updated test_test_bash_wrapper_error

.github/workflows/pytest_safe.yml

@@ -0,0 +1,19 @@
+name: pytest_safe
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  merge_group:
+
+jobs:
+  pytest:
+    runs-on: self-hosted
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run tests
+        run: unshare --map-root-user --user --net -- pytest tests

shell.nix

@@ -6,14 +6,14 @@
   default = pkgs.mkShell {
     NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
     nativeBuildInputs = with pkgs; [
-      nix
-      home-manager
-      git
-      my_python
-
-      ssh-to-age
-      gnupg
       age
+      busybox
+      git
+      gnupg
+      home-manager
+      my_python
+      nix
+      ssh-to-age
     ];
   };
 }

systems/jeeves/docker/great_cloud_of_witnesses.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  vars = import ../vars.nix;
+in
+{
+
+  # environment.systemPackages = with pkgs; [ php.withExtensions ({ all, ... }: [ all.pdo_pgsql ]) ];
+
+  services.httpd = {
+    enable = true;
+    adminAddr = "webmaster@localhost";
+
+    enablePHP = true;
+    phpPackage = pkgs.php.withExtensions (
+      { enabled, all }:
+      enabled
+      ++ [
+        all.pdo
+        all.pdo_pgsql
+      ]
+    );
+    extraModules = [ "rewrite" ];
+    virtualHosts.great_cloud_of_witnesses = {
+      hostName = "localhost";
+      listen = [
+        {
+          ip = "*";
+          port = 8092;
+        }
+
+      ];
+      documentRoot = "${vars.services}/great_cloud_of_witnesses";
+      extraConfig = ''
+        <Directory "${vars.services}/great_cloud_of_witnesses">
+          AllowOverride All
+          Require all granted
+        </Directory>
+      '';
+    };
+  };
+
+  sops.secrets.gcw_password = {
+    sopsFile = ../../../users/secrets.yaml;
+    neededForUsers = true;
+  };
+
+  users = {
+    users.gcw = {
+      isSystemUser = true;
+      hashedPasswordFile = config.sops.secrets.gcw_password.path;
+      group = "gcw";
+    };
+    groups.gcw = { };
+  };
+}

systems/jeeves/hardware.nix

@@ -61,7 +61,25 @@ in
         "luks-root-pool-wwn-0x55cd2e4150f01556-part2" =
           makeLuksSSD "/dev/disk/by-id/wwn-0x55cd2e4150f01556-part2";
 
+        # Media pool
+        "luks-media_pool-nvme-INTEL_SSDPEK1A118GA_BTOC14120V2J118B-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPEK1A118GA_BTOC14120V2J118B-part1";
+        "luks-media_pool-nvme-INTEL_SSDPEK1A118GA_BTOC14120WAG118B-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPEK1A118GA_BTOC14120WAG118B-part1";
+        "luks-media_pool-nvme-INTEL_SSDPE2ME012T4_CVMD5130000G1P2HGN-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPE2ME012T4_CVMD5130000G1P2HGN-part1";
+        "luks-media_pool-nvme-INTEL_SSDPE2ME012T4_CVMD5130000U1P2HGN-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_SSDPE2ME012T4_CVMD5130000U1P2HGN-part1";
+
         # Storage pool
+        "luks-storage_pool-nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834822N-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834822N-part1";
+        "luks-storage_pool-nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834817F-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6S2NS0T834817F-part1";
+        "luks-storage_pool-nvme-INTEL_MEMPEK1W016GA_PHBT828104DF016D-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_MEMPEK1W016GA_PHBT828104DF016D-part1";
+        "luks-storage_pool-nvme-INTEL_MEMPEK1W016GA_PHBT828105A8016D-part1" =
+          makeLuksSSD "/dev/disk/by-id/nvme-INTEL_MEMPEK1W016GA_PHBT828105A8016D-part1";
         "luks-storage_pool-wwn-0x5000cca23bc438dd-part1" =
           makeLuksDevice "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
         "luks-storage_pool-wwn-0x5000cca23bd035f5-part1" =

systems/jeeves/runners/nix_builder.nix

@@ -112,6 +112,7 @@ in
               user = "github-runners";
               group = "github-runners";
               extraPackages = with pkgs; [
+                busybox
                 nixfmt-rfc-style
                 nixos-rebuild
                 treefmt

systems/jeeves/scripts/zfs.sh

@@ -15,27 +15,27 @@ sudo zpool add storage -o ashift=12 logs mirror
 sudo zpool create scratch -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -O encryption=aes-256-gcm -O keyformat=hex -O keylocation=file:///key -m /zfs/scratch
 
