From 4d25609b26633b6ccf3994162ca74cc179d6fbc6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 1 Mar 2024 20:48:44 +0000
Subject: [PATCH 1/5] nixos: system: nix: expand trusted users

---
 modules/nixos/system/nix/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix
index 47d6499..ad13539 100644
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@@ -56,6 +56,8 @@ in
 
         settings = {
           experimental-features = [ "nix-command" "flakes" ];
+          # Trusted users are equivalent to root, and might as well allow wheel
+          trusted-users = [ "root" "@wheel" ];
         };
       };
     }

From a3afafd9e05958f6cf6368d10a36717562d3d99c Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 2 Mar 2024 12:48:08 +0100
Subject: [PATCH 2/5] nixos: services: add mealie

---
 modules/nixos/services/default.nix        |  1 +
 modules/nixos/services/mealie/default.nix | 72 +++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 modules/nixos/services/mealie/default.nix

diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 67504da..90dd3e1 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -16,6 +16,7 @@
     ./jellyfin
     ./lohr
     ./matrix
+    ./mealie
     ./miniflux
     ./monitoring
     ./navidrome
diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix
new file mode 100644
index 0000000..ebbebb2
--- /dev/null
+++ b/modules/nixos/services/mealie/default.nix
@@ -0,0 +1,72 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.mealie;
+in
+{
+  options.my.services.mealie = with lib; {
+    enable = mkEnableOption "Mealie service";
+
+    port = mkOption {
+      type = types.port;
+      default = 4537;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+
+    credentialsFile = mkOption {
+      type = types.str;
+      example = "/var/lib/mealie/credentials.env";
+      description = ''
+        Configuration file for secrets.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.mealie = {
+      enable = true;
+      inherit (cfg) port credentialsFile;
+
+      settings = {
+        # Basic settings
+        BASE_URL = "https://mealie.${config.networking.domain}";
+        TZ = config.time.timeZone;
+        ALLOw_SIGNUP = "false";
+
+        # Use PostgreSQL
+        DB_ENGINE = "postgres";
+        POSTGRES_USER = "mealie";
+        POSTGRES_PASSWORD = "";
+        POSTGRES_SERVER = "/run/postgresql";
+        # Pydantic and/or mealie doesn't handle the URI correctly, hijack it
+        # with query parameters...
+        POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie";
+      };
+    };
+
+    systemd.services = {
+      mealie = {
+        after = [ "postgresql.service" ];
+        requires = [ "postgresql.service" ];
+      };
+    };
+
+    # Set-up database
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [ "mealie" ];
+      ensureUsers = [
+        {
+          name = "mealie";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
+    my.services.nginx.virtualHosts = {
+      mealie = {
+        inherit (cfg) port;
+      };
+    };
+  };
+}

From 380933e69b83c7662ec97510e6ab52eef5aad159 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 2 Mar 2024 12:48:42 +0100
Subject: [PATCH 3/5] hosts: nixos: porthos: secrets: add mealie mail

---
 hosts/nixos/porthos/secrets/mealie/mail.age | Bin 0 -> 516 bytes
 hosts/nixos/porthos/secrets/secrets.nix     |   4 ++++
 2 files changed, 4 insertions(+)
 create mode 100644 hosts/nixos/porthos/secrets/mealie/mail.age

