diff --git a/.github/workflows/eval.yaml b/.github/workflows/eval.yaml new file mode 100644 index 0000000..1bc00bd --- /dev/null +++ b/.github/workflows/eval.yaml @@ -0,0 +1,60 @@ +name: Eval NixOS Configurations + +on: + check_suite: + types: [completed] + +permissions: + contents: write + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: deploy + + - name: Install Nix + uses: cachix/install-nix-action@v25 + with: + extra_nix_conf: | + extra-trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= + extra-substituters = https://cache.garnix.io + + - name: Configure Git + run: | + git config --global user.name "GitHub Actions Bot" + git config --global user.email "actions@github.com" + + - name: Process Configurations + run: | + git checkout -b deploy-comin-eval + mkdir -p eval + hosts=$(nix flake show --json | jq -r '.nixosConfigurations | keys[]') + echo "Found hosts: $hosts" + + failed_hosts="" + for host in $hosts; do + echo "Eval derivation for $host" + if ! nix derivation show ".#nixosConfigurations.$host.config.system.build.toplevel" > "eval/$host.json"; then + echo "❌ Failed to evaluate $host" + failed_hosts+="$host " + rm "eval/$host.json" + else + echo "✅ Successfully evaluated $host" + fi + done + + echo "Failed hosts: $failed_hosts" + + git add eval/ + git commit -m "Update deployment configurations for all hosts" + + git push -f origin deploy-comin-eval + + # After success, reset deploy-comin to new deploy + git checkout -b deploy-comin + git reset --hard deploy + git push -f origin deploy-comin diff --git a/flake.lock b/flake.lock index f46f16e..a3527f7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,25 @@ { "nodes": { "catppuccin": { + "inputs": { + "catppuccin-v1_1": "catppuccin-v1_1", + "catppuccin-v1_2": "catppuccin-v1_2", + "home-manager": [ + "home-manager" + ], + "home-manager-stable": "home-manager-stable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable", + "nuscht-search": "nuscht-search" + }, "locked": { - "lastModified": 1733001911, - "narHash": "sha256-uX/9m0TbdhEzuWA0muM5mI/AaWcLiDLjCCyu5Qr9MRk=", + "lastModified": 1735263930, + "narHash": "sha256-vU7SkHINr+NqmZeFLA11plsaUfazKKpdEhI/oTJbK3Q=", "owner": "catppuccin", "repo": "nix", - "rev": "a817009ebfd2cca7f70a77884e5098d0a8c83f8e", + "rev": "a2e641bc6b17129d81d54019e14c9956784c69c6", "type": "github" }, "original": { @@ -15,10 +28,38 @@ "type": "github" } }, + "catppuccin-v1_1": { + "locked": { + "lastModified": 1734055249, + "narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=", + "rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7", + "revCount": 326, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz" + } + }, + "catppuccin-v1_2": { + "locked": { + "lastModified": 1734728407, + "narHash": "sha256-Let3uJo4YDyfqbqaw66dpZxhJB2TrDyZWSFd5rpPLJA=", + "rev": "23ee86dbf4ed347878115a78971d43025362fab1", + "revCount": 341, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.0/0193e5e0-33b7-7149-a362-bfe56b20f64e/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz" + } + }, "colmena": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nix-github-actions": "nix-github-actions", "nixpkgs": [ "nixpkgs" @@ -26,11 +67,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1731527002, - "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", "owner": "zhaofengli", "repo": "colmena", - "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", "type": "github" }, "original": { @@ -39,6 +80,26 @@ "type": "github" } }, + "comin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734693645, + "narHash": "sha256-Vw3YpuQxwBse5JiTGBH5MSPmqXOXFI4ROs7IF3tRc7k=", + "owner": "xinyangli", + "repo": "comin", + "rev": "c8a66bbd129e88ad916cac59f1ad9f45d39b3190", + "type": "github" + }, + "original": { + "owner": "xinyangli", + "repo": "comin", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -68,11 +129,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1735048446, + "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", "type": "github" }, "original": { @@ -189,21 +250,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -221,10 +267,43 @@ "type": "github" } }, + "flake-utils_2": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_3": { "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1726560853, "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", @@ -302,11 +381,11 @@ ] }, "locked": { - "lastModified": 1733754861, - "narHash": "sha256-3JKzIou54yjiMVmvgdJwopekEvZxX3JDT8DpKZs4oXY=", + "lastModified": 1735343815, + "narHash": "sha256-p7IJP/97zJda/wwCn1T2LJBz4olF5LjNf4uwhuyvARo=", "owner": "nix-community", "repo": "home-manager", - "rev": "9ebaa80a227eaca9c87c53ed515ade013bc2bca9", + "rev": "b7a7cd5dd1a74a9fe86ed4e016f91c78483b527a", "type": "github" }, "original": { @@ -315,6 +394,28 @@ "type": "github" } }, + "home-manager-stable": { + "inputs": { + "nixpkgs": [ + "catppuccin", + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -338,6 +439,34 @@ } }, "ixx": { + "inputs": { + "flake-utils": [ + "catppuccin", + "nuscht-search", + "flake-utils" + ], + "nixpkgs": [ + "catppuccin", + "nuscht-search", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, + "ixx_2": { "inputs": { "flake-utils": [ "my-nixvim", @@ -376,17 +505,17 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1732936640, - "narHash": "sha256-NcluA0L+ZV5MUj3UuQhlkGCj8KoEhX/ObWlMHZ/F/ac=", + "lastModified": 1735219902, + "narHash": "sha256-s1aI4l9e0OX861wHsvAPqz/s8B9ZTltAMJzPRXt5Kqo=", "ref": "refs/heads/master", - "rev": "a3709a89797ea094f82d38edeb4a538c07c8c3fa", - "revCount": 20, + "rev": "4439691030d1a28f4ad49c542104e3f880f7c183", + "revCount": 25, "type": "git", - "url": "https://git.xinyang.life/xin/nixvim" + "url": "https://git.xiny.li/xin/nixvim" }, "original": { "type": "git", - "url": "https://git.xinyang.life/xin/nixvim" + "url": "https://git.xiny.li/xin/nixvim" } }, "nix-darwin": { @@ -439,11 +568,11 @@ ] }, "locked": { - "lastModified": 1733629314, - "narHash": "sha256-U0vivjQFAwjNDYt49Krevs1murX9hKBFe2Ye0cHpgbU=", + "lastModified": 1735222882, + "narHash": "sha256-kWNi45/mRjQMG+UpaZQ7KyPavYrKfle3WgLn9YeBBVg=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "f1e477a7dd11e27e7f98b646349cd66bbabf2fb8", + "rev": "7e3246f6ad43b44bc1c16d580d7bf6467f971530", "type": "github" }, "original": { @@ -463,11 +592,11 @@ ] }, "locked": { - "lastModified": 1733795858, - "narHash": "sha256-K595Q2PrZv2iiumdBkwM2G456T2lKsLD71bn/fbJiQ0=", + "lastModified": 1735350281, + "narHash": "sha256-rNhcGVh6Xnc0DKWR5RTTD9OxucfAotd41LEuMCGz228=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "66ced222ef9235f90dbdd754ede3d6476722aaa9", + "rev": "57719f14beefb91c5b58da26bb9cffbdb4f70bfa", "type": "github" }, "original": { @@ -478,11 +607,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733481457, - "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { @@ -522,11 +651,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1733730953, - "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", + "lastModified": 1734600368, + "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1735286948, + "narHash": "sha256-JMRV2RI58nV1UqLXqm+lcea1/dr92fYjWU5S+Rz3fmE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7109b680d161993918b0a126f38bc39763e5a709", + "rev": "31ac92f9628682b294026f0860e14587a09ffb4b", "type": "github" }, "original": { @@ -538,11 +683,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1733805440, - "narHash": "sha256-AQdCeGt3dMV9/cchlWGMcP0Z8qM47V+B0p7cSRr+HhA=", + "lastModified": 