Merge pull request 'home-fix' (#174) from home-fix into main

Reviewed-on: #174

config/installer.nix

@@ -14,5 +14,4 @@
   boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
   boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
   networking.hostId = "8425e349";
-  nix.settings.post-build-hook = lib.mkForce "true";
 }

config/netboot.nix

@@ -14,5 +14,4 @@
   boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
   boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux-bcachefs);
   networking.hostId = "8425e349";
-  nix.settings.post-build-hook = lib.mkForce "true";
 }

config/nix.nix

@@ -5,27 +5,10 @@
   system,
   attic,
   ...
-}: let
-  attic-client = attic.packages.${system}.attic-client;
-  post-build-hook = pkgs.writeScript "post-build-hook" ''
-    #!${pkgs.bash}/bin/bash
-    set -euf
-    export IFS=' '
-    until ${attic-client}/bin/attic push chir-rs $OUT_PATHS; do
-        sleep 5
-        echo "Retrying..."
-    done
-  '';
-in {
+}: {
   imports = [
     ./workarounds
   ];
-  sops.secrets."attic/config.toml" = {
-    sopsFile = ../secrets/shared.yaml;
-    owner = "root";
-    key = "attic/config.toml";
-    path = "/root/.config/attic/config.toml";
-  };
   nixpkgs.config.allowUnfree = true;
   nix = {
     settings = {
@@ -40,11 +23,10 @@ in {
       trusted-public-keys = [
         "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
         "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
-        "chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28="
+        "chir-rs:/iTDNHmQw1HklELHTBAVDFVAFaJ3ACGu3eezVUtplKc="
         "riscv:TZX1ReuoIGt7QiSQups+92ym8nKJUSV0O2NkS4HAqH8="
         "cache.ztier.link-1:3P5j2ZB9dNgFFFVkCQWT3mh0E+S3rIWtZvoql64UaXM="
       ];
-      post-build-hook = "${post-build-hook}";
       auto-optimise-store = true;
     };
     package = pkgs.nix;

config/programs/ims.nix

@@ -1,6 +1,7 @@
 {pkgs, ...}: {
   home.packages = with pkgs; [
-    # element-desktop # TODO
-    cinny
+    (element-desktop.override (_: {
+        electron = pkgs.electron-bin;
+    }))
   ];
 }

config/services/hydra.nix

@@ -1,6 +1,6 @@
 {
   system,
-  nix-packages,
+  attic,
   lib,
   config,
   pkgs,
@@ -80,6 +80,10 @@ in {
       <git-input>
         timeout = 3600
       </git-input>
+      <runcommand>
+        job = *:*:*
+        command = cat $HYDRA_JSON | ${pkgs.jq}/bin/jq -r '.drvPath' | xargs ${pkgs.nix}/bin/nix-store -q -R --include-outputs >> /var/lib/hydra/queue-runner/upload-queue
+      </runcommand>
       max_concurrent_evals = 1
     '';
     giteaTokenFile = "/run/secrets/services/hydra/gitea_token";
@@ -164,11 +168,11 @@ in {
     script = ''
       set -ex
       if [ -e /var/lib/hydra/queue-runner/uploading ]; then
-        cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.attic-client}/bin/attic push chir-rs
+        cat /var/lib/hydra/queue-runner/uploading | xargs ${attic.packages.${system}.attic-client}/bin/attic push chir-rs
         rm /var/lib/hydra/queue-runner/uploading
       fi
       mv /var/lib/hydra/queue-runner/upload-queue /var/lib/hydra/queue-runner/uploading
-      cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.attic-client}/bin/attic push chir-rs
+      cat /var/lib/hydra/queue-runner/uploading | xargs ${attic.packages.${system}.attic-client}/bin/attic push chir-rs
       rm /var/lib/hydra/queue-runner/uploading
     '';
   };

