From 868496d2b9ddb19ffd131a08589b796a58f4e843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Tue, 3 Jun 2025 01:15:57 -0300 Subject: [PATCH 01/16] monolith: enable nix cache over ssh --- secrets/monolith/default.yaml | 5 +- system/gitlab-runner.nix | 136 +++++++++++++++++---------- system/gitlab-runner/nix-cache-end | 21 +++++ system/gitlab-runner/nix-cache-start | 18 ++++ system/monolith-gitlab-runner.nix | 10 +- 5 files changed, 138 insertions(+), 52 deletions(-) create mode 100755 system/gitlab-runner/nix-cache-end create mode 100755 system/gitlab-runner/nix-cache-start diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index f354335..29e417a 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -6,6 +6,7 @@ gitlab-runners: docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str] wopus-gitlab-docker-images: ENC[AES256_GCM,data:aGbCjQr1VKgg5n4f8vZKgdXcDw/M5JHez9E2TqipBXQ8D0jXdfPg6laNOJUOD+uPBOIGKUBMEg4OtLblCZFVw/V6wJN16wVbwkDU3uELQ8tPmlYSt4fcy4+5sC6+tV4YeMSKA6yIjD+xpkk=,iv:ojBhf2WdkWHruvTbABAAvuGDVOnsUl+qnhvH09L+lgA=,tag:gWhEkvL1qlcge3bSKVDSIg==,type:str] + wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str] bitbucket-runners: wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str] wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str] @@ -31,8 +32,8 @@ sops: aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-28T03:04:52Z" - mac: ENC[AES256_GCM,data:THwZcK7nJnCYEUR8CiaQKZ8dQpYbDqnshBBWFzEzPXEWLgFB9+7d6aRh9ZDjZs0rhBTChta3H7YxDJdFh5nAJQy532FJp4S4tBOLHWFZARlKhXngujd0SvxPER55uvxImNFIYX0RDSHUck5jDXCA0tBCmE/Q7DuY7v0+cmRgOV8=,iv:1p3kFMSg0k1n00P6UY5Tttuqvpsb4Se8km5zA9GhAu4=,tag:cDxbHZ+eScDQacwV1sYGIA==,type:str] + lastmodified: "2025-06-03T01:18:30Z" + mac: ENC[AES256_GCM,data:KugjzfnFVdkR7sTDpeFXyf75PRvWx0Dyj+ZCxFo7rQcjkGBr/MqoXqvImIkmL3xTBrr0I+eRYYkn2wdAe+yw5ZY5r7/QJENNt55bR4h8KgXEebCXERdnCejv/in0LWTD887kC5LlYzK/oZbBgLgDu4btdxn1/6balc08uL4Wn10=,iv:SjTCJCOh5j+a0rrbwjiq77nQ+3M4EEOcOYoWQP0nFS8=,tag:cwfNn/VPzh4s7eFnDKx5yA==,type:str] pgp: - created_at: "2025-03-07T22:49:16Z" enc: |- diff --git a/system/gitlab-runner.nix b/system/gitlab-runner.nix index 8db526f..1836419 100644 --- a/system/gitlab-runner.nix +++ b/system/gitlab-runner.nix @@ -1,55 +1,95 @@ { pkgs, lib, ... }: let - installNixScript = pkgs.writeScriptBin "install-nix" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" + installNixScript = + { + authenticationTokenConfigFile, + nixCacheSshPrivateKeyPath ? null, + ... + }: + pkgs.writeScriptBin "install-nix" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" - . ${pkgs.nix}/etc/profile.d/nix.sh + . ${pkgs.nix}/etc/profile.d/nix.sh - ${pkgs.nix}/bin/nix-env -i ${ - lib.concatStringsSep " " ( - with pkgs; - [ - nix - cacert - git - openssh - docker - ] - ) - } - ''; + ${pkgs.nix}/bin/nix-env -i ${ + lib.concatStringsSep " " ( + with pkgs; + [ + nix + cacert + git + openssh + docker + ] + ) + } + + ${lib.optionalString (nixCacheSshPrivateKeyPath != null) '' + NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}" + . ${./gitlab-runner/nix-cache-start} + ''} + ''; + + pushStoreContents = + { + authenticationTokenConfigFile, + nixCacheSshPrivateKeyPath ? null, + ... + }: + pkgs.writeScriptBin "push-to-cache" '' + ${lib.optionalString (nixCacheSshPrivateKeyPath != null) '' + . ${./gitlab-runner/nix-cache-end} + ''} + ''; in -{ - mkNixRunner = authenticationTokenConfigFile: { - # File should contain at least these two variables: - # `CI_SERVER_URL` - # `REGISTRATION_TOKEN` - inherit authenticationTokenConfigFile; # 2 - dockerImage = "alpine:3.18.2"; - dockerVolumes = [ - "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - "/tmp:/tmp" - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/docker/containers:/var/lib/docker/containers" - ]; - dockerDisableCache = true; - preBuildScript = "\". ${lib.getExe installNixScript}\""; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; +rec { + mkNixRunnerFull = + { + authenticationTokenConfigFile, + nixCacheSshPrivateKeyPath ? null, + ... + }@args: + { + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `REGISTRATION_TOKEN` + inherit authenticationTokenConfigFile; # 2 + dockerImage = "alpine:3.18.2"; + dockerVolumes = + [ + "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + "/tmp:/tmp" + "/var/run/docker.sock:/var/run/docker.sock" + "/var/lib/docker/containers:/var/lib/docker/containers" + ] + ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [ + "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}" + ]; + dockerDisableCache = true; + preBuildScript = "\". ${lib.getExe (installNixScript args)}\""; + postBuildScript = "\". ${lib.getExe (pushStoreContents args)}\""; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; + }; + }; + + mkNixRunner = + authenticationTokenConfigFile: + mkNixRunnerFull { + inherit authenticationTokenConfigFile; }; - }; } diff --git a/system/gitlab-runner/nix-cache-end b/system/gitlab-runner/nix-cache-end new file mode 100755 index 0000000..5275fc3 --- /dev/null +++ b/system/gitlab-runner/nix-cache-end @@ -0,0 +1,21 @@ +#!