diff --git a/flake.lock b/flake.lock index 8d9ac2c..33b6fa2 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "pyproject-nix": "pyproject-nix" }, "locked": { - "lastModified": 1732113111, - "narHash": "sha256-KgGKWOEbqP15O2J6kue4JShHDk5yGG5e1GfY22bjuZU=", + "lastModified": 1731915700, + "narHash": "sha256-IVhIHdQaY4LU+6wOmXM6IhjKN8k0nbTacedIfxmt0RI=", "owner": "nix-community", "repo": "dream2nix", - "rev": "91bec8a0854abfa581a40b5030cfa8f98d2f8ee5", + "rev": "e118d69b142dea7690555fc4502f288030c1d4ed", "type": "github" }, "original": { @@ -119,11 +119,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1732179669, - "narHash": "sha256-zpaoCm2sakoi8hsabMjTq7kYTz0SJo7PhRUGk48QjXY=", + "lastModified": 1732093299, + "narHash": "sha256-LFw807llsc/qIMbSBHN4C3jtOeWHLtSgo2V2yhv1nC8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "46cbce8bc96c36a83a2cae9312026b3028bdcb87", + "rev": "79d8dd3148860718bc78b73c7e4972f850b19541", "type": "github" }, "original": { @@ -223,27 +223,6 @@ } }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "nix-fast-build", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -261,7 +240,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nixThePlanet", @@ -419,7 +398,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "nixpkgs": "nixpkgs_6" }, "locked": { @@ -643,28 +622,6 @@ "type": "github" } }, - "nix-fast-build": { - "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix_2" - }, - "locked": { - "lastModified": 1730278911, - "narHash": "sha256-CrbqsC+lEA3w6gLfpqfDMDEKoEta2sl4sbQK6Z/gXak=", - "owner": "Mic92", - "repo": "nix-fast-build", - "rev": "8e7c9d76979381441facb8888f21408312cf177a", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "nix-fast-build", - "type": "github" - } - }, "nix-formatter-pack": { "inputs": { "nixpkgs": [ @@ -755,7 +712,7 @@ }, "nixThePlanet": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": [ "nixpkgs" @@ -935,11 +892,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -996,11 +953,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -1162,13 +1119,12 @@ "lix-eval-jobs": "lix-eval-jobs", "lix-module": "lix-module", "mobile-nixos": "mobile-nixos", - "nix-fast-build": "nix-fast-build", "nix-on-droid": "nix-on-droid", "nixDarwin": "nixDarwin", "nixThePlanet": "nixThePlanet", "nixosHardware": "nixosHardware", "nixpkgs": "nixpkgs_7", - "treefmt-nix": "treefmt-nix_3", + "treefmt-nix": "treefmt-nix_2", "vscode-server": "vscode-server" } }, @@ -1300,36 +1256,15 @@ "treefmt-nix_2": { "inputs": { "nixpkgs": [ - "nix-fast-build", "nixpkgs" ] }, "locked": { - "lastModified": 1723808491, - "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", + "lastModified": 1732013921, + "narHash": "sha256-grEEN4LjL4DTDZUyZjVcj9dXRykH/SKnpOIADN0q5w8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_3": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732187120, - "narHash": "sha256-XdW2mYXvPHYtZ8oQqO3tRYtxx7kI0Hs3NU64IwAtD68=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "37f8f47cb618eddee0c0dd31a582b1cd3013c7f6", + "rev": "5f5c2787576f3e39bbc2ebdbf8521b3177c5c19c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e42bff9..de2ff34 100644 --- a/flake.nix +++ b/flake.nix @@ -62,10 +62,6 @@ }; catppuccin.url = "github:catppuccin/nix"; emacs-overlay.url = "github:nix-community/emacs-overlay"; - nix-fast-build = { - url = "github:Mic92/nix-fast-build"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = diff --git a/hosts/default.nix b/hosts/default.nix index f86454b..5636017 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -110,13 +110,11 @@ "cloudflare-dyndns-api-token" = { }; "restic-hetzner-password" = { }; "hass-ssh-key".owner = "hass"; - "sisko-attic-environment-file".owner = "atticd"; "autistici-password" = { # FIXME terrible, should create a third ad-hoc group owner = "grafana"; group = "forgejo"; }; - }; }; }; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 65c5e0b..ba45c12 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -18,7 +18,7 @@ "sisko-proxy" "invidious" "searx" - "sisko-share" + "sisko-nfs" "forgejo" "prometheus" "grafana" @@ -30,7 +30,6 @@ "immich" "paperless" "syncthing" - "atticd" ] ++ [ ./disko.nix diff --git a/modules/atticd/default.nix b/modules/atticd/default.nix deleted file mode 100644 index 507ba59..0000000 --- a/modules/atticd/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, ... }: -{ - services.atticd = { - enable = true; - settings = { - listen = "0.0.0.0:8081"; - allowed-hosts = [ ]; # Allow all hosts - # api-endpoint = "https://cache.staging.mlabs.city/"; - soft-delete-caches = false; - require-proof-of-possession = true; - - database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc"; - - storage = { - type = "local"; - path = "/mnt/hd/atticd"; - }; - - compression = { - level = 8; - type = "zstd"; - }; - - chunking = { - nar-size-threshold = 64 * 1024; # 64 KiB - min-size = 16 * 1024; # 16 KiB - avg-size = 64 * 1024; # 64 KiB - max-size = 256 * 1024; # 256 KiB - }; - }; - environmentFile = config.age.secrets.sisko-attic-environment-file.path; - }; - - systemd.services.atticd = { - serviceConfig = { - DynamicUser = lib.mkForce false; - }; - }; - - systemd.tmpfiles.rules = [ - "d config.services.atticd.settings.storage.path 770 atticd atticd" - ]; - - users = { - groups.atticd = { }; - users.atticd = { - group = "atticd"; - home = config.services.atticd.settings.storage.path; - isSystemUser = true; - }; - }; -} diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix index e9b52b9..1d88c82 100644 --- a/modules/forgejo-runners/default.nix +++ b/modules/forgejo-runners/default.nix @@ -23,7 +23,6 @@ let nix-fast-build curl tea - attic-client ] }; do for bin in "$dir"/bin/*; do diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index 9cde4b4..cebc663 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -70,6 +70,15 @@ in "::1" ]; }; + # ffmpeg = {}; + # camera = [ + # { + # name = "EyeToy"; + # platform = "ffmpeg"; + # input = "/dev/video1"; + # extra_arguments = "-vcodec h264"; + # } + # ]; homeassistant = { unit_system = "metric"; time_zone = "Europe/Rome"; @@ -78,6 +87,17 @@ in internal_url = "http://rock5b.fleet:8123"; }; logger.default = "WARNING"; + # backup = {}; + # media_player = [{ + # platform = "webostv"; + # host = "10.1.1.213"; + # name = "TV"; + # timeout = "5"; + # turn_on_action = { + # service = "wake_on_lan.send_magic_packet"; + # data.mac = "20:28:bc:74:14:c2"; + # }; + # }]; wake_on_lan = { }; switch = [ { @@ -89,6 +109,7 @@ in } ]; shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"''; + # shell_command.turn_off_picard = ''whoami''; prometheus = { namespace = "hass"; }; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index a46e84e..84e36c4 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -2,23 +2,17 @@ config, lib, fleetFlake, - pkgs, ... }: { nixpkgs.overlays = [ (final: _: { - nix-fast-build = fleetFlake.inputs.nix-fast-build.packages.${final.system}.nix-fast-build // { - nix = final.nix; - }; nix-eval-job = fleetFlake.inputs.lix-eval-jobs.packages.${final.system}.nix-eval-jobs // { nix = final.nix; }; }) ]; - environment.systemPackages = [ pkgs.nix-fast-build ]; - nix = { optimise.automatic = true; diff --git a/modules/sisko-nfs/default.nix b/modules/sisko-nfs/default.nix new file mode 100644 index 0000000..7e9b82b --- /dev/null +++ b/modules/sisko-nfs/default.nix @@ -0,0 +1,20 @@ +{ + systemd.tmpfiles.rules = [ + "d /export 770 nobody nogroup" + ]; + + fileSystems."/export/hd" = { + device = "/mnt/hd"; + options = [ "bind" ]; + }; + + services.nfs.server = { + enable = true; + exports = '' + /export 10.100.0.1/24(rw,fsid=0,no_subtree_check) + /export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash) + ''; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; +} diff --git a/modules/sisko-share/default.nix b/modules/sisko-share/default.nix deleted file mode 100644 index 41ea29b..0000000 --- a/modules/sisko-share/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /export 770 nobody nogroup" - ]; - - fileSystems."/export/hd" = { - device = "/mnt/hd"; - options = [ "bind" ]; - }; - - services.nfs.server = { - enable = true; - exports = '' - /export 10.100.0.1/24(rw,fsid=0,no_subtree_check) - /export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash) - ''; - }; - - services.webdav = { - enable = true; - - settings = { - address = "10.1.1.2"; # accessible only in LAN, used by Kodi installed on the TV - port = 9999; - scope = "/mnt/hd/torrent"; - modify = false; - auth = false; # TODO should we enable authentication? It's only reachable in LAN - debug = true; - users = [ ]; - }; - }; - - users.users.webdav.extraGroups = [ "transmission" ]; - - networking.firewall.allowedTCPPorts = [ - 2049 - 9999 - ]; -} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 52a3217..e5e95f4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -161,11 +161,6 @@ with keys.users; ccr-gpg sisko ]; - "sisko-attic-environment-file.age".publicKeys = [ - ccr-ssh - ccr-gpg - sisko - ]; # WireGuard "picard-wireguard-private-key.age".publicKeys = [ diff --git a/secrets/sisko-attic-environment-file.age b/secrets/sisko-attic-environment-file.age deleted file mode 100644 index 9727463..0000000 Binary files a/secrets/sisko-attic-environment-file.age and /dev/null differ