From 218ac55d86ee49d151c0ba2dfbca6da104c66703 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 25 Aug 2025 14:19:52 +0200 Subject: ... --- accounts/gkleen@sif/utils/pdf2pdf.nix | 2 +- flake.lock | 66 +++++++++++++-------------- hosts/sif/default.nix | 17 ++----- hosts/surtr/default.nix | 2 +- hosts/surtr/tls/default.nix | 2 +- modules/impermanence-timezone.nix | 41 +++++++++++++++++ modules/impermanence.nix | 6 +++ overlays/worktime/worktime/__main__.py | 10 ++-- overlays/yt-dlp.nix | 2 + system-profiles/bcachefs.nix | 10 ++++ system-profiles/initrd-all-crypto-modules.nix | 2 +- 11 files changed, 103 insertions(+), 57 deletions(-) create mode 100644 modules/impermanence-timezone.nix create mode 100644 modules/impermanence.nix diff --git a/accounts/gkleen@sif/utils/pdf2pdf.nix b/accounts/gkleen@sif/utils/pdf2pdf.nix index 5e9fb215..9f4cbc3e 100644 --- a/accounts/gkleen@sif/utils/pdf2pdf.nix +++ b/accounts/gkleen@sif/utils/pdf2pdf.nix @@ -4,5 +4,5 @@ resholve.writeScriptBin "pdf2pdf" { inputs = with pkgs; [ghostscript_headless]; interpreter = lib.getExe zsh; } '' - exec gs -dPDFSETTINGS=/prepress -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dSAFER "-sOutputFile=''${2}" "''${1}" + exec gs -dPDFSETTINGS=/prepress -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dSAFER -dPreserveAnnots=false "-sOutputFile=''${2}" "''${1}" '' diff --git a/flake.lock b/flake.lock index 14568259..6046d92f 100644 --- a/flake.lock +++ b/flake.lock @@ -507,11 +507,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1754797984, - "narHash": "sha256-t2WFkdB2qUyZt5rdqmJ340kqhvQWWOCJBJIc1nQ/Hg4=", + "lastModified": 1755424351, + "narHash": "sha256-xcorYLNdtLpb0wH5CPlUcpmYQUxeK95j1X855xQw+DY=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "647a310f1eaa59abec8aa215ff69d8979195425e", + "rev": "9aa137af01f05386e5bb5050e983750017007a66", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1754742008, - "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", + "lastModified": 1755419373, + "narHash": "sha256-EFH3zbpyLYjEboNV2Lmkxf9joEuFCmeYX+MMLRPStpg=", "owner": "YaLTeR", "repo": "niri", - "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", + "rev": "a6febb86aa5af0df7bf2792ca027ef95a503d599", "type": "github" }, "original": { @@ -582,11 +582,11 @@ ] }, "locked": { - "lastModified": 1754800038, - "narHash": "sha256-UbLO8/0pVBXLJuyRizYOJigtzQAj8Z2bTnbKSec/wN0=", + "lastModified": 1755404379, + "narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "b65f8d80656f9fcbd1fecc4b7f0730f468333142", + "rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754564048, - "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -780,11 +780,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1754689972, - "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "lastModified": 1755274400, + "narHash": "sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "rev": "ad7196ae55c295f53a7d1ec39e4a06d922f3b899", "type": "github" }, "original": { @@ -828,11 +828,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -1073,11 +1073,11 @@ ] }, "locked": { - "lastModified": 1753063383, - "narHash": "sha256-H+gLv6424OjJSD+l1OU1ejxkN/v0U+yaoQdh2huCXYI=", + "lastModified": 1755484659, + "narHash": "sha256-2FfbqsaHVQd12XFFUAinIMAuGO3853LONmva1gT3vKw=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "45888b7fd4bf36c57acc55f07917bdf49ec89ec9", + "rev": "9778e87c2361810ff15e287ca5895c9da4a0e900", "type": "github" }, "original": { @@ -1093,11 +1093,11 @@ ] }, "locked": { - "lastModified": 1754287816, - "narHash": "sha256-kDt0HB89oWTlTQMnTwDxx3BlRHK1AdAJ1kMcVYGuccs=", + "lastModified": 