2024 17:37:31 +0100 Subject: [PATCH 720/904] talos: enable v4l2 virtual camera module --- hosts/talos/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 5ee9cd2..02dff05 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -20,6 +20,12 @@ # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; + boot.extraModulePackages = with config.boot.kernelPackages; [ + v4l2loopback + ]; + boot.extraModprobeConfig = '' + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot = { From 8dae794e1198cab79bbdcce963fc7744d16907a5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Oct 2024 17:45:09 +0100 Subject: [PATCH 721/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/cc2d3c0e060f981905d52337340ee6ec8b8eb037' (2024-10-21) → 'github:NixOS/nixos-hardware/e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda' (2024-10-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a9b86fc2290b69375c5542b622088eb6eca2a7c3' (2024-10-19) → 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 450f929..8877e1c 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729509737, - "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", + "lastModified": 1729742320, + "narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", + "rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1729307008, - "narHash": "sha256-QUvb6epgKi9pCu9CttRQW4y5NqJ+snKr1FZpG/x3Wtc=", + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a9b86fc2290b69375c5542b622088eb6eca2a7c3", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "type": "github" }, "original": { From 0088a8f7e0149db57e91256c46961288c19b0b53 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Oct 2024 14:55:58 +0100 Subject: [PATCH 722/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda' (2024-10-24) → 'github:NixOS/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) → 'github:NixOS/nixpkgs/64b80bfb316b57cdb8919a9110ef63393d74382a' (2024-10-28) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8877e1c..a4c371e 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729742320, - "narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=", + "lastModified": 1730161780, + "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda", + "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", + "lastModified": 1730137625, + "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", "type": "github" }, "original": { From 632f7a19bb283dbd589612f6f62199ed21d8864b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 6 Nov 2024 12:57:29 +0100 Subject: [PATCH 723/904] boreal: fix i3 disappearing from login manager hadn't updated the desktop in a while --- hosts/boreal/default.nix | 2 ++ hosts/boreal/home.nix | 1 + 2 files changed, 3 insertions(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index ed2cbd8..ba197e9 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -29,6 +29,8 @@ ntfs = true; }; + services.xserver.windowManager.i3.enable = true; + services.btrfs = { autoScrub = { enable = true; diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 1f18d17..1ee6fbe 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -8,6 +8,7 @@ # Keyboard settings & i3 settings my.home.x.enable = true; + my.home.x.i3.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.inputs = ["Tccd1"]; my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"]; From 8e6ecd3b622c9a03e347e87f61186665c097943a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Nov 2024 15:19:13 +0100 Subject: [PATCH 724/904] boreal: disable unused wakeonlan it sometimes errors out if interface isn't up anyway --- hosts/boreal/default.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index ba197e9..a28b179 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -94,14 +94,6 @@ isNvidia = true; }; - my.wakeonwlan.interfaces.phy0.methods = [ - "magic-packet" - "disconnect" - "gtk-rekey-failure" - "eap-identity-request" - "rfkill-release" - ]; - services.udev.packages = [pkgs.chrysalis]; hardware.bluetooth = { From 4ebe512e2717f35d89879aca06453ed857e8a785 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Nov 2024 15:20:15 +0100 Subject: [PATCH 725/904] boreal: nvidia driver changes Use the open source driver, and enable modesetting (a requirement for wayland) --- hosts/boreal/default.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index a28b179..5c2e2e6 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -96,8 +96,14 @@ services.udev.packages = [pkgs.chrysalis]; - hardware.bluetooth = { - enable = true; - powerOnBoot = false; + hardware = { + bluetooth = { + enable = true; + powerOnBoot = false; + }; + nvidia = { + open = true; + modesetting.enable = true; + }; }; } From 954fd0f8dc19a91f87c40b0c8b37c49a44ba5276 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Nov 2024 17:01:34 +0100 Subject: [PATCH 726/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29) → 'github:NixOS/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/64b80bfb316b57cdb8919a9110ef63393d74382a' (2024-10-28) → 'github:NixOS/nixpkgs/dba414932936fde69f0606b4f1d87c5bc0003ede' (2024-11-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index a4c371e..1d51867 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730161780, - "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1730137625, - "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { From 1daa246ecd57b81b98b84df6b33f736c90464648 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Nov 2024 17:23:02 +0100 Subject: [PATCH 727/904] modules: sddm: enable wayland by default --- modules/sddm.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/sddm.nix b/modules/sddm.nix index 41941ba..d35ec12 100644 --- a/modules/sddm.nix +++ b/modules/sddm.nix @@ -18,6 +18,7 @@ in { services.displayManager.sddm = { enable = true; theme = "sugar-candy"; + wayland.enable = true; }; environment.systemPackages = builtins.attrValues { From 36f51a94c2005e85174d24f31edcb22ce5138ed0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Nov 2024 17:23:32 +0100 Subject: [PATCH 728/904] modules: sddm: switch to catppuccin theme --- modules/sddm.nix | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/modules/sddm.nix b/modules/sddm.nix index d35ec12..de57ae5 100644 --- a/modules/sddm.nix +++ b/modules/sddm.nix @@ -17,22 +17,15 @@ in { config = mkIf cfg.enable { services.displayManager.sddm = { enable = true; - theme = "sugar-candy"; + theme = "catppuccin-latte"; wayland.enable = true; }; - environment.systemPackages = builtins.attrValues { - inherit - (pkgs.packages) - sddm-sugar-candy - ; - - inherit - (pkgs.libsForQt5.qt5) - qtgraphicaleffects - qtquickcontrols2 - qtsvg - ; - }; + environment.systemPackages = [ + (pkgs.catppuccin-sddm.override + { + flavor = "latte"; + }) + ]; }; } From 4e91ecee7bbdc216416427784888f4e5663b6348 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 8 Nov 2024 17:48:30 +0100 Subject: [PATCH 729/904] talos: switch back to default sddm setup --- hosts/talos/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 02dff05..5264e2b 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -130,7 +130,6 @@ }; my.gui.enable = true; - my.displayManager.sddm.enable = lib.mkForce false; hardware.bluetooth = { enable = true; @@ -157,10 +156,6 @@ services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. - services.displayManager.sddm = { - enable = true; - wayland.enable = true; - }; services.desktopManager.plasma6.enable = true; services.power-profiles-daemon.enable = true; From 9d05ec3f405a8db2b70bbec58d276563e555aa04 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 15 Nov 2024 13:40:24 +0100 Subject: [PATCH 730/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06) → 'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/dba414932936fde69f0606b4f1d87c5bc0003ede' (2024-11-06) → 'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1d51867..663a3bd 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730919458, - "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", + "lastModified": 1731403644, + "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", + "rev": "f6581f1c3b137086e42a08a906bdada63045f991", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "lastModified": 1731386116, + "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "rev": "689fed12a013f56d4c4d3f612489634267d86529", "type": "github" }, "original": { From 18dcb10313219386241b788d3d3531657d68fa5f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 15 Nov 2024 14:28:39 +0100 Subject: [PATCH 731/904] flake: remove old commented out line --- flake.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/flake.nix b/flake.nix index 909e821..5c1ae08 100644 --- a/flake.nix +++ b/flake.nix @@ -90,8 +90,6 @@ inherit system; config.allowUnfree = true; }; - - # power-profiles-daemon = self.unstable.power-profiles-daemon; }) agenix.overlays.default From cd6295ff6b4f5acfe59f3d456c48a71c29e95b6e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 15 Nov 2024 15:45:56 +0100 Subject: [PATCH 732/904] ci: use flake devshell to check formatting This should fix the alejandra version mismatch failures --- .github/workflows/cachix.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index c14e1ea..87aad8c 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -15,10 +15,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@v27 - name: Run alejandra - run: nix run nixpkgs#alejandra -- --check . + run: nix develop --command alejandra --check . flake-check: name: Flake check From a7204f7cf4dbd61abcfb7faaa45cb35e2ac66160 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Nov 2024 11:52:57 +0100 Subject: [PATCH 733/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12) → 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12) → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 663a3bd..c5c8ec8 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731403644, - "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", + "lastModified": 1731797098, + "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f6581f1c3b137086e42a08a906bdada63045f991", + "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1731386116, - "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "689fed12a013f56d4c4d3f612489634267d86529", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { From 259c93009835c8ae8fce1e7b5328ae24d65db1f9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Nov 2024 12:12:06 +0100 Subject: [PATCH 734/904] talos: restart sway setup --- hosts/talos/default.nix | 12 +++--- hosts/talos/home.nix | 94 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 98 insertions(+), 8 deletions(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 5264e2b..9a042c0 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -152,22 +152,20 @@ LC_TELEPHONE = "fr_FR.UTF-8"; }; - # Enable the X11 windowing system. - services.xserver.enable = true; - # Enable the KDE Plasma Desktop Environment. services.desktopManager.plasma6.enable = true; services.power-profiles-daemon.enable = true; environment.systemPackages = [ pkgs.unstable.zed-editor + pkgs.foot ]; #programs.hyprland.enable = true; - #programs.sway = { - # enable = true; - # wrapperFeatures.gtk = true; - #}; + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index f445684..476df1c 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -1,8 +1,14 @@ { config, + lib, pkgs, ... -}: { +}: let + inherit + (lib) + mkOptionDefault + ; +in { home-manager.users.alarsyo = { home.stateVersion = "23.11"; @@ -33,5 +39,91 @@ spot ; }; + + wayland.windowManager.sway = { + enable = true; + swaynag.enable = true; + wrapperFeatures.gtk = true; + config = { + modifier = "Mod4"; + input = { + "type:keyboard" = { + xkb_layout = "fr"; + xkb_variant = "us"; + }; + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + middle_emulation = "enabled"; + natural_scroll = "enabled"; + }; + }; + output = { + "eDP-1" = { + scale = "1.5"; + }; + }; + fonts = { + names = ["Iosevka Fixed" "FontAwesome6Free"]; + size = 9.0; + }; + bars = [ + { + mode = "dock"; + hiddenState = "hide"; + position = "top"; + workspaceButtons = true; + workspaceNumbers = true; + statusCommand = "${pkgs.i3status}/bin/i3status"; + fonts = { + names = ["Iosevka Fixed" "FontAwesome6Free"]; + size = 9.0; + }; + trayOutput = "primary"; + colors = { + background = "#000000"; + statusline = "#ffffff"; + separator = "#666666"; + focusedWorkspace = { + border = "#4c7899"; + background = "#285577"; + text = "#ffffff"; + }; + activeWorkspace = { + border = "#333333"; + background = "#5f676a"; + text = "#ffffff"; + }; + inactiveWorkspace = { + border = "#333333"; + background = "#222222"; + text = "#888888"; + }; + urgentWorkspace = { + border = "#2f343a"; + background = "#900000"; + text = "#ffffff"; + }; + bindingMode = { + border = "#2f343a"; + background = "#900000"; + text = "#ffffff"; + }; + }; + } + ]; + + keybindings = mkOptionDefault { + "Mod4+i" = "exec emacsclient --create-frame"; + }; + }; + }; + programs = { + fuzzel.enable = true; + swaylock.enable = true; + waybar = { + enable = true; + }; + }; }; } From e7c8757962bd9af31308a1e14b82afe2b5af09be Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Nov 2024 12:13:46 +0100 Subject: [PATCH 735/904] ci: bump cachix actions --- .github/workflows/cachix.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 87aad8c..658289b 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -26,9 +26,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@v27 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v15 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -55,9 +55,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@v27 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v15 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -83,9 +83,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@v27 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v15 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From 8f88dc7a38b229d7ff31ca509cc2da2f2e74b3cb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Nov 2024 12:16:35 +0100 Subject: [PATCH 736/904] pkgs: spot: bump to 2.12.1 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index d454097..f9367f2 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.12"; + version = "2.12.1"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-JroHatV+xz0vrlSC1T4W2pXEeCJwdkfnhNjHzsDRBFU="; + sha256 = "sha256-VHfAjU4dBi8WTC5IaoNVaSXQfXDyGA3nBq96qUnG/1w="; }; } From 4a318041de8a1085048128f34630b781ffda0c56 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 18 Nov 2024 12:54:27 +0100 Subject: [PATCH 737/904] ci: try to improve disk space --- .github/workflows/cachix.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 658289b..5af64f6 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -81,6 +81,9 @@ jobs: - thanatos steps: + - name: Delete huge unnecessary tools folder + run: rm -rf /opt/hostedtoolcache + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v27 From cf336faa2d3626c78890fa77dba4e3545e3f1a0b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Nov 2024 15:21:15 +0100 Subject: [PATCH 738/904] base: gui: add chrysalis globally --- base/gui-programs.nix | 3 +++ hosts/boreal/default.nix | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 7431a12..3586d81 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -53,12 +53,15 @@ in { enable = true; cups-pdf.enable = true; }; + + udev.packages = [pkgs.chrysalis]; }; environment.systemPackages = builtins.attrValues { inherit (pkgs) arandr + chrysalis discord feh ffmpeg diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 5c2e2e6..67f9a3c 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -94,8 +94,6 @@ isNvidia = true; }; - services.udev.packages = [pkgs.chrysalis]; - hardware = { bluetooth = { enable = true; From 3b309371cd302ef3d9c49d8a3bf6cb93f9fe5ae3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Nov 2024 15:38:39 +0100 Subject: [PATCH 739/904] boreal: disable X11 SSH forwarding --- hosts/boreal/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 67f9a3c..56a7222 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -86,7 +86,6 @@ services = { openssh = { enable = true; - forwardX11 = true; }; }; my.gui = { From 92174a888fc706b777895075913921423102dd42 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 19 Nov 2024 14:42:38 +0100 Subject: [PATCH 740/904] home: tridactyl: add ignore for teams --- home/tridactylrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/tridactylrc b/home/tridactylrc index 9b74c6c..bad4eaa 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -38,3 +38,6 @@ blacklistadd localhost blacklistadd netflix.com blacklistadd primevideo.com blacklistadd youtube.com + +" prevent teams from crashing +seturl teams.microsoft.com superignore true From c88a7c247544040a88344b45aea273de23cddffc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 20 Nov 2024 11:01:35 +0100 Subject: [PATCH 741/904] thanatos: setup gitlab-runner --- hosts/thanatos/default.nix | 10 ++++++++++ hosts/thanatos/secrets.nix | 1 + modules/secrets/gitlab-runner/thanatos-runner-env.age | 7 +++++++ modules/secrets/secrets.nix | 2 ++ 4 files changed, 20 insertions(+) create mode 100644 modules/secrets/gitlab-runner/thanatos-runner-env.age diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix index 15cf5ce..50e22ea 100644 --- a/hosts/thanatos/default.nix +++ b/hosts/thanatos/default.nix @@ -35,6 +35,16 @@ in { }; services = { + gitlab-runner = { + enable = true; + settings = { + concurrent = 4; + }; + services.default = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path; + dockerImage = "debian:stable"; + }; + }; openssh.enable = true; }; diff --git a/hosts/thanatos/secrets.nix b/hosts/thanatos/secrets.nix index 3fbc379..c44e1f8 100644 --- a/hosts/thanatos/secrets.nix +++ b/hosts/thanatos/secrets.nix @@ -15,6 +15,7 @@ lib.mapAttrs toSecret { "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; + "gitlab-runner/thanatos-runner-env" = {}; }; }; } diff --git a/modules/secrets/gitlab-runner/thanatos-runner-env.age b/modules/secrets/gitlab-runner/thanatos-runner-env.age new file mode 100644 index 0000000..436d4f8 --- /dev/null +++ b/modules/secrets/gitlab-runner/thanatos-runner-env.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA +ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug +-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M +kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE +--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo + YMZ:{R^n~wPah8T'hcme(Xx=7ˢ[4@b=&Y;[߿kk>540G̟Qw \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 40ca77c..1796e74 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -13,6 +13,8 @@ let in { "gandi/api-key.age".publicKeys = [alarsyo hades]; + "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos]; + "lohr/shared-secret.age".publicKeys = [alarsyo hades]; "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; From e13a9125d801200baedce4c6447bcd671928816d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 20 Nov 2024 13:31:46 +0100 Subject: [PATCH 742/904] thanatos: add Nix runner --- hosts/thanatos/default.nix | 46 ++++++++++++++++-- hosts/thanatos/secrets.nix | 1 + .../gitlab-runner/thanatos-nix-runner-env.age | Bin 0 -> 406 bytes modules/secrets/secrets.nix | 1 + 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 modules/secrets/gitlab-runner/thanatos-nix-runner-env.age diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix index 50e22ea..ab960eb 100644 --- a/hosts/thanatos/default.nix +++ b/hosts/thanatos/default.nix @@ -40,9 +40,49 @@ in { settings = { concurrent = 4; }; - services.default = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path; - dockerImage = "debian:stable"; + services = { + nix = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path; + dockerImage = "alpine"; + dockerVolumes = [ + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + ]; + dockerDisableCache = true; + preBuildScript = pkgs.writeScript "setup-container" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" + + . ${pkgs.nix}/etc/profile.d/nix.sh + + ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])} + + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable + ${pkgs.nix}/bin/nix-channel --update nixpkgs + + mkdir -p ~/.config/nix + echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf + ''; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; + }; + }; + default = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path; + dockerImage = "debian:stable"; + }; }; }; openssh.enable = true; diff --git a/hosts/thanatos/secrets.nix b/hosts/thanatos/secrets.nix index c44e1f8..bd58902 100644 --- a/hosts/thanatos/secrets.nix +++ b/hosts/thanatos/secrets.nix @@ -16,6 +16,7 @@ "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; "gitlab-runner/thanatos-runner-env" = {}; + "gitlab-runner/thanatos-nix-runner-env" = {}; }; }; } diff --git a/modules/secrets/gitlab-runner/thanatos-nix-runner-env.age b/modules/secrets/gitlab-runner/thanatos-nix-runner-env.age new file mode 100644 index 0000000000000000000000000000000000000000..391995782a3855fe47c30efe2524a59ccb5480b0 GIT binary patch literal 406 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%Dpx2iEq3-Z z(JxQQ)(@;ojnFPGsB$xQ&G#<$C^E>+&Ik@qNpnrr_K7M9wBXA0G4Kzoa`Uk?b`7em zbT_UHGfzuO&G$+z*Y-@$Ev^dm^QkDw@GL8up*tx{Tq$DWc*vTu($+ODSEs{%DS63m=(4!zMP1~q6$}(8HG`lEF+p)~Y(A2{+ z(b&z$&BDapEib3gEHJ;YGMQ^4?>^@|1#wT2pYMGZY+|aNbWHZ}tDAv8Ubh`%yup3h z!Sd?9Lz~$XC(Su4JMlD++_J?9`O&TqUcL{nSa6~_mnUTHx|y#2e||MjDt8Q4jlH?