Skyworks/skyworks-Nix-infra

Fork: 0

Skyworks / skyworks-Nix-infra

2026-03-16	beb625d Browse files » skydick: fix samba spotlight build with Python 3.13 and icu ... - Suppress -Werror=deprecated-declarations for PyEval_InitThreads removed in Python 3.13 (used by tevent_glib_tracker) - Add icu for Unicode normalisation required by Spotlight indexing Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	c17ab29 Browse files » skydick: patch samba wscript to detect tracker-sparql-3.0 ... Upstream samba (even 4.22) only checks for tracker-sparql-{2.0,1.0,0.16,0.14} but tinysparql 3.x ships tracker-sparql-3.0.pc. Add '3.0' to the version list so waf configure finds the library and builds rpcd_mdssvc with tracker support. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	98968f5 Browse files » skydick: upgrade to nixos-25.11, add Spotlight + recycle bin ... - Upgrade nixpkgs from nixos-24.11 to nixos-25.11 (Samba 4.20→4.22) - Add overlay to build sambaFull with tracker/spotlight support - Add Spotlight search with tracker backend for Finder search over SMB - Add localsearch indexer service for public, media, and ldx files - Add recycle bin (vfs recycle) for public/homes shares - Add global fruit VFS for Apple compatibility - Move fruit:model=TimeCapsule to ldx-timemachine share only - Fix package renames for 25.11: targetcli→targetcli-fb, dstat→dool Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	9a55e9c Browse files » skydick: bump TM max size to 3T for three Macs ... 1T was too tight — 579G already used across 3 sparsebundles left only ~450G visible to macOS. 3T leaves headroom for growth while keeping 7T of the 10T ldx quota available for other datasets. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	a11cc24 Browse files » skydick: rename TM share to ldx-timemachine ... Per-user naming makes ownership unambiguous. The share points to ldx's dedicated timemachine ZFS dataset, not a shared location. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	c140a15 Browse files » skydick: add Samba Time Machine share for macOS backups ... Exposes dick/users/ldx/timemachine as an SMB share with Apple fruit VFS extensions (fruit:time machine = yes) so Macs can back up directly to skydick instead of door1. Capped at 1T via fruit:time machine max size. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	947e56e Browse files » skydick: add timemachine dataset for macOS backups ... Dedicated ZFS dataset with recordsize=64K and zstd compression, better matched for Time Machine sparsebundle band files than the media dataset (1M recordsize, compression=off) where backups were previously dumped. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	06ed430 Browse files » skydick: tune ZFS async read and prefetch for NFS throughput ... Benchmarking showed 320 MB/s read over NFS against a 4-mirror-vdev pool capable of much more. The default async_read_max_active=8 starves the I/O scheduler across 4 vdevs of spinning Mach2 drives, and the prefetch data miss rate was 93%. - zfs_vdev_async_read_max_active: 8 → 32 - zfs_vdev_async_read_min_active: 1 → 4 - zfetch_max_streams: 8 → 16 Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 16 days ago
	22a386a Browse files » skydick: document Windows NFS client path differences ... Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 17 days ago
2026-03-15	95816ac Browse files » Merge branch 'main' of https://gitbucket.skyw.top/git/Skyworks/skyworks-Nix-infra Dixiao-L committed 17 days ago
	e957d8e Browse files » skydick: clean SMB tuning and enforce datapool atime Dixiao-L committed 17 days ago
	fea28fc Browse files » add wg-peers to SMB allowed ips physicsdolphin committed 17 days ago
	5b9aad8 Browse files » Add RSS support flag from server side physicsdolphin committed 17 days ago
	f68cc9c Browse files » monitoring: increase SMART polling frequency to 30m ... Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 17 days ago
	8ca571d Browse files » skydick: document datapool user and admin workflow Dixiao-L committed 17 days ago
	8a03bc6 Browse files » skydick: keep SMB passwords synced from LDAP Dixiao-L committed 17 days ago
	0fd157f Browse files » skydick: switch Samba to ldapsam, rename ylw→ye-lw21, drop legacy datasets ... - Samba passdb backend changed from tdbsam to ldapsam:ldap://10.0.0.1 - Added samba-ldap-admin-password oneshot to seed LDAP admin cred before smbd - Pinned storage group to GID 997 to match LDAP posixGroup - Renamed ylw to ye-lw21 across all hosts (users.nix, skydick, xlab-gateway) - Removed legacy tmpfiles and NFS exports (share/backup/torrent/vm destroyed) - Added bootstrap LDIF for sambaDomain, storage group, machines OU Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 17 days ago
