Compare commits

...

55 Commits

Author SHA1 Message Date
99e2ac1dbb cross compilation: push ccache into every build -> host package 2023-03-06 11:20:24 +00:00
a56b31cdac get moby packages to selectively use ccache
this is a liiittle bit weird: we might want to just apply it to
everything.
2023-03-05 09:25:03 +00:00
df9716e244 WIP: try to get moby builds to use ccache, god damnit 2023-03-05 07:20:38 +00:00
45f3d5a117 ccache: default to 50G cache 2023-03-05 03:50:04 +00:00
97a1b5732b docs: cross compilation: document the emptyDirectory pattern 2023-03-05 03:13:43 +00:00
59e4c84800 build-machine: use ccache for some large packages 2023-03-05 03:13:11 +00:00
16e84cae9d qt6: adwaita, qgnomeplatform: actually build them
we can, so why not
2023-03-05 03:11:00 +00:00
d725dfb7f1 refactor: group build-machine-related config into one "role" file 2023-03-05 01:05:17 +00:00
79b6c119ee cross compilation: emacs: don't emulate stdenv 2023-03-05 00:17:27 +00:00
be1d8c5d97 cross compilation: reduce emulation for evolution-data-server 2023-03-04 23:15:38 +00:00
454e02c8ec cross-compilation: document failed attempts 2023-03-04 22:28:15 +00:00
3b37286e65 cross compilation: gnome-shell: don't emulate stdenv 2023-03-04 22:27:43 +00:00
77388f35f6 cross compilation: phosh-mobile-settings: reduce emulation 2023-03-04 22:27:27 +00:00
a6c91db11b gst: reduce emulation
note that i do see runtime errors around gobject-introspection when i
launch `nheko`
2023-03-04 22:26:48 +00:00
a96d0e9630 patch qt6 to cross-compile qgnomeplatform & get gnome-style Qt theme 2023-03-04 22:26:09 +00:00
43f39674d6 nixcache: enable on all machines 2023-03-04 08:19:46 +00:00
d7fd7d7368 nixcache: omit substituters that are the host 2023-03-04 08:09:27 +00:00
386c712a23 lappy: ship stepmania 2023-03-04 08:08:37 +00:00
9d09a323be cross compilation: leave notes for things i tried and failed 2023-03-04 07:48:46 +00:00
9beb6b52e5 desko: re-enable steam 2023-03-04 07:48:22 +00:00
f96f2ec960 cross compilation: emulate less in dconf 2023-03-04 07:14:24 +00:00
fd080393f8 cross compilation: do not emulate qt6 (it's unused) 2023-03-04 03:59:56 +00:00
408cfc08a1 phosh: re-enable the gnome qt5 styling, just without the qt6 piece 2023-03-04 03:58:57 +00:00
d34a03e060 visidata: compile without hdf5 support 2023-03-04 03:25:04 +00:00
8230389b21 cross compilation: stop emulating psql 2023-03-04 01:18:47 +00:00
6a735cc0bc nixpatches: link to mesa CMA fix 2023-03-03 13:40:48 +00:00
fbc79d2527 sway: add grimshot back to PATH 2023-03-03 10:22:41 +00:00
76963d6aaf handbrake: un-pin 2023-03-03 09:57:26 +00:00
7f74951fb3 cross compilation: stop emulating libtiger 2023-03-03 09:56:15 +00:00
d698c7ca70 Merge branch 'dev/moby' 2023-03-03 09:50:22 +00:00
8e865999f8 email: ship offlineimap for mail synchronization 2023-03-03 08:48:59 +00:00
f7b5423338 ids.nix: leave a comment about switching to upstream module in the future 2023-03-03 02:38:30 +00:00
1ec3e1fb1c phosh: re-enable gvfs (it builds) 2023-03-03 02:33:57 +00:00
8346d21d42 gpodder-configured: deploy a built version rather than the nix-shell version 2023-03-03 02:22:37 +00:00
3ed8e0cb44 FIX nix-serve: migrate to a package built against older nix 2023-03-03 01:48:04 +00:00
583fcbce6e cross compilation: fix gpodder runtime 2023-03-03 01:05:44 +00:00
4a7513ba23 moby: re-enable nixos documentation
now that we properly cross compile (no emulation), it's pretty trivial.
2023-03-02 08:30:58 +00:00
b51b01ff02 cross compilation: get subversion to compile 2023-03-02 08:19:00 +00:00
f9ceb7d8fd cross compilation: fix serf, a dependency of subversion 2023-03-02 07:53:41 +00:00
1a1bef5948 readme: fix typo in moby-cross -> cross-moby 2023-03-02 07:50:11 +00:00
0625eb1bf8 flake: add "applications" to deploy to moby 2023-03-02 07:49:29 +00:00
b722a4bcc8 Merge branch 'staging/mesa-downgrade-10' into dev/moby
moby can cross compile, desko can still build without recompiling
*everything* (only mesa & derivatives)
2023-03-02 00:46:52 +00:00
c744b976d0 secrets: add internet for make space 2023-03-02 00:46:37 +00:00
9d31a462a8 flake update: nixpkgs 2023-02-21 -> 2023-02-25
```
• Updated input 'mobile-nixos':
    'github:nixos/mobile-nixos/8701fcb1448f1eb67c0d47631ec2bdb613bd6a38' (2023-02-12)
  → 'github:nixos/mobile-nixos/c252e7bd9122704f0e0303c638f8b8412c2521c2' (2023-02-26)
• Updated input 'nixpkgs':
    'path:/nix/store/y0x2jn4xil90lqwpjryba9qg9n888f5s-source/nixpatches?lastModified=1&narHash=sha256-AJlQHunLsnhZ8LdYirwIcqD1iojYJEQAdxGfJn9siPs=' (1970-01-01)
  → 'path:/nix/store/7zqfzdrbcqw5c754iyik7rsv55921fy4-source/nixpatches?lastModified=1&narHash=sha256-AJlQHunLsnhZ8LdYirwIcqD1iojYJEQAdxGfJn9siPs=' (1970-01-01)
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/d0d55259081f0b97c828f38559cad899d351cad1' (2023-02-21)
  → 'github:nixos/nixpkgs/b1f87ca164a9684404c8829b851c3586c4d9f089' (2023-02-25)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/2c5828439d718a6cddd9a511997d9ac7626a4aff' (2023-02-21)
  → 'github:Mic92/sops-nix/83fe25c8019db8216f5c6ffc65b394707784b4f3' (2023-02-26)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/f27a4e2f6a3a23b843ca1c736e6043fb8b99acc1' (2023-02-19)
  → 'github:NixOS/nixpkgs/ea736343e4d4a052e023d54b23334cf685de479c' (2023-02-25)
```
2023-02-27 02:21:10 +00:00
1c8659d145 secrets: add internet for make space 2023-02-27 01:25:14 +00:00
d2a3bec605 flake update: nixpkgs 2023-02-16 -> 2023-02-21; sops-nix -> 2023-02-21
```
• Updated input 'nixpkgs-unpatched':
    'github:nixos/nixpkgs/ac1f5b72a9e95873d1de0233fddcb56f99884b37' (2023-02-16)
  → 'github:nixos/nixpkgs/d0d55259081f0b97c828f38559cad899d351cad1' (2023-02-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c5dab21d8706afc7ceb05c23d4244dcb48d6aade' (2023-02-12)
  → 'github:Mic92/sops-nix/2c5828439d718a6cddd9a511997d9ac7626a4aff' (2023-02-21)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/d863ca850a06d91365c01620dcac342574ecf46f' (2023-02-12)
  → 'github:NixOS/nixpkgs/f27a4e2f6a3a23b843ca1c736e6043fb8b99acc1' (2023-02-19)
```
2023-02-22 21:13:23 +00:00
b519de1d6f ripgrep: add .ignore file for po/ translations 2023-02-22 21:08:34 +00:00
1c867c5160 all: ship subversion (svn) on user PATH 2023-02-22 20:29:19 +00:00
478002766e trust-dns: fetch lan IP to listen on from config instead of repeating myself 2023-02-21 11:38:27 +00:00
290a15e517 servo: update lan IP 2023-02-21 11:36:16 +00:00
e923636181 Merge branch 'dev/servo' 2023-02-21 11:35:00 +00:00
017aa335b1 servo: dyn-dns: have getIp command use a fallback 2023-02-21 11:25:34 +00:00
58b219546b ejabberd: reduce TURN port pool 2023-02-21 11:25:34 +00:00
499078e0f8 trust-dns: update the address we listen on 2023-02-21 11:25:16 +00:00
82d3e9686d sane-ip-check: set exit code based on if we get IP or not 2023-02-21 11:17:54 +00:00
35 changed files with 745 additions and 115 deletions

54
flake.lock generated
View File

@@ -18,11 +18,11 @@
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1676240485,
"narHash": "sha256-bef1Zrfpo9cxaf19QhqfTwaagpeoNc08sc8OjYDjSnQ=",
"lastModified": 1677431790,
"narHash": "sha256-diCr0inBOSQYehHSxYQ2Wb5dYSrLfJYqbH2gJYmSL/c=",
"owner": "nixos",
"repo": "mobile-nixos",
"rev": "8701fcb1448f1eb67c0d47631ec2bdb613bd6a38",
"rev": "c252e7bd9122704f0e0303c638f8b8412c2521c2",
"type": "github"
},
"original": {
@@ -31,13 +31,46 @@
"type": "github"
}
},
"nixpkgs-stable": {
"nix-serve": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1676162277,
"narHash": "sha256-GK3cnvKNo1l0skGYXXiLJ/TLqdKyIYXd7jOlo0gN+Qw=",
"lastModified": 1675958846,
"narHash": "sha256-/nf09eM2vey9GrAXoqagccJrBo/fGyVKP7oNSxPqwdo=",
"owner": "edolstra",
"repo": "nix-serve",
"rev": "7089565e260267c9c234a81292c841958737cef6",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "nix-serve",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1606086654,
"narHash": "sha256-VFl+3eGIMqNp7cyOMJ6TjM/+UcsLKtodKoYexrlTJMI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d863ca850a06d91365c01620dcac342574ecf46f",
"rev": "19db3e5ea2777daa874563b5986288151f502e27",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-20.09",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1677367679,
"narHash": "sha256-pOMXi7F9tcHls06Qv+7XCPASTJeXu47Jhd0Pk9du8T4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ea736343e4d4a052e023d54b23334cf685de479c",
"type": "github"
},
"original": {
@@ -66,6 +99,7 @@
"root": {
"inputs": {
"mobile-nixos": "mobile-nixos",
"nix-serve": "nix-serve",
"nixpkgs-unpatched": "nixpkgs-unpatched",
"sops-nix": "sops-nix",
"uninsane-dot-org": "uninsane-dot-org"
@@ -79,11 +113,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1676171095,
"narHash": "sha256-2laeSjBAAJ9e/C3uTIPb287iX8qeVLtWiilw1uxqG+A=",
"lastModified": 1677381477,
"narHash": "sha256-NLzWgll+Q0Af8gI1ha34OHt7Y1GtOMYhCWQWV9LXE9Y=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c5dab21d8706afc7ceb05c23d4244dcb48d6aade",
"rev": "83fe25c8019db8216f5c6ffc65b394707784b4f3",
"type": "github"
},
"original": {

