ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:3f1840b42ccd493e9ce0154defbd6415bd336dda
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
..
compare: ambroisie:8987085494b71c0318fb403320d48b22b8717522
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

6 commits
3f1840b42c ... 8987085494

Author SHA1 Message Date
Bruno BELANYI
8987085494 WIP: xterm.js
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-17 09:58:45 +00:00
Bruno BELANYI
29ae755d41 [2] WIP: home: tmux: fix undercurl rendering
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2025-04-16 21:28:17 +01:00
Bruno BELANYI
ecd65c5e86 home: tmux: fix undercurl rendering 2025-04-16 21:28:17 +01:00
Bruno BELANYI
7c52c6a6d4 home: tmux: refactor 'mkTerminalFlags' 
I'm about to add a similar helper for `terminal-overrides`, hence making
`mkTerminalFlags` the helper and `mkTerminalFeatures` the new function.
 2025-04-16 21:28:17 +01:00
Bruno BELANYI
19ba9e9442 hosts: homes: bazin: fix terminal name 
Turns out I *can* use a more accurate terminfo entry for HTerm.

This fixes undercurl rendering in that terminal.
 2025-04-16 21:28:17 +01:00
Bruno BELANYI
ea5d240d83 hosts: homes: mousqueton: fix terminal name 
Turns out I *can* use a more accurate terminfo entry for HTerm.

This fixes undercurl rendering in that terminal.
 2025-04-16 21:28:17 +01:00
35 changed files with 288 additions and 485 deletions
Download patch file Download diff file Expand all files Collapse all files

42
flake.lock generated
View file

@ -14,11 +14,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754337839, "lastModified": 1736955230,
"narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,11 +36,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744478979, "lastModified": 1700795494,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754091436, "lastModified": 1743550720,
"narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -117,11 +117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750779888, "lastModified": 1742649964,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,11 +159,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754365350, "lastModified": 1743869639,
"narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -175,11 +175,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1754372978, "lastModified": 1744777043,
"narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,11 +200,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1753980880, "lastModified": 1741294988,
"narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake/home-manager.nix
View file

@ -22,6 +22,10 @@ let
]; ];
mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration {
# Work-around for home-manager
# * not letting me set `lib` as an extraSpecialArgs
# * not respecting `nixpkgs.overlays` [1]
# [1]: https://github.com/nix-community/home-manager/issues/2954
pkgs = inputs.nixpkgs.legacyPackages.${system}; pkgs = inputs.nixpkgs.legacyPackages.${system};
modules = defaultModules ++ [ modules = defaultModules ++ [

4
flake/nixos.nix
View file

@ -15,10 +15,8 @@ let
]; ];
buildHost = name: system: lib.nixosSystem { buildHost = name: system: lib.nixosSystem {
inherit system;
modules = defaultModules ++ [ modules = defaultModules ++ [
{
nixpkgs.hostPlatform = system;
}
"${self}/hosts/nixos/${name}" "${self}/hosts/nixos/${name}"
]; ];
specialArgs = { specialArgs = {

18
hosts/homes/ambroisie@bazin/default.nix
View file

@ -4,20 +4,6 @@
services.gpg-agent.enable = lib.mkForce false; services.gpg-agent.enable = lib.mkForce false;
my.home = { my.home = {
atuin = {
package = pkgs.stdenv.mkDerivation {
pname = "atuin";
version = "18.4.0";
buildCommand = ''
mkdir -p $out/bin
ln -s /usr/bin/atuin $out/bin/atuin
'';
meta.mainProgram = "atuin";
};
};
git = { git = {
package = pkgs.emptyDirectory; package = pkgs.emptyDirectory;
}; };
@ -27,8 +13,8 @@
enablePassthrough = true; enablePassthrough = true;
terminalFeatures = { terminalFeatures = {
# HTerm uses `xterm-256color` as its `$TERM`, so use that here # HTerm configured to use a more accurate terminfo entry than `xterm-256color`
xterm-256color = { }; hterm-256color = { };
# Terminal app uses `xterm.js`, not HTerm # Terminal app uses `xterm.js`, not HTerm
"xterm.js" = { }; "xterm.js" = { };
}; };

