disable a bunch of moby package to speed up the build

hosts/by-name/moby/default.nix

@@ -6,6 +6,8 @@
     ./kernel.nix
   ];
 
+  sane.web-browser.enable = lib.mkForce false;  # TODO: re-enable after i can cross compile it
+
   sane.roles.client = true;
   sane.services.wg-home.enable = true;
   sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;

hosts/by-name/servo/services/postfix.nix

@@ -1,6 +1,3 @@
-# DOCS:
-# - dovecot config: <https://doc.dovecot.org/configuration_manual/>
-
 { config, lib, ... }:
 
 let
@@ -146,25 +143,6 @@ in
 
   # inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
   services.dovecot2.enable = true;
-  services.dovecot2.mailboxes = {
-    # special-purpose mailboxes: "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash"
-    # RFC6154 describes these special mailboxes: https://www.ietf.org/rfc/rfc6154.html
-    # how these boxes are treated is 100% up to the client and server to decide.
-    # client behavior:
-    # iOS
-    #   - Drafts: ?
-    #   - Sent: works
-    #   - Trash: works
-    # aerc
-    #   - Drafts: works
-    #   - Sent: works
-    #   - Trash: no; deleted messages are actually deleted
-    #       use `:move trash` instead
-    # Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side.
-    Drafts = { specialUse = "Drafts"; auto = "create"; };
-    Sent = { specialUse = "Sent"; auto = "create"; };
-    Trash = { specialUse = "Trash"; auto = "create"; };
-  };
   services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
   services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
   services.dovecot2.enablePAM = false;

hosts/common/default.nix

@@ -11,7 +11,6 @@
     ./machine-id.nix
     ./net.nix
     ./persist.nix
-    ./programs.nix
     ./secrets.nix
     ./ssh.nix
     ./users.nix

hosts/common/home/firefox.nix

@@ -103,6 +103,10 @@ let
 in
 {
   options = {
+    sane.web-browser.enable = mkOption {
+      default = config.sane.gui.enable;
+      type = types.bool;
+    };
     sane.web-browser.browser = mkOption {
       default = defaultSettings;
       type = types.attrs;
@@ -145,7 +149,7 @@ in
     };
   };
 
-  config = {
+  config = mkIf cfg.enable {
 
     # uBlock filter list configuration.
     # specifically, enable the GDPR cookie prompt blocker.

hosts/common/programs.nix

@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-{
-  sane.programs = {
-    btrfs-progs.enableFor.system = true;
-    # "cacert.unbundled".enableFor.system = true;
-    cryptsetup.enableFor.system = true;
-    dig = {
-      enableFor.system = true;
-      suggestedPrograms = [ "efibootmgr" ];
-    };
-    efibootmgr = {};
-    fatresize = {};
-
-    backblaze-b2.enableFor.user.colin = true;
-    cdrtools = {
-      enableFor.user.colin = true;
-      suggestedPrograms = [ "dmidecode" ];
-    };
-    dmidecode = {};
-  };
-}

modules/default.nix

@@ -6,7 +6,6 @@
     ./fs
     ./ids.nix
     ./packages.nix
-    ./programs.nix
     ./image.nix
     ./persist
     ./services

modules/packages.nix

@@ -25,7 +25,6 @@ let
     ifuse
     imagemagick
     ipfs
-    kitty  # TODO: move to GUI, but `ssh servo` from kitty sets `TERM=xterm-kitty` in the remove and breaks things
     libimobiledevice
     libsecret  # for managing user keyrings
     lm_sensors  # for sensors-detect
@@ -47,7 +46,6 @@ let
     sequoia
     snapper
     sops
-    sox
     speedtest-cli
     sqlite  # to debug sqlite3 databases
     ssh-to-age
@@ -63,26 +61,26 @@ let
 
   guiPkgs = [
     # GUI only
-    aerc  # email client
-    audacity
-    celluloid  # mpv frontend
-    chromium
-    clinfo
-    { pkg = dino; private = [ ".local/share/dino" ]; }
-    electrum
+    # aerc  # email client
+    # audacity
+    # celluloid  # mpv frontend
+    # chromium
+    # clinfo
+    # { pkg = dino; private = [ ".local/share/dino" ]; }
+    # electrum
 
     # creds/session keys, etc
-    { pkg = element-desktop; private = [ ".config/Element" ]; }
+    # { pkg = element-desktop; private = [ ".config/Element" ]; }
     # `emote` will show a first-run dialog based on what's in this directory.
     # mostly, it just keeps a LRU of previously-used emotes to optimize display order.
     # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience.
-    { pkg = emote; dir = [ ".local/share/Emote" ]; }
-    evince  # works on phosh
+    # { pkg = emote; dir = [ ".local/share/Emote" ]; }
+    # evince  # works on phosh
 
     # { pkg = fluffychat-moby; dir = [ ".local/share/chat.fluffy.fluffychat" ]; }  # TODO: ship normal fluffychat on non-moby?
 