& qu+l=83Fp@wh`&*^wMU@7cl9wfmTmj1x1MK>eIrsO7CwvNN;m)k=$8%v literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 1796e74..a31f59c 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -14,6 +14,7 @@ in { "gandi/api-key.age".publicKeys = [alarsyo hades]; "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos]; + "gitlab-runner/thanatos-nix-runner-env.age".publicKeys = [alarsyo thanatos]; "lohr/shared-secret.age".publicKeys = [alarsyo hades]; From f6d04359f6438801c3607ef8d58c44189d000e1f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 25 Nov 2024 14:59:19 +0100 Subject: [PATCH 743/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16) → 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c5c8ec8..fc56d16 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731797098, - "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { From 51e44c05d5383f18be7310e901ca2f0cd5bc6742 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 17:23:43 +0100 Subject: [PATCH 744/904] flake: upgrade to NixOS 24.11 --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index fc56d16..1d5f993 100644 --- a/flake.lock +++ b/flake.lock @@ -142,16 +142,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -257,16 +257,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1732981179, + "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 5c1ae08..a022c53 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-24.05"; + ref = "nixos-24.11"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-24.05"; + ref = "release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; From 3678a6f5419b5eaf63070e35ec7d95c7175be151 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 17:39:56 +0100 Subject: [PATCH 745/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24) → 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10) • Updated input 'disko': 'github:nix-community/disko/8ea5bcccc03111bdedaeaae9380dfab61e9deb33' (2024-05-30) → 'github:nix-community/disko/2814a5224a47ca19e858e027f7e8bff74a8ea9f1' (2024-11-30) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4' (2024-05-28) → 'github:NixOS/nixpkgs/8edf06bea5bcbee082df1b7369ff973b91618b8d' (2024-11-22) • Updated input 'flake-utils': 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24) → 'github:NixOS/nixos-hardware/fe01780d356d70fd119a19277bff71d3e78dad00' (2024-12-01) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/a5e6a9e979367ee14f65d9c38119c30272f8455f' (2024-10-21) → 'github:NixOS/nixpkgs/767b0e3398fb899d0c88a9f7aecf30dd1cad3166' (2024-12-01) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 1d5f993..04da1bd 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1716561646, - "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -48,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1717032306, - "narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=", + "lastModified": 1732988076, + "narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=", "owner": "nix-community", "repo": "disko", - "rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33", + "rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1", "type": "github" }, "original": { @@ -67,11 +67,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733066523, + "narHash": "sha256-aQorWITXZu7b095UwnpUvcGt9dNJie/GO9r4hZfe2sU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "fe01780d356d70fd119a19277bff71d3e78dad00", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1729493358, - "narHash": "sha256-Ti+Y9nWt5Fcs3JlarxLPgIOVlbqQo7jobz/qOwOaziM=", + "lastModified": 1733038015, + "narHash": "sha256-kIKqS3093Xz5vuvSLk0x1hqo2pFaGwMjnwr3qrTBkzk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e6a9e979367ee14f65d9c38119c30272f8455f", + "rev": "767b0e3398fb899d0c88a9f7aecf30dd1cad3166", "type": "github" }, "original": { @@ -241,11 +241,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716914467, - "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=", + "lastModified": 1732238832, + "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", + "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", "type": "github" }, "original": { From e18bac41e2662c1faf23ae7eebfcc50ff6914bcb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 17:41:27 +0100 Subject: [PATCH 746/904] flake: upgrade lix flake to 2.91.1-2 --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 04da1bd..c456fad 100644 --- a/flake.lock +++ b/flake.lock @@ -180,15 +180,15 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", - "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", + "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index a022c53..09c2017 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From e7c8e9ac5ae07bd666ac6abb415b7edeef7bc83f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 17:58:53 +0100 Subject: [PATCH 747/904] run alejandra new version --- base/programs.nix | 3 --- home/emacs.nix | 3 +-- home/x/i3bar.nix | 1 - hosts/boreal/home.nix | 2 -- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index cc111fb..3655de8 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -21,7 +21,6 @@ inherit (pkgs) # shell usage - bat fd file @@ -31,7 +30,6 @@ pciutils usbutils # development - git git-crypt git-lfs @@ -40,7 +38,6 @@ python3 vim # terminal utilities - htop unzip zip diff --git a/home/emacs.nix b/home/emacs.nix index 091846e..5935972 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -24,9 +24,8 @@ in { inherit (pkgs) sqlite # needed by org-roam - + # fonts used by my config - emacs-all-the-icons-fonts iosevka-bin ; diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 580b65e..3ac8b63 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -41,7 +41,6 @@ in { inherit (pkgs) # FIXME: is this useful? - font-awesome ; }; diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index 1ee6fbe..f7425b6 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -20,13 +20,11 @@ inherit (pkgs) # some websites only work there :( - chromium darktable hugin enblend-enfuse # dev - rustup ; From df3908daeb9cbb389e3de92840a9b24a7b2cfa8e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 18:05:15 +0100 Subject: [PATCH 748/904] services: pipewire: sound option no longer exists --- services/pipewire.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/services/pipewire.nix b/services/pipewire.nix index 04d8135..913cc28 100644 --- a/services/pipewire.nix +++ b/services/pipewire.nix @@ -22,8 +22,6 @@ in { # HACK: services.pipewire.alsa doesn't exist on 20.09, avoid evaluating this # config (my 20.09 machine is a server anyway) config = optionalAttrs (options ? services.pipewire.alsa) (mkIf cfg.enable { - # from NixOS wiki, causes conflicts with pipewire - sound.enable = false; # recommended for pipewire as well security.rtkit.enable = true; services.pipewire = { From 2451cde1e11f3c178b606c0b710002c5e73ae666 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 18:05:35 +0100 Subject: [PATCH 749/904] home: gtk: theme package was renamed --- home/gtk.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/gtk.nix b/home/gtk.nix index 762c413..a0738f4 100644 --- a/home/gtk.nix +++ b/home/gtk.nix @@ -24,12 +24,12 @@ in { }; iconTheme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; theme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; }; From 0d539acdad78ab2bd5c0d661e3a06e0391bc2015 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 19:32:44 +0100 Subject: [PATCH 750/904] services: nextcloud: upgrade to 30 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 55c4e33..6a90eb0 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,7 +62,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; maxUploadSize = "1G"; From ddc48936207e402df9bd01ebe162f5afbe6ff242 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 1 Dec 2024 20:45:57 +0100 Subject: [PATCH 751/904] talos: switch to linux 6.12 --- hosts/talos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 9a042c0..1cd71f6 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -16,7 +16,7 @@ ./secrets.nix ]; - boot.kernelPackages = pkgs.linuxPackages_6_11; + boot.kernelPackages = pkgs.linuxPackages_6_12; # Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could # lead to bad Wi-Fi performance boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"]; From 7509be1b322ef06ad10e61e8ea344f6505472173 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 Dec 2024 12:04:07 +0100 Subject: [PATCH 752/904] services: postgres: add upgrade script --- services/postgresql.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/services/postgresql.nix b/services/postgresql.nix index 1d39111..ec4b82a 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -1,10 +1,40 @@ { config, pkgs, + lib, ... }: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { package = pkgs.postgresql_15; }; + + config.environment.systemPackages = [ + (let + # XXX specify the postgresql package you'd like to upgrade to. + # Do not forget to list the extensions you need. + newPostgres = pkgs.postgresql_16; + cfg = config.services.postgresql; + in pkgs.writeScriptBin "upgrade-pg-cluster" '' + set -eux + # XXX it's perhaps advisable to stop all services that depend on postgresql + systemctl stop postgresql + + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + + export NEWBIN="${newPostgres}/bin" + + export OLDDATA="${cfg.dataDir}" + export OLDBIN="${cfg.package}/bin" + + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} + + sudo -u postgres $NEWBIN/pg_upgrade \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-bindir $OLDBIN --new-bindir $NEWBIN \ + "$@" + '') + ]; } From 188890b1e937751e54feae83741d393d34c97cd3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 Dec 2024 12:23:34 +0100 Subject: [PATCH 753/904] services: postgres: upgrade to 16 --- services/postgresql.nix | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) diff --git a/services/postgresql.nix b/services/postgresql.nix index ec4b82a..4446cc8 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -6,35 +6,6 @@ }: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { - package = pkgs.postgresql_15; + package = pkgs.postgresql_16; }; - - config.environment.systemPackages = [ - (let - # XXX specify the postgresql package you'd like to upgrade to. - # Do not forget to list the extensions you need. - newPostgres = pkgs.postgresql_16; - cfg = config.services.postgresql; - in pkgs.writeScriptBin "upgrade-pg-cluster" '' - set -eux - # XXX it's perhaps advisable to stop all services that depend on postgresql - systemctl stop postgresql - - export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" - - export NEWBIN="${newPostgres}/bin" - - export OLDDATA="${cfg.dataDir}" - export OLDBIN="${cfg.package}/bin" - - install -d -m 0700 -o postgres -g postgres "$NEWDATA" - cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} - - sudo -u postgres $NEWBIN/pg_upgrade \ - --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir $OLDBIN --new-bindir $NEWBIN \ - "$@" - '') - ]; } From 3c8381103283a2103bdf88f63024b02a70cedc08 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 4 Dec 2024 16:07:18 +0100 Subject: [PATCH 754/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f3111f62a23451114433888902a55cf0692b408d' (2024-11-24) → 'github:nix-community/home-manager/62d536255879be574ebfe9b87c4ac194febf47c5' (2024-12-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/fe01780d356d70fd119a19277bff71d3e78dad00' (2024-12-01) → 'github:NixOS/nixos-hardware/cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9' (2024-12-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/62c435d93bf046a5396f3016472e8f7c8e2aed65' (2024-11-30) → 'github:NixOS/nixpkgs/b681065d0919f7eb5309a93cea2cfa84dec9aa88' (2024-12-03) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c456fad..ceda98a 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1732466619, - "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", + "lastModified": 1733050161, + "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", "owner": "nix-community", "repo": "home-manager", - "rev": "f3111f62a23451114433888902a55cf0692b408d", + "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733066523, - "narHash": "sha256-aQorWITXZu7b095UwnpUvcGt9dNJie/GO9r4hZfe2sU=", + "lastModified": 1733217105, + "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fe01780d356d70fd119a19277bff71d3e78dad00", + "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1732981179, - "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=", + "lastModified": 1733261153, + "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65", + "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", "type": "github" }, "original": { From 46dbb8cffe033b5fa3beed146c86428c4192c2ed Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 Dec 2024 09:55:52 +0100 Subject: [PATCH 755/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/62d536255879be574ebfe9b87c4ac194febf47c5' (2024-12-01) → 'github:nix-community/home-manager/1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f' (2024-12-11) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9' (2024-12-03) → 'github:NixOS/nixos-hardware/cf737e2eba82b603f54f71b10cb8fd09d22ce3f5' (2024-12-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b681065d0919f7eb5309a93cea2cfa84dec9aa88' (2024-12-03) → 'github:NixOS/nixpkgs/314e12ba369ccdb9b352a4db26ff419f7c49fa84' (2024-12-13) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ceda98a..8b94d64 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1733050161, - "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", + "lastModified": 1733951536, + "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", "owner": "nix-community", "repo": "home-manager", - "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", + "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1733861262, + "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1733261153, - "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", + "lastModified": 1734083684, + "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", + "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", "type": "github" }, "original": { From 4c1f1f732fef0a51f9be0cb66c652aca22ec8719 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 19 Dec 2024 00:47:13 +0100 Subject: [PATCH 756/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f' (2024-12-11) → 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/cf737e2eba82b603f54f71b10cb8fd09d22ce3f5' (2024-12-10) → 'github:NixOS/nixos-hardware/b12e314726a4226298fe82776b4baeaa7bcf3dcd' (2024-12-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/314e12ba369ccdb9b352a4db26ff419f7c49fa84' (2024-12-13) → 'github:NixOS/nixpkgs/394571358ce82dff7411395829aa6a3aad45b907' (2024-12-16) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8b94d64..861896b 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1733951536, - "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733861262, - "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "lastModified": 1734323986, + "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "rev": "394571358ce82dff7411395829aa6a3aad45b907", "type": "github" }, "original": { From 85b0f9be7e63459b3ee7c18b5a2bc533aec977dc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 24 Dec 2024 06:12:21 +0100 Subject: [PATCH 757/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b12e314726a4226298fe82776b4baeaa7bcf3dcd' (2024-12-16) → 'github:NixOS/nixos-hardware/def1d472c832d77885f174089b0d34854b007198' (2024-12-23) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/394571358ce82dff7411395829aa6a3aad45b907' (2024-12-16) → 'github:NixOS/nixpkgs/1807c2b91223227ad5599d7067a61665c52d1295' (2024-12-22) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 861896b..96310ea 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734352517, - "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1734323986, - "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "394571358ce82dff7411395829aa6a3aad45b907", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { From b8232253020649a38191eef42a71585808dd2677 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 1 Jan 2025 17:24:32 +0100 Subject: [PATCH 758/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16) → 'github:nix-community/home-manager/613691f285dad87694c2ba1c9e6298d04736292d' (2024-12-28) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/def1d472c832d77885f174089b0d34854b007198' (2024-12-23) → 'github:NixOS/nixos-hardware/7c674c6734f61157e321db595dbfcd8523e04e19' (2024-12-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1807c2b91223227ad5599d7067a61665c52d1295' (2024-12-22) → 'github:NixOS/nixpkgs/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b' (2024-12-30) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 96310ea..b5ec003 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1735344290, + "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "613691f285dad87694c2ba1c9e6298d04736292d", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1735388221, + "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1735531152, + "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b", "type": "github" }, "original": { From 0d390a3189ae5f921e8eee29e9d991be808cb181 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Jan 2025 10:37:26 +0100 Subject: [PATCH 759/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b' (2024-12-30) → 'github:NixOS/nixpkgs/cbd8ec4de4469333c82ff40d057350c30e9f7d36' (2025-01-05) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b5ec003..fe56bb1 100644 --- a/flake.lock +++ b/flake.lock @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1735531152, - "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=", + "lastModified": 1736061677, + "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b", + "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", "type": "github" }, "original": { From fe8b1db0fdb6494adbebc523049b9b711f503ea4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 6 Jan 2025 15:14:50 +0100 Subject: [PATCH 760/904] thanatos: avoid GC --- hosts/thanatos/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix index ab960eb..afa74c0 100644 --- a/hosts/thanatos/default.nix +++ b/hosts/thanatos/default.nix @@ -93,4 +93,6 @@ in { environment.systemPackages = with pkgs; [ docker-compose ]; + + nix.gc.automatic = lib.mkForce false; } From 79587eff3e7fa1c86a303f90bbfece048f9f4775 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 7 Jan 2025 19:53:26 +0100 Subject: [PATCH 761/904] boreal: try out hyprland --- hosts/boreal/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix index 56a7222..12b56fa 100644 --- a/hosts/boreal/default.nix +++ b/hosts/boreal/default.nix @@ -103,4 +103,13 @@ modesetting.enable = true; }; }; + + environment.systemPackages = with pkgs; [foot waybar wofi]; + + programs.hyprland.enable = true; + programs.hyprlock.enable = true; + programs.waybar.enable = true; + programs.foot.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.power-profiles-daemon.enable = true; } From 990717029558fee44a4dbe88674333e4ad1999d0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 14 Jan 2025 10:39:33 +0100 Subject: [PATCH 762/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/613691f285dad87694c2ba1c9e6298d04736292d' (2024-12-28) → 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56' (2025-01-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/7c674c6734f61157e321db595dbfcd8523e04e19' (2024-12-28) → 'github:NixOS/nixos-hardware/8870dcaff63dfc6647fb10648b827e9d40b0a337' (2025-01-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cbd8ec4de4469333c82ff40d057350c30e9f7d36' (2025-01-05) → 'github:NixOS/nixpkgs/635e887b48521e912a516625eee7df6cf0eba9c1' (2025-01-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fe56bb1..a0a2eb4 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1735344290, - "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "613691f285dad87694c2ba1c9e6298d04736292d", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1735388221, - "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1736061677, - "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", + "lastModified": 1736684107, + "narHash": "sha256-vH5mXxEvZeoGNkqKoCluhTGfoeXCZ1seYhC2pbMN0sg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", + "rev": "635e887b48521e912a516625eee7df6cf0eba9c1", "type": "github" }, "original": { From c4af1c08588ec9207fa77c7aeca86db785b156e4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 16 Jan 2025 18:34:21 +0100 Subject: [PATCH 763/904] hades: add gitlab runners --- hosts/hades/default.nix | 51 +++++++++++++++++++ hosts/hades/secrets.nix | 3 ++ .../gitlab-runner/hades-nix-runner-env.age | 8 +++ .../gitlab-runner/hades-runner-env.age | 7 +++ modules/secrets/secrets.nix | 2 + 5 files changed, 71 insertions(+) create mode 100644 modules/secrets/gitlab-runner/hades-nix-runner-env.age create mode 100644 modules/secrets/gitlab-runner/hades-runner-env.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index e181392..f2a4158 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -156,6 +156,57 @@ in { services = { openssh.enable = true; vnstat.enable = true; + + gitlab-runner = { + enable = true; + settings = { + concurrent = 4; + }; + services = { + nix = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-nix-runner-env".path; + dockerImage = "alpine"; + dockerVolumes = [ + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + ]; + dockerDisableCache = true; + preBuildScript = pkgs.writeScript "setup-container" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" + + . ${pkgs.nix}/etc/profile.d/nix.sh + + ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])} + + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable + ${pkgs.nix}/bin/nix-channel --update nixpkgs + + mkdir -p ~/.config/nix + echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf + ''; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; + }; + }; + default = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-runner-env".path; + dockerImage = "debian:stable"; + }; + }; + }; }; virtualisation.docker.enable = true; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 55ec422..a5df603 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,6 +13,9 @@ // attrs; in lib.mapAttrs toSecret { + "gitlab-runner/hades-nix-runner-env" = {}; + "gitlab-runner/hades-runner-env" = {}; + "lohr/shared-secret" = {}; "matrix-synapse/secret-config" = { diff --git a/modules/secrets/gitlab-runner/hades-nix-runner-env.age b/modules/secrets/gitlab-runner/hades-nix-runner-env.age new file mode 100644 index 0000000..ce66f97 --- /dev/null +++ b/modules/secrets/gitlab-runner/hades-nix-runner-env.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw 0Qkzquxwa8PSNg6yq+CsfC4JfPLfxEIBKq1krrynlxg +QOHmNCQsV10zSnYvEeSpK95oXXlS+J4pw6EIR1KzxoU +-> ssh-ed25519 pX8y2g YbFzF2/mWizY4SOnNKzkcBEEsHYc1mTCpzWZ5vf6Zy0 +p2E9Uh0rWa8qbf2SvB5e4lxS+MEx5KGumKd28UHW0/0 +--- naIsBkYqZMgekqmxTgESGMuFIKoagS68mfXbid7k9e0 +U<"{24>e^*Cg f{vI_Foe3.6,cFK +$9]@{~L \ No newline at end of file diff --git a/modules/secrets/gitlab-runner/hades-runner-env.age b/modules/secrets/gitlab-runner/hades-runner-env.age new file mode 100644 index 0000000..b72657d --- /dev/null +++ b/modules/secrets/gitlab-runner/hades-runner-env.