 # media datasets
-sudo zfs create media/secure -o encryption=aes-256-gcm -o keyformat=hex -o keylocation=file:///root/zfs.key
-sudo zfs create media/secure/docker -o compression=zstd-9
-sudo zfs create media/secure/github-runners -o compression=zstd-9 -o sync=disabled
-sudo zfs create media/secure/home_assistant -o compression=zstd-19
-sudo zfs create media/secure/notes -o copies=2
-sudo zfs create media/secure/postgres -o recordsize=16k -o primarycache=metadata
-sudo zfs create media/secure/services -o compression=zstd-9
-sudo zfs create media/secure/share -o mountpoint=/zfs/media/share -o exec=off
+sudo zfs create -o compression=zstd-9 media/docker
+sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners
+sudo zfs create -o copies=3 media/notes
+sudo zfs create -o compression=zstd-9 media/plex
+sudo zfs create -o compression=zstd-9 media/services
+sudo zfs create -o compression=zstd-19 media/home_assistant
+sudo zfs create -o exec=off media/share
+sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres
 
 # scratch datasets
 sudo zfs create scratch/kafka -o mountpoint=/zfs/scratch/kafka -o recordsize=1M
 sudo zfs create scratch/transmission -o mountpoint=/zfs/scratch/transmission -o recordsize=16k -o sync=disabled
 
 # storage datasets
-sudo zfs create storage/ollama -o recordsize=1M -o compression=zstd-19 -o sync=disabled
-sudo zfs create storage/secure -o encryption=aes-256-gcm -o keyformat=hex -o keylocation=file:///root/zfs.key
-sudo zfs create storage/secure/archive -o recordsize=1M -o compression=zstd-19
-sudo zfs create storage/secure/library -o recordsize=1M -o compression=zstd-19
-sudo zfs create storage/secure/main -o compression=zstd-19
-sudo zfs create storage/secure/photos -o recordsize=16K -o compression=zstd-19 -o copies=2
-sudo zfs create storage/secure/plex -o recordsize=1M -o compression=zstd-19
-sudo zfs create storage/secure/secrets -o compression=zstd-19 -o copies=3
-sudo zfs create storage/secure/syncthing -o compression=zstd-19
-sudo zfs create storage/secure/transmission -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled
+sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/archive
+sudo zfs create -o compression=zstd-19 storage/main
+sudo zfs create -o recordsize=16K -o compression=zstd-19 -o copies=2 storage/photos
+sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/plex
+sudo zfs create -o compression=zstd-19 -o copies=3 storage/secrets
+sudo zfs create -o compression=zstd-19 storage/syncthing
+sudo zfs create -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled storage/qbitvpn
+sudo zfs create -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled storage/transmission
+sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/library
+sudo zfs create -o recordsize=1M -o compression=zstd-19 -o sync=disabled storage/ollama

systems/jeeves/services/llms.nix

@@ -9,25 +9,13 @@ in
       host = "0.0.0.0";
       loadModels = [
         "codellama:7b"
-        "deepscaler:1.5b"
         "deepseek-r1:14b"
         "deepseek-r1:32b"
         "deepseek-r1:8b"
-        "devstral-small-2:24b"
-        "functiongemma:270m"
         "gemma3:12b"
         "gemma3:27b"
         "gpt-oss:120b"
         "gpt-oss:20b"
-        "llama3.1:70b"
-        "llama3.1:8b"
-        "llama3.2:1b"
-        "llama3.2:3b"
-        "magistral:24b"
-        "ministral-3:14b"
-        "nemotron-3-nano:30b"
-        "qwen3-coder:30b"
-        "qwen3-vl:32b"
         "qwen3:14b"
         "qwen3:30b"
       ];

systems/jeeves/services/open_webui.nix

@@ -1,16 +0,0 @@
-let
-  vars = import ../vars.nix;
-in
-{
-  services.open-webui = {
-    stateDir = "${vars.services}/open_webui/";
-    enable = true;
-    openFirewall = true;
-    environment = {
-      ANONYMIZED_TELEMETRY = "False";
-      DO_NOT_TRACK = "True";
-      SCARF_NO_ANALYTICS = "True";
-      OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
-    };
-  };
-}

systems/jeeves/services/postgress.nix

@@ -30,6 +30,18 @@ in
       local hass     hass     trust
       local gitea    gitea    trust
 
+      # megan
+      host  megan    megan    192.168.90.1/24 trust
+      host  megan    megan    127.0.0.1/32 trust
+
+      host  gcw      megan    192.168.90.1/24 trust
+      host  gcw      megan    127.0.0.1/32 trust
+
+      # gcw
+      local gcw      gcw      trust
+      host  gcw      gcw      192.168.90.1/24 trust
+      host  gcw      gcw      127.0.0.1/32 trust
+
       # math
       local postgres  math   trust
       host  postgres  math   127.0.0.1/32    trust
@@ -88,6 +100,26 @@ in
           replication = true;
         };
       }
+      {
+        name = "megan";
+        ensureDBOwnership = true;
+        ensureClauses = {
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+      {
+        name = "gcw";
+        ensureDBOwnership = true;
+        ensureClauses = {
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
       {
         name = "math";
         ensureDBOwnership = true;
@@ -100,9 +132,13 @@ in
       }
     ];
     ensureDatabases = [
+      "gcw"
       "hass"
       "gitea"
       "math"
+      "megan"
+      "mxr_dev"
+      "mxr_prod"
       "n8n"
       "richie"
     ];