-    foliate  # e-book reader
-    font-manager
+    # foliate
+    # font-manager
 
     # XXX by default fractal stores its state in ~/.local/share/<UUID>.
     # after logging in, manually change ~/.local/share/keyrings/... to point it to some predictable subdir.
@@ -90,39 +88,40 @@ let
     # { pkg = fractal-latest; private = [ ".local/share/fractal" ]; }
     # { pkg = fractal-next; private = [ ".local/share/fractal" ]; }
 
-    gajim  # XMPP client
-    gimp  # broken on phosh
-    gnome.cheese
-    gnome.dconf-editor
-    gnome-feeds  # RSS reader (with claimed mobile support)
-    gnome.file-roller
-    gnome.gnome-disk-utility
-    gnome.gnome-maps  # works on phosh
+    # gajim  # XMPP client
+    # gimp  # broken on phosh
+    # gnome.cheese
+    # gnome.dconf-editor
+    # gnome-feeds  # RSS reader (with claimed mobile support)
+    # gnome.file-roller
+    # gnome.gnome-disk-utility
+    # gnome.gnome-maps  # works on phosh
     gnome.nautilus
     # gnome-podcasts
-    gnome.gnome-system-monitor
+    # gnome.gnome-system-monitor
     gnome.gnome-terminal  # works on phosh
-    gnome.gnome-weather
+    # gnome.gnome-weather
 
     # XXX: we preserve the whole thing because if we only preserve gPodder/Downloads
     #   then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir.
     { pkg = gpodder-configured; dir = [ "gPodder" ]; }
 
     gthumb
-    inkscape
+    # inkscape
 
-    kdenlive
-    kid3  # audio tagging
-    krita
-    libreoffice-fresh  # XXX colin: maybe don't want this on mobile
-    lollypop
+    # kdenlive
+    # kid3  # audio tagging
+    kitty
+    # krita
+    # libreoffice-fresh  # XXX colin: maybe don't want this on mobile
+    # lollypop
 
-    { pkg = mpv; dir = [ ".config/mpv/watch_later" ]; }
+    # { pkg = mpv; dir = [ ".config/mpv/watch_later" ]; }
 
     networkmanagerapplet
 
     # not strictly necessary, but allows caching articles; offline use, etc.
-    { pkg = newsflash; dir = [ ".local/share/news-flash" ]; }
+    # { pkg = newsflash; dir = [ ".local/share/news-flash" ]; }
 
     { pkg = nheko; private = [
       ".config/nheko"  # config file (including client token)
@@ -131,30 +130,30 @@ let
     ]; }
 
     # settings (electron app)
-    { pkg = obsidian; dir = [ ".config/obsidian" ]; }
+    # { pkg = obsidian; dir = [ ".config/obsidian" ]; }
 
-    pavucontrol
-    # picard  # music tagging
-    playerctl
+    # pavucontrol
+    # # picard  # music tagging
+    # playerctl
 
-    libsForQt5.plasmatube  # Youtube player
+    # libsForQt5.plasmatube  # Youtube player
 
-    soundconverter
+    # soundconverter
     # sublime music persists any downloaded albums here.
     # it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking
     # config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json
     #   possible to pass config as a CLI arg (sublime-music -c config.json)
     # { pkg = sublime-music; dir = [ ".local/share/sublime-music" ]; }
     { pkg = sublime-music-mobile; dir = [ ".local/share/sublime-music" ]; }
-    { pkg = tdesktop; private = [ ".local/share/TelegramDesktop" ]; }  # broken on phosh
+    # { pkg = tdesktop; private = [ ".local/share/TelegramDesktop" ]; }  # broken on phosh
 
-    { pkg = tokodon; private = [ ".cache/KDE/tokodon" ]; }
+    # { pkg = tokodon; private = [ ".cache/KDE/tokodon" ]; }
 
     # vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
     { pkg = vlc; dir = [ ".config/vlc" ]; }
 
     # pleroma client (Electron). input is broken on phosh.
-    { pkg = whalebird; private = [ ".config/Whalebird" ]; }
+    # { pkg = whalebird; private = [ ".config/Whalebird" ]; }
 
     xdg-utils  # for xdg-open
     xterm  # broken on phosh

modules/programs.nix

@@ -1,131 +0,0 @@
-{ config, lib, pkgs, sane-lib, ... }:
-let
-  inherit (builtins) any elem map;
-  inherit (lib) filterAttrs mapAttrs mapAttrsToList mkDefault mkIf mkMerge mkOption optionalAttrs types;
-  inherit (sane-lib) joinAttrsets;
-  cfg = config.sane.programs;
-  pkgSpec = types.submodule ({ name, ... }: {
-    options = {
-      package = mkOption {
-        type = types.package;
-      };
-      enableFor.system = mkOption {
-        type = types.bool;
-        default = any (en: en) (
-          mapAttrsToList
-            (otherName: otherPkg:
-              otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested && otherPkg.enableFor.system
-            )
-            cfg
-        );
-        description = ''
-          place this program on the system PATH
-        '';
-      };
-      enableFor.user = mkOption {
-        type = types.attrsOf types.bool;
-        # default = mkMerge (mapAttrsToList (_otherName: otherPkg:
-        #   optionalAttrs
-        #     (otherPkg.enableSuggested && elem name otherPkg.suggestedPrograms)
-        #     otherPkg.enableFor.user
-        # ) cfg);
-        default = joinAttrsets (mapAttrsToList (otherName: otherPkg:
-           optionalAttrs
-             (otherName != name && elem name otherPkg.suggestedPrograms && otherPkg.enableSuggested)
-             (filterAttrs (user: en: en) otherPkg.enableFor.user)
-        ) cfg);
-        description = ''
-          place this program on the PATH for some specified user(s).
-        '';
-      };
-      suggestedPrograms = mkOption {
-        type = types.listOf types.str;
-        default = [];
-        description = ''
-          list of other programs a user may want to enable alongside this one.
-          for example, the gnome desktop environment would suggest things like its settings app.
-        '';
-      };
-      enableSuggested = mkOption {
-        type = types.bool;
-        default = true;
-      };
-      dir = mkOption {
-        type = types.listOf types.str;
-        default = [];
-        description = "list of home-relative paths to persist for this package";
-      };
-      private = mkOption {
-        type = types.listOf types.str;
-        default = [];
-        description = "list of home-relative paths to persist (in encrypted format) for this package";
-      };
-    };
-
-    config = {
-      # package can be inferred by the attr name, allowing shorthand like
-      # sane.packages.nano.enable = true;
-      package = mkIf (pkgs ? "${name}") (mkDefault pkgs."${name}");
-
-      # enableFor = mkIf (name == "btrfs-progs") (mkDefault cfg.cryptsetup.enableFor);
-
-      # enable this package if it's in the `suggestedPrograms` of any other enabled program
-      # enableFor = mkMerge (mapAttrsToList (_otherName: otherPkg:
-      #   optionalAttrs
-      #     (otherPkg.enableSuggested && elem name otherPkg.suggestedPrograms)
-      #     (mkDefault otherPkg.enableFor)
-      # ) cfg);
-    };
-
-  });
-  toPkgSpec = types.coercedTo types.package (p: { package = p; }) pkgSpec;
-
-  configs = mapAttrsToList (_name: p: {
-    # conditionally add to system PATH
-    environment.systemPackages = mkIf p.enableFor.system [ p.package ];
-    # conditionally add to user(s) PATH
-    users.users = mapAttrs (user: en: optionalAttrs en {
-      packages = [ p.package ];
-    }) p.enableFor.user;
-    # conditionally persist relevant user dirs
-    sane.users = mapAttrs (user: en: optionalAttrs en {
-      persist.plaintext = p.dir;
-      persist.private = p.private;
-    }) p.enableFor.user;
-  }) cfg;
-in
-{
-  options = {
-    sane.programs = mkOption {
-      type = types.attrsOf toPkgSpec;
-      default = {};
-    };
-  };
-
-  config =
-    let
-      take = f: {
-        environment.systemPackages = f.environment.systemPackages;
-        users.users = f.users.users;
-        sane.users = f.sane.users;
-      };
-    in mkMerge [
-      (take (sane-lib.mkTypedMerge take configs))
-      {
-        # sane.programs.cryptsetup.enableFor = mkDefault cfg.btrfs-progs.enableFor;
-        # sane.programs.cryptsetup.enableFor = mkMerge (mapAttrsToList (otherName: otherPkg:
-        #   optionalAttrs
-        #   (otherName != "cryptsetup")
-        #   (mkDefault otherPkg.enableFor)
-        # ) cfg);
-
-        # sane.programs = mapAttrs (myName: _me: optionalAttrs (myName == "btrfs-progs") {
-        #   enableFor = mkMerge (mapAttrsToList (otherName: otherPkg:
-        #     optionalAttrs
-        #     (otherName != "cryptsetup")
-        #     (mkDefault otherPkg.enableFor)
-        #   ) cfg);
-        # }) cfg;
-      }
-    ];
-}