config/services/router.nix

@@ -122,32 +122,32 @@
   };
 in {
   networking.dhcpcd.allowInterfaces = ["enp2s0f0u4"]; # yes a usb network card don’t judge
-  services.dhcpd4 = {
-    enable = true;
-    extraConfig = ''
-      option subnet-mask 255.255.255.0;
-      option broadcast-address 192.168.2.255;
-      option routers 192.168.2.1;
-      option domain-name-servers 1.1.1.1;
-      subnet 192.168.2.0 netmask 255.255.255.0 {
-        range 192.168.2.100 192.168.2.200;
+  services.kea.dhcp4.settings = {
+    interfaces-config = {
+      interfaces = [
+        "br0"
+      ];
+    };
+    lease-database = {
+      name = "/var/lib/kea/dhcp4.leases";
+      persist = true;
+      type = "memfile";
+    };
+    rebind-timer = 2000;
+    renew-timer = 1000;
+    subnet4 = [
+      {
+        pools = [
+          {
+            pool = "192.0.2.100 - 192.0.2.240";
+          }
+        ];
+        subnet = "192.0.2.0/24";
       }
-      option client-arch code 93 = unsigned integer 16;
-      if exists user-class and option user-class = "iPXE" {
-        filename "http://192.168.2.1/boot.ipxe";
-      } elsif substring (option vendor-class-identifier, 0, 10) = "HTTPClient" {
-        option vendor-class-identifier "HTTPClient";
-        filename "http://192.168.2.1/x86_64/ipxe.efi";
-      } elsif option client-arch != 00:00 {
-        filename "ipxe.efi";
-        next-server 192.168.2.1;
-      } else {
-        filename "undionly.kpxe";
-        next-server 192.168.2.1;
-      }
-    '';
-    interfaces = ["br0"];
+    ];
+    valid-lifetime = 4000;
   };
+  services.kea.dhcp4.enable = true;
   services.atftpd = {
     enable = true;
     root = pkgs.ipxe;

secrets/nas.yaml

@@ -30,6 +30,8 @@ email:
 password:
     root: ENC[AES256_GCM,data:edK/dud41KmbX6v8Mxn1vVcaCwG0x4YhGjqLTw3oAigmwixTovz+4yUDrkjTQLb3/eMClqQJnjcJsRBv4chSu+UuNorKIsPM0IX9mkTmVH2soGmdPB21HXOXmisGu33oOyhyojbvlaWlFw==,iv:GiXRuhJVPgkAAp7OYufzXtHusnSPOfAP0ztdAtn14GE=,tag:nIOus2VvzE6d+r/aJOLCBw==,type:str]
