WIP: Bazel template

flake.lock

@@ -14,11 +14,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714136352,
-        "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=",
+        "lastModified": 1707830867,
+        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e",
+        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
         "type": "github"
       },
       "original": {
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714641030,
-        "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
+        "lastModified": 1709336216,
+        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
+        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714679908,
-        "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=",
+        "lastModified": 1711604890,
+        "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848",
+        "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1714635257,
-        "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=",
+        "lastModified": 1711523803,
+        "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f",
+        "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1714825428,
-        "narHash": "sha256-6U4cppyR0u6sqSSVr3GMrnIXhP2YGR0knfgrUGtr/1Y=",
+        "lastModified": 1711622043,
+        "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "5847f3365c16afafc10c56994beadd4cdc8552ee",
+        "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714478972,
-        "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
+        "lastModified": 1711519547,
+        "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "2849da033884f54822af194400f8dff435ada242",
+        "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a",
         "type": "github"
       },
       "original": {

hosts/nixos/porthos/services.nix

@@ -10,11 +10,6 @@ in
     adblock = {
       enable = true;
     };
-    # Audiobook and podcast library
-    audiobookshelf = {
-      enable = true;
-      port = 9599;
-    };
     # Backblaze B2 backup
     backup = {
       enable = true;
@@ -139,7 +134,6 @@ in
     podgrab = {
       enable = true;
       passwordFile = secrets."podgrab/password".path;
-      dataDir = "/data/media/podcasts";
       port = 9598;
     };
     # Regular backups

modules/home/direnv/default.nix

@@ -7,9 +7,9 @@ in
     enable = my.mkDisableOption "direnv configuration";
 
     defaultFlake = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      example = "pkgs";
+      type = types.str;
+      default = "pkgs";
+      example = "nixpkgs";
       description = ''
         Which flake from the registry should be used for
         <command>use pkgs</command> by default.
@@ -39,7 +39,7 @@ in
       in
       lib.my.genAttrs' files linkLibFile;
 
-    home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) {
+    home.sessionVariables = {
       DIRENV_DEFAULT_FLAKE = cfg.defaultFlake;
     };
   };

modules/home/vim/after/ftplugin/bp.vim

@@ -1,7 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Add comment format
-setlocal comments=b://,s1:/*,mb:*,ex:*/
-setlocal commentstring=//\ %s
-let b:undo_ftplugin.='|setlocal comments< commentstring<'

modules/home/vim/after/ftplugin/json.vim

@@ -1,6 +0,0 @@
-" Create the `b:undo_ftplugin` variable if it doesn't exist
-call ftplugined#check_undo_ft()
-
-" Use a small indentation value on JSON files
-setlocal shiftwidth=2
-let b:undo_ftplugin.='|setlocal shiftwidth<'

modules/home/vim/ftdetect/blueprint.lua

@@ -1,6 +0,0 @@
--- Use `bp` filetype for Blueprint files
-vim.filetype.add({
-    extension = {
-        bp = "bp",
-    },
-})

modules/nixos/profiles/laptop/default.nix

@@ -9,7 +9,7 @@ in
 
   config = lib.mkIf cfg.enable {
     # Enable touchpad support
-    services.libinput.enable = true;
+    services.xserver.libinput.enable = true;
 
     # Enable TLP power management
     my.services.tlp.enable = true;

modules/nixos/services/audiobookshelf/default.nix

@@ -1,39 +0,0 @@
-# Audiobook and podcast library
-{ config, lib, ... }:
-let
-  cfg = config.my.services.audiobookshelf;
-in
-{
-  options.my.services.audiobookshelf = with lib; {
-    enable = mkEnableOption "Audiobookshelf, a self-hosted podcast manager";
-
-    port = mkOption {
-      type = types.port;
-      default = 8000;
-      example = 4242;
-      description = "The port on which Audiobookshelf will listen for incoming HTTP traffic.";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.audiobookshelf = {
-      enable = true;
-      inherit (cfg) port;
-
-      group = "media";
-    };
-
-    # Set-up media group
-    users.groups.media = { };
-
-    my.services.nginx.virtualHosts = {
-      audiobookshelf = {
-        inherit (cfg) port;
-        # Proxy websockets for RPC
-        extraConfig = {
-          locations."/".proxyWebsockets = true;
-        };
-      };
-    };
-  };
-}