/bin/sh + +echo "nix-cache: Storing new store items" +NEW_NIX_STORE_CONTENTS_FILE=$(mktemp) +find /nix/store/ -maxdepth 1 > $NEW_NIX_STORE_CONTENTS_FILE + +sort $OLD_NIX_STORE_CONTENTS_FILE -o $OLD_NIX_STORE_CONTENTS_FILE +sort $NEW_NIX_STORE_CONTENTS_FILE -o $NEW_NIX_STORE_CONTENTS_FILE + +echo "nix-cache: Comparing store paths" +FILTERED_NIX_STORE_CONTENTS_FILE=$(mktemp) +comm -13 $OLD_NIX_STORE_CONTENTS_FILE $NEW_NIX_STORE_CONTENTS_FILE > $FILTERED_NIX_STORE_CONTENTS_FILE +echo "nix-cache: New store paths:" +cat $FILTERED_NIX_STORE_CONTENTS_FILE | sed 's/^/ /g' + +if test -n "$(head -n1 $FILTERED_NIX_STORE_CONTENTS_FILE)"; then + echo "nix-cache: Sending new paths to cache" + nix copy --to "$STORE_URL" $(cat $FILTERED_NIX_STORE_CONTENTS_FILE) || true +else + echo "nix-cache: Nothing to send" +fi diff --git a/system/gitlab-runner/nix-cache-start b/system/gitlab-runner/nix-cache-start new file mode 100755 index 0000000..38797d2 --- /dev/null +++ b/system/gitlab-runner/nix-cache-start @@ -0,0 +1,18 @@ +#!/bin/sh + +echo "nix-cache: Setting up ssh key and host" +STORE_HOST_PUB_KEY="IyBuaXgtY2FjaGUud29wdXMuZGV2OjIyIFNTSC0yLjAtT3BlblNTSF8xMC4wCm5peC1jYWNoZS53b3B1cy5kZXYgc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5VNzFONVF4ZENtTTdOMjVTbk9nNnUrWUxtdjkyem5wZURjeUlEYW1sZEkK" +STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY" +echo STORE_URL="$STORE_URL" + +NIX_EXTRA_CONFIG_FILE=$(mktemp) +cat > "$NIX_EXTRA_CONFIG_FILE" < $OLD_NIX_STORE_CONTENTS_FILE diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index dd80627..d22f90e 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -4,7 +4,7 @@ ... }: let - inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner; + inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner mkNixRunnerFull; in { boot.kernel.sysctl."net.ipv4.ip_forward" = true; @@ -18,7 +18,10 @@ in thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path; thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path; - wopus-gitlab-nix = mkNixRunner config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; + wopus-gitlab-nix = mkNixRunnerFull { + authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; + nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path; + }; default = { # File should contain at least these two variables: @@ -56,5 +59,8 @@ in "gitlab-runners/wopus-gitlab-docker-images" = { sopsFile = ../secrets/monolith/default.yaml; }; + "gitlab-runners/wopus-ssh-nix-cache-pk" = { + sopsFile = ../secrets/monolith/default.yaml; + }; }; } From 72e4e38fe93dabe448f2c0e050daf6082eca0629 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Tue, 3 Jun 2025 12:56:29 -0300 Subject: [PATCH 02/16] update nix ssh cache --- system/gitlab-runner.nix | 18 +++-------- system/gitlab-runner/nix-cache-end | 21 ------------- system/gitlab-runner/nix-cache-start | 45 +++++++++++++++++++++++----- system/monolith-gitlab-runner.nix | 2 +- 4 files changed, 43 insertions(+), 43 deletions(-) delete mode 100755 system/gitlab-runner/nix-cache-end diff --git a/system/gitlab-runner.nix b/system/gitlab-runner.nix index 1836419..bb803a4 100644 --- a/system/gitlab-runner.nix +++ b/system/gitlab-runner.nix @@ -34,21 +34,11 @@ let ${lib.optionalString (nixCacheSshPrivateKeyPath != null) '' NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}" + NIX_CACHE_SSH_PUBLIC_KEY="# nix-cache.wopus.dev:22 SSH-2.0-OpenSSH_10.0 + nix-cache.wopus.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU71N5QxdCmM7N25SnOg6u+YLmv92znpeDcyIDamldI" . ${./gitlab-runner/nix-cache-start} ''} ''; - - pushStoreContents = - { - authenticationTokenConfigFile, - nixCacheSshPrivateKeyPath ? null, - ... - }: - pkgs.writeScriptBin "push-to-cache" '' - ${lib.optionalString (nixCacheSshPrivateKeyPath != null) '' - . ${./gitlab-runner/nix-cache-end} - ''} - ''; in rec { mkNixRunnerFull = @@ -72,13 +62,13 @@ rec { "/tmp:/tmp" "/var/run/docker.sock:/var/run/docker.sock" "/var/lib/docker/containers:/var/lib/docker/containers" + "/cache" ] ++ lib.optionals (nixCacheSshPrivateKeyPath != null) [ "${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}" ]; - dockerDisableCache = true; + # dockerDisableCache = true; preBuildScript = "\". ${lib.getExe (installNixScript args)}\""; - postBuildScript = "\". ${lib.getExe (pushStoreContents args)}\""; environmentVariables = { ENV = "/etc/profile"; USER = "root"; diff --git a/system/gitlab-runner/nix-cache-end b/system/gitlab-runner/nix-cache-end deleted file mode 100755 index 5275fc3..0000000 --- a/system/gitlab-runner/nix-cache-end +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -echo "nix-cache: Storing new store items" -NEW_NIX_STORE_CONTENTS_FILE=$(mktemp) -find /nix/store/ -maxdepth 1 > $NEW_NIX_STORE_CONTENTS_FILE - -sort $OLD_NIX_STORE_CONTENTS_FILE -o $OLD_NIX_STORE_CONTENTS_FILE -sort $NEW_NIX_STORE_CONTENTS_FILE -o $NEW_NIX_STORE_CONTENTS_FILE - -echo "nix-cache: Comparing store paths" -FILTERED_NIX_STORE_CONTENTS_FILE=$(mktemp) -comm -13 $OLD_NIX_STORE_CONTENTS_FILE $NEW_NIX_STORE_CONTENTS_FILE > $FILTERED_NIX_STORE_CONTENTS_FILE -echo "nix-cache: New store paths:" -cat $FILTERED_NIX_STORE_CONTENTS_FILE | sed 's/^/ /g' - -if test -n "$(head -n1 $FILTERED_NIX_STORE_CONTENTS_FILE)"; then - echo "nix-cache: Sending new paths to cache" - nix copy --to "$STORE_URL" $(cat $FILTERED_NIX_STORE_CONTENTS_FILE) || true -else - echo "nix-cache: Nothing to send" -fi diff --git a/system/gitlab-runner/nix-cache-start b/system/gitlab-runner/nix-cache-start index 38797d2..0fe9d4f 100755 --- a/system/gitlab-runner/nix-cache-start +++ b/system/gitlab-runner/nix-cache-start @@ -1,18 +1,49 @@ #!/bin/sh -echo "nix-cache: Setting up ssh key and host" -STORE_HOST_PUB_KEY="IyBuaXgtY2FjaGUud29wdXMuZGV2OjIyIFNTSC0yLjAtT3BlblNTSF8xMC4wCm5peC1jYWNoZS53b3B1cy5kZXYgc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5VNzFONVF4ZENtTTdOMjVTbk9nNnUrWUxtdjkyem5wZURjeUlEYW1sZEkK" +echo "nix-cache: Setting up ssh key and host" >&2 +STORE_HOST_PUB_KEY="$(echo "$NIX_CACHE_SSH_PUBLIC_KEY" | base64 | tr -d '\n')" STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY" -echo STORE_URL="$STORE_URL" +echo STORE_URL="$STORE_URL" >&2 NIX_EXTRA_CONFIG_FILE=$(mktemp) cat > "$NIX_EXTRA_CONFIG_FILE" <&2 export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES" -echo "nix-cache: Storing existing store items" -OLD_NIX_STORE_CONTENTS_FILE=$(mktemp) -find /nix/store/ -maxdepth 1 > $OLD_NIX_STORE_CONTENTS_FILE +echo "nix-cache: Setting up nix hook" >&2 +nix() { + echo "nix-cache: executing nix hook" >&2 + command nix "$@" + local STATUS="$?" + + local BUILD=no + if test "$STATUS" = "0"; then + for arg in "$@"; do + echo "nix-cache: evaluating arg '$arg'" >&2 + case "$arg" in + build) + echo "nix-cache: enablig upload" >&2 + BUILD=yes + ;; + -*) + echo "nix-cache: ignoring argument '$arg'" >&2 + ;; + *) + if test "$BUILD" = yes; then + echo "nix-cache: Sending path $arg" >&2 + command nix copy --to "$STORE_URL" "$arg" || true + else + echo "nix-cache: not building, ignoring argument '$arg'" >&2 + fi + ;; + esac + done + else + echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2 + fi + + return "$STATUS" +} diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index d22f90e..9571dbf 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -11,7 +11,7 @@ in virtualisation.docker.enable = true; services.gitlab-runner = { enable = true; - settings.concurrent = 12; + settings.concurrent = 6; services = { # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure From adc0765c18020c30cae7ce99a8d32905acc7601d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 4 Jun 2025 00:18:23 -0300 Subject: [PATCH 03/16] kak: add formatter for tsx and jsx --- user/kakoune/filetypes.kak | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user/kakoune/filetypes.kak b/user/kakoune/filetypes.kak index 9fa33a6..b9d19f5 100644 --- a/user/kakoune/filetypes.kak +++ b/user/kakoune/filetypes.kak @@ -46,10 +46,18 @@ hook global BufCreate .*\.js %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } +hook global BufCreate .*\.jsx %{ + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" +} + hook global BufCreate .*\.ts %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } +hook global BufCreate .*\.tsx %{ + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" +} + hook global BufCreate .*\.scss %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } From 51fd376c1bbe0124f9d5c41485ded91a718d77d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 4 Jun 2025 00:18:23 -0300 Subject: [PATCH 04/16] kak: add formatter for tsx and jsx --- user/kakoune/filetypes.kak | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user/kakoune/filetypes.kak b/user/kakoune/filetypes.kak index 9fa33a6..b9d19f5 100644 --- a/user/kakoune/filetypes.kak +++ b/user/kakoune/filetypes.kak @@ -46,10 +46,18 @@ hook global BufCreate .