From 445b3d1422651d1604eda311f74ff0260386f76e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 18 Sep 2025 10:03:06 +0000 Subject: [PATCH 01/26] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d510422..b9c0fd5 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1757588530, - "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1757578556, - "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", + "lastModified": 1758184248, + "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", "owner": "nix-community", "repo": "home-manager", - "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", + "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { From 9f9c1e571b7a871db4a19d9bfe7fc3ebf9b24875 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Sep 2025 13:22:30 +0000 Subject: [PATCH 02/26] home: zsh: do not notify on 'home-manager news' --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 1e85cce..3c1e515 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -19,7 +19,7 @@ in "direnv reload" "fg" "git (?!push|pull|fetch)" - "home-manager (?!switch|build|news)" + "home-manager (?!switch|build)" "htop" "less" "man" From 5b47fc63656b7583fb427386339c7adce3cc7e97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:23:54 +0200 Subject: [PATCH 03/26] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b9c0fd5..1889e0c 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1758184248, - "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1759422813, + "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", "type": "github" }, "original": { From 62533d435b9d86cf0c1271cd0a14ed73a67584f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:18:38 +0000 Subject: [PATCH 04/26] home: vim: lspconfig: use native configuration The `nvim-lspconfig` "framework" is being deprecated to use the native `vim.lsp.config` and `vim.lsp.enable` functionality. I _could_ remove the `is_executable` checks, as native LSP handling does _not_ loudly error out when enabling a server which isn't executable. However I think `:LspInfo` is more readable if I don't. --- .../home/vim/plugin/settings/lspconfig.lua | 57 ++++++------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 7817d4c..68158b2 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -1,4 +1,3 @@ -local lspconfig = require("lspconfig") local lsp = require("ambroisie.lsp") local utils = require("ambroisie.utils") @@ -25,59 +24,45 @@ vim.diagnostic.config({ -- Inform servers we are able to do completion, snippets, etc... local capabilities = require("cmp_nvim_lsp").default_capabilities() +-- Shared configuration +vim.lsp.config("*", { + capabilities = capabilities, + on_attach = lsp.on_attach, +}) + -- C/C++ if utils.is_executable("clangd") then - lspconfig.clangd.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("clangd") end -- Haskell if utils.is_executable("haskell-language-server-wrapper") then - lspconfig.hls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("hls") end -- Nix if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("nil_ls") end -- Python if utils.is_executable("pyright") then - lspconfig.pyright.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("pyright") end if utils.is_executable("ruff") then - lspconfig.ruff.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("ruff") end -- Rust if utils.is_executable("rust-analyzer") then - lspconfig.rust_analyzer.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("rust_analyzer") end -- Shell if utils.is_executable("bash-language-server") then - lspconfig.bashls.setup({ + vim.lsp.config("bashls", { filetypes = { "bash", "sh", "zsh" }, - capabilities = capabilities, - on_attach = lsp.on_attach, settings = { bashIde = { shfmt = { @@ -89,27 +74,19 @@ if utils.is_executable("bash-language-server") then }, }, }) + vim.lsp.enable("bashls") end -- Starlark if utils.is_executable("starpls") then - lspconfig.starpls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("starpls") end -- Generic if utils.is_executable("harper-ls") then - lspconfig.harper_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("harper_ls") end if utils.is_executable("typos-lsp") then - lspconfig.typos_lsp.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("typos_lsp") end From 6b1b5300cdc275422e1eab5cdc24b7f6f6798d1b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:39:18 +0000 Subject: [PATCH 05/26] home: vim: lspconfig: simplify LSP config Despite what I just said in the previous commit, I decided to remove the `is_executable` checks and always enable all servers. I figured out that NeoVim actually handles `PATH` modifications pretty well in this scenario: making a previously unavailable server executable will automatically enable it. --- .../home/vim/plugin/settings/lspconfig.lua | 73 +++++++------------ 1 file changed, 26 insertions(+), 47 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 68158b2..1596e84 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -30,38 +30,20 @@ vim.lsp.config("*", { on_attach = lsp.on_attach, }) --- C/C++ -if utils.is_executable("clangd") then - vim.lsp.enable("clangd") -end - --- Haskell -if utils.is_executable("haskell-language-server-wrapper") then - vim.lsp.enable("hls") -end - --- Nix -if utils.is_executable("nil") then - vim.lsp.enable("nil_ls") -end - --- Python -if utils.is_executable("pyright") then - vim.lsp.enable("pyright") -end - -if utils.is_executable("ruff") then - vim.lsp.enable("ruff") -end - --- Rust -if utils.is_executable("rust-analyzer") then - vim.lsp.enable("rust_analyzer") -end - --- Shell -if utils.is_executable("bash-language-server") then - vim.lsp.config("bashls", { +local servers = { + -- C/C++ + clangd = {}, + -- Haskell + hls = {}, + -- Nix + nil_ls = {}, + -- Python + pyright = {}, + ruff = {}, + -- Rust + rust_analyzer = {}, + -- Shell + bashls = { filetypes = { "bash", "sh", "zsh" }, settings = { bashIde = { @@ -73,20 +55,17 @@ if utils.is_executable("bash-language-server") then }, }, }, - }) - vim.lsp.enable("bashls") -end + }, + -- Starlark + starpls = {}, + -- Generic + harper_ls = {}, + typos_lsp = {}, +} --- Starlark -if utils.is_executable("starpls") then - vim.lsp.enable("starpls") -end - --- Generic -if utils.is_executable("harper-ls") then - vim.lsp.enable("harper_ls") -end - -if utils.is_executable("typos-lsp") then - vim.lsp.enable("typos_lsp") +for server, config in pairs(servers) do + if not vim.tbl_isempty(config) then + vim.lsp.config(server, config) + end + vim.lsp.enable(server) end From 2df05aaa1a2f85601df107f16bfec70b9239eab4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:33:49 +0000 Subject: [PATCH 06/26] flake: bump inputs And fix a breaking change leading to an evaluation failure. --- flake.lock | 36 +++++++++++----------- modules/nixos/services/homebox/default.nix | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 1889e0c..1a8a934 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760969583, + "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759422813, - "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1753980880, - "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", + "lastModified": 1759781536, + "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", "owner": "nix-community", "repo": "NUR", - "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", + "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", "type": "github" }, "original": { diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index 8ed5d77..524a6d7 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -39,7 +39,7 @@ in my.services.backup = { paths = [ - config.services.homebox.settings.HBOX_STORAGE_DATA + (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING) ]; }; From 9ddc77958ab4c647df7173a3a5eee08ae88f926b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:35:02 +0000 Subject: [PATCH 07/26] home: git: fix deprecated config --- modules/home/git/default.nix | 38 +++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index ca59a5f..c3a51a0 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -21,29 +21,31 @@ in config.programs.git = lib.mkIf cfg.enable { enable = true; - # Who am I? - userEmail = mkMailAddress "bruno" "belanyi.fr"; - userName = "Bruno BELANYI"; - inherit (cfg) package; - aliases = { - git = "!git"; - lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; - lola = "lol --all"; - assume = "update-index --assume-unchanged"; - unassume = "update-index --no-assume-unchanged"; - assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - pick = "log -p -G"; - push-new = "!git push -u origin " - + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; - root = "git rev-parse --show-toplevel"; - }; - lfs.enable = true; # There's more - extraConfig = { + settings = { + # Who am I? + user = { + email = mkMailAddress "bruno" "belanyi.fr"; + name = "Bruno BELANYI"; + }; + + alias = { + git = "!git"; + lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; + lola = "lol --all"; + assume = "update-index --assume-unchanged"; + unassume = "update-index --no-assume-unchanged"; + assumed = "!git ls-files -v | grep ^h | cut -c 3-"; + pick = "log -p -G"; + push-new = "!git push -u origin " + + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; + root = "git rev-parse --show-toplevel"; + }; + # Makes it a bit more readable blame = { coloring = "repeatedLines"; From 4000a848ef21903b7d593160b509173c2fe81736 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:39:19 +0000 Subject: [PATCH 08/26] home: delta: use upstream module --- modules/home/delta/default.nix | 42 +++++----------------------------- 1 file changed, 6 insertions(+), 36 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 16d3d59..e76edc6 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,9 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; - - configFormat = pkgs.formats.gitIni { }; - configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -17,28 +14,14 @@ in }; config = lib.mkIf cfg.enable { - assertions = [ - { - # For its configuration - assertion = cfg.enable -> cfg.git.enable; - message = '' - `config.my.home.delta` must enable `config.my.home.delta.git` to be - properly configured. - ''; - } - { - assertion = cfg.enable -> config.programs.git.enable; - message = '' - `config.my.home.delta` relies on `config.programs.git` to be - enabled. - ''; - } - ]; + programs.delta = { + enable = true; - home.packages = [ cfg.package ]; + inherit (cfg) package; - xdg.configFile."delta/config".source = configFormat.generate "delta-config" { - delta = { + enableGitIntegration = cfg.git.enable; + + options = { features = "diff-highlight decorations"; # Less jarring style for `diff-highlight` emulation @@ -62,18 +45,5 @@ in }; }; }; - - programs.git = lib.mkIf cfg.git.enable { - delta = { - enable = true; - inherit (cfg) package; - }; - - includes = [ - { - path = configPath; - } - ]; - }; }; } From a20c8f820dcf77e0b0a75c67d2edf38d97488ba2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:30:49 +0000 Subject: [PATCH 09/26] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1a8a934..f56e8f2 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1760969583, - "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { From c536ee0136969aa1715e07939dfac9b02342f60d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:31:12 +0000 Subject: [PATCH 10/26] home: zsh: add 'zsh-completion-sync' It's gated behind `completionSync.enable`, as it does make entering/leaving direnv-enabled projects slower (due to the calls to `compinit`). This might need a bit more work to avoid multiple `compinit`s at shell startup, will refine in the future if necessary. --- modules/home/zsh/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 3c1e515..6c6a469 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -8,6 +8,10 @@ in launchTmux = mkEnableOption "auto launch tmux at shell start"; + completionSync = { + enable = mkEnableOption "zsh-completion-sync plugin"; + }; + notify = { enable = mkEnableOption "zsh-done notification"; @@ -118,6 +122,18 @@ in }; } + (lib.mkIf cfg.completionSync.