1734829510, + "narHash": "sha256-hb2GwIHunYTjo8d1zBfSC5v46IEY5UZWQdR5R1omvmE=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "61b1078fca3a097ce06ada68a6f2766347eed02c", + "rev": "2ad7f9f3c996dd9838a4f68941bcbeed2807b150", "type": "github" }, "original": { @@ -554,11 +699,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1733581040, - "narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=", + "lastModified": 1735291276, + "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01", + "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", "type": "github" }, "original": { @@ -601,11 +746,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1733805328, - "narHash": "sha256-5F49/mOzFb40uUZh71uNr7kBXjDCw5ZfHMbpZjjUVBQ=", + "lastModified": 1735337462, + "narHash": "sha256-B+PNIYtTmgnTV/wdA/qrYohmeBHaYrDwVAueODdvtlo=", "owner": "nix-community", "repo": "NUR", - "rev": "b54fa3d8c020e077d88be036a12a711b84fe2031", + "rev": "538f624930cdfb852e4e3dd055f79e932d5b3c16", "type": "github" }, "original": { @@ -614,10 +759,33 @@ "type": "github" } }, + "nuscht-search": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "catppuccin", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733773348, + "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", + "owner": "NuschtOS", + "repo": "search", + "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_3", - "ixx": "ixx", + "flake-utils": "flake-utils_4", + "ixx": "ixx_2", "nixpkgs": [ "my-nixvim", "nixvim", @@ -642,15 +810,16 @@ "inputs": { "catppuccin": "catppuccin", "colmena": "colmena", + "comin": "comin", "disko": "disko", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "home-manager": "home-manager", "my-nixvim": "my-nixvim", "nix-index-database": "nix-index-database", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-stable": "nixpkgs-stable_2", "nur": "nur", "sops-nix": "sops-nix" } @@ -662,11 +831,11 @@ ] }, "locked": { - "lastModified": 1733785344, - "narHash": "sha256-pm4cfEcPXripE36PYCl0A2Tu5ruwHEvTee+HzNk+SQE=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a80af8929781b5fe92ddb8ae52e9027fae780d2a", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { @@ -721,6 +890,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index d01cdba..27f8265 100644 --- a/flake.nix +++ b/flake.nix @@ -43,18 +43,25 @@ }; my-nixvim = { - url = "git+https://git.xinyang.life/xin/nixvim"; + url = "git+https://git.xiny.li/xin/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; }; catppuccin = { url = "github:catppuccin/nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + + comin = { + url = "github:xinyangli/comin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -72,6 +79,7 @@ colmena, nix-index-database, disko, + comin, ... }: let @@ -107,6 +115,7 @@ sharedNixosModules = [ self.nixosModules.default sops-nix.nixosModules.sops + comin.nixosModules.comin ]; nodeNixosModules = { calcite = [ @@ -286,16 +295,22 @@ { imports = nodeNixosModules.biotite ++ sharedColmenaModules; }; + + osmium = + { ... }: + { + deployment = { + targetHost = "osmium.coho-tet.ts.net"; + buildOnTarget = false; + }; + imports = nodeNixosModules.osmium ++ sharedColmenaModules; + }; }; nixosConfigurations = { calcite = mkNixos { hostname = "calcite"; }; - - osmium = mkNixos { - hostname = "osmium"; - }; } // self.colmenaHive.nodes; } @@ -305,7 +320,7 @@ pkgs = nixpkgs.legacyPackages.${system}; mkHomeConfiguration = user: host: { - name = user; + name = "${user}-${host}"; value = home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = [ @@ -321,7 +336,6 @@ packages = with pkgs; [ nix git - colmena.packages.${system}.colmena sops nix-output-monitor nil diff --git a/garnix.yaml b/garnix.yaml index 38563a7..630fac6 100644 --- a/garnix.yaml +++ b/garnix.yaml @@ -1,10 +1,19 @@ builds: - include: - - '*.x86_64-linux.