diff --git a/hosts/nixos/porthos/secrets/mealie/mail.age b/hosts/nixos/porthos/secrets/mealie/mail.age
new file mode 100644
index 0000000000000000000000000000000000000000..b7348ae2a09fbf001f2354936f2df7112ed29c5d
GIT binary patch
literal 516
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;-r;FpNkx
zarH6C4=*q_$PdV^^3Mw|@riKHk4g%!N(}Th2nj4s%`D4z_vA|Vjm#?Yc6Kawb16$J
zHgpMbuQV?X$qdP?NH(nUEHMiz3v|v%EG_k{Oh&gYD<Ho-FI^!&yF4hxyTBkfImjtI
zAUVg#BgiDzC&Rg*(m$=pt<p8uz$7dz+cP)I-GVE$O5Zmk*efU_$RxzCDl6A5GQ-$0
z&(u)cGP%kvJWAiE!rk1}$)lpu-Iq&OS63lFE4;MQFw`)^Ez{gJC^90aJS4y|u_CG}
zFDEoKAjKlXFw(-O+{nelt(+^(>dN{xo*F+wSMJ%o+)34Qd+m$Y#mNF2nAzMs+zmCZ
z&HkO;SFQHv_}4?xM|;~Qq<<+mA+_rmgEqgD?OD!_Kj9&@^Z#_{x_13#%22y&^)Az0
zYmp+WBU25pX>QpU{}mgV3oV+S%QPoCC#oAvx+|#8!d`zx;7Rp8zG&tf!rQZWpU(F6
z*?IH(%8v^^9AYf7@Y(wF|K9|0riHO=+L2#*-Y>sV+qFDQonOmAkHPHSX2-s*GY_7d
zy}Kc*<3{?G)01B=%sMEVsJ$zXk89V>r5C0>cJT~bmUFSQxxVDqmm3`kZ;j%20{|t3
B%@+Uw

literal 0
HcmV?d00001

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 43a9b35..3545e3a 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -41,6 +41,10 @@ in
     publicKeys = all;
   };
 
+  "mealie/mail.age" = {
+    publicKeys = all;
+  };
+
   "miniflux/credentials.age".publicKeys = all;
 
   "monitoring/password.age" = {

From 7f0a889ccd1cf1139fe7c9327dd1821ed884b116 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 2 Mar 2024 12:48:59 +0100
Subject: [PATCH 4/5] hosts: nixos: porthos: services: enable mealie

---
 hosts/nixos/porthos/services.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 2486752..c3ffa39 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -68,6 +68,10 @@ in
         secretFile = secrets."matrix/sliding-sync-secret".path;
       };
     };
+    mealie = {
+      enable = true;
+      credentialsFile = secrets."mealie/mail".path;
+    };
     miniflux = {
       enable = true;
       credentialsFiles = secrets."miniflux/credentials".path;

From 6bef924513a1e72243808ab4d8277cb65aa68047 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Mon, 4 Mar 2024 11:44:49 +0000
Subject: [PATCH 5/5] overlays: remove gruvbox-nvim-treesitter-fix

Not needed anymore.

This reverts commit d6eceea08a12b09ebcf6396402f6f5242242c667.
---
 overlays/gruvbox-nvim-treesitter-fix/default.nix   |  4 ----
 overlays/gruvbox-nvim-treesitter-fix/generated.nix | 14 --------------
 2 files changed, 18 deletions(-)
 delete mode 100644 overlays/gruvbox-nvim-treesitter-fix/default.nix
 delete mode 100644 overlays/gruvbox-nvim-treesitter-fix/generated.nix

diff --git a/overlays/gruvbox-nvim-treesitter-fix/default.nix b/overlays/gruvbox-nvim-treesitter-fix/default.nix
deleted file mode 100644
index 832e71d..0000000
--- a/overlays/gruvbox-nvim-treesitter-fix/default.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-self: prev:
-{
-  vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { });
-}
diff --git a/overlays/gruvbox-nvim-treesitter-fix/generated.nix b/overlays/gruvbox-nvim-treesitter-fix/generated.nix
deleted file mode 100644
index 5a18d62..0000000
--- a/overlays/gruvbox-nvim-treesitter-fix/generated.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ fetchFromGitHub }:
-
-_final: prev: {
-  gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (_: {
-    version = "2024-01-29";
-
-    src = fetchFromGitHub {
-      owner = "ellisonleao";
-      repo = "gruvbox.nvim";
-      rev = "6e4027ae957cddf7b193adfaec4a8f9e03b4555f";
-      sha256 = "sha256-jWnrRy/PT7D0UcPGL+XTbKHWvS0ixvbyqPtTzG9HY84=";
-    };
-  });
-}