*\.js %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } +hook global BufCreate .*\.jsx %{ + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" +} + hook global BufCreate .*\.ts %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } +hook global BufCreate .*\.tsx %{ + set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" +} + hook global BufCreate .*\.scss %{ set buffer formatcmd "prettier --stdin-filepath=%val{buffile}" } From 61040aa0a76b4fd9a8ee3e9b457f6cc87c20090c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 16 Jun 2025 00:04:32 -0300 Subject: [PATCH 05/16] firefox: update ublock --- user/firefox.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/firefox.nix b/user/firefox.nix index 0403a14..d15e569 100644 --- a/user/firefox.nix +++ b/user/firefox.nix @@ -34,8 +34,8 @@ in # }) (pkgs.fetchFirefoxAddon { name = "ublock-origin"; - url = "https://addons.mozilla.org/firefox/downloads/file/4290466/ublock_origin-1.58.0.xpi"; - hash = "sha256-RwxWmUpxdNshV4rc5ZixWKXcCXDIfFz+iJrGMr0wheo="; + url = "https://addons.mozilla.org/firefox/downloads/file/4492375/ublock_origin-1.64.0.xpi"; + hash = "sha256-ueHIaL0awd78q/LgF3bRqQ7/ujSwf+aiE1DUXwIuDp8="; }) (pkgs.fetchFirefoxAddon { name = "user_agent_string_switcher"; From 6f4642531c946c3a1e2be51db5c543610492e352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 16 Jun 2025 00:41:58 -0300 Subject: [PATCH 06/16] update --- flake.lock | 66 +++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 78b8ed1..6e77084 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1747742835, - "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -243,11 +243,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1742179690, - "narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=", + "lastModified": 1749410315, + "narHash": "sha256-5H8MuMMSq1WnQcvb1FiDNkKP+uyeZ8HX5GRTMfEOyLI=", "owner": "lelgenio", "repo": "dzgui-nix", - "rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4", + "rev": "49adbb1edfb3c25b0cd8256d35673394386065e7", "type": "github" }, "original": { @@ -504,11 +504,11 @@ ] }, "locked": { - "lastModified": 1747556831, - "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "type": "github" }, "original": { @@ -545,11 +545,11 @@ ] }, "locked": { - "lastModified": 1747540584, - "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", + "lastModified": 1749355504, + "narHash": "sha256-L17CdJMD+/FCBOHjREQLXbe2VUnc3rjffenBbu2Kwpc=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", + "rev": "40a6e15e44b11fbf8f2b1df9d64dbfc117625e94", "type": "github" }, "original": { @@ -617,11 +617,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -678,11 +678,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1747953325, - "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=", + "lastModified": 1749727998, + "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d1f923c480dadce40f5231feb472e81b0bab48", + "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", "type": "github" }, "original": { @@ -693,11 +693,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1745377448, - "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", + "lastModified": 1747958103, + "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", "owner": "nixos", "repo": "nixpkgs", - "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", + "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1", "type": "github" }, "original": { @@ -758,11 +758,11 @@ "ranger-icons": { "flake": false, "locked": { - "lastModified": 1736375293, - "narHash": "sha256-ck53eG+mGIQ706sUnEHbJ6vY1/LYnRcpq94JXzwnGTQ=", + "lastModified": 1749128401, + "narHash": "sha256-qvWqKVS4C5OO6bgETBlVDwcv4eamGlCUltjsBU3gAbA=", "owner": "alexanderjeurissen", "repo": "ranger_devicons", - "rev": "f227f212e14996fbb366f945ec3ecaf5dc5f44b0", + "rev": "1bcaff0366a9d345313dc5af14002cfdcddabb82", "type": "github" }, "original": { @@ -850,11 +850,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { @@ -1010,11 +1010,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1747912973, - "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", "type": "github" }, "original": { @@ -1025,11 +1025,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1748016252, - "narHash": "sha256-P/h9BTZv6r5br/MKkXyEdUdDTU446UaAZzGLQMCMSIw=", + "lastModified": 1749716966, + "narHash": "sha256-aF+YOXv07qI7Q267gqapUcAsoQkI3+EcmZczatq6wkg=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "4756a2ecc603c347e3d983663d663e96f22225a9", + "rev": "2d991bb5109350801a381bff097809b76ee962f5", "type": "github" }, "original": { From 