From 42ea0f97b11526d6b88b2c6e1c122ad8adb603d8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 12 Mar 2024 15:33:48 +0000 Subject: [PATCH 001/379] WIP: setup lua LSP --- .nvim.lua | 18 ++++++++++++++++++ flake/dev-shells.nix | 1 + 2 files changed, 19 insertions(+) create mode 100644 .nvim.lua diff --git a/.nvim.lua b/.nvim.lua new file mode 100644 index 0000000..83b17a9 --- /dev/null +++ b/.nvim.lua @@ -0,0 +1,18 @@ +local lspconfig = require("lspconfig") + +-- FIXME: https://github.com/folke/neodev.nvim ? +lspconfig.lua_ls.setup({ + settings = { + Lua = { + runtime = { + version = "LuaJIT", + }, + workspace = { + checkThirdParty = false, + library = { + vim.env.VIMRUNTIME, + }, + }, + }, + }, +}) diff --git a/flake/dev-shells.nix b/flake/dev-shells.nix index d5f5989..6c07d95 100644 --- a/flake/dev-shells.nix +++ b/flake/dev-shells.nix @@ -7,6 +7,7 @@ nativeBuildInputs = with pkgs; [ gitAndTools.pre-commit + lua-language-server nixpkgs-fmt ]; From 0ff8366105ab0ba6d8da2571c58c9a69bc97b2e5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 13 Mar 2024 13:08:57 +0000 Subject: [PATCH 002/379] home: vim: fix path high-lighting It was previously linked to `Underlined`, which just looks plain wrong IMO. This links it back to `GruvboxOrange`, as it used to be. --- modules/home/vim/init.vim | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index bd63d25..0650014 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -88,6 +88,17 @@ set background=dark " 24 bit colors set termguicolors +" Setup some overrides for gruvbox +lua << EOF +local gruvbox = require("gruvbox") + +gruvbox.setup({ + overrides = { + -- Only URLs should be underlined + ["@string.special.path"] = { link = "GruvboxOrange" }, + } +}) +EOF " Use my preferred colorscheme colorscheme gruvbox " }}} From c0ef5c9275217ba76493cc496be441575ea2d09a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 13 Mar 2024 11:54:50 +0000 Subject: [PATCH 003/379] overlays: add gruvbox-nvin-expose-palette --- overlays/gruvbox-nvin-expose-palette/default.nix | 4 ++++ overlays/gruvbox-nvin-expose-palette/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/gruvbox-nvin-expose-palette/default.nix create mode 100644 overlays/gruvbox-nvin-expose-palette/generated.nix diff --git a/overlays/gruvbox-nvin-expose-palette/default.nix b/overlays/gruvbox-nvin-expose-palette/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/gruvbox-nvin-expose-palette/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/gruvbox-nvin-expose-palette/generated.nix b/overlays/gruvbox-nvin-expose-palette/generated.nix new file mode 100644 index 0000000..c52ad04 --- /dev/null +++ b/overlays/gruvbox-nvin-expose-palette/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/ellisonleao/gruvbox.nvim/pull/319 + (fetchpatch { + name = "expose-color-palette.patch"; + url = "https://github.com/ellisonleao/gruvbox.nvim/commit/07a493ba4f8b650aab9ed9e486caa89822be0996.patch"; + hash = "sha256-iGwt8qIHe2vaiAUcpaUxyGlM472F89vobTdQ7CF/H70="; + }) + ]; + }); +} From 10b4e6ce2dffdf829a8e13d056273a2767dafec3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Mar 2024 10:56:08 +0000 Subject: [PATCH 004/379] home: vim: explicitly revert diff highlighting --- modules/home/vim/init.vim | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 0650014..c94fc53 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -91,11 +91,17 @@ set termguicolors " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") +local colors = gruvbox.palette gruvbox.setup({ overrides = { -- Only URLs should be underlined ["@string.special.path"] = { link = "GruvboxOrange" }, + -- Revert back to the better diff highlighting + DiffAdd = { fg = colors.green, bg = "NONE" }, + DiffChange = { fg = colors.aqua, bg = "NONE" }, + DiffDelete = { fg = colors.red, bg = "NONE" }, + DiffText = { fg = colors.yellow, bg = colors.bg0 }, } }) EOF From 41e1ad326569d65120103748f562d3f72caf6562 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Mar 2024 10:57:21 +0000 Subject: [PATCH 005/379] overlays: remove 'gruvbox-nvim-better-diff' Now that I have the explicit override for it, this overlay is not necessary. This reverts commit 9e0930aca4fb0ae40c40c5cd932962e832d0ee0a. This reverts commit 28187c3b8f34c0912d9f8ce5f74f415a6b77a1c2. --- .../gruvbox-nvim-better-diff/colours.patch | 28 ------------------- overlays/gruvbox-nvim-better-diff/default.nix | 4 --- .../gruvbox-nvim-better-diff/generated.nix | 10 ------- 3 files changed, 42 deletions(-) delete mode 100644 overlays/gruvbox-nvim-better-diff/colours.patch delete mode 100644 overlays/gruvbox-nvim-better-diff/default.nix delete mode 100644 overlays/gruvbox-nvim-better-diff/generated.nix diff --git a/overlays/gruvbox-nvim-better-diff/colours.patch b/overlays/gruvbox-nvim-better-diff/colours.patch deleted file mode 100644 index 5b0d61a..0000000 --- a/overlays/gruvbox-nvim-better-diff/colours.