	fa6ae03 Browse files » skydick: update DATAPOOL.md for ldapsam, ye-lw21 rename, and storage group model ... Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	ec5ead0 Browse files » skydick: enable LDAP-backed NSS for POSIX identity resolution ... Add users.ldap with nslcd pointed at ldap://10.0.0.1/ for passwd/group lookups. This is identity-only: loginPam=false keeps SSH/console auth local, and Samba stays on tdbsam until sambaSamAccount objects exist in LDAP. - Add agenix secret for LDAP bind credential (cn=query_user) - nss_initgroups_ignoreusers ALLLOCAL avoids boot-time NSS deadlock - Add openldap package for admin ldapsearch/ldapmodify - Update DATAPOOL.md to reflect LDAP identity model, numeric UID/GID in tmpfiles for LDAP-only users, and current auth boundaries Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
2026-03-14	c6d5865 Browse files » skydick: redesign datapool with per-user datasets and service model ... Replace flat purpose-first layout (share/media/torrent/backup/vm) with user-first hierarchy: - dick/public: shared collaborative files - dick/media: shared media with data/ + library/ in one hardlink domain - dick/users/<user>/{files,bt-state,vm}: per-user private trees with ZFS quotas, per-user NFS all_squash, and Samba [homes] - dick/system/{backup,vm}: admin-only system datasets - dick/templates/vm: read-only shared VM base images NFS exports split media into rw writer (all_squash to qbittorrent) and ro reader (/media/library). Per-user exports use explicit anonuid/gid. Samba uses [public] for shared, [homes] for per-user, [media] ro for library. Legacy exports preserved for active migration. Add DATAPOOL.md with user/admin guide covering SMB/NFS connection, new-user provisioning, quotas, and troubleshooting. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	d3f41c3 Browse files » monitoring: add sudo to Telegraf PATH for SMART collection ... Telegraf's SMART plugin with use_sudo=true needs sudo in PATH. On NixOS, sudo lives at /run/wrappers/bin/ which wasn't included. This caused all SMART queries to fail with exit_status=1. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	26d54cc Browse files » monitoring: auto-discover SMART devices instead of hardcoding ... Remove smartDevices option and per-host device lists. Telegraf will now scan all block devices automatically, so disks can be added or removed without config changes. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	5b2935e Browse files » skydick: increase NFS server threads to 64 ... Default 8 threads is insufficient for 10GbE throughput. 64 threads allow better parallelism for concurrent NFS clients. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	8cdf72d Browse files » common: disable global flake registry fetch ... channels.nixos.org is unreachable from CN, causing 25s of retries on every nix-shell/nix run invocation. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	7a00ab6 Browse files » common: add TUNA mirror as primary Nix substituter, add btop ... cache.nixos.org has ~1.1s latency from CN. TUNA mirror responds in ~29ms (38x faster). Set connect-timeout=5 and stalled-download-timeout=15 to fail fast on unreachable mirrors. Also add btop to skydick monitoring packages. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	71dec76 Browse files » monitoring: add ZFS pool health exec input ... Custom script reports zpool health as numeric metric (0=ONLINE, 1=DEGRADED, 2=FAULTED, etc.) via Telegraf inputs.exec, enabling Grafana alerting on pool degradation. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	9494e34 Browse files » skydick: use all_squash for media/torrent NFS exports ... Map all NFS client UIDs to qbittorrent:storage (900:997) on media and torrent exports. Eliminates need for UID/GID coordination between NFS clients and server. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	4774172 Browse files » skydick: fix qbittorrent UID collision with ylw ... UID 1002 was already assigned to ylw on skydick. Change qbittorrent system user to UID 900 to avoid the collision. NFS sec=sys maps by UID number, so this must not conflict with any normal user. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	2ca6967 Browse files » monitoring: fix InfluxDB URL and add nvme-cli to Telegraf PATH ... Use door1's LAN IP (10.0.91.30) instead of WireGuard IP (172.16.1.1) for InfluxDB endpoint. Add nvme-cli to Telegraf's PATH for NVMe SMART attribute collection. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago
	5a4ec17 Browse files » skydick: add qbittorrent user and make media NFS export writable ... Add qbittorrent system user (UID 1002, group storage) for NFS root_squash write access. Change /srv/media export from ro,async to rw,sync to support *arr torrent downloads under /srv/media/torrents/. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed 18 days ago