96e9fd098f0734e11292abca05a655c35979f363 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 16 Jun 2025 00:05:13 -0300 Subject: [PATCH 07/16] monolith: remove docker-images gitlab runner --- secrets/monolith/default.yaml | 5 ++--- system/monolith-gitlab-runner.nix | 12 ------------ 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index f354335..5ca1383 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -5,7 +5,6 @@ gitlab-runners: thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str] docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str] - wopus-gitlab-docker-images: ENC[AES256_GCM,data:aGbCjQr1VKgg5n4f8vZKgdXcDw/M5JHez9E2TqipBXQ8D0jXdfPg6laNOJUOD+uPBOIGKUBMEg4OtLblCZFVw/V6wJN16wVbwkDU3uELQ8tPmlYSt4fcy4+5sC6+tV4YeMSKA6yIjD+xpkk=,iv:ojBhf2WdkWHruvTbABAAvuGDVOnsUl+qnhvH09L+lgA=,tag:gWhEkvL1qlcge3bSKVDSIg==,type:str] bitbucket-runners: wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str] wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str] @@ -31,8 +30,8 @@ sops: aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-28T03:04:52Z" - mac: ENC[AES256_GCM,data:THwZcK7nJnCYEUR8CiaQKZ8dQpYbDqnshBBWFzEzPXEWLgFB9+7d6aRh9ZDjZs0rhBTChta3H7YxDJdFh5nAJQy532FJp4S4tBOLHWFZARlKhXngujd0SvxPER55uvxImNFIYX0RDSHUck5jDXCA0tBCmE/Q7DuY7v0+cmRgOV8=,iv:1p3kFMSg0k1n00P6UY5Tttuqvpsb4Se8km5zA9GhAu4=,tag:cDxbHZ+eScDQacwV1sYGIA==,type:str] + lastmodified: "2025-06-16T13:05:35Z" + mac: ENC[AES256_GCM,data:i8HOA7JSVSkxpoXJpFYrENodySyEEupYLNjuezRpd+PQWmxE7igonFyweUblmkSyBgy1FpmN+llwoP0Cokka5QyJse9jq9hR6dFATpZC9qPzSlAb+RpdSzp4QXjryOzP/23RJ7WhhBOC2DRw8OkDBPDJINBnCtu1ticpiuXKoHs=,iv:WEEdZDbrrkhip0ZkpqQfg6fwV+OzP/bBBrExyvOhqng=,tag:6iLMsJtenKdU/lJU/+HnCg==,type:str] pgp: - created_at: "2025-03-07T22:49:16Z" enc: |- diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index dd80627..6f1f7b3 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -27,15 +27,6 @@ in authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path; dockerImage = "debian:stable"; }; - - wopus-gitlab-docker-images = { - # File should contain at least these two variables: - # `CI_SERVER_URL` - # `CI_SERVER_TOKEN` - authenticationTokenConfigFile = - config.sops.secrets."gitlab-runners/wopus-gitlab-docker-images".path; - dockerImage = "debian:stable"; - }; }; }; systemd.services.gitlab-runner.serviceConfig.Nice = 10; @@ -53,8 +44,5 @@ in "gitlab-runners/wopus-gitlab-nix" = { sopsFile = ../secrets/monolith/default.yaml; }; - "gitlab-runners/wopus-gitlab-docker-images" = { - sopsFile = ../secrets/monolith/default.yaml; - }; }; } From ffe90ab90d9a395d6b837c86070de6ef31a6e497 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 16 Jun 2025 13:03:20 -0300 Subject: [PATCH 08/16] kak: work around for rust-analyzer currupting ~/.cargo --- user/kakoune/kak-lsp.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/user/kakoune/kak-lsp.toml b/user/kakoune/kak-lsp.toml index 9c195bd..818c737 100644 --- a/user/kakoune/kak-lsp.toml +++ b/user/kakoune/kak-lsp.toml @@ -135,6 +135,7 @@ args = [ [language_server.rust-analyzer.settings.rust-analyzer] # See https://rust-analyzer.github.io/manual.html#configuration # cargo.features = [] +cargo.buildScripts.useRustcWrapper = false checkOnSave.command = "clippy" hoverActions.enable = false # kak-lsp doesn't support this at the moment From f410503e669729aac9096c08c5fcee24c2ea825a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sun, 22 Jun 2025 21:55:46 -0300 Subject: [PATCH 09/16] phantom: add support for managing email filters (managesieve) --- hosts/phantom/email.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/phantom/email.nix b/hosts/phantom/email.nix index 1951629..105113b 100644 --- a/hosts/phantom/email.nix +++ b/hosts/phantom/email.nix @@ -36,6 +36,8 @@ hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C"; }; }; + + enableManageSieve = true; }; # Prefer ipv4 and use main ipv6 to avoid reverse DNS issues @@ -52,7 +54,7 @@ $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; - $config['plugins'] = [ "carddav", "archive" ]; + $config['plugins'] = [ "carddav", "archive", "managesieve" ]; ''; }; } From 0fa0d0b7a92b3bd1d95d5f52d9982a3ae90455fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sun, 22 Jun 2025 23:56:09 -0300 Subject: [PATCH 10/16] satty: add config --- user/home.nix | 1 + user/satty/config.toml | 63 ++++++++++++++++++++++++++++++++++++++++ user/satty/default.nix | 22 ++++++++++++++ user/sway/default.nix | 1 + user/sway/sway-binds.nix | 2 +- 5 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 user/satty/config.toml create mode 100644 user/satty/default.nix