diff --git a/.envrc b/.envrc index f5141c2..9222bda 100644 --- a/.envrc +++ b/.envrc @@ -1,8 +1,8 @@ -if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" fi -watch_file ./flake/checks.nix -watch_file ./flake/dev-shells.nix +nix_direnv_watch_file ./flake/checks.nix +nix_direnv_watch_file ./flake/dev-shells.nix use flake diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml index e04cd46..aff6e84 100644 --- a/.woodpecker/check.yml +++ b/.woodpecker/check.yml @@ -9,15 +9,15 @@ steps: - name: notifiy image: bash - environment: - ADDRESS: - from_secret: matrix_homeserver - ROOM: - from_secret: matrix_roomid - USER: - from_secret: matrix_username - PASS: - from_secret: matrix_password + secrets: + - source: matrix_homeserver + target: address + - source: matrix_roomid + target: room + - source: matrix_username + target: user + - source: matrix_password + target: pass commands: - nix run '.#matrix-notifier' when: diff --git a/flake.lock b/flake.lock index 4308e9c..d2f2e6d 100644 --- a/flake.lock +++ b/flake.lock @@ -8,17 +8,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "systems": [ - "systems" ] }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1696775529, + "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4", "type": "github" }, "original": { @@ -36,11 +33,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -53,11 +50,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -73,11 +70,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1698579227, + "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "f76e870d64779109e41370848074ac4eaa1606ec", "type": "github" }, "original": { @@ -89,16 +86,14 @@ }, "futils": { "inputs": { - "systems": [ - "systems" - ] + "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -116,11 +111,11 @@ ] }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", "type": "github" }, "original": { @@ -136,11 +131,11 @@ ] }, "locked": { - "lastModified": 1711604890, - "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=", + "lastModified": 1698670511, + "narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df", + "rev": "8e5416b478e465985eec274bc3a018024435c106", "type": "github" }, "original": { @@ -152,11 +147,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711523803, - "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", + "lastModified": 1698611440, + "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", + "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "type": "github" }, "original": { @@ -168,11 +163,11 @@ }, "nur": { "locked": { - "lastModified": 1711622043, - "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=", + "lastModified": 1698745553, + "narHash": "sha256-Fdip7ewCtZTjOu7ATDFUAy3OqrgcyvzDElLXhr4YmmI=", "owner": "nix-community", "repo": "NUR", - "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c", + "rev": "dfbf198236d40e9741db76936088f05107e19013", "type": "github" }, "original": { @@ -197,11 +192,11 @@ ] }, "locked": { - "lastModified": 1711519547, - "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=", + "lastModified": 1698227354, + "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a", + "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf", "type": "github" }, "original": { @@ -219,8 +214,7 @@ "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems" + "pre-commit-hooks": "pre-commit-hooks" } }, "systems": { @@ -234,7 +228,6 @@ }, "original": { "owner": "nix-systems", - "ref": "main", "repo": "default", "type": "github" } diff --git a/flake.nix b/flake.nix index 9c29183..8e46ea3 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,6 @@ inputs = { home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs"; - systems.follows = "systems"; }; }; @@ -28,9 +27,6 @@ owner = "numtide"; repo = "flake-utils"; ref = "main"; - inputs = { - systems.follows = "systems"; - }; }; home-manager = { @@ -68,13 +64,6 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; - - systems = { - type = "github"; - owner = "nix-systems"; - repo = "default"; - ref = "main"; - }; }; # Can't eta-reduce a flake outputs... diff --git a/flake/default.nix b/flake/default.nix index 5e52025..65102e1 100644 --- a/flake/default.nix +++ b/flake/default.nix @@ -1,9 +1,9 @@ { flake-parts -, systems +, futils , ... } @ inputs: let - mySystems = import systems; + mySystems = futils.lib.defaultSystems; in flake-parts.lib.mkFlake { inherit inputs; } { systems = mySystems; diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 34af375..61c9f6e 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -39,8 +39,7 @@ let }; }; - homes = { - "ambroisie@bazin" = "x86_64-linux"; + hosts = { "ambroisie@mousqueton" = "x86_64-linux"; }; in @@ -50,13 +49,13 @@ in legacyPackages = { homeConfigurations = let - filteredHomes = lib.filterAttrs (_: v: v == system) homes; - allHomes = filteredHomes // { + filteredHosts = lib.filterAttrs (_: v: v == system) hosts; + allHosts = filteredHosts // { # Default configuration ambroisie = system; }; in - lib.mapAttrs mkHome allHomes; + lib.mapAttrs mkHome allHosts; }; }; } diff --git a/flake/nixos.nix b/flake/nixos.nix index b48b551..fe124d7 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,5 +1,7 @@ -{ self, inputs, lib, ... }: +{ self, inputs, ... }: let + inherit (self) lib; + defaultModules = [ { # Let 'nixos-version --json' know about the Git revision @@ -21,7 +23,7 @@ let ]; specialArgs = { # Use my extended lib in NixOS configuration - inherit (self) lib; + inherit lib; # Inject inputs to use them in global registry inherit inputs; }; diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix deleted file mode 100644 index f52fbce..0000000 --- a/hosts/homes/ambroisie@bazin/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Google Laptop configuration -{ lib, options, pkgs, ... }: -{ - services.gpg-agent.enable = lib.mkForce false; - - my.home = { - git = { - package = pkgs.emptyDirectory; - }; - - tmux = { - # I use scripts that use the passthrough sequence often on this host - enablePassthrough = true; - - terminalFeatures = { - # HTerm uses `xterm-256color` as its `$TERM`, so use that here - xterm-256color = { }; - }; - }; - - ssh = { - mosh = { - package = pkgs.emptyDirectory; - }; - }; - - zsh = { - notify = { - enable = true; - - exclude = options.my.home.zsh.notify.exclude.default ++ [ - "adb shell$" # Only interactive shell sessions - ]; - - ssh = { - enable = true; - # `notify-send` is proxied to the ChromeOS layer - useOsc777 = false; - }; - }; - }; - }; -} diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 44e62e6..8294ff4 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -4,21 +4,26 @@ # Google specific configuration home.homeDirectory = "/usr/local/google/home/ambroisie"; + # Some tooling (e.g: SSH) need to use this library + home.sessionVariables = { + LD_PRELOAD = "/usr/grte/v5/lib64/libnss_cache.so.2\${LD_PRELOAD:+:}$LD_PRELOAD"; + }; + + systemd.user.sessionVariables = { + LD_PRELOAD = "/usr/grte/v5/lib64/libnss_cache.so.2\${LD_PRELOAD:+:}$LD_PRELOAD"; + }; + + programs.git.package = lib.mkForce pkgs.emptyDirectory; + services.gpg-agent.enable = lib.mkForce false; my.home = { - git = { - package = pkgs.emptyDirectory; - }; - tmux = { # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; - terminalFeatures = { - # HTerm uses `xterm-256color` as its `$TERM`, so use that here - xterm-256color = { }; - }; + # HTerm uses `xterm-256color` as its `$TERM`, so use that here + trueColorTerminals = [ "xterm-256color" ]; }; }; } diff --git a/hosts/nixos/aramis/hardware.nix b/hosts/nixos/aramis/hardware.nix index 99bc77e..c66b426 100644 --- a/hosts/nixos/aramis/hardware.nix +++ b/hosts/nixos/aramis/hardware.nix @@ -26,12 +26,6 @@ firmware = { cpuFlavor = "intel"; }; - - graphics = { - enable = true; - - gpuFlavor = "intel"; - }; }; hardware = { diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 64b63ce..66a0892 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = pkgs.pinentry-gtk2; + bitwarden.pinentry = "gtk2"; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = pkgs.pinentry-gtk2; + gpg.pinentry = "gtk2"; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client diff --git a/hosts/nixos/porthos/boot.nix b/hosts/nixos/porthos/boot.nix index 461e969..fbc5db7 100644 --- a/hosts/nixos/porthos/boot.nix +++ b/hosts/nixos/porthos/boot.nix @@ -3,14 +3,15 @@ { boot = { - # Use the systemd-boot EFI boot loader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; + # Use the GRUB 2 boot loader. + loader.grub = { + enable = true; + # Define on which hard drive you want to install Grub. + device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P"; }; initrd = { - availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ]; + availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ]; kernelModules = [ "dm-snapshot" ]; }; diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix index bd1bdb1..2dea899 100644 --- a/hosts/nixos/porthos/default.nix +++ b/hosts/nixos/porthos/default.nix @@ -16,5 +16,11 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - system.stateVersion = "24.05"; # Did you read the comment? + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/hosts/nixos/porthos/hardware.nix b/hosts/nixos/porthos/hardware.nix index 2172c5c..5a6e0d7 100644 --- a/hosts/nixos/porthos/hardware.nix +++ b/hosts/nixos/porthos/hardware.nix @@ -1,5 +1,5 @@ # Hardware configuration -{ modulesPath, ... }: +{ lib, modulesPath, ... }: { imports = [ @@ -11,18 +11,9 @@ fsType = "ext4"; }; - fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; - swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - my.hardware = { - firmware = { - cpuFlavor = "intel"; - }; - }; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/hosts/nixos/porthos/home.nix b/hosts/nixos/porthos/home.nix index c2c858b..90aa0ec 100644 --- a/hosts/nixos/porthos/home.nix +++ b/hosts/nixos/porthos/home.nix @@ -1,18 +1,11 @@ { ... }: { my.home = { - nix = { - cache = { - # This server is the one serving the cache, don't try to query it - selfHosted = false; - }; - }; - - # Allow using extended features when SSH-ing from various clients - tmux.terminalFeatures = { + # Allow using 24bit color when SSH-ing from various clients + tmux.trueColorTerminals = [ # My usual terminal, e.g: on laptop - alacritty = { }; - }; + "alacritty" + ]; # Always start a tmux session when opening a shell session zsh.launchTmux = true; diff --git a/hosts/nixos/porthos/install.sh b/hosts/nixos/porthos/install.sh index e6ba0aa..8edc175 100644 --- a/hosts/nixos/porthos/install.sh +++ b/hosts/nixos/porthos/install.sh @@ -3,7 +3,7 @@ SWAP_SIZE=16GiB parted /dev/sda --script -- \ - mklabel gpt \ + mklabel msdos \ mkpart primary 512MiB -$SWAP_SIZE \ mkpart primary linux-swap -$SWAP_SIZE 100% \ mkpart ESP fat32 1MiB 512MiB \ @@ -11,24 +11,14 @@ parted /dev/sda --script -- \ parted /dev/sdb --script -- \ mklabel gpt \ - mkpart primary 0% 100% -parted /dev/sdc --script -- \ - mklabel gpt \ - mkpart primary 0% 100% -parted /dev/sdd --script -- \ - mklabel gpt \ - mkpart primary 0% 100% + mkpart primary 0MiB 100% mkfs.ext4 -L media1 /dev/sda1 mkfs.ext4 -L media2 /dev/sdb1 -mkfs.ext4 -L media3 /dev/sdc1 -mkfs.ext4 -L media4 /dev/sdd1 pvcreate /dev/sda1 pvcreate /dev/sdb1 -pvcreate /dev/sdc1 -pvcreate /dev/sdd1 -vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 +vgcreate lvm /dev/sda1 /dev/sdb1 lvcreate -l 100%FREE -n media lvm mkfs.ext4 -L nixos /dev/mapper/lvm-media @@ -37,17 +27,17 @@ mkfs.fat -F 32 -n boot /dev/sda3 mount /dev/disk/by-label/nixos /mnt swapon /dev/sda2 -mkdir -p /mnt/boot -mount /dev/disk/by-label/boot /mnt/boot apt install sudo useradd -m -G sudo setupuser +# shellcheck disable=2117 +su setupuser cat << EOF # Run the following commands as setup user -curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install -. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh -nix profile install nixpkgs#nixos-install-tools +curl -L https://nixos.org/nix/install | sh +. $HOME/.nix-profile/etc/profile.d/nix.sh +nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs sudo "$(which nixos-generate-config)" --root /mnt # Change uuids to labels @@ -64,6 +54,3 @@ git crypt unlock nixos-install --root /mnt --flake '.#' EOF - -# shellcheck disable=2117 -su setupuser diff --git a/hosts/nixos/porthos/networking.nix b/hosts/nixos/porthos/networking.nix index 717652b..1e2c9cd 100644 --- a/hosts/nixos/porthos/networking.nix +++ b/hosts/nixos/porthos/networking.nix @@ -6,17 +6,30 @@ hostName = "porthos"; # Define your hostname. domain = "belanyi.fr"; # Define your domain. - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = true; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + useDHCP = false; + interfaces = { - eno1.useDHCP = true; - eno2.useDHCP = true; + bond0.useDHCP = true; + bonding_masters.useDHCP = true; + dummy0.useDHCP = true; + erspan0.useDHCP = true; + eth0.useDHCP = true; + eth1.useDHCP = true; + gre0.useDHCP = true; + gretap0.useDHCP = true; + ifb0.useDHCP = true; + ifb1.useDHCP = true; + ip6tnl0.useDHCP = true; + sit0.useDHCP = true; + teql0.useDHCP = true; + tunl0.useDHCP = true; }; }; # Which interface is used to connect to the internet - my.hardware.networking.externalInterface = "eno1"; + my.hardware.networking.externalInterface = "eth0"; } diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index fce2a84..97d397c 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y --> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw ---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg -r&{~v?}= -}+ SQM[]k MAtmM/Ls|ޅmCiYC}x \ No newline at end of file +-> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo +NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c +-> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw +j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68 +-> z}.q-grease s2W ssh-ed25519 cKojmg fpiyZo1AR5hCfk/KtbgWCTzz+05/VOUnnaHhWgXQRwc -d2w9IX/kq/T6OwQ1zImsCmzIX2yfFD8hQDbs0IW3ZIA --> ssh-ed25519 jPowng E9R7p9NCubUQrymjnrNfEjSNIIAXrBQLogNkWsOx8xc -MrWEE5LNtOqAjnwA6byfSa1udnbUtqBy4FhdxipuA+g ---- fKgerjgGs+brvNKnrWdpmOadl34LipMT6Msqse2g3E0 -E9flKYRL-Ƿ\EK{7oXGxT)˜6%LOT**8\@G \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age index 63f0d32..b8ea008 100644 Binary files a/hosts/nixos/porthos/secrets/backup/credentials.age and b/hosts/nixos/porthos/secrets/backup/credentials.age differ diff --git a/hosts/nixos/porthos/secrets/backup/password.age b/hosts/nixos/porthos/secrets/backup/password.age index db3c2fa..3af9fbe 100644 --- a/hosts/nixos/porthos/secrets/backup/password.age +++ b/hosts/nixos/porthos/secrets/backup/password.