Start refactoring

- remove emacs
- remove inputs
- trying to speed up evaluation
- update inputs

modules/atuin/default.nix

@@ -0,0 +1,14 @@
+{config, ...}: {
+  services.atuin = {
+    enable = true;
+    openFirewall = false; # use only in the VPN
+    port = 8889;
+    host = "0.0.0.0";
+    openRegistration = true;
+  };
+  networking.firewall.interfaces."wg0" = {
+    allowedTCPPorts = [
+      config.services.atuin.port
+    ];
+  };
+}

modules/auto-upgrade/default.nix

@@ -7,10 +7,10 @@
   system.autoUpgrade = {
     enable = false;
     flake = "github:aciceri/nixfleet#${config.networking.hostName}";
-    flags =
-      lib.lists.optional
-      (builtins.hasAttr "ccrEmacs" options)
-      ["--update-input" "ccrEmacs" "ccrEmacs"];
+    # flags =
+    #   lib.lists.optional
+    #   (builtins.hasAttr "ccrEmacs" options)
+    #   ["--update-input" "ccrEmacs" "ccrEmacs"];
     dates = "daily";
     allowReboot = false;
   };

modules/forgejo-runners/default.nix

@@ -1,14 +1,13 @@
 # heavily based on https://discourse.nixos.org/t/gitea-nix-actions-runner-setup/35279
 {
   config,
-  inputs',
   pkgs,
   lib,
   ...
 }: let
   storeDeps = pkgs.runCommand "store-deps" {} ''
     mkdir -p $out/bin
-    for dir in ${toString [pkgs.coreutils pkgs.findutils pkgs.gnugrep pkgs.gawk pkgs.git pkgs.nix pkgs.bash pkgs.jq pkgs.nodejs inputs'.nix-fast-build.packages.nix-fast-build pkgs.curl pkgs.tea]}; do
+    for dir in ${with pkgs; builtins.toString [coreutils findutils gnugrep gawk git nix bash jq nodejs nix-fast-build curl tea]}; do
       for bin in "$dir"/bin/*; do
         ln -s "$bin" "$out/bin/$(basename "$bin")"
       done

modules/greetd/default.nix

@@ -13,6 +13,15 @@
         Exec=Hyprland
       '';
     })
+    (pkgs.writeTextFile {
+      name = "xorg-session.desktop";
+      destination = "/cosmic-session.desktop";
+      text = ''
+        [Desktop Entry]
+        Name=Cosmic
+        Exec=cosmic-session
+      '';
+    })
   ];
 in {
   services.greetd = {

modules/home-assistant/default.nix

@@ -27,53 +27,12 @@
     rev = "d42edcabc67ba6a7f960e849c8aaec1aabef87c0";
     hash = "sha256-KqbP6TpH9B0/AjtsW5TcWSNgUhND+w8rO6X8fHqtsDI=";
   };
-  tuya-device-sharing-sdk = ps:
-    ps.callPackage (
-      {
-        lib,
-        buildPythonPackage,
-        fetchPypi,
-        requests,
-        paho-mqtt,
-        cryptography,
-      }: let
-        pname = "tuya-device-sharing-sdk";
-        version = "0.2.0";
-      in
-        buildPythonPackage {
-          inherit pname version;
-
-          src = fetchPypi {
-            inherit pname version;
-            hash = "sha256-fu8zh59wlnxtstNbNL8mIm10tiXy22oPbi6oUy5x8c8=";
-          };
-
-          postPatch = ''
-            touch requirements.txt
-          '';
-
-          doCheck = false;
-
-          propagatedBuildInputs = [
-            requests
-            paho-mqtt
-            cryptography
-          ];
-
-          meta = with lib; {
-            description = "Tuya Device Sharing SDK";
-            homepage = "https://github.com/tuya/tuya-device-sharing-sdk";
-            license = licenses.mit;
-            maintainers = with maintainers; [aciceri];
-          };
-        }
-    ) {};
 in {
   services.home-assistant = {
     enable = true;
     openFirewall = true;
     package = pkgs.home-assistant.overrideAttrs (old: {
-      # doInstallCheck = false;
+      doInstallCheck = false;
       # prePatch =
       #   ''
       #     rm -rf homeassistant/components/smartthings
@@ -107,7 +66,7 @@ in {
         # used by pun_sensor
         holidays
         beautifulsoup4
-        (tuya-device-sharing-sdk python3Packages) # remove after https://github.com/NixOS/nixpkgs/pull/294706/
+        tuya-device-sharing-sdk
         getmac
         garminconnect
         tzlocal