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw EQkuI0FlwczzVWR3wvx+lXUNd0NnUjpBhOhmmIJ8Xhk +SXMz4M9n7kcuacBkJUg//iLYLJ5qP2BlQnD2zALskuw +-> ssh-ed25519 pX8y2g fmzHtkHXHjHiva7dGs7Khof1VzMMj6CLC4oghYf7lEk +Yx6G693eo5EqviIj/8t5JWjziYCSSJlwDNG92FPc7ro +--- /vsxhnYSHZFsDJtDbl8TKTgDS/XwqkTOXB2isT6K+LY +bǙ) Date: Fri, 17 Jan 2025 12:13:12 +0100 Subject: [PATCH 764/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/767b0e3398fb899d0c88a9f7aecf30dd1cad3166' (2024-12-01) → 'github:NixOS/nixpkgs/62e9d4ae7c343fdae23f7cf347d98204488c1401' (2025-01-16) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a0a2eb4..f687621 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1733038015, - "narHash": "sha256-kIKqS3093Xz5vuvSLk0x1hqo2pFaGwMjnwr3qrTBkzk=", + "lastModified": 1737007772, + "narHash": "sha256-YmN6LpUQwOaY7gYdcXtX5CtpT4W37taAjbAF6WOmY4Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "767b0e3398fb899d0c88a9f7aecf30dd1cad3166", + "rev": "62e9d4ae7c343fdae23f7cf347d98204488c1401", "type": "github" }, "original": { From 6aca4f9f62d6d68d7968a4e8c438e403d06e9182 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 17 Jan 2025 16:58:14 +0100 Subject: [PATCH 765/904] services: mealie: get rid of copy-pasted module --- services/mealie.nix | 70 ++++++++++++--------------------------------- 1 file changed, 18 insertions(+), 52 deletions(-) diff --git a/services/mealie.nix b/services/mealie.nix index 8333c4c..61baefe 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -29,64 +29,30 @@ in { example = 8080; description = "Internal port for Mealie webapp"; }; - credentialsFile = lib.mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/secrets/mealie-credentials.env"; - description = '' - File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD` - or sensitive LDAP options. - - Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`. - ''; - }; }; - # FIXME(NixOS 24.11) Copy pasted from nixpkgs master module, because some needed changes weren't in stable yet. - config = mkIf cfg.enable (let - settings = { - ALLOW_SIGNUP = "false"; - BASE_URL = "https://mealie.${domain}"; - TZ = config.time.timeZone; + config = mkIf cfg.enable { + services.mealie = { + inherit listenAddress; - # Use PostgreSQL - DB_ENGINE = "postgres"; + enable = true; + package = pkgs.unstable.mealie; + port = cfg.port; - # Settings for Mealie 1.7+ - POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; - }; - in { - systemd.services = { - mealie = { - after = ["network-online.target" "postgresql.service"]; - requires = ["postgresql.service"]; - wants = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - - description = "Mealie, a self hosted recipe manager and meal planner"; - - environment = - { - PRODUCTION = "true"; - API_PORT = toString cfg.port; - BASE_URL = "http://localhost:${toString cfg.port}"; - DATA_DIR = "/var/lib/mealie"; - CRF_MODEL_PATH = "/var/lib/mealie/model.crfmodel"; - } - // (builtins.mapAttrs (_: val: toString val) settings); - - serviceConfig = { - DynamicUser = true; - User = "mealie"; - ExecStartPre = "${pkg}/libexec/init_db"; - ExecStart = "${lib.getExe pkg} -b ${listenAddress}:${builtins.toString cfg.port}"; - EnvironmentFile = lib.mkIf (cfg.credentialsFile != null) cfg.credentialsFile; - StateDirectory = "mealie"; - StandardOutput = "journal"; - }; + settings = { + ALLOW_SIGNUP = "false"; + BASE_URL = "https://mealie.${domain}"; + TZ = config.time.timeZone; + DB_ENGINE = "postgres"; + POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; }; + systemd.services.mealie = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + # Set-up database services.postgresql = { enable = true; @@ -118,5 +84,5 @@ in { my.services.restic-backup = { paths = ["/var/lib/mealie"]; }; - }); + }; } From 78b96dd311683f91e2c11cfcdac579e222a0e060 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 17 Jan 2025 17:09:53 +0100 Subject: [PATCH 766/904] hades: secret config for mealie --- hosts/hades/default.nix | 1 + hosts/hades/secrets.nix | 2 ++ modules/secrets/mealie/secret-config.age | Bin 0 -> 483 bytes modules/secrets/secrets.nix | 2 ++ services/mealie.nix | 12 ++++++++++++ 5 files changed, 17 insertions(+) create mode 100644 modules/secrets/mealie/secret-config.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index f2a4158..2b84d21 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -84,6 +84,7 @@ in { mealie = { enable = true; port = 8090; + credentialsFile = config.age.secrets."mealie/secret-config".path; }; microbin = { diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index a5df603..2623fe8 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -22,6 +22,8 @@ owner = "matrix-synapse"; }; + "mealie/secret-config" = {}; + "microbin/secret-config" = {}; "miniflux/admin-credentials" = {}; diff --git a/modules/secrets/mealie/secret-config.age b/modules/secrets/mealie/secret-config.age new file mode 100644 index 0000000000000000000000000000000000000000..cd0288476ea7b2346e498f3aa01498a4079f9c23 GIT binary patch literal 483 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7HcI!%DpxQyb+jxu z@isQgcQi^fitsBk4hb^w$Tl|%aL-Ti39Hmj&51Ox)GqSQGT|~Zu?+SocT5cnGto{j zD+%#8%#Ct0@pLNpC3C|#i{!ztCjz$D4Qs~|Vi z#l@ny$jLRzvN*iZJJH#>Fv-Hv(8E2-qbfN!Bbh71HzQL!G1V_A#KXn6T;I9OIM*>E zBQdck&#)@2$S=$*E8kP!EVslX#DGgzS687jC@mnM(yiP`-`p#uFrwJ4B+0ip&BQFk z-NiC5BFi{2H$2cOG$S&#!j#jC!4ibRlhy{!J3XqMXNe@OS~{I_E1osy#4WBT@~MJ z+tV7SH2jG1)z*1dxQyveu`2(Kj@z7EH(eM)=l}FNwTD5Wt4SuxYw@JJvzFev@8{_A z@%}?0&pt)R7wiA<9z7qR9yCq1TjhSnly%DvOEElaPkg<*DD>ytU7w^p_?8QubJ*Ow T^=IhhE4yd$MjUu$G}##dEzG?f literal 0 HcmV?d00001 diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 452effa..c918355 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -22,6 +22,8 @@ in { "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; + "mealie/secret-config.age".publicKeys = [alarsyo hades]; + "microbin/secret-config.age".publicKeys = [alarsyo hades]; "miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; diff --git a/services/mealie.nix b/services/mealie.nix index 61baefe..0be80e3 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -29,11 +29,23 @@ in { example = 8080; description = "Internal port for Mealie webapp"; }; + credentialsFile = lib.mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/secrets/mealie-credentials.env"; + description = '' + File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD` + or sensitive LDAP options. + + Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`. + ''; + }; }; config = mkIf cfg.enable { services.mealie = { inherit listenAddress; + inherit (cfg) credentialsFile; enable = true; package = pkgs.unstable.mealie; From 771ba29fb212d2fcb69d23c07483b0d7af74af19 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 20 Jan 2025 14:07:21 +0100 Subject: [PATCH 767/904] hades: remove gitlab runners --- hosts/hades/default.nix | 51 ------------------- hosts/hades/secrets.nix | 3 -- .../gitlab-runner/hades-nix-runner-env.age | 8 --- .../gitlab-runner/hades-runner-env.age | 7 --- modules/secrets/secrets.nix | 2 - 5 files changed, 71 deletions(-) delete mode 100644 modules/secrets/gitlab-runner/hades-nix-runner-env.age delete mode 100644 modules/secrets/gitlab-runner/hades-runner-env.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 2b84d21..0117199 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -157,57 +157,6 @@ in { services = { openssh.enable = true; vnstat.enable = true; - - gitlab-runner = { - enable = true; - settings = { - concurrent = 4; - }; - services = { - nix = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-nix-runner-env".path; - dockerImage = "alpine"; - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - - . ${pkgs.nix}/etc/profile.d/nix.sh - - ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])} - - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable - ${pkgs.nix}/bin/nix-channel --update nixpkgs - - mkdir -p ~/.config/nix - echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - }; - default = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-runner-env".path; - dockerImage = "debian:stable"; - }; - }; - }; }; virtualisation.docker.enable = true; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 2623fe8..390cc7e 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,9 +13,6 @@ // attrs; in lib.mapAttrs toSecret { - "gitlab-runner/hades-nix-runner-env" = {}; - "gitlab-runner/hades-runner-env" = {}; - "lohr/shared-secret" = {}; "matrix-synapse/secret-config" = { diff --git a/modules/secrets/gitlab-runner/hades-nix-runner-env.age b/modules/secrets/gitlab-runner/hades-nix-runner-env.age deleted file mode 100644 index ce66f97..0000000 --- a/modules/secrets/gitlab-runner/hades-nix-runner-env.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw 0Qkzquxwa8PSNg6yq+CsfC4JfPLfxEIBKq1krrynlxg -QOHmNCQsV10zSnYvEeSpK95oXXlS+J4pw6EIR1KzxoU --> ssh-ed25519 pX8y2g YbFzF2/mWizY4SOnNKzkcBEEsHYc1mTCpzWZ5vf6Zy0 -p2E9Uh0rWa8qbf2SvB5e4lxS+MEx5KGumKd28UHW0/0 ---- naIsBkYqZMgekqmxTgESGMuFIKoagS68mfXbid7k9e0 -U<"{24>e^*Cg f{vI_Foe3.6,cFK -$9]@{~L \ No newline at end of file diff --git a/modules/secrets/gitlab-runner/hades-runner-env.age b/modules/secrets/gitlab-runner/hades-runner-env.age deleted file mode 100644 index b72657d..0000000 --- a/modules/secrets/gitlab-runner/hades-runner-env.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw EQkuI0FlwczzVWR3wvx+lXUNd0NnUjpBhOhmmIJ8Xhk -SXMz4M9n7kcuacBkJUg//iLYLJ5qP2BlQnD2zALskuw --> ssh-ed25519 pX8y2g fmzHtkHXHjHiva7dGs7Khof1VzMMj6CLC4oghYf7lEk -Yx6G693eo5EqviIj/8t5JWjziYCSSJlwDNG92FPc7ro ---- /vsxhnYSHZFsDJtDbl8TKTgDS/XwqkTOXB2isT6K+LY -bǙ) Date: Mon, 20 Jan 2025 14:15:19 +0100 Subject: [PATCH 768/904] pkgs: spot: update to 2.12.2 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index f9367f2..d333627 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.12.1"; + version = "2.12.2"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-VHfAjU4dBi8WTC5IaoNVaSXQfXDyGA3nBq96qUnG/1w="; + sha256 = "sha256-NhMOU23GqH+twsRLSrL2tBfVpP8879GZy+TqUbogdyQ"; }; } From 8157575ad5525184006fa8533a14281e06f0f984 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 22 Jan 2025 12:59:05 +0100 Subject: [PATCH 769/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/8870dcaff63dfc6647fb10648b827e9d40b0a337' (2025-01-09) → 'github:NixOS/nixos-hardware/61c79181e77ef774ab0468b28a24bc2647d498d6' (2025-01-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/635e887b48521e912a516625eee7df6cf0eba9c1' (2025-01-12) → 'github:NixOS/nixpkgs/ae584d90cbd0396a422289ee3efb1f1c9d141dc3' (2025-01-20) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f687621..05875f6 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1737359802, + "narHash": "sha256-utplyRM6pqnN940gfaLFBb9oUCSzkan86IvmkhsVlN8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "61c79181e77ef774ab0468b28a24bc2647d498d6", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1736684107, - "narHash": "sha256-vH5mXxEvZeoGNkqKoCluhTGfoeXCZ1seYhC2pbMN0sg=", + "lastModified": 1737404927, + "narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "635e887b48521e912a516625eee7df6cf0eba9c1", + "rev": "ae584d90cbd0396a422289ee3efb1f1c9d141dc3", "type": "github" }, "original": { From 69b304545d6b1a140a99ee1f72d8dcb1b61e40c9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Jan 2025 17:22:34 +0100 Subject: [PATCH 770/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/62e9d4ae7c343fdae23f7cf347d98204488c1401' (2025-01-16) → 'github:NixOS/nixpkgs/970c26517231e07b71f3eaaa9aa2ebe539c354d3' (2025-01-27) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 05875f6..68b0e32 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1737007772, - "narHash": "sha256-YmN6LpUQwOaY7gYdcXtX5CtpT4W37taAjbAF6WOmY4Y=", + "lastModified": 1737959576, + "narHash": "sha256-eEOiMxfxYSLa/8jcDZEK46TjqLO+8cJ5C9ufHXz1oIw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62e9d4ae7c343fdae23f7cf347d98204488c1401", + "rev": "970c26517231e07b71f3eaaa9aa2ebe539c354d3", "type": "github" }, "original": { From 233468f6846e62eabda84e47592b6cd9880748c8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Jan 2025 17:24:58 +0100 Subject: [PATCH 771/904] talos: remove zed Not using it enough --- hosts/talos/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 1cd71f6..1b475c4 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -157,7 +157,6 @@ services.power-profiles-daemon.enable = true; environment.systemPackages = [ - pkgs.unstable.zed-editor pkgs.foot ]; From de058169d5539fc2e5b2a7a7800194ab047874a9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 27 Jan 2025 17:25:10 +0100 Subject: [PATCH 772/904] flake: pin flakes to registry --- flake.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/flake.nix b/flake.nix index 09c2017..622da02 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,10 @@ home-manager.users.alarsyo = import ./home; home-manager.verbose = true; }; + nix-registry = { + nix.registry.nixpkgs.flake = nixpkgs; + nix.registry.unstable.flake = inputs.nixpkgs-unstable-small; + }; }; overlays = import ./overlays; From ef67f8f25d17fdb574ea6a4cbe1356c77b3b82fb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 28 Jan 2025 16:26:46 +0100 Subject: [PATCH 773/904] flake: add jujutsu to base programs --- base/programs.nix | 1 + flake.lock | 96 ++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 8 ++++ 3 files changed, 103 insertions(+), 2 deletions(-) diff --git a/base/programs.nix b/base/programs.nix index 3655de8..08a62ad 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -30,6 +30,7 @@ pciutils usbutils # development + jujutsu git git-crypt git-lfs diff --git a/flake.lock b/flake.lock index 68b0e32..371c4b4 100644 --- a/flake.lock +++ b/flake.lock @@ -85,6 +85,24 @@ "inputs": { "systems": "systems_3" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -156,6 +174,27 @@ "type": "github" } }, + "jujutsu": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1735790175, + "narHash": "sha256-5J1ZfPNyniUK5D3Pt1aKuJ+/8vad3JPxCztBRY591N8=", + "owner": "jj-vcs", + "repo": "jj", + "rev": "041c4fecb77434dd6720e7d7f1ce48d9575ac5f7", + "type": "github" + }, + "original": { + "owner": "jj-vcs", + "ref": "v0.25.0", + "repo": "jj", + "type": "github" + } + }, "lix": { "flake": false, "locked": { @@ -172,7 +211,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -256,6 +295,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1731890469, + "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5083ec887760adfe12af64830a66807423a859a7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1737404927, "narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=", @@ -277,12 +332,34 @@ "disko": "disko", "flake-utils": "flake-utils", "home-manager": "home-manager_2", + "jujutsu": "jujutsu", "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "jujutsu", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732242723, + "narHash": "sha256-NWI8csIK0ujFlFuEXKnoc+7hWoCiEtINK9r48LUUMeU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a229311fcb45b88a95fdfa5cecd8349c809a272a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -327,6 +404,21 @@ "repo": "default", "type": "github" } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 622da02..b729103 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,13 @@ url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; + + jujutsu = { + type = "github"; + owner = "jj-vcs"; + repo = "jj"; + ref = "v0.25.0"; + }; }; outputs = { @@ -97,6 +104,7 @@ }) agenix.overlays.default + inputs.jujutsu.overlays.default ] ++ builtins.attrValues self.overlays; sharedModules = From c080a01e5a1a2371919ef17aa3d85762ba44b927 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Feb 2025 10:26:48 +0100 Subject: [PATCH 774/904] flake: bump jj to v0.26.0 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 371c4b4..dfc2f30 100644 --- a/flake.lock +++ b/flake.lock @@ -181,16 +181,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1735790175, - "narHash": "sha256-5J1ZfPNyniUK5D3Pt1aKuJ+/8vad3JPxCztBRY591N8=", + "lastModified": 1738805560, + "narHash": "sha256-jGy+0VDxQrgNhj+eX06FRhPP31V8QZVAM4j4yBosAGE=", "owner": "jj-vcs", "repo": "jj", - "rev": "041c4fecb77434dd6720e7d7f1ce48d9575ac5f7", + "rev": "613742dfbbd89324b25672a75ef8ce9e671ae0d3", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.25.0", + "ref": "v0.26.0", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index b729103..2ee5d0e 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.25.0"; + ref = "v0.26.0"; }; }; From 27f283b288ffb26dd86c5a8c51ab6d6c33919b33 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Feb 2025 10:40:22 +0100 Subject: [PATCH 775/904] flake: bump lix to v2.92.0 --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index dfc2f30..3cb3cdd 100644 --- a/flake.lock +++ b/flake.lock @@ -198,15 +198,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" } }, "lix-module": { @@ -219,15 +219,15 @@ ] }, "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "b90bf629bbd835e61f1317b99e12f8c831017006", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 2ee5d0e..01005c3 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From fbb53b22f7ebc1dfeefc83473bff5e02a5dd019d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Feb 2025 11:57:21 +0100 Subject: [PATCH 776/904] home: mail: add another alias --- home/mail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/mail.nix b/home/mail.nix index d03fbf9..8931940 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -81,6 +81,7 @@ in { aliases = [ "alarsyo@alarsyo.net" "antoine@amartin.email" + "mail@antoinemartin.fr" ]; flavor = "plain"; # default setting passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}"; From fcd2651dc27d68009d434dc726f9f3f3e7ae62f8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Feb 2025 00:09:06 +0100 Subject: [PATCH 777/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56' (2025-01-08) → 'github:nix-community/home-manager/254d47082e23dbf72fdeca1da6fe1da420f478d8' (2025-02-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/61c79181e77ef774ab0468b28a24bc2647d498d6' (2025-01-20) → 'github:NixOS/nixos-hardware/2eccff41bab80839b1d25b303b53d339fbb07087' (2025-02-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ae584d90cbd0396a422289ee3efb1f1c9d141dc3' (2025-01-20) → 'github:NixOS/nixpkgs/0ff09db9d034a04acd4e8908820ba0b410d7a33a' (2025-02-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 3cb3cdd..f288495 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1739570999, + "narHash": "sha256-eCc0/Q4bPpe4/AS+uzIrHLJcR6BxPQ69q2kD0/Qe6rU=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "254d47082e23dbf72fdeca1da6fe1da420f478d8", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737359802, - "narHash": "sha256-utplyRM6pqnN940gfaLFBb9oUCSzkan86IvmkhsVlN8=", + "lastModified": 1738816619, + "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61c79181e77ef774ab0468b28a24bc2647d498d6", + "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "type": "github" }, "original": { @@ -312,11 +312,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1737404927, - "narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=", + "lastModified": 1739357830, + "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae584d90cbd0396a422289ee3efb1f1c9d141dc3", + "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", "type": "github" }, "original": { From d9cc63353ae3aa8c5ef15745dd541b51cc83f407 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:03:37 +0100 Subject: [PATCH 778/904] talos: home: use waybar --- hosts/talos/home.nix | 49 ++++---------------------------------------- 1 file changed, 4 insertions(+), 45 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 476df1c..212cd1f 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -67,55 +67,14 @@ in { names = ["Iosevka Fixed" "FontAwesome6Free"]; size = 9.0; }; - bars = [ - { - mode = "dock"; - hiddenState = "hide"; - position = "top"; - workspaceButtons = true; - workspaceNumbers = true; - statusCommand = "${pkgs.i3status}/bin/i3status"; - fonts = { - names = ["Iosevka Fixed" "FontAwesome6Free"]; - size = 9.0; - }; - trayOutput = "primary"; - colors = { - background = "#000000"; - statusline = "#ffffff"; - separator = "#666666"; - focusedWorkspace = { - border = "#4c7899"; - background = "#285577"; - text = "#ffffff"; - }; - activeWorkspace = { - border = "#333333"; - background = "#5f676a"; - text = "#ffffff"; - }; - inactiveWorkspace = { - border = "#333333"; - background = "#222222"; - text = "#888888"; - }; - urgentWorkspace = { - border = "#2f343a"; - background = "#900000"; - text = "#ffffff"; - }; - bindingMode = { - border = "#2f343a"; - background = "#900000"; - text = "#ffffff"; - }; - }; - } - ]; + bars = []; keybindings = mkOptionDefault { "Mod4+i" = "exec emacsclient --create-frame"; }; + startup = [ + {command = "waybar";} + ]; }; }; programs = { From 47ab3ef2845662e273c4526143bba1e2aa405b28 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:03:51 +0100 Subject: [PATCH 779/904] talos: home: smaller sway font size --- hosts/talos/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 212cd1f..c1bec26 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -65,7 +65,7 @@ in { }; fonts = { names = ["Iosevka Fixed" "FontAwesome6Free"]; - size = 9.0; + size = 8.0; }; bars = []; From ea914e9821404e28f8e5251dc61e7091503e899e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:04:36 +0100 Subject: [PATCH 780/904] talos: home: logout mode in sway --- hosts/talos/home.