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-completion-sync"; + file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh"; + src = pkgs.zsh-completion-sync; + } + ]; + }; + }) + (lib.mkIf cfg.notify.enable { programs.zsh = { plugins = [ From 983bf0f7646ea2ebdff895751eea7054b9140b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 3 Nov 2025 17:22:29 +0100 Subject: [PATCH 11/26] nixos: services: nextcloud: bump to 32 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d8d4fce..dd3b386 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 41c506749ef389c9a2f11dd3f3d17493892820f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:39:11 +0000 Subject: [PATCH 12/26] flake: overlays: use 'lib' It's a `lib` function, not _really_ a Nixpkgs one. Also it's about to break after the next flake update :-). --- flake/overlays.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake/overlays.nix b/flake/overlays.nix index 0c47989..c10afc3 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ self, lib, ... }: let default-overlays = import "${self}/overlays"; @@ -8,7 +8,7 @@ let # Expose my custom packages pkgs = _final: prev: { - ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); + ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); }; }; in From 44246b4ea146b1ca7b4687b35e0b833decb35b89 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 11:56:25 +0000 Subject: [PATCH 13/26] flake: NUR has renamed its branch to 'main' --- flake.lock | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index f56e8f2..50f38e4 100644 --- a/flake.lock +++ b/flake.lock @@ -209,7 +209,7 @@ }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "main", "repo": "NUR", "type": "github" } diff --git a/flake.nix b/flake.nix index 5076729..0bdd180 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "nix-community"; repo = "NUR"; - ref = "master"; + ref = "main"; inputs = { flake-parts.follows = "flake-parts"; nixpkgs.follows = "nixpkgs"; From fe681d3f16eea4d87d55d02c1e8e915eaaf415e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:35:53 +0000 Subject: [PATCH 14/26] flake: bump inputs --- flake.lock | 54 ++++++++++++++++-------------------------------------- 1 file changed, 16 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 50f38e4..d95de52 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1762435363, + "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -196,15 +196,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1759781536, - "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", + "lastModified": 1762602346, + "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", "owner": "nix-community", "repo": "NUR", - "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", + "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", "type": "github" }, "original": { @@ -241,27 +240,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From 0ac983a71f8cec556babe577e65b513173143417 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 9 Oct 2025 10:47:23 +0000 Subject: [PATCH 15/26] home: vim: do not set 'background' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 39ef32e..1142925 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -81,9 +81,6 @@ set updatetime=250 " Disable all mouse integrations set mouse= -" Set dark mode by default -set background=dark - " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From bbdbc1e55cb8b2125b2ece2ff1c9d4c5922d821b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Oct 2025 12:43:53 +0000 Subject: [PATCH 16/26] home: vim: ftdetect: remove glsl GLSL is now correctly detected starting with v0.11. This reverts commit b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3. --- modules/home/vim/ftdetect/glsl.lua | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/ftdetect/glsl.lua diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1dd..0000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) From 6e73c936b09d46c8427963b5139588804aceddaa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 7 Nov 2025 14:48:49 +0000 Subject: [PATCH 17/26] home: zsh: fix plug-in path The upstream commit [1] said it was a non-breaking change, but didn't actually setup the symlinks for this package... [1]: 10f01ded353d5a76c6acbecaa0ac5e5063f60c13 --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 6c6a469..9524262 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -72,7 +72,7 @@ in plugins = [ { name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh"; src = pkgs.zsh-fast-syntax-highlighting; } { From 1b4111e28fc68d5b4592f3238854ba1164443c7e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 22:12:42 +0100 Subject: [PATCH 18/26] nixos: services: nextcloud: use declarative apps Now that the `notify_push` module declaratively installs _its_ app [1], I should declaratively install _all_ apps. [1]: https://github.com/NixOS/nixpkgs/pull/451501 --- modules/nixos/services/nextcloud/collabora.nix | 6 ++++++ modules/nixos/services/nextcloud/default.nix | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a7..408b232 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -16,6 +16,12 @@ in }; config = lib.mkIf cfg.enable { + services.nextcloud = { + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + }; + services.collabora-online = { enable = true; inherit (cfg) port; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index dd3b386..24515ff 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -62,6 +62,16 @@ in # Allow using the push service without hard-coding my IP in the configuration bendDomainToLocalhost = true; }; + + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + deck + tasks + ; + # notify_push is automatically installed by the module + }; }; # The service above configures the domain, no need for my wrapper From 6124d07c1b846d316e03e78a3cb65a77ce2e9832 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:35:54 +0100 Subject: [PATCH 19/26] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d95de52..b041409 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1762435363, - "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", + "lastModified": 1763313531, + "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", "owner": "nix-community", "repo": "home-manager", - "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", + "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1763283776, + "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1762602346, - "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", + "lastModified": 1763378400, + "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", "owner": "nix-community", "repo": "NUR", - "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", + "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", "type": "github" }, "original": { From ad6a0bf4d3e5c5914160b2f427ef153d534b1030 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 22:36:18 +0100 Subject: [PATCH 20/26] nixos: services: mealie: extend session timeout --- modules/nixos/services/mealie/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 8c02398..837bff2 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,6 +32,7 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; + TOKEN_TIME = 24 * 180; # 180 days }; # Automatic PostgreSQL provisioning From 127e26b259624c6a57bc839abdde4f245c3099b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:38:30 +0100 Subject: [PATCH 21/26] nixos: services: transmission: use high file limit Seeding a lot of files means keeping them all open. The actual limit was cargo-culted from an open issue. --- modules/nixos/services/transmission/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ddd77d4..2ed01fd 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -71,10 +71,12 @@ in }; }; - # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { + # Transmission wants to eat *all* my RAM if left to its own devices MemoryMax = "33%"; + # Avoid errors due to high number of open files. + LimitNOFILE = 1048576; }; }; From b37bde6eaf150033149d0bbd5d924d0f9fb4b145 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:45:22 +0100 Subject: [PATCH 22/26] nixos: services: transmission: use longer timeout It looks like Transmission takes time roughly proportional with the number of open files to stop, so let's increase the timeout slightly. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 2ed01fd..6a7fbc7 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -77,6 +77,8 @@ in MemoryMax = "33%"; # Avoid errors due to high number of open files. LimitNOFILE = 1048576; + # Longer stop timeout to finish all torrents + TimeoutStopSec = "5m"; }; }; From 29fb7c5066132e12b98a6cb7a7f9ba3c5460d8c1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 13:57:48 +0000 Subject: [PATCH 23/26] home: discord: use upstream module --- modules/home/discord/default.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index bfa5d40..f9892df 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.discord; - - jsonFormat = pkgs.formats.json { }; in { options.my.home.discord = with lib; { @@ -12,14 +10,15 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - cfg.package - ]; + programs.discord = { + enable = true; - xdg.configFile."discord/settings.json".source = - jsonFormat.generate "discord.json" { + inherit (cfg) package; + + settings = { # Do not keep me from using the app just to force an update SKIP_HOST_UPDATE = true; }; + }; }; } From 3020c6433b0056aa805cdabd8d4c30f82cfb47e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Nov 2025 00:20:07 +0100 Subject: [PATCH 24/26] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b041409..b84e16d 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1763313531, - "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763283776, - "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1763378400, - "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", + "lastModified": 1764449851, + "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", "owner": "nix-community", "repo": "NUR", - "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", + "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", "type": "github" }, "original": { From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 22 Nov 2025 23:34:06 +0100 Subject: [PATCH 25/26] hosts: nixos: porthos: secrets: sso: remove owner Now that the service uses `LoadCredential` [1], I can make the files root-owned. [1]: https://github.com/NixOS/nixpkgs/pull/460305 --- hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index b3812b4..f1842b4 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -83,18 +83,9 @@ in "servarr/autobrr/session-secret.age".publicKeys = all; "servarr/cross-seed/configuration.json.age".publicKeys = all; - "sso/auth-key.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/password-hash.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/totp-secret.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; + "sso/auth-key.age".publicKeys = all; + "sso/ambroisie/password-hash.age".publicKeys = all; + "sso/ambroisie/totp-secret.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all; From 5cd9155a5838d54c3606f6b0851e54252ea0774c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 23 Nov 2025 17:08:35 +0100 Subject: [PATCH 26/26] nixos: services: mealie: backup state directory Somehow forgot to do this when first writing the module. --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 837bff2..f3774e1 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -54,6 +54,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true