18
hosts/homes/ambroisie@mousqueton/default.nix
View file

@ -7,20 +7,6 @@
services.gpg-agent.enable = lib.mkForce false; services.gpg-agent.enable = lib.mkForce false;
my.home = { my.home = {
atuin = {
package = pkgs.stdenv.mkDerivation {
pname = "atuin";
version = "18.4.0";
buildCommand = ''
mkdir -p $out/bin
ln -s /usr/bin/atuin $out/bin/atuin
'';
meta.mainProgram = "atuin";
};
};
git = { git = {
package = pkgs.emptyDirectory; package = pkgs.emptyDirectory;
}; };
@ -33,8 +19,8 @@
enableResurrect = true; enableResurrect = true;
terminalFeatures = { terminalFeatures = {
# HTerm uses `xterm-256color` as its `$TERM`, so use that here # HTerm configured to use a more accurate terminfo entry than `xterm-256color`
xterm-256color = { }; hterm-256color = { };
# Terminal app uses `xterm.js`, not HTerm # Terminal app uses `xterm.js`, not HTerm
"xterm.js" = { }; "xterm.js" = { };
}; };

2
hosts/nixos/aramis/home.nix
View file

@ -20,7 +20,7 @@
element-desktop # Matrix client element-desktop # Matrix client
jellyfin-media-player # Wraps the webui and mpv together jellyfin-media-player # Wraps the webui and mpv together
pavucontrol # Audio mixer GUI pavucontrol # Audio mixer GUI
trgui-ng # Transmission remote transgui # Transmission remote
]; ];
# Minimal video player # Minimal video player
mpv.enable = true; mpv.enable = true;

BIN
hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age
View file

Binary file not shown.

4
modules/home/default.nix
View file

@ -8,7 +8,6 @@
./bluetooth ./bluetooth
./calibre ./calibre
./comma ./comma
./delta
./dircolors ./dircolors
./direnv ./direnv
./discord ./discord
@ -51,6 +50,9 @@
# First sane reproducible version # First sane reproducible version
home.stateVersion = "20.09"; home.stateVersion = "20.09";
# Who am I?
home.username = "ambroisie";
# Start services automatically # Start services automatically
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
} }

68
modules/home/delta/default.nix
View file

@ -1,68 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.my.home.delta;
in
{
options.my.home.delta = with lib; {
enable = my.mkDisableOption "delta configuration";
package = mkPackageOption pkgs "delta" { };
git = {
enable = my.mkDisableOption "git integration";
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
# For its configuration
assertion = cfg.enable -> cfg.git.enable;
message = ''
`config.my.home.delta` must enable `config.my.home.delta.git` to be
properly configured.
'';
}
{
assertion = cfg.enable -> config.programs.git.enable;
message = ''
`config.my.home.delta` relies on `config.programs.git` to be
enabled.
'';
}
];
home.packages = [ cfg.package ];
programs.git = lib.mkIf cfg.git.enable {
delta = {
enable = true;
inherit (cfg) package;
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
};
};
}

2
modules/home/direnv/lib/python.sh
View file

@ -46,7 +46,7 @@ layout_uv() {
fi fi
# create venv if it doesn't exist # create venv if it doesn't exist
uv venv -q --allow-existing uv venv -q
export VIRTUAL_ENV export VIRTUAL_ENV
export UV_ACTIVE=1 export UV_ACTIVE=1

4
modules/home/firefox/tridactyl/default.nix
View file

@ -12,7 +12,9 @@ let
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc { xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll {
src = ./tridactylrc;
editorcmd = lib.concatStringsSep " " [ editorcmd = lib.concatStringsSep " " [
# Use my configured terminal # Use my configured terminal
term term

