From da7e72db647e81d005590dc5654c0621bc66c61c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 16:17:55 +0100 Subject: [PATCH 01/11] tree-wide: remove nix-monitored --- nix/configurations/hetzner_benchmark.nix | 3 --- nix/configurations/hydrogen.nix | 3 --- nix/overlays/nix-monitored.nix | 10 ---------- npins/sources.json | 14 -------------- 4 files changed, 30 deletions(-) delete mode 100644 nix/overlays/nix-monitored.nix diff --git a/nix/configurations/hetzner_benchmark.nix b/nix/configurations/hetzner_benchmark.nix index 38d0d479..a57cdc55 100644 --- a/nix/configurations/hetzner_benchmark.nix +++ b/nix/configurations/hetzner_benchmark.nix @@ -40,12 +40,9 @@ in # use lix everywhere and wrap it with nom ../overlays/lix.nix - ../overlays/nix-monitored.nix ]; }; - nix.package = pkgs.nix-monitored; - system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 42554878..2152b589 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -46,12 +46,9 @@ in # use lix everywhere and wrap it with nom ../overlays/lix.nix - ../overlays/nix-monitored.nix ]; }; - nix.package = pkgs.nix-monitored; - system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/overlays/nix-monitored.nix b/nix/overlays/nix-monitored.nix deleted file mode 100644 index 28f696bb..00000000 --- a/nix/overlays/nix-monitored.nix +++ /dev/null @@ -1,10 +0,0 @@ -let - sources = import ../../npins; -in -# The final nix is lix in this case -final: prev: { - nix-monitored = sources.nix-monitored.asFlake.packages.${final.stdenv.hostPlatform.system}.default.override { - inherit (final) nix; - withNotify = false; # noisy, spams "command completed" even for nix shells - }; -} diff --git a/npins/sources.json b/npins/sources.json index c3f6319c..8a833f5b 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -148,20 +148,6 @@ "url": "https://github.com/oxalica/nil/archive/504599f7e555a249d6754698473124018b80d121.tar.gz", "hash": "1mzx60999jciq2ax1l5ajmks6fb3cmjavn7fsyh4aysvcdgzrj6p" }, - "nix-monitored": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "ners", - "repo": "nix-monitored" - }, - "branch": "master", - "submodules": false, - "revision": "60f3baa4701d58eab86c2d1d9c3d7e820074d461", - "url": "https://github.com/ners/nix-monitored/archive/60f3baa4701d58eab86c2d1d9c3d7e820074d461.tar.gz", - "hash": "1rdyjmxkvyqd5blbzbwfv2b99krx6rkpdzi1ckyby8i676gf9hv7", - "frozen": true - }, "nix-tree": { "type": "GitRelease", "repository": { From efbb62df7e66c8d8b33e3674adda94fd4806a262 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 16:20:48 +0100 Subject: [PATCH 02/11] tree-wide: remove nix-tree --- nix/configurations/hydrogen.nix | 1 - nix/configurations/installer.nix | 1 - nix/configurations/vanadium.nix | 1 - nix/overlays/nix-tree.nix | 8 -------- npins/sources.json | 16 ---------------- 5 files changed, 27 deletions(-) delete mode 100644 nix/overlays/nix-tree.nix diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 2152b589..7bc9620a 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -41,7 +41,6 @@ in overlays = map import [ ../overlays/agenix.nix ../overlays/nur.nix - ../overlays/nix-tree.nix ../packages/overlay.nix # use lix everywhere and wrap it with nom diff --git a/nix/configurations/installer.nix b/nix/configurations/installer.nix index 972409e9..027168d7 100644 --- a/nix/configurations/installer.nix +++ b/nix/configurations/installer.nix @@ -38,7 +38,6 @@ in ../overlays/agenix.nix ../overlays/disko.nix ../overlays/nur.nix - ../overlays/nix-tree.nix ../packages/overlay.nix ]; diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index acdb6d98..509349ca 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -52,7 +52,6 @@ in ../overlays/disko.nix ../overlays/nur.nix ../overlays/wired-notify.nix - ../overlays/nix-tree.nix ../overlays/wallpapers.nix ../overlays/nil.nix ../overlays/dix.nix diff --git a/nix/overlays/nix-tree.nix b/nix/overlays/nix-tree.nix deleted file mode 100644 index ec23e3c2..00000000 --- a/nix/overlays/nix-tree.nix +++ /dev/null @@ -1,8 +0,0 @@ -# The one in nixpkgs doesn't work -# Getting nix-tree: user error (Failed parsing nix path-info output.) -let - sources = import ../../npins; -in -final: _: { - nix-tree = (import sources.nix-tree).packages.