diff --git a/user/home.nix b/user/home.nix index 334e260..1778052 100644 --- a/user/home.nix +++ b/user/home.nix @@ -36,6 +36,7 @@ ./pass.nix ./pqiv.nix ./zathura.nix + ./satty ./man.nix ./mpd.nix ./sway diff --git a/user/satty/config.toml b/user/satty/config.toml new file mode 100644 index 0000000..84075cb --- /dev/null +++ b/user/satty/config.toml @@ -0,0 +1,63 @@ +[general] +# Start Satty in fullscreen mode +fullscreen = true +# Exit directly after copy/save action +early-exit = true +# Draw corners of rectangles round if the value is greater than 0 (0 disables rounded corners) +corner-roundness = 12 +# Select the tool on startup [possible values: pointer, crop, line, arrow, rectangle, text, marker, blur, brush] +initial-tool = "brush" +# Configure the command to be called on copy, for example `wl-copy` +copy-command = "wl-copy" +# Increase or decrease the size of the annotations +# annotation-size-factor = 2 +# Filename to use for saving action. Omit to disable saving to file. Might contain format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime/index.html +# output-filename = "/tmp/test-%Y-%m-%d_%H:%M:%S.png" +# After copying the screenshot, save it to a file as well +# save-after-copy = false +# Hide toolbars by default +# default-hide-toolbars = false +# Experimental: whether window focus shows/hides toolbars. This does not affect initial state of toolbars, see default-hide-toolbars. +# focus-toggles-toolbars = false +# The primary highlighter to use, the other is accessible by holding CTRL at the start of a highlight [possible values: block, freehand] +primary-highlighter = "block" +# Disable notifications +disable-notifications = true +# Actions to trigger on right click (order is important) +# [possible values: save-to-clipboard, save-to-file, exit] +# actions-on-right-click = [] +# Actions to trigger on Enter key (order is important) +# [possible values: save-to-clipboard, save-to-file, exit] +# actions-on-enter = ["save-to-clipboard"] +# Actions to trigger on Escape key (order is important) +# [possible values: save-to-clipboard, save-to-file, exit] +# actions-on-escape = ["exit"] +# Action to perform when the Enter key is pressed [possible values: save-to-clipboard, save-to-file] +# Deprecated: use actions-on-enter instead +action-on-enter = "save-to-clipboard" +# Right click to copy +# Deprecated: use actions-on-right-click instead +# right-click-copy = false +# request no window decoration. Please note that the compositor has the final say in this. At this point. requires xdg-decoration-unstable-v1. +# no-window-decoration = true +# experimental feature: adjust history size for brush input smooting (0: disabled, default: 0, try e.g. 5 or 10) +# brush-smooth-history-size = 10 + +# Font to use for text annotations +[font] +family = "Roboto" +style = "Bold" + +# Custom colours for the colour palette +[color-palette] +# These will be shown in the toolbar for quick selection +palette = [ + "#ff0000", + "#00ffff", + "#a52a2a", + "#dc143c", + "#ff1493", + "#ffd700", + "#008000", +] + diff --git a/user/satty/default.nix b/user/satty/default.nix new file mode 100644 index 0000000..5709b77 --- /dev/null +++ b/user/satty/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + lib, + config, + ... +}: +let + cfg = config.my.satty; +in +{ + options.my.satty.enable = lib.mkEnableOption { }; + + config = lib.mkIf cfg.enable { + xdg.configFile."satty/config.toml" = { + source = ./config.toml; + }; + + home.packages = with pkgs; [ + satty + ]; + }; +} diff --git a/user/sway/default.nix b/user/sway/default.nix index 596fdde..7a2825f 100644 --- a/user/sway/default.nix +++ b/user/sway/default.nix @@ -32,6 +32,7 @@ in my.swaylock.enable = true; my.mpd.enable = true; my.zathura.enable = true; + my.satty.enable = true; my.waybar.enable = true; my.gammastep.enable = true; diff --git a/user/sway/sway-binds.nix b/user/sway/sway-binds.nix index fd05236..ae71cf4 100644 --- a/user/sway/sway-binds.nix +++ b/user/sway/sway-binds.nix @@ -172,7 +172,7 @@ let "${mod}+Return" = "exec ${terminal}"; "${mod}+Ctrl+Return" = "exec thunar"; "${mod}+Shift+s" = '' - exec grim - | satty --filename - --fullscreen --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png + exec grim - | satty --filename - --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png ''; "${mod}+Ctrl+v" = "exec wl-paste | tesseract -l por - - | wl-copy"; "${mod}+k" = "exec showkeys"; From 6ff8646af3eedad9c5f41713039c371b2c724e1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sun, 22 Jun 2025 23:56:31 -0300 Subject: [PATCH 11/16] 25.05: update renamed options --- system/sound.nix | 2 +- user/gnome.nix | 2 +- user/sway/default.nix | 2 +- user/vscode/default.