28
modules/home/git/default.nix
View file

@ -42,6 +42,34 @@ in
lfs.enable = true; lfs.enable = true;
delta = {
enable = true;
options = {
features = "diff-highlight decorations";
# Less jarring style for `diff-highlight` emulation
diff-highlight = {
minus-style = "red";
minus-non-emph-style = "red";
minus-emph-style = "bold red 52";
plus-style = "green";
plus-non-emph-style = "green";
plus-emph-style = "bold green 22";
whitespace-error-style = "reverse red";
};
# Personal preference for easier reading
decorations = {
commit-style = "raw"; # Do not recolor meta information
keep-plus-minus-markers = true;
paging = "always";
};
};
};
# There's more # There's more
extraConfig = { extraConfig = {
# Makes it a bit more readable # Makes it a bit more readable

2
modules/home/gpg/default.nix
View file

@ -17,7 +17,7 @@ in
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; # One agent to rule them all enableSshSupport = true; # One agent to rule them all
pinentry.package = cfg.pinentry; pinentryPackage = cfg.pinentry;
extraConfig = '' extraConfig = ''
allow-loopback-pinentry allow-loopback-pinentry
''; '';

18
modules/home/tmux/default.nix
View file

@ -6,7 +6,7 @@ let
(config.my.home.wm.windowManager != null) (config.my.home.wm.windowManager != null)
]; ];
mkTerminalFlag = tmuxVar: opt: flag: mkTerminalFlags = tmuxVar: opt: flag:
let let
mkFlag = term: ''set -as ${tmuxVar} ",${term}:${flag}"''; mkFlag = term: ''set -as ${tmuxVar} ",${term}:${flag}"'';
enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures;
@ -14,8 +14,8 @@ let
in in
lib.concatMapStringsSep "\n" mkFlag terminals; lib.concatMapStringsSep "\n" mkFlag terminals;
mkTerminalFeature = mkTerminalFlag "terminal-features"; mkTerminalFeatures = mkTerminalFlags "terminal-features";
mkTerminalOverride = mkTerminalFlag "terminal-overrides"; mkTerminalOverrides = mkTerminalFlags "terminal-overrides";
in in
{ {
options.my.home.tmux = with lib; { options.my.home.tmux = with lib; {
@ -53,7 +53,7 @@ in
keyMode = "vi"; # Home-row keys and other niceties keyMode = "vi"; # Home-row keys and other niceties
clock24 = true; # I'm one of those heathens clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead escapeTime = 0; # Let vim do its thing instead
historyLimit = 1000000; # Bigger buffer historyLimit = 100000; # Bigger buffer
mouse = false; # I dislike mouse support mouse = false; # I dislike mouse support
focusEvents = true; # Report focus events focusEvents = true; # Report focus events
terminal = "tmux-256color"; # I want accurate termcap info terminal = "tmux-256color"; # I want accurate termcap info
@ -142,14 +142,14 @@ in
} }
# Force OSC8 hyperlinks for each relevant $TERM # Force OSC8 hyperlinks for each relevant $TERM
${mkTerminalFeature "hyperlinks" "hyperlinks"} ${mkTerminalFeatures "hyperlinks" "hyperlinks"}
# Force 24-bit color for each relevant $TERM # Force 24-bit color for each relevant $TERM
${mkTerminalFeature "trueColor" "RGB"} ${mkTerminalFeatures "trueColor" "RGB"}
# Force underscore style/color for each relevant $TERM # Force underscore style/color for each relevant $TERM
${mkTerminalFeature "underscoreStyle" "usstyle"} ${mkTerminalFeatures "underscoreStyle" "usstyle"}
# FIXME: see https://github.com/folke/tokyonight.nvim#fix-undercurls-in-tmux for additional overrides # FIXME: see https://github.com/folke/tokyonight.nvim#fix-undercurls-in-tmux for additional overrides
# ${mkTerminalOverride "underscoreStyle" "Smulx=\\E[4::%p1%dm"} # ${mkTerminalOverrides "underscoreStyle" "Smulx=\\E[4::%p1%dm"}
# ${mkTerminalOverride "underscoreStyle" "Setulc=\\E[58::2::::%p1%{65536}%/%d::%p1%{256}%/%{255}%&%d::%p1%{255}%&%d%;m"} # ${mkTerminalOverrides "underscoreStyle" "Setulc=\\E[58::2::::%p1%{65536}%/%d::%p1%{256}%/%{255}%&%d::%p1%{255}%&%d%;m"}
''; '';
}; };
} }

