home: vim: lspconfig: remove 'rnix-lsp'

It's been abandoned, `nil` is a better language server nowadays.
home: xdg: add '_JAVA_OPTIONS'
2024-03-11 17:32:54 +01:00 · 2024-03-11 17:32:54 +01:00 · 2024-03-11 17:32:54 +01:00 · 2024-03-11 17:32:54 +01:00 · 2024-03-11 17:32:54 +01:00 · 2024-03-11 17:32:54 +01:00
21 changed files with 294 additions and 155 deletions
--- a/flake.lock
+++ b/flake.lock
@ -73,11 +73,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706830856,
-        "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
+        "lastModified": 1709336216,
+        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
+        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
        "type": "github"
      },
      "original": {
@ -136,11 +136,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709204054,
-        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+        "lastModified": 1709988192,
+        "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+        "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030",
        "type": "github"
      },
      "original": {
@ -152,11 +152,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1709150264,
-        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
+        "lastModified": 1709703039,
+        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
+        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
        "type": "github"
      },
      "original": {
@ -168,11 +168,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1709206595,
-        "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=",
+        "lastModified": 1710013455,
+        "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed",
+        "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36",
        "type": "github"
      },
      "original": {
--- a/hosts/nixos/porthos/boot.nix
+++ b/hosts/nixos/porthos/boot.nix
@ -3,15 +3,14 @@

 {
  boot = {
-    # Use the GRUB 2 boot loader.
-    loader.grub = {
-      enable = true;
-      # Define on which hard drive you want to install Grub.
-      device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P";
+    # Use the systemd-boot EFI boot loader.
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
    };

    initrd = {
-      availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ];
+      availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ];
      kernelModules = [ "dm-snapshot" ];
    };

--- a/hosts/nixos/porthos/default.nix
+++ b/hosts/nixos/porthos/default.nix
@ -16,11 +16,5 @@
  # Set your time zone.
  time.timeZone = "Europe/Paris";

-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }
--- a/hosts/nixos/porthos/hardware.nix
+++ b/hosts/nixos/porthos/hardware.nix
@ -1,5 +1,5 @@
 # Hardware configuration
-{ lib, modulesPath, ... }:
+{ modulesPath, ... }:

 {
  imports = [
@ -11,9 +11,18 @@
    fsType = "ext4";
  };

+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
  swapDevices = [
    { device = "/dev/disk/by-label/swap"; }
  ];

-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  my.hardware = {
+    firmware = {
+      cpuFlavor = "intel";
+    };
+  };
 }
--- a/hosts/nixos/porthos/install.sh
+++ b/hosts/nixos/porthos/install.sh
@ -3,7 +3,7 @@
 SWAP_SIZE=16GiB

 parted /dev/sda --script -- \
-    mklabel msdos \
+    mklabel gpt \
    mkpart primary 512MiB -$SWAP_SIZE \
    mkpart primary linux-swap -$SWAP_SIZE 100% \
    mkpart ESP fat32 1MiB 512MiB \
@ -11,14 +11,24 @@ parted /dev/sda --script -- \

 parted /dev/sdb --script -- \
    mklabel gpt \
-    mkpart primary 0MiB 100%
+    mkpart primary 0% 100%
+parted /dev/sdc --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%
+parted /dev/sdd --script -- \
+    mklabel gpt \
+    mkpart primary 0% 100%

 mkfs.ext4 -L media1 /dev/sda1
 mkfs.ext4 -L media2 /dev/sdb1
+mkfs.ext4 -L media3 /dev/sdc1
+mkfs.ext4 -L media4 /dev/sdd1

 pvcreate /dev/sda1
 pvcreate /dev/sdb1
-vgcreate lvm /dev/sda1 /dev/sdb1
+pvcreate /dev/sdc1
+pvcreate /dev/sdd1
+vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
 lvcreate -l 100%FREE -n media lvm

 mkfs.ext4 -L nixos /dev/mapper/lvm-media
@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3

