diff --git a/.mcp.json b/.mcp.json deleted file mode 100644 index ca8c928..0000000 --- a/.mcp.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mcpServers": { - "nixos": { - "command": "uvx", - "args": ["mcp-nixos"] - } - } -} diff --git a/CLAUDE.md b/CLAUDE.md index 785e93e..d745136 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -40,7 +40,7 @@ Each host in `hosts//` contains: - `fleet.nix` → symlink to root `fleet.nix` (SFTP user provisioning) - `utils/` → symlink to root `utils/` (shared modules) -Current hosts: `fw` (firewall/router), `nb` (notebook), `web-arm`, `mail`, `amzebs-01`, `nas` +Current hosts: `fw` (firewall/router), `nb` (notebook), `web-arm`, `mail`, `amzebs-01` ### Shared Components (`utils/`) - `modules/` - Reusable NixOS modules (nginx, sops, borgbackup, lego, promtail, etc.) @@ -87,7 +87,6 @@ utils/pkgs// ## Conventions - Nix files: two-space indentation, lower kebab-case naming -- Commits: Conventional Commits format (`fix:`, `feat:`, `chore:`), scope by host when relevant (`fix(mail):`). Do not add "Generated with Claude Code" or "Co-Authored-By: Claude" footers. +- Commits: Conventional Commits format (`fix:`, `feat:`, `chore:`), scope by host when relevant (`fix(mail):`) - Modules import via explicit paths, not wildcards - Comments explain non-obvious decisions (open ports, unusual service options) -- **Never update `system.stateVersion`** - it should remain at the original installation version. To upgrade NixOS, update the `channel` file instead. diff --git a/hosts/amzebs-01/channel b/hosts/amzebs-01/channel deleted file mode 100644 index 57f31e7..0000000 --- a/hosts/amzebs-01/channel +++ /dev/null @@ -1 +0,0 @@ -https://channels.nixos.org/nixos-25.11 diff --git a/hosts/amzebs-01/configuration.nix b/hosts/amzebs-01/configuration.nix index 700cc30..11336ed 100644 --- a/hosts/amzebs-01/configuration.nix +++ b/hosts/amzebs-01/configuration.nix @@ -3,12 +3,10 @@ ./utils/bento.nix ./utils/modules/sops.nix ./utils/modules/nginx.nix - ./utils/modules/set-nix-channel.nix ./modules/mysql.nix ./modules/web/stack.nix ./modules/laravel-storage.nix - ./modules/laravel-scheduler.nix ./modules/blackbox-exporter.nix ./modules/postfix.nix ./modules/rspamd.nix @@ -69,7 +67,7 @@ networking.firewall = { enable = true; - allowedTCPPorts = [ 22 80 443 3306 ]; + allowedTCPPorts = [ 22 80 443 ]; # Allow MariaDB access only from specific IP extraCommands = '' @@ -77,5 +75,5 @@ ''; }; - system.stateVersion = "25.11"; + system.stateVersion = "23.11"; } diff --git a/hosts/amzebs-01/modules/laravel-scheduler.nix b/hosts/amzebs-01/modules/laravel-scheduler.nix deleted file mode 100644 index cbd0eca..0000000 --- a/hosts/amzebs-01/modules/laravel-scheduler.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: - -# Daily scheduled Laravel artisan jobs -# Runs artisan finish:reports at 01:00 for production and staging APIs - -let - php = pkgs.php82; - - sites = [ - { - domain = "api.ebs.amz.at"; - user = "api_ebs_amz_at"; - } - { - domain = "api.stage.ebs.amz.at"; - user = "api_stage_ebs_amz_at"; - } - ]; - - mkArtisanService = site: { - name = "artisan-finish-reports-${site.domain}"; - value = { - description = "Laravel artisan finish:reports for ${site.domain}"; - after = [ "network.target" "mysql.service" "phpfpm-${site.domain}.service" ]; - serviceConfig = { - Type = "oneshot"; - User = site.user; - Group = "nginx"; - WorkingDirectory = "/var/www/${site.domain}"; - ExecStart = "${php}/bin/php artisan finish:reports"; - }; - }; - }; - - mkArtisanTimer = site: { - name = "artisan-finish-reports-${site.domain}"; - value = { - description = "Daily timer for artisan finish:reports on ${site.domain}"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*-*-* 01:00:00"; - Persistent = true; - }; - }; - }; - -in -{ - systemd.services = builtins.listToAttrs (map mkArtisanService sites); - systemd.timers = builtins.listToAttrs (map mkArtisanTimer sites); -} diff --git a/hosts/amzebs-01/modules/postfix.nix b/hosts/amzebs-01/modules/postfix.nix index 1c97c57..6c21698 100644 --- a/hosts/amzebs-01/modules/postfix.nix +++ b/hosts/amzebs-01/modules/postfix.nix @@ -3,16 +3,15 @@ , config , ... }: -let - headerChecksFile = pkgs.writeText "header_checks" '' +{ + # Header checks file for validating email headers + environment.etc."postfix/header_checks".text = '' # Warn about missing critical headers (but don't reject from localhost) # These help identify misconfigured applications /^$/ WARN Missing headers detected ''; -in -{ + services.postfix = { - mapFiles."header_checks" = headerChecksFile; enable = true; hostname = "amzebs-01.amz.at"; domain = "amz.at"; @@ -35,20 +34,20 @@ in compatibility_level = "2"; # Only accept mail from localhost - mynetworks = [ "127.0.0.0/8" "[::1]/128" ]; + mynetworks = "127.0.0.0/8 [::1]/128"; # Larger message size limits for attachments - mailbox_size_limit = 202400000; # ~200MB - message_size_limit = 51200000; # ~50MB + mailbox_size_limit = "202400000"; # ~200MB + message_size_limit = "51200000"; # ~50MB # Ensure proper header handling # Reject mail that's missing critical headers - header_checks = "regexp:/var/lib/postfix/conf/header_checks"; + header_checks = "regexp:/etc/postfix/header_checks"; # Rate limiting to prevent spam-like behavior # Allow reasonable sending rates for applications - smtpd_client_message_rate_limit = 100; - smtpd_client_recipient_rate_limit = 200; + smtpd_client_message_rate_limit = "100"; + smtpd_client_recipient_rate_limit = "200"; # Milter configuration is handled automatically by rspamd.postfix.enable }; diff --git a/hosts/fw/channel b/hosts/fw/channel index 57f31e7..93f5df5 