6
modules/home/vim/after/queries/gitcommit/highlights.scm
View file

@ -1,6 +0,0 @@
; extends
; Highlight over-extended subject lines (rely on wrapping for message body)
((subject) @comment.error
(#vim-match? @comment.error ".\{50,}")
(#offset! @comment.error 0 50 0 0))

1
modules/home/vim/default.nix
View file

@ -80,6 +80,7 @@ in
nvim-surround # Deal with pairs, now in Lua nvim-surround # Deal with pairs, now in Lua
oil-nvim # Better alternative to NetrW oil-nvim # Better alternative to NetrW
telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm
telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions
telescope-nvim # Fuzzy finder interface telescope-nvim # Fuzzy finder interface
which-key-nvim # Show available mappings which-key-nvim # Show available mappings
]; ];

5
modules/home/vim/lua/ambroisie/lsp.lua
View file

@ -53,10 +53,6 @@ M.on_attach = function(client, bufnr)
vim.diagnostic.open_float(nil, { scope = "buffer" }) vim.diagnostic.open_float(nil, { scope = "buffer" })
end end
local function toggle_inlay_hints()
vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled())
end
local keys = { local keys = {
buffer = bufnr, buffer = bufnr,
-- LSP navigation -- LSP navigation
@ -71,7 +67,6 @@ M.on_attach = function(client, bufnr)
{ "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" }, { "<leader>ca", vim.lsp.buf.code_action, desc = "Code actions" },
{ "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, { "<leader>cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" },
{ "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, { "<leader>cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" },
{ "<leader>ch", toggle_inlay_hints, desc = "Toggle inlay hints" },
{ "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" }, { "<leader>cr", vim.lsp.buf.rename, desc = "Rename symbol" },
{ "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" }, { "<leader>cs", vim.lsp.buf.signature_help, desc = "Show signature" },
{ "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, { "<leader>ct", vim.lsp.buf.type_definition, desc = "Go to type definition" },

1
modules/home/vim/plugin/settings/telescope.lua
View file

@ -23,6 +23,7 @@ telescope.setup({
}) })
telescope.load_extension("fzf") telescope.load_extension("fzf")
telescope.load_extension("lsp_handlers")
local keys = { local keys = {
{ "<leader>f", group = "Fuzzy finder" }, { "<leader>f", group = "Fuzzy finder" },

1
modules/home/wm/i3/default.nix
View file

@ -127,7 +127,6 @@ in
{ class = "^Blueman-.*$"; } { class = "^Blueman-.*$"; }
{ title = "^htop$"; } { title = "^htop$"; }
{ class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; }
{ class = "^firefox$"; instance = "Places"; window_role = "Organizer"; }
{ class = "^pavucontrol.*$"; } { class = "^pavucontrol.*$"; }
{ class = "^Arandr$"; } { class = "^Arandr$"; }
{ class = "^\\.blueman-manager-wrapped$"; } { class = "^\\.blueman-manager-wrapped$"; }

3
modules/home/xdg/default.nix
View file

@ -56,7 +56,4 @@ in
XCOMPOSECACHE = "${dataHome}/X11/xcompose"; XCOMPOSECACHE = "${dataHome}/X11/xcompose";
_JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
}; };
# Some modules *optionally* use `XDG_*_HOME` when told to
config.home.preferXdgDirectories = lib.mkIf cfg.enable true;
} }

12
modules/home/zsh/default.nix
View file

@ -1,6 +1,14 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
cfg = config.my.home.zsh; cfg = config.my.home.zsh;
# Have a nice relative path for XDG_CONFIG_HOME, without leading `/`
relativeXdgConfig =
let
noHome = lib.removePrefix config.home.homeDirectory;
noSlash = lib.removePrefix "/";
in
noSlash (noHome config.xdg.configHome);
in in
{ {
options.my.home.zsh = with lib; { options.my.home.zsh = with lib; {
@ -14,12 +22,10 @@ in
exclude = mkOption { exclude = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = [ default = [
"bat"
"delta" "delta"
"direnv reload" "direnv reload"
"fg" "fg"
"git (?!push|pull|fetch)" "git (?!push|pull|fetch)"
"home-manager (?!switch|build|news)"
"htop" "htop"
"less" "less"
"man" "man"
@ -51,7 +57,7 @@ in
programs.zsh = { programs.zsh = {
enable = true; enable = true;
dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME
enableCompletion = true; enableCompletion = true;
history = { history = {