 mount /dev/disk/by-label/nixos /mnt
 swapon /dev/sda2
+mkdir -p /mnt/boot
+mount /dev/disk/by-label/boot /mnt/boot

 apt install sudo
 useradd -m -G sudo setupuser
-# shellcheck disable=2117
-su setupuser

 cat << EOF
 # Run the following commands as setup user
-curl -L https://nixos.org/nix/install | sh
-. $HOME/.nix-profile/etc/profile.d/nix.sh
-nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+nix profile install nixpkgs#nixos-install-tools
 sudo "$(which nixos-generate-config)" --root /mnt

 # Change uuids to labels
@ -54,3 +64,6 @@ git crypt unlock

 nixos-install --root /mnt --flake '.#<hostname>'
 EOF
+
+# shellcheck disable=2117
+su setupuser
--- a/hosts/nixos/porthos/networking.nix
+++ b/hosts/nixos/porthos/networking.nix
@ -6,30 +6,17 @@
    hostName = "porthos"; # Define your hostname.
    domain = "belanyi.fr"; # Define your domain.

-
-    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-    # Per-interface useDHCP will be mandatory in the future, so this generated config
-    # replicates the default behaviour.
-    useDHCP = false;
-
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    useDHCP = true;
    interfaces = {
-      bond0.useDHCP = true;
-      bonding_masters.useDHCP = true;
-      dummy0.useDHCP = true;
-      erspan0.useDHCP = true;
-      eth0.useDHCP = true;
-      eth1.useDHCP = true;
-      gre0.useDHCP = true;
-      gretap0.useDHCP = true;
-      ifb0.useDHCP = true;
-      ifb1.useDHCP = true;
-      ip6tnl0.useDHCP = true;
-      sit0.useDHCP = true;
-      teql0.useDHCP = true;
-      tunl0.useDHCP = true;
+      eno1.useDHCP = true;
+      eno2.useDHCP = true;
    };
  };

  # Which interface is used to connect to the internet
-  my.hardware.networking.externalInterface = "eth0";
+  my.hardware.networking.externalInterface = "eno1";
 }
--- a/hosts/nixos/porthos/secrets/forgejo/mail-password.age
+++ b/hosts/nixos/porthos/secrets/forgejo/mail-password.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA
+jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4
+-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc
+WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4
+--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds
+Ò,FÜÒ6”ââ¬˜ixÌ<78>°Øe|
«
+²
+ÌÏœ,{†
ˆõvª!–†‰zÜ$P;ãé©TØÆÉKW
+ qGô
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@ -21,6 +21,11 @@ in
  "drone/secret.age".publicKeys = all;
  "drone/ssh/private-key.age".publicKeys = all;

+  "forgejo/mail-password.age" = {
+    owner = "git";
+    publicKeys = all;
+  };
+
  "gitea/mail-password.age" = {
    owner = "git";
    publicKeys = all;
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@ -36,14 +36,14 @@ in
    flood = {
      enable = true;
    };
-    # Gitea forge
-    gitea = {
+    # Forgejo forge
+    forgejo = {
      enable = true;
      mail = {
        enable = true;
        host = "smtp.migadu.com";
-        user = lib.my.mkMailAddress "gitea" "belanyi.fr";
-        passwordFile = secrets."gitea/mail-password".path;
+        user = lib.my.mkMailAddress "forgejo" "belanyi.fr";
+        passwordFile = secrets."forgejo/mail-password".path;
      };
    };
    # Meta-indexers
--- a/modules/home/ssh/default.nix
+++ b/modules/home/ssh/default.nix
@ -49,7 +49,7 @@ in
          };

          porthos = {
-            hostname = "91.121.177.163";
+            hostname = "37.187.146.15";
            identityFile = "~/.ssh/shared_rsa";
            user = "ambroisie";
          };
--- a/modules/home/vim/default.nix
+++ b/modules/home/vim/default.nix
@ -105,7 +105,7 @@ in
      nixpkgs-fmt