100644 --- a/hosts/fw/channel +++ b/hosts/fw/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-25.11 +https://channels.nixos.org/nixos-25.05 diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index e3f8115..6a41e33 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -10,7 +10,6 @@ ./utils/modules/victoriametrics ./utils/modules/promtail ./utils/modules/borgbackup.nix - ./utils/modules/set-nix-channel.nix # fw ./modules/network-prefix.nix @@ -104,7 +103,7 @@ time.timeZone = "Europe/Vienna"; - services.logind.settings.Login.RuntimeDirectorySize = "2G"; + services.logind.extraConfig = "RuntimeDirectorySize=2G"; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.defaultSopsFile = ./secrets.yaml; diff --git a/hosts/fw/modules/web/n8n.nix b/hosts/fw/modules/web/n8n.nix index 85f339e..e1bd713 100644 --- a/hosts/fw/modules/web/n8n.nix +++ b/hosts/fw/modules/web/n8n.nix @@ -19,19 +19,21 @@ }; # n8n service configuration - services.n8n.enable = true; + services.n8n = { + enable = true; + settings = { + database.type = "postgresdb"; + database.postgresdb.host = "/run/postgresql"; + database.postgresdb.database = "n8n"; + database.postgresdb.user = "n8n"; + executions.pruneData = true; + executions.pruneDataMaxAge = 168; # 7 days + }; + }; - # Configure n8n via environment variables + # Configure git integration via environment variables systemd.services.n8n = { environment = lib.mkForce { - # Database configuration (migrated from services.n8n.settings) - DB_TYPE = "postgresdb"; - DB_POSTGRESDB_HOST = "/run/postgresql"; - DB_POSTGRESDB_DATABASE = "n8n"; - DB_POSTGRESDB_USER = "n8n"; - EXECUTIONS_DATA_PRUNE = "true"; - EXECUTIONS_DATA_MAX_AGE = "168"; # 7 days - # Other settings N8N_ENCRYPTION_KEY = ""; # Will be set via environmentFile N8N_VERSION_NOTIFICATIONS_ENABLED = "false"; N8N_DIAGNOSTICS_ENABLED = "false"; diff --git a/hosts/mail/channel b/hosts/mail/channel index 57f31e7..93f5df5 100644 --- a/hosts/mail/channel +++ b/hosts/mail/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-25.11 +https://channels.nixos.org/nixos-25.05 diff --git a/hosts/mail/modules/dovecot.nix b/hosts/mail/modules/dovecot.nix index 252e015..b7f25bd 100644 --- a/hosts/mail/modules/dovecot.nix +++ b/hosts/mail/modules/dovecot.nix @@ -240,11 +240,11 @@ in sops.secrets.dovecot-ldap-password = { }; - systemd.services.dovecot.preStart = '' + systemd.services.dovecot2.preStart = '' sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${ldapConfig} > /run/dovecot2/ldap.conf ''; - systemd.services.dovecot = { + systemd.services.dovecot2 = { wants = [ "acme-imap.${domain}.service" ]; after = [ "acme-imap.${domain}.service" ]; }; @@ -257,7 +257,7 @@ in "imap-test.${domain}" "imap-02.${domain}" ]; - postRun = "systemctl --no-block restart dovecot.service"; + postRun = "systemctl --no-block restart dovecot2.service"; }; networking.firewall.allowedTCPPorts = [ diff --git a/hosts/mail/modules/openldap.nix b/hosts/mail/modules/openldap.nix index 2a22cbb..81e63e1 100644 --- a/hosts/mail/modules/openldap.nix +++ b/hosts/mail/modules/openldap.nix @@ -17,10 +17,10 @@ in { olcTLSCACertificateFile = "/var/lib/acme/ldap.${domain}/full.pem"; olcTLSCertificateFile = "/var/lib/acme/ldap.${domain}/cert.pem"; olcTLSCertificateKeyFile = "/var/lib/acme/ldap.${domain}/key.pem"; - olcTLSCipherSuite = "HIGH:!aNULL:!MD5:!3DES:!RC4"; + olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; olcTLSCRLCheck = "none"; olcTLSVerifyClient = "never"; - olcTLSProtocolMin = "3.3"; + olcTLSProtocolMin = "3.1"; olcSecurity = "tls=1"; }; diff --git a/hosts/mail/modules/postfix.nix b/hosts/mail/modules/postfix.nix index ac71d35..9226b99 100644 --- a/hosts/mail/modules/postfix.nix +++ b/hosts/mail/modules/postfix.nix @@ -128,16 +128,16 @@ in compatibility_level = "2"; # bigger attachement size - mailbox_size_limit = 202400000; - message_size_limit = 51200000; + mailbox_size_limit = "202400000"; + message_size_limit = "51200000"; smtpd_helo_required = "yes"; smtpd_delay_reject = "yes"; strict_rfc821_envelopes = "yes"; # send Limit smtpd_error_sleep_time = "1s"; - smtpd_soft_error_limit = 10; - smtpd_hard_error_limit = 20; + smtpd_soft_error_limit = "10"; + smtpd_hard_error_limit = "20"; smtpd_use_tls = "yes"; smtp_tls_note_starttls_offer = "yes"; @@ -151,13 +151,14 @@ in smtpd_tls_key_file = "/var/lib/acme/mail.cloonar.com/key.pem"; smtpd_tls_CAfile = "/var/lib/acme/mail.cloonar.com/fullchain.pem"; + smtpd_tls_dh512_param_file = config.security.dhparams.params.postfix512.path; smtpd_tls_dh1024_param_file = config.security.dhparams.params.postfix2048.path; smtpd_tls_session_cache_database = ''btree:''${data_directory}/smtpd_scache''; smtpd_tls_mandatory_protocols = "!SSLv2,!SSLv3,!TLSv1,!TLSv1.1"; smtpd_tls_protocols = "!SSLv2,!SSLv3,!TLSv1,!TLSv1.1"; smtpd_tls_mandatory_ciphers = "medium"; - tls_medium_cipherlist = "ECDHE+AESGCM:DHE+AESGCM:ECDHE+CHACHA20:DHE+CHACHA20"; + tls_medium_cipherlist = "AES128+EECDH:AES128+EDH"; # authentication smtpd_sasl_auth_enable = "yes"; @@ -224,7 +225,8 @@ in security.dhparams = { enable = true; - params.postfix2048.bits = 2048; + params.postfix512.bits = 512; + params.postfix2048.bits = 1024; }; security.acme.certs."mail.