View File

@@ -45,6 +45,10 @@
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
};
nix-serve = {
# <https://github.com/edolstra/nix-serve>
url = "github:edolstra/nix-serve";
};
};
outputs = {
@@ -53,6 +57,7 @@
mobile-nixos,
sops-nix,
uninsane-dot-org,
nix-serve,
...
}@inputs:
let
@@ -90,9 +95,11 @@
self.overlays.default
self.overlays.passthru
self.overlays.pins
# self.overlays.optimizations
];
nixpkgs.hostPlatform = target;
# nixpkgs.buildPlatform = local; # set by instantiate.nix instead
# nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
}
];
});
@@ -154,6 +161,7 @@
default = pkgs;
pkgs = import ./overlays/pkgs.nix;
pins = import ./overlays/pins.nix; # TODO: move to `nixpatches/` input
optimizations = import ./overlays/optimizations.nix;
passthru =
let
stable =
@@ -164,9 +172,20 @@
) else (next: prev: {});
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
uninsane = uninsane-dot-org.overlay;
# nix-serve' = nix-serve.overlay;
nix-serve' = next: prev: {
# XXX(2023/03/02): upstream isn't compatible with modern `nix`. probably the perl bindings.
# - we use the package built against `nixpkgs` specified in its flake rather than use its overlay,
# to get around this.
inherit (nix-serve.packages."${next.system}") nix-serve;
};
in
next: prev:
(stable next prev) // (mobile next prev) // (uninsane next prev);
(stable next prev)
// (mobile next prev)
// (uninsane next prev)
// (nix-serve' next prev)
;
};
nixosModules = rec {
@@ -198,6 +217,11 @@
apps."x86_64-linux" =
let
pkgs = self.legacyPackages."x86_64-linux";
deployScript = action: pkgs.writeShellScript "deploy-moby" ''
nixos-rebuild --flake '.#cross-moby' build
sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result)
nixos-rebuild --flake '.#cross-moby' ${action} --target-host colin@moby --use-remote-sudo
'';
in {
update-feeds = {
type = "app";
@@ -209,6 +233,17 @@
type = "app";
program = "${pkgs.feeds.passthru.initFeedScript}";
};
deploy-moby-test = {
# `nix run '.#deploy-moby-test'`
type = "app";
program = ''${deployScript "test"}'';
};
deploy-moby-switch = {
# `nix run '.#deploy-moby-switch'`
type = "app";
program = ''${deployScript "switch"}'';
};
};
templates = {

View File

@@ -4,11 +4,11 @@
./fs.nix
];
sane.roles.build-machine = true;
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
sane.services.duplicity.enable = true;
sane.services.nixserve.enable = true;
sane.services.nixserve.sopsFile = ../../../secrets/desko.yaml;
sane.persist.enable = true;
@@ -50,7 +50,7 @@
};
programs.steam = {
# enable = true;
enable = true;
# not sure if needed: stole this whole snippet from the wiki
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server

View File

@@ -11,11 +11,13 @@
# sane.guest.enable = true;
sane.gui.sway.enable = true;
sane.persist.enable = true;
sane.nixcache.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
sane.programs.guiApps.suggestedPrograms = [
"desktopGuiApps"
"stepmania"
];
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/lappy.yaml;

View File

@@ -10,13 +10,6 @@
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
# cross-compiled documentation is *slow*.
# no obvious way to natively compile docs (2022/09/29).
# entrypoint is nixos/modules/misc/documentation.nix
# doc building happens in nixos/doc/manual/default.nix
# TODO: we could *maybe* inject pkgs.buildPackages.xyz = cross.buildPackages.xyz?
documentation.nixos.enable = false;
# XXX colin: phosh doesn't work well with passwordless login,
# so set this more reliable default password should anything go wrong
users.users.colin.initialPassword = "147147";
@@ -41,7 +34,6 @@
".config/pulse" # persist pulseaudio volume
];
sane.nixcache.enable = true;
sane.persist.enable = true;
sane.gui.phosh.enable = true;
# sane.programs.consoleUtils.enableFor.user.colin = false;

View File

@@ -7,6 +7,7 @@
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
system.stateVersion = "21.05";

View File

@@ -15,6 +15,7 @@
signaldctl.enableFor.user.colin = true;
};
sane.roles.build-machine = true;
sane.persist.enable = true;
sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true;

View File

@@ -38,11 +38,11 @@
];
networking.firewall.allowedTCPPortRanges = [{
from = 49152; # TURN
to = 65535;
to = 49408;
}];
networking.firewall.allowedUDPPortRanges = [{
from = 49152; # TURN
to = 65535;
to = 49408;
}];
# provide access to certs

View File

@@ -6,7 +6,7 @@
sane.services.trust-dns.listenAddrsIPv4 = [
# specify each address explicitly, instead of using "*".
# this ensures responses are sent from the address at which the request was received.
"192.168.0.5"
config.sane.hosts.by-name."servo".lan-ip
"10.0.1.5"
];
sane.services.trust-dns.quiet = true;

