updated my ssh_config.nix

.github/workflows/pytest.yml

@@ -1,7 +1,6 @@
 name: pytest
 
 on:
-  workflow_dispatch:
   push:
     branches:
       - main

.github/workflows/update-flake-lock.yml

@@ -8,7 +8,6 @@ jobs:
   lockfile:
     runs-on: self-hosted
     permissions:
-      actions: write
       contents: write
       pull-requests: write
     steps:

common/global/default.nix

@@ -23,10 +23,7 @@
   boot = {
     tmp.useTmpfs = true;
     kernelPackages = lib.mkDefault pkgs.linuxPackages_6_12;
-    zfs = {
+    zfs.package = lib.mkDefault pkgs.zfs_2_4;
-      package = lib.mkDefault pkgs.zfs_2_4;
-      forceImportRoot = lib.mkDefault false;
-    };
   };
 
   hardware.enableRedistributableFirmware = true;

docs/zfs_failed_root_import_recovry.md

@@ -1,76 +0,0 @@
-# ZFS failed root import recovery
-
-## Fast path
-
-If the machine fails to boot because ZFS refuses to import `root_pool`:
-
-### GRUB
-
-1. At the bootloader menu, select the normal NixOS entry.
-2. Press `e`.
-3. Find the line that starts with `linux`.
-4. Append this to the end of that line:
-
-```text
-zfs_force=1
-```
-
-5. Boot once with `Ctrl+x` or `F10`.
-
-### systemd-boot
-
-1. At the bootloader menu, highlight the normal NixOS entry.
-2. Press `e`.
-3. Append this to the end of the options line:
-
-```text
-zfs_force=1
-```
-
-4. Press `Enter` to boot once.
-
-## After boot
-
-Run:
-
-```bash
-sudo zpool status
-sudo zpool import
-journalctl -b | rg "ZFS|zfs|import|root_pool"
-```
-
-## Expected result
-
-`sudo zpool status` should show `root_pool` as `ONLINE`.
-
-## Reboot test
-
-Run:
-
-```bash
-sudo reboot
-```
-
-Do not add `zfs_force=1` the second time.
-
-## If it still fails
-
-Boot once more with:
-
-```text
-zfs_force=1
-```
-
-Then run:
-
-```bash
-sudo zpool status -v
-sudo zpool history | tail -n 50
-journalctl -b | rg "ZFS|zfs|import|root_pool"
-```
-
-## Notes
-
-- Root pool name is `root_pool`.
-- This is a one-time recovery path after disk moves, controller changes, dirty exports, or interrupted imports.
-- Some hosts also need the LUKS unlock USB key inserted before boot.

flake.lock

@@ -8,11 +8,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1780733803,
+        "lastModified": 1780027372,
-        "narHash": "sha256-QBJPq12P1DAXFGezoEJaSO/xPUrPlnaI3ddSaMG2JpM=",
+        "narHash": "sha256-LQ3CUdVZoKQqWzS2eEpY0rp9bJuzqydNFJUiJ6De9r8=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "c80b0aa94392c5f3612ac797108f6d952752036d",
+        "rev": "ef18b76eabdf4f9b2ce8e99e78ce698923693300",
         "type": "gitlab"
       },
       "original": {
@@ -29,11 +29,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780679734,
+        "lastModified": 1780099287,
-        "narHash": "sha256-KmRNvpNOb7QEORa06bVgjW9kITcx0VhsI7w0vhmZyD8=",
+        "narHash": "sha256-efIPwVGtIWIjWcznhaop6XN6HxnOL8800hF6CBNvlqQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b2b7db486e06e098711dc291bb25db82850e1d16",
+        "rev": "7d8127d308c3fb9664f7e643eec944be74ebb37d",
         "type": "github"
       },
       "original": {
@@ -47,11 +47,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1780310866,
+        "lastModified": 1780065812,
-        "narHash": "sha256-fPBRVf6A5xlACYcOI59shGrjURuvwu0lRsDoSCEXt/I=",
+        "narHash": "sha256-SCSLUKBmwlSLGQ8Xbr8PjRFtiHNk0l9ktqkcmqdBkfE=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "4ed851c979641e28597a05086332d75cdc9e395f",
+        "rev": "b76b5639c0593e0aeb0b5879ad62d4b30596c144",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1780798858,
+        "lastModified": 1780101106,
-        "narHash": "sha256-4KLc5ZMjfMQosXA2JasUgZTk3i+c/i1zMH4custtmI0=",
+        "narHash": "sha256-VcvUdRb9rzKBbF6oMaMiAt+6HZQ1gom9b2dUybhVTVY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "92840095e65b9970125843175f4be974b71a92ad",
+        "rev": "26b82d423c4f6fda4a8015182516c938f8104337",
         "type": "github"
       },
       "original": {
@@ -108,11 +108,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1780243769,
+        "lastModified": 1779560665,
-        "narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=",
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "331800de5053fcebacf6813adb5db9c9dca22a0c",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
         "type": "github"
       },
       "original": {
@@ -141,11 +141,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780547341,
+        "lastModified": 1777944972,
-        "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
         "type": "github"
       },
       "original": {