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001 -From: eeeXun -Date: Thu, 19 Oct 2023 02:34:12 +0800 -Subject: Use better diff colours - ---- - README.md | 3 ++- - lua/gruvbox.lua | 7 ++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua -index ceba0735..a319fc6a 100644 ---- a/lua/gruvbox.lua -+++ b/lua/gruvbox.lua -@@ -360,9 +361,9 @@ local function get_groups() - PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold }, - PmenuSbar = { bg = colors.bg2 }, - PmenuThumb = { bg = colors.bg4 }, -- DiffDelete = { bg = colors.dark_red }, -- DiffAdd = { bg = colors.dark_green }, -- DiffChange = { bg = colors.dark_aqua }, -- DiffText = { bg = colors.yellow, fg = colors.bg0 }, -+ DiffDelete = { fg = colors.red }, -+ DiffAdd = { fg = colors.green }, -+ DiffChange = { fg = colors.aqua }, -+ DiffText = { fg = colors.yellow, bg = colors.bg0 }, - SpellCap = { link = "GruvboxBlueUnderline" }, - SpellBad = { link = "GruvboxRedUnderline" }, diff --git a/overlays/gruvbox-nvim-better-diff/default.nix b/overlays/gruvbox-nvim-better-diff/default.nix deleted file mode 100644 index 832e71d..0000000 --- a/overlays/gruvbox-nvim-better-diff/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/gruvbox-nvim-better-diff/generated.nix b/overlays/gruvbox-nvim-better-diff/generated.nix deleted file mode 100644 index 82a18c2..0000000 --- a/overlays/gruvbox-nvim-better-diff/generated.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -_final: prev: { - gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291 - ./colours.patch - ]; - }); -} From 4a01a5053262c45bbeefd5ca4fd8ccff87440f5f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 16 Mar 2024 19:49:00 +0100 Subject: [PATCH 006/379] flake: bump inputs And fix the update `pinentry` options in home-manager. --- flake.lock | 24 ++++++++++++------------ hosts/nixos/aramis/home.nix | 4 ++-- modules/home/bitwarden/default.nix | 9 ++------- modules/home/gpg/default.nix | 11 +++-------- 4 files changed, 19 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index ce8318f..a42d5dd 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1710532761, + "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "206f457fffdb9a73596a4cb2211a471bd305243d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1710451336, + "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "d691274a972b3165335d261cc4671335f5c67de9", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1710013455, - "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=", + "lastModified": 1710607749, + "narHash": "sha256-TRgxM7sOiWF8cea73OzDnmfhyYnN8+vDHUUJlkDDZ/U=", "owner": "nix-community", "repo": "NUR", - "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36", + "rev": "b870db4117d587a8c5c2c8c9e2d311d7fa4befe2", "type": "github" }, "original": { diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 66a0892..64b63ce 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = "gtk2"; + bitwarden.pinentry = pkgs.pinentry-gtk2; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = "gtk2"; + gpg.pinentry = pkgs.pinentry-gtk2; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client diff --git a/modules/home/bitwarden/default.nix b/modules/home/bitwarden/default.nix index c709f7b..0c0dfab 100644 --- a/modules/home/bitwarden/default.nix +++ b/modules/home/bitwarden/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.bitwarden; in @@ -6,12 +6,7 @@ in options.my.home.bitwarden = with lib; { enable = my.mkDisableOption "bitwarden configuration"; - pinentry = mkOption { - type = types.str; - default = "tty"; - example = "gtk2"; - description = "Which pinentry interface to use"; - }; + pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; }; config = lib.mkIf cfg.enable { diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 7eadf48..51c865a 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.gpg; in @@ -6,12 +6,7 @@ in options.my.home.gpg = with lib; { enable = my.mkDisableOption "gpg configuration"; - pinentry = mkOption { - type = types.str; - default = "tty"; - example = "gtk2"; - description = "Which pinentry interface to use"; - }; + pinentry = mkPackageOption pkgs "pinentry" { default = [ "pinentry-tty" ]; }; }; config = lib.mkIf cfg.enable { @@ -22,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryFlavor = cfg.pinentry; + pinentryPackage = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; From 61fa35093ce3eb7f3cbcc9ca97dcdb2af471eba5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Mar 2024 22:03:32 +0100 Subject: [PATCH 007/379] nixos: services: mealie: fix bulk upload --- modules/nixos/services/mealie/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index ebbebb2..55ac376 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -66,6 +66,13 @@ in my.services.nginx.virtualHosts = { mealie = { inherit (cfg) port; + + extraConfig = { + # Allow bulk upload of recipes for import/export + locations."