      # Shell
-      shellcheck
+      nodePackages.bash-language-server
      shfmt
    ];
  };
--- a/modules/home/vim/plugin/settings/lspconfig.lua
+++ b/modules/home/vim/plugin/settings/lspconfig.lua
@ -29,16 +29,17 @@ if utils.is_executable("clangd") then
    })
 end

-- Nix
-if utils.is_executable("nil") then
-    lspconfig.nil_ls.setup({
+-- Haskell
+if utils.is_executable("haskell-language-server-wrapper") then
+    lspconfig.hls.setup({
        capabilities = capabilities,
        on_attach = lsp.on_attach,
    })
 end

-if utils.is_executable("rnix-lsp") then
-    lspconfig.rnix.setup({
+-- Nix
+if utils.is_executable("nil") then
+    lspconfig.nil_ls.setup({
        capabilities = capabilities,
        on_attach = lsp.on_attach,
    })
@ -52,6 +53,13 @@ if utils.is_executable("pyright") then
    })
 end

+if utils.is_executable("ruff-lsp") then
+    lspconfig.ruff_lsp.setup({
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
+
 -- Rust
 if utils.is_executable("rust-analyzer") then
    lspconfig.rust_analyzer.setup({
@ -59,3 +67,12 @@ if utils.is_executable("rust-analyzer") then
        on_attach = lsp.on_attach,
    })
 end
+
+-- Shell
+if utils.is_executable("bash-language-server") then
+    lspconfig.bashls.setup({
+        filetypes = { "bash", "sh", "zsh" },
+        capabilities = capabilities,
+        on_attach = lsp.on_attach,
+    })
+end
--- a/modules/home/vim/plugin/settings/null-ls.lua
+++ b/modules/home/vim/plugin/settings/null-ls.lua
@ -28,14 +28,6 @@ null_ls.register({
    }),
 })

-- Haskell
-null_ls.register({
-    null_ls.builtins.formatting.brittany.with({
-        -- Only used if available
-        condition = utils.is_executable_condition("brittany"),
-    }),
-})
-
 -- Nix
 null_ls.register({
    null_ls.builtins.formatting.nixpkgs_fmt.with({
@ -50,16 +42,6 @@ null_ls.register({

 -- Python
 null_ls.register({
-    null_ls.builtins.diagnostics.flake8.with({
-        -- Only used if available, but prefer pflake8 if available
-        condition = function()
-            return utils.is_executable("flake8") and not utils.is_executable("pflake8")
-        end,
-    }),
-    null_ls.builtins.diagnostics.pyproject_flake8.with({
-        -- Only used if available
-        condition = utils.is_executable_condition("pflake8"),
-    }),
    null_ls.builtins.diagnostics.mypy.with({
        -- Only used if available
        condition = utils.is_executable_condition("mypy"),
@ -81,22 +63,6 @@ null_ls.register({

 -- Shell (non-POSIX)
 null_ls.register({
-    null_ls.builtins.code_actions.shellcheck.with({
-        -- Restrict to bash and zsh
-        filetypes = { "bash", "zsh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
-    null_ls.builtins.diagnostics.shellcheck.with({
-        -- Show error code in message
-        diagnostics_format = "[#{c}] #{m}",
-        -- Require explicit empty string test, use bash dialect
-        extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" },
-        -- Restrict to bash and zsh
-        filetypes = { "bash", "zsh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
    null_ls.builtins.formatting.shfmt.with({
        -- Indent with 4 spaces, simplify the code, indent switch cases,
        -- add space after redirection, use bash dialect
@ -110,22 +76,6 @@ null_ls.register({