${domain}" = { diff --git a/hosts/mail/modules/rspamd.nix b/hosts/mail/modules/rspamd.nix index becc93b..abab1e2 100644 --- a/hosts/mail/modules/rspamd.nix +++ b/hosts/mail/modules/rspamd.nix @@ -119,7 +119,7 @@ in # systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "redis-rspamd" ]; - systemd.services.dovecot.preStart = '' + systemd.services.dovecot2.preStart = '' mkdir -p /var/lib/dovecot/sieve/ for i in ${sieve-spam-filter}/share/sieve-rspamd-filter/*.sieve; do dest="/var/lib/dovecot/sieve/$(basename $i)" diff --git a/hosts/nas/STORAGE.md b/hosts/nas/STORAGE.md deleted file mode 100644 index 3268032..0000000 --- a/hosts/nas/STORAGE.md +++ /dev/null @@ -1,60 +0,0 @@ -# NAS Storage Notes - -## Current Issue: XFS Metadata Overhead - -The XFS filesystem on `/var/lib/multimedia` uses ~100GB more than the actual file data due to metadata overhead. - -### Root Cause - -The filesystem was created with advanced features enabled: - -``` -rmapbt=1 # Reverse mapping btree - tracks block ownership -reflink=1 # Copy-on-write support -``` - -These features add metadata that scales with **filesystem size**, not file count. On a 5TB filesystem with 700GB of data, this results in ~100GB (~2%) overhead. - -### Diagnostic Commands - -```bash -# Compare file data vs filesystem usage -du -sh /var/lib/multimedia # Actual file data -df -h /var/lib/multimedia # Filesystem reports - -# Check XFS features -xfs_info /var/lib/multimedia - -# Verify block allocation -xfs_db -r -c "freesp -s" /dev/mapper/vg--data-lv--multimedia -``` - -## Recommendation: LVM + ext4 - -For media storage (write-once, read-many), ext4 with minimal reserved space offers the lowest overhead: - -```bash -# Create filesystem with 0% reserved blocks -mkfs.ext4 -m 0 /dev/vg/lv - -# Or adjust existing ext4 -tune2fs -m 0 /dev/vg/lv -``` - -### Why ext4 over XFS for this use case - -| Consideration | ext4 | XFS (current) | -|---------------|------|---------------| -| Reserved space | 0% with `-m 0` | N/A | -| Metadata overhead | ~0.5% | ~2% (with rmapbt) | -| Shrink support | Yes | No | -| Performance for 4K stream | Identical | Identical | - -A single 4K remux stream requires ~12 MB/s. Any filesystem handles this trivially. - -## Migration Path - -1. Backup data from XFS volumes -2. Recreate LVs with ext4 (`mkfs.ext4 -m 0`) -3. Restore data -4. Update `/etc/fstab` or NixOS `fileSystems` config diff --git a/hosts/nas/channel b/hosts/nas/channel deleted file mode 100644 index 57f31e7..0000000 --- a/hosts/nas/channel +++ /dev/null @@ -1 +0,0 @@ -https://channels.nixos.org/nixos-25.11 diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 7ee98c9..5e594c2 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -9,7 +9,6 @@ in { "${impermanence}/nixos.nix" ./utils/bento.nix ./utils/modules/sops.nix - ./utils/modules/set-nix-channel.nix ./utils/modules/victoriametrics ./utils/modules/promtail @@ -77,12 +76,6 @@ in { ]; }; - # System packages - environment.systemPackages = with pkgs; [ - vim - screen - ]; - # Nix settings nix = { settings = { diff --git a/hosts/nas/hardware-configuration.nix b/hosts/nas/hardware-configuration.nix index 6f82f8b..077f5e9 100644 --- a/hosts/nas/hardware-configuration.nix +++ b/hosts/nas/hardware-configuration.nix @@ -24,16 +24,12 @@ "i915.enable_fbc=1" # Frame buffer compression ]; - # RAID 1 arrays for data storage + # RAID 1 array for data storage boot.swraid = { enable = true; mdadmConf = '' - DEVICE /dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1MAZ0E7-part1 - DEVICE /dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1M9Z0E7-part1 DEVICE /dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52TBSB-part1 DEVICE /dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52V9QX-part1 - DEVICE /dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_8582A01SF4MJ-part1 - DEVICE /dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_75V2A0H3F4MJ-part1 ''; }; @@ -88,13 +84,14 @@ # LVM volumes on RAID array fileSystems."/var/lib/downloads" = { - device = "/dev/vg-data-fast/downloads"; - fsType = "ext4"; + device = "/dev/vg-data/lv-downloads"; + fsType = "xfs"; + options = [ "noatime" ]; }; fileSystems."/var/lib/multimedia" = { - device = "/dev/vg-data-slow/multimedia"; - fsType = "ext4"; + device = "/dev/vg-data/lv-multimedia"; + fsType = "xfs"; options = [ "noatime" ]; }; diff --git a/hosts/nas/modules/disk-monitoring.nix b/hosts/nas/modules/disk-monitoring.nix index 2862f44..9316941 100644 --- a/hosts/nas/modules/disk-monitoring.nix +++ b/hosts/nas/modules/disk-monitoring.nix @@ -9,10 +9,6 @@ let disks = [ "/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52TBSB" "/dev/disk/by-id/ata-ST18000NM000J-2TV103_ZR52V9QX" - "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_8582A01SF4MJ" - "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_75V2A0H3F4MJ" - "/dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1MAZ0E7" - "/dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1M9Z0E7" ]; textfileDir = "/var/lib/prometheus-node-exporter"; @@ -48,8 +44,8 @@ let device=$(readlink -f "$disk") short_name=$(basename "$device") - # Extract serial from disk ID for labels (part after last underscore) - serial=$(basename "$disk" | sed 's/.