${final.stdenv.hostPlatform.system}.default; -} diff --git a/npins/sources.json b/npins/sources.json index 8a833f5b..e3c4a8b2 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -148,22 +148,6 @@ "url": "https://github.com/oxalica/nil/archive/504599f7e555a249d6754698473124018b80d121.tar.gz", "hash": "1mzx60999jciq2ax1l5ajmks6fb3cmjavn7fsyh4aysvcdgzrj6p" }, - "nix-tree": { - "type": "GitRelease", - "repository": { - "type": "GitHub", - "owner": "utdemir", - "repo": "nix-tree" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "v0.8.0", - "revision": "e7ef6623cf944b80e48196d74c6531dd79943652", - "url": "https://api.github.com/repos/utdemir/nix-tree/tarball/v0.8.0", - "hash": "1ag68xnszianrfinm56mf9bhvm0pglvnmlyffjr1pxrkji8d52nc" - }, "nixos-hardware": { "type": "Git", "repository": { From 621944c7d2bab8d88320ee201183c1535b263eb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 16:23:52 +0100 Subject: [PATCH 03/11] Revert "tree-wide: remove nix-monitored" This reverts commit da7e72db647e81d005590dc5654c0621bc66c61c. --- nix/configurations/hetzner_benchmark.nix | 3 +++ nix/configurations/hydrogen.nix | 3 +++ nix/overlays/nix-monitored.nix | 10 ++++++++++ npins/sources.json | 14 ++++++++++++++ 4 files changed, 30 insertions(+) create mode 100644 nix/overlays/nix-monitored.nix diff --git a/nix/configurations/hetzner_benchmark.nix b/nix/configurations/hetzner_benchmark.nix index a57cdc55..38d0d479 100644 --- a/nix/configurations/hetzner_benchmark.nix +++ b/nix/configurations/hetzner_benchmark.nix @@ -40,9 +40,12 @@ in # use lix everywhere and wrap it with nom ../overlays/lix.nix + ../overlays/nix-monitored.nix ]; }; + nix.package = pkgs.nix-monitored; + system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 7bc9620a..4eb889b4 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -45,9 +45,12 @@ in # use lix everywhere and wrap it with nom ../overlays/lix.nix + ../overlays/nix-monitored.nix ]; }; + nix.package = pkgs.nix-monitored; + system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/overlays/nix-monitored.nix b/nix/overlays/nix-monitored.nix new file mode 100644 index 00000000..28f696bb --- /dev/null +++ b/nix/overlays/nix-monitored.nix @@ -0,0 +1,10 @@ +let + sources = import ../../npins; +in +# The final nix is lix in this case +final: prev: { + nix-monitored = sources.nix-monitored.asFlake.packages.${final.stdenv.hostPlatform.system}.default.override { + inherit (final) nix; + withNotify = false; # noisy, spams "command completed" even for nix shells + }; +} diff --git a/npins/sources.json b/npins/sources.json index e3c4a8b2..9a81a007 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -148,6 +148,20 @@ "url": "https://github.com/oxalica/nil/archive/504599f7e555a249d6754698473124018b80d121.tar.gz", "hash": "1mzx60999jciq2ax1l5ajmks6fb3cmjavn7fsyh4aysvcdgzrj6p" }, + "nix-monitored": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "ners", + "repo": "nix-monitored" + }, + "branch": "master", + "submodules": false, + "revision": "60f3baa4701d58eab86c2d1d9c3d7e820074d461", + "url": "https://github.com/ners/nix-monitored/archive/60f3baa4701d58eab86c2d1d9c3d7e820074d461.tar.gz", + "hash": "1rdyjmxkvyqd5blbzbwfv2b99krx6rkpdzi1ckyby8i676gf9hv7", + "frozen": true + }, "nixos-hardware": { "type": "Git", "repository": { From a3884f79fd57f2852f1cad590ff5ffd0340d688b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 16:24:03 +0100 Subject: [PATCH 04/11] Revert "vanadium: remove nix-monitored" This reverts commit b9636d4cdc5576defa79252e86755e867ca02bfb. --- nix/configurations/vanadium.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 509349ca..f40c39b5 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -70,9 +70,12 @@ in # use lix everywhere and wrap it with nom ../overlays/lix.nix + ../overlays/nix-monitored.nix ]; }; + nix.package = pkgs.nix-monitored; + system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; From 54ce4cf229618a96386b383dbb428c432d706ec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 16:28:05 +0100 Subject: [PATCH 05/11] overlays/nix-monitored: don't override globally Overriding globally would break nix-shell shebangs --- nix/configurations/hetzner_benchmark.nix | 2 -- nix/configurations/hydrogen.nix | 2 -- nix/configurations/vanadium.nix | 2 -- nix/overlays/nix-monitored.nix | 26 +++++++++++++++++++----- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/nix/configurations/hetzner_benchmark.nix b/nix/configurations/hetzner_benchmark.nix index 38d0d479..d8235a48 100644 --- a/nix/configurations/hetzner_benchmark.nix +++ b/nix/configurations/hetzner_benchmark.nix @@ -44,8 +44,6 @@ in ]; }; - nix.package = pkgs.nix-monitored; - system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 4eb889b4..2cafb757 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -49,8 +49,6 @@ in ]; }; - nix.package = pkgs.nix-monitored; - system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index f40c39b5..92b50443 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -74,8 +74,6 @@ in ]; }; - nix.package = pkgs.nix-monitored; - system.nixos = let rev = lib.substring 0 8 sources.nixpkgs.revision; diff --git a/nix/overlays/nix-monitored.nix b/nix/overlays/nix-monitored.nix index 28f696bb..0c693f53 100644 --- a/nix/overlays/nix-monitored.nix +++ b/nix/overlays/nix-monitored.nix @@ -1,10 +1,26 @@ let sources = import ../../npins; in -# The final nix is lix in this case -final: prev: { - nix-monitored = sources.nix-monitored.asFlake.packages.${final.stdenv.hostPlatform.system}.default.override { - inherit (final) nix; - withNotify = false; # noisy, spams "command completed" even for nix shells +final: prev: +let + nix-monitored-noisy = + sources.nix-monitored.asFlake.packages.${final.stdenv.hostPlatform.system}.default.override + { + inherit (final) + nix # Use the nix the user wants, whether it's lix or nix + nix-output-monitor # don't use the nom pinned by nix-monitored + ; + }; + + nix-monitored = nix-monitored-noisy.override { + withNotify = false; + }; +in +{ + nixos-rebuild = prev.nixos-rebuild.override { + nix = nix-monitored-noisy; + }; + nix-direnv = prev.nix-direnv.override { + nix = nix-monitored; }; } From 02f68dfc1bf21a2f65a5b483955a95045537cb9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 16:32:27 +0100 Subject: [PATCH 06/11] vanadium: +nix-output-monitor --- nix/configurations/vanadium/home/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/configurations/vanadium/home/programs.nix b/nix/configurations/vanadium/home/programs.nix index f011127d..0eac0247 100644 --- a/nix/configurations/vanadium/home/programs.nix +++ b/nix/configurations/vanadium/home/programs.nix @@ -79,6 +79,7 @@ pkgs.niv pkgs.npins pkgs.nix-tree + pkgs.nix-output-monitor pkgs.nh # productivity / media From 643687e47778bdea00c54598a55d18c2cacac911 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 17:15:20 +0100 Subject: [PATCH 07/11] overlays/nix-monitored: hack to drop system override of nix package --- nix/overlays/nix-monitored.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/nix/overlays/nix-monitored.nix b/nix/overlays/nix-monitored.nix index 0c693f53..464616ab 100644 --- a/nix/overlays/nix-monitored.nix +++ b/nix/overlays/nix-monitored.nix @@ -15,11 +15,20 @@ let nix-monitored = nix-monitored-noisy.override { withNotify = false; }; + + keepNixOverride = + drv: + drv + // { + override = args: drv.override (builtins.removeAttrs args [ "nix" ]); + }; in { - nixos-rebuild = prev.nixos-rebuild.override { - nix = nix-monitored-noisy; - }; + nixos-rebuild-ng = keepNixOverride ( + prev.nixos-rebuild-ng.override { + nix = nix-monitored-noisy; + } + ); nix-direnv = prev.nix-direnv.override { nix = nix-monitored; }; From 8eb649216d50cb2fe2d232f4992a8260518cde7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 17:40:47 +0100 Subject: [PATCH 08/11] overlays/nix-monitored: never noisy --- nix/overlays/nix-monitored.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/nix/overlays/nix-monitored.nix b/nix/overlays/nix-monitored.nix index 464616ab..c01747aa 100644 --- a/nix/overlays/nix-monitored.nix +++ b/nix/overlays/nix-monitored.nix @@ -3,19 +3,16 @@ let in final: prev: let - nix-monitored-noisy = + nix-monitored = sources.nix-monitored.asFlake.packages.