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ -Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM --> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE -xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo ---- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU -<<{V?fk/I"/5K"(i \ No newline at end of file +-> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4 +F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw +-> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI +P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ +-> *z4/`-grease S/)a{e sFd";= +--- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA +#+vS4}R%ίF4fnDJZA,_ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age index 6b68503..90ff83b 100644 Binary files a/hosts/nixos/porthos/secrets/drone/gitea.age and b/hosts/nixos/porthos/secrets/drone/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age index d6e7330..c529200 100644 --- a/hosts/nixos/porthos/secrets/drone/secret.age +++ b/hosts/nixos/porthos/secrets/drone/secret.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4 -tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA --> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo -O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU ---- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM -+ܢ6JNmq[ Eb1p)vDPL9̀z!߇'Tad5U: [dύRMpzj \ No newline at end of file +-> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y +oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM +-> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc +/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0 +-> *Lc$@-grease +pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN +--- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY +YXjb2und;i0X]0jLPT~^kc$DrufreOո+p&wϨ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age index 737777d..0211701 100644 Binary files a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age and b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age differ diff --git a/hosts/nixos/porthos/secrets/forgejo/mail-password.age b/hosts/nixos/porthos/secrets/forgejo/mail-password.age deleted file mode 100644 index 67ef695..0000000 --- a/hosts/nixos/porthos/secrets/forgejo/mail-password.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA -jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4 --> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc -WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4 ---- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds -,F6⬘ ix̏e| - -Ϝ,{ v!z$P;TKW - qG \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age index e2e70ac..915f8e9 100644 --- a/hosts/nixos/porthos/secrets/gitea/mail-password.age +++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig -gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg --> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o -r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os ---- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s -+)PnWT,.eNW YƱkF4#=)6mȵJ# \ No newline at end of file +-> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M +7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo +-> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww +bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs +-> jK/-grease Oz.R ?;)G ], +AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok +--- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18 +)gЪeu! - TYAM+GbMe@|A,&E!܆p=P=9P!Q|r \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age index 1d9c5ba..fa310b4 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/secret.age and b/hosts/nixos/porthos/secrets/lohr/secret.age differ diff --git a/hosts/nixos/porthos/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age index 477a4d1..30a5e25 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/ssh-key.age and b/hosts/nixos/porthos/secrets/lohr/ssh-key.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age index 94ddf8c..1fe3a71 100644 --- a/hosts/nixos/porthos/secrets/matrix/mail.age +++ b/hosts/nixos/porthos/secrets/matrix/mail.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA -QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg --> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8 -eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc ---- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc -@lQsȄףD}^{X)nYJhXhg8wӨǂwy(a.0>|PSlO|E鰀BW_)|x4\_F -Zo0=dtsj[0O+R8id8j -g$x òb흭Xg^G$UB*鲡)[tHav7jD.z+[~ 9z`s,_!^Yʯ2HSŏ*@jZ^v~غ@ \ No newline at end of file +-> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s +ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M +-> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw +/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI +-> 32;%1s-grease +JafjuSZty6a4NSO/y4y5wHWL8Mw +--- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY +oi,`#uwW%Poubڭcy8 ><FqKÂk0k/h5势F+u eb>1Q2wnWb֖Bi^xur- /ll-=7;j0I%FiA;YUd]KI0( Ag^uG:pkJ:qWSaLw!M4L/ZD-XUbvbP0f9 J`XO!s{QAcc;4Mچݹ lxH&{}zZ9ûXܓg]V0gtw \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age index 2c8852d..539c33e 100644 Binary files a/hosts/nixos/porthos/secrets/matrix/secret.age and b/hosts/nixos/porthos/secrets/matrix/secret.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age index e938cfa..d375a35 100644 --- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age +++ b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E -OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c --> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg -cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg ---- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY -"W9bg~/b4ՆI -} -NC7vWb?8=wB UpJClOșnO\ \ No newline at end of file +-> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk +HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU +-> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc +JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8 +-> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E -Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI --> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM -rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI ---- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM -BLs?sӓs2y -R0!<f9txB7dڊ^ɇLJ&W ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y +yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg +-> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4 +di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10 +-> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s +yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/ +CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q +--- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0 +.|rr>12Sɞ.hww q%i *U^)'qO2ӜmQ7m` \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/monitoring/secret-key.age b/hosts/nixos/porthos/secrets/monitoring/secret-key.age index 6ea8c54..4cef94f 100644 Binary files a/hosts/nixos/porthos/secrets/monitoring/secret-key.age and b/hosts/nixos/porthos/secrets/monitoring/secret-key.age differ diff --git a/hosts/nixos/porthos/secrets/nextcloud/password.age b/hosts/nixos/porthos/secrets/nextcloud/password.age index 9039eea..9fd3c53 100644 Binary files a/hosts/nixos/porthos/secrets/nextcloud/password.age and b/hosts/nixos/porthos/secrets/nextcloud/password.age differ diff --git a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age index 17732ed..e0fb5be 100644 Binary files a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age and b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age differ diff --git a/hosts/nixos/porthos/secrets/paperless/password.age b/hosts/nixos/porthos/secrets/paperless/password.age index 8d545fd..3fe76cb 100644 --- a/hosts/nixos/porthos/secrets/paperless/password.age +++ b/hosts/nixos/porthos/secrets/paperless/password.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ -92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w --> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY -qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE ---- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc -x>禩_C9dT5KzЄqcZɾpใv -) \ No newline at end of file +-> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE +fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I +-> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM +8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo +-> xjK'w-grease +f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg +--- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE +חJ d o'YFU@ +r7_N$>]hq-F۰qX?| ? \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age index 70cb898..eae5c56 100644 --- a/hosts/nixos/porthos/secrets/paperless/secret-key.age +++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4 -LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q --> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk -6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0 ---- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo -c#=^~?5-wNT̡+!z " Z"2M!p5VjΡѡLyŹ nĊ8zQ+ة9WS0u}YÚ \ No newline at end of file +-> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4 +Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI +-> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs +KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0 +-> 2E"/OFW-grease o Qp3HFe^ +bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh +TCJCTvZG31Qxvikp +--- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY +T /Ni7m4#MhiPޛ-gI%@E(i7Ygk"+㸠(]o@bާ+[Y"BCR[ >-.4db9v \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age index d50dc28..90e2501 100644 --- a/hosts/nixos/porthos/secrets/podgrab/password.age +++ b/hosts/nixos/porthos/secrets/podgrab/password.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc -FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw --> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY -RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc ---- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8 -{Rh=42 yЙjMWQ%X ]JK]F?QK \ No newline at end of file +-> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs +ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU +-> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0 +MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY +-> COK%H7-grease +6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ +--- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo +vvNb@FMMY&/%mt֓dh|ߩ8 ڽ9C/ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/pyload/credentials.age b/hosts/nixos/porthos/secrets/pyload/credentials.age deleted file mode 100644 index 089f962..0000000 --- a/hosts/nixos/porthos/secrets/pyload/credentials.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU -/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0 --> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ -sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg ---- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0 -ˮUE_ ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM -FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU --> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM -NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ ---- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs -ըENܞm›2u~Jubt[$T^2ji@xҸ*İg[MHX!6ezDW]<` XPޛ -q*o$< \ No newline at end of file +-> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g +f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U +-> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY +hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA +-> J<-grease +n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN +chDccuSPLYk45Ov+SD/qqqFZlQ +--- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM +۱S7VBOlEtq_D,PVFp\"AM}g?/\;y Ӛ(SK \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age index 864e5be..4c83acd 100644 Binary files a/hosts/nixos/porthos/secrets/vikunja/mail.age and b/hosts/nixos/porthos/secrets/vikunja/mail.age differ diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age index d7e292e..4abe1e5 100644 --- a/hosts/nixos/porthos/secrets/wireguard/private-key.age +++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI -NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w --> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA -nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M ---- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0 -Bb<Ōb!E?:=srJCKz5{4`&N057v+1 -+(d{ Q \ No newline at end of file +-> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w +sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA +-> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY +ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw +-> l-grease |PIcZ NIr >0;* +4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I +m51A8uWS4nSj36N/76v6K4kelxKzWUg +--- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw +q$`w'SX]?6/N(BNa.H7Ioz/4:sK",7J \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age index 11817ff..e6ede6c 100644 Binary files a/hosts/nixos/porthos/secrets/woodpecker/gitea.age and b/hosts/nixos/porthos/secrets/woodpecker/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age index 89bcb6b..63a4862 100644 --- a/hosts/nixos/porthos/secrets/woodpecker/secret.age +++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0 -cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU --> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k -nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0 ---- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0 -d>cE?nbv_'2յ_6Pu:usE8ϓxuڶ̪x̧C[ .6 qJ5GK)N ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY +6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8 +-> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I +L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ +-> I[G-grease p +AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr +wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1 +--- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q +mWr_\)Ͱ]QxMs/݃ݪ6kYxMyJG)i2_'֜HF.g_e5#utՠ7jP'Tޥ8\IWUK1ں9 \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age index b0b7b46..0211701 100644 Binary files a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age and b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age differ diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a67ae3b..d73cdc1 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -36,14 +36,14 @@ in flood = { enable = true; }; - # Forgejo forge - forgejo = { + # Gitea forge + gitea = { enable = true; mail = { enable = true; - host = "smtp.migadu.com"; - user = lib.my.mkMailAddress "forgejo" "belanyi.fr"; - passwordFile = secrets."forgejo/mail-password".path; + host = "smtp.migadu.com:465"; + user = lib.my.mkMailAddress "gitea" "belanyi.fr"; + passwordFile = secrets."gitea/mail-password".path; }; }; # Meta-indexers @@ -68,10 +68,6 @@ in secretFile = secrets."matrix/sliding-sync-secret".path; }; }; - mealie = { - enable = true; - credentialsFile = secrets."mealie/mail".path; - }; miniflux = { enable = true; credentialsFiles = secrets."miniflux/credentials".path; @@ -138,10 +134,6 @@ in }; # Regular backups postgresql-backup.enable = true; - pyload = { - enable = true; - credentialsFile = secrets."pyload/credentials".path; - }; # RSS provider for websites that do not provide any feeds rss-bridge.enable = true; # Usenet client diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index b8973cc..19a6fb9 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -25,8 +25,6 @@ in search_mode = "skim"; # Show long command lines at the bottom show_preview = true; - # I like being able to edit my commands - enter_accept = false; }; }; }; diff --git a/modules/home/bitwarden/default.nix b/modules/home/bitwarden/default.nix index 0c0dfab..c709f7b 100644 --- a/modules/home/bitwarden/default.nix +++ b/modules/home/bitwarden/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.home.bitwarden; in @@ -6,7 +6,12 @@ in options.my.home.bitwarden = with lib; { enable = my.mkDisableOption "bitwarden configuration"; - pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; + pinentry = mkOption { + type = types.str; + default = "tty"; + example = "gtk2"; + description = "Which pinentry interface to use"; + }; }; config = lib.mkIf cfg.enable { diff --git a/modules/home/default.nix b/modules/home/default.nix index c8183cf..8ba3a8d 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -23,7 +23,6 @@ ./gtk ./htop ./jq - ./keyboard ./mail ./mpv ./nix @@ -39,7 +38,6 @@ ./tmux ./udiskie ./vim - ./wget ./wm ./x ./xdg diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh index fa2f856..b25d675 100644 --- a/modules/home/direnv/lib/android.sh +++ b/modules/home/direnv/lib/android.sh @@ -22,7 +22,7 @@ use_android() { # Default to the latest version found local ndk_version="$(_use_android_find_latest "$ANDROID_HOME/ndk" || return 1)" - local build_tools_version="$(_use_android_find_latest "$ANDROID_HOME/build-tools" || return 1)" + local build_tools_version="$(_use_android_find_latest "$ANDROID_SDK_HOME/build-tools" || return 1)" unset -f _use_android_find_latest @@ -47,11 +47,12 @@ use_android() { esac done + export ANDROID_SDK_HOME="$ANDROID_HOME" export ANDROID_NDK_HOME="$ANDROID_HOME/ndk/$ndk_version" export ANDROID_ROOT="$ANDROID_HOME" - export ANDROID_SDK_ROOT="$ANDROID_HOME" + export ANDROID_SDK_ROOT="$ANDROID_SDK_HOME" export ANDROID_NDK_ROOT="$ANDROID_NDK_HOME" PATH_add "$ANDROID_NDK_HOME" - PATH_add "$ANDROID_HOME/build-tools/$build_tools_version" + PATH_add "$ANDROID_SDK_HOME/build-tools/$build_tools_version" } diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 02c74f2..85a1d59 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -36,7 +36,7 @@ in nativeMessagingHosts = ([ ] ++ lib.optional cfg.tridactyl.enable pkgs.tridactyl-native # Watch videos using mpv - ++ lib.optional cfg.ff2mpv.enable pkgs.ff2mpv-go + ++ lib.optional cfg.ff2mpv.enable pkgs.ambroisie.ff2mpv-go ); }; diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 4dc53cf..31d3cb7 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] bindurl reddit.com gu urlparent 3 " Only hint search results on Google -bindurl www.google.com f hint -Jc #search a -bindurl www.google.com F hint -Jbc #search a +bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a +bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a " Only hint search results on DuckDuckGo bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] @@ -69,6 +69,8 @@ unbind " Redirections {{{ " Always redirect Reddit to the old site autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") +" Use a better Twitter front-end +autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net") " }}} " Disabled websites {{{ diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index fe8eb69..ab51938 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -26,14 +26,7 @@ in gdb ]; - xdg = { - configFile."gdb/gdbinit".source = ./gdbinit; - dataFile. "gdb/.keep".text = ""; - }; - - home.sessionVariables = { - GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history"; - }; + xdg.configFile."gdb/gdbinit".source = ./gdbinit; } (lib.mkIf cfg.rr.enable { diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 1bb2215..4dba01e 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -7,9 +7,6 @@ in { options.my.home.git = with lib; { enable = my.mkDisableOption "git configuration"; - - # I want the full experience by default - package = mkPackageOption pkgs "git" { default = [ "gitFull" ]; }; }; config.home.packages = with pkgs; lib.mkIf cfg.enable [ @@ -25,7 +22,8 @@ in userEmail = mkMailAddress "bruno" "belanyi.fr"; userName = "Bruno BELANYI"; - inherit (cfg) package; + # I want the full experience + package = pkgs.gitFull; aliases = { git = "!git"; @@ -148,10 +146,6 @@ in autoStash = true; }; - rerere = { - enabled = true; - }; - url = { "git@git.belanyi.fr:" = { insteadOf = "https://git.belanyi.fr/"; diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 51c865a..7eadf48 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.home.gpg; in @@ -6,7 +6,12 @@ in options.my.home.gpg = with lib; { enable = my.mkDisableOption "gpg configuration"; - pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; + pinentry = mkOption { + type = types.str; + default = "tty"; + example = "gtk2"; + description = "Which pinentry interface to use"; + }; }; config = lib.mkIf cfg.enable { @@ -17,7 +22,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryPackage = cfg.pinentry; + pinentryFlavor = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 8886139..e7663d8 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -18,6 +18,8 @@ let himalaya = { enable = cfg.himalaya.enable; # FIXME: try to actually configure it at some point + backend = "imap"; + sender = "smtp"; }; msmtp = { diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix index 8af394c..9aef379 100644 --- a/modules/home/mpv/default.nix +++ b/modules/home/mpv/default.nix @@ -13,8 +13,6 @@ in scripts = [ pkgs.mpvScripts.mpris # Allow controlling using media keys - pkgs.mpvScripts.mpv-cheatsheet # Show some simple mappings on '?' - pkgs.mpvScripts.uosc # Nicer UI ]; }; }; diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index 0934189..9ccbdc5 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -12,7 +12,7 @@ let # Use pinned nixpkgs when using `nix run pkgs#` pkgs = inputs.nixpkgs; } - (lib.optionalAttrs cfg.inputs.overrideNixpkgs { + (lib.optionalAttrs cfg.overrideNixpkgs { # ... And with `nix run nixpkgs#` nixpkgs = inputs.nixpkgs; }) @@ -22,26 +22,20 @@ in options.my.home.nix = with lib; { enable = my.mkDisableOption "nix configuration"; - cache = { - selfHosted = my.mkDisableOption "self-hosted cache"; - }; + linkInputs = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs`"; - inputs = { - link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`"; + addToRegistry = my.mkDisableOption "add inputs and self to registry"; - addToRegistry = my.mkDisableOption "add inputs and self to registry"; + addToNixPath = my.mkDisableOption "add inputs and self to nix path"; - addToNixPath = my.mkDisableOption "add inputs and self to nix path"; - - overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version"; - }; + overrideNixpkgs = my.mkDisableOption "point nixpkgs to pinned system version"; }; config = lib.mkIf cfg.enable (lib.mkMerge [ { assertions = [ { - assertion = cfg.inputs.addToNixPath -> cfg.inputs.link; + assertion = cfg.addToNixPath -> cfg.linkInputs; message = '' enabling `my.home.nix.addToNixPath` needs to have `my.home.nix.linkInputs = true` @@ -60,21 +54,7 @@ in }; } - (lib.mkIf cfg.cache.selfHosted { - nix = { - settings = { - extra-substituters = [ - "https://cache.belanyi.fr/" - ]; - - extra-trusted-public-keys = [ - "cache.belanyi.fr:LPhrTqufwfxTceg1nRWueDWf7/2zSVY9K00pq2UI7tw=" - ]; - }; - }; - }) - - (lib.mkIf cfg.inputs.addToRegistry { + (lib.mkIf cfg.addToRegistry { nix.registry = let makeEntry = v: { flake = v; }; @@ -83,7 +63,7 @@ in makeEntries channels; }) - (lib.mkIf cfg.inputs.link { + (lib.mkIf cfg.linkInputs { xdg.configFile = let makeLink = n: v: { @@ -95,7 +75,7 @@ in makeLinks channels; }) - (lib.mkIf cfg.inputs.addToNixPath { + (lib.mkIf cfg.addToNixPath { home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}"; }) ]); diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index 1362a06..0cfa3b3 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -6,10 +6,6 @@ in options.my.home.packages = with lib; { enable = my.mkDisableOption "user packages"; - allowAliases = mkEnableOption "allow package aliases"; - - allowUnfree = my.mkDisableOption "allow unfree packages"; - additionalPackages = mkOption { type = with types; listOf package; default = [ ]; @@ -21,15 +17,10 @@ in }; }; - config = lib.mkIf cfg.enable { - home.packages = with pkgs; ([ - fd - file - ripgrep - ] ++ cfg.additionalPackages); - - nixpkgs.config = { - inherit (cfg) allowAliases allowUnfree; - }; - }; + config.home.packages = with pkgs; lib.mkIf cfg.enable ([ + fd + file + mosh + ripgrep + ] ++ cfg.additionalPackages); } diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index e304097..aa72587 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -16,7 +16,6 @@ in LESS = "-R -+X -c"; # Better XDG compliance LESSHISTFILE = "${config.xdg.dataHome}/less/history"; - LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; } diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 748b195..123190f 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -1,70 +1,54 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.home.ssh; in { options.my.home.ssh = with lib; { enable = my.mkDisableOption "ssh configuration"; - - mosh = { - enable = my.mkDisableOption "mosh configuration"; - - package = mkPackageOption pkgs "mosh" { }; - }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - programs.ssh = { - enable = true; + config.programs.ssh = lib.mkIf cfg.enable { + enable = true; - includes = [ - # Local configuration, not-versioned - "config.local" - ]; + includes = [ + # Local configuration, not-versioned + "config.local" + ]; - matchBlocks = { - "github.com" = { - hostname = "github.com"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - "gitlab.com" = { - hostname = "gitlab.com"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - "git.sr.ht" = { - hostname = "git.sr.ht"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - "git.belanyi.fr" = { - hostname = "git.belanyi.fr"; - identityFile = "~/.ssh/shared_rsa"; - user = "git"; - }; - - porthos = { - hostname = "37.187.146.15"; - identityFile = "~/.ssh/shared_rsa"; - user = "ambroisie"; - }; - }; - - extraConfig = '' - AddKeysToAgent yes - ''; + matchBlocks = { + "github.com" = { + hostname = "github.com"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; }; - } - (lib.mkIf cfg.mosh.enable { - home.packages = [ - cfg.mosh.package - ]; - }) - ]); + "gitlab.com" = { + hostname = "gitlab.com"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + "git.sr.ht" = { + hostname = "git.sr.ht"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + "git.belanyi.fr" = { + hostname = "git.belanyi.fr"; + identityFile = "~/.ssh/shared_rsa"; + user = "git"; + }; + + porthos = { + hostname = "91.121.177.163"; + identityFile = "~/.ssh/shared_rsa"; + user = "ambroisie"; + }; + }; + + extraConfig = '' + AddKeysToAgent yes + ''; + }; } diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 501b954..08aeb55 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -5,14 +5,6 @@ let config.my.home.x.enable (config.my.home.wm.windowManager != null) ]; - - mkTerminalFlags = opt: flag: - let - mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; - enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; - terminals = lib.attrNames enabledTerminals; - in - lib.concatMapStringsSep "\n" mkFlag terminals; in { options.my.home.tmux = with lib; { @@ -20,22 +12,16 @@ in enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; - terminalFeatures = mkOption { - type = with types; attrsOf (submodule { - options = { - hyperlinks = my.mkDisableOption "hyperlinks through OSC8"; - - trueColor = my.mkDisableOption "24-bit (RGB) color support"; - }; - }); - - default = { ${config.my.home.terminal.program} = { }; }; - defaultText = litteralExpression '' - { ''${config.my.home.terminal.program} = { }; }; + trueColorTerminals = mkOption { + type = with types; listOf str; + default = lib.my.nullableToList config.my.home.terminal.program; + defaultText = '' + `[ config.my.home.terminal.program ]` if it is non-null, otherwise an + empty list. ''; - example = { xterm-256color = { }; }; + example = [ "xterm-256color" ]; description = '' - $TERM values which should be considered to have additional features. + $TERM values which should be considered to always support 24-bit color. ''; }; }; @@ -46,7 +32,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 100000; # Bigger buffer + historyLimit = 50000; # Bigger buffer terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ @@ -103,10 +89,13 @@ in '' } - # Force OSC8 hyperlinks for each relevant $TERM - ${mkTerminalFlags "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${mkTerminalFlags "trueColor" "RGB"} + ${ + let + mkTcFlag = term: ''set -as terminal-features ",${term}:RGB"''; + in + lib.concatMapStringsSep "\n" mkTcFlag cfg.trueColorTerminals + } ''; }; } diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim deleted file mode 100644 index 0cec9df..0000000 --- a/modules/home/vim/after/ftplugin/gn.vim +++ /dev/null @@ -1,6 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Set comment string, as it seems that no official GN support exists upstream -setlocal commentstring=#\ %s -let b:undo_ftplugin.='|setlocal commentstring<' diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 07711cc..871bf40 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -105,7 +105,7 @@ in nixpkgs-fmt # Shell - nodePackages.bash-language-server + shellcheck shfmt ]; }; diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua index 68a30ed..cfa15d2 100644 --- a/modules/home/vim/ftdetect/automake.lua +++ b/modules/home/vim/ftdetect/automake.lua @@ -1,4 +1,4 @@ --- Use Automake filetype for `local.am` files +-- Use Automake filetype for `local.am` files, explicit `set` to force override vim.filetype.add({ filename = { ["local.am"] = "automake", diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1dd..0000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua deleted file mode 100644 index 37d772e..0000000 --- a/modules/home/vim/ftdetect/gn.