modules/immich/default.nix

@@ -1,221 +1,23 @@
-# { lib, pkgs, config, ... }:
-# let
-#   immichRoot = "/mnt/hd/immich";
-#   immichData = "${immichRoot}/data";
-#   # immichVersion = "v1.105.1";
-#   immichVersion = "v1.105.1";
-#   sharedEnv = {
-#     # You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
-#     # The location where your uploaded files are stored
-#     UPLOAD_LOCATION="./library";
-#     DB_DATA_LOCATION="./postgres";
-#     IMMICH_VERSION=immichVersion;
-#     DB_PASSWORD="postgres";
-#     DB_USERNAME="postgres";
-#     DB_DATABASE_NAME="immich";
-#     DB_HOSTNAME="postgres";
-#     REDIS_HOSTNAME = "redis";
-#   };
-#   postgresRoot = "${immichRoot}/pgsql";
-#   machineLearning = "${immichRoot}/ml-cache";
-# in {
-#   systemd.tmpfiles.rules = [
-#     "d ${immichRoot} 770 ccr wheel"
-#     "d ${immichData} 770 ccr wheel"
-#     "d ${postgresRoot} 770 ccr wheel"
-#     "d ${machineLearning} 770 ccr wheel"
-#   ];
-#   virtualisation.docker.enable = lib.mkForce false;
-#   virtualisation.podman.enable = lib.mkForce true;
-#   virtualisation.podman.dockerSocket.enable = lib.mkForce true;
-#   virtualisation.podman.defaultNetwork.settings.dns_enabled = lib.mkForce true;
-#   networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
-#   environment.systemPackages = [
-#     pkgs.arion
-#   ];
-#   virtualisation.arion = {
-#     backend = lib.mkForce "podman-socket";
-#     projects.immich = {
-#       serviceName = "immich";
-#       settings = {
-# 	project.name = "immich";
-# 	networks.default = {
-# 	  name = "immich";
-# 	};
-# 	services = {
-# 	  "server" = {
-# 	    service = {
-# 	      image = "ghcr.io/immich-app/immich-server:${immichVersion}";
-# 	      container_name = "server";
-# 	      command = ["start.sh" "immich"];
-# 	      environment = sharedEnv // {
-# 		# NODE_ENV = "production";
-# 	      };
-# 	      ports = [
-# 		"2283:3001"
-# 	      ];
-# 	      volumes = [
-# 		"${immichData}:/usr/src/app/upload:rw"
-# 		"/etc/localtime:/etc/localtime:ro"
-# 	      ];
-# 	      depends_on = ["redis" "postgres"];
-# 	      restart = "always";
-# 	   };
-# 	  };
-# 	  "microservices" = {
-# 	    service = {
-# 	      image = "ghcr.io/immich-app/immich-server:${immichVersion}";
-# 	      container_name = "microservices";
-# 	      command = ["start.sh" "microservices"];
-# 	      environment = sharedEnv;
-# 	      volumes = ["${immichData}:/usr/src/app/upload:rw"];
-# 	      depends_on = ["redis" "postgres"];
-# 	      restart = "always";
-# 	   };
-# 	  };
-# 	  "machine_learning" = {
-# 	    service = {
-# 	      image = "ghcr.io/immich-app/immich-machine-learning:${immichVersion}";
-# 	      container_name = "machine_learning";
-# 	      volumes = [
-# 		"${machineLearning}:/cache"
-# 	      ];
-# 	      restart = "always";
-# 	      environment = sharedEnv // {
-# 		# NODE_ENV = "production";
-# 	      };
-# 	    };
-# 	  };
-# 	  "redis" = {
-# 	    service = {
-# 	      image = "docker.io/redis:6.2-alpine";
-# 	      container_name = "redis";
-# 	      restart = "always";
-# 	      tmpfs = ["/data"];
-# 	    };
-# 	  };
-# 	  "postgres" = {
-# 	    service = {
-# 	      image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0";
-# 	      container_name = "postgres";
-# 	      volumes = [
-# 		"${postgresRoot}:/var/lib/postgresql/data"
-# 	      ];
-# 	      restart = "always";
-# 	      environment = {
-# 		POSTGRES_PASSWORD = sharedEnv.DB_PASSWORD;
-# 		POSTGRES_USER = sharedEnv.DB_USERNAME;
-# 		POSTGRES_DB = sharedEnv.DB_DATABASE_NAME;
-# 		POSTGRES_INITDB_ARGS = "--data-checksums";
-# 	      };
-# 	    };
-# 	  };
-# 	};
-#       };
-#     };
-#   };
-# }
 {config, ...}: let
-  immichHost = "immich.example.com"; # TODO: put your immich domain name here
-
-  immichRoot = "/mnt/hd/immich"; # TODO: Tweak these to your desired storage locations
-  immichPhotos = "${immichRoot}/photos";
-  immichAppdataRoot = "${immichRoot}/appdata";
-  immichVersion = "release";
-  # immichExternalVolume1 = "/tank/BackupData/Google Photos/someone@example.com"; # TODO: if external volumes are desired
-
-  postgresRoot = "${immichAppdataRoot}/pgsql";
