zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity
797 Commits 5 Branches 0 Tags
7c4997c00bb406c62dbe579e6bd41895236fcb70
Commit Graph

797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
gitea-runner
7c4997c00b flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m19s
Details
Auto Update Flake / auto-update (push) Successful in 5m34s
Details
2026-03-19 23:00:29 -07:00
gitea-runner
ab1faaba70 flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m18s
Details
Auto Update Flake / auto-update (push) Successful in 10m7s
Details
2026-03-18 23:00:38 -07:00
gitea-runner
2b8a0a36d4 flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m16s
Details
Auto Update Flake / auto-update (push) Successful in 1h47m14s
Details
2026-03-17 23:00:38 -07:00
gitea-runner
412e317efd flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m14s
Details
Auto Update Flake / auto-update (push) Successful in 7m31s
Details
2026-03-16 23:00:39 -07:00
gitea-runner
454fe3bec6 flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m13s
Details
Auto Update Flake / auto-update (push) Successful in 7m10s
Details
2026-03-15 23:00:42 -07:00
gitea-runner
192babbabe flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m19s
Details
Auto Update Flake / auto-update (push) Successful in 8m41s
Details
2026-03-14 23:00:48 -07:00
Zuckerberg
2762c323e9 Improve gamescope session
All checks were successful
Check Flake / check-flake (push) Successful in 2m16s
Details
Auto Update Flake / auto-update (push) Successful in 1h13m13s
Details
2026-03-14 18:58:29 -07:00
Zuckerberg
bd71d6e2f5 Don't ntfy for logrotate failures and add container names to ntfy alerts 2026-03-14 18:58:29 -07:00
Zuckerberg
4899a37a82 Add gamescope (steam) login option 2026-03-14 18:58:29 -07:00
Zuckerberg
99200dc201 Initial KDE Plasma Bigscreen mode 2026-03-14 18:58:29 -07:00
Zuckerberg
4fb1c8957a Make PIA connection check more tollerant to hiccups 2026-03-14 18:58:29 -07:00
Zuckerberg
d2c274fca5 Bump ntfy attachment expiry time 2026-03-14 18:58:29 -07:00
Zuckerberg
eac627765a Disable bolt for now since I don't use it and it sometimes randomly hangs 2026-03-14 18:58:29 -07:00
Zuckerberg
63de76572b Log DIMM temperatures on each check run 2026-03-14 18:58:29 -07:00
Zuckerberg
cbb94d9f4e Fix VPN check alert limiting to only count failures 
StartLimitBurst counts all starts (including successes), so the timer
was getting blocked after ~15 min. Replace with a JSON counter file
that resets on success and daily, only triggering OnFailure alerts for
the first 3 failures per day.
 2026-03-14 18:58:29 -07:00
Zuckerberg
84745a3dc7 Remove recyclarr, I'm not using it currently 2026-03-14 18:58:29 -07:00
Zuckerberg
1d3a931fd0 Add periodic PIA VPN connectivity check 
Oneshot service + timer (every 5 min) inside the VPN container that
verifies WireGuard handshake freshness and internet reachability.
Fails on VPN or internet outage, triggering ntfy alert via OnFailure.
Capped at 3 failures per day via StartLimitBurst.
 2026-03-14 18:58:29 -07:00
Zuckerberg
23b0695cf2 Add DDR5 DIMM temperature monitoring with ntfy alerts 
Monitors spd5118 sensors every 5 minutes and sends an ntfy
notification if any DIMM exceeds 55°C. Opt-in via
ntfy-alerts.dimmTempCheck.enable, enabled on s0.