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GN filetype for Chromium Generate Ninja files -vim.filetype.add({ - extension = { - gn = "gn", - gni = "gn", - }, -}) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index c94fc53..bd63d25 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -88,23 +88,6 @@ set background=dark " 24 bit colors set termguicolors -" Setup some overrides for gruvbox -lua << EOF -local gruvbox = require("gruvbox") -local colors = gruvbox.palette - -gruvbox.setup({ - overrides = { - -- Only URLs should be underlined - ["@string.special.path"] = { link = "GruvboxOrange" }, - -- Revert back to the better diff highlighting - DiffAdd = { fg = colors.green, bg = "NONE" }, - DiffChange = { fg = colors.aqua, bg = "NONE" }, - DiffDelete = { fg = colors.red, bg = "NONE" }, - DiffText = { fg = colors.yellow, bg = colors.bg0 }, - } -}) -EOF " Use my preferred colorscheme colorscheme gruvbox " }}} diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 31a5bd1..99d8dab 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -51,7 +51,8 @@ M.on_attach = function(client, bufnr) local wk = require("which-key") local function list_workspace_folders() - vim.print(vim.lsp.buf.list_workspace_folders()) + local utils = require("ambroisie.utils") + utils.dump(vim.lsp.buf.list_workspace_folders()) end local function cycle_diagnostics_display() diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 3d2dd3b..418e0d1 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -1,5 +1,11 @@ local M = {} +--- pretty print lua object +--- @param obj any object to pretty print +M.dump = function(obj) + print(vim.inspect(obj)) +end + --- checks if a given command is executable --- @param cmd string? command to check --- @return boolean executable @@ -9,7 +15,7 @@ end --- return a function that checks if a given command is executable --- @param cmd string? command to check ---- @return fun(): boolean executable +--- @return fun(cmd: string): boolean executable M.is_executable_condition = function(cmd) return function() return M.is_executable(cmd) @@ -34,11 +40,11 @@ M.is_ssh = function() return false end ---- list all active LSP clients for specific buffer, or all buffers +--- list all active LSP clients for current buffer --- @param bufnr int? buffer number --- @return table all active LSP client names M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_active_clients({ bufnr = bufnr }) + local clients = vim.lsp.buf_get_clients(bufnr) local names = {} for _, client in ipairs(clients) do diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 628eab9..794a765 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -29,17 +29,16 @@ if utils.is_executable("clangd") then }) end --- Haskell -if utils.is_executable("haskell-language-server-wrapper") then - lspconfig.hls.setup({ +-- Nix +if utils.is_executable("nil") then + lspconfig.nil_ls.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) end --- Nix -if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ +if utils.is_executable("rnix-lsp") then + lspconfig.rnix.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) @@ -53,13 +52,6 @@ if utils.is_executable("pyright") then }) end -if utils.is_executable("ruff-lsp") then - lspconfig.ruff_lsp.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) -end - -- Rust if utils.is_executable("rust-analyzer") then lspconfig.rust_analyzer.setup({ @@ -67,12 +59,3 @@ if utils.is_executable("rust-analyzer") then on_attach = lsp.on_attach, }) end - --- Shell -if utils.is_executable("bash-language-server") then - lspconfig.bashls.setup({ - filetypes = { "bash", "sh", "zsh" }, - capabilities = capabilities, - on_attach = lsp.on_attach, - }) -end diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 5219a95..fdaccda 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -10,7 +10,7 @@ local function list_spell_languages() end local function list_lsp_clients() - local client_names = utils.list_lsp_clients(0) + local client_names = utils.list_lsp_clients() if #client_names == 0 then return "" diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index e7265c7..0eaa55c 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -28,16 +28,38 @@ null_ls.register({ }), }) +-- Haskell +null_ls.register({ + null_ls.builtins.formatting.brittany.with({ + -- Only used if available + condition = utils.is_executable_condition("brittany"), + }), +}) + -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ - -- Only used if available - condition = utils.is_executable_condition("nixpkgs-fmt"), + -- Only used if available, but prefer rnix if available + condition = function() + return utils.is_executable("nixpkgs-fmt") + and not utils.is_executable("rnix-lsp") + and not utils.is_executable("nil") + end, }), }) -- Python null_ls.register({ + null_ls.builtins.diagnostics.flake8.with({ + -- Only used if available, but prefer pflake8 if available + condition = function() + return utils.is_executable("flake8") and not utils.is_executable("pflake8") + end, + }), + null_ls.builtins.diagnostics.pyproject_flake8.with({ + -- Only used if available + condition = utils.is_executable_condition("pflake8"), + }), null_ls.builtins.diagnostics.mypy.with({ -- Only used if available condition = utils.is_executable_condition("mypy"), @@ -59,6 +81,22 @@ null_ls.register({ -- Shell (non-POSIX) null_ls.register({ + null_ls.builtins.code_actions.shellcheck.with({ + -- Restrict to bash and zsh + filetypes = { "bash", "zsh" }, + -- Only used if available + condition = utils.is_executable_condition("shellcheck"), + }), + null_ls.builtins.diagnostics.shellcheck.with({ + -- Show error code in message + diagnostics_format = "[#{c}] #{m}", + -- Require explicit empty string test, use bash dialect + extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" }, + -- Restrict to bash and zsh + filetypes = { "bash", "zsh" }, + -- Only used if available + condition = utils.is_executable_condition("shellcheck"), + }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use bash dialect @@ -72,6 +110,22 @@ null_ls.register({ -- Shell (POSIX) null_ls.register({ + null_ls.builtins.code_actions.shellcheck.with({ + -- Restrict to POSIX sh + filetypes = { "sh" }, + -- Only used if available + condition = utils.is_executable_condition("shellcheck"), + }), + null_ls.builtins.diagnostics.shellcheck.with({ + -- Show error code in message + diagnostics_format = "[#{c}] #{m}", + -- Require explicit empty string test + extra_args = { "-o", "avoid-nullary-conditions" }, + -- Restrict to POSIX sh + filetypes = { "sh" }, + -- Only used if available + condition = utils.is_executable_condition("shellcheck"), + }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use POSIX diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 5503857..0d84abd 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -8,6 +8,9 @@ ts_config.setup({ indent = { enable = true, }, + context_commentstring = { + enable = true, + }, textobjects = { select = { enable = true, diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix deleted file mode 100644 index 32c13c0..0000000 --- a/modules/home/wget/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.my.home.wget; -in -{ - options.my.home.wget = with lib; { - enable = my.mkDisableOption "wget configuration"; - - package = mkPackageOption pkgs "wget" { }; - }; - - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - - - home.sessionVariables = lib.mkIf cfg.enable { - WGETRC = "${config.xdg.configHome}/wgetrc"; - }; - - xdg.configFile."wgetrc".text = '' - hsts-file = ${config.xdg.dataHome}/wget-hsts - ''; - }; -} diff --git a/modules/home/wm/cursor/default.nix b/modules/home/wm/cursor/default.nix index 3b58b7b..9426232 100644 --- a/modules/home/wm/cursor/default.nix +++ b/modules/home/wm/cursor/default.nix @@ -8,7 +8,7 @@ in { config = lib.mkIf cfg.enable { home.pointerCursor = { - package = pkgs.vimix-cursors; + package = pkgs.ambroisie.vimix-cursors; name = "Vimix-cursors"; x11 = { diff --git a/modules/home/wm/default.nix b/modules/home/wm/default.nix index 449918a..6a615e5 100644 --- a/modules/home/wm/default.nix +++ b/modules/home/wm/default.nix @@ -36,31 +36,6 @@ in i3bar = { enable = mkRelatedOption "i3bar configuration" [ "i3" ]; - - vpn = { - enable = my.mkDisableOption "VPN configuration"; - - blockConfigs = mkOption { - type = with types; listOf (attrsOf str); - default = [ - { - active_format = " VPN "; - service = "wg-quick-wg"; - } - { - active_format = " VPN (LAN) "; - service = "wg-quick-lan"; - } - ]; - example = [ - { - active_format = " WORK "; - service = "some-service-name"; - } - ]; - description = "list of block configurations, merged with the defauls"; - }; - }; }; rofi = { diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 69246f0..d1dbe2c 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -129,7 +129,6 @@ in { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Pavucontrol.*$"; } { class = "^Arandr$"; } - { class = ".?blueman-manager.*$"; } ]; }; @@ -197,7 +196,7 @@ in inherit (config.my.home.bluetooth) enable; prog = lib.getExe pkgs.rofi-bluetooth; in - lib.mkIf enable "exec ${prog} -i"; + lib.mkIf enable "exec ${prog}"; }) ( # Changing container focus diff --git a/modules/home/wm/i3bar/default.nix b/modules/home/wm/i3bar/default.nix index 5ae0e7d..05b0f50 100644 --- a/modules/home/wm/i3bar/default.nix +++ b/modules/home/wm/i3bar/default.nix @@ -17,11 +17,25 @@ in top = { icons = "awesome5"; - blocks = builtins.filter (attr: attr != { }) (lib.flatten [ + blocks = builtins.filter (attr: attr != { }) [ { block = "music"; # This format seems to remove the block when not playing, somehow format = "{ $icon $combo.str(max_w:50,rot_interval:0.5) $prev $play $next |}"; + click = [ + { + button = "play"; + action = "music_play"; + } + { + button = "prev"; + action = "music_prev"; + } + { + button = "next"; + action = "music_next"; + } + ]; } (lib.optionalAttrs config.my.home.bluetooth.enable { block = "bluetooth"; @@ -59,22 +73,9 @@ in { block = "disk_space"; } - (lib.optionals cfg.vpn.enable - ( - let - defaults = { - block = "service_status"; - active_state = "Good"; - inactive_format = ""; - inactive_state = "Idle"; - }; - in - builtins.map (block: defaults // block) cfg.vpn.blockConfigs - ) - ) { block = "net"; - format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} "; + format = " $icon{| $ssid|} $ip{| $signal_strength|} "; } { block = "backlight"; @@ -105,7 +106,7 @@ in format = " $icon $timestamp.datetime(f:'%F %T') "; interval = 5; } - ]); + ]; }; }; }; diff --git a/modules/home/x/default.nix b/modules/home/x/default.nix index c320e52..0312bc4 100644 --- a/modules/home/x/default.nix +++ b/modules/home/x/default.nix @@ -3,6 +3,10 @@ let cfg = config.my.home.x; in { + imports = [ + ./keyboard + ]; + options.my.home.x = with lib; { enable = mkEnableOption "X server configuration"; }; diff --git a/modules/home/keyboard/default.nix b/modules/home/x/keyboard/default.nix similarity index 50% rename from modules/home/keyboard/default.nix rename to modules/home/x/keyboard/default.nix index 2216a08..40af800 100644 --- a/modules/home/keyboard/default.nix +++ b/modules/home/x/keyboard/default.nix @@ -1,12 +1,8 @@ { config, lib, ... }: let - cfg = config.my.home.keyboard; + cfg = config.my.home.x; in { - options.my.home.keyboard = with lib; { - enable = my.mkDisableOption "keyboard configuration"; - }; - config = lib.mkIf cfg.enable { home.keyboard = { layout = "fr"; diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index fb2668c..af9ec18 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -39,19 +39,16 @@ in # I want a tidier home config.home.sessionVariables = with config.xdg; lib.mkIf cfg.enable { ANDROID_HOME = "${dataHome}/android"; - ANDROID_USER_HOME = "${configHome}/android"; CARGO_HOME = "${dataHome}/cargo"; DOCKER_CONFIG = "${configHome}/docker"; - GRADLE_USER_HOME = "${dataHome}/gradle"; + GDBHISTFILE = "${dataHome}/gdb/gdb_history"; HISTFILE = "${dataHome}/bash/history"; INPUTRC = "${configHome}/readline/inputrc"; + LESSHISTFILE = "${dataHome}/less/history"; + LESSKEY = "${configHome}/less/lesskey"; PSQL_HISTORY = "${dataHome}/psql_history"; - PYTHONPYCACHEPREFIX = "${cacheHome}/python/"; - PYTHONUSERBASE = "${dataHome}/python/"; - PYTHON_HISTORY = "${stateHome}/python/history"; - REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; REPO_CONFIG_DIR = "${configHome}/repo"; + REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; - _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; } diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index a277366..4cadb57 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -15,152 +15,81 @@ in enable = my.mkDisableOption "zsh configuration"; launchTmux = mkEnableOption "auto launch tmux at shell start"; - - notify = { - enable = mkEnableOption "zsh-done notification"; - - exclude = mkOption { - type = with types; listOf str; - default = [ - "delta" - "direnv reload" - "fg" - "git (?!push|pull|fetch)" - "htop" - "less" - "man" - "nvim" - "tail -f" - "tmux" - "vim" - ]; - example = [ "command --long-running-option" ]; - description = '' - List of exclusions which should not be create a notification. Accepts - Perl regexes (implicitly anchored with `^\s*`). - ''; - }; - - ssh = { - enable = mkEnableOption "notify through SSH/non-graphical connections"; - - useOsc777 = lib.my.mkDisableOption "use OSC-777 for notifications"; - }; - }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - zsh-completions + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + zsh-completions + ]; + + programs.zsh = { + enable = true; + dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + enableCompletion = true; + + history = { + size = 500000; + save = 500000; + extended = true; + expireDuplicatesFirst = true; + ignoreSpace = true; + ignoreDups = true; + share = false; + path = "${config.xdg.dataHome}/zsh/zsh_history"; + }; + + plugins = [ + { + name = "fast-syntax-highlighting"; + file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + src = pkgs.zsh-fast-syntax-highlighting; + } + { + name = "agkozak-zsh-prompt"; + file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh"; + src = pkgs.agkozak-zsh-prompt; + } ]; - programs.zsh = { - enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME - enableCompletion = true; + # Modal editing is life, but CLI benefits from emacs gymnastics + defaultKeymap = "emacs"; - history = { - size = 500000; - save = 500000; - extended = true; - expireDuplicatesFirst = true; - ignoreSpace = true; - ignoreDups = true; - share = false; - path = "${config.xdg.dataHome}/zsh/zsh_history"; - }; - - plugins = [ - { - name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; - src = pkgs.zsh-fast-syntax-highlighting; - } - { - name = "agkozak-zsh-prompt"; - file = "share/zsh/site-functions/agkozak-zsh-prompt.plugin.zsh"; - src = pkgs.agkozak-zsh-prompt; - } - ]; - - # Modal editing is life, but CLI benefits from emacs gymnastics - defaultKeymap = "emacs"; - - # Make those happen early to avoid doing double the work - initExtraFirst = lib.mkBefore '' - ${ - lib.optionalString