2
modules/nixos/profiles/wm/default.nix
View file

@ -24,8 +24,6 @@ in
my.home.udiskie.enable = true; my.home.udiskie.enable = true;
# udiskie fails if it can't find this dbus service # udiskie fails if it can't find this dbus service
services.udisks2.enable = true; services.udisks2.enable = true;
# Ensure i3lock can actually unlock the session
security.pam.services.i3lock.enable = true;
}) })
]; ];
} }

1
modules/nixos/services/default.nix
View file

@ -38,7 +38,6 @@
./servarr ./servarr
./ssh-server ./ssh-server
./tandoor-recipes ./tandoor-recipes
./thelounge
./tlp ./tlp
./transmission ./transmission
./vikunja ./vikunja

4
modules/nixos/services/drone/server/default.nix
View file

@ -6,8 +6,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.drone-server = { systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "postgresql.target" ]; after = [ "postgresql.service" ];
requires = [ "postgresql.target" ]; requires = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {
EnvironmentFile = [ EnvironmentFile = [
cfg.secretFile cfg.secretFile

143
modules/nixos/services/matrix/bridges.nix
View file

@ -1,143 +0,0 @@
# Matrix bridges for some services I use
{ config, lib, ... }:
let
cfg = config.my.services.matrix.bridges;
synapseCfg = config.services.matrix-synapse;
domain = config.networking.domain;
serverName = synapseCfg.settings.server_name;
mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; };
mkPortOption = n: default: lib.mkOption {
type = lib.types.port;
inherit default;
example = 8080;
description = "${n} bridge port";
};
mkEnvironmentFileOption = n: lib.mkOption {
type = lib.types.str;
example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env";
description = ''
Path to a file which should contain the secret values for ${n} bridge.
Using through the following format:
```
MATRIX_APPSERVICE_AS_TOKEN=<the_as_value>
MATRIX_APPSERVICE_HS_TOKEN=<the_hs_value>
```
Each bridge should use a different set of secrets, as they each register
their own independent double-puppetting appservice.
'';
};
in
{
options.my.services.matrix.bridges = with lib; {
enable = mkEnableOption "bridges configuration";
admin = mkOption {
type = types.str;
default = "ambroisie";
example = "admin";
description = "Local username for the admin";
};
facebook = {
enable = mkBridgeOption "Facebook";
port = mkPortOption "Facebook" 29321;
environmentFile = mkEnvironmentFileOption "Facebook";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.facebook.enable {
services.mautrix-meta.instances.facebook = {
enable = true;
# Automatically register the bridge with synapse
registerToSynapse = true;
# Provide `AS_TOKEN`, `HS_TOKEN`
inherit (cfg.facebook) environmentFile;
settings = {
homeserver = {
domain = serverName;
address = "http://localhost:${toString config.my.services.matrix.port}";
};
appservice = {
hostname = "localhost";
inherit (cfg.facebook) port;
address = "http://localhost:${toString cfg.facebook.port}";
public_address = "https://facebook-bridge.${domain}";
as_token = "$MATRIX_APPSERVICE_AS_TOKEN";
hs_token = "$MATRIX_APPSERVICE_HS_TOKEN";
bot = {
username = "fbbot";
};
};
backfill = {
enabled = true;
};
bridge = {
delivery_receipts = true;
permissions = {
"*" = "relay";
${serverName} = "user";
"@${cfg.admin}:${serverName}" = "admin";
};
};
database = {
type = "postgres";
uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/";
};
double_puppet = {
secrets = {
${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN";
};
};
network = {
# Don't be picky on Facebook/Messenger
allow_messenger_com_on_fb = true;
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)'';
};
provisioning = {
shared_secret = "disable";
};
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "mautrix-meta-facebook" ];
ensureUsers = [{
name = "mautrix-meta-facebook";
ensureDBOwnership = true;
}];
};
systemd.services.mautrix-meta-facebook = {
wants = [ "postgres.service" ];
after = [ "postgres.service" ];
};
my.services.nginx.virtualHosts = {
# Proxy to the bridge
"facebook-bridge" = {
inherit (cfg.facebook) port;
};
};
})
];
}