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index c1bec26..abfd952 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -40,7 +40,9 @@ in { ; }; - wayland.windowManager.sway = { + wayland.windowManager.sway = let + logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; + in { enable = true; swaynag.enable = true; wrapperFeatures.gtk = true; @@ -70,8 +72,20 @@ in { bars = []; keybindings = mkOptionDefault { + "Mod4+Shift+e" = ''mode "${logoutMode}"''; "Mod4+i" = "exec emacsclient --create-frame"; }; + + modes = mkOptionDefault { + "${logoutMode}" = { + "l" = "exec --no-startup-id swaymsg exit, mode default"; + #"s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; + "p" = "exec --no-startup-id systemctl poweroff, mode default"; + "r" = "exec --no-startup-id systemctl reboot, mode default"; + "Escape" = "mode default"; + "Return" = "mode default"; + }; + }; startup = [ {command = "waybar";} ]; From e02738479991ad82589f8919b641c8a58fbd90ee Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:05:00 +0100 Subject: [PATCH 781/904] talos: home: setup shikane for display autoswitch --- hosts/talos/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index abfd952..e23c301 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -31,6 +31,7 @@ in { (pkgs) ansel chromium # some websites only work there :( + shikane # output autoconfig zotero ; @@ -87,6 +88,7 @@ in { }; }; startup = [ + {command = "shikane";} {command = "waybar";} ]; }; From d52af230e2f99cfc6e122a3f5530ec9f9f155ae5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:05:57 +0100 Subject: [PATCH 782/904] talos: home: set hyprlock shortcut --- hosts/talos/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index e23c301..06a0ed9 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -31,6 +31,7 @@ in { (pkgs) ansel chromium # some websites only work there :( + hyprlock shikane # output autoconfig zotero ; @@ -75,6 +76,7 @@ in { keybindings = mkOptionDefault { "Mod4+Shift+e" = ''mode "${logoutMode}"''; "Mod4+i" = "exec emacsclient --create-frame"; + "Mod4+Control+l" = "exec hyprlock"; }; modes = mkOptionDefault { From f6306eab82db605a34fddc74fe089be005cb9b1f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:06:14 +0100 Subject: [PATCH 783/904] talos: home: try fuzzel for menu --- hosts/talos/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 06a0ed9..61bc614 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -89,6 +89,9 @@ in { "Return" = "mode default"; }; }; + + menu = "fuzzel --list-executables-in-path"; + startup = [ {command = "shikane";} {command = "waybar";} From e34b0f85b26058e15609ce312a9d03bb5849b28e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:06:31 +0100 Subject: [PATCH 784/904] talos: home: add nwg-displays to home packages --- hosts/talos/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 61bc614..834214a 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -32,6 +32,7 @@ in { ansel chromium # some websites only work there :( hyprlock + nwg-displays shikane # output autoconfig zotero ; From e08af2559b0363c81c749635f4d37139aa92a399 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 16 Feb 2025 18:06:46 +0100 Subject: [PATCH 785/904] talos: home: setup sound shortcuts --- hosts/talos/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 834214a..4d7c2b0 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -78,6 +78,9 @@ in { "Mod4+Shift+e" = ''mode "${logoutMode}"''; "Mod4+i" = "exec emacsclient --create-frame"; "Mod4+Control+l" = "exec hyprlock"; + "XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + "XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.2"; + "XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2"; }; modes = mkOptionDefault { From 87773282fc6fc86aff4f8209a9a4a4ba58d9ea58 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 12:14:17 +0100 Subject: [PATCH 786/904] talos: home: brightness bindings --- hosts/talos/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 4d7c2b0..d2dae09 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -81,6 +81,8 @@ in { "XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; "XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.2"; "XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2"; + "XF86MonBrightnessUp" = "exec light -A 5"; + "XF86MonBrightnessDown" = "exec light -U 5"; }; modes = mkOptionDefault { From 35aad1c28e17ceb62e00da4159a4451a43641786 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 14:14:49 +0100 Subject: [PATCH 787/904] talos: home: include hyprlock the right way --- hosts/talos/home.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index d2dae09..97c1e64 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -31,7 +31,6 @@ in { (pkgs) ansel chromium # some websites only work there :( - hyprlock nwg-displays shikane # output autoconfig zotero @@ -45,6 +44,7 @@ in { wayland.windowManager.sway = let logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; + lock = "hyprlock --immediate"; in { enable = true; swaynag.enable = true; @@ -77,7 +77,7 @@ in { keybindings = mkOptionDefault { "Mod4+Shift+e" = ''mode "${logoutMode}"''; "Mod4+i" = "exec emacsclient --create-frame"; - "Mod4+Control+l" = "exec hyprlock"; + "Mod4+Control+l" = "exec ${lock}"; "XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; "XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.2"; "XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2"; @@ -106,7 +106,7 @@ in { }; programs = { fuzzel.enable = true; - swaylock.enable = true; + hyprlock.enable = true; waybar = { enable = true; }; From d8de5ac7d3580bf4b41b6c3b755154592fccecd7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 14:15:27 +0100 Subject: [PATCH 788/904] talos: home: setup idling --- base/gui-programs.nix | 2 +- hosts/talos/home.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 3586d81..0a0e47c 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -47,7 +47,7 @@ in { }; }; - logind.lidSwitch = "ignore"; + logind.lidSwitch = "suspend"; printing = { enable = true; diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 97c1e64..1d8c207 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -101,6 +101,7 @@ in { startup = [ {command = "shikane";} {command = "waybar";} + {command = "swayidle -w idlehint 1 before-sleep \"${lock}\"";} ]; }; }; @@ -112,4 +113,17 @@ in { }; }; }; + + # FIXME: belongs elsewhere + services = { + logind = { + lidSwitch = "suspend"; + lidSwitchExternalPower = "ignore"; + extraConfig = '' + IdleAction=suspend + IdleActionSec=10min + ''; + }; + upower.enable = true; + }; } From 659aed60d79fd4721568f7430699bdad8df725c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 14:15:43 +0100 Subject: [PATCH 789/904] talos: home: setup swaybg --- hosts/talos/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 1d8c207..148c46e 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -33,6 +33,7 @@ in { chromium # some websites only work there :( nwg-displays shikane # output autoconfig + swaybg zotero ; @@ -101,6 +102,10 @@ in { startup = [ {command = "shikane";} {command = "waybar";} + { + command = "swaybg --image ~/.wallpaper --mode fill"; + always = true; + } {command = "swayidle -w idlehint 1 before-sleep \"${lock}\"";} ]; }; From a812afaf4adb6d9088e19b15d38bb6c468118bf4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 14:15:53 +0100 Subject: [PATCH 790/904] talos: home: handle lid switch in sway --- hosts/talos/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 148c46e..af80bbc 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -109,6 +109,11 @@ in { {command = "swayidle -w idlehint 1 before-sleep \"${lock}\"";} ]; }; + + extraConfig = '' + bindswitch --reload --locked lid:off output eDP-1 enable; + bindswitch --reload --locked lid:on output eDP-1 disable; + ''; }; programs = { fuzzel.enable = true; From 6c04235b488e68bd69ef6acbc9b57f6dcc482ea4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 14:16:43 +0100 Subject: [PATCH 791/904] talos: home: provide shortcut to reload displays --- hosts/talos/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index af80bbc..8ea4938 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -76,6 +76,7 @@ in { bars = []; keybindings = mkOptionDefault { + "Mod4+Shift+a" = "exec shikanectl reload"; "Mod4+Shift+e" = ''mode "${logoutMode}"''; "Mod4+i" = "exec emacsclient --create-frame"; "Mod4+Control+l" = "exec ${lock}"; From a22e79693def0741635cdf36732ccfe84cd5eb5e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 15:00:09 +0100 Subject: [PATCH 792/904] talos: home: swaylock works better --- hosts/talos/home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 8ea4938..32c1509 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -45,7 +45,7 @@ in { wayland.windowManager.sway = let logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; - lock = "hyprlock --immediate"; + lock = "swaylock --daemonize --image ~/.wallpaper --scaling fill"; in { enable = true; swaynag.enable = true; @@ -118,7 +118,7 @@ in { }; programs = { fuzzel.enable = true; - hyprlock.enable = true; + swaylock.enable = true; waybar = { enable = true; }; From 62558b3dc08c5bc490f90a754546403a448619f9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 15:00:22 +0100 Subject: [PATCH 793/904] talos: home: bring back suspend shortcut --- hosts/talos/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 32c1509..39aeb5b 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -90,7 +90,7 @@ in { modes = mkOptionDefault { "${logoutMode}" = { "l" = "exec --no-startup-id swaymsg exit, mode default"; - #"s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; + "s" = "exec --no-startup-id systemctl suspend, mode default"; "p" = "exec --no-startup-id systemctl poweroff, mode default"; "r" = "exec --no-startup-id systemctl reboot, mode default"; "Escape" = "mode default"; From 61b72a89e773c77cdf30542fc1ec7dac581812a1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 21:21:07 +0100 Subject: [PATCH 794/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/970c26517231e07b71f3eaaa9aa2ebe539c354d3' (2025-01-27) → 'github:NixOS/nixpkgs/1ead14e49dfa47e91e68df64ef3dbf036809c742' (2025-02-17) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f288495..f567b65 100644 --- a/flake.lock +++ b/flake.lock @@ -264,11 +264,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1737959576, - "narHash": "sha256-eEOiMxfxYSLa/8jcDZEK46TjqLO+8cJ5C9ufHXz1oIw=", + "lastModified": 1739776882, + "narHash": "sha256-PAiogZP1rLOwSkoL8eNgnbcobe5AqIq+Zc8A9NNFv+A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "970c26517231e07b71f3eaaa9aa2ebe539c354d3", + "rev": "1ead14e49dfa47e91e68df64ef3dbf036809c742", "type": "github" }, "original": { From 3e01412e7fbb925919aef82c03a5bee8433552b1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 22:59:22 +0100 Subject: [PATCH 795/904] talos: home: unblur electron apps This is an obscure NixOS environment variable only mentioned in a changelog, but it does the right thing --- hosts/talos/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 39aeb5b..2be85f8 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -116,6 +116,7 @@ in { bindswitch --reload --locked lid:on output eDP-1 disable; ''; }; + programs = { fuzzel.enable = true; swaylock.enable = true; @@ -123,6 +124,10 @@ in { enable = true; }; }; + + home.sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; }; # FIXME: belongs elsewhere From c8648b18b4a6b82aaad5df23628d519bacd38ffe Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 17 Feb 2025 23:00:11 +0100 Subject: [PATCH 796/904] talos: home: use catppuccin theme for sway --- hosts/talos/home.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 2be85f8..68a8336 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -114,6 +114,41 @@ in { extraConfig = '' bindswitch --reload --locked lid:off output eDP-1 enable; bindswitch --reload --locked lid:on output eDP-1 disable; + + set $rosewater #dc8a78 + set $flamingo #dd7878 + set $pink #ea76cb + set $mauve #8839ef + set $red #d20f39 + set $maroon #e64553 + set $peach #fe640b + set $yellow #df8e1d + set $green #40a02b + set $teal #179299 + set $sky #04a5e5 + set $sapphire #209fb5 + set $blue #1e66f5 + set $lavender #7287fd + set $text #4c4f69 + set $subtext1 #5c5f77 + set $subtext0 #6c6f85 + set $overlay2 #7c7f93 + set $overlay1 #8c8fa1 + set $overlay0 #9ca0b0 + set $surface2 #acb0be + set $surface1 #bcc0cc + set $surface0 #ccd0da + set $base #eff1f5 + set $mantle #e6e9ef + set $crust #dce0e8 + + # target title bg text indicator border + client.focused $lavender $base $text $rosewater $lavender + client.focused_inactive $overlay0 $base $text $rosewater $overlay0 + client.unfocused $overlay0 $base $text $rosewater $overlay0 + client.urgent $peach $base $peach $overlay0 $peach + client.placeholder $overlay0 $base $text $overlay0 $overlay0 + client.background $base ''; }; From 2c710520304b395070ea6e1a248550b126f16431 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Feb 2025 22:33:46 +0100 Subject: [PATCH 797/904] home: x: cursors: switch to bibata Let's try some changes --- home/x/cursor.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/home/x/cursor.nix b/home/x/cursor.nix index 04378b0..aa3ebbb 100644 --- a/home/x/cursor.nix +++ b/home/x/cursor.nix @@ -16,12 +16,16 @@ in { config = mkIf cfg.enable { home.pointerCursor = { - package = pkgs.capitaine-cursors; - name = "capitaine-cursors"; - # available sizes for capitaine-cursors are: - # 24, 30, 36, 48, 60, 72 - size = 30; + #package = pkgs.capitaine-cursors; + #name = "capitaine-cursors"; + #package = pkgs.catppuccin-cursors.frappeDark; + #name = "catppuccin-frappe-dark-cursors"; + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + # https://unix.stackexchange.com/a/743543 + size = 24; x11.enable = true; + gtk.enable = true; }; }; } From 2e53d24159a968e576813512c83b1e13fba3ae65 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 18 Feb 2025 22:34:13 +0100 Subject: [PATCH 798/904] home: emacs: switch to nerdfont patched font --- home/emacs.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 5935972..8139f5e 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -27,7 +27,11 @@ in { # fonts used by my config emacs-all-the-icons-fonts - iosevka-bin + ; + + inherit + (pkgs.unstable.nerd-fonts) + iosevka ; }; # make sure above fonts are discoverable From b4d0d5f0a0964ea1f9354fa2191d5b7c405ae767 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Feb 2025 22:00:30 +0100 Subject: [PATCH 799/904] home: tmux: disable escape time How am I only finding out about this now? --- home/tmux.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tmux.nix b/home/tmux.nix index 3f72959..47f5cc3 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -19,6 +19,7 @@ in { config = mkIf cfg.enable { programs.tmux = { enable = true; + escapeTime = 0; baseIndex = 1; terminal = "screen-256color"; clock24 = true; From e14c5f31223514fc9c078d1ce19753d99bd17f13 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Feb 2025 22:00:56 +0100 Subject: [PATCH 800/904] talos: home: put some gaps in sway --- hosts/talos/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 68a8336..e4c87c8 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -149,6 +149,11 @@ in { client.urgent $peach $base $peach $overlay0 $peach client.placeholder $overlay0 $base $text $overlay0 $overlay0 client.background $base + + smart_borders on + default_border pixel 3 + gaps inner 5 + gaps outer 3 ''; }; From bce3b20232a613b788762e80496245a494437fc2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:12:44 +0100 Subject: [PATCH 801/904] Back out "hades: remove gitlab runners" This backs out commit 771ba29fb212d2fcb69d23c07483b0d7af74af19. --- hosts/hades/default.nix | 51 +++++++++++++++++++ hosts/hades/secrets.nix | 3 ++ .../gitlab-runner/hades-nix-runner-env.age | 8 +++ .../gitlab-runner/hades-runner-env.age | 7 +++ modules/secrets/secrets.nix | 2 + 5 files changed, 71 insertions(+) create mode 100644 modules/secrets/gitlab-runner/hades-nix-runner-env.age create mode 100644 modules/secrets/gitlab-runner/hades-runner-env.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 0117199..2b84d21 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -157,6 +157,57 @@ in { services = { openssh.enable = true; vnstat.enable = true; + + gitlab-runner = { + enable = true; + settings = { + concurrent = 4; + }; + services = { + nix = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-nix-runner-env".path; + dockerImage = "alpine"; + dockerVolumes = [ + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + ]; + dockerDisableCache = true; + preBuildScript = pkgs.writeScript "setup-container" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" + + . ${pkgs.nix}/etc/profile.d/nix.sh + + ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])} + + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable + ${pkgs.nix}/bin/nix-channel --update nixpkgs + + mkdir -p ~/.config/nix + echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf + ''; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; + }; + }; + default = { + authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-runner-env".path; + dockerImage = "debian:stable"; + }; + }; + }; }; virtualisation.docker.enable = true; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 390cc7e..2623fe8 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -13,6 +13,9 @@ // attrs; in lib.mapAttrs toSecret { + "gitlab-runner/hades-nix-runner-env" = {}; + "gitlab-runner/hades-runner-env" = {}; + "lohr/shared-secret" = {}; "matrix-synapse/secret-config" = { diff --git a/modules/secrets/gitlab-runner/hades-nix-runner-env.age b/modules/secrets/gitlab-runner/hades-nix-runner-env.age new file mode 100644 index 0000000..ce66f97 --- /dev/null +++ b/modules/secrets/gitlab-runner/hades-nix-runner-env.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw 0Qkzquxwa8PSNg6yq+CsfC4JfPLfxEIBKq1krrynlxg +QOHmNCQsV10zSnYvEeSpK95oXXlS+J4pw6EIR1KzxoU +-> ssh-ed25519 pX8y2g YbFzF2/mWizY4SOnNKzkcBEEsHYc1mTCpzWZ5vf6Zy0 +p2E9Uh0rWa8qbf2SvB5e4lxS+MEx5KGumKd28UHW0/0 +--- naIsBkYqZMgekqmxTgESGMuFIKoagS68mfXbid7k9e0 +U<"{24>e^*Cg f{vI_Foe3.6,cFK +$9]@{~L \ No newline at end of file diff --git a/modules/secrets/gitlab-runner/hades-runner-env.age b/modules/secrets/gitlab-runner/hades-runner-env.age new file mode 100644 index 0000000..b72657d --- /dev/null +++ b/modules/secrets/gitlab-runner/hades-runner-env.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 k2gHjw EQkuI0FlwczzVWR3wvx+lXUNd0NnUjpBhOhmmIJ8Xhk +SXMz4M9n7kcuacBkJUg//iLYLJ5qP2BlQnD2zALskuw +-> ssh-ed25519 pX8y2g fmzHtkHXHjHiva7dGs7Khof1VzMMj6CLC4oghYf7lEk +Yx6G693eo5EqviIj/8t5JWjziYCSSJlwDNG92FPc7ro +--- /vsxhnYSHZFsDJtDbl8TKTgDS/XwqkTOXB2isT6K+LY +bǙ) Date: Sat, 22 Feb 2025 16:14:29 +0100 Subject: [PATCH 802/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/254d47082e23dbf72fdeca1da6fe1da420f478d8' (2025-02-14) → 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/2eccff41bab80839b1d25b303b53d339fbb07087' (2025-02-06) → 'github:NixOS/nixos-hardware/18e9f9753e9ae261bcc7d3abe15745686991fd30' (2025-02-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0ff09db9d034a04acd4e8908820ba0b410d7a33a' (2025-02-12) → 'github:NixOS/nixpkgs/36864ed72f234b9540da4cf7a0c49e351d30d3f1' (2025-02-19) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index f567b65..dfac477 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1739570999, - "narHash": "sha256-eCc0/Q4bPpe4/AS+uzIrHLJcR6BxPQ69q2kD0/Qe6rU=", + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "owner": "nix-community", "repo": "home-manager", - "rev": "254d47082e23dbf72fdeca1da6fe1da420f478d8", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738816619, - "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", + "lastModified": 1740089251, + "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", + "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", "type": "github" }, "original": { @@ -312,11 +312,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1739357830, - "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", + "lastModified": 1739923778, + "narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", + "rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", "type": "github" }, "original": { From 53b9483da1decc2e0020bf1eaac2fa0e8cabf465 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 23 Feb 2025 20:04:55 +0100 Subject: [PATCH 803/904] Back out "flake.lock: Update" This backs out commit 61b72a89e773c77cdf30542fc1ec7dac581812a1. --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index dfac477..c42a97a 100644 --- a/flake.lock +++ b/flake.lock @@ -264,11 +264,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1739776882, - "narHash": "sha256-PAiogZP1rLOwSkoL8eNgnbcobe5AqIq+Zc8A9NNFv+A=", + "lastModified": 1737959576, + "narHash": "sha256-eEOiMxfxYSLa/8jcDZEK46TjqLO+8cJ5C9ufHXz1oIw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1ead14e49dfa47e91e68df64ef3dbf036809c742", + "rev": "970c26517231e07b71f3eaaa9aa2ebe539c354d3", "type": "github" }, "original": { From 9479b886fec75205fc8f04045b01f6d1b3ad1b6a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 804/904] hades: remove default runner --- hosts/hades/default.nix | 4 ---- hosts/hades/secrets.nix | 1 - modules/secrets/gitlab-runner/hades-runner-env.age | 7 ------- modules/secrets/secrets.nix | 1 - 4 files changed, 13 deletions(-) delete mode 100644 modules/secrets/gitlab-runner/hades-runner-env.age diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 2b84d21..dbbff5c 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -202,10 +202,6 @@ in { NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; }; }; - default = { - authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-runner-env".path; - dockerImage = "debian:stable"; - }; }; }; }; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 2623fe8..eb0fa3b 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -14,7 +14,6 @@ in lib.mapAttrs toSecret { "gitlab-runner/hades-nix-runner-env" = {}; - "gitlab-runner/hades-runner-env" = {}; "lohr/shared-secret" = {}; diff --git a/modules/secrets/gitlab-runner/hades-runner-env.age b/modules/secrets/gitlab-runner/hades-runner-env.age deleted file mode 100644 index b72657d..0000000 --- a/modules/secrets/gitlab-runner/hades-runner-env.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw EQkuI0FlwczzVWR3wvx+lXUNd0NnUjpBhOhmmIJ8Xhk -SXMz4M9n7kcuacBkJUg//iLYLJ5qP2BlQnD2zALskuw --> ssh-ed25519 pX8y2g fmzHtkHXHjHiva7dGs7Khof1VzMMj6CLC4oghYf7lEk -Yx6G693eo5EqviIj/8t5JWjziYCSSJlwDNG92FPc7ro ---- /vsxhnYSHZFsDJtDbl8TKTgDS/XwqkTOXB2isT6K+LY -bǙ) Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 805/904] services: lohr: bump commit --- services/lohr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/lohr.nix b/services/lohr.nix index a86a0b3..cc491a8 100644 --- a/services/lohr.nix +++ b/services/lohr.nix @@ -20,7 +20,7 @@ secrets = config.my.secrets; lohrPkg = let - flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd"; + flake = builtins.getFlake "github:alarsyo/lohr?rev=cdb5808c0ced349c027aa203fda52afe95782b26"; in flake.defaultPackage."x86_64-linux"; # FIXME: use correct system in { From 732f513eb58fcfc981d2b99c7f5f6f62d05c54bf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 806/904] talos: home: tweak font size --- hosts/talos/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index e4c87c8..339485b 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -71,7 +71,7 @@ in { }; fonts = { names = ["Iosevka Fixed" "FontAwesome6Free"]; - size = 8.0; + size = 9.0; }; bars = []; From 49de758a72ac0970ee51adfec7ba6707ef58cffc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 807/904] talos: home: enable touchpad swipe --- hosts/talos/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 339485b..8da7d9a 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -115,6 +115,9 @@ in { bindswitch --reload --locked lid:off output eDP-1 enable; bindswitch --reload --locked lid:on output eDP-1 disable; + bindgesture swipe:right workspace prev + bindgesture swipe:left workspace next + set $rosewater #dc8a78 set $flamingo #dd7878 set $pink #ea76cb From 1068a3a04126700836d5391f41bb621ced3ed4c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 808/904] talos: home: tweak colors for focused windows --- hosts/talos/home.