View File

@@ -14,6 +14,11 @@
# - <nixpkgs:pkgs/development/libraries/gdk-pixbuf/default.nix>
# - `${stdenv.hostPlatform.emulator buildPackages} <command>`
# - to run code compiled for host platform
# - `override { foo = next.emptyDirectory; }`
# - to populate some dep as a dummy, if you don't really need it
# - for optimizing, see:
# - ccache
# - disable LTO (e.g. webkitgtk)
#
# build a particular package as evaluated here with:
# - toplevel: `nix build '.#host-pkgs.moby-cross.xdg-utils'`
@@ -52,6 +57,12 @@
# """
# TODO:
# - fix firefox build so that it doesn't invoke clang w/o the ccache
# - qt6.qtbase. cross compiling documented in upstream <qt6:qtbase/cmake/README.md>
# - `nix build '.#host-pkgs.moby.qgnomeplatform-qt6'` FAILS
# - `nix build '.#host-pkgs.moby.qt6Packages.qtwayland'` FAILS
# - it uses qmake in nativeBuildInputs (but `.#host-pkgs.moby.buildPackages.qt6.qmake` builds, same with native qtbase...)
# - failed version build log truly doesn't have the `QT_HOST_PATH` flag.
# - `host-pkgs.desko.stdenv` fails build:
# - #cross-compiling:nixos.org says pkgsCross.gnu64 IS KNOWN TO NOT COMPILE. let this go for now:
# - make a `<machine>` (don't specifiy local/targetSystem) and `<machine>-cross` target.
@@ -91,17 +102,20 @@ let
# because they don't affect the result -- only the build process -- so we can disable them as an optimization.
crossOnlyUniversalOverlays = [
(import ./../../../overlays/disable-flakey-tests.nix)
(import ./../../../overlays/optimizations.nix)
];
universalOverlays = [
(import ./../../../overlays/pkgs.nix)
(import ./../../../overlays/pins.nix)
] ++ crossOnlyUniversalOverlays;
# TODO: can we grab this more directly from pkgs?
mkEmulated = pkgs:
import pkgs.path {
# system = pkgs.stdenv.hostPlatform.system;
localSystem = pkgs.stdenv.hostPlatform.system;
inherit (config.nixpkgs) config;
# config = builtins.removeAttrs config.nixpkgs.config [ "replaceStdenv" ];
overlays = universalOverlays;
};
in
@@ -176,10 +190,57 @@ in
# Testutf8
# ;
});
# XXX: replaceStdenv only affects non-cross stages
# nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
nixpkgs.overlays = crossOnlyUniversalOverlays ++ [
(next: prev: {
emulated = mkEmulated prev;
})
(next: prev: lib.optionalAttrs (
# we want to affect only the final bootstrap stage, identified by:
# - buildPlatform = local,
# - targetPlatform = cross,
# - hostPlatform = cross
# and specifically in the event of `pkgsCross` sets -- e.g. the `pkgsCross.wasi32` used by firefox
# -- we want to *not* override the stdenv. it's theoretically possible, but doing so breaks firefox.
prev.stdenv.buildPlatform != prev.stdenv.hostPlatform &&
prev.stdenv.hostPlatform == prev.stdenv.targetPlatform &&
prev.stdenv.hostPlatform == config.nixpkgs.hostPlatform
) {
# stdenv = prev.stdenv.override {
# cc = next.buildPackages.ccacheWrapper.overrideAttrs (orig: {
# passthru = orig.passthru // {
# # cc = orig.passthru.unwrappedCC;
# cc = prev.stdenv.cc.cc;
# };
# # passthru = next.buildPackages.stdenv.cc.passthru // orig.passthru;
# });
# # cc = prev.stdenv.__bootPackages.ccacheWrapper;
# };
# stdenv = prev.stdenv.__bootPackages.ccacheStdenv;
# stdenv = prev.stdenv.override {
# cc = prev.buildPackages.ccacheWrapper;
# };
# XXX: stdenv.cc is the cc-wrapper, from <nixpkgs:pkgs/build-support/cc-wrapper/default.nix>.
# always the same.
# stdenv.cc.cc is either the real gcc (for buildPackages.stdenv), or the ccache (for normal stdenv).
stdenv = prev.stdenv.override {
cc = prev.stdenv.cc.override {
# cc = prev.buildPackages.ccacheWrapper;
cc = (prev.buildPackages.ccacheWrapper.override {
cc = prev.stdenv.cc;
}).overrideAttrs (_orig: {
# some things query stdenv.cc.cc.version, etc (rarely), so pass those through
passthru = prev.stdenv.cc.cc;
});
};
};
# stdenv = prev.buildPackages.ccacheStdenv;
# stdenv = prev.ccacheStdenv.override { inherit (prev) stdenv; };
})
# (next: prev:
# let
# emulated = prev.emulated;
@@ -247,7 +308,7 @@ in
in {
# packages which don't cross compile
inherit (emulated)
# adwaita-qt # psqlodbc
# adwaita-qt6 # although qtbase cross-compiles with minor change, qtModule's qtbase can't
apacheHttpd_2_4 # `configure: error: Size of "void *" is less than size of "long"`
# duplicity # python3.10-s3transfer
# gdk-pixbuf # cross-compiled version doesn't output bin/gdk-pixbuf-thumbnailer (used by webp-pixbuf-loader
@@ -258,27 +319,48 @@ in
# nixpkgs hdf5 is at commit 3e847e003632bdd5fdc189ccbffe25ad2661e16f
# hdf5 # configure: error: cannot run test program while cross compiling
# http2
libgccjit # "../../gcc-9.5.0/gcc/jit/jit-result.c:52:3: error: 'dlclose' was not declared in this scope" (needed by emacs!)
# libgccjit # "../../gcc-9.5.0/gcc/jit/jit-result.c:52:3: error: 'dlclose' was not declared in this scope" (needed by emacs!)
# libsForQt5 # qtbase # make: g++: No such file or directory
libtiger # "src/tiger_internal.h:24:10: fatal error: pango/pango.h: No such file or directory"
# perlInterpreters # perl5.36.0-Module-Build perl5.36.0-Test-utf8 (see tracking issues ^)
# qgnomeplatform
# qtbase
qt5 # qt5.qtx11extras fails, but we can't selectively emulate it
qt6 # "You need to set QT_HOST_PATH to cross compile Qt."
# qt6 # "You need to set QT_HOST_PATH to cross compile Qt."
# sequoia # "/nix/store/q8hg17w47f9xr014g36rdc2gi8fv02qc-clang-aarch64-unknown-linux-gnu-12.0.1-lib/lib/libclang.so.12: cannot open shared object file: No such file or directory"', /build/sequoia-0.27.0-vendor.tar.gz/bindgen/src/lib.rs:1975:31"
# splatmoji
# twitter-color-emoji # /nix/store/0wk6nr1mryvylf5g5frckjam7g7p9gpi-bash-5.2-p15/bin/bash: line 1: pkg-config: command not found
visidata # python3.10-psycopg2 python3.10-pandas python3.10-h5py
# visidata # python3.10-psycopg2 python3.10-pandas python3.10-h5py
# webkitgtk_4_1 # requires nativeBuildInputs = perl.pkgs.FileCopyRecursive => perl5.36.0-Test-utf8
# xdg-utils # perl5.36.0-File-BaseDir / perl5.36.0-Module-Build
;
# apacheHttpd_2_4 = prev.apacheHttpd_2_4.override {
# # fixes original error
# # new failure mode: "/nix/store/czvaa9y9ch56z53c0b0f5bsjlgh14ra6-apr-aarch64-unknown-linux-gnu-1.7.0-dev/share/build/libtool: line 1890: aarch64-unknown-linux-gnu-ar: command not found"
# inherit (emulated) stdenv;
# adwaita-qt6 = prev.adwaita-qt6.override {
# # adwaita-qt6 still uses the qt5 version of these libs by default?
# inherit (next.qt6) qtbase qtwayland;
# };
# qt6 doesn't cross compile. the only thing that wants it is phosh/gnome, in order to
# configure qt6 apps to look stylistically like gtk apps.
# adwaita-qt6 isn't an input into any other packages we build -- it's just placed on the systemPackages.
# so... just set it to null and that's Good Enough (TM).
# adwaita-qt6 = derivation { name = "null-derivation"; builder = "/dev/null"; }; # null;
# adwaita-qt6 = next.stdenv.mkDerivation { name = "null-derivation"; };
# adwaita-qt6 = next.emptyDirectory;
# same story as qdwaita-qt6
# qgnomeplatform-qt6 = next.emptyDirectory;
# apacheHttpd_2_4 = (prev.apacheHttpd_2_4.override {
# # fixes `configure: error: Size of "void *" is less than size of "long"`
# inherit (emulated) stdenv;
# }).overrideAttrs (upstream: {
# # nativeBuildInputs = upstream.nativeBuildInputs ++ [ next.bintools ];
# nativeBuildInputs = upstream.nativeBuildInputs ++ [
# next.buildPackages.stdenv.cc # fixes: "/nix/store/czvaa9y9ch56z53c0b0f5bsjlgh14ra6-apr-aarch64-unknown-linux-gnu-1.7.0-dev/share/build/libtool: line 1890: aarch64-unknown-linux-gnu-ar: command not found"
# ];
# # now can't find -lz for zlib.
# # this is because nixpkgs zlib.dev has only include/ + a .pc file linking to zlib, which has the lib/ folder
# # but httpd expects --with-zlib=prefix/ to hold both include/ and lib/
# # TODO: we could link farm, or we could skip straight to cross compilation and not emulate stdenv
# });
# mod_dnssd = prev.mod_dnssd.override {
# inherit (emulated) stdenv;
@@ -328,6 +410,14 @@ in
];
});
aprutil = prev.aprutil.overrideAttrs (upstream: {
# nixpkgs patches the ldb version only for the package itself, but derivative packages (serf -> subversion) inherit the wrong -ldb-6.9 flag.
postConfigure = upstream.postConfigure + lib.optionalString (next.stdenv.buildPlatform != next.stdenv.hostPlatform) ''
substituteInPlace apu-1-config \
--replace "-ldb-6.9" "-ldb"
'';
});
blueman = prev.blueman.overrideAttrs (orig: {
# configure: error: ifconfig or ip not found, install net-tools or iproute2
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.iproute2 ];
@@ -348,6 +438,13 @@ in
# "configure: error: installation or configuration problem: C compiler cc not found."
inherit (emulated) stdenv;
};
# cdrtools = prev.cdrtools.overrideAttrs (upstream: {
# # can't get it to actually use our CC, even when specifying these explicitly
# # CC = "${next.stdenv.cc}/bin/${next.stdenv.cc.targetPrefix}cc";
# makeFlags = upstream.makeFlags ++ [
# "CC=${next.stdenv.cc}/bin/${next.stdenv.cc.targetPrefix}cc"
# ];
# });
# colord = prev.colord.override {
# # doesn't fix: "ld: error adding symbols: file in wrong format"
@@ -365,17 +462,29 @@ in
inherit (emulated) stdenv;
};
dconf = (prev.dconf.override {
# dconf = (prev.dconf.override {
# # we need dconf to build with vala, because dconf-editor requires that.
# # this only happens if dconf *isn't* cross-compiled
# inherit (emulated) stdenv;
# }).overrideAttrs (upstream: {
# nativeBuildInputs = lib.remove next.glib upstream.nativeBuildInputs;
# });
dconf = prev.dconf.overrideAttrs (upstream: {
# we need dconf to build with vala, because dconf-editor requires that.
# this only happens if dconf *isn't* cross-compiled
inherit (emulated) stdenv;
}).overrideAttrs (upstream: {
nativeBuildInputs = lib.remove next.glib upstream.nativeBuildInputs;
# upstream nixpkgs explicitly disables that on cross compilation, but in fact, it works.
# so just undo upstream's mods.
buildInputs = upstream.buildInputs ++ [ next.vala ];
mesonFlags = lib.remove "-Dvapi=false" upstream.mesonFlags;
});
# emacs = prev.emacs.override {
# # fixes "configure: error: cannot run test program while cross compiling"
# inherit (emulated) stdenv;
# };
emacs = prev.emacs.override {
# fixes "configure: error: cannot run test program while cross compiling"
inherit (emulated) stdenv;
nativeComp = false;
# TODO: we can specify 'action-if-cross-compiling' to actually invoke the test programs:
# <https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Runtime.html>
};
flatpak = prev.flatpak.overrideAttrs (upstream: {
@@ -488,6 +597,8 @@ in
# - but ONLY if `dconf` was built with the vala feature.
# - dconf is NOT built with vala when cross-compiled
# - that's an explicit choice/limitation in nixpkgs upstream
# - TODO: vapi stuff is contained in <dconf.dev:/share/vala/vapi/dconf.vapi>
# it's cross-platform; should be possible to ship dconf only in buildInputs & point dconf-editor to the right place
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.dconf ];
});
evince = super.evince.overrideAttrs (orig: {
@@ -499,16 +610,20 @@ in
"-Dgtk_doc=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
];
});
evolution-data-server = (super.evolution-data-server.override {
inherit (emulated) stdenv; # fixes aborts in "Performing Test _correct_iconv" &tc
}).overrideAttrs (orig: {
nativeBuildInputs = orig.nativeBuildInputs ++ [
next.perl # fixes "The 'perl' not found, not installing csv2vcard"
# next.glib
# next.libiconv
# next.iconv
evolution-data-server = super.evolution-data-server.overrideAttrs (upstream: {
# fixes aborts in "Performing Test _correct_iconv"
cmakeFlags = upstream.cmakeFlags ++ [
"-DCMAKE_CROSSCOMPILING_EMULATOR=${next.stdenv.hostPlatform.emulator next.buildPackages}"
];
# buildInputs = orig.buildInputs ++ [
# N.B.: the deps are funky even without cross compiling.
# upstream probably wants to replace pcre with pcre2, and maybe provide perl
# nativeBuildInputs = upstream.nativeBuildInputs ++ [
# next.perl # fixes "The 'perl' not found, not installing csv2vcard"
# # next.glib
# # next.libiconv
# # next.iconv
# ];
# buildInputs = upstream.buildInputs ++ [
# next.pcre2 # fixes: "Package 'libpcre2-8', required by 'glib-2.0', not found"
# next.mount # fails to fix: "Package 'mount', required by 'gio-2.0', not found"
# ];
@@ -564,9 +679,7 @@ in