cfg.launchTmux '' - # Launch tmux unless already inside one - if [ -z "$TMUX" ]; then - exec tmux new-session - fi - '' - } - ''; - - initExtra = lib.mkAfter '' - source ${./completion-styles.zsh} - source ${./extra-mappings.zsh} - source ${./options.zsh} - - # Source local configuration - if [ -f "$ZDOTDIR/zshrc.local" ]; then - source "$ZDOTDIR/zshrc.local" - fi - ''; - - localVariables = { - # I like having the full path - AGKOZAK_PROMPT_DIRTRIM = 0; - # Because I *am* from EPITA - AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ]; - # Easy on the eyes - AGKOZAK_COLORS_BRANCH_STATUS = "magenta"; - # I don't like moving my eyes - AGKOZAK_LEFT_PROMPT_ONLY = 1; - }; - - # Enable VTE integration - enableVteIntegration = true; - }; - } - - (lib.mkIf cfg.notify.enable { - programs.zsh = { - plugins = [ - { - name = "zsh-done"; - file = "share/zsh/site-functions/done.plugin.zsh"; - src = pkgs.ambroisie.zsh-done; - } - ]; - - # `localVariables` values don't get merged correctly due to their type, - # don't use `mkIf` - localVariables = { - DONE_EXCLUDE = - let - joined = lib.concatMapStringsSep "|" (c: "(${c})") cfg.notify.exclude; - in - ''^\s*(${joined})''; + # Make those happen early to avoid doing double the work + initExtraFirst = '' + ${ + lib.optionalString cfg.launchTmux '' + # Launch tmux unless already inside one + if [ -z "$TMUX" ]; then + exec tmux new-session + fi + '' } - # Enable `zsh-done` through SSH, if configured - // lib.optionalAttrs cfg.notify.ssh.enable { - DONE_ALLOW_NONGRAPHICAL = 1; - }; + ''; - # Use OSC-777 to send the notification through SSH - initExtra = lib.mkIf cfg.notify.ssh.useOsc777 '' - done_send_notification() { - local exit_status="$1" - local title="$2" - local message="$3" + initExtra = '' + source ${./completion-styles.zsh} + source ${./extra-mappings.zsh} + source ${./options.zsh} - ${lib.getExe pkgs.ambroisie.osc777} "$title" "$message" - } - ''; + # Source local configuration + if [ -f "$ZDOTDIR/zshrc.local" ]; then + source "$ZDOTDIR/zshrc.local" + fi + ''; + + localVariables = { + # I like having the full path + AGKOZAK_PROMPT_DIRTRIM = 0; + # Because I *am* from EPITA + AGKOZAK_PROMPT_CHAR = [ "42sh$" "42sh#" ":" ]; + # Easy on the eyes + AGKOZAK_COLORS_BRANCH_STATUS = "magenta"; + # I don't like moving my eyes + AGKOZAK_LEFT_PROMPT_ONLY = 1; }; - }) - ]); + + # Enable VTE integration + enableVteIntegration = true; + }; + }; } diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index c019b31..2d840f9 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -25,8 +25,8 @@ in package = pkgs.pulseaudioFull; }; - services.pipewire.wireplumber.configPackages = [ - (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" '' + environment.etc = { + "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' bluez_monitor.properties = { -- SBC XQ provides better audio ["bluez5.enable-sbc-xq"] = true, @@ -40,8 +40,8 @@ in -- FIXME: Some devices may now support both hsp_ag and hfp_ag ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" } - '') - ]; + ''; + }; }) # Support for A2DP audio profile diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix index 8e125ca..2a686f7 100644 --- a/modules/nixos/hardware/default.nix +++ b/modules/nixos/hardware/default.nix @@ -6,10 +6,9 @@ ./bluetooth ./ergodox ./firmware - ./graphics + ./mx-ergo ./networking ./sound - ./trackball ./upower ]; } diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix deleted file mode 100644 index 3baac02..0000000 --- a/modules/nixos/hardware/graphics/default.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.my.hardware.graphics; -in -{ - options.my.hardware.graphics = with lib; { - enable = mkEnableOption "graphics configuration"; - - gpuFlavor = mkOption { - type = with types; nullOr (enum [ "amd" "intel" ]); - default = null; - example = "intel"; - description = "Which kind of GPU to install driver for"; - }; - - amd = { - enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; - - amdvlk = lib.mkEnableOption "Use AMDVLK instead of Mesa RADV driver"; - }; - - intel = { - enableKernelModule = lib.my.mkDisableOption "Kernel driver module"; - }; - }; - - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - hardware.opengl = { - enable = true; - }; - } - - # AMD GPU - (lib.mkIf (cfg.gpuFlavor == "amd") { - boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; - - hardware.opengl = { - extraPackages = with pkgs; [ - # OpenCL - rocmPackages.clr - rocmPackages.clr.icd - ] - ++ lib.optional cfg.amd.amdvlk amdvlk - ; - - extraPackages32 = with pkgs; [ - ] - ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk - ; - }; - }) - - # Intel GPU - (lib.mkIf (cfg.gpuFlavor == "intel") { - boot.initrd.kernelModules = lib.mkIf cfg.intel.enableKernelModule [ "i915" ]; - - environment.variables = { - VDPAU_DRIVER = "va_gl"; - }; - - hardware.opengl = { - extraPackages = with pkgs; [ - # Open CL - intel-compute-runtime - - # VA API - intel-media-driver - intel-vaapi-driver - libvdpau-va-gl - ]; - }; - }) - ]); -} diff --git a/modules/nixos/hardware/trackball/default.nix b/modules/nixos/hardware/mx-ergo/default.nix similarity index 79% rename from modules/nixos/hardware/trackball/default.nix rename to modules/nixos/hardware/mx-ergo/default.nix index 7a99247..e4e55a1 100644 --- a/modules/nixos/hardware/trackball/default.nix +++ b/modules/nixos/hardware/mx-ergo/default.nix @@ -1,11 +1,11 @@ # Hold down the `next page` button to scroll using the ball { config, lib, ... }: let - cfg = config.my.hardware.trackball; + cfg = config.my.hardware.mx-ergo; in { - options.my.hardware.trackball = with lib; { - enable = mkEnableOption "trackball configuration"; + options.my.hardware.mx-ergo = with lib; { + enable = mkEnableOption "MX Ergo configuration"; }; config = lib.mkIf cfg.enable { @@ -13,7 +13,6 @@ in # This section must be *after* the one configured by `libinput` # for the `ScrollMethod` configuration to not be overriden inputClassSections = lib.mkAfter [ - # MX Ergo '' Identifier "MX Ergo scroll button configuration" MatchProduct "MX Ergo" diff --git a/modules/nixos/profiles/devices/default.nix b/modules/nixos/profiles/devices/default.nix index 7a84bd2..7dbd299 100644 --- a/modules/nixos/profiles/devices/default.nix +++ b/modules/nixos/profiles/devices/default.nix @@ -11,7 +11,7 @@ in my.hardware = { ergodox.enable = true; - trackball.enable = true; + mx-ergo.enable = true; }; # MTP devices auto-mount via file explorers diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix deleted file mode 100644 index 2d1b3e2..0000000 --- a/modules/nixos/services/aria/default.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.my.services.aria; -in -{ - options.my.services.aria = with lib; { - enable = mkEnableOption ""; - - rpcSecretFile = mkOption { - type = types.str; - example = "/run/secrets/aria-secret.txt"; - description = '' - File containing the RPC secret. - ''; - }; - - rpcPort = mkOption { - type = types.port; - default = 6800; - example = 8080; - description = "RPC port"; - }; - - downloadDir = mkOption { - type = types.str; - default = "/data/downloads"; - example = "/var/lib/transmission/download"; - description = "Download directory"; - }; - }; - - config = lib.mkIf cfg.enable { - services.aria2 = { - enable = true; - - inherit (cfg) downloadDir rpcSecretFile; - - rpcListenPort = cfg.rpcPort; - openPorts = false; # I don't want to expose the RPC port - }; - - # Expose DHT ports - networking.firewall = { - # FIXME: check for overlap? - allowedUDPPortRanges = config.services.aria2.listenPortRange; - }; - - # Set-up media group - users.groups.media = { }; - - systemd.services.aria2 = { - serviceConfig = { - Group = lib.mkForce "media"; # Use 'media' group - }; - }; - - my.services.nginx.virtualHosts = { - aria = { - root = "${pkgs.ariang}/share/ariang"; - # For paranoia, don't allow anybody to use the UI unauthenticated - sso = { - enable = true; - }; - }; - aria-rpc = { - port = cfg.rpcPort; - # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; - }; - }; - - # NOTE: unfortunately aria2 does not log connection failures for fail2ban - }; -} diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix index 8aeeae1..ff0fc7f 100644 --- a/modules/nixos/services/backup/default.nix +++ b/modules/nixos/services/backup/default.nix @@ -89,16 +89,6 @@ in }; config = lib.mkIf cfg.enable { - # Essential files which should always be backed up - my.services.backup.paths = lib.flatten [ - # Should be unique to a given host, used by some software (e.g: ZFS) - "/etc/machine-id" - # Contains the UID/GID map, and other useful state - "/var/lib/nixos" - # SSH host keys (and public keys for convenience) - (builtins.map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys) - ]; - services.restic.backups.backblaze = { # Take care of included and excluded files paths = cfg.paths; diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index e4d2d42..4b646c3 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -5,10 +5,11 @@ let domain = config.networking.domain; makeHostInfo = subdomain: { + inherit subdomain; root = "/var/www/${subdomain}"; }; - hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ]; + hostsInfo = map makeHostInfo [ "cv" "dev" "key" ]; in { options.my.services.blog = { @@ -35,7 +36,7 @@ in useACMEHost = domain; default = true; - locations."/".return = "302 https://${domain}$request_uri"; + locations."/".return = "302 https://belanyi.fr$request_uri"; }; }; diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix index b7bf9df..858851c 100644 --- a/modules/nixos/services/calibre-web/default.nix +++ b/modules/nixos/services/calibre-web/default.nix @@ -40,11 +40,12 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = { - library = { + my.services.nginx.virtualHosts = [ + { + subdomain = "library"; inherit (cfg) port; - }; - }; + } + ]; my.services.backup = { paths = [ diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3b32d06..b27570d 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -3,21 +3,18 @@ { imports = [ ./adblock - ./aria ./backup ./blog ./calibre-web ./drone ./fail2ban ./flood - ./forgejo ./gitea ./grocy ./indexers ./jellyfin ./lohr ./matrix - ./mealie ./miniflux ./monitoring ./navidrome @@ -29,7 +26,6 @@ ./podgrab ./postgresql ./postgresql-backup - ./pyload ./quassel ./rss-bridge ./sabnzbd diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e49..0f56d29 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -41,14 +41,17 @@ in ensureDatabases = [ "drone" ]; ensureUsers = [{ name = "drone"; - ensureDBOwnership = true; + ensurePermissions = { + "DATABASE drone" = "ALL PRIVILEGES"; + }; }]; }; - my.services.nginx.virtualHosts = { - drone = { + my.services.nginx.virtualHosts = [ + { + subdomain = "drone"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index 155e73d..ff5d941 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -40,10 +40,11 @@ in }; }; - my.services.nginx.virtualHosts = { - flood = { + my.services.nginx.virtualHosts = [ + { + subdomain = "flood"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix deleted file mode 100644 index 0f3dfc5..0000000 --- a/modules/nixos/services/forgejo/default.nix +++ /dev/null @@ -1,162 +0,0 @@ -# A low-ressource, full-featured git forge. -{ config, lib, ... }: -let - cfg = config.my.services.forgejo; -in -{ - options.my.services.forgejo = with lib; { - enable = mkEnableOption "Forgejo"; - port = mkOption { - type = types.port; - default = 3042; - example = 8080; - description = "Internal port"; - }; - mail = { - enable = mkEnableOption { - description = "mailer configuration"; - }; - host = mkOption { - type = types.str; - example = "smtp.example.com"; - description = "Host for the mail account"; - }; - port = mkOption { - type = types.port; - default = 465; - example = 587; - description = "Port for the mail account"; - }; - user = mkOption { - type = types.str; - example = "forgejo@example.com"; - description = "User for the mail account"; - }; - passwordFile = mkOption { - type = types.str; - example = "/run/secrets/forgejo-mail-password.txt"; - description = "Password for the mail account"; - }; - protocol = mkOption { - type = types.str; - default = "smtps"; - example = "smtp"; - description = "Protocol for connection"; - }; - }; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = cfg.enable -> !config.my.services.gitea.enable; - message = '' - `config.my.services.forgejo` is incompatible with - `config.my.services.gitea`. - ''; - } - ]; - - services.forgejo = - let - inherit (config.networking) domain; - forgejoDomain = "git.${domain}"; - in - { - enable = true; - - user = "git"; - group = "git"; - - lfs.enable = true; - - useWizard = false; - - database = { - type = "postgres"; # Automatic setup - user = "git"; # User needs to be the same as forgejo user - name = "git"; # Name must be the same as user for `ensureDBOwnership` - }; - - # NixOS module uses `forgejo dump` to backup repositories and the database, - # but it produces a single .zip file that's not very backup friendly. - # I configure my backup system manually below. - dump.enable = false; - - mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; - - settings = { - DEFAULT = { - APP_NAME = "Ambroisie's forge"; - }; - - server = { - HTTP_PORT = cfg.port; - DOMAIN = forgejoDomain; - ROOT_URL = "https://${forgejoDomain}"; - }; - - mailer = lib.mkIf cfg.mail.enable { - ENABLED = true; - SMTP_ADDR = cfg.mail.host; - SMTP_PORT = cfg.mail.port; - FROM = "Forgejo <${cfg.mail.user}>"; - USER = cfg.mail.user; - PROTOCOL = cfg.mail.protocol; - }; - - service = { - DISABLE_REGISTRATION = true; - }; - - session = { - # only send cookies via HTTPS - COOKIE_SECURE = true; - }; - }; - }; - - users.users.git = { - description = "Forgejo Service"; - home = config.services.forgejo.stateDir; - useDefaultShell = true; - group = "git"; - isSystemUser = true; - }; - users.groups.git = { }; - - my.services.nginx.virtualHosts = { - # Proxy to Forgejo - git = { - inherit (cfg) port; - }; - # Redirect `forgejo.