nixpatches/2023-01-30-mesa-cma-leak.patch

@@ -0,0 +1,23 @@
+diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
+index a79c19eb2eb..088e3418b3f 100644
+--- a/pkgs/development/libraries/mesa/default.nix
++++ b/pkgs/development/libraries/mesa/default.nix
+@@ -39,7 +39,7 @@
+ let
+   # Release calendar: https://www.mesa3d.org/release-calendar.html
+   # Release frequency: https://www.mesa3d.org/releasing.html#schedule
+-  version = "22.3.3";
++  version = "22.3.2";
+   branch  = versions.major version;
+ 
+   withLibdrm = lib.meta.availableOn stdenv.hostPlatform libdrm;
+@@ -62,7 +62,7 @@ self = stdenv.mkDerivation {
+       "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
+       "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
+     ];
+-    sha256 = "sha256-vteZeIvyvZ7wedl82OCTSL9TywhoGFeOQHc7KxeBKSI=";
++    sha256 = "c15df758a8795f53e57f2a228eb4593c22b16dffd9b38f83901f76cd9533140b";
+   };
+ 
+   # TODO:
+

nixpatches/flake.lock

@@ -2,16 +2,15 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1673163619,
-        "narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
+        "lastModified": 1675123384,
+        "narHash": "sha256-RpU+kboEWlIYwbRMGIPBIcztH63CvmqWN1B8GpJogd4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
+        "rev": "e0fa1ece2f3929726c9b98c539ad14b63ae8e4fd",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-22.11",
         "type": "indirect"
       }
     },

nixpatches/list.nix

@@ -13,13 +13,6 @@
     hash = "sha256-IvsIcd2wPdz4b/7FMrDrcVlIZjFecCQ9uiL0Umprbx0=";
   })
 
-  # fix libreoffice build by: Revert "mdds: 2.0.3 -> 2.1.0"
-  # merged 2023/01/25
-  (fetchpatch {
-    url = "https://github.com/NixOS/nixpkgs/pull/212583.diff";
-    hash = "sha256-nkXgwQUtxYkJT2OzG6Jc72snizW5wHvR1nmh2KDnaPc=";
-  })
-
   # fix handbrake build by: handbrake: 1.5.1 -> 1.6.1
   # PR opened 2023/01/23
   (fetchpatch {
@@ -34,6 +27,14 @@
   # allows to actually run signald
   ./2023-01-25-signald-update.patch
 
+  # fix for CMA memory leak in mesa: <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198>
+  # only necessary on aarch64.
+  # it's a revert of nixpkgs commit dcf630c172df2a9ecaa47c77f868211e61ae8e52
+  # NB: next nixpkgs update will require changing a line in this patch:
+  # - branch  = versions.major version;
+  # + branch  = lib.versions.major version;
+  ./2023-01-30-mesa-cma-leak.patch
+
   # # kaiteki: init at 2022-09-03
   # vendorHash changes too frequently (might not be reproducible).
   # using local package defn until stabilized

overlays/pins.nix

@@ -9,4 +9,15 @@
   # so just forward the unstable packages.
   inherit (next.stable or prev)
   ;
+
+  # 2023/01/30: one test times out. probably flakey test that only got built because i patched mesa.
+  gjs = prev.gjs.overrideAttrs (_upstream: {
+    doCheck = false;
+  });
+  libadwaita = prev.libadwaita.overrideAttrs (_upstream: {
+    doCheck = false;
+  });
+  libsecret = prev.libsecret.overrideAttrs (_upstream: {
+    doCheck = false;
+  });
 })