*_//') + # Extract serial from disk ID for labels + serial=$(basename "$disk" | sed 's/ata-ST18000NM000J-2TV103_//') # Check power state without waking disk power_state=$(${pkgs.hdparm}/bin/hdparm -C "$device" 2>/dev/null | grep -oP '(standby|active/idle|active|idle)' | head -1 || echo "unknown") diff --git a/hosts/nas/modules/power-management.nix b/hosts/nas/modules/power-management.nix index 2138963..1d0b338 100644 --- a/hosts/nas/modules/power-management.nix +++ b/hosts/nas/modules/power-management.nix @@ -15,10 +15,5 @@ ACTION=="add", KERNEL=="sd[a-z]", SUBSYSTEM=="block", \ ATTRS{model}=="ST18000NM000J*", \ RUN+="${pkgs.hdparm}/bin/hdparm -B 127 -S 180 /dev/%k" - - # Toshiba 20TB NAS drives - same settings - ACTION=="add", KERNEL=="sd[a-z]", SUBSYSTEM=="block", \ - ATTRS{model}=="TOSHIBA MG10ACA20TE*", \ - RUN+="${pkgs.hdparm}/bin/hdparm -B 127 -S 180 /dev/%k" ''; } diff --git a/hosts/nb/channel b/hosts/nb/channel index 57f31e7..93f5df5 100644 --- a/hosts/nb/channel +++ b/hosts/nb/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-25.11 +https://channels.nixos.org/nixos-25.05 diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 8b20710..430764f 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -307,7 +307,7 @@ in { ''; }; - services.desktopManager.gnome.extraGSettingsOverrides = '' + services.xserver.desktopManager.gnome.extraGSettingsOverrides = '' [org.gnome.desktop.interface] cursor-size=24 ''; diff --git a/hosts/nb/hardware-configuration.nix b/hosts/nb/hardware-configuration.nix index 0ae27a3..e9fc49d 100644 --- a/hosts/nb/hardware-configuration.nix +++ b/hosts/nb/hardware-configuration.nix @@ -115,7 +115,7 @@ hardware.graphics = { enable = true; extraPackages = with pkgs; [ - libva-vdpau-driver + vaapiVdpau libvdpau-va-gl libva libva-utils diff --git a/hosts/nb/modules/desktop/bitwarden.nix b/hosts/nb/modules/desktop/bitwarden.nix index 9de4724..fbe3db6 100644 --- a/hosts/nb/modules/desktop/bitwarden.nix +++ b/hosts/nb/modules/desktop/bitwarden.nix @@ -26,13 +26,14 @@ in description = "Bitwarden Desktop"; after = [ "graphical-session.target" "network-online.target" ]; wantedBy = [ "graphical-session.target" ]; - serviceConfig.ExecStart = "${pkgs.bitwarden-desktop}/bin/bitwarden-desktop"; + serviceConfig.ExecStart = "${pkgs.bitwarden}/bin/bitwarden"; serviceConfig.Restart = "on-abort"; }; #### Handy tools ############################################################# environment.systemPackages = with pkgs; [ - bitwarden-desktop + goldwarden + bitwarden bitwarden-cli fprintd lxqt.lxqt-policykit diff --git a/hosts/nb/modules/desktop/default.nix b/hosts/nb/modules/desktop/default.nix index b58ada7..32088d1 100644 --- a/hosts/nb/modules/desktop/default.nix +++ b/hosts/nb/modules/desktop/default.nix @@ -57,10 +57,10 @@ in { netflix networkmanagerapplet nextcloud-client - onlyoffice-desktopeditors + onlyoffice-bin obs-studio pavucontrol - pinentry-gnome3 + pinentry rbw rofi-rbw swayimg @@ -103,7 +103,7 @@ in { fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans - noto-fonts-color-emoji + noto-fonts-emoji nerd-fonts._0xproto nerd-fonts.droid-sans-mono open-sans diff --git a/hosts/nb/modules/development/coding.nix b/hosts/nb/modules/development/coding.nix index fa8c109..482d8a5 100644 --- a/hosts/nb/modules/development/coding.nix +++ b/hosts/nb/modules/development/coding.nix @@ -20,7 +20,7 @@ in { nixpkgs.config.android_sdk.accept_license = true; programs.adb.enable = true; # sets up udev + adb group - # android-udev-rules removed in 25.11 - superseded by built-in systemd uaccess rules + services.udev.packages = [ pkgs.android-udev-rules ]; users.users.dominik.extraGroups = [ "adbusers" ]; } diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix index 244f929..eb94961 100644 --- a/hosts/nb/modules/development/default.nix +++ b/hosts/nb/modules/development/default.nix @@ -38,7 +38,6 @@ in { rbw sops unzip - uv vim wget wireguard-tools @@ -53,6 +52,11 @@ in { # Socket activation - only start when needed to save battery onBoot = "ignore"; onShutdown = "shutdown"; - # qemu.swtpm.enable = true; # enable if you need TPM emulation, etc. + qemu = { + ovmf = { + enable = true; # Enable OVMF firmware support + }; + # swtpm.enable = true; # enable if you need TPM emulation, etc. + }; }; } diff --git a/hosts/nb/modules/development/nvim/config/init.lua b/hosts/nb/modules/development/nvim/config/init.lua index 0212e85..a4af92c 100644 --- a/hosts/nb/modules/development/nvim/config/init.lua +++ b/hosts/nb/modules/development/nvim/config/init.lua @@ -1,6 +1,3 @@ --- Set leader key before any other mappings -vim.g.mapleader = " " - -- vim.opt.expandtab = true -- vim.opt.hidden = true -- vim.opt.incsearch = true diff --git a/hosts/nb/modules/development/nvim/config/lspconfig.lua b/hosts/nb/modules/development/nvim/config/lspconfig.lua index 72b90ee..94238e9 100644 --- a/hosts/nb/modules/development/nvim/config/lspconfig.lua +++ b/hosts/nb/modules/development/nvim/config/lspconfig.lua @@ -1,31 +1,54 @@ --- LSP Capabilities (for nvim-cmp integration) +local status, lspc = pcall(require, 'lspconfig') +if (not status) then return end + +lspc.clangd.setup{} + +local buf_map = function(bufnr, mode, lhs, rhs, opts) + vim.api.nvim_buf_set_keymap(bufnr, mode, lhs, rhs, opts or { + silent = true, + }) +end + +local protocol = require('vim.lsp.protocol') + +local on_attach = function(client, buffnr) + if client.server.capabilities.documentFormattingProvider then + vim.api.nvim_create_autocmd("BufWritePre", { + group = vim.api.nvim_create_augroup("format", { clear = true }), + buffer = buffnr, + callback = function() vim.lsp.buf.formatting_seq_sync() end + }) + end +end + local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) --- Global LSP configuration -vim.lsp.config('*', { - capabilities = capabilities, -}) +local servers = { 'ts_ls', 'lua_ls', 'cssls', 'yamlls', 'intelephense', 'gopls' } +for _, lsp in pairs(servers) do + require('lspconfig')[lsp].setup { + -- on_attach = on_attach, + capabilities = capabilities, + } +end --- Server-specific configurations -vim.lsp.config('clangd', {}) - -vim.lsp.config('yamlls', { +lspc.yamlls.setup({ settings = { yaml = { keyOrdering = false, }, }, -}) +}); --- Enable all LSP servers -vim.lsp.enable({ 'clangd', 'ts_ls', 'lua_ls', 'cssls', 'yamlls', 'intelephense', 'gopls' }) - --- JSON file formatting with jq +-- autoformat json files with jq vim.api.nvim_create_autocmd("FileType", { - pattern = "json", - callback = function(ev) - vim.bo[ev.buf].formatprg = "jq" - end, + pattern = "json", + callback = function(ev) + vim.bo[ev.buf].formatprg = "jq" + print("It's a json file") + end, }) + + +-- lspc.intelephense.setup() diff --git a/hosts/nb/modules/development/nvim/config/project.lua b/hosts/nb/modules/development/nvim/config/project.lua index f096f26..f56e374 100644 --- a/hosts/nb/modules/development/nvim/config/project.lua +++ b/hosts/nb/modules/development/nvim/config/project.lua @@ -1,13 +1,41 @@ -local status_ok, project = pcall(require, "project") +config = { + ---@usage set to false to disable project.nvim. + --- This is on by default since it's currently the expected behavior. + active = true, + + on_config_done = nil, + + ---@usage set to true to disable setting the current-woriking directory + --- Manual mode doesn't automatically change your root directory, so you have + --- the option to manually do so using `:ProjectRoot` command. + manual_mode = false, + + ---@usage Methods of detecting the root directory + --- Allowed values: **"lsp"** uses the native neovim lsp + --- **"pattern"** uses vim-rooter like glob pattern matching. Here + --- order matters: if one is not detected, the other is used as fallback. You + --- can also delete or rearangne the detection methods. + -- detection_methods = { "lsp", "pattern" }, -- NOTE: lsp detection will get annoying with multiple langs in one project + detection_methods = { "pattern" }, + + ---@usage patterns used to detect root dir, when **"pattern"** is in detection_methods + patterns = { ".git", "_darcs", ".hg", ".bzr", ".svn", "Makefile", "package.json", "pom.xml" }, + + ---@ Show hidden files in telescope when searching for files in a project + show_hidden = false, + + ---@usage When set to false, you will get a message when project.nvim changes your directory. + -- When set to false, you will get a message when project.nvim changes your directory. + silent_chdir = true, + + ---@usage list of lsp client names to ignore when using **lsp** detection. eg: { "efm", ... } + ignore_lsp = {}, +} + +local status_ok, project = pcall(require, "project_nvim") if not status_ok then return end -project.setup({ - use_lsp = false, -- Use pattern matching only (equivalent to old detection_methods = { "pattern" }) - manual_mode = false, - patterns = { ".git", "_darcs", ".hg", ".bzr", ".svn", "Makefile", "package.json", "pom.xml" }, - show_hidden = false, - silent_chdir = true, - ignore_lsp = {}, -}) +project.setup(config) + diff --git a/hosts/nb/modules/development/nvim/config/utils.lua b/hosts/nb/modules/development/nvim/config/utils.lua index a541d5e..b734ca1 100644 --- a/hosts/nb/modules/development/nvim/config/utils.lua +++ b/hosts/nb/modules/development/nvim/config/utils.lua @@ -1,7 +1,7 @@ --- none-ls (module is still named "null-ls" for backward compatibility) -local status_ok_nls, none_ls_module = pcall(require, "null-ls") +-- none-ls +local status_ok_nls, none_ls_module = pcall(require, "none-ls") if not status_ok_nls then - vim.notify("null-ls plugin not found or failed to load. Check Nix config and plugin paths.", vim.log.levels.WARN) + vim.notify("none-ls plugin not found or failed to load. Check Nix config and plugin paths.", vim.log.levels.WARN) else local nb = none_ls_module.builtins none_ls_module.setup({ diff --git a/hosts/nb/modules/development/nvim/config/which-key.lua b/hosts/nb/modules/development/nvim/config/which-key.lua index c510b8f..6b67e89 100644 --- a/hosts/nb/modules/development/nvim/config/which-key.lua +++ b/hosts/nb/modules/development/nvim/config/which-key.lua @@ -1,3 +1,5 @@ +vim.g.mapleader = " " + local function smart_quit() local bufnr = vim.api.nvim_get_current_buf() local modified = vim.api.nvim_buf_get_option(bufnr, "modified") @@ -25,77 +27,122 @@ end local wk = require("which-key") -wk.setup({ - preset = "classic", - delay = 0, - triggers = { - { "", mode = "nxso" }, - { " ", mode = "n" }, -- literal space character +wk.setup({}) + +wk.register({ + [""] = { + + [";"] = { "Alpha", "Dashboard" }, + ["w"] = { "w!", "Save" }, + ["q"] = { "smart_quit()", "Quit" }, + ["/"] = { "(comment_toggle_linewise_current)", "Comment toggle current line" }, + ["c"] = { "BufferKill", "Close Buffer" }, + ["f"] = { find_project_files, "Find File" }, + ["h"] = { "nohlsearch", "No Highlight" }, + ["t"] = { "TodoTelescope keywords=TODO,FIX", "Find TODO,FIX" }, + b = { + name = "Buffers", + j = { "BufferLinePick", "Jump" }, + f = { "Telescope buffers", "Find" }, + b = { "BufferLineCyclePrev", "Previous" }, + n = { "BufferLineCycleNext", "Next" }, + -- w = { "BufferWipeout", "Wipeout" }, -- TODO: implement this for bufferline + e = { + "BufferLinePickClose", + "Pick which buffer to close", + }, + h = { "BufferLineCloseLeft", "Close all to the left" }, + l = { + "BufferLineCloseRight", + "Close all to the right", + }, + D = { + "BufferLineSortByDirectory", + "Sort by directory", + }, + L = { + "BufferLineSortByExtension", + "Sort by language", + }, + }, + -- " Available Debug Adapters: + -- " https://microsoft.github.io/debug-adapter-protocol/implementors/adapters/ + -- " Adapter configuration and installation instructions: + -- " https://github.com/mfussenegger/nvim-dap/wiki/Debug-Adapter-installation + -- " Debug Adapter protocol: + -- " https://microsoft.github.io/debug-adapter-protocol/ + -- " Debugging + g = { + name = "Git", + g = { Lazygit_toggle, "Lazygit" }, + j = { "lua require 'gitsigns'.next_hunk({navigation_message = false})", "Next Hunk" }, + k = { "lua require 'gitsigns'.prev_hunk({navigation_message = false})", "Prev Hunk" }, + l = { "lua require 