` to actual forge subdomain - forgejo = { - redirect = config.services.forgejo.settings.server.ROOT_URL; - }; - }; - - my.services.backup = { - paths = [ - config.services.forgejo.lfs.contentDir - config.services.forgejo.repositoryRoot - ]; - }; - - services.fail2ban.jails = { - forgejo = '' - enabled = true - filter = forgejo - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - }; - }; -} diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 212f59c..28a448d 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -18,15 +18,9 @@ in }; host = mkOption { type = types.str; - example = "smtp.example.com"; + example = "smtp.example.com:465"; description = "Host for the mail account"; }; - port = mkOption { - type = types.port; - default = 465; - example = 587; - description = "Port for the mail account"; - }; user = mkOption { type = types.str; example = "gitea@example.com"; @@ -37,11 +31,17 @@ in example = "/run/secrets/gitea-mail-password.txt"; description = "Password for the mail account"; }; - protocol = mkOption { + type = mkOption { type = types.str; - default = "smtps"; + default = "smtp"; example = "smtp"; - description = "Protocol for connection"; + description = "Password for the mail account"; + }; + tls = mkOption { + type = types.bool; + default = true; + example = false; + description = "Use TLS for connection"; }; }; }; @@ -58,8 +58,6 @@ in appName = "Ambroisie's forge"; user = "git"; - group = "git"; - lfs.enable = true; useWizard = false; @@ -67,7 +65,6 @@ in database = { type = "postgres"; # Automatic setup user = "git"; # User needs to be the same as gitea user - name = "git"; # Name must be the same as user for `ensureDBOwnership` }; # NixOS module uses `gitea dump` to backup repositories and the database, @@ -86,11 +83,11 @@ in mailer = lib.mkIf cfg.mail.enable { ENABLED = true; - SMTP_ADDR = cfg.mail.host; - SMTP_PORT = cfg.mail.port; - FROM = "Gitea <${cfg.mail.user}>"; + HOST = cfg.mail.host; + FROM = cfg.mail.user; USER = cfg.mail.user; - PROTOCOL = cfg.mail.protocol; + MAILER_TYPE = cfg.mail.type; + IS_TLS_ENABLED = cfg.mail.tls; }; service = { @@ -109,20 +106,27 @@ in home = config.services.gitea.stateDir; useDefaultShell = true; group = "git"; + + # The service for gitea seems to hardcode the group as + # gitea, so, uh, just in case? + extraGroups = [ "gitea" ]; + isSystemUser = true; }; users.groups.git = { }; - my.services.nginx.virtualHosts = { + my.services.nginx.virtualHosts = [ # Proxy to Gitea - git = { + { + subdomain = "git"; inherit (cfg) port; - }; + } # Redirect `gitea.` to actual forge subdomain - gitea = { + { + subdomain = "gitea"; redirect = config.services.gitea.settings.server.ROOT_URL; - }; - }; + } + ]; my.services.backup = { paths = [ diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..fb06a0b 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -28,11 +28,12 @@ in }; }; - my.services.nginx.virtualHosts = { - jackett = { + my.services.nginx.virtualHosts = [ + { + subdomain = "jackett"; port = jackettPort; - }; - }; + } + ]; }) (lib.mkIf cfg.nzbhydra.enable { @@ -40,11 +41,12 @@ in enable = true; }; - my.services.nginx.virtualHosts = { - nzbhydra = { + my.services.nginx.virtualHosts = [ + { + subdomain = "nzbhydra"; port = nzbhydraPort; - }; - }; + } + ]; }) (lib.mkIf cfg.prowlarr.enable { @@ -52,11 +54,12 @@ in enable = true; }; - my.services.nginx.virtualHosts = { - prowlarr = { + my.services.nginx.virtualHosts = [ + { + subdomain = "prowlarr"; port = prowlarrPort; - }; - }; + } + ]; services.fail2ban.jails = { prowlarr = '' diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index f5aaa99..2fcf51e 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -17,15 +17,9 @@ in # Set-up media group users.groups.media = { }; - systemd.services.jellyfin = { - serviceConfig = { - # Loose umask to make Jellyfin metadata more broadly readable - UMask = lib.mkForce "0002"; - }; - }; - - my.services.nginx.virtualHosts = { - jellyfin = { + my.services.nginx.virtualHosts = [ + { + subdomain = "jellyfin"; port = 8096; extraConfig = { locations."/" = { @@ -39,7 +33,7 @@ in proxyWebsockets = true; }; }; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index 21ed93b..245567c 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -59,6 +59,21 @@ in "LOHR_HOME=${lohrHome}" "LOHR_CONFIG=" ]; + ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${ + pkgs.writeScript "copy-ssh-key" '' + #!${pkgs.bash}/bin/bash + # Ensure the key is not there + mkdir -p '${lohrHome}/.ssh' + rm -f '${lohrHome}/.ssh/id_ed25519' + + # Move the key into place + cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519' + + # Fix permissions + chown -R lohr:lohr '${lohrHome}/.ssh' + chmod -R 0700 '${lohrHome}/.ssh' + '' + }''; ExecStart = let configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; @@ -83,29 +98,11 @@ in }; users.groups.lohr = { }; - my.services.nginx.virtualHosts = { - lohr = { + my.services.nginx.virtualHosts = [ + { + subdomain = "lohr"; inherit (cfg) port; - }; - }; - - # SSH key provisioning - systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) { - "${lohrHome}/.ssh" = { - d = { - user = "lohr"; - group = "lohr"; - mode = "0700"; - }; - }; - "${lohrHome}/.ssh/id_ed25519" = { - "L+" = { - user = "lohr"; - group = "lohr"; - mode = "0700"; - argument = cfg.sshKeyFile; - }; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b958f76..52b60c5 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -104,22 +104,23 @@ in extraConfigFiles = [ cfg.mailConfigFile ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; - }; - services.matrix-sliding-sync = { - enable = true; + sliding-sync = { + enable = true; - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; + settings = { + SYNCV3_SERVER = "https://${matrixDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; + }; + + environmentFile = cfg.slidingSync.secretFile; }; - - environmentFile = cfg.slidingSync.secretFile; }; - my.services.nginx.virtualHosts = { + my.services.nginx.virtualHosts = [ # Element Web app deployment - chat = { + { + subdomain = "chat"; root = pkgs.element-web.override { conf = { default_server_config = { @@ -144,19 +145,22 @@ in }; }; }; - }; + } # Dummy VHosts for port collision detection - matrix-federation = { + { + subdomain = "matrix-federation"; port = federationPort.private; - }; - matrix-client = { + } + { + subdomain = "matrix-client"; port = clientPort.private; - }; + } # Sliding sync - matrix-sync = { + { + subdomain = "matrix-sync"; inherit (cfg.slidingSync) port; - }; - }; + } + ]; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { @@ -181,7 +185,7 @@ in # Sliding sync "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; + proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; }; }; diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix deleted file mode 100644 index 55ac376..0000000 --- a/modules/nixos/services/mealie/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.mealie; -in -{ - options.my.services.mealie = with lib; { - enable = mkEnableOption "Mealie service"; - - port = mkOption { - type = types.port; - default = 4537; - example = 8080; - description = "Internal port for webui"; - }; - - credentialsFile = mkOption { - type = types.str; - example = "/var/lib/mealie/credentials.env"; - description = '' - Configuration file for secrets. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - services.mealie = { - enable = true; - inherit (cfg) port credentialsFile; - - settings = { - # Basic settings - BASE_URL = "https://mealie.${config.networking.domain}"; - TZ = config.time.timeZone; - ALLOw_SIGNUP = "false"; - - # Use PostgreSQL - DB_ENGINE = "postgres"; - POSTGRES_USER = "mealie"; - POSTGRES_PASSWORD = ""; - POSTGRES_SERVER = "/run/postgresql"; - # Pydantic and/or mealie doesn't handle the URI correctly, hijack it - # with query parameters... - POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; - }; - }; - - systemd.services = { - mealie = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - }; - }; - - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "mealie" ]; - ensureUsers = [ - { - name = "mealie"; - ensureDBOwnership = true; - } - ]; - }; - - my.services.nginx.virtualHosts = { - mealie = { - inherit (cfg) port; - - extraConfig = { - # Allow bulk upload of recipes for import/export - locations."/".extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - }; -} diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 5104c8b..6d9ffc8 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -43,10 +43,11 @@ in }; }; - my.services.nginx.virtualHosts = { - reader = { + my.services.nginx.virtualHosts = [ + { + subdomain = "reader"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 49919c1..829bfe0 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -125,10 +125,11 @@ in ]; }; - my.services.nginx.virtualHosts = { - monitoring = { + my.services.nginx.virtualHosts = [ + { + subdomain = "monitoring"; inherit (cfg.grafana) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 944a97a..6c001fd 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -47,10 +47,11 @@ in }; }; - my.services.nginx.virtualHosts = { - music = { + my.services.nginx.virtualHosts = [ + { + subdomain = "music"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 51195df..260e73e 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud27; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; @@ -41,12 +41,7 @@ in adminpassFile = cfg.passwordFile; dbtype = "pgsql"; dbhost = "/run/postgresql"; - }; - - https = true; - - settings = { - overwriteprotocol = "https"; # Nginx only allows SSL + overwriteProtocol = "https"; # Nginx only allows SSL }; notify_push = { @@ -62,7 +57,7 @@ in ensureUsers = [ { name = "nextcloud"; - ensureDBOwnership = true; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; }; diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 7980ad9..6ca2e42 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -5,11 +5,10 @@ let domain = config.networking.domain; - virtualHostOption = with lib; types.submodule ({ name, ... }: { + virtualHostOption = with lib; types.submodule { options = { subdomain = mkOption { type = types.str; - default = name; example = "dev"; description = '' Which subdomain, under config.networking.domain, to use @@ -73,7 +72,7 @@ let ''; }; }; - }); + }; in { imports = [ @@ -98,18 +97,20 @@ in }; virtualHosts = mkOption { - type = types.attrsOf virtualHostOption; - default = { }; + type = types.listOf virtualHostOption; + default = [ ]; example = litteralExample '' - { - gitea = { - subdomain = "git"; + [ + { + subdomain = "gitea"; port = 8080; - }; - dev = { + } + { + subdomain = "dev"; root = "/var/www/dev"; - }; - jellyfin = { + } + { + subdomain = "jellyfin"; port = 8096; extraConfig = { locations."/socket" = { @@ -117,8 +118,8 @@ in proxyWebsockets = true; }; }; - }; - } + } + ] ''; description = '' List of virtual hosts to set-up using default settings. @@ -189,7 +190,7 @@ in config = lib.mkIf cfg.enable { assertions = [ ] - ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: + ++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: let conflicts = [ "port" "root" "socket" "redirect" ]; optionsNotNull = builtins.map (v: args.${v} != null) conflicts; @@ -208,7 +209,7 @@ in ports = lib.my.mapFilter (v: v != null) ({ port, ... }: port) - (lib.attrValues cfg.virtualHosts); + cfg.virtualHosts; portCounts = lib.my.countValues ports; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -220,7 +221,7 @@ in map mkAssertion nonUniques ) ++ ( let - subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts; + subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; subsCounts = lib.my.countValues subs; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -324,7 +325,7 @@ in ]) ); in - lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost; + lib.my.genAttrs' cfg.virtualHosts mkVHost; sso = { enable = true; @@ -402,11 +403,12 @@ in }; }; - my.services.nginx.virtualHosts = { - ${cfg.sso.subdomain} = { + my.services.nginx.virtualHosts = [ + { + subdomain = "login"; inherit (cfg.sso) port; - }; - }; + } + ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index 1ce3161..b3bdbf3 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -43,10 +43,11 @@ in signKeyPath = cfg.secretKeyFile; }; - my.services.nginx.virtualHosts = { - cache = { + my.services.nginx.virtualHosts = [ + { + subdomain = "cache"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f62879a..1ca1f66 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.paperless; in @@ -52,7 +52,7 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - settings = + extraConfig = let paperlessDomain = "paperless.${config.networking.domain}"; in @@ -80,9 +80,6 @@ in # Misc PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = cfg.username; - - # Fix classifier hangs - LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib"; }; # Admin password @@ -134,7 +131,7 @@ in ensureUsers = [ { name = "paperless"; - ensureDBOwnership = true; + ensurePermissions."DATABASE paperless" = "ALL PRIVILEGES"; } ]; }; @@ -146,8 +143,9 @@ in extraGroups = [ "media" ]; }; - my.services.nginx.virtualHosts = { - paperless = { + my.services.nginx.virtualHosts = [ + { + subdomain = "paperless"; inherit (cfg) port; sso = { enable = true; @@ -157,8 +155,8 @@ in extraConfig = { locations."/".proxyWebsockets = true; }; - }; - }; + } + ]; my.services.backup = { paths = [ diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index e500b54..59f9794 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -21,11 +21,12 @@ let }; mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { + my.services.nginx.virtualHosts = [ + { + subdomain = service; port = ports.${service}; - }; - }; + } + ]; }; mkFail2Ban = service: lib.mkIf cfg.${service}.enable { diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 5ceebb6..9793d60 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -31,10 +31,11 @@ in inherit (cfg) passwordFile port; }; - my.services.nginx.virtualHosts = { - podgrab = { + my.services.nginx.virtualHosts = [ + { + subdomain = "podgrab"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix deleted file mode 100644 index 88889bf..0000000 --- a/modules/nixos/services/pyload/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.pyload; -in -{ - options.my.services.pyload = with lib; { - enable = mkEnableOption "pyload download manager"; - - credentialsFile = mkOption { - type = types.path; - example = "/run/secrets/pyload-credentials.env"; - description = "pyload credentials"; - }; - - downloadDirectory = mkOption { - type = types.str; - default = "/data/downloads/pyload"; - example = "/var/lib/pyload/download"; - description = "Download directory"; - }; - - port = mkOption { - type = types.port; - default = 9093; - example = 8080; - description = "Internal port for webui"; - }; - }; - - config = lib.mkIf cfg.enable { - services.pyload = { - enable = true; - - # Listening on `localhost` leads to 502 with the reverse proxy... - listenAddress = "127.0.0.1"; - - inherit (cfg) - credentialsFile - downloadDirectory - port - ; - - # Use media group when downloading files - group = "media"; - }; - - # Set-up media group - users.groups.media = { }; - - my.services.nginx.virtualHosts = { - pyload = { - inherit (cfg) port; - }; - }; - - # FIXME: fail2ban - }; -} diff --git a/modules/nixos/services/quassel/default.nix b/modules/nixos/services/quassel/default.nix index 695f9e0..ec686e1 100644 --- a/modules/nixos/services/quassel/default.nix +++ b/modules/nixos/services/quassel/default.nix @@ -39,7 +39,7 @@ in ensureUsers = [ { name = "quassel"; - ensureDBOwnership = true; + ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES"; } ]; # Insecure, I don't care. diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3..7ab145f 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -18,11 +18,12 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = { - sabnzbd = { + my.services.nginx.virtualHosts = [ + { + subdomain = "sabnzbd"; inherit port; - }; - }; + } + ]; services.fail2ban.jails = { sabnzbd = '' diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 48ad7a8..83177c8 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -65,22 +65,16 @@ in ensureUsers = [ { name = "tandoor_recipes"; - ensureDBOwnership = true; + ensurePermissions."DATABASE tandoor_recipes" = "ALL PRIVILEGES"; } ]; }; - my.services.nginx.virtualHosts = { - recipes = { + my.services.nginx.virtualHosts = [ + { + subdomain = "recipes"; inherit (cfg) port; - - extraConfig = { - # Allow bulk upload of recipes for import/export - locations."