# # "-Dgtk_doc=${lib.boolToString (prev.stdenv.buildPlatform == prev.stdenv.hostPlatform)}"
# # ];
# });
gnome-shell = (super.gnome-shell.override {
inherit (next) stdenv;
}).overrideAttrs (upstream: {
gnome-shell = super.gnome-shell.overrideAttrs (upstream: {
nativeBuildInputs = upstream.nativeBuildInputs ++ [
next.gjs # fixes "meson.build:128:0: ERROR: Program 'gjs' not found or not executable"
next.buildPackages.gobject-introspection # fixes "shew| Build-time dependency gobject-introspection-1.0 found: NO"
@@ -660,6 +773,14 @@ in
# }."${next.stdenv.system}";
# });
# };
gpodder = prev.gpodder.overridePythonAttrs (upstream: {
# fix gobject-introspection overrides import that otherwise fails on launch
nativeBuildInputs = upstream.nativeBuildInputs ++ [
next.buildPackages.gobject-introspection
];
buildInputs = lib.remove next.gobject-introspection upstream.buildInputs;
strictDeps = true;
});
gupnp_1_6 = prev.gupnp_1_6.overrideAttrs (orig: {
# fixes "subprojects/gi-docgen/meson.build:10:0: ERROR: python3 not found"
# this patch is copied from the default gupnp.
@@ -687,14 +808,20 @@ in
"-Dpython=disabled"
];
});
inherit (emulated.gst_all_1) gst-plugins-good;
# inherit (emulated.gst_all_1) gst-plugins-good;
# gst-plugins-good = prev.gst_all_1.gst-plugins-good.override {
# # when invoked with `qt5Support = true`, qtbase shows up in both buildInputs and nativeBuildInputs
# # if these aren't identical, then qt complains: "Error: detected mismatched Qt dependencies"
# # doesn't fix the original error.
# inherit (emulated) stdenv;
# # TODO: try removing qtbase from nativeBuildInputs? emulate meson, pkg-config &c?
# # qt5Support = true;
# };
gst-plugins-good = prev.gst_all_1.gst-plugins-good.overrideAttrs (upstream: {
nativeBuildInputs = lib.remove next.qt5.qtbase upstream.nativeBuildInputs;
# TODO: swap in this line instead?
# buildInputs = lib.remove next.qt5.qtbase upstream.buildInputs;
});
};
gvfs = prev.gvfs.overrideAttrs (upstream: {
nativeBuildInputs = upstream.nativeBuildInputs ++ [
@@ -751,12 +878,21 @@ in
libgweather = (prev.libgweather.override {
# alternative to emulating python3 is to specify it in `buildInputs` instead of `nativeBuildInputs` (upstream),
# but presumably that's just a different way to emulate it.
# the python gobject-introspection stuff is a tangled mess that's impossible to debug:
# don't dig further, leave this for some other dedicated soul.
inherit (emulated)
stdenv # fixes "Run-time dependency vapigen found: NO (tried pkgconfig)"
gobject-introspection # fixes gir x86-64 python -> aarch64 shared object import
python3 # fixes build-aux/meson/gen_locations_variant.py x86-64 python -> aarch64 import of glib
;
});
# libgweather = prev.libgweather.overrideAttrs (upstream: {
# nativeBuildInputs = (lib.remove next.gobject-introspection upstream.nativeBuildInputs) ++ [
# next.buildPackages.gobject-introspection # fails to fix "gi._error.GError: g-invoke-error-quark: Could not locate g_option_error_quark: /nix/store/dsx6kqmyg7f3dz9hwhz7m3jrac4vn3pc-glib-aarch64-unknown-linux-gnu-2.74.3/lib/libglib-2.0.so.0"
# ];
# # fixes "Run-time dependency vapigen found: NO (tried pkgconfig)"
# buildInputs = upstream.buildInputs ++ [ next.vala ];
# });
libHX = prev.libHX.overrideAttrs (orig: {
# "Can't exec "libtoolize": No such file or directory at /nix/store/r4fvx9hazsm0rdm7s393zd5v665dsh1c-autoconf-2.71/share/autoconf/Autom4te/FileUtils.pm line 294."
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.libtool ];
@@ -805,6 +941,10 @@ in
# # fails to fix: "src/tiger_internal.h:24:10: fatal error: pango/pango.h: No such file or directory"
# nativeBuildInputs = orig.nativeBuildInputs ++ [ next.libkate next.cairo next.pango ];
# });
libtiger = prev.libtiger.overrideAttrs (_upstream: {
# libtiger seems to expect PKG_CONFIG to be an absolute path? not sure, but without this it claims it can't find pkg-config.
HAVE_PKG_CONFIG = "yes";
});
libvisual = prev.libvisual.overrideAttrs (upstream: {
# fixes: "configure: error: *** sdl-config not found."
@@ -981,18 +1121,31 @@ in
sed -i 's:gio_querymodules = :gio_querymodules = "${next.buildPackages.glib.dev}/bin/gio-querymodules" if True else :' build-aux/post_install.py
'';
});
phosh-mobile-settings = prev.phosh-mobile-settings.override {
# phosh-mobile-settings = prev.phosh-mobile-settings.override {
# # fixes "meson.build:26:0: ERROR: Dependency "phosh-plugins" not found, tried pkgconfig"
# inherit (emulated) stdenv;
# };
phosh-mobile-settings = prev.phosh-mobile-settings.overrideAttrs (upstream: {
# fixes "meson.build:26:0: ERROR: Dependency "phosh-plugins" not found, tried pkgconfig"
inherit (emulated) stdenv;
};
# phosh is used only for its plugins; these are specified as a runtime dep in src.
# it's correct for them to be runtime dep: src/ms-lockscreen-panel.c loads stuff from
# MOBILE_SETTINGS_PHOSH_PLUGINS_DIR at runtime
buildInputs = upstream.buildInputs ++ [ next.phosh ];
nativeBuildInputs = (lib.remove next.phosh upstream.nativeBuildInputs) ++ [
next.gettext # fixes "data/meson.build:1:0: ERROR: Program 'msgfmt' not found or not executable"
next.wayland-scanner # fixes "protocols/meson.build:7:0: ERROR: Program 'wayland-scanner' not found or not executable"
next.glib # fixes "src/meson.build:1:0: ERROR: Program 'glib-mkenums mkenums' not found or not executable"
next.desktop-file-utils # fixes "meson.build:116:8: ERROR: Program 'update-desktop-database' not found or not executable"
];
});
pipewire = prev.pipewire.overrideAttrs (orig: {
# fixes `spa/plugins/bluez5/meson.build:41:0: ERROR: Program 'gdbus-codegen' not found or not executable`
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.glib ];
});
psqlodbc = prev.psqlodbc.override {
# fixes "configure: error: odbc_config not found (required for unixODBC build)"
inherit (emulated) stdenv;
};
# psqlodbc = prev.psqlodbc.override {
# # fixes "configure: error: odbc_config not found (required for unixODBC build)"
# inherit (emulated) stdenv;
# };
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(py-next: py-prev: {
@@ -1050,6 +1203,7 @@ in
# it tries to call `cc` during the build, but can't find it.
})
];
# qt5 = prev.qt5.overrideScope' (self: super: {
# qtbase = super.qtbase.override {
# inherit (emulated) stdenv;
@@ -1061,11 +1215,34 @@ in
# };
# });
# qt6 = prev.qt6.overrideScope' (self: super: {
# qtbase = super.qtbase.override {
# # fixes: "You need to set QT_HOST_PATH to cross compile Qt."
# inherit (emulated) stdenv;
# };
# # inherit (emulated.qt6) qtModule;
# qtbase = super.qtbase.overrideAttrs (upstream: {
# # cmakeFlags = upstream.cmakeFlags ++ lib.optionals (next.stdenv.buildPlatform != next.stdenv.hostPlatform) [
# cmakeFlags = upstream.cmakeFlags ++ lib.optionals (next.stdenv.buildPlatform != next.stdenv.hostPlatform) [
# # "-DCMAKE_CROSSCOMPILING=True" # fails to solve QT_HOST_PATH error
# "-DQT_HOST_PATH=${next.buildPackages.qt6.full}"
# ];
# });
# qtModule = args: (super.qtModule args).overrideAttrs (upstream: {
# # the nixpkgs comment about libexec seems to be outdated:
# # it's just that cross-compiled syncqt.pl doesn't get its #!/usr/bin/env shebang replaced.
# preConfigure = lib.replaceStrings
# ["${lib.getDev self.qtbase}/libexec/syncqt.pl"]
# ["perl ${lib.getDev self.qtbase}/libexec/syncqt.pl"]
# upstream.preConfigure;
# });
# # qtwayland = super.qtwayland.overrideAttrs (upstream: {
# # preConfigure = "fixQtBuiltinPaths . '*.pr?'";
# # });
# # qtwayland = super.qtwayland.override {
# # inherit (self) qtbase;
# # };
# # qtbase = super.qtbase.override {
# # # fixes: "You need to set QT_HOST_PATH to cross compile Qt."
# # inherit (emulated) stdenv;
# # };
# });
rapidfuzz-cpp = prev.rapidfuzz-cpp.overrideAttrs (orig: {
# fixes "error: could not find git for clone of catch2-populate"
buildInputs = orig.buildInputs or [] ++ [ next.catch2_3 ];
@@ -1082,10 +1259,24 @@ in
# fixes "Checking whether the C compiler works... no"
inherit (emulated) stdenv;
};
samba = prev.samba.overrideAttrs (_upstream: {
# we get "cannot find C preprocessor: aarch64-unknown-linux-gnu-cpp", but ONLY when building with the ccache stdenv.
# this solves that, but `CPP` must be a *single* path -- not an expression.
# i do not understand how the original error arises, as my ccacheStdenv should match the API of the base stdenv (except for cpp being a symlink??).
# but oh well, this fixes it.
CPP = next.buildPackages.writeShellScript "cpp" ''
exec ${lib.getBin next.stdenv.cc}/bin/${next.stdenv.cc.targetPrefix}cc -E $@;
'';
});
# sequoia = prev.sequoia.override {
# # fails to fix original error
# inherit (emulated) stdenv;
# };
serf = prev.serf.overrideAttrs (upstream: {
nativeBuildInputs = upstream.nativeBuildInputs or [] ++ [
next.bintools # fixes "sh: line 1: ar: command not found"
];
});
# squeekboard = prev.squeekboard.overrideAttrs (orig: {
# # fixes: "meson.build:1:0: ERROR: 'rust' compiler binary not defined in cross or native file"
@@ -1108,6 +1299,13 @@ in
wayland # fixes error when linking src/squeekboard: "/nix/store/3c0dqm093ylw8ks7myzxdaif0m16rgcl-binutils-2.40/bin/ld: /nix/store/ni0vb1pnaznx85378i3h9xhw9cay68g5-wayland-1.21.0/lib/libwayland-client.so: error adding symbols: file in wrong format"
;
};
subversion = prev.subversion.overrideAttrs (upstream: {
configureFlags = upstream.configureFlags ++ [
# configure can't find APR and APR-util, unclear why (are they not placed on PATH?)
"--with-apr=${next.apr.dev}/bin/apr-1-config"
"--with-apr-util=${next.aprutil.dev}/bin/apu-1-config"
];
});
sysprof = prev.sysprof.overrideAttrs (orig: {
# fixes: "src/meson.build:12:2: ERROR: Program 'gdbus-codegen' not found or not executable"
@@ -1133,17 +1331,22 @@ in
});
unixODBCDrivers = prev.unixODBCDrivers // {
# TODO: should this package be deduped with toplevel psqlodbc in upstream nixpkgs?
psql = prev.unixODBCDrivers.psql.override {
# fixes "configure: error: odbc_config not found (required for unixODBC build)"
inherit (emulated) stdenv;
};
# psql = prev.unixODBCDrivers.psql.overrideAttrs (orig: {
# # fixes "configure: error: odbc_config not found (required for unixODBC build)"
# # new error: "/nix/store/h3ms3h95rbj5p8yhxfhbsbnxgvpnb8w0-aarch64-unknown-linux-gnu-binutils-2.39/bin/aarch64-unknown-linux-gnu-ld: /nix/store/6h6z98qvg5k8rsqpivi42r5008zjfp2v-unixODBC-2.3.11/lib/libodbcinst.so: error adding symbols: file in wrong format"
# nativeBuildInputs = orig.nativeBuildInputs or [] ++ orig.buildInputs;
# });
psql = prev.unixODBCDrivers.psql.overrideAttrs (_upstream: {
# XXX: these are both available as configureFlags, if we prefer that (we probably do, so as to make them available only during specific parts of the build).
ODBC_CONFIG = next.buildPackages.writeShellScript "odbc_config" ''
exec ${next.stdenv.hostPlatform.emulator next.buildPackages} ${next.unixODBC}/bin/odbc_config $@
'';
PG_CONFIG = next.buildPackages.writeShellScript "pg_config" ''
exec ${next.stdenv.hostPlatform.emulator next.buildPackages} ${next.postgresql}/bin/pg_config $@
'';
});
};
visidata = prev.visidata.override {
# hdf5 / h5py don't cross-compile, but i don't use that file format anyway.
# setting this to null means visidata will work as normal but not be able to load hdf files.
h5py = null;
};
vlc = prev.vlc.overrideAttrs (orig: {
# fixes: "configure: error: could not find the LUA byte compiler"
# fixes: "configure: error: protoc compiler needed for chromecast was not found"
@@ -1170,6 +1373,7 @@ in
# fixes: "src/meson.build:25:0: ERROR: Program 'gdbus-codegen' not found or not executable"
nativeBuildInputs = orig.nativeBuildInputs ++ [ next.gettext next.glib ];
});
# webkitgtk = prev.webkitgtk.override { stdenv = next.ccacheStdenv; };
# webp-pixbuf-loader = prev.webp-pixbuf-loader.override {
# # fixes "Builder called die: Cannot wrap '/nix/store/kpp8qhzdjqgvw73llka5gpnsj0l4jlg8-gdk-pixbuf-aarch64-unknown-linux-gnu-2.42.10/bin/gdk-pixbuf-thumbnailer' because it is not an executable file"
# # new failure mode: "/nix/store/grqh2wygy9f9wp5bgvqn4im76v82zmcx-binutils-2.39/bin/ld: /nix/store/2syg6jxk8zi1zkpqvkxkz87x8sl27c6b-gdk-pixbuf-2.42.10/lib/libgdk_pixbuf-2.0.so: error adding symbols: file in wrong format"