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 8da7d9a..ebce731 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -145,12 +145,12 @@ in { set $mantle #e6e9ef set $crust #dce0e8 - # target title bg text indicator border - client.focused $lavender $base $text $rosewater $lavender - client.focused_inactive $overlay0 $base $text $rosewater $overlay0 - client.unfocused $overlay0 $base $text $rosewater $overlay0 - client.urgent $peach $base $peach $overlay0 $peach - client.placeholder $overlay0 $base $text $overlay0 $overlay0 + # target title bg text indicator border + client.focused $lavender $lavender $base $rosewater $lavender + client.focused_inactive $overlay0 $base $text $rosewater $overlay0 + client.unfocused $overlay0 $base $text $rosewater $overlay0 + client.urgent $peach $base $peach $overlay0 $peach + client.placeholder $overlay0 $base $text $overlay0 $overlay0 client.background $base smart_borders on From 428fb20ecf16e73ba8191710ad86c6b16e7e2fd4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 809/904] home: tmux: switch to catppuccin for tmux theme --- home/tmux.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/home/tmux.nix b/home/tmux.nix index 47f5cc3..45401c3 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -34,9 +34,10 @@ in { ''; } { - plugin = tmuxPlugins.tmux-colors-solarized; + plugin = pkgs.tmuxPlugins.catppuccin; extraConfig = '' - set -g @colors-solarized 'light' + set -g @catppuccin_flavor 'latte' + set -g @catppuccin_window_status_style "rounded" ''; } ]; From ced4f2be27f7382a4d5d5a9b55dec9d267dae65e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 810/904] talos: home: setup wlsunset --- hosts/talos/home.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index ebce731..519822a 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -23,8 +23,19 @@ in { my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - # TODO: place in global home conf - services.dunst.enable = true; + services = { + # TODO: place in global home conf + dunst.enable = true; + wlsunset = { + enable = true; + latitude = 48.9; + longitude = 2.3; + temperature = { + day = 6500; + night = 3500; + }; + }; + }; home.packages = builtins.attrValues { inherit From 9045c7dcd4c8c8bc7d8de09fa42435eda0c04f7d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 811/904] talos: home: setup darkman --- hosts/talos/default.nix | 9 +++++++++ hosts/talos/home.nix | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 1b475c4..422cc56 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -158,6 +158,8 @@ environment.systemPackages = [ pkgs.foot + # FIXME: is this needed? + pkgs.darkman ]; #programs.hyprland.enable = true; @@ -166,6 +168,13 @@ wrapperFeatures.gtk = true; }; + # TODO: These are overriden by files from + # ~/.config/xdg-desktop-portal/sway-portals.conf so they should be moved to + # home + xdg.portal.config.sway = { + "org.freedesktop.impl.portal.Settings" = "darkman"; + }; + # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 519822a..6c666ad 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -35,6 +35,13 @@ in { night = 3500; }; }; + darkman = { + enable = true; + settings = { + lat = 48.9; + lng = 2.3; + }; + }; }; home.packages = builtins.attrValues { From 119954200eadd58ffb8a707928fb8e1d2a28e010 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 22 Feb 2025 16:14:32 +0100 Subject: [PATCH 812/904] talos: fix Firefox inhibit behavior See https://github.com/flatpak/xdg-desktop-portal-gtk/issues/465 for details about the issue. TL;DR: x-d-p-gtk doesn't report a failure to handle the idle inhibit to Firefox, so Firefox doesn't fallback to the Wayland protocol. --- hosts/talos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 422cc56..a8e3cd9 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -173,6 +173,7 @@ # home xdg.portal.config.sway = { "org.freedesktop.impl.portal.Settings" = "darkman"; + "org.freedesktop.impl.portal.Inhibit" = "none"; }; # Copy the NixOS configuration file and link it from the resulting system From e758c5f21590108d3f13efde9e3a5f0216c06434 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 28 Feb 2025 12:36:08 +0100 Subject: [PATCH 813/904] home: add jj config and add jj to home path --- base/programs.nix | 1 - home/default.nix | 1 + home/jj.nix | 8 +++++ home/jj/config.toml | 71 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 home/jj.nix create mode 100644 home/jj/config.toml diff --git a/base/programs.nix b/base/programs.nix index 08a62ad..3655de8 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -30,7 +30,6 @@ pciutils usbutils # development - jujutsu git git-crypt git-lfs diff --git a/home/default.nix b/home/default.nix index 6cdce61..570fbd4 100644 --- a/home/default.nix +++ b/home/default.nix @@ -10,6 +10,7 @@ ./flameshot.nix ./git.nix ./gtk.nix + ./jj.nix ./laptop.nix ./mail.nix ./rbw.nix diff --git a/home/jj.nix b/home/jj.nix new file mode 100644 index 0000000..5f266f8 --- /dev/null +++ b/home/jj.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + home.packages = [ + pkgs.jujutsu + ]; + xdg.configFile = { + "jj/config.toml".source = ./jj/config.toml; + }; +} diff --git a/home/jj/config.toml b/home/jj/config.toml new file mode 100644 index 0000000..9d71fae --- /dev/null +++ b/home/jj/config.toml @@ -0,0 +1,71 @@ +[user] +name = "Antoine Martin" +email = "antoine@alarsyo.net" + +[ui] +diff-editor = ":builtin" +paginate = "auto" +editor = "vim" +pager = "less -FRX" +default-command = "log" + +[ui.movement] +edit = false + +[git] +subprocess = true + +[snapshot] +auto-track = "none()" + +[aliases] +pdiff = ["diff", "-r", "@-"] +tug = ["bookmark", "move", "--from", "closest_bookmark(@-)", "--to", "@-"] +ll = ["log", "-T", "builtin_log_detailed"] +l = ["log", "-T", "builtin_log_compact"] + +[revset-aliases] +'closest_bookmark(to)' = 'heads(::to & bookmarks())' + +[templates] +log = "builtin_log_comfortable" + +log_node = ''' +coalesce( + if(!self, label("elided", "~")), + label( + separate(" ", + if(current_working_copy, "working_copy"), + if(immutable, "immutable"), + if(conflict, "conflict"), + if(description.starts_with("wip:"), "wip"), + if(description.starts_with("private:"), "private"), + ), + coalesce( + if(current_working_copy, "@"), + if(immutable, "◆"), + if(conflict, "×"), + if(description.starts_with("wip:"), "🔒"), + if(description.starts_with("private:"), "🔒"), + "○", + ) + ) +) +''' + +[template-aliases] + +[[--scope]] +--when.repositories = ["~/work/lrde/"] +[--scope.user] +email = "amartin@lrde.epita.fr" + +[[--scope]] +--when.repositories = ["~/work/prologin/"] +[--scope.user] +email = "antoine.martin@prologin.org" + +[[--scope]] +--when.repositories = ["~/work/epita/"] +[--scope.user] +email = "antoine4.martin@epita.fr" From 75e6492a415c7ce8ea17286ca5118cb980fb6e99 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 28 Feb 2025 14:36:27 +0100 Subject: [PATCH 814/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/18e9f9753e9ae261bcc7d3abe15745686991fd30' (2025-02-20) → 'github:NixOS/nixos-hardware/009b764ac98a3602d41fc68072eeec5d24fc0e49' (2025-02-27) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/36864ed72f234b9540da4cf7a0c49e351d30d3f1' (2025-02-19) → 'github:NixOS/nixpkgs/f44bd8ca21e026135061a0a57dcf3d0775b67a49' (2025-02-26) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c42a97a..f8bf6e7 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740089251, - "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", + "lastModified": 1740646007, + "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", + "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", "type": "github" }, "original": { @@ -312,11 +312,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1739923778, - "narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", + "lastModified": 1740603184, + "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", + "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", "type": "github" }, "original": { From 6dab695fed9cf10dd3e83daa5d5c7e1562618a37 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 28 Feb 2025 15:10:20 +0100 Subject: [PATCH 815/904] flake: use nixpkgs for jujutsu input --- flake.lock | 22 ++++------------------ flake.nix | 1 + 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index f8bf6e7..448fcb5 100644 --- a/flake.lock +++ b/flake.lock @@ -177,7 +177,9 @@ "jujutsu": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": [ + "nixpkgs" + ], "rust-overlay": "rust-overlay" }, "locked": { @@ -295,22 +297,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1731890469, - "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5083ec887760adfe12af64830a66807423a859a7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1740603184, "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", @@ -335,7 +321,7 @@ "jujutsu": "jujutsu", "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } }, diff --git a/flake.nix b/flake.nix index 01005c3..6d36b6b 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,7 @@ owner = "jj-vcs"; repo = "jj"; ref = "v0.26.0"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; From ba4d2ef80ccdfe4aac82c3e87d0ef8ace7de42a3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 28 Feb 2025 15:10:20 +0100 Subject: [PATCH 816/904] home: jj: log and status as default command --- home/jj/config.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/jj/config.toml b/home/jj/config.toml index 9d71fae..730916e 100644 --- a/home/jj/config.toml +++ b/home/jj/config.toml @@ -7,7 +7,7 @@ diff-editor = ":builtin" paginate = "auto" editor = "vim" pager = "less -FRX" -default-command = "log" +default-command = "logstatus" [ui.movement] edit = false @@ -23,6 +23,7 @@ pdiff = ["diff", "-r", "@-"] tug = ["bookmark", "move", "--from", "closest_bookmark(@-)", "--to", "@-"] ll = ["log", "-T", "builtin_log_detailed"] l = ["log", "-T", "builtin_log_compact"] +logstatus = ["util", "exec", "--", "sh", "-c", "jj status && jj log"] [revset-aliases] 'closest_bookmark(to)' = 'heads(::to & bookmarks())' From 249683949d372e9cdc86575502b04b8c1ced0711 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 1 Mar 2025 21:11:06 +0100 Subject: [PATCH 817/904] home: emacs: bump to emacs 30 --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 8139f5e..8b46881 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -46,7 +46,7 @@ in { programs.emacs = { enable = true; - package = pkgs.emacs29-pgtk; + package = pkgs.emacs30-pgtk; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; }; }; From dfcae02467cc44fdb3948673e77219d8f6c7448e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:38 +0100 Subject: [PATCH 818/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f44bd8ca21e026135061a0a57dcf3d0775b67a49' (2025-02-26) → 'github:NixOS/nixpkgs/6af28b834daca767a7ef99f8a7defa957d0ade6f' (2025-03-04) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 448fcb5..d5cd130 100644 --- a/flake.lock +++ b/flake.lock @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1740603184, - "narHash": "sha256-t+VaahjQAWyA+Ctn2idyo1yxRIYpaDxMgHkgCNiMJa4=", + "lastModified": 1741048562, + "narHash": "sha256-W4YZ3fvWZiFYYyd900kh8P8wU6DHSiwaH0j4+fai1Sk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f44bd8ca21e026135061a0a57dcf3d0775b67a49", + "rev": "6af28b834daca767a7ef99f8a7defa957d0ade6f", "type": "github" }, "original": { From 3d405d43f161051ef4caab2189d42d37a9443e7d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:45 +0100 Subject: [PATCH 819/904] flake: bump jj to v0.27.0 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index d5cd130..5d4fe9d 100644 --- a/flake.lock +++ b/flake.lock @@ -183,16 +183,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1738805560, - "narHash": "sha256-jGy+0VDxQrgNhj+eX06FRhPP31V8QZVAM4j4yBosAGE=", + "lastModified": 1741218530, + "narHash": "sha256-fBgJrSglH46+NHu3spk5mC51ASDHWnOoW6veKZ0R2YA=", "owner": "jj-vcs", "repo": "jj", - "rev": "613742dfbbd89324b25672a75ef8ce9e671ae0d3", + "rev": "6ce7a77da5a18343f4f3effef49b77428e43bc74", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.26.0", + "ref": "v0.27.0", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index 6d36b6b..7756c0d 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.26.0"; + ref = "v0.27.0"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From 13b76ea50bf48bb82cbe05a65d1e73abb0165744 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:45 +0100 Subject: [PATCH 820/904] home: i3bar: only enable when i3 is used notmuch is broken in nixpkgs right now and i3status-rust depended on it. This broke my config's build, but I don't actually use i3status-rust anymore since I switched to Sway on Wayland. --- home/x/i3bar.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/x/i3bar.nix b/home/x/i3bar.nix index 3ac8b63..a00e483 100644 --- a/home/x/i3bar.nix +++ b/home/x/i3bar.nix @@ -13,7 +13,7 @@ types ; - isEnabled = config.my.home.x.enable; + isEnabled = config.my.home.x.i3.enable; i3BarTheme = config.my.theme.i3BarTheme; cfg = config.my.home.x.i3bar; in { From b17195c0cf0b520f87e24df10031843eda64e43d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:45 +0100 Subject: [PATCH 821/904] talos: home: include font-awesome Since this was removed when disabling the i3bar module in the previous commit, enable locally. --- hosts/talos/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 6c666ad..f9e9f06 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -49,6 +49,7 @@ in { (pkgs) ansel chromium # some websites only work there :( + font-awesome # for pretty icons nwg-displays shikane # output autoconfig swaybg From f083325b4a048e54b6f19c966f577aac113dbc59 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:45 +0100 Subject: [PATCH 822/904] home: jj: drop fancy icon from log This messes with the graph formatting when history is not linear because the fancy icon's width is non-standard --- home/jj/config.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/jj/config.toml b/home/jj/config.toml index 730916e..c407a1e 100644 --- a/home/jj/config.toml +++ b/home/jj/config.toml @@ -46,8 +46,8 @@ coalesce( if(current_working_copy, "@"), if(immutable, "◆"), if(conflict, "×"), - if(description.starts_with("wip:"), "🔒"), - if(description.starts_with("private:"), "🔒"), + if(description.starts_with("wip:"), "!"), + if(description.starts_with("private:"), "!"), "○", ) ) From 95c5fe1b49d5d336d491b47071b18cdf602ec89d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:45 +0100 Subject: [PATCH 823/904] home: jj: add better commit draft templates --- home/jj/config.toml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/home/jj/config.toml b/home/jj/config.toml index c407a1e..71d50e7 100644 --- a/home/jj/config.toml +++ b/home/jj/config.toml @@ -54,7 +54,23 @@ coalesce( ) ''' +draft_commit_description = "commit_description_verbose(self)" + [template-aliases] +"commit_description_verbose(commit)" = ''' +concat( + commit_description(commit), + "JJ: ignore-rest\n", + diff.git(), +) +''' +"commit_description(commit)" = ''' +concat( + commit.description(), "\n", + "JJ: This commit contains the following changes:\n", + indent("JJ: ", diff.stat(72)), +) +''' [[--scope]] --when.repositories = ["~/work/lrde/"] From c42ed3a2d1fd633d72eb982e8faba49f3a777916 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 6 Mar 2025 16:33:45 +0100 Subject: [PATCH 824/904] base: gui: use Qt6 Okular --- base/gui-programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 0a0e47c..7057c85 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -78,7 +78,7 @@ in { zathura ; - inherit (pkgs.libsForQt5) okular; + inherit (pkgs.kdePackages) okular; }; networking.networkmanager.enable = true; From 5fd40cdc6c538e9303b5ddca69c73abc09c2a713 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 15:59:35 +0100 Subject: [PATCH 825/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/009b764ac98a3602d41fc68072eeec5d24fc0e49' (2025-02-27) → 'github:NixOS/nixos-hardware/e1f12151258b12c567f456d8248e4694e9390613' (2025-03-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6af28b834daca767a7ef99f8a7defa957d0ade6f' (2025-03-04) → 'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0' (2025-03-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 5d4fe9d..aa9e3f6 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740646007, - "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", + "lastModified": 1741792691, + "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", + "rev": "e1f12151258b12c567f456d8248e4694e9390613", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1741048562, - "narHash": "sha256-W4YZ3fvWZiFYYyd900kh8P8wU6DHSiwaH0j4+fai1Sk=", + "lastModified": 1741862977, + "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6af28b834daca767a7ef99f8a7defa957d0ade6f", + "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", "type": "github" }, "original": { From 93e1e226ee1dfdd532d91972182291f6bd8c46a2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 826/904] base: add shellcheck to base programs --- base/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/base/programs.nix b/base/programs.nix index 3655de8..064c3e1 100644 --- a/base/programs.nix +++ b/base/programs.nix @@ -36,6 +36,7 @@ gnumake gnupg python3 + shellcheck vim # terminal utilities htop From c5c41c89f74643337e83b97d307cb552945f08f4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 827/904] home: tridactyl: add typing websites to blackist --- home/tridactylrc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/tridactylrc b/home/tridactylrc index bad4eaa..9e0442c 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -33,6 +33,8 @@ set editorcmd emacsclient -c set yankto both blacklistadd calendar.google.com +blacklistadd keybr.com +blacklistadd ergol.org blacklistadd jellyfin.alarsyo.net blacklistadd localhost blacklistadd netflix.com From 90a09cc82b1d55f302e84603bba6252f86c203a4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 828/904] home: leave gtkrc 2.0 in its default location --- home/gtk.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/home/gtk.nix b/home/gtk.nix index a0738f4..7be7d77 100644 --- a/home/gtk.nix +++ b/home/gtk.nix @@ -20,7 +20,11 @@ in { gtk2 = { # No garbage polluting my $HOME - configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; + # + # I had this enabled but some program somehow couldn't find my + # configuration there. I think it was nm-applet. + # + #configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; }; iconTheme = { From cd29dc0aa8ea3f7d841adc18ce782d04b631c711 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 829/904] talos: add gnome-solanum to home packages This is a Pomodoro timer. --- hosts/talos/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index f9e9f06..9513e08 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -50,6 +50,7 @@ in { ansel chromium # some websites only work there :( font-awesome # for pretty icons + gnome-solanum nwg-displays shikane # output autoconfig swaybg From bac6d9c7fbc1f498a003be7512894906a4fb1746 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 830/904] todo: add current wishlist --- todo.org | 3 +++ 1 file changed, 3 insertions(+) diff --git a/todo.org b/todo.org index 814009b..d1a045d 100644 --- a/todo.org +++ b/todo.org @@ -3,3 +3,6 @@ https://github.com/quexten/goldwarden * TODO Setup sway correctly +** TODO This includes moving it to a proper module + +* TODO Create an adwaita package with symlinks for nm-applet icons From e437af78b4d39144b831e64829dc0a07d9bedb19 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 831/904] ci: bump actions --- .github/workflows/cachix.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index 5af64f6..4b2eebe 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v31 - name: Run alejandra run: nix develop --command alejandra --check . @@ -26,9 +26,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v15 + - uses: cachix/cachix-action@v16 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -55,9 +55,9 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v15 + - uses: cachix/cachix-action@v16 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -86,9 +86,9 @@ jobs: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v15 + - uses: cachix/cachix-action@v16 with: name: alarsyo authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From 4da4aecd99b73fef90f556c621b61923e99870a7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 832/904] flake: bump Lix input --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index aa9e3f6..4714810 100644 --- a/flake.lock +++ b/flake.lock @@ -200,15 +200,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "lastModified": 1741509550, + "narHash": "sha256-O7+c7MYOvKnGhE5qwRqV+q0NePEtiz6spM1Mfu/Heck=", + "rev": "0d1f794178d42bfa1ef40ecb80be514139779184", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/0d1f794178d42bfa1ef40ecb80be514139779184.tar.gz?rev=0d1f794178d42bfa1ef40ecb80be514139779184" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -221,15 +221,15 @@ ] }, "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "b90bf629bbd835e61f1317b99e12f8c831017006", + "lastModified": 1741892773, + "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", + "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/b90bf629bbd835e61f1317b99e12f8c831017006.tar.gz?rev=b90bf629bbd835e61f1317b99e12f8c831017006" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-1.