modules/nixos/services/default.nix

@@ -4,7 +4,6 @@
   imports = [
     ./adblock
     ./aria
-    ./audiobookshelf
     ./backup
     ./blog
     ./calibre-web

modules/nixos/services/nextcloud/default.nix

@@ -31,7 +31,7 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud29;
+      package = pkgs.nextcloud28;
       hostName = "nextcloud.${config.networking.domain}";
       home = "/var/lib/nextcloud";
       maxUploadSize = cfg.maxSize;

modules/nixos/services/podgrab/default.nix

@@ -17,15 +17,6 @@ in
       '';
     };
 
-    dataDir = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      example = "/mnt/podgrab";
-      description = ''
-        Path to the directory to store the podcasts. Use default if null
-      '';
-    };
-
     port = mkOption {
       type = types.port;
       default = 8080;
@@ -38,14 +29,8 @@ in
     services.podgrab = {
       enable = true;
       inherit (cfg) passwordFile port;
-
-      group = "media";
-      dataDirectory = lib.mkIf (cfg.dataDir != null) cfg.dataDir;
     };
 
-    # Set-up media group
-    users.groups.media = { };
-
     my.services.nginx.virtualHosts = {
       podgrab = {
         inherit (cfg) port;

modules/nixos/services/postgresql/default.nix

@@ -20,28 +20,24 @@ in
 
     # Taken from the manual
     (lib.mkIf cfg.upgradeScript {
+      containers.temp-pg.config.services.postgresql = {
+        enable = true;
+        package = pkgs.postgresql_13;
+      };
+
       environment.systemPackages =
         let
-          pgCfg = config.services.postgresql;
-          newPackage' = pkgs.postgresql_13;
-
-          oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package;
-          oldData = pgCfg.dataDir;
-          oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin";
-
-          newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage';
-          newData = "/var/lib/postgresql/${newPackage.psqlSchema}";
-          newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin";
+          newpg = config.containers.temp-pg.config.services.postgresql;
         in
         [
           (pkgs.writeScriptBin "upgrade-pg-cluster" ''
             #!/usr/bin/env bash
 
-            set -eux
-            export OLDDATA="${oldData}"
-            export NEWDATA="${newData}"
-            export OLDBIN="${oldBin}"
-            export NEWBIN="${newBin}"
+            set -x
+            export OLDDATA="${config.services.postgresql.dataDir}"
+            export NEWDATA="${newpg.dataDir}"
+            export OLDBIN="${config.services.postgresql.package}/bin"
+            export NEWBIN="${newpg.package}/bin"
 
             if [ "$OLDDATA" -ef "$NEWDATA" ]; then
               echo "Cannot migrate to same data directory" >&2
@@ -50,21 +46,14 @@ in
 
             install -d -m 0700 -o postgres -g postgres "$NEWDATA"
             cd "$NEWDATA"
-            sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA"
+            sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
 
             systemctl stop postgresql    # old one
 
-            sudo -u postgres "$NEWBIN/pg_upgrade" \
+            sudo -u postgres $NEWBIN/pg_upgrade \
               --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
-              --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
+              --old-bindir $OLDBIN --new-bindir $NEWBIN \
               "$@"
-
-            cat << EOF
-              Run the following commands after setting:
-              services.postgresql.package = pkgs.postgresql_${lib.versions.major newPackage.version}
-                  sudo -u postgres vacuumdb --all --analyze-in-stages
-                  ${newData}/delete_old_cluster.sh
-            EOF
           '')
         ];
     })

modules/nixos/services/rss-bridge/default.nix

@@ -11,9 +11,7 @@ in
   config = lib.mkIf cfg.enable {
     services.rss-bridge = {
       enable = true;
-      config = {
-        system.enabled_bridges = [ "*" ]; # Whitelist all
-      };
+      whitelist = [ "*" ]; # Whitelist all
       virtualHost = "rss-bridge.${config.networking.domain}";
     };
 

modules/nixos/services/woodpecker/agent-exec/default.nix

@@ -44,8 +44,6 @@ in
       serviceConfig = {
         # Same option as upstream, without @setuid
         SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
-        # NodeJS requires RWX memory...
-        MemoryDenyWriteExecute = lib.mkForce false;
 