     darkkirb: ENC[AES256_GCM,data:vmI8B7PWeoKTwOywaGmJmD9gWb09eDcmchx241XrfNvT9QseuSElDTb3OajHornt/OFBPh7EtNi/y1BHF1+DZq0i1tmhYuJy24BLuCPH9VpCb5s5xZZCVtOC6w3qUGqIlLQHYN0Fp1Ap5A==,iv:KkcLQDJSDqeFr3gDByb66MOx8/PbpKpvM9Ym+KMB3jc=,tag:wLLOU4RhWnS+DDSOQLrLHA==,type:str]
+attic:
+    config.toml: ENC[AES256_GCM,data:060O5ICRHpkfTIdrkrLjlJSFKh7HCcMuETkRwf8zSaPQO7NTYnX6nQjd0mYcWZvBPQF3l8cVovja19nKMQAUGTzkBxkpvfylG+UMAfxEpuwTzypyzBwLXQOZPXqdXoEKPu0ghx1nojF08CLALDMlM8J/I7KrlofmSWGO+7142EAhrf1ov5IFmfHBn1vJvfa9aSVKnYDXmMpimO8zxc876YiBiHPe9srTpAlyOu/aOiev0fRmZfWGt7X7/lBap1AcDZFvoe/8Hs0Nb1GSE4ZW9WLPBMFigGK10fCgmlk8rTkaXTNCdZ/yJ24lugganFwssET6HBS/nmDLLMjPkZ0n+6U+JdDcRtXQXq9nwFG9TpMvX9i9K1z24F1/maQ2qUS0OB/YQ/pADLJt/xYfuzfB70FHpN2YYn2Lcmup3xKvbfAL9BFJCA==,iv:3wCOLgoqKoycuitBrQCccRRYulfrhI0a5K8vARU2MM4=,tag:/Zggqm+3CCcUwyc9ubhqcA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -45,8 +47,8 @@ sops:
             WnV3QWxtalIzWFdoQmpDTmJsNGdNOW8K++rFGXy0G6Gcu2gQwSP6xfXInQ/y5nh5
             2oGp8sfOLFWnNI4SWL0ChP47K3C/9ysUHwQnUYPbRafZ/4X6cN40ZQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-06T07:06:29Z"
-    mac: ENC[AES256_GCM,data:iuH+6PiDx+8iQlxds8/twFNaf2g2JuuBpCfQIppRxZPEWeVvWpLEaMEuFk+kKZagIrFIhl9LhyXXVqaGKDnXHmo3bOAGksWNq51PWlCODIe1gfWN6hMZHWFrZlcxv0JjyH2Zqou3udsEIc+Fkj3llGYeiNJw30M0lLhd9ORa5tA=,iv:Kdse9i3iT+Iuhxf6c7zGzgA/Jy3mDmGegQ+xcMqnXzk=,tag:ooWhhNvVbLPl+H6R9VODhw==,type:str]
+    lastmodified: "2023-08-02T17:25:38Z"
+    mac: ENC[AES256_GCM,data:iu4NhBQHLTuGAG70rSedcI2cwwDZpzLu18cIxO9JaVRWVanDoYTDXd9sDC7H8oBOmLnypYpXc4kOMCwsY9475W+Yi3HxHWlkcWAPWxAsJL5nIkC7Q9CwrwSCpwtsPyebsLzl299lYPjsNsLpQ6ft/GWnwAn5ISIkKV91k9hduz0=,iv:IB8YVkok7NrX2ayu2iQcwzsP/Tl+WXxjfvQ/1DkRUlk=,tag:z2tlvGWpEbXFrCmuKwUdbA==,type:str]
     pgp:
         - created_at: "2022-04-24T10:34:20Z"
           enc: |