/".extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index aeb88b7..28df477 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -80,11 +80,12 @@ in # Default transmission webui, I prefer combustion but its development # seems to have stalled - my.services.nginx.virtualHosts = { - transmission = { + my.services.nginx.virtualHosts = [ + { + subdomain = "transmission"; inherit (cfg) port; - }; - }; + } + ]; networking.firewall = { allowedTCPPorts = [ cfg.peerPort ]; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 6e7700f..1cdef5f 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -30,6 +30,8 @@ in frontendScheme = "https"; frontendHostname = vikunjaDomain; + setupNginx = false; + database = { type = "postgres"; user = "vikunja"; @@ -57,13 +59,31 @@ in }; # This is a weird setup - my.services.nginx.virtualHosts = { - ${subdomain} = { - socket = socketPath; - }; - }; + my.services.nginx.virtualHosts = [ + { + inherit subdomain; + # Serve the root for the web-ui + root = config.services.vikunja.package-frontend; - systemd.services.vikunja = { + extraConfig = { + locations = { + "/" = { + tryFiles = "try_files $uri $uri/ /"; + }; + + # Serve the API through a UNIX socket + "~* ^/(api|dav|\\.well-known)/" = { + proxyPass = "http://unix:${socketPath}"; + extraConfig = '' + client_max_body_size 20M; + ''; + }; + }; + }; + } + ]; + + systemd.services.vikunja-api = { serviceConfig = { # Use a system user to simplify using the CLI DynamicUser = lib.mkForce false; @@ -89,7 +109,7 @@ in ensureUsers = [ { name = "vikunja"; - ensureDBOwnership = true; + ensurePermissions = { "DATABASE vikunja" = "ALL PRIVILEGES"; }; } ]; }; diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index a76e424..fc5518d 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -13,7 +13,7 @@ let porthos = { clientNum = 1; publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ="; - externalIp = "37.187.146.15"; + externalIp = "91.121.177.163"; }; # "Clients" @@ -100,8 +100,6 @@ in options.my.services.wireguard = with lib; { enable = mkEnableOption "Wireguard VPN service"; - simpleManagement = my.mkDisableOption "manage units without password prompts"; - startAtBoot = mkEnableOption '' Should the VPN service be started at boot. Must be true for the server to work reliably. @@ -263,36 +261,5 @@ in (lib.mkIf (cfg.internal.enable && !cfg.internal.startAtBoot) { systemd.services."wg-quick-${cfg.internal.name}".wantedBy = lib.mkForce [ ]; }) - - # Make systemd shut down one service when starting the other - (lib.mkIf (cfg.internal.enable) { - systemd.services."wg-quick-${cfg.iface}" = { - conflicts = [ "wg-quick-${cfg.internal.name}.service" ]; - after = [ "wg-quick-${cfg.internal.name}.service" ]; - }; - systemd.services."wg-quick-${cfg.internal.name}" = { - conflicts = [ "wg-quick-${cfg.iface}.service" ]; - after = [ "wg-quick-${cfg.iface}.service" ]; - }; - }) - - # Make it possible to manage those units without using passwords, for admins - (lib.mkIf cfg.simpleManagement { - environment.etc."polkit-1/rules.d/50-wg-quick.rules".text = '' - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.systemd1.manage-units") { - var unit = action.lookup("unit") - if (unit == "wg-quick-${cfg.iface}.service" || unit == "wg-quick-${cfg.internal.name}.service") { - var verb = action.lookup("verb"); - if (verb == "start" || verb == "stop" || verb == "restart") { - if (subject.isInGroup("wheel")) { - return polkit.Result.YES; - } - } - } - } - }); - ''; - }) ]); } diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix index 012eaae..34ffca6 100644 --- a/modules/nixos/services/woodpecker/default.nix +++ b/modules/nixos/services/woodpecker/default.nix @@ -8,12 +8,6 @@ options.my.services.woodpecker = with lib; { enable = mkEnableOption "Woodpecker CI"; - forge = mkOption { - type = types.enum [ "gitea" "forgejo" ]; - default = "forgejo"; - example = "gitea"; - description = "Which Forge to connect to"; - }; runners = mkOption { type = with types; listOf (enum [ "exec" "docker" ]); default = [ ]; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index adf533e..d9f723b 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -17,7 +17,7 @@ in WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}"; WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL; + WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL; WOODPECKER_LOG_LEVEL = "debug"; }; @@ -48,18 +48,22 @@ in ensureDatabases = [ "woodpecker" ]; ensureUsers = [{ name = "woodpecker"; - ensureDBOwnership = true; + ensurePermissions = { + "DATABASE woodpecker" = "ALL PRIVILEGES"; + }; }]; }; - my.services.nginx.virtualHosts = { - woodpecker = { + my.services.nginx.virtualHosts = [ + { + subdomain = "woodpecker"; inherit (cfg) port; - }; + } # I might want to be able to RPC from other hosts in the future - woodpecker-rpc = { + { + subdomain = "woodpecker-rpc"; port = cfg.rpcPort; - }; - }; + } + ]; }; } diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix index e6fb25b..e7a4dd3 100644 --- a/modules/nixos/system/default.nix +++ b/modules/nixos/system/default.nix @@ -10,7 +10,6 @@ ./nix ./packages ./podman - ./polkit ./printing ./users ]; diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index ad13539..47d6499 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -56,8 +56,6 @@ in settings = { experimental-features = [ "nix-command" "flakes" ]; - # Trusted users are equivalent to root, and might as well allow wheel - trusted-users = [ "root" "@wheel" ]; }; }; } diff --git a/modules/nixos/system/polkit/default.nix b/modules/nixos/system/polkit/default.nix deleted file mode 100644 index 1e5b573..0000000 --- a/modules/nixos/system/polkit/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -# Polkit settings -{ config, lib, ... }: -let - cfg = config.my.system.polkit; -in -{ - options.my.system.polkit = with lib; { - enable = my.mkDisableOption "polkit configuration"; - }; - - config = lib.mkIf cfg.enable { - security.polkit = { - enable = true; - }; - }; -} diff --git a/modules/nixos/system/printing/default.nix b/modules/nixos/system/printing/default.nix index 0dfab0f..a4547ef 100644 --- a/modules/nixos/system/printing/default.nix +++ b/modules/nixos/system/printing/default.nix @@ -63,7 +63,7 @@ in enable = true; openFirewall = true; # Allow resolution of '.local' addresses - nssmdns4 = true; + nssmdns = true; }; }; } diff --git a/overlays/gruvbox-nvim-better-diff/colours.patch b/overlays/gruvbox-nvim-better-diff/colours.patch new file mode 100644 index 0000000..5b0d61a --- /dev/null +++ b/overlays/gruvbox-nvim-better-diff/colours.patch @@ -0,0 +1,28 @@ +From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001 +From: eeeXun +Date: Thu, 19 Oct 2023 02:34:12 +0800 +Subject: Use better diff colours + +--- + README.md | 3 ++- + lua/gruvbox.lua | 7 ++++--- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua +index ceba0735..a319fc6a 100644 +--- a/lua/gruvbox.lua ++++ b/lua/gruvbox.lua +@@ -360,9 +361,9 @@ local function get_groups() + PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold }, + PmenuSbar = { bg = colors.bg2 }, + PmenuThumb = { bg = colors.bg4 }, +- DiffDelete = { bg = colors.dark_red }, +- DiffAdd = { bg = colors.dark_green }, +- DiffChange = { bg = colors.dark_aqua }, +- DiffText = { bg = colors.yellow, fg = colors.bg0 }, ++ DiffDelete = { fg = colors.red }, ++ DiffAdd = { fg = colors.green }, ++ DiffChange = { fg = colors.aqua }, ++ DiffText = { fg = colors.yellow, bg = colors.bg0 }, + SpellCap = { link = "GruvboxBlueUnderline" }, + SpellBad = { link = "GruvboxRedUnderline" }, diff --git a/overlays/gruvbox-nvin-expose-palette/default.nix b/overlays/gruvbox-nvim-better-diff/default.nix similarity index 100% rename from overlays/gruvbox-nvin-expose-palette/default.nix rename to overlays/gruvbox-nvim-better-diff/default.nix diff --git a/overlays/gruvbox-nvim-better-diff/generated.nix b/overlays/gruvbox-nvim-better-diff/generated.nix new file mode 100644 index 0000000..50ea4ad --- /dev/null +++ b/overlays/gruvbox-nvim-better-diff/generated.nix @@ -0,0 +1,24 @@ +{ vimUtils, fetchFromGitHub }: + +_final: _prev: { + gruvbox-nvim = vimUtils.buildVimPlugin { + pname = "gruvbox.nvim"; + version = "2023-10-07"; + + src = fetchFromGitHub { + owner = "ellisonleao"; + repo = "gruvbox.nvim"; + rev = "477c62493c82684ed510c4f70eaf83802e398898"; + sha256 = "0250c24c6n6yri48l288irdawhqs16qna3y74rdkgjd2jvh66vdm"; + }; + + patches = [ + # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291 + ./colours.patch + ]; + + meta = { + homepage = "https://github.com/ellisonleao/gruvbox.nvim/"; + }; + }; +} diff --git a/overlays/gruvbox-nvin-expose-palette/generated.nix b/overlays/gruvbox-nvin-expose-palette/generated.nix deleted file mode 100644 index c52ad04..0000000 --- a/overlays/gruvbox-nvin-expose-palette/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/ellisonleao/gruvbox.nvim/pull/319 - (fetchpatch { - name = "expose-color-palette.patch"; - url = "https://github.com/ellisonleao/gruvbox.nvim/commit/07a493ba4f8b650aab9ed9e486caa89822be0996.patch"; - hash = "sha256-iGwt8qIHe2vaiAUcpaUxyGlM472F89vobTdQ7CF/H70="; - }) - ]; - }); -} diff --git a/overlays/tandoor-recipes-bump-allauth/bump-allauth.patch b/overlays/tandoor-recipes-bump-allauth/bump-allauth.patch new file mode 100644 index 0000000..84dfaee --- /dev/null +++ b/overlays/tandoor-recipes-bump-allauth/bump-allauth.patch @@ -0,0 +1,38 @@ +From 8f66f5c3ca61751a80cc133ff4c59019d6fca406 Mon Sep 17 00:00:00 2001 +From: Bruno BELANYI +Date: Tue, 31 Oct 2023 12:15:30 +0000 +Subject: [PATCH] Bump django-allauth from 0.54.0 to 0.58.1 + +See the backwards incompatible changes [1]. + +[1]: https://docs.allauth.org/en/latest/release-notes/recent.html#id10 +--- + recipes/settings.py | 1 + + requirements.txt | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/recipes/settings.py b/recipes/settings.py +index df2c2b1de..b836ea656 100644 +--- a/recipes/settings.py ++++ b/recipes/settings.py +@@ -218,6 +218,7 @@ + 'django.middleware.locale.LocaleMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'cookbook.helper.scope_middleware.ScopeMiddleware', ++ 'allauth.account.middleware.AccountMiddleware', + ] + + if DEBUG_TOOLBAR: +diff --git a/requirements.txt b/requirements.txt +index 26d81b471..09ed2381a 100644 +--- a/requirements.txt ++++ b/requirements.txt +@@ -29,7 +29,7 @@ microdata==0.8.0 + Jinja2==3.1.2 + django-webpack-loader==1.8.1 + git+https://github.com/BITSOLVER/django-js-reverse@071e304fd600107bc64bbde6f2491f1fe049ec82 +-django-allauth==0.54.0 ++django-allauth==0.58.1 + recipe-scrapers==14.36.1 + django-scopes==2.0.0 + pytest==7.3.1 diff --git a/overlays/tandoor-recipes-bump-allauth/default.nix b/overlays/tandoor-recipes-bump-allauth/default.nix new file mode 100644 index 0000000..dfbfec9 --- /dev/null +++ b/overlays/tandoor-recipes-bump-allauth/default.nix @@ -0,0 +1,9 @@ +_self: prev: +{ + tandoor-recipes = prev.tandoor-recipes.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/TandoorRecipes/recipes/pull/2706 + ./bump-allauth.patch + ]; + }); +} diff --git a/pkgs/bt-migrate/default.nix b/pkgs/bt-migrate/default.nix deleted file mode 100644 index df99c55..0000000 --- a/pkgs/bt-migrate/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib -, boost -, cmake -, cxxopts -, digestpp -, fetchFromGitHub -, fmt -, jsoncons -, pugixml -, sqlite_orm -, stdenv -}: -stdenv.mkDerivation { - pname = "bt-migrate"; - version = "0-unstable-2023-08-17"; - - src = fetchFromGitHub { - owner = "mikedld"; - repo = "bt-migrate"; - rev = "e15a489c0c76f98355586ebbee08223af4e9bf50"; - hash = "sha256-kA6yxhbIh3ThmgF8Zyoe3I79giLVmdNr9IIrw5Xx4s0="; - }; - - nativeBuildInputs = [ - cmake - ]; - - buildInputs = [ - boost - cxxopts - fmt - jsoncons - pugixml - sqlite_orm - ]; - - cmakeFlags = [ - (lib.strings.cmakeBool "USE_VCPKG" false) - # NOTE: digestpp does not have proper CMake packaging (yet?) - (lib.strings.cmakeBool "USE_FETCHCONTENT" true) - (lib.strings.