'gitsigns'.blame_line()", "Blame" }, + p = { "lua require 'gitsigns'.preview_hunk()", "Preview Hunk" }, + r = { "lua require 'gitsigns'.reset_hunk()", "Reset Hunk" }, + R = { "lua require 'gitsigns'.reset_buffer()", "Reset Buffer" }, + s = { "lua require 'gitsigns'.stage_hunk()", "Stage Hunk" }, + u = { + "lua require 'gitsigns'.undo_stage_hunk()", + "Undo Stage Hunk", + }, + o = { "Telescope git_status", "Open changed file" }, + b = { "Telescope git_branches", "Checkout branch" }, + c = { "Telescope git_commits", "Checkout commit" }, + C = { + "Telescope git_bcommits", + "Checkout commit(for current file)", + }, + d = { + "Gitsigns diffthis HEAD", + "Git Diff", + }, + }, + l = { + name = "LSP", + a = { "lua vim.lsp.buf.code_action()", "Code Action" }, + d = { "Telescope diagnostics bufnr=0 theme=get_ivy", "Buffer Diagnostics" }, + w = { "Telescope diagnostics", "Diagnostics" }, + -- f = { require("lvim.lsp.utils").format, "Format" }, + i = { "LspInfo", "Info" }, + I = { "Mason", "Mason Info" }, + j = { + vim.diagnostic.goto_next, + "Next Diagnostic", + }, + k = { + vim.diagnostic.goto_prev, + "Prev Diagnostic", + }, + l = { vim.lsp.codelens.run, "CodeLens Action" }, + q = { vim.diagnostic.setloclist, "Quickfix" }, + r = { vim.lsp.buf.rename, "Rename" }, + s = { "Telescope lsp_document_symbols", "Document Symbols" }, + S = { + "Telescope lsp_dynamic_workspace_symbols", + "Workspace Symbols", + }, + e = { "Telescope quickfix", "Telescope Quickfix" }, + }, + + + a = { "lua require('telescope.builtin').lsp_code_actions()", "Code Actions" }, + d = { "lua require('telescope.builtin').lsp_document_diagnostics()", "LSP Diagnostics" }, + k = { "lua vim.lsp.buf.signature_help()", "Signature Help" }, + P = { "lua require'telescope'.extensions.projects.projects{}", "Signature Help" }, + } +}) + +wk.register( + { + ["/"] = { "(comment_toggle_linewise_visual)", "Comment toggle linewise (visual)" }, }, -}) - -wk.add({ - -- Single key mappings - { ";", "Alpha", desc = "Dashboard" }, - { "w", "w!", desc = "Save" }, - { "q", smart_quit, desc = "Quit" }, - { "/", "(comment_toggle_linewise_current)", desc = "Comment toggle current line" }, - { "c", "BufferKill", desc = "Close Buffer" }, - { "f", find_project_files, desc = "Find File" }, - { "h", "nohlsearch", desc = "No Highlight" }, - { "t", "TodoTelescope keywords=TODO,FIX", desc = "Find TODO,FIX" }, - - -- Buffers group - { "b", group = "Buffers" }, - { "bj", "BufferLinePick", desc = "Jump" }, - { "bf", "Telescope buffers", desc = "Find" }, - { "bb", "BufferLineCyclePrev", desc = "Previous" }, - { "bn", "BufferLineCycleNext", desc = "Next" }, - { "be", "BufferLinePickClose", desc = "Pick which buffer to close" }, - { "bh", "BufferLineCloseLeft", desc = "Close all to the left" }, - { "bl", "BufferLineCloseRight", desc = "Close all to the right" }, - { "bD", "BufferLineSortByDirectory", desc = "Sort by directory" }, - { "bL", "BufferLineSortByExtension", desc = "Sort by language" }, - - -- Git group - { "g", group = "Git" }, - { "gg", Lazygit_toggle, desc = "Lazygit" }, - { "gj", "lua require 'gitsigns'.next_hunk({navigation_message = false})", desc = "Next Hunk" }, - { "gk", "lua require 'gitsigns'.prev_hunk({navigation_message = false})", desc = "Prev Hunk" }, - { "gl", "lua require 'gitsigns'.blame_line()", desc = "Blame" }, - { "gp", "lua require 'gitsigns'.preview_hunk()", desc = "Preview Hunk" }, - { "gr", "lua require 'gitsigns'.reset_hunk()", desc = "Reset Hunk" }, - { "gR", "lua require 'gitsigns'.reset_buffer()", desc = "Reset Buffer" }, - { "gs", "lua require 'gitsigns'.stage_hunk()", desc = "Stage Hunk" }, - { "gu", "lua require 'gitsigns'.undo_stage_hunk()", desc = "Undo Stage Hunk" }, - { "go", "Telescope git_status", desc = "Open changed file" }, - { "gb", "Telescope git_branches", desc = "Checkout branch" }, - { "gc", "Telescope git_commits", desc = "Checkout commit" }, - { "gC", "Telescope git_bcommits", desc = "Checkout commit(for current file)" }, - { "gd", "Gitsigns diffthis HEAD", desc = "Git Diff" }, - - -- LSP group - { "l", group = "LSP" }, - { "la", "lua vim.lsp.buf.code_action()", desc = "Code Action" }, - { "ld", "Telescope diagnostics bufnr=0 theme=get_ivy", desc = "Buffer Diagnostics" }, - { "lw", "Telescope diagnostics", desc = "Diagnostics" }, - { "li", "LspInfo", desc = "Info" }, - { "lI", "Mason", desc = "Mason Info" }, - { "lj", vim.diagnostic.goto_next, desc = "Next Diagnostic" }, - { "lk", vim.diagnostic.goto_prev, desc = "Prev Diagnostic" }, - { "ll", vim.lsp.codelens.run, desc = "CodeLens Action" }, - { "lq", vim.diagnostic.setloclist, desc = "Quickfix" }, - { "lr", vim.lsp.buf.rename, desc = "Rename" }, - { "ls", "Telescope lsp_document_symbols", desc = "Document Symbols" }, - { "lS", "Telescope lsp_dynamic_workspace_symbols", desc = "Workspace Symbols" }, - { "le", "Telescope quickfix", desc = "Telescope Quickfix" }, - - -- Direct LSP shortcuts - { "a", "lua require('telescope.builtin').lsp_code_actions()", desc = "Code Actions" }, - { "d", "lua require('telescope.builtin').lsp_document_diagnostics()", desc = "LSP Diagnostics" }, - { "k", "lua vim.lsp.buf.signature_help()", desc = "Signature Help" }, - { "P", "lua require'telescope'.extensions.projects.projects{}", desc = "Projects" }, - - -- Visual mode mappings - { "/", "(comment_toggle_linewise_visual)", desc = "Comment toggle linewise (visual)", mode = "v" }, -}) + { + mode = "v", -- VISUAL mode + prefix = "", + buffer = nil, -- Global mappings. Specify a buffer number for buffer local mappings + silent = true, -- use `silent` when creating keymaps + noremap = true, -- use `noremap` when creating keymaps + nowait = true, -- use `nowait` when creating keymaps + } +) diff --git a/hosts/nb/modules/development/nvim/default.nix b/hosts/nb/modules/development/nvim/default.nix index 9352643..17f7d5c 100644 --- a/hosts/nb/modules/development/nvim/default.nix +++ b/hosts/nb/modules/development/nvim/default.nix @@ -13,7 +13,7 @@ in environment.systemPackages = with pkgs; [ nodePackages.typescript-language-server - lua-language-server + sumneko-lua-language-server nest nodePackages.intelephense nodePackages.vscode-langservers-extracted @@ -105,9 +105,9 @@ in "sops" ]); in '' -lua << EOF -${luaConfig} -EOF + lua << EOF + ${luaConfig} + EOF ''; }; extraLuaPackages = luaPackages: [ luaPackages.lyaml ]; diff --git a/hosts/nb/users/default.nix b/hosts/nb/users/default.nix index 07bddc1..8b0d8cb 100644 --- a/hosts/nb/users/default.nix +++ b/hosts/nb/users/default.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: let - home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz"; + home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz"; in diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index b97ae50..4a330f2 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -135,11 +135,11 @@ let { name = "q"; value = "{searchTerms}"; } ]; }]; - icon = "https://perplexity.ai/favicon.ico"; + iconUpdateURL = "https://perplexity.ai/favicon.ico"; definedAliases = [ "@perplexity" ]; }; - "google".metaData.hidden = true; - "bing".metaData.hidden = true; + "Google".metaData.hidden = true; + "Bing".metaData.hidden = true; }; }; @@ -301,23 +301,26 @@ in programs.git = { enable = true; lfs.enable = true; - package = pkgs.gitFull; + package = pkgs.gitAndTools.gitFull; + userName = "Dominik Polakovics"; + userEmail = "dominik.polakovics@cloonar.com"; # signing = { # key = "dominik.polakovics@cloonar.com"; # signByDefault = false; # }; - settings = { - user.name = "Dominik Polakovics"; - user.email = "dominik.polakovics@cloonar.com"; + iniContent = { # Branch with most recent change comes first branch.sort = "-committerdate"; # Remember and auto-resolve merge conflicts # https://git-scm.com/book/en/v2/Git-Tools-Rerere rerere.enabled = true; - "url \"gitea@git.cloonar.com:\"" = { + }; + extraConfig = { + "url.gitea@git.cloonar.com:" = { insteadOf = "https://git.cloonar.com/"; }; }; + }; programs.thunderbird = { @@ -522,7 +525,7 @@ in settings = firefoxSettings; # userChrome = firefoxUserChrome; search = firefoxSearchSettings; - extensions.packages = firefoxExtensions; + extensions = firefoxExtensions; }; social = { id = 1; @@ -557,7 +560,7 @@ in id = 3; }; }; - extensions.packages = firefoxExtensions; + extensions = firefoxExtensions; }; }; }; diff --git a/hosts/web-arm/channel b/hosts/web-arm/channel index 57f31e7..93f5df5 100644 --- a/hosts/web-arm/channel +++ b/hosts/web-arm/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-25.11 +https://channels.nixos.org/nixos-25.05 diff --git a/hosts/web-arm/configuration.nix b/hosts/web-arm/configuration.nix index 21ebfff..8a6eac0 100644 --- a/hosts/web-arm/configuration.nix +++ b/hosts/web-arm/configuration.nix @@ -63,7 +63,7 @@ time.timeZone = "Europe/Vienna"; - services.logind.settings.Login.RuntimeDirectorySize = "2G"; + services.logind.extraConfig = "RuntimeDirectorySize=2G"; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.defaultSopsFile = ./secrets.yaml; diff --git a/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix b/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix index 18645fd..2a03cb9 100644 --- a/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix +++ b/hosts/web-arm/modules/grafana/alerting/service/dovecot_down.nix @@ -15,7 +15,7 @@ datasourceUid = "vm-datasource-uid"; model = { editorMode = "code"; - expr = "node_systemd_unit_state{state=\"active\", name=\"dovecot.service\"} OR on() vector(0)"; + expr = "node_systemd_unit_state{state=\"active\", name=\"dovecot2.service\"} OR on() vector(0)"; hide = false; intervalMs = 1000; legendFormat = "__auto"; diff --git a/hosts/web-arm/pkgs/sa-core.nix b/hosts/web-arm/pkgs/sa-core.nix index e025ae4..d09c48d 100644 --- a/hosts/web-arm/pkgs/sa-core.nix +++ b/hosts/web-arm/pkgs/sa-core.nix @@ -17,7 +17,7 @@ buildGoModule rec { subPackages = [ "." ]; # Optional tuning - env.CGO_ENABLED = "0"; + CGO_ENABLED = 0; ldflags = [ "-s" "-w" ]; doCheck = false; diff --git a/scripts/test-configuration b/scripts/test-configuration index b0d2ed5..6c6dcd1 100755 --- a/scripts/test-configuration +++ b/scripts/test-configuration @@ -19,9 +19,9 @@ fi HOSTNAME="$1" -# Check if 'nix-instantiate' command is available -if ! command -v nix-instantiate > /dev/null; then - echo "ERROR: 'nix-instantiate' command not found. Please ensure Nix is installed and in your PATH." >&2 +# Check if 'nixos-rebuild' command is available +if ! command -v nixos-rebuild > /dev/null; then + echo "ERROR: 'nixos-rebuild' command not found. Please ensure it is installed and in your PATH." >&2 exit 1 fi @@ -38,42 +38,27 @@ if [ ! -f "$CONFIG_PATH" ]; then exit 1 fi -# Check for host-specific channel file -CHANNEL_PATH="$SCRIPT_DIR/../hosts/$HOSTNAME/channel" -CHANNEL_OPT="" - -if [ -f "$CHANNEL_PATH" ]; then - CHANNEL_URL=$(cat "$CHANNEL_PATH") - # Append /nixexprs.tar.xz to get the actual tarball URL - TARBALL_URL="${CHANNEL_URL}/nixexprs.tar.xz" - echo "INFO: Using channel '$TARBALL_URL' from '$CHANNEL_PATH'." - CHANNEL_OPT="-I nixpkgs=$TARBALL_URL" -else - echo "WARNING: No channel file found at '$CHANNEL_PATH'. Using system default." >&2 -fi - echo "INFO: Attempting dry-build for host '$HOSTNAME' using configuration '$CONFIG_PATH'..." if [ "$VERBOSE" = true ]; then echo "INFO: Verbose mode enabled, --show-trace will be used." fi -# Execute nix-instantiate to evaluate the configuration -# nix-instantiate fetches fresh tarballs and catches all evaluation errors -# unlike nixos-rebuild which may use cached results -NIX_OUTPUT_ERR=$(nix-instantiate $SHOW_TRACE_OPT $CHANNEL_OPT -I nixos-config="$CONFIG_PATH" '' -A system 2>&1) +# Execute nixos-rebuild dry-build +# Store the output and error streams, and the exit code +NIX_OUTPUT_ERR=$(nixos-rebuild dry-build $SHOW_TRACE_OPT -I nixos-config="$CONFIG_PATH" --show-trace 2>&1) NIX_EXIT_STATUS=$? # Check the exit status if [ "$NIX_EXIT_STATUS" -eq 0 ]; then echo "INFO: Dry-build for host '$HOSTNAME' completed successfully." if [ "$VERBOSE" = true ]; then - echo "Output from nix-instantiate:" + echo "Output from nixos-rebuild:" echo "$NIX_OUTPUT_ERR" fi exit 0 else - echo "ERROR: Dry-build for host '$HOSTNAME' failed. 'nix-instantiate' exited with status $NIX_EXIT_STATUS." >&2 - echo "Output from nix-instantiate:" >&2 + echo "ERROR: Dry-build for host '$HOSTNAME' failed. 'nixos-rebuild' exited with status $NIX_EXIT_STATUS." >&2 + echo "Output from nixos-rebuild:" >&2 echo "$NIX_OUTPUT_ERR" >&2 exit "$NIX_EXIT_STATUS" fi diff --git a/utils/pkgs/pyload-ng/update.sh b/scripts/update-pyload-hash similarity index 89% rename from utils/pkgs/pyload-ng/update.sh rename to scripts/update-pyload-hash index a780fec..100ee8b 100755 --- a/utils/pkgs/pyload-ng/update.sh +++ b/scripts/update-pyload-hash @@ -7,10 +7,9 @@ GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color -# Script and repo directories -cd "$(dirname "${BASH_SOURCE[0]}")" -PKG_DIR="$(pwd)" -REPO_ROOT="$(cd ../../.. && pwd)" +# Script directory +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" # Check if commit SHA is provided if [ $# -ne 1 ]; then @@ -35,7 +34,7 @@ fi echo -e "${GREEN}==> Updating pyload-ng to commit: ${COMMIT_SHA}${NC}" # File to update -PKG_FILE="$PKG_DIR/default.nix" +PKG_FILE="$REPO_ROOT/utils/pkgs/pyload-ng-updated.nix" if [ ! -f "$PKG_FILE" ]; then echo -e "${RED}Error: Package file not found: $PKG_FILE${NC}" @@ -54,8 +53,7 @@ echo " ✓ Updated hash in $PKG_FILE" # Step 3: Build package to discover the correct hash echo -e "${YELLOW}Step 3: Building package to discover hash...${NC}" -cd "$REPO_ROOT" -BUILD_OUTPUT=$(nix-build --impure -E "with import { overlays = [ (import ./utils/overlays/packages.nix) ]; }; callPackage ./utils/pkgs/pyload-ng { }" 2>&1 || true) +BUILD_OUTPUT=$(nix-build --impure -E "with import { overlays = [ (import $REPO_ROOT/utils/overlays/packages.nix) ]; }; callPackage $PKG_FILE { }" 2>&1 || true) # Extract hash from error message HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1) @@ -76,7 +74,7 @@ echo " ✓ Updated hash in $PKG_FILE" # Step 5: Verify the build succeeds echo -e "${YELLOW}Step 5: Verifying build with correct hash...${NC}" -if nix-build --impure -E "with import { overlays = [ (import ./utils/overlays/packages.nix) ]; }; callPackage ./utils/pkgs/pyload-ng { }" > /dev/null 2>&1; then +if nix-build --impure -E "with import { overlays = [ (import $REPO_ROOT/utils/overlays/packages.nix) ]; }; callPackage $PKG_FILE { }" > /dev/null 2>&1; then echo " ✓ Build verification successful" else echo -e "${RED}Error: Build verification failed${NC}" @@ -85,6 +83,7 @@ fi # Step 6: Test configuration for fw host (which uses pyload) echo -e "${YELLOW}Step 6: Testing fw configuration...${NC}" +cd "$REPO_ROOT" if ./scripts/test-configuration fw > /dev/null 2>&1; then echo " ✓ Configuration test passed" else diff --git a/utils/overlays/packages.nix b/utils/overlays/packages.nix index e3bfebd..5eced50 100644 --- a/utils/overlays/packages.nix +++ b/utils/overlays/packages.nix @@ -10,7 +10,6 @@ self: super: { # Python packages python3 = super.python3.override { packageOverrides = pself: psuper: { - aia-chaser = pself.callPackage ../pkgs/aia-chaser { }; mini-racer = pself.callPackage ../pkgs/mini-racer.nix { }; }; }; diff --git a/utils/pkgs/aia-chaser/default.nix b/utils/pkgs/aia-chaser/default.nix deleted file mode 100644 index 35fece2..0000000 --- a/utils/pkgs/aia-chaser/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, cryptography -}: - -buildPythonPackage rec { - pname = "aia-chaser"; - version = "3.3.0"; - format = "wheel"; - - src = fetchPypi { - pname = "aia_chaser"; - inherit version format; - dist = "py3"; - python = "py3"; - hash = "sha256-L0aBV3kfAVI1aJH7VgiiEXzGBSP/HU2zAlahkHeT8hk="; - }; - - dependencies = [ - cryptography - ]; - - pythonImportsCheck = [ "aia_chaser" ]; - - meta = with lib; { - description = "Retrieve missing certificates to complete SSL certificate chains"; - homepage = "https://github.com/dirkjanm/aia-chaser"; - license = licenses.mit; - maintainers = [ ]; - }; -} diff --git a/utils/pkgs/pyload-ng/default.nix b/utils/pkgs/pyload-ng/default.nix index 01cd24e..01003bf 100644 --- a/utils/pkgs/pyload-ng/default.nix +++ b/utils/pkgs/pyload-ng/default.nix @@ -6,8 +6,8 @@ pyload-ng.overridePythonAttrs (oldAttrs: rec { src = fetchFromGitHub { owner = "pyload"; repo = "pyload"; - rev = "71f2700184ee9344dc313d9833ca7a6bb36007db"; # [DdownloadCom] fix #4537 - hash = "sha256-XAa+XbC3kko+zvEMZkPXRoaHAmEFGsNBDxysX+X06Jc="; + rev = "3115740a2210fd57b5d050cd0850a0e61ec493ed"; # [DdownloadCom] fix #4537 + hash = "sha256-g1eEeNnr3Axtr+0BJzMcNQomTEX4EsUG1Jxt+huPyoc="; }; patches = [ @@ -16,7 +16,6 @@ pyload-ng.overridePythonAttrs (oldAttrs: rec { # Add new dependencies required in newer versions propagatedBuildInputs = (oldAttrs.propagatedBuildInputs or []) ++ (with python3Packages; [ - aia-chaser mini-racer packaging pydantic