         BindPaths = [
           "/nix/var/nix/daemon-socket/socket"

pkgs/bt-migrate/default.nix

@@ -0,0 +1,61 @@
+{ lib
+, boost
+, cmake
+, cxxopts
+, digestpp
+, fetchFromGitHub
+, fmt
+, jsoncons
+, pugixml
+, sqlite_orm
+, stdenv
+}:
+stdenv.mkDerivation {
+  pname = "bt-migrate";
+  version = "0-unstable-2023-08-17";
+
+  src = fetchFromGitHub {
+    owner = "mikedld";
+    repo = "bt-migrate";
+    rev = "e15a489c0c76f98355586ebbee08223af4e9bf50";
+    hash = "sha256-kA6yxhbIh3ThmgF8Zyoe3I79giLVmdNr9IIrw5Xx4s0=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  buildInputs = [
+    boost
+    cxxopts
+    fmt
+    jsoncons
+    pugixml
+    sqlite_orm
+  ];
+
+  cmakeFlags = [
+    (lib.strings.cmakeBool "USE_VCPKG" false)
+    # NOTE: digestpp does not have proper CMake packaging (yet?)
+    (lib.strings.cmakeBool "USE_FETCHCONTENT" true)
+    (lib.strings.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DIGESTPP" "${digestpp}/include/digestpp")
+  ];
+
+  # NOTE: no install target in CMake...
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin
+    cp BtMigrate $out/bin
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Torrent state migration tool";
+    homepage = "https://github.com/mikedld/bt-migrate";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ ambroisie ];
+    mainProgram = "BtMigrate";
+  };
+}

pkgs/default.nix

@@ -1,5 +1,7 @@
 { pkgs }:
 pkgs.lib.makeScope pkgs.newScope (pkgs: {
+  bt-migrate = pkgs.callPackage ./bt-migrate { };
+
   bw-pass = pkgs.callPackage ./bw-pass { };
 
   change-audio = pkgs.callPackage ./change-audio { };
@@ -10,6 +12,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   diff-flake = pkgs.callPackage ./diff-flake { };
 
+  digestpp = pkgs.callPackage ./digestpp { };
+
   dragger = pkgs.callPackage ./dragger { };
 
   drone-rsync = pkgs.callPackage ./drone-rsync { };
@@ -26,6 +30,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
 
   rbw-pass = pkgs.callPackage ./rbw-pass { };
 
+  sqlite_orm = pkgs.callPackage ./sqlite_orm { };
+
   unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };
 
   zsh-done = pkgs.callPackage ./zsh-done { };

pkgs/digestpp/default.nix

@@ -0,0 +1,31 @@
+{ lib
+, fetchFromGitHub
+, stdenv
+}:
+stdenv.mkDerivation {
+  pname = "digestpp";
+  version = "0-unstable-2023-11-07";
+
+  src = fetchFromGitHub {
+    owner = "kerukuro";
+    repo = "digestpp";
+    rev = "ebb699402c244e22c3aff61d2239bcb2e87b8ef8";
+    hash = "sha256-9X/P7DgZB6bSYjQWRli4iAXEFjhmACOVv3EYQrXuH5c=";
+  };
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/include/digestpp
+    cp -r *.hpp algorithm/ detail/ $out/include/digestpp
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "C++11 header-only message digest library";
+    homepage = "https://github.com/kerukuro/digestpp";
+    license = licenses.unlicense;
+    maintainers = with maintainers; [ ambroisie ];
+  };
+}

pkgs/sqlite_orm/default.nix

@@ -0,0 +1,32 @@
+{ lib
+, cmake
+, fetchFromGitHub
+, sqlite
+, stdenv
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "sqlite_orm";
+  version = "1.8.2";
+
+  src = fetchFromGitHub {
+    owner = "fnc12";
+    repo = "sqlite_orm";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  propagatedBuildInputs = [
+    sqlite
+  ];
+
+  meta = with lib; {
+    description = "Light header only SQLite ORM";
+    homepage = "https://sqliteorm.com/";
+    license = licenses.agpl3Only; # MIT license is commercial
+    maintainers = with maintainers; [ ambroisie ];
+  };
+})