secrets/shared.yaml

@@ -2,8 +2,6 @@ aws:
     credentials: ENC[AES256_GCM,data:/I+mc7fHdztMu9ixDz+LBq/rR7xOni9e7ODoCEStsU/VwuwnelyedeD0OAIQsLozxP1Jss972Uq9K3RfT6HzHLEMZebjyiVGGN7wpWFpdjE4ZQtFAGpTd46vSSQn4K53DDIKO/S8zpuNw52cnHPqCg==,iv:5VaIfB94Jm3/z8RB+4+kGuRco/WncJ7Uo1qS/Xi3+BE=,tag:pyoLebONcWWAKp1OliqFUw==,type:str]
 ssh:
     builder_id_ed25519: ENC[AES256_GCM,data:aRcRkZS9TXsFas1xz044OECF59bQMepukSQUMFr652MXsW99O9ANuhQ7C2i3HuXtDjrWKfgrsrWQh0R41JuLoENEEd0O0y1k+uHzjtdE0CrzqIdRFwRNUbvrJ4D8S1yEdNoQCjrznvH5pegLpn8h19BQaC755QfkKxhYHQpN0Xkt5JKgZBEYShkEyTn7EhgjRMyKQzQo47TsYBU7S4qi6a4nhjv67MuIZ2Y7R2F5n8ZyFgGjgktcm0GHKq37xvFcFEa4h+vxhzu5Dtb6VfwYqUVApL1C2zv9hhZpx5sBa2/fvEg5awm9cnfnfipFUe1ceEz9zUbZAd4fUKYDvfHC+3KX1CXGauA44nXNz2XDDn3f6DTh/DrbARx4Fi9R5Gcnm8c0OfDxHEgARYIWdjfnf1h1qhTxf9Iau+bYTc7IhlenS/6S8w56XtScVkg/VVQhXZFQy0TFIWe/Sa8k1ArTok0I5Hl31gpCq1HUVkXNO/917RVDhJt42pIEA7Lwd48QXSkmRx+46F3VKjQEC0qj/VRNhd8ZHU66IdxG,iv:6YG9KmaDnwHEe14Rx9SlkFxg+u1w7F98yN17rg3ebe4=,tag:4PbNcBDCh9yloSij/ajBqQ==,type:str]
-attic:
-    config.toml: ENC[AES256_GCM,data:m8aFjTl2B3E+r3TsQ37M75aOu+Du1iNpIfzD597xKhX5AVrVzENiDrMdiXCFL3kCiPpuMf/Dg0M9M7Q1VMKPKBGI+Ppaet/2m20NAwQCXcWoGMVQooEdkbak+cUvnoPoo8zmSW3rzqCeaK4V0uAKyD7xynyZokEZ9tM33XJLmNSZ64qCYbCckzUYX9Y4KguzQETpFbIzuu2naXn+gcLJedN21/G1i/TKsKA1QyC6YPvY66e9BSIo9eMKUW7PhUbKUpGZ9L+geW6k1HMX7n5D6hYcaigq8bdhRmW9hRb21IQd2fMptVSidV7vVC8BLPX4rwqE1OPjzd61p1SYa2F938053YaTnjjJJzdmbSnj0b9IBdEJJSCRl9j2fGtxVULCgmjjTKMFF/d6zAIYmAm8XcfRw2Su1DPWQq1W9HSbLk8OasWRSg==,iv:ai7IqG/Bc0UC5cO7qgvY54CUC3VSApjj3sEfZhPx6KA=,tag:WoxisyaBS15fSP0q5muJ6A==,type:str]
 tailscale: ENC[AES256_GCM,data:OUbgLSvG3VokdF7zcZrun7KNSU0RJwLJeLDSDz4yutFJWIpgMH9vpMl4NsEXPbzNkEvi2ElmQ5Qz,iv:1NmaEp6FnzKc9Y+X66heZGqs4eg1NhAFn9RyutdTfx8=,tag:ec2iD4PHJQtbnXV3rCzoGQ==,type:str]
 sops:
     kms: []
@@ -74,8 +72,8 @@ sops:
             MmtjczU3TTVrUHMzN0lYclRoUXcrYXcKXl1y2wq/24VgTtYwMwIMRb+9AERFLT6M
             vWPCs+N4rBja2WmtmPSNNL70UF8ZAQ93dBLq2Ao65N1YRG5XE8zbNQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-05T15:42:16Z"
-    mac: ENC[AES256_GCM,data:XGFOI0KvU9aZmJ8HbNujE4X7BFBaC8YlB8NcVaAhtAZGSPcomEfNFVbF/zOFPPD7/5vblNVrdEt3Mxw+uwaPutva+ltx/+6Zk6uywOOcNvWVrlWV0yPXL2IwrH4gFUXt6HkZ6x2ASIBDm0qRwlAxO0lL/1ibey6V08kBlsk8lFc=,iv:7U3kgJNO69RyVnxdEn6u8Kz3QWG5G3EXuVWjZWOPWuE=,tag:I6zKBfXqwspWOqg7uRXfHA==,type:str]
+    lastmodified: "2023-07-06T09:11:09Z"
+    mac: ENC[AES256_GCM,data:XujFjvx73/z+hmk4f4tRRvwl/ML25YOZw6etr0P9lhcXlYPelIrqvVLO1vmobt8TYDzngAHdHSNNlhInw00KO73luOLcQhL/1DVMqTgeMSC11ReUhd5KOZLVXOSP0+8ADLXgbGGGY8DyPnZtr1ZWa3dDIBFPt5ZD7RzWz1qKnJ4=,iv:kYPLpSrLEu9pkWw0iwqKmH6Mm8sFjAstr06mcAWnUEU=,tag:NQjXV8sHUrjU//AQJ+4E+Q==,type:str]
     pgp:
         - created_at: "2023-03-27T16:00:59Z"
           enc: |