tests/test_common.py

@@ -57,5 +57,5 @@ def test_test_bash_wrapper_error() -> None:
     """test_test_bash_wrapper_error."""
     expected_error = 2
     stdout, returncode = bash_wrapper("ls /this/path/does/not/exist")
-    assert stdout == "ls: cannot access '/this/path/does/not/exist': No such file or directory\n"
+    assert stdout == "ls: /this/path/does/not/exist: No such file or directory\n"
     assert returncode == expected_error

users/megan/default.nix

@@ -0,0 +1,30 @@
+{
+  pkgs,
+  config,
+  ...
+}:
+{
+  sops.secrets.megan_password = {
+    sopsFile = ../secrets.yaml;
+    neededForUsers = true;
+  };
+
+  users = {
+    users.megan = {
+      isNormalUser = true;
+      hashedPasswordFile = "${config.sops.secrets.megan_password.path}";
+
+      shell = pkgs.zsh;
+      group = "megan";
+      extraGroups = [
+        "audio"
+        "video"
+        "users"
+      ];
+      uid = 1101;
+    };
+
+    groups.megan.gid = 1101;
+  };
+  home-manager.users.megan = import ./systems/${config.networking.hostName}.nix;
+}

users/megan/home/cli/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ./direnv.nix
+    ./git.nix
+    ./zsh.nix
+  ];
+
+  programs.starship.enable = true;
+}

users/megan/home/cli/direnv.nix

@@ -0,0 +1,8 @@
+{
+
+  programs.direnv = {
+    enable = true;
+    enableZshIntegration = true;
+    nix-direnv.enable = true;
+  };
+}

users/megan/home/cli/git.nix

@@ -0,0 +1,14 @@
+{
+  programs.git = {
+    enable = true;
+    settings = {
+      user = {
+        email = "mousikos112@gmail.com";
+        name = "megan";
+      };
+      pull.rebase = true;
+      color.ui = true;
+    };
+    lfs.enable = true;
+  };
+}

users/megan/home/cli/zsh.nix

@@ -0,0 +1,31 @@
+{
+  programs.zsh = {
+    enable = true;
+    syntaxHighlighting.enable = true;
+    history.size = 10000;
+    oh-my-zsh = {
+      enable = true;
+      plugins = [
+        "git"
+        "docker"
+        "docker-compose"
+        "colored-man-pages"
+        "rust"
+        "systemd"
+        "tmux"
+        "ufw"
+        "z"
+      ];
+    };
+    shellAliases = {
+      "lrt" = "eza --icons -lsnew";
+      "ls" = "eza";
+      "ll" = "eza --long --group";
+      "la" = "eza --all";
+
+      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
+      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
+      "nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles";
+    };
+  };
+}

users/megan/home/global.nix

@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  imports = [
+    ./cli
+    ./programs.nix
+  ];
+
+  programs = {
+    home-manager.enable = true;
+    git.enable = true;
+  };
+
+  home = {
+    username = "megan";
+    homeDirectory = "/home/${config.home.username}";
+    stateVersion = "24.05";
+  };
+}

users/megan/home/programs.nix

@@ -0,0 +1,41 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    # cli
+    bat
+    btop
+    eza
+    fd
+    ffmpegthumbnailer
+    fzf
+    git
+    gnupg
+    imagemagick
+    jq
+    ncdu
+    neofetch
+    ouch
+    p7zip
+    poppler
+    rar
+    ripgrep
+    starship
+    tmux
+    unzip
+    yazi
+    zoxide
+    # system info
+    hwloc
+    lynis
+    pciutils
+    smartmontools
+    usbutils
+    # networking
+    iperf3
+    nmap
+    wget
+    # python
+    poetry
+    ruff
+  ];
+}

users/megan/systems/jeeves.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ../home/global.nix
+  ];
+}

users/richie/home/gui/default.nix

@@ -23,11 +23,10 @@
     signal-desktop
     zoom-us
     # dev tools
-    claude-code
-    gparted
     jetbrains.datagrip
-    master.antigravity-fhs
     proxychains
+    master.antigravity-fhs
+    gparted
     # games
     dwarf-fortress
     tower-pixel-dungeon

users/richie/home/programs.nix

@@ -4,6 +4,7 @@
     # cli
     bat
     btop
+    busybox
     eza
     fd
     ffmpegthumbnailer
@@ -21,7 +22,6 @@
     ripgrep
     starship
     tmux
-    unzip
     yazi
     zoxide
     # Home Assistant
@@ -31,13 +31,11 @@
     # system info
     hwloc
     lynis
-    pciutils
     smartmontools
     usbutils
     # networking
     iperf3
     nmap
-    wget
     # python
     poetry
     ruff