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DIGESTPP" "${digestpp}/include/digestpp") - ]; - - # NOTE: no install target in CMake... - installPhase = '' - runHook preInstall - - mkdir -p $out/bin - cp BtMigrate $out/bin - - runHook postInstall - ''; - - meta = with lib; { - description = "Torrent state migration tool"; - homepage = "https://github.com/mikedld/bt-migrate"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ ambroisie ]; - mainProgram = "BtMigrate"; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index e82a90c..664b5a4 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,7 +1,5 @@ { pkgs }: pkgs.lib.makeScope pkgs.newScope (pkgs: { - bt-migrate = pkgs.callPackage ./bt-migrate { }; - bw-pass = pkgs.callPackage ./bw-pass { }; change-audio = pkgs.callPackage ./change-audio { }; @@ -12,12 +10,14 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { diff-flake = pkgs.callPackage ./diff-flake { }; - digestpp = pkgs.callPackage ./digestpp { }; - dragger = pkgs.callPackage ./dragger { }; drone-rsync = pkgs.callPackage ./drone-rsync { }; + drone-scp = pkgs.callPackage ./drone-scp { }; + + ff2mpv-go = pkgs.callPackage ./ff2mpv-go { }; + i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { }; lohr = pkgs.callPackage ./lohr { }; @@ -30,9 +30,13 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { rbw-pass = pkgs.callPackage ./rbw-pass { }; - sqlite_orm = pkgs.callPackage ./sqlite_orm { }; - unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { }; + unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { }; + + vimix-cursors = pkgs.callPackage ./vimix-cursors { }; + + wifi-qr = pkgs.callPackage ./wifi-qr { }; + zsh-done = pkgs.callPackage ./zsh-done { }; }) diff --git a/pkgs/digestpp/default.nix b/pkgs/digestpp/default.nix deleted file mode 100644 index 2fd90db..0000000 --- a/pkgs/digestpp/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib -, fetchFromGitHub -, stdenv -}: -stdenv.mkDerivation { - pname = "digestpp"; - version = "0-unstable-2023-11-07"; - - src = fetchFromGitHub { - owner = "kerukuro"; - repo = "digestpp"; - rev = "ebb699402c244e22c3aff61d2239bcb2e87b8ef8"; - hash = "sha256-9X/P7DgZB6bSYjQWRli4iAXEFjhmACOVv3EYQrXuH5c="; - }; - - installPhase = '' - runHook preInstall - - mkdir -p $out/include/digestpp - cp -r *.hpp algorithm/ detail/ $out/include/digestpp - - runHook postInstall - ''; - - meta = with lib; { - description = "C++11 header-only message digest library"; - homepage = "https://github.com/kerukuro/digestpp"; - license = licenses.unlicense; - maintainers = with maintainers; [ ambroisie ]; - }; -} diff --git a/pkgs/drone-scp/default.nix b/pkgs/drone-scp/default.nix new file mode 100644 index 0000000..7437b06 --- /dev/null +++ b/pkgs/drone-scp/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: +buildGoModule rec { + pname = "drone-scp"; + version = "1.6.3"; + + src = fetchFromGitHub { + owner = "appleboy"; + repo = "drone-scp"; + rev = "v${version}"; + hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0="; + }; + + vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI="; + + doCheck = false; # Needs a specific user... + + meta = with lib; { + description = '' + Copy files and artifacts via SSH using a binary, docker or Drone CI + ''; + homepage = "https://github.com/appleboy/drone-scp"; + license = licenses.mit; + mainProgram = "drone-scp"; + }; +} diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index ddeac7a..a83b092 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -1,16 +1,16 @@ { lib, fetchFromGitHub, rustPlatform }: rustPlatform.buildRustPackage rec { pname = "lohr"; - version = "0.4.5"; + version = "0.4.2"; src = fetchFromGitHub { owner = "alarsyo"; repo = "lohr"; rev = "v${version}"; - hash = "sha256-p6E/r+OxFTpxDpOKSlacOxvRLfHSKg1mHNAfTytfqDY="; + hash = "sha256-2pN/Me5fCdE++TzBUswPXzjuUIIB7Uck+Scp361JgE4="; }; - cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; + cargoHash = "sha256-YHg4b6rKcnVJSDoWh9/o+p40NBog65Gd2/UwIDXiUe0="; meta = with lib; { description = "Git mirroring daemon"; diff --git a/pkgs/matrix-notifier/default.nix b/pkgs/matrix-notifier/default.nix index aba093f..a96cb61 100644 --- a/pkgs/matrix-notifier/default.nix +++ b/pkgs/matrix-notifier/default.nix @@ -1,13 +1,13 @@ { lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }: stdenvNoCC.mkDerivation rec { pname = "matrix-notifier"; - version = "0.4.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "ambroisie"; repo = "matrix-notifier"; rev = "v${version}"; - hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY="; + hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0="; }; nativeBuildInputs = [ diff --git a/pkgs/sqlite_orm/default.nix b/pkgs/sqlite_orm/default.nix deleted file mode 100644 index 3891eee..0000000 --- a/pkgs/sqlite_orm/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib -, cmake -, fetchFromGitHub -, sqlite -, stdenv -}: -stdenv.mkDerivation (finalAttrs: { - pname = "sqlite_orm"; - version = "1.8.2"; - - src = fetchFromGitHub { - owner = "fnc12"; - repo = "sqlite_orm"; - rev = "v${finalAttrs.version}"; - hash = "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc="; - }; - - nativeBuildInputs = [ - cmake - ]; - - propagatedBuildInputs = [ - sqlite - ]; - - meta = with lib; { - description = "Light header only SQLite ORM"; - homepage = "https://sqliteorm.com/"; - license = licenses.agpl3Only; # MIT license is commercial - maintainers = with maintainers; [ ambroisie ]; - }; -}) diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 642ac41..b8392ae 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,9 +1,9 @@ -{ lib, gawk, stdenvNoCC, stevenblack-blocklist }: +{ lib, gawk, stdenvNoCC, unified-hosts-lists }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = stevenblack-blocklist.rev; + version = unified-hosts-lists.version; - src = stevenblack-blocklist; + src = unified-hosts-lists; dontUnpack = true; @@ -18,11 +18,9 @@ stdenvNoCC.mkDerivation { ]; in '' - shopt -s globstar - for file in $src/**/hosts; do - outFile="$out/''${file#$src}" - mkdir -p "$(dirname "$outFile")" - ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile" + mkdir -p $out + for file in $src/*; do + ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file) done ''; diff --git a/pkgs/unified-hosts-lists/default.nix b/pkgs/unified-hosts-lists/default.nix new file mode 100644 index 0000000..06d24ac --- /dev/null +++ b/pkgs/unified-hosts-lists/default.nix @@ -0,0 +1,34 @@ +{ lib, fetchFromGitHub, stdenvNoCC }: +stdenvNoCC.mkDerivation rec { + pname = "unified-hosts-lists"; + version = "3.12.15"; + + src = fetchFromGitHub { + owner = "StevenBlack"; + repo = "hosts"; + rev = version; + hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE="; + }; + + dontUnpack = true; + + installPhase = '' + mkdir -p $out + cp -r $src/hosts $out + for file in $src/alternates/*/hosts; do + cp $file $out/$(basename $(dirname $file)) + done + ''; + + meta = with lib; { + description = "Unified host lists"; + longDescription = '' + Consolidating and extending hosts files from several well-curated sources. + Optionally pick extensions for porn, social media, and other categories. + ''; + homepage = "https://github.com/StevenBlack/hosts"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/vimix-cursors/default.nix b/pkgs/vimix-cursors/default.nix new file mode 100644 index 0000000..80424de --- /dev/null +++ b/pkgs/vimix-cursors/default.nix @@ -0,0 +1,44 @@ +{ lib, python3, fetchFromGitHub, inkscape, stdenvNoCC, xcursorgen }: +let + py = python3.withPackages (ps: with ps; [ cairosvg ]); +in +stdenvNoCC.mkDerivation rec { + pname = "vimix-cursors"; + version = "unstable-2020-04-28"; + + src = fetchFromGitHub { + owner = "vinceliuice"; + repo = pname; + rev = "27ebb1935944bc986bf8ae85ee3343b8351d9823"; + hash = "sha256-bIPRrKaNQ2Eo+T6zv7qeA1z7uRHXezM0yxh+uqA01Gs="; + }; + + nativeBuildInputs = [ + inkscape + py + xcursorgen + ]; + + postPatch = '' + patchShebangs . + ''; + + buildPhase = '' + HOME="$NIX_BUILD_ROOT" ./build.sh + ''; + + installPhase = '' + install -dm 755 $out/share/icons + for color in "" "-white"; do + cp -pr dist''${color}/ "$out/share/icons/Vimix''${color}-cursors" + done + ''; + + meta = with lib; { + description = "An X cursor theme inspired by Materia design"; + homepage = "https://github.com/vinceliuice/Vimix-cursors"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/wifi-qr/default.nix b/pkgs/wifi-qr/default.nix new file mode 100644 index 0000000..88164e5 --- /dev/null +++ b/pkgs/wifi-qr/default.nix @@ -0,0 +1,81 @@ +{ lib +, fetchFromGitHub +, gnome +, installShellFiles +, makeWrapper +, networkmanager +, qrencode +, stdenvNoCC +, xdg-utils +, zbar +}: +stdenvNoCC.mkDerivation rec { + pname = "wifi-qr"; + version = "unstable-2023-04-19"; + + outputs = [ "out" "man" ]; + + src = fetchFromGitHub { + owner = "kokoye2007"; + repo = "wifi-qr"; + rev = "b81d4a44257252f07e745464879aa5618ae3d434"; + hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0="; + }; + + nativeBuildInputs = [ + installShellFiles + makeWrapper + ]; + + dontBuild = true; + + dontConfigure = true; + + postPatch = '' + substituteInPlace wifi-qr.desktop \ + --replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \ + --replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \ + --replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \ + --replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \ + --replace "Icon=wifi-qr.svg" "Icon=wifi-qr" + ''; + + installPhase = '' + runHook preInstall + + install -Dm755 wifi-qr $out/bin/wifi-qr + + install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop + install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg + + installManPage wifi-qr.1 + + runHook postInstall + ''; + + wrapperPath = lib.makeBinPath [ + gnome.zenity + networkmanager + qrencode + xdg-utils + zbar + ]; + + fixupPhase = '' + runHook preFixup + + patchShebangs $out/bin/wifi-qr + wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}" + + runHook postFixup + ''; + + meta = with lib; { + description = "WiFi password sharing via QR codes"; + homepage = "https://github.com/kokoye2007/wifi-qr"; + license = with licenses; [ gpl3Plus ]; + mainProgram = "wifi-qr"; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/zsh-done/default.nix b/pkgs/zsh-done/default.nix index 8fac813..bddc6c1 100644 --- a/pkgs/zsh-done/default.nix +++ b/pkgs/zsh-done/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "zsh-done"; - version = "0.1.1"; + version = "0.1.0"; src = fetchFromGitHub { owner = "ambroisie"; repo = "zsh-done"; rev = "v${version}"; - hash = "sha256-dyhPhoMrAfDWtrBX5TA+B3G7QZ7gBhoDGNOEqGsCBQU="; + hash = "sha256-DC7urJDXPP9vBYABrJF5KZ4HfMbrpHIVogSmEB8PWLA="; }; dontConfigure = true; @@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation rec { description = '' A zsh plug-in to receive notifications when long processes finish ''; - homepage = "https://git.belanyi.fr/ambroisie/zsh-done"; + homepage = "https://gitea.belanyi.fr/ambroisie/zsh-done"; license = licenses.mit; platforms = platforms.unix; maintainers = with maintainers; [ ambroisie ]; diff --git a/templates/c++-bazel/.bazelrc b/templates/c++-bazel/.bazelrc index 0ef96ae..6345fb5 100644 --- a/templates/c++-bazel/.bazelrc +++ b/templates/c++-bazel/.bazelrc @@ -1,4 +1,4 @@ -# rule_nixpkgs' specific configuration +# rule_nixpkgs' specific configuration build --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host build --crosstool_top=@nixpkgs_config_cc//:toolchain diff --git a/templates/c++-bazel/.envrc b/templates/c++-bazel/.envrc index de77fcb..ccf325e 100644 --- a/templates/c++-bazel/.envrc +++ b/templates/c++-bazel/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" fi use flake diff --git a/templates/c++-bazel/.woodpecker/check.yml b/templates/c++-bazel/.woodpecker/check.yml index 4ff7dba..628e491 100644 --- a/templates/c++-bazel/.woodpecker/check.yml +++ b/templates/c++-bazel/.woodpecker/check.yml @@ -1,12 +1,7 @@ labels: - backend: local + type: exec steps: -- name: pre-commit check - image: bash - commands: - - nix develop --command pre-commit run --all - - name: nix flake check image: bash commands: @@ -14,17 +9,17 @@ steps: - name: notifiy image: bash - environment: - ADDRESS: - from_secret: matrix_homeserver - ROOM: - from_secret: matrix_roomid - USER: - from_secret: matrix_username - PASS: - from_secret: matrix_password + secrets: + - source: matrix_homeserver + target: address + - source: matrix_roomid + target: room + - source: matrix_username + target: user + - source: matrix_password + target: pass commands: - - nix run github:ambroisie/matrix-notifier + - nix run '.#matrix-notifier' when: status: - failure diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc index de77fcb..ccf325e 100644 --- a/templates/c++-cmake/.envrc +++ b/templates/c++-cmake/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" fi use flake diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 4ff7dba..628e491 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -1,12 +1,7 @@ labels: - backend: local + type: exec steps: -- name: pre-commit check - image: bash - commands: - - nix develop --command pre-commit run --all - - name: nix flake check image: bash commands: @@ -14,17 +9,17 @@ steps: - name: notifiy image: bash - environment: - ADDRESS: - from_secret: matrix_homeserver - ROOM: - from_secret: matrix_roomid - USER: - from_secret: matrix_username - PASS: - from_secret: matrix_password + secrets: + - source: matrix_homeserver + target: address + - source: matrix_roomid + target: room + - source: matrix_username + target: user + - source: matrix_password + target: pass commands: - - nix run github:ambroisie/matrix-notifier + - nix run '.#matrix-notifier' when: status: - failure diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index db3b35c..cb468e7 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -52,7 +52,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://git.belanyi.fr/ambroisie/project"; + homepage = "https://gitea.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; diff --git a/templates/c++-cmake/tests/unit/CMakeLists.txt b/templates/c++-cmake/tests/unit/CMakeLists.txt index 266e3e3..bb94448 100644 --- a/templates/c++-cmake/tests/unit/CMakeLists.txt +++ b/templates/c++-cmake/tests/unit/CMakeLists.txt @@ -1,15 +1,15 @@ find_package(GTest) -if(${GTest_FOUND}) - include(GoogleTest) +if (${GTest_FOUND}) +include(GoogleTest) - add_executable(dummy_test dummy_test.cc) - target_link_libraries(dummy_test PRIVATE common_options) +add_executable(dummy_test dummy_test.cc) +target_link_libraries(dummy_test PRIVATE common_options) - target_link_libraries(dummy_test PRIVATE - GTest::gtest - GTest::gtest_main - ) +target_link_libraries(dummy_test PRIVATE + GTest::gtest + GTest::gtest_main +) - gtest_discover_tests(dummy_test) -endif() +gtest_discover_tests(dummy_test) +endif (${GTest_FOUND}) diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc index de77fcb..ccf325e 100644 --- a/templates/c++-meson/.envrc +++ b/templates/c++-meson/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +if ! has nix_direnv_version || ! nix_direnv_version 2.4.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.4.0/direnvrc" "sha256-XQzUAvL6pysIJnRJyR7uVpmUSZfc7LSgWQwq/4mBr1U=" fi use flake diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 4ff7dba..628e491 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -1,12 +1,7 @@ labels: - backend: local + type: exec steps: -- name: pre-commit check - image: bash - commands: - - nix develop --command pre-commit run --all - - name: nix flake check image: bash commands: @@ -14,17 +9,17 @@ steps: - name: notifiy image: bash - environment: - ADDRESS: - from_secret: matrix_homeserver - ROOM: - from_secret: matrix_roomid - USER: - from_secret: matrix_username - PASS: - from_secret: matrix_password + secrets: + - source: matrix_homeserver + target: address + - source: matrix_roomid + target: room + - source: matrix_username + target: user + - source: matrix_password + target: pass commands: - - nix run github:ambroisie/matrix-notifier + - nix run '.#matrix-notifier' when: status: - failure diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 5957c62..9cfed0d 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -52,7 +52,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://git.belanyi.fr/ambroisie/project"; + homepage = "https://gitea.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; diff --git a/templates/default.nix b/templates/default.nix index 31c3a81..f58fd72 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -5,6 +5,6 @@ }; "c++-meson" = { path = ./c++-meson; - description = "A C++ project using Meson"; + description = "A C++ project using CMake"; }; }