 -- Shell (POSIX)
 null_ls.register({
-    null_ls.builtins.code_actions.shellcheck.with({
-        -- Restrict to POSIX sh
-        filetypes = { "sh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
-    null_ls.builtins.diagnostics.shellcheck.with({
-        -- Show error code in message
-        diagnostics_format = "[#{c}] #{m}",
-        -- Require explicit empty string test
-        extra_args = { "-o", "avoid-nullary-conditions" },
-        -- Restrict to POSIX sh
-        filetypes = { "sh" },
-        -- Only used if available
-        condition = utils.is_executable_condition("shellcheck"),
-    }),
    null_ls.builtins.formatting.shfmt.with({
        -- Indent with 4 spaces, simplify the code, indent switch cases,
        -- add space after redirection, use POSIX
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@ -55,5 +55,6 @@ in
    REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history";
    REPO_CONFIG_DIR = "${configHome}/repo";
    XCOMPOSECACHE = "${dataHome}/X11/xcompose";
+    _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java";
  };
 }
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -10,6 +10,7 @@
    ./drone
    ./fail2ban
    ./flood
+    ./forgejo
    ./gitea
    ./grocy
    ./indexers
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@ -0,0 +1,162 @@
+# A low-ressource, full-featured git forge.
+{ config, lib, ... }:
+let
+  cfg = config.my.services.forgejo;
+in
+{
+  options.my.services.forgejo = with lib; {
+    enable = mkEnableOption "Forgejo";
+    port = mkOption {
+      type = types.port;
+      default = 3042;
+      example = 8080;
+      description = "Internal port";
+    };
+    mail = {
+      enable = mkEnableOption {
+        description = "mailer configuration";
+      };
+      host = mkOption {
+        type = types.str;
+        example = "smtp.example.com";
+        description = "Host for the mail account";
+      };
+      port = mkOption {
+        type = types.port;
+        default = 465;
+        example = 587;
+        description = "Port for the mail account";
+      };
+      user = mkOption {
+        type = types.str;
+        example = "forgejo@example.com";
+        description = "User for the mail account";
+      };
+      passwordFile = mkOption {
+        type = types.str;
+        example = "/run/secrets/forgejo-mail-password.txt";
+        description = "Password for the mail account";
+      };
+      protocol = mkOption {
+        type = types.str;
+        default = "smtps";
+        example = "smtp";
+        description = "Protocol for connection";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.my.services.gitea.enable;
+        message = ''
+          `config.my.services.forgejo` is incompatible with
+          `config.my.services.gitea`.
+        '';
+      }
+    ];
+
+    services.forgejo =
+      let
+        inherit (config.networking) domain;
+        forgejoDomain = "git.${domain}";
+      in
+      {
+        enable = true;
+
+        user = "git";
+        group = "git";
+
+        lfs.enable = true;
+
+        useWizard = false;
+
+        database = {
+          type = "postgres"; # Automatic setup
+          user = "git"; # User needs to be the same as forgejo user
+          name = "git"; # Name must be the same as user for `ensureDBOwnership`
+        };
+
+        # NixOS module uses `forgejo dump` to backup repositories and the database,
+        # but it produces a single .zip file that's not very backup friendly.
+        # I configure my backup system manually below.
+        dump.enable = false;
+
+        mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile;
+
+        settings = {
+          DEFAULT = {
+            APP_NAME = "Ambroisie's forge";
+          };
+
+          server = {
+            HTTP_PORT = cfg.port;
+            DOMAIN = forgejoDomain;
+            ROOT_URL = "https://${forgejoDomain}";
+          };
+
+          mailer = lib.mkIf cfg.mail.enable {
+            ENABLED = true;
+            SMTP_ADDR = cfg.mail.host;
+            SMTP_PORT = cfg.mail.port;
+            FROM = "Forgejo <${cfg.mail.user}>";
+            USER = cfg.mail.user;
+            PROTOCOL = cfg.mail.protocol;
+          };
+
+          service = {
+            DISABLE_REGISTRATION = true;
+          };
+
+          session = {
+            # only send cookies via HTTPS
+            COOKIE_SECURE = true;
+          };
+        };
+      };
+
+    users.users.git = {
+      description = "Forgejo Service";
+      home = config.services.forgejo.stateDir;
+      useDefaultShell = true;
+      group = "git";
+      isSystemUser = true;
+    };
+    users.groups.git = { };
+
+    my.services.nginx.virtualHosts = {
+      # Proxy to Forgejo
+      git = {
+        inherit (cfg) port;
+      };
+      # Redirect `forgejo.` to actual forge subdomain
+      forgejo = {
+        redirect = config.services.forgejo.settings.server.ROOT_URL;
+      };
+    };
+
+    my.services.backup = {
+      paths = [
+        config.services.forgejo.lfs.contentDir
+        config.services.forgejo.repositoryRoot
+      ];
+    };
+
+    services.fail2ban.jails = {
+      forgejo = ''
+        enabled = true
+        filter = forgejo
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/forgejo.conf".text = ''
+        [Definition]
+        failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>$
+        journalmatch = _SYSTEMD_UNIT=forgejo.service
+      '';
+    };
+  };
+}
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@ -59,21 +59,6 @@ in
          "LOHR_HOME=${lohrHome}"
          "LOHR_CONFIG="
        ];
-        ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${
-          pkgs.writeScript "copy-ssh-key" ''
-            #!${pkgs.bash}/bin/bash
-            # Ensure the key is not there
-            mkdir -p '${lohrHome}/.ssh'
-            rm -f '${lohrHome}/.ssh/id_ed25519'
-
-            # Move the key into place
-            cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519'
-
-            # Fix permissions
-            chown -R lohr:lohr '${lohrHome}/.ssh'
-            chmod -R 0700 '${lohrHome}/.ssh'
-          ''
-        }'';
        ExecStart =
          let
            configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting;
@ -103,5 +88,24 @@ in
        inherit (cfg) port;
      };
    };
+
+    # SSH key provisioning
+    systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) {
+      "${lohrHome}/.ssh" = {
+        d = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+        };
+      };
+      "${lohrHome}/.ssh/id_ed25519" = {
+        "f+" = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+          argument = cfg.sshKeyFile;
+        };
+      };
+    };
  };
 }
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@ -30,8 +30,6 @@ in
      frontendScheme = "https";
      frontendHostname = vikunjaDomain;