python/gitea.py

@@ -4,12 +4,10 @@ from __future__ import annotations
 
 from dataclasses import dataclass
 from typing import Self
-from urllib.parse import quote
 
 import httpx
 
 DEFAULT_PAGE_SIZE = 100
-EXPECTED_NO_CONTENT = 204
 EXPECTED_CREATED = 201
 EXPECTED_OK = 200
 
@@ -224,16 +222,6 @@ class GiteaClient:
             json=payload,
         )
 
-    def dispatch_workflow(self, *, owner: str, repo: str, workflow_id: str, ref: str) -> None:
-        """Trigger a workflow_dispatch run."""
-        workflow_path = quote(workflow_id, safe="")
-        self._request(
-            "POST",
-            f"/api/v1/repos/{owner}/{repo}/actions/workflows/{workflow_path}/dispatches",
-            expected_statuses={EXPECTED_OK, EXPECTED_NO_CONTENT},
-            json={"ref": ref},
-        )
-
     def list_run_jobs(self, *, owner: str, repo: str, run_id: str | int) -> list[WorkflowJob]:
         """List workflow jobs for a specific run."""
         jobs: list[WorkflowJob] = []

python/gitea_flake_lock.py

@@ -14,7 +14,6 @@ DEFAULT_BASE_BRANCH = "main"
 DEFAULT_BRANCH = "automation/update-flake-lock"
 DEFAULT_GITEA_URL = "https://gitea.tmmworkshop.com"
 PR_LABELS = ["dependencies", "automated", "flake_lock_update"]
-PR_CHECK_WORKFLOWS = ["build_systems.yml", "treefmt.yml", "pytest.yml"]
 PR_TITLE = "Update flake.lock"
 PR_BODY = "Automated flake.lock update."
 
@@ -58,12 +57,6 @@ def find_flake_lock_pull_request(client: GiteaClient, *, owner: str, repo: str)
     return pull_requests[0]
 
 
-def dispatch_pull_request_checks(client: GiteaClient, *, owner: str, repo: str, branch: str) -> None:
-    """Dispatch the workflows that normally run for pull requests."""
-    for workflow in PR_CHECK_WORKFLOWS:
-        client.dispatch_workflow(owner=owner, repo=repo, workflow_id=workflow, ref=branch)
-
-
 def has_worktree_changes() -> bool:
     """Return whether `flake.lock` has worktree changes."""
     result = run_cmd(["git", "diff", "--quiet", "--", "flake.lock"], check=False)
@@ -120,9 +113,6 @@ def update(
             branch=branch,
             base=base,
         )
-        # We can remove this if Gitea fixes the following issue:
-        # https://github.com/go-gitea/gitea/issues/33963
-        dispatch_pull_request_checks(client, owner=owner, repo=repo_name, branch=branch)
     typer.echo(pull_request.html_url or f"Pull request #{pull_request.number}")
 