View File

@@ -19,6 +19,7 @@
];
sane.nixcache.enable-trusted-keys = true;
sane.nixcache.enable = lib.mkDefault true;
sane.programs.sysadminUtils.enableFor.system = lib.mkDefault true;
sane.programs.consoleUtils.enableFor.user.colin = lib.mkDefault true;

View File

@@ -13,6 +13,8 @@
./mpv.nix
./neovim.nix
./newsflash.nix
./offlineimap.nix
./ripgrep.nix
./splatmoji.nix
./ssh.nix
./sublime-music.nix

View File

@@ -0,0 +1,17 @@
# mail archiving/synchronization tool.
#
# manually download all emails for an account with
# - `offlineimap -a <accountname>`
#
# view account names inside the secrets file, listed below.
{ config, sane-lib, ... }:
{
sops.secrets."offlineimaprc" = {
owner = config.users.users.colin.name;
sopsFile = ../../../secrets/universal/offlineimaprc.bin;
format = "binary";
};
sane.user.fs.".config/offlineimap/config" = sane-lib.fs.wantedSymlinkTo config.sops.secrets.offlineimaprc.path;
}

View File

@@ -0,0 +1,9 @@
{ sane-lib, ... }:
{
# .ignore file is read by ripgrep (rg), silver searcher (ag), maybe others.
# ignore translation files by default when searching, as they tend to have
# a LOT of duplicate text.
sane.user.fs.".ignore" = sane-lib.fs.wantedText ''
po/
'';
}

View File

@@ -1,4 +1,6 @@
# TODO: migrate to nixpkgs `config.ids.uids`
# - note that nixpkgs' `config.ids.uids` is strictly a database: it doesn't set anything by default
# whereas our impl sets the gid/uid of the user/group specified if they exist.
{ ... }:
{

View File

@@ -55,6 +55,7 @@ let
smartmontools
socat
strace
subversion
tcpdump
tree
usbutils
@@ -81,6 +82,7 @@ let
tuiPkgs = {
inherit (pkgs)
aerc # email client
offlineimap # email mailox sync
visidata # TUI spreadsheet viewer/editor
w3m
;
@@ -199,6 +201,7 @@ let
gajim # XMPP client
gimp # broken on phosh
"gnome.gnome-disk-utility"
handbrake
inkscape
kdenlive
kid3 # audio tagging
@@ -215,9 +218,6 @@ let
# gnome.zenity # for kaiteki (it will use qarma, kdialog, or zenity)
# gpt2tc # XXX: unreliable mirror
# TODO(unpin): handbrake is broken on aarch64-linux 2023/01/29
handbrake
logseq
losslesscut-bin
makemkv
@@ -229,6 +229,13 @@ let
;
};
# packages not part of any package set
otherPkgs = {
inherit (pkgs)
stepmania
;
};
# define -- but don't enable -- the packages in some attrset.
# use `mkDefault` for the package here so we can customize some of them further down this file
declarePkgs = pkgsAsAttrs: mapAttrs (_n: p: {
@@ -246,6 +253,7 @@ in
(declarePkgs sysadminExtraPkgs)
(declarePkgs tuiPkgs)
(declarePkgs x86GuiPkgs)
(declarePkgs otherPkgs)
{
# link the various package sets into their own meta packages
consoleUtils = {

View File

@@ -103,6 +103,10 @@
sopsFile = ../../secrets/universal/net/home-shared.psk.bin;
format = "binary";
};
sops.secrets."iwd/makespace-south.psk" = {
sopsFile = ../../secrets/universal/net/makespace-south.psk.bin;
format = "binary";
};
sops.secrets."iwd/archive-2023-02-home-bedroom.psk" = {
sopsFile = ../../secrets/universal/net/archive/2023-02-home-bedroom.psk.bin;
format = "binary";

View File

@@ -52,8 +52,8 @@ in
# TODO(2023/02/28): remove this qt.style = "gtk2" override.
# gnome by default tells qt to stylize its apps similar to gnome.
# but the package needed for that doesn't cross-compile, hence i disable that here.
qt.platformTheme = "gtk2";
qt.style = "gtk2";
# qt.platformTheme = "gtk2";
# qt.style = "gtk2";
# docs: https://github.com/NixOS/nixpkgs/blob/nixos-22.05/nixos/modules/services/x11/desktop-managers/phosh.nix
services.xserver.desktopManager.phosh = {
@@ -88,8 +88,6 @@ in
# gnome doesn't use mkDefault for these -- unclear why not
services.gnome.evolution-data-server.enable = mkForce false;
services.gnome.gnome-online-miners.enable = mkForce false;
# TODO: re-enable this once we can cross-compile gvfs
services.gvfs.enable = mkForce false;
# XXX: phosh enables networkmanager by default; can probably disable these lines
networking.useDHCP = false;

View File

@@ -133,6 +133,7 @@ in
# # "pavucontrol"
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
"sway-contrib.grimshot"
];
};
}
@@ -141,6 +142,7 @@ in
inherit (pkgs // {
"gnome.gnome-bluetooth" = pkgs.gnome.gnome-bluetooth;
"gnome.gnome-control-center" = pkgs.gnome.gnome-control-center;
"sway-contrib.grimshot" = pkgs.sway-contrib.grimshot;
})
swaylock
swayidle
@@ -148,6 +150,7 @@ in
mako
"gnome.gnome-bluetooth"
"gnome.gnome-control-center"
"sway-contrib.grimshot"
;
};
}

View File

@@ -9,11 +9,6 @@
# efi_pstore evivars
];
# enable cross compilation
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# nixpkgs.config.allowUnsupportedSystem = true;
# nixpkgs.crossSystem.system = "aarch64-linux";
powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.amd.updateMicrocode = true; # desktop
hardware.cpu.intel.updateMicrocode = true; # laptop

View File

@@ -94,7 +94,7 @@ in
wg-home.pubkey = "roAw+IUFVtdpCcqa4khB385Qcv9l5JAB//730tyK4Wk=";
wg-home.ip = "10.0.10.5";
wg-home.endpoint = "uninsane.org:51820";
lan-ip = "192.168.0.5";
lan-ip = "192.168.15.28";
};
};
}