 2026-03-14 18:58:29 -07:00
Zuckerberg
b1a26b681f Add Music Assistant to Dashy and Gatus 2026-03-14 18:58:29 -07:00
Zuckerberg
401ab250f1 Update README 2026-03-14 18:58:29 -07:00
Zuckerberg
cd864b4061 Remove LanguageTool service 2026-03-14 18:58:29 -07:00
gitea-runner
6d2c5267a4 flake.lock: update inputs
Some checks failed
Check Flake / check-flake (push) Successful in 2m13s
Details
Auto Update Flake / auto-update (push) Failing after 47s
Details
2026-03-10 23:00:31 -07:00
gitea-runner
76bcc114a1 flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m24s
Details
Auto Update Flake / auto-update (push) Successful in 12m54s
Details
2026-03-09 23:00:48 -07:00
gitea-runner
f2a482a46f flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m14s
Details
Auto Update Flake / auto-update (push) Successful in 1h42m53s
Details
2026-03-07 22:00:55 -08:00
gitea-runner
969d8d8d5e flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m13s
Details
Auto Update Flake / auto-update (push) Successful in 12m50s
Details
2026-03-06 22:00:31 -08:00
gitea-runner
518a7d0ffb flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m14s
Details
Auto Update Flake / auto-update (push) Successful in 17m40s
Details
2026-03-05 22:00:37 -08:00
gitea-runner
2d6ad9f090 flake.lock: update inputs
All checks were successful
Check Flake / check-flake (push) Successful in 2m12s
Details
Auto Update Flake / auto-update (push) Successful in 8m19s
Details
2026-03-04 22:00:30 -08:00
Zuckerberg
88cfad2a69 Update flake inputs (nixpkgs, home-manager, claude-code-nix)
All checks were successful
Check Flake / check-flake (push) Successful in 2m12s
Details
Auto Update Flake / auto-update (push) Successful in 7m5s
Details 
Remove obsolete libreoffice-noto-fonts-subset.patch — upstream nixpkgs
removed the noto-fonts-subset code from the libreoffice derivation.
 2026-03-03 22:54:45 -08:00
Zuckerberg
86a9f777ad Use the hosts overlays in gitea container (for attic patches)
All checks were successful
Check Flake / check-flake (push) Successful in 3m42s
Details
2026-03-03 22:54:14 -08:00
Zuckerberg
b29e80f3e9 Patch attic-client to retry on push failure
Some checks failed
Check Flake / check-flake (push) Failing after 4m5s
Details 
Backport zhaofengli/attic#246 to work around a hyper connection pool
race condition that causes spurious "connection closed before message
completed" errors during cache uploads in CI.
 2026-03-03 22:40:27 -08:00
Zuckerberg
e32834ff7f Prevent nify-failure from calling itself
Some checks failed
Check Flake / check-flake (push) Failing after 4m13s
Details
2026-03-03 22:36:58 -08:00
Zuckerberg
bb39587292 Fix unifi service taking 5+ minutes to shut down
Some checks failed
Check Flake / check-flake (push) Failing after 4m8s
Details 
UniFi's Java process crashes during shutdown (Spring context race
condition) leaving mongod orphaned in the cgroup. The upstream module
sets KillSignal=SIGCONT so systemd won't interrupt the graceful
shutdown, but with the default KillMode=control-group this means
mongod also only gets SIGCONT (a no-op) and sits there until the
5-minute timeout triggers SIGKILL.

Switch to KillMode=mixed so the main Java process still gets the
harmless SIGCONT while mongod gets a proper SIGTERM for a clean
database shutdown.
 2026-03-03 22:02:21 -08:00
Zuckerberg
712b52a48d Capture full systemd unit name for ntfy error alerts 2026-03-03 21:46:45 -08:00
Zuckerberg
c6eeea982e Add ignoredUnits option; skip logrotate failures on s0 because they are spurious 2026-03-03 21:46:19 -08:00
Zuckerberg
6bd1b4466e Update claude.md 2026-03-03 21:43:36 -08:00
Zuckerberg
d806d4df0a Increase tinyproxy wait-online timeout to 180s
Some checks failed
Check Flake / check-flake (push) Failing after 5m29s
Details 
The bridge takes ~62s to come up on s0, exceeding the 60s timeout
and causing tinyproxy to fail on first start.