 

systems/bob/hardware.nix

@@ -30,11 +30,6 @@
         keyFile = "/dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0374620080067131-0:0";
       };
     };
-
-    zfs.extraPools = [
-      "storage"
-    ];
-
     kernelModules = [ "kvm-amd" ];
     extraModulePackages = [ ];
   };

systems/jeeves/networking.nix

@@ -43,18 +43,11 @@
       };
     };
     networks = {
-      "10-Primary" = {
+      "10-1GB_Primary" = {
-        matchConfig.Name = "enp97s0";
+        matchConfig.Name = "enp97s0f1";
         address = [ "192.168.99.14/24" ];
-        dns = [
-          "192.168.99.1"
-          "2600:4040:abfb:d700::1"
-        ];
         routes = [ { Gateway = "192.168.99.1"; } ];
         vlan = [ "internet-vlan" ];
-        dhcpV4Config.UseDNS = false;
-        dhcpV6Config.UseDNS = false;
-        ipv6AcceptRAConfig.UseDNS = false;
         linkConfig.RequiredForOnline = "routable";
       };
       "50-internet-vlan" = {

systems/jeeves/programs.nix

@@ -3,6 +3,5 @@
   environment.systemPackages = with pkgs; [
     filebot
     docker-compose
-    ffmpeg
   ];
 }

systems/jeeves/services/audiobookshelf.nix

@@ -3,10 +3,7 @@ let
   vars = import ../vars.nix;
 in
 {
-  services.audiobookshelf = {
+  services.audiobookshelf.enable = true;
-    enable = true;
-    port = 8000;
-  };
   systemd.services.audiobookshelf.serviceConfig.WorkingDirectory =
     lib.mkForce "${vars.docker_configs}/audiobookshelf";
   users.users.audiobookshelf.home = lib.mkForce "${vars.docker_configs}/audiobookshelf";

systems/jeeves/services/nornsight.nix

@@ -1,107 +0,0 @@
-{ pkgs, ... }:
-let
-  vars = import ../vars.nix;
-  stateDir = "${vars.services}/nornsight";
-  appDir = "${stateDir}/app";
-  binPath = pkgs.lib.makeBinPath [
-    pkgs.binutils
-    pkgs.libpq
-    pkgs.postgresql
-    pkgs.stdenv.cc
-  ];
-  libraryPath = pkgs.lib.makeLibraryPath [
-    pkgs.libpq
-    pkgs.postgresql.lib
-  ];
-in
-{
-  systemd.tmpfiles.rules = [
-    "d ${stateDir} 0750 nornsight nornsight - -"
-  ];
-
-  users.users.nornsight = {
-    isSystemUser = true;
-    group = "nornsight";
-    home = stateDir;
-  };
-
-  systemd.services.nornsight = {
-    description = "Norn Sight";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    environment = {
-      HOME = stateDir;
-      UV_CACHE_DIR = "${stateDir}/.cache/uv";
-      UV_PROJECT_ENVIRONMENT = "${appDir}/.venv";
-      UV_PYTHON = "${pkgs.python313}/bin/python3.13";
-      UV_PYTHON_DOWNLOADS = "never";
-      LD_LIBRARY_PATH = libraryPath;
-      LIBRARY_PATH = libraryPath;
-      PSYCOPG_IMPL = "python";
-    };
-
-    path = with pkgs; [
-      bash
-      coreutils
-      git
-      uv
-    ];
-
-    serviceConfig = {
-      Type = "simple";
-      User = "nornsight";
-      Group = "nornsight";
-      EnvironmentFile = "-${vars.secrets}/services/nornsight";
-      WorkingDirectory = stateDir;
-      Restart = "on-failure";
-      RestartSec = "5s";
-      StandardOutput = "journal";
-      StandardError = "journal";
-      NoNewPrivileges = true;
-      PrivateTmp = true;
-      ProtectHome = true;
-      ProtectSystem = "strict";
-      ReadWritePaths = [ stateDir ];
-    };
-
-    script = ''
-      set -eu
-      export PATH="${binPath}:$PATH"
-      export LD_LIBRARY_PATH="${libraryPath}:''${LD_LIBRARY_PATH:-}"
-      export LIBRARY_PATH="${libraryPath}:''${LIBRARY_PATH:-}"
-
-      : "''${NORN_SIGHT_REPO_URL:?NORN_SIGHT_REPO_URL is required}"
-      branch="''${NORN_SIGHT_BRANCH:-main}"
-
-      if [ -d "${appDir}/.git" ]; then
-        current_origin="$(git -C "${appDir}" remote get-url origin)"
-        if [ "$current_origin" != "$NORN_SIGHT_REPO_URL" ]; then
-          rm -rf "${appDir}"
-        fi
-      fi
-
-      if [ ! -d "${appDir}/.git" ]; then
-        git clone --branch "$branch" "$NORN_SIGHT_REPO_URL" "${appDir}"
-      else
-        cd "${appDir}"
-        git fetch origin "$branch"
-        git checkout "$branch"
-        git pull --ff-only origin "$branch"
-      fi
-
-      cd "${appDir}"
-      uv sync --upgrade
-      uv run python - <<'PY'
-      import ctypes.util
-      import os
-
-      print(f"LD_LIBRARY_PATH={os.environ.get('LD_LIBRARY_PATH')}")
-      print(f"LIBRARY_PATH={os.environ.get('LIBRARY_PATH')}")
-      print(f"libpq={ctypes.util.find_library('pq')}")
-      PY
-      exec uv run uvicorn pipelines.web.main:app --host 0.0.0.0 --port 8001
-    '';
-  };
-}