View File

@@ -13,6 +13,7 @@
with lib;
let
cfg = config.sane.nixcache;
hostName = config.networking.hostName;
in
{
options = {
@@ -24,6 +25,16 @@ in
default = config.sane.nixcache.enable;
type = types.bool;
};
sane.nixcache.substituters = mkOption {
type = types.listOf types.string;
default =
(lib.optional (hostName != "servo") "https://nixcache.uninsane.org")
++ (lib.optional (hostName != "desko") "http://desko:5000")
++ [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
};
};
config = {
@@ -31,12 +42,7 @@ in
# to explicitly build from a specific cache (in case others are down):
# - `nixos-rebuild ... --option substituters https://cache.nixos.org`
# - `nix build ... --substituters http://desko:5000`
nix.settings.substituters = mkIf cfg.enable [
"https://nixcache.uninsane.org"
"http://desko:5000"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.substituters = mkIf cfg.enable cfg.substituters;
# always trust our keys (so one can explicitly use a substituter even if it's not the default
nix.settings.trusted-public-keys = mkIf cfg.enable-trusted-keys [
"nixcache.uninsane.org:r3WILM6+QrkmsLgqVQcEdibFD7Q/4gyzD9dGT33GP70="

View File

@@ -0,0 +1,59 @@
{ config, lib, sane-lib, ... }:
let
inherit (lib) mkIf mkMerge mkOption types;
inherit (config.programs.ccache) cacheDir;
in
{
options.sane.roles.build-machine = mkOption {
type = types.bool;
default = false;
};
config = mkMerge [
{
# programs.ccache.cacheDir = "/var/cache/ccache"; # nixos default
# programs.ccache.cacheDir = "/homeless-shelter/.ccache"; # ccache default (~/.ccache)
# if the cache doesn't reside at ~/.ccache, then CCACHE_DIR has to be set.
# we can do that manually as commented out below, or let nixos do it for us by telling it to use ccache on a dummy package:
programs.ccache.packageNames = [ "dummy-pkg-to-force-ccache-config" ];
# nixpkgs.overlays = [
# (self: super: {
# # XXX: if the cache resides not at ~/.ccache (i.e. /homeless-shelter/.ccache)
# # then we need to explicitly tell ccache where that is.
# ccacheWrapper = super.ccacheWrapper.override {
# extraConfig = ''
# export CCACHE_DIR="${cacheDir}"
# '';
# };
# })
# ];
}
(mkIf config.sane.roles.build-machine {
# serve packages to other machines that ask for them
sane.services.nixserve.enable = true;
# enable cross compilation
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# nixpkgs.config.allowUnsupportedSystem = true;
# granular compilation cache
# docs: <https://nixos.wiki/wiki/CCache>
# investigate the cache with:
# - `nix-ccache --show-stats`
# - `build '.#ccache'
# - `sudo CCACHE_DIR=/var/cache/ccache ./result/bin/ccache --show-stats -v`
# TODO: whitelist `--verbose` in <nixpkgs:nixos/modules/programs/ccache.nix>
# TODO: configure without compression (leverage fs-level compression), and enable file-clone (i.e. hardlinks)
programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ cacheDir ];
sane.persist.sys.plaintext = [
{ group = "nixbld"; mode = "0775"; directory = config.programs.ccache.cacheDir; }
];
sane.fs."${cacheDir}/ccache.conf" = sane-lib.fs.wantedText ''
max_size = 50G
'';
})
];
}

View File

@@ -1,6 +1,7 @@
{ ... }:
{
imports = [
./build-machine.nix
./client
];
}

View File

@@ -3,6 +3,11 @@
with lib;
let
cfg = config.sane.services.dyn-dns;
getIp = pkgs.writeShellScript "dyn-dns-query-wan" ''
# preferred method and fallback
${pkgs.sane-scripts}/bin/sane-ip-check-router-wan || \
${pkgs.sane-scripts}/bin/sane-ip-check
'';
in
{
options = {
@@ -19,7 +24,7 @@ in
};
ipCmd = mkOption {
default = "${pkgs.sane-scripts}/bin/sane-ip-check-router-wan";
default = "${getIp}";
type = types.path;
description = "command to run to query the current WAN IP";
};

View File

@@ -0,0 +1,34 @@
diff --git a/pkgs/development/libraries/qt-6/modules/qtbase.nix b/pkgs/development/libraries/qt-6/modules/qtbase.nix
index e71b0a7613d..72779ac57a5 100644
--- a/pkgs/development/libraries/qt-6/modules/qtbase.nix
+++ b/pkgs/development/libraries/qt-6/modules/qtbase.nix
@@ -5,6 +5,7 @@
, version
, coreutils
, bison
+, buildPackages
, flex
, gdb
, gperf
@@ -224,6 +225,8 @@ stdenv.mkDerivation rec {
] ++ lib.optionals stdenv.isDarwin [
# error: 'path' is unavailable: introduced in macOS 10.15
"-DQT_FEATURE_cxx17_filesystem=OFF"
+ ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+ "-DQT_HOST_PATH=${buildPackages.qt6.full}"
];
NIX_LDFLAGS = toString (lib.optionals stdenv.isDarwin [
diff --git a/pkgs/development/libraries/qt-6/qtModule.nix b/pkgs/development/libraries/qt-6/qtModule.nix
index 28180d3b0ca..f14c73b10ee 100644
--- a/pkgs/development/libraries/qt-6/qtModule.nix
+++ b/pkgs/development/libraries/qt-6/qtModule.nix
@@ -61,7 +61,7 @@ stdenv.mkDerivation (args // {
if [[ -z "$dontSyncQt" && -f sync.profile ]]; then
# FIXME: this probably breaks crosscompiling as it's not from nativeBuildInputs
# I don't know how to get /libexec from nativeBuildInputs to work, it's not under /bin
- ${lib.getDev self.qtbase}/libexec/syncqt.pl -version "''${version%%-*}"
+ perl ${lib.getDev self.qtbase}/libexec/syncqt.pl -version "''${version%%-*}"
fi
'';

View File

@@ -0,0 +1,65 @@
diff --git a/pkgs/development/tools/misc/ccache/default.nix b/pkgs/development/tools/misc/ccache/default.nix
index cad25a942d6..9130097ab07 100644
--- a/pkgs/development/tools/misc/ccache/default.nix
+++ b/pkgs/development/tools/misc/ccache/default.nix
@@ -2,7 +2,7 @@
, stdenv
, fetchFromGitHub
, substituteAll
-, binutils
+, buildPackages
, asciidoctor
, cmake
, perl
@@ -33,7 +33,7 @@ let ccache = stdenv.mkDerivation rec {
# Darwin.
(substituteAll {
src = ./force-objdump-on-darwin.patch;
- objdump = "${binutils.bintools}/bin/objdump";
+ objdump = "${buildPackages.binutils.bintools}/bin/objdump";
})
];
@@ -71,11 +71,12 @@ let ccache = stdenv.mkDerivation rec {
passthru = {
# A derivation that provides gcc and g++ commands, but that
# will end up calling ccache for the given cacheDir
- links = {unwrappedCC, extraConfig}: stdenv.mkDerivation {
+ links = {unwrappedCC, extraConfig, targetPrefix ? ""}: stdenv.mkDerivation {
name = "ccache-links";
passthru = {
isClang = unwrappedCC.isClang or false;
isGNU = unwrappedCC.isGNU or false;
+ cc = unwrappedCC;
};
inherit (unwrappedCC) lib;
nativeBuildInputs = [ makeWrapper ];
@@ -83,7 +84,7 @@ let ccache = stdenv.mkDerivation rec {
mkdir -p $out/bin
wrap() {
- local cname="$1"
+ local cname="${targetPrefix}$1"
if [ -x "${unwrappedCC}/bin/$cname" ]; then
makeWrapper ${ccache}/bin/ccache $out/bin/$cname \
--run ${lib.escapeShellArg extraConfig} \
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index cb6fd2f0c4d..da4aadff3cb 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -17383,10 +17383,12 @@ with pkgs;
# should be owned by user root, group nixbld with permissions 0770.
ccacheWrapper = makeOverridable ({ extraConfig, cc }:
cc.override {
- cc = ccache.links {
+ cc = ccache.links ({
inherit extraConfig;
unwrappedCC = cc.cc;
- };
+ } // lib.optionalAttrs (cc ? targetPrefix) {
+ inherit (cc) targetPrefix;
+ });
}) {
extraConfig = "";
inherit (stdenv) cc;

View File

@@ -13,14 +13,6 @@
hash = "sha256-IvsIcd2wPdz4b/7FMrDrcVlIZjFecCQ9uiL0Umprbx0=";
})
# fix handbrake build by: handbrake: 1.5.1 -> 1.6.1
# PR opened 2023/01/23
# (fetchpatch {
# # see alternate fix: <https://github.com/NixOS/nixpkgs/pull/211834>
# url = "https://github.com/NixOS/nixpkgs/pull/212306.diff";
# hash = "sha256-PnPzvJymafa+zjkauQW0LzFsJC7S+7D9JRszTE3in+w=";
# })
# (fetchpatch {
# # stdenv: fix cc for pseudo-crosscompilation
# # closed because it breaks pkgsStatic (as of 2023/02/12)
@@ -31,10 +23,18 @@
./2022-12-19-i2p-aarch64.patch
# fix for CMA memory leak in mesa: <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198>
# fixed in mesa 22.3.6: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21330/diffs>
# only necessary on aarch64.
# it's a revert of nixpkgs commit dcf630c172df2a9ecaa47c77f868211e61ae8e52
./2023-01-30-mesa-cma-leak.patch
# fix qt6.qtbase and qt6.qtModule to cross-compile.
# unfortunately there's some tangle that makes that difficult to do via the normal `override` facilities
./2023-03-03-qtbase-cross-compile.patch
# let ccache cross-compile
./2023-03-04-ccache-cross-fix.patch
# # kaiteki: init at 2022-09-03
# vendorHash changes too frequently (might not be reproducible).
# using local package defn until stabilized