*' - - defaultPackage.x86_64-linux - - devShell.x86_64-linux - - homeConfigurations.x86_64-linux.* - - homeConfigurations.aarch64-linux.* - - darwinConfigurations.* - - nixosConfigurations.* - + - include: + - '*.x86_64-linux.*' + - defaultPackage.x86_64-linux + - devShell.x86_64-linux + - homeConfigurations.x86_64-linux.* + - homeConfigurations.aarch64-linux.* + - darwinConfigurations.* + - nixosConfigurations.* + branch: deploy + - include: + - '*.x86_64-linux.*' + - defaultPackage.x86_64-linux + - devShell.x86_64-linux + - homeConfigurations.x86_64-linux.* + - homeConfigurations.aarch64-linux.* + - darwinConfigurations.* + - nixosConfigurations.* + branch: next diff --git a/home/default.nix b/home/default.nix index ddd31bf..ea2911a 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,5 +1,6 @@ { xin = { calcite = import ./xin/calcite.nix; + gold = import ./xin/gold; }; } diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index d90cc4d..c834d39 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -108,10 +108,12 @@ in xdg.systemDirs.data = [ "/usr/share" - "/var/lib/flatpak/exports/share" - "${homeDirectory}/.local/share/flatpak/exports/share" ]; + xdg.configFile."distrobox/distrobox.conf".text = '' + container_additional_volumes="/nix/store:/nix/store:ro /etc/profiles/per-user:/etc/profiles/per-user:ro" + ''; + programs.man.generateCaches = false; programs.atuin = { diff --git a/home/xin/raspite/default.nix b/home/xin/raspite/default.nix deleted file mode 100644 index 888383c..0000000 --- a/home/xin/raspite/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ ../common ]; - - home.username = "xin"; - home.homeDirectory = "/home/xin"; - home.stateVersion = "23.05"; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - accounts.email.accounts.gmail = { - primary = true; - address = "lixinyang411@gmail.com"; - flavor = "gmail.com"; - }; - - accounts.email.accounts.whu = { - address = "lixinyang411@whu.edu.cn"; - }; - - accounts.email.accounts.foxmail = { - address = "lixinyang411@foxmail.com"; - }; -} diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index c5afb73..9a70f52 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -20,6 +20,7 @@ in nix = { signing.enable = true; }; + comin.enable = true; }; # Bootloader. @@ -151,11 +152,18 @@ in services.keyd = { enable = true; keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + capslock = "overload(control, esc)"; + }; + }; + }; "internal" = { ids = [ "0b05:1866" ]; settings = { main = { - capslock = "overload(control, esc)"; leftcontrol = "capslock"; }; }; @@ -169,17 +177,6 @@ in }; }; }; - "keydous" = { - ids = [ - "25a7:fa14" - "3151:4002" - ]; - settings = { - main = { - capslock = "overload(control, esc)"; - }; - }; - }; }; }; @@ -301,6 +298,7 @@ in zotero # onlyoffice-bin + # wemeet wemeet virt-manager diff --git a/machines/dolomite/common.nix b/machines/dolomite/common.nix index 65b10c7..0b80ae4 100644 --- a/machines/dolomite/common.nix +++ b/machines/dolomite/common.nix @@ -37,6 +37,7 @@ commonSettings = { auth.enable = true; + comin.enable = true; proxyServer = { enable = true; users = [ diff --git a/machines/thorite/default.nix b/machines/thorite/default.nix index f2de662..2ea7cf4 100644 --- a/machines/thorite/default.nix +++ b/machines/thorite/default.nix @@ -37,6 +37,7 @@ commonSettings = { auth.enable = true; + comin.enable = true; }; nixpkgs.system = "x86_64-linux"; diff --git a/machines/thorite/monitoring.nix b/machines/thorite/monitoring.nix index 981fd14..afb0b6e 100644 --- a/machines/thorite/monitoring.nix +++ b/machines/thorite/monitoring.nix @@ -12,6 +12,7 @@ let hedgedocDomain grafanaUrl ntfyUrl + internalDomain ; removeHttps = s: lib.removePrefix "https://" s; in @@ -58,7 +59,22 @@ in node.enable = true; }; ruleModules = - (mkCaddyRules [ { host = "thorite"; } ]) + [ + { + name = "comin_rules"; + rules = [ + { + alert = "CominBuildFailed"; + expr = "comin_build_info != 1"; + for = "1m"; + labels = { + severity = "critical"; + }; + } + ]; + } + ] + ++ (mkCaddyRules [ { host = "thorite"; } ]) ++ (mkNodeRules [ { host = "thorite"; } ]) ++ (mkBlackboxRules [ { host = "thorite"; } ]); }; @@ -81,7 +97,24 @@ in ]; passwordFile = config.sops.secrets."prometheus/metrics_password".path; in - (mkScrapes [ + [ + { + job_name = "comin"; + scheme = "http"; + static_configs = [ + { + targets = map (host: "${host}.${internalDomain}:4243") [ + "weilite" + "thorite" + "la-00" + "hk-00" + "fra-00" + ]; + } + ]; + } + ] + ++ (mkScrapes [ { name = "immich"; scheme = "http"; diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix index 9d8cd04..cb5804b 100644 --- a/machines/weilite/default.nix +++ b/machines/weilite/default.nix @@ -12,6 +12,13 @@ ./services ]; + options = { + node = lib.mkOption { + type = lib.types.attrs; + default = { }; + }; + }; + config = { networking.hostName = "weilite"; commonSettings = { @@ -19,6 +26,10 @@ nix = { enable = true; }; + comin.enable = true; + }; + node = { + mediaDir = "/mnt/nixos/media"; }; boot = { @@ -33,12 +44,19 @@ "usb_storage" "sd_mod" ]; - kernelModules = [ "kvm-intel" ]; + kernelModules = [ + "kvm-intel" + ]; + kernelPackages = pkgs.linuxPackages_6_12; }; nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ pkgs.virtiofsd ]; + environment.systemPackages = [ + pkgs.virtiofsd + pkgs.intel-gpu-tools + pkgs.pciutils + ]; sops = { defaultSopsFile = ./secrets.yaml; @@ -88,21 +106,46 @@ wantedBy = [ "immich-server.service" ]; } { - what = "restic"; - where = "/var/lib/restic"; + what = "nixos"; + where = "/mnt/nixos"; type = "virtiofs"; options = "rw,nodev,nosuid"; + } + + { + what = "/mnt/nixos/ocis"; + where = "/var/lib/ocis"; + options = "bind"; + after = [ "mnt-nixos.mount" ]; + wantedBy = [ "ocis.service" ]; + } + { + what = "/mnt/nixos/restic"; + where = "/var/lib/restic"; + options = "bind"; + after = [ "mnt-nixos.mount" ]; wantedBy = [ "restic-rest-server.service" ]; } { - what = "ocis"; - where = "/var/lib/ocis"; - type = "virtiofs"; - options = "rw,nodev,nosuid"; - wantedBy = [ "ocis.service" ]; + what = "/mnt/nixos/immich"; + where = "/var/lib/immich"; + options = "bind"; + after = [ "mnt-nixos.mount" ]; + wantedBy = [ "immich-server.service" ]; } ]; + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver + vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + intel-media-sdk # QSV up to 11th gen + ]; + }; + services.openssh.ports = [ 22 2222 diff --git a/machines/weilite/secrets.yaml b/machines/weilite/secrets.yaml index 0394a80..b5c3aa5 100644 --- a/machines/weilite/secrets.yaml +++ b/machines/weilite/secrets.yaml @@ -4,6 +4,8 @@ immich: oauth_client_secret: ENC[AES256_GCM,data:EFs2hPjGMj0idwY3oQVIDTOIWkdwoAoAVjDQE9Z2eAKzUDH3grmYpYE+33V8d/Ux,iv:A9cjwFr/ZqltG62/N8MQ1LhdDbSIVVAqIPVB492zYJw=,tag:VTTtE697BZTVsI32UF53/w==,type:str] restic: localpass: ENC[AES256_GCM,data:GIQAmkpDmGu4+sSG5/b5yQ==,iv:dcu6F8NnVjeQzEG2vM3fOV5owI0PWc86ts20UP3vN18=,tag:vsG8x062FG1pH5YNcAajeg==,type:str] +transmission: + rpc-password: ENC[AES256_GCM,data:4dumy0hygGOuwU3ANky3xEKRDRBAJWE=,iv:HVV2J+F8HndHZNsMD2YmkWrJOzk5JIapGd0SuQP8VqU=,tag:xqp5pxh5cYYogA4alrmIfg==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +30,8 @@ sops: V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-03T05:59:51Z" - mac: ENC[AES256_GCM,data:0dLbfkm7fJvH5Mmct0/qHulg2AtDCeeeOgWMXfeGRUaX3GlLDiLga0zW4uNPDuahVecdh6ofvYfBOxFaGUdBCHk9vq5GzrwrzBNhqObWQ3AqVuq5rjqSxEKoFM4Eb5qoqaOefFzT/9qC94NDETTsHhjiEeIgd4fgSr2dazNiFPE=,iv:Ggw0FHzkrhKh5Uzo3seHGwwHsWW/tTAgAl0iIq9PVk4=,tag:rJvUI5/wsLJ01XyKmkRghw==,type:str] + lastmodified: "2024-12-25T00:35:15Z" + mac: ENC[AES256_GCM,data:sk4DL+w740RD9A3sPvcGD4fc90Nfw9C8dH11ScGRgt6gS3v4V16pD0Q/bHHZiUCll76phZKjp+sGcZaPw0X7RDlK582WY3uw0pLtqLlm0gejjmvBJYKg47nA0dCD+vDvbMkJlvJG6N3sRuXDBa/7bAe452eXZNS8Xnm7ceDscVc=,iv:Nx4yCfG9rNk0q8akuI1aZr6Wj4GIAxASE8Tc7TH4Vj8=,tag:GodvlMbhIPpPu062spKFxA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/machines/weilite/services/default.nix b/machines/weilite/services/default.nix index 0a6e4ca..ca5ee33 100644 --- a/machines/weilite/services/default.nix +++ b/machines/weilite/services/default.nix @@ -4,5 +4,7 @@ ./restic.nix ./media-download.nix ./immich.nix + ./jellyfin.nix + ./transmission.nix ]; } diff --git a/machines/weilite/services/immich.nix b/machines/weilite/services/immich.nix index 33a98d3..0b97f5c 100644 --- a/machines/weilite/services/immich.nix +++ b/machines/weilite/services/immich.nix @@ -46,7 +46,6 @@ in services.immich = { enable = true; - mediaLocation = "/mnt/XinPhotos/immich"; host = "127.0.0.1"; port = 3001; openFirewall = true; diff --git a/machines/weilite/services/jellyfin.nix b/machines/weilite/services/jellyfin.nix new file mode 100644 index 0000000..025386b --- /dev/null +++ b/machines/weilite/services/jellyfin.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: +let + cfg = config.services.jellyfin; +in +{ + services.jellyfin.enable = true; + + systemd.services.jellyfin.serviceConfig = { + BindReadOnlyPaths = [ + "/mnt/nixos/media:${cfg.dataDir}/media" + ]; + }; + + environment.systemPackages = with pkgs; [ + jellyfin + jellyfin-web + jellyfin-ffmpeg + ]; + services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:8920".extraConfig = '' + reverse_proxy 127.0.0.1:8096 + ''; + networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan + users.users.jellyfin.extraGroups = [ "render" ]; + users.groups.media.members = [ cfg.user ]; +} diff --git a/machines/weilite/services/media-download.nix b/machines/weilite/services/media-download.nix index 6f22744..a161931 100644 --- a/machines/weilite/services/media-download.nix +++ b/machines/weilite/services/media-download.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { services.jackett = { enable = true; @@ -27,4 +27,9 @@ services.radarr = { enable = true; }; + + users.groups.media.members = [ + config.services.sonarr.user + config.services.radarr.user + ]; } diff --git a/machines/weilite/services/transmission.nix b/machines/weilite/services/transmission.nix new file mode 100644 index 0000000..b025819 --- /dev/null +++ b/machines/weilite/services/transmission.nix @@ -0,0 +1,69 @@ +{ config, pkgs, ... }: +let + cfg = config.services.transmission; +in +{ + sops.secrets = { + "transmission/rpc-password" = { }; + }; + + sops.templates."transmission-cred.json" = { + content = builtins.toJSON { + rpc-password = config.sops.placeholder."transmission/rpc-password"; + }; + }; + + services.transmission = { + enable = true; + package = pkgs.transmission_4; + openPeerPorts = true; + credentialsFile = config.sops.templates."transmission-cred.json".path; + settings = { + download-dir = "/mnt/nixos/media"; + incomplete-dir = "/mnt/nixos/transmission/incomplete"; + alt-speed-down = 40960; + alt-speed-enabled = true; + alt-speed-time-begin = 60; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 420; + alt-speed-up = 4096; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + download-queue-enabled = true; + download-queue-size = 10; + incomplete-dir-enabled = true; + lpd-enabled = false; + message-level = 4; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 200; + peer-limit-per-torrent = 50; + peer-port = 51413; + peer-socket-tos = "cs1"; + pex-enabled = true; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + rename-partial-files = true; + rpc-bind-address = "127.0.0.1"; + rpc-enabled = true; + rpc-authentication-required = true; + rpc-port = 9092; + rpc-username = "xin"; + rpc-whitelist = "127.0.0.1"; + speed-limit-down = 20480; + speed-limit-down-enabled = true; + speed-limit-up = 3072; + speed-limit-up-enabled = true; + start-added-torrents = true; + watch-dir-enabled = false; + }; + }; + services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:9091".extraConfig = '' + reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port} + ''; + networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan + users.groups.media.members = [ cfg.user ]; +} diff --git a/modules/home-manager/gui/themes.nix b/modules/home-manager/gui/themes.nix index ad0de1c..6278692 100644 --- a/modules/home-manager/gui/themes.nix +++ b/modules/home-manager/gui/themes.nix @@ -13,6 +13,10 @@ name = "Catppuccin-GTK-Dark"; package = pkgs.magnetic-catppuccin-gtk; }; + iconTheme = { + name = "Qogir"; + package = pkgs.qogir-icon-theme; + }; gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; }; }; diff --git a/modules/home-manager/gui/waybar.nix b/modules/home-manager/gui/waybar.nix index 3890a00..66b9ecb 100644 --- a/modules/home-manager/gui/waybar.nix +++ b/modules/home-manager/gui/waybar.nix @@ -44,8 +44,6 @@ in modules-right = [ "network#speed" "custom/separator" - "network#if" - "custom/separator" "pulseaudio" "custom/separator" "memory" @@ -121,22 +119,6 @@ in format = " {percentage}%"; }; - "network#if" = { - format = "{ifname}"; - format-disconnected = "󰌙"; - format-ethernet = "󰌘"; - format-linked = "{ifname} (No IP) 󰈁"; - format-wifi = "{icon}"; - format-icons = [ - "󰤯" - "󰤟" - "󰤢" - "󰤥" - "󰤨" - ]; - interval = 10; - }; - "network#speed" = { format = "{ifname}"; format-disconnected = "󰌙"; diff --git a/modules/nixos/common-settings/comin.nix b/modules/nixos/common-settings/comin.nix new file mode 100644 index 0000000..70a23ee --- /dev/null +++ b/modules/nixos/common-settings/comin.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +let + inherit (lib) + mkEnableOption + mkIf + ; + + cfg = config.commonSettings.comin; +in +{ + options.commonSettings.comin = { + enable = mkEnableOption "auto updater with comin"; + }; + + config = { + services.comin = mkIf cfg.enable { + enable = true; + remotes = [ + { + name = "origin"; + url = "https://github.com/xinyangli/nixos-config.git"; + branches.main.name = "deploy-comin"; + } + ]; + hostname = config.networking.hostName; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index d2f210d..33929ce 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -2,6 +2,7 @@ imports = [ ./common-settings/auth.nix ./common-settings/autoupgrade.nix + ./common-settings/comin.nix ./common-settings/nix-conf.nix ./common-settings/proxy-server.nix ./common-settings/mainland.nix diff --git a/modules/nixos/monitor/exporters.nix b/modules/nixos/monitor/exporters.nix index 56750ef..d0e006f 100644 --- a/modules/nixos/monitor/exporters.nix +++ b/modules/nixos/monitor/exporters.nix @@ -11,7 +11,7 @@ let in { config = { - systemd.services.tailscaled.after = + systemd.services.tailscaled.before = (lib.optional cfg.node.enable "prometheus-node-exporters.service") ++ (lib.optional cfg.blackbox.enable "prometheus-blackbox-exporters.service") ++ (lib.optional config.services.caddy.enable "caddy.service"); diff --git a/overlays/my-lib/settings.nix b/overlays/my-lib/settings.nix index 46bdb04..be97568 100644 --- a/overlays/my-lib/settings.nix +++ b/overlays/my-lib/settings.nix @@ -16,5 +16,7 @@ prometheusCollectors = [ "thorite.coho-tet.ts.net" ]; + + internalDomain = "coho-tet.ts.net"; }; }