-      setupNginx = false;
-
      database = {
        type = "postgres";
        user = "vikunja";
@ -61,28 +59,11 @@ in
    # This is a weird setup
    my.services.nginx.virtualHosts = {
      ${subdomain} = {
-        # Serve the root for the web-ui
-        root = config.services.vikunja.package-frontend;
-
-        extraConfig = {
-          locations = {
-            "/" = {
-              tryFiles = "try_files $uri $uri/ /";
-            };
-
-            # Serve the API through a UNIX socket
-            "~* ^/(api|dav|\\.well-known)/" = {
-              proxyPass = "http://unix:${socketPath}";
-              extraConfig = ''
-                client_max_body_size 20M;
-              '';
-            };
-          };
-        };
+        socket = socketPath;
      };
    };

-    systemd.services.vikunja-api = {
+    systemd.services.vikunja = {
      serviceConfig = {
        # Use a system user to simplify using the CLI
        DynamicUser = lib.mkForce false;
--- a/modules/nixos/services/wireguard/default.nix
+++ b/modules/nixos/services/wireguard/default.nix
@ -13,7 +13,7 @@ let
    porthos = {
      clientNum = 1;
      publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ=";
-      externalIp = "91.121.177.163";
+      externalIp = "37.187.146.15";
    };

    # "Clients"
--- a/modules/nixos/services/woodpecker/default.nix
+++ b/modules/nixos/services/woodpecker/default.nix
@ -8,6 +8,12 @@

  options.my.services.woodpecker = with lib; {
    enable = mkEnableOption "Woodpecker CI";
+    forge = mkOption {
+      type = types.enum [ "gitea" "forgejo" ];
+      default = "forgejo";
+      example = "gitea";
+      description = "Which Forge to connect to";
+    };
    runners = mkOption {
      type = with types; listOf (enum [ "exec" "docker" ]);
      default = [ ];
--- a/modules/nixos/services/woodpecker/server/default.nix
+++ b/modules/nixos/services/woodpecker/server/default.nix
@ -17,7 +17,7 @@ in
        WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}";