 2026-03-03 21:04:40 -08:00
Zuckerberg
8997e996ba See if limiting upload jobs helps with push reliability
Some checks failed
Check Flake / check-flake (push) Successful in 14m14s
Details
Auto Update Flake / auto-update (push) Failing after 19s
Details
2026-03-01 21:36:31 -08:00
Zuckerberg
9914d03ba2 Embed flake git revision in NixOS configuration
Some checks failed
Check Flake / check-flake (push) Has been cancelled
Details
2026-03-01 19:03:47 -08:00
Zuckerberg
55204b5074 Upgrade to nextcloud 33
Some checks failed
Check Flake / check-flake (push) Has been cancelled
Details
2026-03-01 18:23:55 -08:00
Zuckerberg
43ec75741d Fix memos failing to open SQLite database on ZFS
Some checks failed
Check Flake / check-flake (push) Failing after 18s
Details 
ProtectSystem=strict with ReadWritePaths fails silently on ZFS submounts
(/var/lib is a separate dataset), leaving the data dir read-only. Downgrade
to ProtectSystem=full which leaves /var writable while still protecting
/usr and /boot.
 2026-03-01 17:54:11 -08:00
Zuckerberg
000bbd7f4d Update interface names because usePredictableInterfaceNames is now off 2026-03-01 17:52:42 -08:00
Zuckerberg
e4f0d065f9 Fix tinyproxy starting before VPN bridge is configured 
tinyproxy binds to the bridge IP but had no ordering dependency on
systemd-networkd, so it could start before the bridge existed.
 2026-03-01 17:52:35 -08:00
Zuckerberg
7ec85cb406 Move s0 to using systemd networkd 2026-03-01 12:36:10 -08:00
Zuckerberg
e9e925eb46 Fix annoying 'refused connection' logs spamming dmesg due to spotify connect 2026-03-01 12:36:10 -08:00
Zuckerberg
2ed58e1ec5 Update flake inputs; drop navidrome; fix noto-fonts subset glob 
- Update nixpkgs (Feb 27), home-manager, microvm, nix-index-database,
  claude-code-nix, dailybot
- Remove navidrome service, nginx proxy, dashy entry, and gatus monitor
- Add noto-fonts-subset patch for libreoffice/collabora (noto-fonts
  2026.02.01 switched from variable to static font filenames)
- Add incus-lts writableTmpDirAsHomeHook overlay for sandbox HOME fix
- Add samba4Full overlay to disable CephFS (ceph pinned to python3.11)
 2026-03-01 12:36:10 -08:00
Zuckerberg
facaa261bc Add missing services to Gatus monitoring and Dashy dashboard
All checks were successful
Check Flake / check-flake (push) Successful in 3m50s
Details 
Gatus: Add Roundcube, Collabora, and all s0 services (Jellyfin,
servarr stack, Home Assistant, ESPHome, Zigbee2MQTT, Frigate,
Valetudo, Sandman, Vikunja, Actual Budget, Linkwarden, Memos,
Outline, LanguageTool, Unifi) in a new "s0" group.

Dashy: Add missing public services (ntfy, Librechat, Owncast,
Navidrome, Collabora, Gatus) to Services section. Add new Home
Automation and Productivity sections. Add Unifi to Network.
Remove disabled Jitsi Meet.
 2026-02-26 23:41:06 -08:00
Zuckerberg
1d915f9524 Add update flake and skill creator skills
All checks were successful
Check Flake / check-flake (push) Successful in 3m14s
Details
2026-02-26 23:09:32 -08:00
Zuckerberg
73633eaddc non-nix managed nextcloud apps isn't worth the headache
All checks were successful
Check Flake / check-flake (push) Successful in 3m25s
Details
2026-02-26 22:51:42 -08:00
Zuckerberg
6a0540dddd Update attic-netrc
Some checks failed
Check Flake / check-flake (push) Has been cancelled
Details
2026-02-26 22:47:28 -08:00
Zuckerberg
ce9bda8a0b Verify RSA-SHA256 signature on PIA server list response
All checks were successful
Check Flake / check-flake (push) Successful in 3m20s
Details 
The server list endpoint returns JSON on line 1 with a base64-encoded
RSA-SHA256 signature on lines 3+. This was previously ignored. Add
verifyServerList() that checks the signature against PIA's public
signing key before trusting the data. On failure the service aborts
and systemd restarts it.

Also bump RestartSec to 5m to avoid hammering PIA servers on repeated
failures, and add openssl to container dependencies.
 2026-02-26 22:32:23 -08:00