systems/jeeves/syncthing.nix

@@ -10,14 +10,6 @@ in
     settings = {
       devices.davids-server.id = "7GXTDGR-AOXFW2O-K6J7NM3-XYZNRRW-AKHAFWM-GBOWUPQ-OA6JIWD-ER7RDQL"; # cspell:disable-line
       folders = {
-        photos = {
-          path = "${vars.syncthing}/important";
-          devices = [
-            "rhapsody-in-green"
-            "phone"
-          ];
-          fsWatcherEnabled = true;
-        };
         "dotfiles" = {
           path = "/home/richie/dotfiles";
           devices = [

systems/jeeves/web_services/haproxy.cfg

@@ -81,4 +81,4 @@ backend gitea
 
 backend norn_sight
   mode http
-  server server 127.0.0.1:8001
+  server server 192.168.90.49:8000

systems/rhapsody-in-green/default.nix

@@ -12,7 +12,6 @@
     "${inputs.self}/common/optional/zerotier.nix"
     ./hardware.nix
     ./open_webui.nix
-    ./programs.nix
     ./qmk.nix
     ./syncthing.nix
     inputs.nixos-hardware.nixosModules.framework-13-7040-amd

systems/rhapsody-in-green/programs.nix

@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    ffmpeg
-  ];
-}

systems/rhapsody-in-green/syncthing.nix

@@ -39,14 +39,6 @@
       ];
       fsWatcherEnabled = true;
     };
-    photos = {
-      path = "/home/richie/photos";
-      devices = [
-        "jeeves"
-        "phone"
-      ];
-      fsWatcherEnabled = true;
-    };
     "projects" = {
       id = "vyma6-lqqrz"; # cspell:disable-line
       path = "/home/richie/projects";