        WOODPECKER_GITEA = "true";
-        WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL;
+        WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL;

        WOODPECKER_LOG_LEVEL = "debug";
      };
Author	SHA1	Message	Date
Bruno BELANYI	801f097c51	home: vim: lspconfig: remove 'rnix-lsp' All checks were successful ci/woodpecker/push/check Pipeline was successful Details It's been abandoned, `nil` is a better language server nowadays.	2024-03-11 17:32:54 +01:00
Bruno BELANYI	276cc7e5f2	home: xdg: add '_JAVA_OPTIONS'	2024-03-11 17:32:54 +01:00
Bruno BELANYI	b2dc051e6a	flake: bump inputs And fix the breaking changes in Vikunja (which actually make my configuration simpler).	2024-03-11 17:32:54 +01:00
Bruno BELANYI	9749f0aa28	overlays: remove none-ls-shellcheck-nvim	2024-03-11 17:32:54 +01:00
Bruno BELANYI	dc27b59912	home: vim: lspconfig: migrate to 'bashls' Since `none-ls` has removed their `shellcheck` built-in. This actually makes the diagnostics more robust to POSIX/non-POSIX scripts (the LSP server detects it at runtime, which is more robust than the `ftdetect` scripts). Nice bonus: the shellcheck code is shown in the diagnostics message without any configuration! I'm not sure if I can configure `avoid-nullary-conditions` -- though it seems like this check is broken at the moment (I couldn't get it to trigger during my tests).	2024-03-11 17:32:54 +01:00
Bruno BELANYI	7a3e64f814	home: vim: lspconfig: add 'hls' If I ever end up actually learning it...	2024-03-11 17:32:54 +01:00
Bruno BELANYI	f13a6fb023	home: vim: lspconfig: add 'ruff-lsp' Since everybody is moving towards using it instead of other linters...	2024-03-11 17:32:54 +01:00
Bruno BELANYI	30247ce3a0	home: vim: null-ls: fix deprecated builtins `none-ls` deprecated a lot of unmaintained builtins, or ones that they find has been replaced by a compete LSP server. This removes those deprecated builtins, or uses a shim until I migrate to the relevant LSP configuration (for `bash-language-server`).	2024-03-11 17:32:54 +01:00
Bruno BELANYI	08f4175412	overlays: add none-ls-shellcheck-nvim	2024-03-11 17:32:54 +01:00
Bruno BELANYI	6140e1c8f9	nixos: services: lohr: migrate to tmpfiles This is better than a custom script.	2024-03-11 17:32:54 +01:00
Bruno BELANYI	5d3160fb0d	hosts: nixos: porthos: migrate to new host OVH/Kimsufi are deprecating my current server by the end of the year. So let's migrate to a new host. This was more painful than initially planned, OVH introduced a change to their rescue system which messes with the NixOS installation [1]. In the end I used a kexec image [2] to run the installation. [1]: https://github.com/NixOS/nix/issues/7790 [2]: https://github.com/nix-community/nixos-images	2024-03-11 17:32:54 +01:00
Bruno BELANYI	0f33dbd5c2	hosts: nixos: porthos: switch to forgejo This required a quick rename to migrate from one to the other.	2024-03-11 17:32:54 +01:00
Bruno BELANYI	f3207468f9	nixos: services: woodpecker: configurable forge	2024-03-11 17:32:54 +01:00
Bruno BELANYI	b41fd9e48e	hosts: nixos: porthos: secrets: add forgejo mail	2024-03-11 17:32:54 +01:00
Bruno BELANYI	c1ffe09631	nixos: services: add forgejo	2024-03-11 17:32:54 +01:00