View File

@@ -0,0 +1,32 @@
(self: super:
with self;
let
# ccache-able = drv: drv.override { stdenv = builtins.trace "with ccache ${drv.name}" ccacheStdenv; };
ccache-able = drv: drv.override { stdenv = builtins.trace "with ccache: ${drv.name}" ccacheStdenv; };
in {
# TODO: if we link /homeless-shelter/.ccache into the nix environment,
# then maybe we get better use of upstream caches?
# ccacheWrapper = super.ccacheWrapper.override {
# extraConfig = ''
# export CCACHE_DIR="/var/cache/ccache"
# '';
# };
# ccacheStdenv = super.ccacheStdenv.override {
# extraConfig = ''
# export CCACHE_DIR="/homeless-shelter/.ccache"
# '';
# };
# firefox-esr = ccache-able super.firefox-esr;
# firefox/librewolf distribution is wacky: it grabs the stdenv off of `rustc.llvmPackages`, and really wants those to match.
# buildMozillaMach = opts: ccache-able (super.buildMozillaMach opts);
# webkitgtk = ccache-able super.webkitgtk;
# mesa = ccache-able super.mesa;
webkitgtk = super.webkitgtk.overrideAttrs (_upstream: {
# means we drop debug info when linking.
# this is a trade-off to require less memory when linking, since
# building `webkitgtk` otherwise requires about 40G+ of RAM.
# <https://github.com/NixOS/nixpkgs/issues/153528>
separateDebugInfo = false;
});
})

View File

@@ -1,13 +1,29 @@
{ makeWrapper
{ stdenv
, gnome-feeds
, gpodder
, linkFarm
, makeWrapper
, python3
, symlinkJoin
}:
let
remove-extra = linkFarm "gpodder-remove-extra" [
{ name = "bin/gpodder-remove-extra"; path = ./remove_extra.py; }
];
pyEnv = python3.withPackages (_ps: [ gnome-feeds.listparser ]);
remove-extra = stdenv.mkDerivation {
pname = "gpodder-remove-extra";
version = "0.1.0";
src = ./.;
patchPhase = ''
substituteInPlace ./remove_extra.py \
--replace "#!/usr/bin/env nix-shell" "#!${pyEnv.interpreter}"
'';
installPhase = ''
mkdir -p $out/bin
mv remove_extra.py $out/bin/gpodder-remove-extra
'';
};
in
# we use a symlinkJoin so that we can inherit the .desktop and icon files from the original gPodder
(symlinkJoin {
@@ -29,4 +45,8 @@ in
unlink $out/share/applications/gpodder.desktop
sed "s:Exec=.*:Exec=$out/bin/gpodder-configured:" $orig_desktop > $out/share/applications/gpodder.desktop
'';
passthru = {
remove-extra = remove-extra;
};
})

View File

@@ -1,3 +1,4 @@
#!/usr/bin/env bash
curl https://ipinfo.io/ip
echo
ip=$(curl --silent https://ipinfo.io/ip)
echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$"
exit $?

View File

@@ -3,13 +3,16 @@
# requires creds
passwd=$(sudo cat /run/secrets/router_passwd)
cookie=$(mktemp)
curlflags="curl --silent --insecure --cookie-jar $cookie --connect-timeout 5"
# authenticate
curl -s --insecure --cookie-jar $cookie \
curl $curlflags \
--data "username=admin&password=$passwd" \
https://192.168.0.1
# query the WAN IP
curl -s --insecure --cookie $cookie \
ip=$(curl $curlflags \
-H "X-Requested-With: XMLHttpRequest" \
"https://192.168.0.1/cgi/cgi_action?Action=GetConnectionStatus" \
| jq -r .wan_status.ipaddr
| jq -r .wan_status.ipaddr)
echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$"
exit $?

View File

@@ -35,9 +35,9 @@ refer to flake.nix for more details.
## remote deployment
some of my systems support cross compilation (i.e. building from x86-64 for an aarch64 host without using emulation).
- `nixos-rebuild --flake '.#moby-cross' build`
- `nixos-rebuild --flake '.#cross-moby' build`
- `sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey $(readlink ./result)`
- `nixos-rebuild --flake '.#moby-cross' switch --target-host colin@moby --use-remote-sudo`
- `nixos-rebuild --flake '.#cross-moby' switch --target-host colin@moby --use-remote-sudo`
## building packages

View File

@@ -0,0 +1,48 @@
{
"data": "ENC[AES256_GCM,data:tNQEuMx+Cp8vRELzeQoWLQail2jy5TEBSqJM1o+tV5mSStTLQFMR+L/cnKQYqEpNWJgZ3kSaqkAUqvY5yG/y7TIUZDWqeLLnOJDrmahku0CFPmC3BC8yjrTaISaDRT0FlLH7Osdk2pbDlmcerPwRaEtptovgHvMeJC9cMrfFUOF6LXdNIh7zslWyYvEzrAPtnxKiyIA7pan8sua2FG6AIfMj10c+p/ck29pqhtxAGJvmMMCjMBB1XNjaYjzRzEddbry84cJjhF2Hyr0j/W4U0SLDdD9cfh8idwmrBAP9zI1/nlHjO1labI+U9WGdyyeoPFY+Phm8qm7WxpFsDZnk4B5IGaN1yB9I7KP4tneSw8VOmz5L7BBJszJRUEOQ95Q7D7gos+ytfbnzIBeHh55eSuRzj5xSqG4dPSp8biBGEC9Y4gShCvxNa7r7tGF82jrI32Xe3MFz5zRsx5HvbpB/xytBS0fguxgtnFm8OJf7j3vyGwQoCCJT4pLpHmhei0JpmicbAIgKCcmz//sSUZKXNMV+rb58ntjvNu/Cy9TgOaNTpmeIpe60Gg5ONXypM8Zdmv+cY3NATg9ukdXpdtjW0+SMTTOC+Ug2z9D0Wy4NUQOsNevVUr/22155v+SGcSImVJtiOZ3xYgjND1n/smoUs7tvOVxb1Qjwty40VLwHi+Od3w==,iv:cBgkFEs/bUBRdQnmxqYiJwqQWMXoJ61lHEnMwkfQ6YQ=,tag:E/Vj1nwF1VrxjSyo55W/Ag==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieFRHNnN3L2FzMGcraHds\ndDFYU2dwUUU1OVh3WnhtWWk5QlZJNmFLd1Q4CkVaNTYreVRGOXdLWitSc2pleDly\nQjRBbERydFFZbkRpekN5T2xCM2x0bkEKLS0tIFhvNnc5M2x0Q2FvUkRXUVNHOXR5\ncThGazRYaHhrdjlCSFE3TWJ6L09jR2cK50dHVdb6XAsgB9WGlfnbIeYluFNFcfSb\n1m+ElNfsE9VOdEzeEI8sNHvfNtleEv0i1CwdRA48mmMc1LetiDgV+g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhOStKYTkvYTFZWkFJZk9F\nbW55RTZLWHJXK1lwSE9OSERrdlRQZWdzbDFzCjcycDdsaVNtVTlPYkh5QVZScExl\nbjNzaVRHaVdlU0dHOTRxS1VvSkRjS1kKLS0tIE1zZkJ2K2FxZFpmeEVxdGVkSXEv\nSklmYmJ0TWx6K0FGc2FqejRQQjNmM1UKwInOj1HG+4zKMkocVI7japkdc1FHNORF\nAMfAlEaB36alown3NmxBVD7zZexEU6Stsvv9eKE6clX/vj7Ny+dKgA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTby9zMm5UTmpGS0JMNlNj\nYVlES0RpVWxsV1ZQZm5NTHZzV0pzdjZFS3o4CkRLWVJGU2g5WjN0eWdDMTIvTzE5\naDJnNjJNNitIaDZaaURxVnhacldtODAKLS0tIDNnRWhlN3ZJNklWUVFkOXdCVjVl\nRkdLcTVsb09oemhxWWZEWENsTlFZM00KQRYOR6rD7pOFSWl9KfNRxbWPVwLnMMXW\nLYRReL1xvK+UdYpae/rKbmExoo94W6IZSxoxeB2BFR9Bna5obbFNjA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQU2k1WkRVZW1paS9id0hw\ncXhucTlCeThjYm5Fb3A1RnNzREN4eFA5OGh3Cmg2Ym9nOEF3Y0FGYVlra0RuTXh3\nZFVKUnVlSEZGaXlMdVJuZno5K3RTL00KLS0tIHNDV3FJOVhybWpGZ1h3TTZDWGtj\nNEhQQ1A0SGFYNnVzQUhFa25tOW82NWcKTX/QwhOVAWL9tgfzopMAdWuBmzCni1mg\nTfI9R6ZP6gdBESUk7+kLc8uiEJIxuiWCivp9gWr7Xletbm00Pnkglg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVjN6Q2gvNVFwQ3hjOElE\ndXVUVDdQQWNCdTB0Y1VuVnlsNjg3UlhyMWdRCmpEQ3pZUyswditHd2s2dUlMRmFa\nY3lFc0FwdzNrZzdyZ2hOYzJXdWVXUUUKLS0tIHV4dWcyb0dnWVJnY1pudUxUK1Y0\nbWVhRzdLMjNpc2xxaWQ5U2x0SVdHck0K2gB1itweNVt0kKZj2gO+ek7hlJoxfkoY\ndMCEH+kWxhtXuXHznCZb+Itrm7vGgqWQdXlqilMEYuhLbPHvs5jXMw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNVhjK3hWSVNnb1Y5SUFy\nRWt6TDByWFphNnhNbThubnpIaHc0RERpTlhFCk5reUIzanIvVUxuSEg3RWhZNTBL\nUlNMc2hvejZSUUtXZFFDQ0M0QzBiTjQKLS0tIHhtUjd6ZUVpM2JXaXdsejU3bmFE\nQklLL0NwNjFzOGpGUHoxd2drNUVyTnMKGOEhPALGhyvDBPpuib1R425JBih3cBzs\nofk+eL5cRTwfLe7a/kOeNudNtamKLR8IEfJKgokjtBEaYBNo1P+Vuw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOVVwZUM5ODNsNFFzOWdo\nS2RiejlsQVVrSmJ2SVFGbklsSUpCckVnSlZ3CjlmSTJZaE9pMlRiamNtUmxyK3Na\nMFljczFnNktCaUs0eC90M0c1akNxdWcKLS0tIDFoRlNyZVo2R243WGNHR3B3cDI5\nRHZYK2lBM1ZLZWFWM3hzdnR2cTM4aTgK67Ik3qwQEuOuL60BRRGmpmVgdIv/Bavi\njeC4BTwBanXxbhZodFfdtHmgxkqE3w2Eu5ojwFje+obUagj8B3PmNA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcndDbG03cW0ycTlNeFBT\nbEhxcWVDb2N0MkwxNlN5Tjk0T2NTaEw3bFdFCmJYZnZXZ2xYblBtTi9MWEN5amVa\neDFEN01sTHgxLzNrcVB5OC9TU0ViYUEKLS0tIG8rQ21kU0xlcUEvZkVObFJhRUdp\nNG1EYXBZNVpKUGUxK2xXdFpieVBNZ3MK+bGQrmaY1bE23iuKu1UPoChOOnuSBl9d\ncQlr+Wh4CoKp8YTnTTkFAVrWoXcM0eAVapR7f89GqO2vgefo6bnFHg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-02-27T01:05:22Z",
"mac": "ENC[AES256_GCM,data:QWj5rcyT9xBLdVCkf1mo0lnpeNR3o+HK6MP1n/XWwSWzMM794+byWDWEfjJIq5EuNL3YirbB5ANrGjdWTzL3UU1WsW3kr0pan2dSrBs9wR4d9RNS1TcFXvxhC0WEEVP1n3wwfOb/TKd9irpv8n2M973atQKJXSTecqOFgDxDa0M=,iv:TcjQuwW9SZlMbHtEj2O+76qnvPsvhrJ3mNmsobEA6rU=,tag:GeVf5bPecUNn8TQ1C12aFA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View File