199
modules/nixos/services/matrix/default.nix
View file

@ -1,49 +1,24 @@
# Matrix homeserver setup. # Matrix homeserver setup, using different endpoints for federation and client
# traffic. The main trick for this is defining two nginx servers endpoints for
# matrix.domain.com, each listening on different ports.
#
# Configuration shamelessly stolen from [1]
#
# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.my.services.matrix; cfg = config.my.services.matrix;
adminPkg = pkgs.synapse-admin-etkecc; federationPort = { public = 8448; private = 11338; };
clientPort = { public = 443; private = 11339; };
domain = config.networking.domain; domain = config.networking.domain;
matrixDomain = "matrix.${domain}"; matrixDomain = "matrix.${domain}";
serverConfig = {
"m.server" = "${matrixDomain}:443";
};
clientConfig = {
"m.homeserver" = {
"base_url" = "https://${matrixDomain}";
"server_name" = domain;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
# ACAO required to allow element-web on any URL to request this json file
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in in
{ {
imports = [
./bridges.nix
];
options.my.services.matrix = with lib; { options.my.services.matrix = with lib; {
enable = mkEnableOption "Matrix Synapse"; enable = mkEnableOption "Matrix Synapse";
port = mkOption {
type = types.port;
default = 8448;
example = 8008;
description = "Internal port for listeners";
};
secretFile = mkOption { secretFile = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
@ -83,22 +58,22 @@ in
enable_registration = false; enable_registration = false;
listeners = [ listeners = [
# Federation
{ {
inherit (cfg) port;
bind_addresses = [ "::1" ]; bind_addresses = [ "::1" ];
type = "http"; port = federationPort.private;
tls = false; tls = false; # Terminated by nginx.
x_forwarded = true; x_forwarded = true;
resources = [ resources = [{ names = [ "federation" ]; compress = false; }];
{ }
names = [ "client" ];
compress = true; # Client
} {
{ bind_addresses = [ "::1" ];
names = [ "federation" ]; port = clientPort.private;
compress = false; tls = false; # Terminated by nginx.
} x_forwarded = true;
]; resources = [{ names = [ "client" ]; compress = false; }];
} }
]; ];
@ -121,12 +96,19 @@ in
chat = { chat = {
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = clientConfig; default_server_config = {
show_labs_settings = true; "m.homeserver" = {
default_country_code = "FR"; # cocorico "base_url" = "https://${matrixDomain}";
room_directory = { "server_name" = domain;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
showLabsSettings = true;
defaultCountryCode = "FR"; # cocorico
roomDirectory = {
"servers" = [ "servers" = [
domain
"matrix.org" "matrix.org"
"mozilla.org" "mozilla.org"
]; ];
@ -134,54 +116,99 @@ in
}; };
}; };
}; };
matrix = { # Dummy VHosts for port collision detection
# Somewhat unused, but necessary for port collision detection matrix-federation = {
inherit (cfg) port; port = federationPort.private;
};
extraConfig = { matrix-client = {
locations = { port = clientPort.private;
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section above.
"/".return = "404";
"/_matrix".proxyPass = "http://[::1]:${toString cfg.port}";
"/_synapse".proxyPass = "http://[::1]:${toString cfg.port}";
"= /admin".return = "307 /admin/";
"/admin/" = {
alias = "${adminPkg}/";
priority = 500;
tryFiles = "$uri $uri/ /index.html";
};
"~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = {
priority = 400;
root = adminPkg;
extraConfig = ''
rewrite ^/admin/(.*)$ /$1 break;
expires 30d;
more_set_headers "Cache-Control: public";
'';
};
};
};
}; };
}; };
# Setup well-known locations # Those are too complicated to use my wrapper...
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${matrixDomain} = {
onlySSL = true;
useACMEHost = domain;
locations =
let
proxyToClientPort = {
proxyPass = "http://[::1]:${toString clientPort.private}";
};
in
{
# Or do a redirect instead of the 404, or whatever is appropriate
# for you. But do not put a Matrix Web client here! See the
# Element web section below.
"/".return = "404";
"/_matrix" = proxyToClientPort;
"/_synapse/client" = proxyToClientPort;
};
listen = [
{ addr = "0.0.0.0"; port = clientPort.public; ssl = true; }
{ addr = "[::]"; port = clientPort.public; ssl = true; }
];
};
# same as above, but listening on the federation port
"${matrixDomain}_federation" = {
onlySSL = true;
serverName = matrixDomain;
useACMEHost = domain;
locations."/".return = "404";
locations."/_matrix" = {
proxyPass = "http://[::1]:${toString federationPort.private}";
};
listen = [
{ addr = "0.0.0.0"; port = federationPort.public; ssl = true; }
{ addr = "[::]"; port = federationPort.public; ssl = true; }
];
};
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = domain;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/server".extraConfig =
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; let
server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; };
in
''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${matrixDomain}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in
''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
}; };
}; };
# For administration tools. # For administration tools.
environment.systemPackages = [ pkgs.matrix-synapse ]; environment.systemPackages = [ pkgs.matrix-synapse ];
networking.firewall.allowedTCPPorts = [
clientPort.public
federationPort.public
];
my.services.backup = { my.services.backup = {
paths = [ paths = [
config.services.matrix-synapse.dataDir config.services.matrix-synapse.dataDir