${final.stdenv.hostPlatform.system}.default.override { inherit (final) nix # Use the nix the user wants, whether it's lix or nix nix-output-monitor # don't use the nom pinned by nix-monitored ; + withNotify = false; }; - nix-monitored = nix-monitored-noisy.override { - withNotify = false; - }; - keepNixOverride = drv: drv @@ -26,7 +23,7 @@ in { nixos-rebuild-ng = keepNixOverride ( prev.nixos-rebuild-ng.override { - nix = nix-monitored-noisy; + nix = nix-monitored; } ); nix-direnv = prev.nix-direnv.override { From dd15a482a531d6f6232377da137a5a60eb64c109 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 21:08:11 +0100 Subject: [PATCH 09/11] identities/vanadium: add a root ssh key --- nix/identities.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/identities.nix b/nix/identities.nix index 1859f241..4e561f7d 100644 --- a/nix/identities.nix +++ b/nix/identities.nix @@ -1,6 +1,7 @@ [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPq2o9pbmLRGrOpAP76eYCAscmfakDC7wPm9fmsCCQM leana@vanadium" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5OgvihLpGaenFmZpbflF+UFsyYTZDwBZqTmSYdquC3 root@vanadium" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcIprcqvTCicHdtn9GFM77n7fTzhG0/nAEqMp5n6W+m root@vanadium" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5OgvihLpGaenFmZpbflF+UFsyYTZDwBZqTmSYdquC3 root@vanadium" # host "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXzNdCA0zZ+WmeKZnhQSQtUcxnQhhDl59E3BPQfLj7Q leana@hydrogen" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMVDmEt/12u9U4QGDZBx/Sx8itzqfQ4zWJvcC3pRZqP root@hydrogen" From 41d962082025f3deeeb8652955b57e12bc01db58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 21:31:42 +0100 Subject: [PATCH 10/11] hetzner_benchmark: set up as nix builder --- nix/configurations/hetzner_benchmark.nix | 1 + .../hetzner_benchmark/nixos/builder.nix | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 nix/configurations/hetzner_benchmark/nixos/builder.nix diff --git a/nix/configurations/hetzner_benchmark.nix b/nix/configurations/hetzner_benchmark.nix index d8235a48..3f84df39 100644 --- a/nix/configurations/hetzner_benchmark.nix +++ b/nix/configurations/hetzner_benchmark.nix @@ -57,6 +57,7 @@ in ./hetzner_benchmark/nixos/hardware-configuration.nix ./hetzner_benchmark/nixos/misc.nix ./hetzner_benchmark/nixos/programs.nix + ./hetzner_benchmark/nixos/builder.nix ../nixosModules/common/fish.nix ../nixosModules/common/disable-command-not-found.nix diff --git a/nix/configurations/hetzner_benchmark/nixos/builder.nix b/nix/configurations/hetzner_benchmark/nixos/builder.nix new file mode 100644 index 00000000..c8191c8d --- /dev/null +++ b/nix/configurations/hetzner_benchmark/nixos/builder.nix @@ -0,0 +1,31 @@ +# https://nix.dev/tutorials/nixos/distributed-builds-setup.html +{ config, ... }: +{ + users.users.remotebuild = { + isSystemUser = true; + group = "remotebuild"; + useDefaultShell = true; + + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; + }; + + users.groups.remotebuild = { }; + nix = { + nrBuildUsers = 64; # defaults to 32 + settings = { + trusted-users = [ "remotebuild" ]; + + min-free = 50 * 1024 * 1024 * 1024; # start gc when < 10 GB is available + max-free = 100 * 1024 * 1024 * 1024; # stop gc when 20 GB is available + + max-jobs = "auto"; + cores = 0; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; +} From f471cfc43846fbfad23d00e6e8e8067a85ed609e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Thu, 1 Jan 2026 21:40:59 +0100 Subject: [PATCH 11/11] vanadium/sane-nix: init Setup memory && storage protection mechanisms --- nix/configurations/vanadium.nix | 1 + nix/configurations/vanadium/nixos/sane-nix.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 nix/configurations/vanadium/nixos/sane-nix.nix diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 92b50443..aeb22f45 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -88,6 +88,7 @@ in # NixOS modules # ./vanadium/nixos/hardware-configuration.nix # generated + ./vanadium/nixos/sane-nix.nix ./vanadium/nixos/fs.nix ./vanadium/nixos/restic.nix diff --git a/nix/configurations/vanadium/nixos/sane-nix.nix b/nix/configurations/vanadium/nixos/sane-nix.nix new file mode 100644 index 00000000..83c080d8 --- /dev/null +++ b/nix/configurations/vanadium/nixos/sane-nix.nix @@ -0,0 +1,13 @@ +# Protect my system from running out of storage or memory +{ + nix.settings = { + min-free = 50 * 1024 * 1024 * 1024; + max-free = 100 * 1024 * 1024 * 1024; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; +}