templates/default.nix

@@ -7,8 +7,4 @@
     path = ./c++-meson;
     description = "A C++ project using Meson";
   };
-  "rust-cargo" = {
-    path = ./rust-cargo;
-    description = "A Rust project using Cargo";
-  };
 }

templates/rust-cargo/.envrc

@@ -1,5 +0,0 @@
-if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then
-    source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg="
-fi
-
-use flake

templates/rust-cargo/.gitignore

@@ -1,6 +0,0 @@
-# Rust build directory
-/target
-
-# Nix generated files
-/.pre-commit-config.yaml
-/result

templates/rust-cargo/.woodpecker/check.yml

@@ -1,31 +0,0 @@
-labels:
-  backend: local
-
-steps:
-- name: pre-commit check
-  image: bash
-  commands:
-  - nix develop --command pre-commit run --all
-
-- name: nix flake check
-  image: bash
-  commands:
-  - nix flake check
-
-- name: notifiy
-  image: bash
-  environment:
-    ADDRESS:
-      from_secret: matrix_homeserver
-    ROOM:
-      from_secret: matrix_roomid
-    USER:
-      from_secret: matrix_username
-    PASS:
-      from_secret: matrix_password
-  commands:
-  - nix run github:ambroisie/matrix-notifier
-  when:
-    status:
-    - failure
-    - success

templates/rust-cargo/Cargo.lock

@@ -1,7 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 3
-
-[[package]]
-name = "project"
-version = "0.0.0"

templates/rust-cargo/Cargo.toml

@@ -1,8 +0,0 @@
-[package]
-name = "project"
-version = "0.0.0"
-edition = "2021"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]

templates/rust-cargo/flake.nix

@@ -1,112 +0,0 @@
-{
-  description = "A Rust project";
-
-  inputs = {
-    futils = {
-      type = "github";
-      owner = "numtide";
-      repo = "flake-utils";
-      ref = "main";
-    };
-
-    nixpkgs = {
-      type = "github";
-      owner = "NixOS";
-      repo = "nixpkgs";
-      ref = "nixos-unstable";
-    };
-
-    pre-commit-hooks = {
-      type = "github";
-      owner = "cachix";
-      repo = "pre-commit-hooks.nix";
-      ref = "master";
-      inputs = {
-        flake-utils.follows = "futils";
-        nixpkgs.follows = "nixpkgs";
-      };
-    };
-  };
-
-  outputs = { self, futils, nixpkgs, pre-commit-hooks }:
-    {
-      overlays = {
-        default = final: _prev: {
-          project = with final; rustPlatform.buildRustPackage {
-            pname = "project";
-            version = (final.lib.importTOML ./Cargo.toml).package.version;
-
-            src = self;
-
-            cargoLock = {
-              lockFile = "${self}/Cargo.lock";
-            };
-
-            meta = with lib; {
-              description = "A Rust project";
-              homepage = "https://git.belanyi.fr/ambroisie/project";
-              license = licenses.mit;
-              maintainers = with maintainers; [ ambroisie ];
-            };
-          };
-        };
-      };
-    } // futils.lib.eachDefaultSystem (system:
-      let
-        pkgs = import nixpkgs {
-          inherit system;
-          overlays = [
-            self.overlays.default
-          ];
-        };
-
-        pre-commit = pre-commit-hooks.lib.${system}.run {
-          src = self;
-
-          hooks = {
-            clippy = {
-              enable = true;
-              settings = {
-                denyWarnings = true;
-              };
-            };
-
-            nixpkgs-fmt = {
-              enable = true;
-            };
-
-            rustfmt = {
-              enable = true;
-            };
-          };
-        };
-      in
-      {
-        checks = {
-          inherit (self.packages.${system}) project;
-        };
-
-        devShells = {
-          default = pkgs.mkShell {
-            inputsFrom = with self.packages.${system}; [
-              project
-            ];
-
-            packages = with pkgs; [
-              clippy
-              rust-analyzer
-              rustfmt
-            ];
-
-            RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}";
-
-            inherit (pre-commit) shellHook;
-          };
-        };
-
-        packages = futils.lib.flattenTree {
-          default = pkgs.project;
-          inherit (pkgs) project;
-        };
-      });
-}

templates/rust-cargo/src/main.rs

@@ -1,3 +0,0 @@
-fn main() {
-    println!("Hello, world!");
-}