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 7756c0d..b68cf00 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 863df49b7cbadd9d6a11e82e48691c415b66698c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 833/904] home: tridactyl: use ergo-l for hints --- home/tridactylrc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/tridactylrc b/home/tridactylrc index 9e0442c..6b2313d 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -5,6 +5,11 @@ " as an enforced single point of truth for Tridactyl's configuration. sanitize tridactyllocal tridactylsync +" Ergo-L chars, alternating between right and left hand. I also omitted +" punctuation like `-` and `,`. Tridactyl supports it but the visual hints won't +" look as good. +set hintchars rnteisualfhvdockzgxyq + " Ctrl-F should use the browser's native 'find' functionality. unbind From 7cc542e27f5e864134c4196b60157ed73254c812 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 834/904] home: jj: add changelog commit description For this commit, this would generate something like ``` * home/jj/config.toml: ``` automatically. --- home/jj/config.toml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/home/jj/config.toml b/home/jj/config.toml index 71d50e7..61df550 100644 --- a/home/jj/config.toml +++ b/home/jj/config.toml @@ -64,6 +64,24 @@ concat( diff.git(), ) ''' +"commit_description_verbose_changelog(commit)" = ''' +concat( + commit_description_changelog(commit), + "JJ: ignore-rest\n", + diff.git(), +) +''' +"commit_description_changelog(commit)" = ''' +concat( + commit.description(), "\n", + surround("", "\n", diff.files().map(|f| if(!commit.description().contains(f.path()), + "* " ++ f.path() ++ ":\n" + ) + ).join("")), + "JJ: This commit contains the following changes:\n", + indent("JJ: ", diff.stat(72)), +) +''' "commit_description(commit)" = ''' concat( commit.description(), "\n", From 20647c820fc808690fbf86b738899b61f66b0ae6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 835/904] home: jj: dryer changelog template --- home/jj/config.toml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/home/jj/config.toml b/home/jj/config.toml index 61df550..653bb25 100644 --- a/home/jj/config.toml +++ b/home/jj/config.toml @@ -64,20 +64,20 @@ concat( diff.git(), ) ''' -"commit_description_verbose_changelog(commit)" = ''' +"changelog_entry(file)" = ''' concat( - commit_description_changelog(commit), - "JJ: ignore-rest\n", - diff.git(), + "* ", + f.path(), + ":\n", ) ''' "commit_description_changelog(commit)" = ''' concat( commit.description(), "\n", - surround("", "\n", diff.files().map(|f| if(!commit.description().contains(f.path()), - "* " ++ f.path() ++ ":\n" - ) - ).join("")), + surround("", "\n", diff.files().map(|f| if(!commit.description().contains(changelog_entry(f)), + changelog_entry(f) + ) + ).join("")), "JJ: This commit contains the following changes:\n", indent("JJ: ", diff.stat(72)), ) From 7639a0deddef8f375cfa19128a9165b6ac367276 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 15 Mar 2025 16:14:40 +0100 Subject: [PATCH 836/904] home: jj: check for filepath only In case I manually edit some changelog entries to look like * path1.txt, path2.txt: changes described here. --- home/jj/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/jj/config.toml b/home/jj/config.toml index 653bb25..fd339cd 100644 --- a/home/jj/config.toml +++ b/home/jj/config.toml @@ -74,7 +74,7 @@ concat( "commit_description_changelog(commit)" = ''' concat( commit.description(), "\n", - surround("", "\n", diff.files().map(|f| if(!commit.description().contains(changelog_entry(f)), + surround("", "\n", diff.files().map(|f| if(!commit.description().contains(f.path()), changelog_entry(f) ) ).join("")), From 75d1bc84a99c307284d7bcc75e99a40f638eabde Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Mar 2025 13:06:42 +0100 Subject: [PATCH 837/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/970c26517231e07b71f3eaaa9aa2ebe539c354d3' (2025-01-27) → 'github:NixOS/nixpkgs/fa6ab1d7fdf29a4ff0ac65f01ffdaea84f105280' (2025-03-21) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4714810..697d246 100644 --- a/flake.lock +++ b/flake.lock @@ -266,11 +266,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1737959576, - "narHash": "sha256-eEOiMxfxYSLa/8jcDZEK46TjqLO+8cJ5C9ufHXz1oIw=", + "lastModified": 1742541432, + "narHash": "sha256-hPzDbmo3T64R1rt8i8WonR/4VrSbE8ZxY6wFIguC4sc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "970c26517231e07b71f3eaaa9aa2ebe539c354d3", + "rev": "fa6ab1d7fdf29a4ff0ac65f01ffdaea84f105280", "type": "github" }, "original": { From a1b2fdabe4e7227bc17c06291d0b68eb298a576f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 19 Mar 2025 23:31:32 +0100 Subject: [PATCH 838/904] home: add monkeytype to tridactyl blacklist --- home/tridactylrc | 1 + 1 file changed, 1 insertion(+) diff --git a/home/tridactylrc b/home/tridactylrc index 6b2313d..b0b07d2 100644 --- a/home/tridactylrc +++ b/home/tridactylrc @@ -40,6 +40,7 @@ set yankto both blacklistadd calendar.google.com blacklistadd keybr.com blacklistadd ergol.org +blacklistadd monkeytype.com blacklistadd jellyfin.alarsyo.net blacklistadd localhost blacklistadd netflix.com From cad74df9fa03db0163a4c3eb2c8d396c4838f210 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Mar 2025 09:10:27 +0100 Subject: [PATCH 839/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe?narHash=sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA%3D' (2025-02-17) → 'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff?narHash=sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ%3D' (2025-03-22) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e1f12151258b12c567f456d8248e4694e9390613?narHash=sha256-f0BVt1/cvA0DQ/q3rB%2BHY4g4tKksd03ZkzI4xehC2Ew%3D' (2025-03-12) → 'github:NixOS/nixos-hardware/380ed15bcd6440606c6856db44a99140d422b46f?narHash=sha256-yJ3OOAmsGAxSl0bTmKUp3%2BcEYtSS%2BV6hUPK2rYhIPr8%3D' (2025-03-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0?narHash=sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB%2Bikn74/xQoNrGQ%3D' (2025-03-13) → 'github:NixOS/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092?narHash=sha256-rBfc%2BH1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE%3D' (2025-03-23) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 697d246..274cf09 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1742655702, + "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741792691, - "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", + "lastModified": 1742631601, + "narHash": "sha256-yJ3OOAmsGAxSl0bTmKUp3+cEYtSS+V6hUPK2rYhIPr8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1f12151258b12c567f456d8248e4694e9390613", + "rev": "380ed15bcd6440606c6856db44a99140d422b46f", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1741862977, - "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", + "lastModified": 1742751704, + "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", + "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "type": "github" }, "original": { From 03346040e01c988ff03bf0c34519529051023a2c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Mar 2025 10:12:14 +0100 Subject: [PATCH 840/904] flake: disable Lix module Since https://github.com/NixOS/nixpkgs/pull/391983 was merged in nixos-24.11, the Lix module needs a bump as well to avoid applying that patch twice, which breaks the build. Let's wait for an update. --- flake.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index b68cf00..d0f7076 100644 --- a/flake.nix +++ b/flake.nix @@ -112,7 +112,8 @@ [ agenix.nixosModules.default home-manager.nixosModules.default - lix-module.nixosModules.default + # FIXME: this is temporarily broken, will need a bump of the Lix module + # lix-module.nixosModules.default { nixpkgs = { overlays = shared_overlays; From 6e7706cb25ff6faaaa7bb1389cad646eec4c3c15 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Mar 2025 10:12:14 +0100 Subject: [PATCH 841/904] flake: re-enable lix module --- flake.lock | 10 +++++----- flake.nix | 5 ++--- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 274cf09..ed74799 100644 --- a/flake.lock +++ b/flake.lock @@ -221,15 +221,15 @@ ] }, "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index d0f7076..512c55c 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -112,8 +112,7 @@ [ agenix.nixosModules.default home-manager.nixosModules.default - # FIXME: this is temporarily broken, will need a bump of the Lix module - # lix-module.nixosModules.default + lix-module.nixosModules.default { nixpkgs = { overlays = shared_overlays; From b87266d7abdeb0a1b07926eda8b58019eeac7678 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Mar 2025 10:12:14 +0100 Subject: [PATCH 842/904] lohr: add codeberg --- .lohr | 1 + 1 file changed, 1 insertion(+) diff --git a/.lohr b/.lohr index c20d109..5450957 100644 --- a/.lohr +++ b/.lohr @@ -1,3 +1,4 @@ git@github.com:alarsyo/nixos-config git@gitlab.com:alarsyo/nixos-config git@git.sr.ht:~alarsyo/nixos-config +git@codeberg.org:alarsyo/nixos-config From cc648521e2e667bd2cad650ba73cfd674840757f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 24 Mar 2025 10:12:14 +0100 Subject: [PATCH 843/904] talos: enable qmk udev rules --- hosts/talos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index a8e3cd9..f129e62 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -137,6 +137,7 @@ settings.General.Experimental = true; }; + hardware.keyboard.qmk.enable = true; # Configure console keymap console.keyMap = "us"; From 7c94090793f3c66205c0d594aaca23003d201191 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 31 Mar 2025 14:38:13 +0200 Subject: [PATCH 844/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff?narHash=sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ%3D' (2025-03-22) → 'github:nix-community/home-manager/15c5f9d04fabd176f30286c8f52bbdb2c853a146?narHash=sha256-24N3NAuZZbYqZ39NgToZgHUw6M7xHrtrAm18kv0%2B2Wo%3D' (2025-03-31) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/380ed15bcd6440606c6856db44a99140d422b46f?narHash=sha256-yJ3OOAmsGAxSl0bTmKUp3%2BcEYtSS%2BV6hUPK2rYhIPr8%3D' (2025-03-22) → 'github:NixOS/nixos-hardware/de6fc5551121c59c01e2a3d45b277a6d05077bc4?narHash=sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo%3D' (2025-03-31) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092?narHash=sha256-rBfc%2BH1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE%3D' (2025-03-23) → 'github:NixOS/nixpkgs/7ffe0edc685f14b8c635e3d6591b0bbb97365e6c?narHash=sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI%3D' (2025-03-30) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ed74799..6cb6110 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1743387206, + "narHash": "sha256-24N3NAuZZbYqZ39NgToZgHUw6M7xHrtrAm18kv0+2Wo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "15c5f9d04fabd176f30286c8f52bbdb2c853a146", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742631601, - "narHash": "sha256-yJ3OOAmsGAxSl0bTmKUp3+cEYtSS+V6hUPK2rYhIPr8=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "380ed15bcd6440606c6856db44a99140d422b46f", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1742751704, - "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", + "lastModified": 1743367904, + "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", + "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", "type": "github" }, "original": { From 059e43b3c5760dfbf1e482026ccba9d2a500a150 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Apr 2025 11:14:44 +0200 Subject: [PATCH 845/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'lix-module/flake-utils': 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a?narHash=sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ%3D' (2024-03-11) → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b?narHash=sha256-l0KFg5HjrsfsO/JpG%2Br7fRrqm12kzFHyUHqHCVpMMbI%3D' (2024-11-13) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/0d1f794178d42bfa1ef40ecb80be514139779184.tar.gz?narHash=sha256-O7%2Bc7MYOvKnGhE5qwRqV%2Bq0NePEtiz6spM1Mfu/Heck%3D&rev=0d1f794178d42bfa1ef40ecb80be514139779184' (2025-03-09) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?narHash=sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW%2BDvDtuv9SwQZZcs%3D&rev=079528098f5998ba13c88821a2eca1005c1695de' (2025-01-18) --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 6cb6110..36e3e3e 100644 --- a/flake.lock +++ b/flake.lock @@ -104,11 +104,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1741509550, - "narHash": "sha256-O7+c7MYOvKnGhE5qwRqV+q0NePEtiz6spM1Mfu/Heck=", - "rev": "0d1f794178d42bfa1ef40ecb80be514139779184", + "lastModified": 1737234286, + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/0d1f794178d42bfa1ef40ecb80be514139779184.tar.gz?rev=0d1f794178d42bfa1ef40ecb80be514139779184" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", From 8c7a58f2a44e898ff8bcddd4585fe832833b3db8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Apr 2025 11:15:06 +0200 Subject: [PATCH 846/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/15c5f9d04fabd176f30286c8f52bbdb2c853a146?narHash=sha256-24N3NAuZZbYqZ39NgToZgHUw6M7xHrtrAm18kv0%2B2Wo%3D' (2025-03-31) → 'github:nix-community/home-manager/a9f8b3db211b4609ddd83683f9db89796c7f6ac6?narHash=sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT%2BPpMao6FbLJSr0%3D' (2025-04-04) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7ffe0edc685f14b8c635e3d6591b0bbb97365e6c?narHash=sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI%3D' (2025-03-30) → 'github:NixOS/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6?narHash=sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p%2BjElwxaM%3D' (2025-04-05) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 36e3e3e..89f89fb 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1743387206, - "narHash": "sha256-24N3NAuZZbYqZ39NgToZgHUw6M7xHrtrAm18kv0+2Wo=", + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", "owner": "nix-community", "repo": "home-manager", - "rev": "15c5f9d04fabd176f30286c8f52bbdb2c853a146", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1743367904, - "narHash": "sha256-sOos1jZGKmT6xxPvxGQyPTApOunXvScV4lNjBCXd/CI=", + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffe0edc685f14b8c635e3d6591b0bbb97365e6c", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", "type": "github" }, "original": { From 1e2d97c1f5354305282b8e486420ebae89f9e031 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Apr 2025 15:40:40 +0200 Subject: [PATCH 847/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41?narHash=sha256-b%2Buqzj%2BWa6xgMS9aNbX4I%2BsXeb5biPDi39VgvSFqFvU%3D' (2024-08-10) → 'github:ryantm/agenix/e600439ec4c273cf11e06fe4d9d906fb98fa097c?narHash=sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA%3D' (2025-01-15) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 89f89fb..7f0aff2 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { From 0c30a33d1c699f123b87fd7e7781a569b0e2a83c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Apr 2025 15:43:45 +0200 Subject: [PATCH 848/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/2814a5224a47ca19e858e027f7e8bff74a8ea9f1?narHash=sha256-2uMaVAZn7fiyTUGhKgleuLYe5%2BEAAYB/diKxrM7g3as%3D' (2024-11-30) → 'github:nix-community/disko/329d3d7e8bc63dd30c39e14e6076db590a6eabe6?narHash=sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY%3D' (2025-04-02) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/8edf06bea5bcbee082df1b7369ff973b91618b8d?narHash=sha256-sQxuJm8rHY20xq6Ah%2BGwIUkF95tWjGRd1X8xF%2BPkk38%3D' (2024-11-22) → 'github:NixOS/nixpkgs/eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f?narHash=sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY%3D' (2025-03-29) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7f0aff2..924c6db 100644 --- a/flake.lock +++ b/flake.lock @@ -48,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1732988076, - "narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=", + "lastModified": 1743598667, + "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=", "owner": "nix-community", "repo": "disko", - "rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1", + "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1732238832, - "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", + "lastModified": 1743259260, + "narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", + "rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f", "type": "github" }, "original": { From 9136f94169dce502159bcdf737d1080d81504442 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Apr 2025 15:44:57 +0200 Subject: [PATCH 849/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'jujutsu/rust-overlay': 'github:oxalica/rust-overlay/a229311fcb45b88a95fdfa5cecd8349c809a272a?narHash=sha256-NWI8csIK0ujFlFuEXKnoc%2B7hWoCiEtINK9r48LUUMeU%3D' (2024-11-22) → 'github:oxalica/rust-overlay/60766d63c227d576510ecfb5edd3a687d56f6bc7?narHash=sha256-IwdSl51NL6V0f%2BmYXZR0UTKaGleOsk9zV3l6kt5SUWw%3D' (2025-03-24) --- flake.lock | 14 +++++++------- flake.nix | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 924c6db..1b278da 100644 --- a/flake.lock +++ b/flake.lock @@ -183,16 +183,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1741218530, - "narHash": "sha256-fBgJrSglH46+NHu3spk5mC51ASDHWnOoW6veKZ0R2YA=", + "lastModified": 1743824718, + "narHash": "sha256-LDMHMFg9fjEMi8I2Fc3TEyWMctqJurAbckubCgkkZiM=", "owner": "jj-vcs", "repo": "jj", - "rev": "6ce7a77da5a18343f4f3effef49b77428e43bc74", + "rev": "3aac8d21e6327c343af0c91e9b7451ee8a40aa58", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.27.0", + "ref": "v0.28.1", "repo": "jj", "type": "github" } @@ -333,11 +333,11 @@ ] }, "locked": { - "lastModified": 1732242723, - "narHash": "sha256-NWI8csIK0ujFlFuEXKnoc+7hWoCiEtINK9r48LUUMeU=", + "lastModified": 1742783666, + "narHash": "sha256-IwdSl51NL6V0f+mYXZR0UTKaGleOsk9zV3l6kt5SUWw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a229311fcb45b88a95fdfa5cecd8349c809a272a", + "rev": "60766d63c227d576510ecfb5edd3a687d56f6bc7", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 512c55c..26db0ea 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.27.0"; + ref = "v0.28.1"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From 3eb5c0c48d7049e2a61dcadab428bcb587fe2502 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 7 Apr 2025 15:45:18 +0200 Subject: [PATCH 850/904] flake: bump jj to 0.28.2 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 1b278da..da4f537 100644 --- a/flake.lock +++ b/flake.lock @@ -183,16 +183,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1743824718, - "narHash": "sha256-LDMHMFg9fjEMi8I2Fc3TEyWMctqJurAbckubCgkkZiM=", + "lastModified": 1744040552, + "narHash": "sha256-EAD40ZZr6VK4w9OuYzx2YcVgOODopF7IWN7GVjTlblE=", "owner": "jj-vcs", "repo": "jj", - "rev": "3aac8d21e6327c343af0c91e9b7451ee8a40aa58", + "rev": "b9ebe2f03c976515d2a155a411a368ae773c5493", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.28.1", + "ref": "v0.28.2", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index 26db0ea..7b6a918 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.28.1"; + ref = "v0.28.2"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From ec87af7dc3b8090066e29a3cf534bf72e096fb49 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Apr 2025 12:34:49 +0200 Subject: [PATCH 851/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/a9f8b3db211b4609ddd83683f9db89796c7f6ac6?narHash=sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT%2BPpMao6FbLJSr0%3D' (2025-04-04) → 'github:nix-community/home-manager/b4e98224ad1336751a2ac7493967a4c9f6d9cb3f?narHash=sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI%3D' (2025-04-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/de6fc5551121c59c01e2a3d45b277a6d05077bc4?narHash=sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo%3D' (2025-03-31) → 'github:NixOS/nixos-hardware/1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1?narHash=sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg%3D' (2025-04-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6?narHash=sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p%2BjElwxaM%3D' (2025-04-05) → 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index da4f537..262ec1d 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1743808813, - "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "lastModified": 1744117652, + "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { From f582455977c5c11983cad373d439546b09379d8b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Apr 2025 12:56:19 +0200 Subject: [PATCH 852/904] secrets: update token for thanatos nix runner --- .../gitlab-runner/thanatos-nix-runner-env.age | Bin 406 -> 409 bytes .../gitlab-runner/thanatos-runner-env.age | Bin 406 -> 409 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/modules/secrets/gitlab-runner/thanatos-nix-runner-env.age b/modules/secrets/gitlab-runner/thanatos-nix-runner-env.age index 391995782a3855fe47c30efe2524a59ccb5480b0..b89ec6f9321e3010b276bc6f548727a30702e269 100644 GIT binary patch delta 374 zcmbQnJd=5XPJOytUQl?sccn>juA#q)epPB%L~>}haioc~&2X;isFvZG^hSwKWkYGtx%v2lJ;UVXV~c|dTfmvKsPd2&T)qPuoT zg;$UVLZr>yyyLp4J1$@3d~rxDxy_ zT|t4KR`3F@954Id>kEE>(_x&BQNT X^3kqhxl;Su7u@Ml4f(HQX6FI`tj37f delta 371 zcmbQqJdJsRPJL-DMsRpanro`IPgF^u z1y`nzfqz()n~$ZjYfxpSyK!Zhd0J9xzE^6wwr6^7aaEw7Pen~&2X;isFkY{#*iD$B-flH)EVRo@sS-p8^PP(_Vflsl&cT`k}yMCCf zW1wqrQKoYwS9-9exu<@lv5`e$c#(Edgolw&s6{|wnSZf!iHk`|P`VL0Fo$QE8NAuy$#7QJA)4nUA5Vhh?I%n~$4?iMv}~PN7*~eqm)Y*F@fZ z&Up&ro;e~v-}@}s#8f-!nC#(KHv@mXZac>x1;6!sSPsrMJGhO}v{A!+5?ij2ZdvniWrG+jN&aXKTf1_w?k3fCz>SJmw V+xAy)J~&2X;is_tGRiEcfOaGMXF&%l$oEgaebhdg;}IyuyJ;dfpcGCiv_OD;|+4%U{BcE4J_rC4j zsQ;9Ill#_l1~+{t${e-+*kmB%66*4@evA95vMa}qZ=dj{Z9S9SrDG;M-QSqh YySK{gaCnm4mp?z7w?1BM_}S<$05o`wo&W#< delta 371 zcmbQqJdJsRPJLdYU!kdKVYXwgiMe+~fLB4Jn@d($U};4_m62OoL1u2EX_aBPYhh5Z zBbRH4v$02pNqTxtd1OJRmvgDUtGj<_RhFNzlUHQ6MWt79hHt8Gc6wxKI+w1ULUD11 zZfc5=si~o*f>~&2X;is_V^y|gmP=BokA9xNkwH#bReiBRv9Vd9zDZPacyK{>Xi|xx zmwte&xucOUS9XB6hr3UHxQ9!DTSjqEk+!o_Nou%vWU))RK}w#!wx@SeQHH*0p>Mt` zm#(g^Lb_pMwr`%1MOl7upi^aFkfpw3k(Y^cabRjja=DkeZ<=#*zIL`zT0nR{*KCDI z->A!P-{r7b{i+UH8^@Se_j&Ke$BRyt2e2ouTAs1kqA^50BUvtYRjS6^iFYF^Y|W>1 zx1V0b9{uFBi9=Go?PRr8>z+j(6}O()a3{KD701pS2RrWX&;F8a*I_!zq{-l(`=g%k VAI{8QyD_l$)a&gW8|RlV1OVMOjs*Y! From beaae98ec4984a52c94fbb1af865948cfe93d92b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 14 Apr 2025 12:56:19 +0200 Subject: [PATCH 853/904] secrets: update hades runner token --- .../secrets/gitlab-runner/hades-nix-runner-env.age | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/secrets/gitlab-runner/hades-nix-runner-env.age b/modules/secrets/gitlab-runner/hades-nix-runner-env.age index ce66f97..88cf224 100644 --- a/modules/secrets/gitlab-runner/hades-nix-runner-env.age +++ b/modules/secrets/gitlab-runner/hades-nix-runner-env.