-  postgresPassword = "immich"; # TODO: put a random password here
-  postgresUser = "immich";
-  postgresDb = "immich";
+  nixpkgsImmich = builtins.getFlake "github:NixOS/nixpkgs/c0ee4c1770aa1ef998c977c4cc653a07ec95d9bf";
 in {
-  # The primary source for this configuration is the recommended docker-compose installation of immich from
-  # https://immich.app/docs/install/docker-compose, which linkes to:
-  # - https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
-  # - https://github.com/immich-app/immich/releases/latest/download/example.env
-  # and has been transposed into nixos configuration here.  Those upstream files should probably be checked
-  # for serious changes if there are any upgrade problems here.
-  #
-  # After initial deployment, these in-process configurations need to be done:
-  # - create an admin user by accessing the site
-  # - login with the admin user
-  # - set the "Machine Learning Settings" > "URL" to http://immich_machine_learning:3003
-
-  virtualisation.oci-containers.containers.immich_server = {
-    image = "ghcr.io/immich-app/immich-server:${immichVersion}";
-    ports = ["127.0.0.1:2283:3001"];
-    extraOptions = [
-      "--pull=newer"
-      # Force DNS resolution to only be the podman dnsname name server; by default podman provides a resolv.conf
-      # that includes both this server and the upstream system server, causing resolutions of other pod names
-      # to be inconsistent.
-      "--dns=10.88.0.1"
-    ];
-    cmd = ["start.sh" "immich"];
-    environment = {
-      IMMICH_VERSION = immichVersion;
-      DB_HOSTNAME = "immich_postgres";
-      DB_USERNAME = postgresUser;
-      DB_DATABASE_NAME = postgresDb;
-      DB_PASSWORD = postgresPassword;
-      REDIS_HOSTNAME = "immich_redis";
+  containers.nextcloud = {
+    nixpkgs = nixpkgsImmich;
+    autoStart = true;
+    privateNetwork = true;
+    # hostAddress = "192.168.100.10";
+    # localAddress = "192.168.100.11";
+    # hostAddress6 = "fc00::1";
+    # localAddress6 = "fc00::2";
+    config = {
+      config,
+      pkgs,
+      lib,
+      ...
+    }: {
+      services.immich = {
+        enable = true;
+      };
     };
-    volumes = [
-      "${immichPhotos}:/usr/src/app/upload"
-      "/etc/localtime:/etc/localtime:ro"
-      # "${immichExternalVolume1}:${immichExternalVolume1}:ro"
-    ];
-  };
-
-  virtualisation.oci-containers.containers.immich_microservices = {
-    image = "ghcr.io/immich-app/immich-server:${immichVersion}";
-    extraOptions = [
-      "--pull=newer"
-      # Force DNS resolution to only be the podman dnsname name server; by default podman provides a resolv.conf
-      # that includes both this server and the upstream system server, causing resolutions of other pod names
-      # to be inconsistent.
-      "--dns=10.88.0.1"
-    ];
-    cmd = ["start.sh" "microservices"];
-    environment = {
-      IMMICH_VERSION = immichVersion;
-      DB_HOSTNAME = "immich_postgres";
-      DB_USERNAME = postgresUser;
-      DB_DATABASE_NAME = postgresDb;
-      DB_PASSWORD = postgresPassword;
-      REDIS_HOSTNAME = "immich_redis";
-    };
-    volumes = [
-      "${immichPhotos}:/usr/src/app/upload"
-      "/etc/localtime:/etc/localtime:ro"
-      # "${immichExternalVolume}1:${immichExternalVolume1}:ro"
-    ];
-  };
-
-  virtualisation.oci-containers.containers.immich_machine_learning = {
-    image = "ghcr.io/immich-app/immich-machine-learning:${immichVersion}";
-    extraOptions = ["--pull=newer"];
-    environment = {
-      IMMICH_VERSION = immichVersion;
-    };
-    volumes = [
-      "${immichAppdataRoot}/model-cache:/cache"
-    ];
-  };
-
-  virtualisation.oci-containers.containers.immich_redis = {
-    image = "redis:6.2-alpine@sha256:80cc8518800438c684a53ed829c621c94afd1087aaeb59b0d4343ed3e7bcf6c5";
-  };
-
-  virtualisation.oci-containers.containers.immich_postgres = {
-    image = "tensorchord/pgvecto-rs:pg14-v0.1.11";
-    environment = {
-      POSTGRES_PASSWORD = postgresPassword;
-      POSTGRES_USER = postgresUser;
-      POSTGRES_DB = postgresDb;
-    };
-    volumes = [
-      "${postgresRoot}:/var/lib/postgresql/data"
-    ];
   };
 }