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/system/sound.nix b/system/sound.nix index f04e513..40dd701 100644 --- a/system/sound.nix +++ b/system/sound.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; services.pipewire = { enable = true; wireplumber.enable = true; diff --git a/user/gnome.nix b/user/gnome.nix index 776f095..9a3562b 100644 --- a/user/gnome.nix +++ b/user/gnome.nix @@ -43,7 +43,7 @@ lib.mkIf (config.my.desktop == "gnome") { qt6Packages.qtstyleplugin-kvantum ]; - services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome; + services.gpg-agent.pinentry.package = pkgs.pinentry-gnome; xdg.defaultApplications = { enable = lib.mkForce false; diff --git a/user/sway/default.nix b/user/sway/default.nix index 7a2825f..5fbd379 100644 --- a/user/sway/default.nix +++ b/user/sway/default.nix @@ -124,7 +124,7 @@ in indicator = true; }; - services.gpg-agent.pinentryPackage = pkgs.pinentry-all; + services.gpg-agent.pinentry.package = pkgs.pinentry-all; xdg.configFile."OpenTabletDriver/settings.json" = { force = true; diff --git a/user/vscode/default.nix b/user/vscode/default.nix index b8afdfd..e9a97cb 100644 --- a/user/vscode/default.nix +++ b/user/vscode/default.nix @@ -4,7 +4,7 @@ programs.vscode = { enable = true; package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ + profiles.default.extensions = with pkgs.vscode-extensions; [ jnoortheen.nix-ide github.github-vscode-theme rust-lang.rust-analyzer From 48ca243d3b230f11f3746a8024af67c2ee06a8ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sun, 22 Jun 2025 23:56:58 -0300 Subject: [PATCH 12/16] make: update to new settings format --- user/sway/mako.nix | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/user/sway/mako.nix b/user/sway/mako.nix index 28b5eb4..6c78c9f 100644 --- a/user/sway/mako.nix +++ b/user/sway/mako.nix @@ -20,21 +20,22 @@ in config = lib.mkIf cfg.enable { services.mako = { enable = true; - borderSize = 2; - padding = "5"; - margin = "15"; - layer = "overlay"; - - font = "${font.interface} ${toString font.size.small}"; - textColor = color.txt; - - backgroundColor = color.bg; - borderColor = accent.color; - progressColor = "over ${accent.color}88"; - - defaultTimeout = 10000; settings = { + border-size = 2; + padding = "5"; + margin = "15"; + layer = "overlay"; + + font = "${font.interface} ${toString font.size.small}"; + text-color = color.txt; + + background-color = color.bg; + border-color = accent.color; + progress-color = "over ${accent.color}88"; + + default-timeout = 10000; + "app-name=volumesh" = { "default-timeout" = "5000"; "group-by" = "app-name"; From dc89b61ff7ee76cd6a89abf4b4d7f05bbd385795 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Sun, 22 Jun 2025 23:57:12 -0300 Subject: [PATCH 13/16] waybar: fix use of deprecated function substituteAll --- user/waybar/default.nix | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/user/waybar/default.nix b/user/waybar/default.nix index fc95ff1..5af72bc 100644 --- a/user/waybar/default.nix +++ b/user/waybar/default.nix @@ -234,23 +234,19 @@ in }; } ]; - style = builtins.readFile ( - pkgs.substituteAll { - src = ./style.css; + style = pkgs.replaceVars ./style.css { + accent_color = accent.color; - accent_color = accent.color; + color_bg = color.bg; + color_bg_dark = color.bg_dark; + color_bg_light = color.bg_light; + color_txt = color.txt; - color_bg = color.bg; - color_bg_dark = color.bg_dark; - color_bg_light = color.bg_light; - color_txt = color.txt; + font_interface = font.interface; - font_interface = font.interface; - - font_size_big = "${toString font.size.big}px"; - font_size_medium = "${toString font.size.medium}px"; - } - ); + font_size_big = "${toString font.size.big}px"; + font_size_medium = "${toString font.size.medium}px"; + }; }; home.packages = with pkgs; [ waybar ]; }; From d531c24808193f1b0c7eb19d7e27d7906315f6a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 23 Jun 2025 11:21:48 -0300 Subject: [PATCH 14/16] Revert "kak: work around for rust-analyzer currupting ~/.cargo" This reverts commit ffe90ab90d9a395d6b837c86070de6ef31a6e497. --- user/kakoune/kak-lsp.