27
modules/nixos/services/mealie/default.nix
View file

@ -32,14 +32,33 @@ in
BASE_URL = "https://mealie.${config.networking.domain}"; BASE_URL = "https://mealie.${config.networking.domain}";
TZ = config.time.timeZone; TZ = config.time.timeZone;
ALLOw_SIGNUP = "false"; ALLOw_SIGNUP = "false";
};
# Automatic PostgreSQL provisioning # Use PostgreSQL
database = { DB_ENGINE = "postgres";
createLocally = true; # Make it work with socket auth
POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
}; };
}; };
systemd.services = {
mealie = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "mealie" ];
ensureUsers = [
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
mealie = { mealie = {
inherit (cfg) port; inherit (cfg) port;

22
modules/nixos/services/nextcloud/default.nix
View file

@ -44,15 +44,11 @@ in
adminuser = cfg.admin; adminuser = cfg.admin;
adminpassFile = cfg.passwordFile; adminpassFile = cfg.passwordFile;
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = "/run/postgresql";
}; };
https = true; https = true;
# Automatic PostgreSQL provisioning
database = {
createLocally = true;
};
settings = { settings = {
overwriteprotocol = "https"; # Nginx only allows SSL overwriteprotocol = "https"; # Nginx only allows SSL
}; };
@ -64,6 +60,22 @@ in
}; };
}; };
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
# The service above configures the domain, no need for my wrapper # The service above configures the domain, no need for my wrapper
services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = { services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = {
forceSSL = true; forceSSL = true;

38
modules/nixos/services/paperless/default.nix
View file

@ -52,28 +52,30 @@ in
mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
settings = { settings =
# Use SSO let
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; paperlessDomain = "paperless.${config.networking.domain}";
PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true; in
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; {
# Use SSO
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Security settings # Security settings
PAPERLESS_URL = "https://paperless.${config.networking.domain}"; PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_USE_X_FORWARD_HOST = true; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ];
# OCR settings # OCR settings
PAPERLESS_OCR_LANGUAGE = "fra+eng"; PAPERLESS_OCR_LANGUAGE = "fra+eng";
# Workers # Workers
PAPERLESS_TASK_WORKERS = 3; PAPERLESS_TASK_WORKERS = 3;
PAPERLESS_THREADS_PER_WORKER = 4; PAPERLESS_THREADS_PER_WORKER = 4;
# Misc # Misc
PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username; PAPERLESS_ADMIN_USER = cfg.username;
}; };
# Admin password # Admin password
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;