modules/nix/default.nix

@@ -32,12 +32,13 @@
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M="
       ];
+      # deprecated-features = [ "url-literals" ];
     };
 
-    nixPath = ["nixpkgs=${fleetFlake.inputs.nixpkgsUnstable}"];
+    nixPath = ["nixpkgs=${fleetFlake.inputs.nixpkgs}"];
 
     extraOptions = ''
-      experimental-features = nix-command flakes ca-derivations impure-derivations
+      experimental-features = nix-command flakes impure-derivations
       builders-use-substitutes = true
     '';
 
@@ -50,19 +51,11 @@
     registry = lib.mkForce ({
         nixpkgs.to = {
           type = "path";
-          path = fleetFlake.inputs.nixpkgsUnstable;
-        };
-        nixpkgsUnstable.to = {
-          type = "path";
-          path = fleetFlake.inputs.nixpkgsUnstable;
-        };
-        nixpkgsStable.to = {
-          type = "path";
-          path = fleetFlake.inputs.nixpkgsStable;
+          path = fleetFlake.inputs.nixpkgs;
         };
         n.to = {
           type = "path";
-          path = fleetFlake.inputs.nixpkgsUnstable;
+          path = fleetFlake.inputs.nixpkgs;
         };
       }
       // (lib.optionalAttrs (builtins.hasAttr "ccr" config) {
@@ -92,11 +85,11 @@
         sshKey = "/home/${config.ccr.username}/.ssh/id_rsa";
       }
       ++ (lib.lists.optional (config.networking.hostName == "picard") {
-        hostName = "mac.staging.mlabs.city";
+        hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store";
         system = "x86_64-darwin";
         maxJobs = 4;
         supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
-        protocol = "ssh-ng";
+        protocol = "ssh";
         sshUser = "root";
         sshKey = "/home/${config.ccr.username}/.ssh/id_rsa";
       });

modules/pipewire/default.nix

@@ -1,3 +1,7 @@
-{
+{lib, ...}: {
   services.pipewire.enable = true;
+
+  hardware.pulseaudio = {
+    enable = lib.mkForce false;
+  };
 }