tests/test_gitea_flake_lock.py

@@ -1,113 +0,0 @@
-"""Tests for Gitea flake.lock automation."""
-
-from __future__ import annotations
-
-from python.gitea import PullRequest
-from python.gitea_flake_lock import (
-    PR_CHECK_WORKFLOWS,
-    PR_LABELS,
-    dispatch_pull_request_checks,
-    ensure_flake_lock_pull_request,
-    find_flake_lock_pull_request,
-)
-
-
-def _pull_request(number=1, head_branch="automation/update-flake-lock"):
-    return PullRequest(
-        number=number,
-        title="Update flake.lock",
-        html_url=f"https://gitea.example.test/pulls/{number}",
-        labels=(),
-        head_branch=head_branch,
-        base_branch="main",
-    )
-
-
-class FakeGiteaClient:
-    def __init__(self, pull_requests=None):
-        self.pull_requests = pull_requests or []
-        self.dispatch_calls = []
-        self.list_calls = []
-        self.create_calls = []
-
-    def list_open_pull_requests(self, **kwargs):
-        self.list_calls.append(kwargs)
-        return self.pull_requests
-
-    def create_pull_request(self, **kwargs):
-        self.create_calls.append(kwargs)
-        return _pull_request()
-
-    def dispatch_workflow(self, **kwargs):
-        self.dispatch_calls.append(kwargs)
-
-
-def test_ensure_flake_lock_pull_request_finds_by_branch():
-    pull_request = _pull_request()
-    client = FakeGiteaClient([pull_request])
-
-    result = ensure_flake_lock_pull_request(
-        client,
-        owner="Richie",
-        repo="dotfiles",
-        branch="automation/update-flake-lock",
-        base="main",
-    )
-
-    assert result == pull_request
-    assert client.list_calls == [
-        {"owner": "Richie", "repo": "dotfiles", "head": "automation/update-flake-lock"},
-    ]
-    assert client.create_calls == []
-
-
-def test_ensure_flake_lock_pull_request_creates_with_labels():
-    client = FakeGiteaClient()
-
-    ensure_flake_lock_pull_request(
-        client,
-        owner="Richie",
-        repo="dotfiles",
-        branch="automation/update-flake-lock",
-        base="main",
-    )
-
-    assert client.create_calls == [
-        {
-            "owner": "Richie",
-            "repo": "dotfiles",
-            "title": "Update flake.lock",
-            "body": "Automated flake.lock update.",
-            "head": "automation/update-flake-lock",
-            "base": "main",
-            "labels": PR_LABELS,
-        },
-    ]
-
-
-def test_find_flake_lock_pull_request_finds_by_label():
-    pull_request = _pull_request()
-    client = FakeGiteaClient([pull_request])
-
-    result = find_flake_lock_pull_request(client, owner="Richie", repo="dotfiles")
-
-    assert result == pull_request
-    assert client.list_calls == [
-        {"owner": "Richie", "repo": "dotfiles", "labels": ["flake_lock_update"]},
-    ]
-
-
-def test_dispatch_pull_request_checks_runs_each_workflow():
-    client = FakeGiteaClient()
-
-    dispatch_pull_request_checks(client, owner="Richie", repo="dotfiles", branch="automation/update-flake-lock")
-
-    assert client.dispatch_calls == [
-        {
-            "owner": "Richie",
-            "repo": "dotfiles",
-            "workflow_id": workflow,
-            "ref": "automation/update-flake-lock",
-        }
-        for workflow in PR_CHECK_WORKFLOWS
-    ]

users/richie/home/gui/default.nix

@@ -20,7 +20,6 @@
     qalculate-gtk
     vlc
     # browser
-    brave
     chromium
     # dev tools
     gparted

users/richie/home/gui/kitty.nix

@@ -12,7 +12,6 @@
       tab_bar_edge = "top";
       tab_bar_style = "powerline";
       enabled_layouts = "splits";
-      enable_audio_bell = "no";
     };
     keybindings = {
       "ctrl+alt+1" = "launch --type=tab --tab-title jeeves kitten ssh jeeves";

users/richie/home/gui/llm_tools.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   home.packages = [
-    pkgs.master.claude-code
+    pkgs.claude-code
     pkgs.master.codex
     pkgs.master.opencode
     pkgs.master.pi-coding-agent