@@ -0,0 +1,48 @@
{
"data": "ENC[AES256_GCM,data:YQ3g+zqZoOv6+cjsxahFLlzzJsyNmIzOf0UW/V5Q8WJ5BlfJem/u9SJd9HbYfAZuTGkSzRVTvC3woivV0WOCf+EZ1SPSOLwCFtNKh0kgIsSbZRHJqfMQPzZkd93tAARXj7Gtgi2yGGvIhW9MTDvUDDW1umho46fP61f9JRPflAXRu9JwEDpwVIIkAqk4Jdq3G3wnrkjK7fNQkpULAYqDJzH7IeUUNFbt1/tsI8uj1bzpYzjLkZ9r8grgSO7mpt2h4vPdGrd+XVRT0WG/MLZnukN9rXDfHkrqFtn4XBkp+biQj4RFflNr9/FyZUEqb5wvB5pMMatRdv+PUdgtuSQubfKPHdYXic0Bi+Lgm3gA8FlYnel6dP5I8DXgo4Jupyhw/KMTySn3nhHrhFieSmTItZZ1KKtaQxFGNdnYVcCJCUkwKNM6M5nX+LryxD9MkAn+L2o11QYW6q9HhxO+hXi0IWfq9aRRtU/mw2Og7nA9oesoJqmid7zXVsErsRhnFlEHt7Z6qCbnhcC9lyT/KhK4E0+sJpeukyDVmNAb31040zIKEOQMFyMHw1nRFHxth4Kw2AGIRA/UiB1JxR/QW+1tZSB8MPS6GtklXE6GAlphAnssrkIc+5L+bWJTOwSYsw6T6SYCMO5I/0OEgZTys6/dYVLSl6GVmYb5Ck8GEzOx7W1fnFQt7KepZUTGstMQ0CsI1zktmXzJel1C+MBga7IC6+P8mB42GZv1mBRiEGs8fjo3HqaoF3omC/7FUrc6UlQnExMEXqgm7jbENL5mfk04zS1YzbMHR6JZapVSD8ykHMkGSYbpqhzgcam0c6aQLD7mGcMZ4L+2FZtgnSPmmfjKxlZJIQE66NWq586N7e+7SWSi9rqEstXGhAahM1RWIog4EW3npOUmNBbz152QaYZeNNTYE+L/9n+oVeWT0evlHxiCpATxgo+DoR6z66U5QYN5EFXcsR/I1s2UUc8xTwwjgEfXkM/IEZUkEHH/kZNJPdmqtpA=,iv:HYjtUSGs1JgxE8HzZ+xYUZoPYanOC6HAVlIdJR8O77o=,tag:teJOFIMtHLs9yzDQIPV0oA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Wmx4QUZSZVFYM1NjRGxO\nRzhmSGV1RTViTjljM0kyaitsV05Jc1dQcXpNCjdFR1FWTFY0L1NkclVJQ2t2bk1P\nNk1WeDA4TE9Zcjc2MkNTeDltQk5TSW8KLS0tIGIvcmNVdDN6eldMamxrWUJ0ekZF\nWlcyN0haZFpmQVcyWS9vOFBHVmFiamMKwROo4FD5Y6TiSDK8byxAq4T9Rtvy1Dr+\nExZFzLeJxXBukLJgzxV8UpBNbcGejetyOZiH+GPwdwO4QKlMGiCsog==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYzhiZjFVWEZidGJpRkpl\nOSszdUNiWDlIMVVTaGFVdi9oZjFoYVhwOFM0CjFNR0ZadExxZDBnOEU1eEJXaHda\nK0NyWmhHZzdSOHFHbEYrQnhwMTcxdVUKLS0tIGd0WjFOczRCSkpkZFpOSDdlTFhG\nQUFQMlRDa1YwM0F0N2U2ZFdxa3YrMFEKXNdULEzPEh3Wk+PxgRt0fypVNAaa682u\nMZBfQbNnAOVU5xlM66+YGWXY/ENWwr3nEauNKq7pWLZqQOCA9RnvvQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TFcvWll5RGZDeU5RYnpS\nb1hHcG4vbzBxL3RiRjl2eUhGbHFjSTJYZ0hBCkhyQUtacktuR0ZZNkM3cEdyMTd1\nVnpMZlNPL1NzcUZzWnd0VC9veW1jL0UKLS0tIHdQalI4N3ZRVFdsMEtCUllBREZG\nUmdQYVVqUGZ0QXJKODFvblgvYnRnZTgKKMmEswejP1HdEtg9hK10pRlt89Iz2iF8\npcZTBFjMnahLvxI4M8HCF7ESxI46jebyna43ZzELQQLPGLuZG0n3Bg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScXJpV2NkMFhJaDNGVHRZ\nVlRCZVkzSWFyTFRCUktYNFNYekwrNkpITUMwCkZlZm14Q2dZVGlFd2VZZWpmSFU4\nelhNVmE1b015YWYzcGRRa2VMS1ErMDQKLS0tIHFxaEJ4M3cxSHlNV2ppaFUzcTlk\nZWVuN085TnRES0ZGZko3Ym9vOXRhSEEKU8YZFKtDzokS1OXlqA3vBe2C5N7Em+Oq\nDh5N+2qrvqKUzT/YVg9j/YIPswrn2WMJ2xgMgT5VVK+2kn38fk4n4A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWWFFZGVPTEVlc1hvQ3Qy\nUTNrc1Y0ek9ONlQ0RzlkbTNWangrdnFVZ0hNCkovNCtkaG9JUlpnRFJBMFE0Nmkz\nNXByUjlLRUd6RUV1OU53UjBEZnNjTUUKLS0tIDd4S3VrVDkvanlzZStkYllQT3NN\nYWxyYW1pVmt3djIyWVhtdEZCVlducmMKI94q+UTXpUGa/up0lVbWqmBYcPpuoLZD\neW2KbX2MTzotJVXlJyckYvaylEyyN1pKO37OViPnzik2cJYCyD8QSQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhN2ZkbzB1K0g4V0NPQ21x\nckQ3MFVwZzBwNDMzVk9mb0YvVmJxYm5hTTB3CkgzWTR1dUkrdkFKeDBjNWpCcnl2\nY2lCU0dPcUh1VXdWbExST29nRFFQcHMKLS0tIEFucEpGc2s4VGhGYWlQQW9Kd1pt\nTGY5YURVa1NYUit1UHpPVm4zTHNTVVUKTyKPabMpXBkiV9MSfoJr41DfJjzW6FVP\nHWVfUwoVeKEYVJEPYIcso4kywroBWJ5tBpeOdsbth9en3TOHHlBXCQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvN2dvUDRXUWc2eVVoQ2xK\ndXc2anJZVjhobjJrODVlbXNuZjNhZ2lpNERnCkN6V0Y2QmlGNHVJM3JoQ3hwbHJo\nTncrVVN3R0wvQVAzb293WFpCV29BNUEKLS0tIFdhV3RSbkZQVVBxVWpuYzk4bzZt\nekhxSEFFMHRBZWZaOWxUVnFUbkluUFUK53HBDttykEO7lB/86d/ey4I4AZsLrvLm\n7J/rItqQeNJ1qYp/J3HSilbDZmQBI8jM95SP75tUPsmWndK1i9gHlA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNXB2dkJoMzlJRlJxbGRS\nNTl2YmRUb3YxdEcwRnhuT1RHMTJMNm1MQUZjCkMrNGEzV05sdWc1OUROU2V2UVlJ\nSGl1bGxNSzBZalRZd0YyMElEbGlXZWsKLS0tIFRVQmpqRGNmTW9YaTN2Y0JtNHp6\nbkw0dTlmNVFwQkl6Q1ZIcUNxTGp2TzAKaZawNzF3mYl/m0X/IbfWL8WhLllF6fkT\nl5BQg3uMLC4pTnRcZHmBLrzRHhoOy9qLLkiimkQaseUhI+hAUt9bAQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-03-03T08:41:07Z",
"mac": "ENC[AES256_GCM,data:cxu1p3O0CLiIrqD7HrFUiDPrbF7N3puR3C6VKLfmWa0liHIrkwylOHhyP2WYL1GnbXrMdSZEZ9W487yqsFMiVLyVYmvrg6/TB0I936+PdPgb3miBlb1aE+g23FHQNbpTthbdLJow2tbw1n152ZwtjHPZ+swQhoexeZrpNJipBZ4=,iv:/uua9R2uXvJISgETRBaAREFW3+DsAi+dN4DoMMYHKi8=,tag:wUITr1eIhndhK6EVEyOmog==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}