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/user/kakoune/kak-lsp.toml b/user/kakoune/kak-lsp.toml index 818c737..9c195bd 100644 --- a/user/kakoune/kak-lsp.toml +++ b/user/kakoune/kak-lsp.toml @@ -135,7 +135,6 @@ args = [ [language_server.rust-analyzer.settings.rust-analyzer] # See https://rust-analyzer.github.io/manual.html#configuration # cargo.features = [] -cargo.buildScripts.useRustcWrapper = false checkOnSave.command = "clippy" hoverActions.enable = false # kak-lsp doesn't support this at the moment From 211b5b41a984b30d9fec99b8f7aa0d7d44b2fa52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Tue, 24 Jun 2025 08:53:42 -0300 Subject: [PATCH 15/16] monolith: remove bitbucket runners --- flake.nix | 1 - secrets/monolith/default.yaml | 9 ++--- system/monolith-bitbucket-runner.nix | 50 ---------------------------- 3 files changed, 2 insertions(+), 58 deletions(-) delete mode 100644 system/monolith-bitbucket-runner.nix diff --git a/flake.nix b/flake.nix index 05332a4..0818b6a 100644 --- a/flake.nix +++ b/flake.nix @@ -150,7 +150,6 @@ modules = [ ./hosts/monolith ./system/monolith-gitlab-runner.nix - ./system/monolith-bitbucket-runner.nix ./system/monolith-forgejo-runner.nix ./system/nix-serve.nix ] ++ common_modules; diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 5ca1383..0dbc4ae 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -5,11 +5,6 @@ gitlab-runners: thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str] docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str] wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str] -bitbucket-runners: - wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str] - wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str] - wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str] - wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str] sops: age: - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h @@ -30,8 +25,8 @@ sops: aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-16T13:05:35Z" - mac: ENC[AES256_GCM,data:i8HOA7JSVSkxpoXJpFYrENodySyEEupYLNjuezRpd+PQWmxE7igonFyweUblmkSyBgy1FpmN+llwoP0Cokka5QyJse9jq9hR6dFATpZC9qPzSlAb+RpdSzp4QXjryOzP/23RJ7WhhBOC2DRw8OkDBPDJINBnCtu1ticpiuXKoHs=,iv:WEEdZDbrrkhip0ZkpqQfg6fwV+OzP/bBBrExyvOhqng=,tag:6iLMsJtenKdU/lJU/+HnCg==,type:str] + lastmodified: "2025-06-24T11:51:22Z" + mac: ENC[AES256_GCM,data:onyjWlFsH/9YGSi2nGsPmZjhE4nFVQ5Jiwfi4s9KC7NetKD7Reyz2JY6i3YuZspBn3Jvbq8nOKVPGzttMAG+IrqQEv6+MxrCOEnJZXZcqocDNg7dACOXmJB5iwpFVdKscesTH2SScf7Pl/q6l9KOFjFuaZeBB7dlxHVA5zzCVOU=,iv:lEbxg2HfxU6ikgWSpUNAGIfgaz7DnZjXnLWcmsvt0A4=,tag:/Ag37QuJj9Xy/u20Nhy05Q==,type:str] pgp: - created_at: "2025-03-07T22:49:16Z" enc: |- diff --git a/system/monolith-bitbucket-runner.nix b/system/monolith-bitbucket-runner.nix deleted file mode 100644 index 17d462b..0000000 --- a/system/monolith-bitbucket-runner.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - pkgs, - ... -}: - -let - mkRunner = secret: { - image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest"; - volumes = [ - "/tmp:/tmp" - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/docker/containers:/var/lib/docker/containers:ro" - ]; - environmentFiles = [ secret ]; - }; - - secretConf = { - sopsFile = ../secrets/monolith/default.yaml; - }; -in -{ - virtualisation.docker = { - enable = true; - daemon.settings = { - # needed by bitbucket runner ??? - log-driver = "json-file"; - log-opts = { - max-size = "10m"; - max-file = "3"; - }; - }; - }; - - virtualisation.oci-containers.backend = "docker"; - - virtualisation.oci-containers.containers = { - bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path; - bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path; - bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path; - bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path; - }; - - sops.secrets = { - "bitbucket-runners/wopus-runner-1" = secretConf; - "bitbucket-runners/wopus-runner-2" = secretConf; - "bitbucket-runners/wopus-runner-3" = secretConf; - "bitbucket-runners/wopus-runner-4" = secretConf; - }; -} From 412388a5a26716991a2739a1647eebe91181c27e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 25 Jun 2025 13:07:14 -0300 Subject: [PATCH 16/16] wpass: fix duplicate password fields being incorrectly filled --- scripts/default.nix | 1 + scripts/wpass | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/default.nix b/scripts/default.nix index d9824b5..9b0b728 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -74,6 +74,7 @@ ]; wpass = [ wdmenu + ripgrep fd myPass sd diff --git a/scripts/wpass b/scripts/wpass index 97e4671..52bcdff 100755 --- a/scripts/wpass +++ b/scripts/wpass @@ -29,7 +29,7 @@ main() { test -n "$entry" || exit 0 - username=`pass show "$entry" 2>/dev/null | perl -ne 'print $2 if /^(login|user|email): (.*)/'` + username=`pass show "$entry" 2>/dev/null | rg -m1 '(login|user|email): (.*)' -r '$2'` password=`pass show "$entry" 2>/dev/null | head -n 1` otp=`pass otp "$entry" 2>/dev/null` || true