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 k2gHjw 0Qkzquxwa8PSNg6yq+CsfC4JfPLfxEIBKq1krrynlxg -QOHmNCQsV10zSnYvEeSpK95oXXlS+J4pw6EIR1KzxoU --> ssh-ed25519 pX8y2g YbFzF2/mWizY4SOnNKzkcBEEsHYc1mTCpzWZ5vf6Zy0 -p2E9Uh0rWa8qbf2SvB5e4lxS+MEx5KGumKd28UHW0/0 ---- naIsBkYqZMgekqmxTgESGMuFIKoagS68mfXbid7k9e0 -U<"{24>e^*Cg f{vI_Foe3.6,cFK -$9]@{~L \ No newline at end of file +-> ssh-ed25519 k2gHjw S9umvubn93fPFsh/ogqAohdlvDOLYxm3hHrliw5vqAQ +EG8RYYX7i2GazNTb/bnzCPs2zrIYN/kOulJc4e5pTW4 +-> ssh-ed25519 pX8y2g ux6qHpLuHTleRYpAIvO3iDztVsxPGlcu1+jzs1+MHF0 +R5wtxwQyqB1Hc6KI0U9tUOYxzHBtvkzQkgy6Z8AoOYc +--- w1Wpu3guHKTT0FDAR6KaFYLHaXYsEdCWX/7IuM2wb7Q +=nbg\\!IizA,pg pPa\p/_ut8nCL5,a Date: Mon, 5 May 2025 14:48:04 +0200 Subject: [PATCH 854/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/b4e98224ad1336751a2ac7493967a4c9f6d9cb3f?narHash=sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI%3D' (2025-04-08) → 'github:nix-community/home-manager/50eee705bbdbac942074a8c120e8194185633675?narHash=sha256-EyXUNSa%2BH%2BYvGVuQJP1nZskXAowxKYp79RNUsNdQTj4%3D' (2025-05-02) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1?narHash=sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg%3D' (2025-04-11) → 'github:NixOS/nixos-hardware/a4bb30a9000cf0444ecc8fdca8096d072f77f9e8?narHash=sha256-KvZ6G5sdBdcrglsqcOx8BT6NpHVMVHc8wssMRhv/%2B1g%3D' (2025-05-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) → 'github:NixOS/nixpkgs/5b35d248e9206c1f3baf8de6a7683fee126364aa?narHash=sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc%3D' (2025-05-05) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 262ec1d..40f5a4e 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1744117652, - "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1746427242, + "narHash": "sha256-KvZ6G5sdBdcrglsqcOx8BT6NpHVMVHc8wssMRhv/+1g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "a4bb30a9000cf0444ecc8fdca8096d072f77f9e8", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746422338, + "narHash": "sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "5b35d248e9206c1f3baf8de6a7683fee126364aa", "type": "github" }, "original": { From 1c81e9ba5f8c2f5f599beffa089e7c34cdf2ef60 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 5 May 2025 17:36:24 +0200 Subject: [PATCH 855/904] pkgs: spot: bump to 2.13 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index d333627..2670c85 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.12.2"; + version = "2.13"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-NhMOU23GqH+twsRLSrL2tBfVpP8879GZy+TqUbogdyQ"; + sha256 = "sha256-DQ/mc88byJM3J7yOC+e6NpAURSEeKUWsc/sJg1yB9Os="; }; } From 874882392b5cb1781d0e7c2e78cd98f8529da5e5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 May 2025 13:17:49 +0200 Subject: [PATCH 856/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/50eee705bbdbac942074a8c120e8194185633675?narHash=sha256-EyXUNSa%2BH%2BYvGVuQJP1nZskXAowxKYp79RNUsNdQTj4%3D' (2025-05-02) → 'github:nix-community/home-manager/1eec32f0efe3b830927989767a9e6ece0d82d608?narHash=sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8%3D' (2025-05-15) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a4bb30a9000cf0444ecc8fdca8096d072f77f9e8?narHash=sha256-KvZ6G5sdBdcrglsqcOx8BT6NpHVMVHc8wssMRhv/%2B1g%3D' (2025-05-05) → 'github:NixOS/nixos-hardware/e81fd167b33121269149c57806599045fd33eeed?narHash=sha256-L3clA5YGeYCF47ghsI7Tcex%2BDnaaN/BbQ4dR2wzoiKg%3D' (2025-05-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5b35d248e9206c1f3baf8de6a7683fee126364aa?narHash=sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc%3D' (2025-05-05) → 'github:NixOS/nixpkgs/5d736263df906c5da72ab0f372427814de2f52f8?narHash=sha256-fLise%2Bys%2BbpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM%3D' (2025-05-14) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 40f5a4e..4132cc0 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1746171682, - "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", + "lastModified": 1747331121, + "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", "owner": "nix-community", "repo": "home-manager", - "rev": "50eee705bbdbac942074a8c120e8194185633675", + "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1746427242, - "narHash": "sha256-KvZ6G5sdBdcrglsqcOx8BT6NpHVMVHc8wssMRhv/+1g=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a4bb30a9000cf0444ecc8fdca8096d072f77f9e8", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1746422338, - "narHash": "sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc=", + "lastModified": 1747209494, + "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5b35d248e9206c1f3baf8de6a7683fee126364aa", + "rev": "5d736263df906c5da72ab0f372427814de2f52f8", "type": "github" }, "original": { From f9370488c8d069d819f33ccaa3a285ff2aea4d02 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 Jun 2025 13:42:26 +0200 Subject: [PATCH 857/904] flake: upgrade to NixOS 25.05 --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 4132cc0..e2d35f1 100644 --- a/flake.lock +++ b/flake.lock @@ -160,16 +160,16 @@ ] }, "locked": { - "lastModified": 1747331121, - "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", + "lastModified": 1748665073, + "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", "owner": "nix-community", "repo": "home-manager", - "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", + "rev": "282e1e029cb6ab4811114fc85110613d72771dea", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -298,16 +298,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1747209494, - "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", + "lastModified": 1749024892, + "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d736263df906c5da72ab0f372427814de2f52f8", + "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 7b6a918..1aa2d10 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-24.11"; + ref = "nixos-25.05"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-24.11"; + ref = "release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; From c4007b5364cce605e65f9735c424a95890c2af5c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 Jun 2025 13:42:26 +0200 Subject: [PATCH 858/904] flake: bump lix to 2.93 --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index e2d35f1..57c45c8 100644 --- a/flake.lock +++ b/flake.lock @@ -200,15 +200,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { @@ -221,15 +221,15 @@ ] }, "locked": { - "lastModified": 1742943028, - "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", - "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 1aa2d10..886a55e 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 904d29e8ef3852be6fb9302316239901ff40552b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 3 Jun 2025 13:42:26 +0200 Subject: [PATCH 859/904] flake: bump jj to 0.30 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 57c45c8..a0cf8ab 100644 --- a/flake.lock +++ b/flake.lock @@ -183,16 +183,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1744040552, - "narHash": "sha256-EAD40ZZr6VK4w9OuYzx2YcVgOODopF7IWN7GVjTlblE=", + "lastModified": 1749045673, + "narHash": "sha256-l+E3os5At/PV4zKvUDSv4Aez9Bg0M+BZDvwVOHX+h9s=", "owner": "jj-vcs", "repo": "jj", - "rev": "b9ebe2f03c976515d2a155a411a368ae773c5493", + "rev": "34b0961c940e1ad3be5cd9c5f5e608b0aa0ba859", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.28.2", + "ref": "v0.30.0", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index 886a55e..31b06e9 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.28.2"; + ref = "v0.30.0"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From bd9e8a79d45e8886dde057f20a0e6b05b7dc3152 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 5 Jun 2025 16:21:49 +0200 Subject: [PATCH 860/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e81fd167b33121269149c57806599045fd33eeed?narHash=sha256-L3clA5YGeYCF47ghsI7Tcex%2BDnaaN/BbQ4dR2wzoiKg%3D' (2025-05-13) → 'github:NixOS/nixos-hardware/029bd66faa180e11262dd1bc2732254c33415f52?narHash=sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q%3D' (2025-06-04) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a0cf8ab..acdf987 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747129300, - "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "lastModified": 1749056381, + "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e81fd167b33121269149c57806599045fd33eeed", + "rev": "029bd66faa180e11262dd1bc2732254c33415f52", "type": "github" }, "original": { From b47e91e44d37d64ba2192f1602a892cddf437735 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 5 Jun 2025 16:33:20 +0200 Subject: [PATCH 861/904] services: mealie: use stable package --- services/mealie.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/services/mealie.nix b/services/mealie.nix index 0be80e3..bf72c57 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -17,7 +17,6 @@ domain = config.networking.domain; hostname = config.networking.hostName; fqdn = "${hostname}.${domain}"; - pkg = pkgs.unstable.mealie; listenAddress = "127.0.0.1"; in { options.my.services.mealie = let @@ -48,7 +47,7 @@ in { inherit (cfg) credentialsFile; enable = true; - package = pkgs.unstable.mealie; + package = pkgs.mealie; port = cfg.port; settings = { From 9125e8b170a8517112e6c8bf5d368ce2c2bd6deb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 5 Jun 2025 16:33:20 +0200 Subject: [PATCH 862/904] home: emacs: use stable nerd-fonts --- home/emacs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/emacs.nix b/home/emacs.nix index 8b46881..529439b 100644 --- a/home/emacs.nix +++ b/home/emacs.nix @@ -30,7 +30,7 @@ in { ; inherit - (pkgs.unstable.nerd-fonts) + (pkgs.nerd-fonts) iosevka ; }; From 7e97c3e2c964f479f18652f4d2152ef4475bd256 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 5 Jun 2025 16:33:20 +0200 Subject: [PATCH 863/904] hades: disable transmission Build fails because of some miniupnp error, waiting on the fix to reach nixos-25.05 --- hosts/hades/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index dbbff5c..6888b59 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -143,7 +143,7 @@ in { }; transmission = { - enable = true; + enable = false; username = "alarsyo"; }; From d66531974676860fd79e5adc4a254675844c629d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 6 Jun 2025 14:47:21 +0200 Subject: [PATCH 864/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/282e1e029cb6ab4811114fc85110613d72771dea' (2025-05-31) → 'github:nix-community/home-manager/7aae0ee71a17b19708b93b3ed448a1a0952bf111' (2025-06-05) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/029bd66faa180e11262dd1bc2732254c33415f52' (2025-06-04) → 'github:NixOS/nixos-hardware/4602f7e1d3f197b3cb540d5accf5669121629628' (2025-06-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef' (2025-06-04) → 'github:NixOS/nixpkgs/4792576cb003c994bd7cc1edada3129def20b27d' (2025-06-05) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index acdf987..8e05ce2 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1748665073, - "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "owner": "nix-community", "repo": "home-manager", - "rev": "282e1e029cb6ab4811114fc85110613d72771dea", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1749024892, - "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", + "lastModified": 1749086602, + "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", + "rev": "4792576cb003c994bd7cc1edada3129def20b27d", "type": "github" }, "original": { From b69121755342d03bbcf5a676496578ad8a09e9f1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 6 Jun 2025 14:47:27 +0200 Subject: [PATCH 865/904] hades: re-enable transmission --- hosts/hades/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 6888b59..dbbff5c 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -143,7 +143,7 @@ in { }; transmission = { - enable = false; + enable = true; username = "alarsyo"; }; From eeecadc05b396fa110fb5266c9d8870572c1453c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 11 Jun 2025 16:09:02 +0200 Subject: [PATCH 866/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4792576cb003c994bd7cc1edada3129def20b27d' (2025-06-05) → 'github:NixOS/nixpkgs/88331c17ba434359491e8d5889cce872464052c2' (2025-06-09) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8e05ce2..b52ca70 100644 --- a/flake.lock +++ b/flake.lock @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1749086602, - "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", + "lastModified": 1749494155, + "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4792576cb003c994bd7cc1edada3129def20b27d", + "rev": "88331c17ba434359491e8d5889cce872464052c2", "type": "github" }, "original": { From dd8744ffe41dcd047f6d6d05d380e3c0cadd2e6b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Jun 2025 15:06:31 +0200 Subject: [PATCH 867/904] pkgs: spot: bump to 2.13.1 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 2670c85..75f6c43 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.13"; + version = "2.13.1"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-DQ/mc88byJM3J7yOC+e6NpAURSEeKUWsc/sJg1yB9Os="; + sha256 = "sha256-udHeSrzQafkj4aMmP1jMr8xUiWqoGLRVkoyisaRGbck"; }; } From 6c4d19b27b6e02cd76eacd948e1618fc9c2b502d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Jun 2025 15:06:48 +0200 Subject: [PATCH 868/904] talos: home: setup ergol secondary layout in sway --- hosts/talos/home.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 9513e08..3e1785a 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -74,8 +74,9 @@ in { modifier = "Mod4"; input = { "type:keyboard" = { - xkb_layout = "fr"; - xkb_variant = "us"; + xkb_layout = "fr,fr"; + xkb_variant = "us,ergol"; + xkb_options = "grp:shift_caps_toggle"; }; "type:touchpad" = { dwt = "enabled"; @@ -95,6 +96,7 @@ in { }; bars = []; + bindkeysToCode = true; keybindings = mkOptionDefault { "Mod4+Shift+a" = "exec shikanectl reload"; "Mod4+Shift+e" = ''mode "${logoutMode}"''; From 81d0a9b8f82e3a340dbf880947dea2b8996a73f5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Jun 2025 15:06:48 +0200 Subject: [PATCH 869/904] talos: try out cosmic --- hosts/talos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index f129e62..bf11f17 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -155,6 +155,7 @@ # Enable the KDE Plasma Desktop Environment. services.desktopManager.plasma6.enable = true; + services.desktopManager.cosmic.enable = true; services.power-profiles-daemon.enable = true; environment.systemPackages = [ From 11d92ee6f2a6e8fb5c428cc24b30e292c5ac4409 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 12 Jun 2025 15:06:48 +0200 Subject: [PATCH 870/904] services: paperless: use PAPERLESS_URL var --- services/paperless.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/services/paperless.nix b/services/paperless.nix index 20180d2..96f785c 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -56,8 +56,7 @@ in { PAPERLESS_DBUSER = "paperless"; PAPERLESS_DBNAME = "paperless"; - PAPERLESS_ALLOWED_HOSTS = paperlessDomain; - PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; + PAPERLESS_URL = "https://${paperlessDomain}"; PAPERLESS_OCR_LANGUAGE = "fra+eng"; PAPERLESS_OCR_MODE = "skip"; From 545e6091e032905c1323afc8063f0e4628e0f841 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Jun 2025 11:21:54 +0200 Subject: [PATCH 871/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/4602f7e1d3f197b3cb540d5accf5669121629628' (2025-06-06) → 'github:NixOS/nixos-hardware/61837d2a33ccc1582c5fabb7bf9130d39fee59ad' (2025-06-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/88331c17ba434359491e8d5889cce872464052c2' (2025-06-09) → 'github:NixOS/nixpkgs/9ba04bda9249d5d5e5238303c9755de5a49a79c5' (2025-06-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index b52ca70..493a3e3 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1750083401, + "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1749494155, - "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", + "lastModified": 1750259320, + "narHash": "sha256-H8J4H2XCIMEJ5g6fZ179QfQvsc2dUqhqfBjC8RAHNRY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88331c17ba434359491e8d5889cce872464052c2", + "rev": "9ba04bda9249d5d5e5238303c9755de5a49a79c5", "type": "github" }, "original": { From 872f3eca2cde147959a2944bc0440b494058e186 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Jun 2025 11:44:01 +0200 Subject: [PATCH 872/904] services: nextcloud: bump to 31 --- services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 6a90eb0..b46ab7a 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -62,7 +62,7 @@ in { hostName = "cloud.${domain}"; https = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; maxUploadSize = "1G"; From 78b931aa436c8c5c0b9bf794d1e38214ba734ff6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Jun 2025 11:44:01 +0200 Subject: [PATCH 873/904] services: postgresql: add upgrade script --- services/postgresql.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/services/postgresql.nix b/services/postgresql.nix index 4446cc8..a5478c8 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -8,4 +8,32 @@ config.services.postgresql = { package = pkgs.postgresql_16; }; + + config.environment.systemPackages = [ + (let + # XXX specify the postgresql package you'd like to upgrade to. + # Do not forget to list the extensions you need. + newPostgres = pkgs.postgresql_17; + cfg = config.services.postgresql; + in pkgs.writeScriptBin "upgrade-pg-cluster" '' + set -eux + # XXX it's perhaps advisable to stop all services that depend on postgresql + systemctl stop postgresql + + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + export NEWBIN="${newPostgres}/bin" + + export OLDDATA="${cfg.dataDir}" + export OLDBIN="${cfg.finalPackage}/bin" + + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} + + sudo -u postgres "$NEWBIN/pg_upgrade" \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \ + "$@" + '') + ]; } From 73caf2baba7a188f4f5148520a509f2adb13c20d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 20 Jun 2025 12:29:15 +0200 Subject: [PATCH 874/904] services: postgresql: switch to postgresql 17 --- services/postgresql.nix | 30 +----------------------------- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/services/postgresql.nix b/services/postgresql.nix index a5478c8..cb5d2d1 100644 --- a/services/postgresql.nix +++ b/services/postgresql.nix @@ -6,34 +6,6 @@ }: { # set postgresql version so we don't get any bad surprise config.services.postgresql = { - package = pkgs.postgresql_16; + package = pkgs.postgresql_17; }; - - config.environment.systemPackages = [ - (let - # XXX specify the postgresql package you'd like to upgrade to. - # Do not forget to list the extensions you need. - newPostgres = pkgs.postgresql_17; - cfg = config.services.postgresql; - in pkgs.writeScriptBin "upgrade-pg-cluster" '' - set -eux - # XXX it's perhaps advisable to stop all services that depend on postgresql - systemctl stop postgresql - - export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" - export NEWBIN="${newPostgres}/bin" - - export OLDDATA="${cfg.dataDir}" - export OLDBIN="${cfg.finalPackage}/bin" - - install -d -m 0700 -o postgres -g postgres "$NEWDATA" - cd "$NEWDATA" - sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} - - sudo -u postgres "$NEWBIN/pg_upgrade" \ - --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \ - "$@" - '') - ]; } From 2562a3467c5a9ed174074681e2eb5aba094ef26d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 23 Jun 2025 11:48:24 +0200 Subject: [PATCH 875/904] talos: add playerctl shortcuts --- hosts/talos/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 3e1785a..86871e6 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -42,6 +42,7 @@ in { lng = 2.3; }; }; + playerctld.enable = true; }; home.packages = builtins.attrValues { @@ -107,6 +108,10 @@ in { "XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2"; "XF86MonBrightnessUp" = "exec light -A 5"; "XF86MonBrightnessDown" = "exec light -U 5"; + "XF86AudioPlay" = "exec --no-startup-id playerctl play-pause"; + "XF86AudioPause" = "exec --no-startup-id playerctl play-pause"; + "XF86AudioPrev" = "exec --no-startup-id playerctl previous"; + "XF86AudioNext" = "exec --no-startup-id playerctl next"; }; modes = mkOptionDefault { From 1ef20e079208c5acd51b5ff48556163be6df6c94 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 30 Jun 2025 11:48:35 +0200 Subject: [PATCH 876/904] talos: add screenshot utilities to path --- hosts/talos/home.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 86871e6..c45d465 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -56,6 +56,10 @@ in { shikane # output autoconfig swaybg zotero + + grim + wl-clipboard + slurp ; inherit From d4d48d5c2a21192b4925223c4c804c2e4e064e84 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 9 Jul 2025 15:35:52 +0200 Subject: [PATCH 877/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/7aae0ee71a17b19708b93b3ed448a1a0952bf111' (2025-06-05) → 'github:nix-community/home-manager/9b0873b46c9f9e4b7aa01eb634952c206af53068' (2025-07-06) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/61837d2a33ccc1582c5fabb7bf9130d39fee59ad' (2025-06-16) → 'github:NixOS/nixos-hardware/7ced9122cff2163c6a0212b8d1ec8c33a1660806' (2025-07-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ba04bda9249d5d5e5238303c9755de5a49a79c5' (2025-06-18) → 'github:NixOS/nixpkgs/88983d4b665fb491861005137ce2b11a9f89f203' (2025-07-08) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 493a3e3..8ae337f 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1751810233, + "narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1750259320, - "narHash": "sha256-H8J4H2XCIMEJ5g6fZ179QfQvsc2dUqhqfBjC8RAHNRY=", + "lastModified": 1751943650, + "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ba04bda9249d5d5e5238303c9755de5a49a79c5", + "rev": "88983d4b665fb491861005137ce2b11a9f89f203", "type": "github" }, "original": { From 621986e2aa91e063b36ca2cc4f160b44e0ed1524 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Jul 2025 16:03:27 +0200 Subject: [PATCH 878/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/9b0873b46c9f9e4b7aa01eb634952c206af53068' (2025-07-06) → 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204' (2025-07-27) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/7ced9122cff2163c6a0212b8d1ec8c33a1660806' (2025-07-09) → 'github:NixOS/nixos-hardware/cc66fddc6cb04ab479a1bb062f4d4da27c936a22' (2025-07-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/88983d4b665fb491861005137ce2b11a9f89f203' (2025-07-08) → 'github:NixOS/nixpkgs/3ff0e34b1383648053bba8ed03f201d3466f90c9' (2025-07-24) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8ae337f..3463b85 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1751810233, - "narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1751943650, - "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=", + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88983d4b665fb491861005137ce2b11a9f89f203", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", "type": "github" }, "original": { From 061a89b5ff476536de68289f95ed6a7f73a113dd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Jul 2025 16:22:05 +0200 Subject: [PATCH 879/904] flake: bump Lix --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 3463b85..287c47b 100644 --- a/flake.lock +++ b/flake.lock @@ -200,15 +200,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "lastModified": 1753306924, + "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", + "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" } }, "lix-module": { @@ -221,15 +221,15 @@ ] }, "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "lastModified": 1753282722, + "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", + "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 31b06e9..58c28c4 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 0f6f89fb181dc82c289d5e54bd9d9b2d951a8daa Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Jul 2025 16:22:05 +0200 Subject: [PATCH 880/904] talos: home: set workspace auto back and forth --- hosts/talos/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index c45d465..824c3c1 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -101,6 +101,7 @@ in { }; bars = []; + workspaceAutoBackAndForth = true; bindkeysToCode = true; keybindings = mkOptionDefault { "Mod4+Shift+a" = "exec shikanectl reload"; From f8d54c9ad51b9e5e1a4349ce4b2825ccd05e63cd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 4 Aug 2025 10:51:59 +0200 Subject: [PATCH 881/904] home: mail: switch to LRE LDAP for email --- home/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/mail.nix b/home/mail.nix index 8931940..d48b580 100644 --- a/home/mail.nix +++ b/home/mail.nix @@ -117,7 +117,7 @@ in { userName = "amartin"; realName = myName; flavor = "plain"; # default setting - passwordCommand = "${pkgs.rbw}/bin/rbw get lrde.epita.fr amartin"; + passwordCommand = "${pkgs.rbw}/bin/rbw get lre.epita.fr amartin"; mbsync = { enable = true; create = "both"; From 23db5ec5e3161de26b745c431d209c5fec8e042d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Aug 2025 10:42:51 +0200 Subject: [PATCH 882/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204' (2025-07-27) → 'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f' (2025-08-23) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/cc66fddc6cb04ab479a1bb062f4d4da27c936a22' (2025-07-21) → 'github:NixOS/nixos-hardware/3dac8a872557e0ca8c083cdcfc2f218d18e113b0' (2025-08-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3ff0e34b1383648053bba8ed03f201d3466f90c9' (2025-07-24) → 'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545' (2025-08-20) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 287c47b..682a374 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1755928099, + "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "4a44fb9f7555da362af9d499817084f4288a957f", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1753345091, - "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", + "lastModified": 1755704039, + "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", + "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545", "type": "github" }, "original": { From 4e1d7ddc8646b9eceb31b4c77e27e4293baeb970 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Aug 2025 14:46:23 +0200 Subject: [PATCH 883/904] flake: bump jj --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 682a374..70dca4e 100644 --- a/flake.lock +++ b/flake.lock @@ -183,16 +183,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1749045673, - "narHash": "sha256-l+E3os5At/PV4zKvUDSv4Aez9Bg0M+BZDvwVOHX+h9s=", + "lastModified": 1754498174, + "narHash": "sha256-TFKUz8hUCRM9RPkp9CBvKnd4e+TnR8H5t9/N76cAKzI=", "owner": "jj-vcs", "repo": "jj", - "rev": "34b0961c940e1ad3be5cd9c5f5e608b0aa0ba859", + "rev": "44de571887f261a94f543d977a7ab3a9df918aba", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.30.0", + "ref": "v0.32.0", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index 58c28c4..7155240 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.30.0"; + ref = "v0.32.0"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From 4af60abdacf68356acc3c962e198d162ee2292b0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 23 Aug 2025 14:46:23 +0200 Subject: [PATCH 884/904] talos: ansel doesn't build --- hosts/talos/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 824c3c1..2a7fa54 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -48,7 +48,7 @@ in { home.packages = builtins.attrValues { inherit (pkgs) - ansel + #ansel chromium # some websites only work there :( font-awesome # for pretty icons gnome-solanum From 2a8ec570befbc55de2fe259dbf88c93ac4fa7f43 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 10 Sep 2025 11:22:38 +0200 Subject: [PATCH 885/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f' (2025-08-23) → 'github:nix-community/home-manager/07fc025fe10487dd80f2ec694f1cd790e752d0e8' (2025-08-31) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/3dac8a872557e0ca8c083cdcfc2f218d18e113b0' (2025-08-16) → 'github:NixOS/nixos-hardware/11b2a10c7be726321bb854403fdeec391e798bf0' (2025-09-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545' (2025-08-20) → 'github:NixOS/nixpkgs/d179d77c139e0a3f5c416477f7747e9d6b7ec315' (2025-09-09) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 70dca4e..31d4cd8 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1755928099, - "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "4a44fb9f7555da362af9d499817084f4288a957f", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1755704039, - "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=", + "lastModified": 1757408970, + "narHash": "sha256-aSgK4BLNFFGvDTNKPeB28lVXYqVn8RdyXDNAvgGq+k0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545", + "rev": "d179d77c139e0a3f5c416477f7747e9d6b7ec315", "type": "github" }, "original": { From f5f69c5baf92e21bf57e4f6ed1375dee783e1426 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 16:28:17 +0200 Subject: [PATCH 886/904] flake: tailscale overlay to bypass failing tests This isn't the right fix but it will do for now. --- flake.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/flake.nix b/flake.nix index 7155240..250e03e 100644 --- a/flake.nix +++ b/flake.nix @@ -102,6 +102,18 @@ inherit system; config.allowUnfree = true; }; + + tailscale = super.tailscale.overrideAttrs (old: { + checkFlags = + builtins.map ( + flag: + if super.lib.hasPrefix "-skip=" flag + then flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$" + else flag + ) + old.checkFlags; + }); + }) agenix.overlays.default From ad2e202a9f4aefe65fe7b2917d0929ea2eea0077 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 16:28:17 +0200 Subject: [PATCH 887/904] flake: bump jj to v0.33 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 31d4cd8..afac4fe 100644 --- a/flake.lock +++ b/flake.lock @@ -183,16 +183,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1754498174, - "narHash": "sha256-TFKUz8hUCRM9RPkp9CBvKnd4e+TnR8H5t9/N76cAKzI=", + "lastModified": 1756954389, + "narHash": "sha256-EKYM18UavIbZeI5/F5OKUzyjQip0yb6WPt6BZ2YpYww=", "owner": "jj-vcs", "repo": "jj", - "rev": "44de571887f261a94f543d977a7ab3a9df918aba", + "rev": "24f4e1083e8bcd6e5b8aaee3fa86e08cb7081d13", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.32.0", + "ref": "v0.33.0", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index 250e03e..a7a3d0f 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.32.0"; + ref = "v0.33.0"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From 7bc6694a5a483bf3c335772bf61edabb0d1ae6e7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 16:34:38 +0200 Subject: [PATCH 888/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/07fc025fe10487dd80f2ec694f1cd790e752d0e8' (2025-08-31) → 'github:nix-community/home-manager/f21d9167782c086a33ad53e2311854a8f13c281e' (2025-09-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/11b2a10c7be726321bb854403fdeec391e798bf0' (2025-09-05) → 'github:NixOS/nixos-hardware/67a709cfe5d0643dafd798b0b613ed579de8be05' (2025-09-15) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d179d77c139e0a3f5c416477f7747e9d6b7ec315' (2025-09-09) → 'github:NixOS/nixpkgs/9a094440e02a699be5c57453a092a8baf569bdad' (2025-09-14) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index afac4fe..8ceef31 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1756679287, - "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", + "lastModified": 1757808926, + "narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=", "owner": "nix-community", "repo": "home-manager", - "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", + "rev": "f21d9167782c086a33ad53e2311854a8f13c281e", "type": "github" }, "original": { @@ -234,11 +234,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1757943327, + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757408970, - "narHash": "sha256-aSgK4BLNFFGvDTNKPeB28lVXYqVn8RdyXDNAvgGq+k0=", + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d179d77c139e0a3f5c416477f7747e9d6b7ec315", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", "type": "github" }, "original": { From 172c52ba84f2883b4f4962d75dd38088e937a6a1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 16:38:07 +0200 Subject: [PATCH 889/904] Revert "flake: tailscale overlay to bypass failing tests" This reverts commit f5f69c5baf92e21bf57e4f6ed1375dee783e1426. --- flake.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/flake.nix b/flake.nix index a7a3d0f..ac084e0 100644 --- a/flake.nix +++ b/flake.nix @@ -102,18 +102,6 @@ inherit system; config.allowUnfree = true; }; - - tailscale = super.tailscale.overrideAttrs (old: { - checkFlags = - builtins.map ( - flag: - if super.lib.hasPrefix "-skip=" flag - then flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$" - else flag - ) - old.checkFlags; - }); - }) agenix.overlays.default From 1a49c6a8880d8b790e05087d75dee188c1707975 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 17:06:11 +0200 Subject: [PATCH 890/904] talos: fix formatting issue --- hosts/talos/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 2a7fa54..8a189d3 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -56,7 +56,6 @@ in { shikane # output autoconfig swaybg zotero - grim wl-clipboard slurp From b98a3c47b41660584acd2a4c2fd8c1bdaf605696 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 17:27:22 +0200 Subject: [PATCH 891/904] flake: remove weird unneeded url attribute --- flake.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index 8ceef31..c11b92e 100644 --- a/flake.lock +++ b/flake.lock @@ -204,7 +204,7 @@ "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz" }, "original": { "type": "tarball", @@ -225,7 +225,7 @@ "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz" }, "original": { "type": "tarball", From 128a97da6db97569f41a1bf1e00efd4f332df998 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Sep 2025 17:38:01 +0200 Subject: [PATCH 892/904] pkgs: spot: bump to v2.14.1 --- pkgs/spot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/spot/default.nix b/pkgs/spot/default.nix index 75f6c43..28e7609 100644 --- a/pkgs/spot/default.nix +++ b/pkgs/spot/default.nix @@ -3,7 +3,7 @@ fetchurl, python3, }: let - version = "2.13.1"; + version = "2.14.1"; in stdenv.mkDerivation { inherit version; @@ -15,6 +15,6 @@ in src = fetchurl { url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; - sha256 = "sha256-udHeSrzQafkj4aMmP1jMr8xUiWqoGLRVkoyisaRGbck"; + sha256 = "sha256-Jd+KavTkuzrmdRWsmOPTfEMDpoLjOqpm5y10s5RZpTA="; }; } From f60ecdf2501011610dba66c45f1ab642a6d363f9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 22 Sep 2025 10:10:15 +0200 Subject: [PATCH 893/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f21d9167782c086a33ad53e2311854a8f13c281e' (2025-09-14) → 'github:nix-community/home-manager/3b955f5f0a942f9f60cdc9cacb7844335d0f21c3' (2025-09-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9a094440e02a699be5c57453a092a8baf569bdad' (2025-09-14) → 'github:NixOS/nixpkgs/b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20' (2025-09-20) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c11b92e..4e42b88 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1757808926, - "narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "f21d9167782c086a33ad53e2311854a8f13c281e", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757810152, - "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "lastModified": 1758346548, + "narHash": "sha256-afXE7AJ7MY6wY1pg/Y6UPHNYPy5GtUKeBkrZZ/gC71E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20", "type": "github" }, "original": { From 14acd16723ee6135bed36c1bb54bd943eb3dedbc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 22 Sep 2025 10:52:37 +0200 Subject: [PATCH 894/904] flake: simplify Lix setup --- base/nix.nix | 2 +- flake.lock | 84 ---------------------------------------------------- flake.nix | 7 ----- 3 files changed, 1 insertion(+), 92 deletions(-) diff --git a/base/nix.nix b/base/nix.nix index b5923a7..01ba76e 100644 --- a/base/nix.nix +++ b/base/nix.nix @@ -2,7 +2,7 @@ nixpkgs.config.allowUnfree = true; nix = { - package = pkgs.nixStable; + package = pkgs.lixPackageSets.latest.lix; gc = { automatic = true; diff --git a/flake.lock b/flake.lock index 4e42b88..0311ee7 100644 --- a/flake.lock +++ b/flake.lock @@ -99,39 +99,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -197,41 +164,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1753306924, - "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", - "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_3", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753282722, - "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", - "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" - } - }, "nixos-hardware": { "locked": { "lastModified": 1757943327, @@ -319,7 +251,6 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "jujutsu": "jujutsu", - "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" @@ -390,21 +321,6 @@ "repo": "default", "type": "github" } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ac084e0..5aa98dd 100644 --- a/flake.nix +++ b/flake.nix @@ -50,11 +50,6 @@ ref = "master"; }; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - jujutsu = { type = "github"; owner = "jj-vcs"; @@ -70,7 +65,6 @@ home-manager, agenix, disko, - lix-module, ... } @ inputs: { @@ -112,7 +106,6 @@ [ agenix.nixosModules.default home-manager.nixosModules.default - lix-module.nixosModules.default { nixpkgs = { overlays = shared_overlays; From cbdd1188b5e1117f24d0578556081b4af165662c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 1 Oct 2025 18:55:33 +0200 Subject: [PATCH 895/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/67a709cfe5d0643dafd798b0b613ed579de8be05' (2025-09-15) → 'github:NixOS/nixos-hardware/e087756cf4abbe1a34f3544c480fc1034d68742f' (2025-09-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20' (2025-09-20) → 'github:NixOS/nixpkgs/5ed4e25ab58fd4c028b59d5611e14ea64de51d23' (2025-09-29) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0311ee7..d5481f7 100644 --- a/flake.lock +++ b/flake.lock @@ -166,11 +166,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757943327, - "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", + "lastModified": 1759261527, + "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", + "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1758346548, - "narHash": "sha256-afXE7AJ7MY6wY1pg/Y6UPHNYPy5GtUKeBkrZZ/gC71E=", + "lastModified": 1759143472, + "narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20", + "rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23", "type": "github" }, "original": { From bb47557ba66ef7a9b493a9997b99f563002c26d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Oct 2025 16:11:26 +0200 Subject: [PATCH 896/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e087756cf4abbe1a34f3544c480fc1034d68742f' (2025-09-30) → 'github:NixOS/nixos-hardware/c816590dca8ecd902b5698e159821b899fe61ceb' (2025-10-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5ed4e25ab58fd4c028b59d5611e14ea64de51d23' (2025-09-29) → 'github:NixOS/nixpkgs/20c4598c84a671783f741e02bf05cbfaf4907cff' (2025-10-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d5481f7..3368ec7 100644 --- a/flake.lock +++ b/flake.lock @@ -166,11 +166,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1759261527, - "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", + "lastModified": 1760104290, + "narHash": "sha256-ArCBRudSQow35NVJFa6N0VvkhGfR9INcQWuqfv6QLNw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", + "rev": "c816590dca8ecd902b5698e159821b899fe61ceb", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1759143472, - "narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=", + "lastModified": 1759735786, + "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23", + "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", "type": "github" }, "original": { From fe21cf537f513be57481ac097e23b1e9177cfc00 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 10 Oct 2025 16:20:50 +0200 Subject: [PATCH 897/904] flake: bump jj to v0.34.0 --- flake.lock | 14 +++++++------- flake.nix | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 3368ec7..37297fe 100644 --- a/flake.lock +++ b/flake.lock @@ -150,16 +150,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1756954389, - "narHash": "sha256-EKYM18UavIbZeI5/F5OKUzyjQip0yb6WPt6BZ2YpYww=", + "lastModified": 1759360197, + "narHash": "sha256-OW8kSDBBSZr0G3U27AAkZ3cH3TJmSARbg9Pc4qZ6tA0=", "owner": "jj-vcs", "repo": "jj", - "rev": "24f4e1083e8bcd6e5b8aaee3fa86e08cb7081d13", + "rev": "22900c9a9ba362efa442fed2dd4e6e1d5c22cc7a", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.33.0", + "ref": "v0.34.0", "repo": "jj", "type": "github" } @@ -264,11 +264,11 @@ ] }, "locked": { - "lastModified": 1742783666, - "narHash": "sha256-IwdSl51NL6V0f+mYXZR0UTKaGleOsk9zV3l6kt5SUWw=", + "lastModified": 1755139244, + "narHash": "sha256-SN1BFA00m+siVAQiGLtTwjv9LV9TH5n8tQcSziV6Nv4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "60766d63c227d576510ecfb5edd3a687d56f6bc7", + "rev": "aeae248beb2a419e39d483dd9b7fec924aba8d4d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5aa98dd..081b001 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.33.0"; + ref = "v0.34.0"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From fa41b61e92176b3c8a371b7f3b05a7eca242c518 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 16 Oct 2025 10:34:37 +0200 Subject: [PATCH 898/904] home: fish: override exit function --- home/fish/functions/exit.fish | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 home/fish/functions/exit.fish diff --git a/home/fish/functions/exit.fish b/home/fish/functions/exit.fish new file mode 100644 index 0000000..2ca78d7 --- /dev/null +++ b/home/fish/functions/exit.fish @@ -0,0 +1,5 @@ +function exit \ + --description "Disown all jobs started from this shell to avoid killing them on exit" \ + --on-event fish_exit + jobs -q; and disown (jobs -p) +end From a40e1f283e53af233fb7fed3932105c34c8b7f6a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 12 Nov 2025 15:18:53 +0100 Subject: [PATCH 899/904] pkgs: don't use alias for recurseIntoAttrs Thanks to Ambroisie for the report --- pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 19307a1..f9beb0d 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,6 +1,6 @@ {pkgs}: { sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; - grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); + grafanaDashboards = pkgs.lib.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); spot = pkgs.python3Packages.toPythonModule (pkgs.callPackage ./spot {}); } From 17bdf5d0e039ec2243f9efa6af90c39f7ce124c5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 12 Nov 2025 16:41:06 +0100 Subject: [PATCH 900/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c816590dca8ecd902b5698e159821b899fe61ceb' (2025-10-10) → 'github:NixOS/nixos-hardware/899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9' (2025-11-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/20c4598c84a671783f741e02bf05cbfaf4907cff' (2025-10-06) → 'github:NixOS/nixpkgs/c2448301fb856e351aab33e64c33a3fc8bcf637d' (2025-11-10) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 37297fe..8193d52 100644 --- a/flake.lock +++ b/flake.lock @@ -166,11 +166,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760104290, - "narHash": "sha256-ArCBRudSQow35NVJFa6N0VvkhGfR9INcQWuqfv6QLNw=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c816590dca8ecd902b5698e159821b899fe61ceb", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1759735786, - "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", + "lastModified": 1762756533, + "narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", + "rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d", "type": "github" }, "original": { From a680a3641424789573e9759e060a2cce0338560b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 12 Nov 2025 16:51:21 +0100 Subject: [PATCH 901/904] flake: bump jj --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 8193d52..2aa3b53 100644 --- a/flake.lock +++ b/flake.lock @@ -150,16 +150,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1759360197, - "narHash": "sha256-OW8kSDBBSZr0G3U27AAkZ3cH3TJmSARbg9Pc4qZ6tA0=", + "lastModified": 1762395739, + "narHash": "sha256-YUrjP2tzABdy4eAV1hPmgYWU8ChcJ5B4IlmQUGm95ro=", "owner": "jj-vcs", "repo": "jj", - "rev": "22900c9a9ba362efa442fed2dd4e6e1d5c22cc7a", + "rev": "aa2b76978c4a23cb01c61629a11b1254af3ad0d9", "type": "github" }, "original": { "owner": "jj-vcs", - "ref": "v0.34.0", + "ref": "v0.35.0", "repo": "jj", "type": "github" } diff --git a/flake.nix b/flake.nix index 081b001..9a1ee4d 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "jj-vcs"; repo = "jj"; - ref = "v0.34.0"; + ref = "v0.35.0"; inputs.nixpkgs.follows = "nixpkgs"; }; }; From 7bb95c24f86efbca1f646f1b67dc6e8a8d0cca41 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Nov 2025 14:35:00 +0100 Subject: [PATCH 902/904] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c2448301fb856e351aab33e64c33a3fc8bcf637d' (2025-11-10) → 'github:NixOS/nixpkgs/c58bc7f5459328e4afac201c5c4feb7c818d604b' (2025-11-20) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2aa3b53..1f387d7 100644 --- a/flake.lock +++ b/flake.lock @@ -230,11 +230,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1762756533, - "narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=", + "lastModified": 1763622513, + "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d", + "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", "type": "github" }, "original": { From 2f2ff798e54af5af6c3faee1651369c23bde10cc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Nov 2025 16:11:10 +0100 Subject: [PATCH 903/904] mealie: add longer start timeout Seems like the PreStart script sometimes takes a while to execute, let's give it some time to do so. --- services/mealie.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/mealie.nix b/services/mealie.nix index bf72c57..4483b17 100644 --- a/services/mealie.nix +++ b/services/mealie.nix @@ -62,6 +62,9 @@ in { systemd.services.mealie = { after = ["postgresql.service"]; requires = ["postgresql.service"]; + serviceConfig = { + TimeoutStartSec = 600; + }; }; # Set-up database From 2fe8979cadbd1d6c1cf87d266615eaedad74dad4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 21 Nov 2025 16:19:53 +0100 Subject: [PATCH 904/904] hades: disable pleroma I'm just not using it, unfortunately. --- hosts/hades/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index dbbff5c..5f5355b 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -119,7 +119,7 @@ in { }; pleroma = { - enable = true; + enable = false; port = 8086; secretConfigFile = config.age.secrets."pleroma/pleroma-config".path; };