modules/prometheus-exporters/default.nix

@@ -8,7 +8,7 @@
   mkFor = hosts: lib.mkIf (builtins.elem hostname hosts);
 in {
   services.prometheus.exporters = {
-    node = mkFor ["sisko" "picard"] {
+    node = mkFor ["sisko" "picard" "kirk"] {
       enable = true;
       enabledCollectors = [
         "cpu"
@@ -34,10 +34,10 @@ in {
       ];
       extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi"];
     };
-    wireguard = mkFor ["sisko" "picard"] {
+    wireguard = mkFor ["sisko" "picard" "kirk"] {
       enable = true;
     };
-    zfs = mkFor ["picard"] {
+    zfs = mkFor ["picard" "kirk"] {
       enable = true;
     };
     # restic = mkFor ["sisko"] {
@@ -49,7 +49,7 @@ in {
     nginx = mkFor ["sisko"] {
       enable = true;
     };
-    smartctl = mkFor ["sisko" "picard"] {
+    smartctl = mkFor ["sisko" "picard" "kirk"] {
       enable = true;
     };
   };

modules/prometheus/default.nix

@@ -35,7 +35,7 @@ in {
         job_name = "node";
         static_configs = [
           {
-            targets = builtins.map (host: "${host}.fleet:9100") ["sisko" "picard"];
+            targets = builtins.map (host: "${host}.fleet:9100") ["sisko" "picard" "kirk"];
           }
         ];
       }
@@ -43,7 +43,7 @@ in {
         job_name = "wireguard";
         static_configs = [
           {
-            targets = builtins.map (host: "${host}.fleet:9586") ["picard"];
+            targets = builtins.map (host: "${host}.fleet:9586") ["picard" "kirk"];
           }
         ];
       }
@@ -51,7 +51,7 @@ in {
         job_name = "zfs";
         static_configs = [
           {
-            targets = builtins.map (host: "${host}.fleet:9134") ["picard"];
+            targets = builtins.map (host: "${host}.fleet:9134") ["picard" "kirk"];
           }
         ];
       }
@@ -83,7 +83,7 @@ in {
         job_name = "smartctl";
         static_configs = [
           {
-            targets = builtins.map (host: "${host}.fleet:9633") ["sisko"];
+            targets = builtins.map (host: "${host}.fleet:9633") ["sisko" "kirk" "picard"];
           }
         ];
       }

modules/rock5b-samba/default.nix

@@ -10,17 +10,17 @@
     samba = {
       enable = true;
       securityType = "user";
-      extraConfig = ''
-        workgroup = WORKGROUP
-        server string = rock5b
-        netbios name = rock5b
-        security = user
-        map to guest = bad user
-        vfs objects = recycle
-        recycle:repository = .recycle
-        recycle:keeptree = yes
-        recycle:versions = yes
-      '';
+      settings.global = {
+        "workgroup" = "WORKGROUP";
+        "server string" = "rock5b";
+        "netbios name" = "rock5b";
+        "security" = "user";
+        "map to guest" = "bad user";
+        "vfs objects" = "recycle";
+        "recycle:repository" = ".recycle";
+        "recycle:keeptree" = "yes";
+        "recycle:versions" = "yes";
+      };
       shares = {
         torrent = {
           path = "/mnt/hd/torrent";

modules/sunshine/default.nix

@@ -1,21 +1,13 @@
 {
-  services.xserver = {
+  services.sunshine = {
     enable = true;
-    videoDrivers = ["amdgpu"];
-
-    # displayManager.gdm.enable = true;
-    # displayManager.defaultSession = "gnome";
-
-    # displayManager.autoLogin.enable = true;
-    # displayManager.autoLogin.user = "sunshine"; # user must exists
-
-    # desktopManager.gnome.enable = true;
+    autoStart = true;
+    capSysAdmin = true;
+    openFirewall = true;
   };
-
-  users.users.sunshine = {
-    isSystemUser = true;
-    group = "sunshine";
+  hardware = {
+    bluetooth.input.General = {
+      ClassicBondedOnly = false;
+    };
   };
-
-  users.groups.sunshine = {};
 }

modules/transmission/default.nix

@@ -45,4 +45,8 @@
   ];
 
   ccr.extraGroups = ["transmission"];
+
+  environment.persistence."/persist".directories = [
+    config.services.transmission.home
+  ];
 }