1754923840, + "narHash": "sha256-QSKpYg+Ts9HYF155ltlj40iBex39c05cpOF8gjoE2EM=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "efe944d0902f406c28b4e8662312292a37e4de87", + "rev": "023cd4be230eacae52635be09eef100c37ef78da", "type": "github" }, "original": { @@ -1165,11 +1165,11 @@ ] }, "locked": { - "lastModified": 1754328224, - "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1754719699, - "narHash": "sha256-Ek6WILkhVMDWm9j0L23gxHhDt62z1+A68D+pPt0ghao=", + "lastModified": 1755485731, + "narHash": "sha256-k8kxwVs8Oze6q/jAaRa3RvZbb50I/K0b5uptlsh0HXI=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "38ead6a16ba1be029dd40fe17fc064d6934847d2", + "rev": "bebbd80bf56110fcd20b425589814af28f1939eb", "type": "github" }, "original": { @@ -1297,11 +1297,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1754533920, - "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", + "lastModified": 1755219541, + "narHash": "sha256-yKV6xHaPbEbh5RPxAJnb9yTs1wypr7do86hFFGQm1w8=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", + "rev": "5a184d435927c3423f0ad189ea2b490578450fb7", "type": "github" }, "original": { diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b436542f..ed85ca17 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -15,7 +15,6 @@ in { ./email ./libvirt ./greetd tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager lanzaboote flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1 - flakeInputs.impermanence.nixosModules.impermanence flakeInputs.nixVirt.nixosModules.default ]; @@ -63,14 +62,14 @@ in { kernelPatches = [ { name = "edac-config"; patch = null; - extraStructuredConfig = with lib.kernel; { + structuredExtraConfig = with lib.kernel; { EDAC = yes; EDAC_IE31200 = yes; }; } { name = "zswap-default"; patch = null; - extraStructuredConfig = with lib.kernel; { + structuredExtraConfig = with lib.kernel; { ZSWAP_DEFAULT_ON = yes; ZSWAP_SHRINKER_DEFAULT_ON = yes; }; @@ -682,19 +681,9 @@ in { ]; files = [ ]; + timezone = true; }; - systemd.services.timezone = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/cp -vP /.bcachefs/etc/localtime /etc/localtime"; - ExecStop = "${pkgs.coreutils}/bin/cp -vP /etc/localtime /.bcachefs/etc/localtime"; - }; - }; - services.tzupdate.enable = true; - security.pam.services.gtklock = {}; home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ]; diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 63beece3..1c66df2b 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix @@ -30,7 +30,7 @@ with lib; kernelPatches = [ { name = "zswap-default"; patch = null; - extraStructuredConfig = with lib.kernel; { + structuredExtraConfig = with lib.kernel; { ZSWAP_DEFAULT_ON = yes; ZSWAP_SHRINKER_DEFAULT_ON = yes; }; diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index b1c05888..b25bd2ea 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix @@ -41,7 +41,7 @@ in { acceptTerms = true; # DNS challenge is slow - preliminarySelfsigned = true; + # preliminarySelfsigned = true; defaults = { email = "phikeebaogobaegh@141.li"; # We don't like NIST curves and Let's Encrypt doesn't support diff --git a/modules/impermanence-timezone.nix b/modules/impermanence-timezone.nix new file mode 100644 index 00000000..a1edbfa5 --- /dev/null +++ b/modules/impermanence-timezone.nix @@ -0,0 +1,41 @@ +{ config, lib, utils, pkgs, ... }: + +{ + options = { + environment.persistence = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options = { + timezone = lib.mkEnableOption "storing system timezone"; + }; + }); + }; + }; + + config = { + systemd = lib.mkMerge (lib.mapAttrsToList (name: cfg: lib.mkIf cfg.timezone { + services = { + "timezone@${utils.escapeSystemdPath name}" = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/cp -vP ${utils.escapeSystemdExecArg "${name}/etc/localtime"} /etc/localtime"; + ExecStop = "${pkgs.coreutils}/bin/cp -vP /etc/localtime ${utils.escapeSystemdExecArg "${name}/etc/localtime"}"; + }; + }; + "etc-localtime@${utils.escapeSystemdPath name}" = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.coreutils}/bin/cp -vP /etc/localtime ${utils.escapeSystemdExecArg "${name}/etc/localtime"}"; + }; + }; + }; + paths."etc-localtime@${utils.escapeSystemdPath name}" = { + wantedBy = [ "timezone@${utils.escapeSystemdPath name}.service" ]; + after = [ "timezone@${utils.escapeSystemdPath name}.service" ]; + + pathConfig.PathChanged = "/etc/localtime"; + }; + }) config.environment.persistence); + }; +} diff --git a/modules/impermanence.nix b/modules/impermanence.nix new file mode 100644 index 00000000..621576a3 --- /dev/null +++ b/modules/impermanence.nix @@ -0,0 +1,6 @@ +{ flakeInputs, ... }: +{ + imports = [ + flakeInputs.impermanence.nixosModules.impermanence + ]; +} diff --git a/overlays/worktime/worktime/__main__.py b/overlays/worktime/worktime/__main__.py index 3e7aeb9f..016690f0 100755 --- a/overlays/worktime/worktime/__main__.py +++ b/overlays/worktime/worktime/__main__.py @@ -375,10 +375,7 @@ class Worktime(object): parse_datestr(stripped_line) for day in [fromDay + timedelta(days = x) for x in range(0, (toDay - fromDay).days + 1)]: - # if self.end_date.date() < day or day < self.start_date.date(): - # continue - - if self.would_be_workday(day): + if self.would_be_workday(day) and self.start_date.date() <= day and day <= self.end_date.date(): if excused_kind == 'leave': self.leave_days.add(day) elif time is not None and time >= self.time_per_day(day): @@ -444,8 +441,9 @@ class Worktime(object): if e.errno != 2: raise e - for year in range(self.end_date.year + 1, max(self.pull_forward.keys()).year + 1): - holidays |= {k: v * timedelta(hours = hours_per_week(k)) / len(self.workdays) for k, v in Worktime.holidays(year).items()} + if self.pull_forward: + for year in range(self.end_date.year + 1, max(self.pull_forward.keys()).year + 1): + holidays |= {k: v * timedelta(hours = hours_per_week(k)) / len(self.workdays) for k, v in Worktime.holidays(year).items()} self.days_to_work = dict() diff --git a/overlays/yt-dlp.nix b/overlays/yt-dlp.nix index 94ab1fdd..9a54a32b 100644 --- a/overlays/yt-dlp.nix +++ b/overlays/yt-dlp.nix @@ -1,5 +1,7 @@ { prev, sources, ... }: { yt-dlp = prev.yt-dlp.overrideAttrs (oldAttrs: { inherit (sources.yt-dlp) pname version src; + + postPatch = ""; }); } diff --git a/system-profiles/bcachefs.nix b/system-profiles/bcachefs.nix index 6090c56d..be12bf20 100644 --- a/system-profiles/bcachefs.nix +++ b/system-profiles/bcachefs.nix @@ -2,5 +2,15 @@ config = { boot.supportedFilesystems.bcachefs = true; environment.systemPackages = with pkgs; [ bcachefs-tools ]; + + boot.kernelPatches = [ + { + name = "bcachefs-casefold-fix"; + patch = null; + structuredExtraConfig = with lib.kernel; { + UNICODE = lib.mkOverride 90 no; + }; + } + ]; }; } diff --git a/system-profiles/initrd-all-crypto-modules.nix b/system-profiles/initrd-all-crypto-modules.nix index 45cd4b74..da6c781e 100644 --- a/system-profiles/initrd-all-crypto-modules.nix +++ b/system-profiles/initrd-all-crypto-modules.nix @@ -18,7 +18,7 @@ in { { name = "encrypted_key"; patch = null; - extraStructuredConfig.ENCRYPTED_KEYS = lib.kernel.yes; + structuredExtraConfig.ENCRYPTED_KEYS = lib.kernel.yes; } ]; } -- cgit v1.2.3