25
modules/nixos/services/tandoor-recipes/default.nix
View file

@ -26,16 +26,18 @@ in
services.tandoor-recipes = { services.tandoor-recipes = {
enable = true; enable = true;
database = {
createLocally = true;
};
port = cfg.port; port = cfg.port;
extraConfig = extraConfig =
let let
tandoorRecipesDomain = "recipes.${config.networking.domain}"; tandoorRecipesDomain = "recipes.${config.networking.domain}";
in in
{ {
# Use PostgreSQL
DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "/run/postgresql";
POSTGRES_USER = "tandoor_recipes";
POSTGRES_DB = "tandoor_recipes";
# Security settings # Security settings
ALLOWED_HOSTS = tandoorRecipesDomain; ALLOWED_HOSTS = tandoorRecipesDomain;
CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}";
@ -47,12 +49,27 @@ in
systemd.services = { systemd.services = {
tandoor-recipes = { tandoor-recipes = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {
EnvironmentFile = cfg.secretKeyFile; EnvironmentFile = cfg.secretKeyFile;
}; };
}; };
}; };
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "tandoor_recipes" ];
ensureUsers = [
{
name = "tandoor_recipes";
ensureDBOwnership = true;
}
];
};
my.services.nginx.virtualHosts = { my.services.nginx.virtualHosts = {
recipes = { recipes = {
inherit (cfg) port; inherit (cfg) port;

59
modules/nixos/services/thelounge/default.nix
View file

@ -1,59 +0,0 @@
# Web IRC client
{ config, lib, ... }:
let
cfg = config.my.services.thelounge;
in
{
options.my.services.thelounge = with lib; {
enable = mkEnableOption "The Lounge, a self-hosted web IRC client";
port = mkOption {
type = types.port;
default = 9050;
example = 4242;
description = "The port on which The Lounge will listen for incoming HTTP traffic.";
};
};
config = lib.mkIf cfg.enable {
services.thelounge = {
enable = true;
inherit (cfg) port;
extraConfig = {
reverseProxy = true;
};
};
my.services.nginx.virtualHosts = {
irc = {
inherit (cfg) port;
# Proxy websockets for RPC
websocketsLocations = [ "/" ];
extraConfig = {
locations."/".extraConfig = ''
proxy_read_timeout 1d;
'';
};
};
};
services.fail2ban.jails = {
thelounge = ''
enabled = true
filter = thelounge
port = http,https
'';
};
environment.etc = {
"fail2ban/filter.d/thelounge.conf".text = ''
[Definition]
failregex = Authentication failed for user .* from <HOST>$
Authentication for non existing user attempted from <HOST>$
journalmatch = _SYSTEMD_UNIT=thelounge.service
'';
};
};
}

1
modules/nixos/services/transmission/default.nix
View file

@ -47,7 +47,6 @@ in
enable = true; enable = true;
package = pkgs.transmission_4; package = pkgs.transmission_4;
group = "media"; group = "media";
webHome = pkgs.trgui-ng-web;
downloadDirPermissions = "775"; downloadDirPermissions = "775";

4
modules/nixos/services/woodpecker/server/default.nix
View file

@ -24,8 +24,8 @@ in
}; };
systemd.services.woodpecker-server = { systemd.services.woodpecker-server = {
after = [ "postgresql.target" ]; after = [ "postgresql.service" ];
requires = [ "postgresql.target" ]; requires = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {
# Set username for DB access # Set username for DB access

4
pkgs/comma/comma
View file

@ -12,9 +12,9 @@ usage() {
find_program() { find_program() {
local CANDIDATE local CANDIDATE
CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")"
if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then
CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")" CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)"
fi fi
printf '%s' "$CANDIDATE" printf '%s' "$CANDIDATE"
} }

1
pkgs/lohr/default.nix
View file

@ -10,6 +10,7 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU=";
}; };
useFetchCargoVendor = true;
cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w=";
meta = with lib; { meta = with lib; {