/".extraConfig = '' + client_max_body_size 0; + ''; + }; }; }; }; From 607aa5351c94bb52308cc83efc8f0f8f7acaf332 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Mar 2024 22:03:32 +0100 Subject: [PATCH 008/379] nixos: services: tandoor-recipes: fix bulk upload --- modules/nixos/services/tandoor-recipes/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index f5dc2db..48ad7a8 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -73,6 +73,13 @@ in my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; + + extraConfig = { + # Allow bulk upload of recipes for import/export + locations."/".extraConfig = '' + client_max_body_size 0; + ''; + }; }; }; }; From 15d0e6bb38b86cd9693dd9c43ee1da4a98744974 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Mar 2024 11:19:33 +0000 Subject: [PATCH 009/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a42d5dd..4308e9c 100644 --- a/flake.lock +++ b/flake.lock @@ -116,11 +116,11 @@ ] }, "locked": { - "lastModified": 1703887061, - "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1710532761, - "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=", + "lastModified": 1711604890, + "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=", "owner": "nix-community", "repo": "home-manager", - "rev": "206f457fffdb9a73596a4cb2211a471bd305243d", + "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1710451336, - "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", + "lastModified": 1711523803, + "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d691274a972b3165335d261cc4671335f5c67de9", + "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1710607749, - "narHash": "sha256-TRgxM7sOiWF8cea73OzDnmfhyYnN8+vDHUUJlkDDZ/U=", + "lastModified": 1711622043, + "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=", "owner": "nix-community", "repo": "NUR", - "rev": "b870db4117d587a8c5c2c8c9e2d311d7fa4befe2", + "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c", "type": "github" }, "original": { @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1708018599, - "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", + "lastModified": 1711519547, + "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", + "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a", "type": "github" }, "original": { From 06c64c1a782c2677edbc55a5bebf3332c3fb7d36 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 1 Apr 2024 22:25:37 +0100 Subject: [PATCH 010/379] templates: fix 'matrix-notifier' CI step --- templates/c++-cmake/.woodpecker/check.yml | 2 +- templates/c++-meson/.woodpecker/check.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 9135f7b..8e71643 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -24,7 +24,7 @@ steps: - source: matrix_password target: pass commands: - - nix run '.#matrix-notifier' + - nix run github:ambroisie/matrix-notifier when: status: - failure diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 9135f7b..8e71643 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -24,7 +24,7 @@ steps: - source: matrix_password target: pass commands: - - nix run '.#matrix-notifier' + - nix run github:ambroisie/matrix-notifier when: status: - failure From 4b5a19a8faade3a5dda68dab7046fb413de31277 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 1 Apr 2024 22:26:21 +0100 Subject: [PATCH 011/379] templates: fix deprecated CI syntax --- .woodpecker/check.yml | 18 +++++++++--------- templates/c++-cmake/.woodpecker/check.yml | 18 +++++++++--------- templates/c++-meson/.woodpecker/check.yml | 18 +++++++++--------- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml index aff6e84..e04cd46 100644 --- a/.woodpecker/check.yml +++ b/.woodpecker/check.yml @@ -9,15 +9,15 @@ steps: - name: notifiy image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - nix run '.#matrix-notifier' when: diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 8e71643..4ff7dba 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -14,15 +14,15 @@ steps: - name: notifiy image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - nix run github:ambroisie/matrix-notifier when: diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 8e71643..4ff7dba 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -14,15 +14,15 @@ steps: - name: notifiy image: bash - secrets: - - source: matrix_homeserver - target: address - - source: matrix_roomid - target: room - - source: matrix_username - target: user - - source: matrix_password - target: pass + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password commands: - nix run github:ambroisie/matrix-notifier when: From 96aa934bec78ee047ba999c25b9d6836c3d576b6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Mar 2024 20:20:41 +0000 Subject: [PATCH 012/379] pkgs: zsh-done: fix homepage link --- pkgs/zsh-done/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/zsh-done/default.nix b/pkgs/zsh-done/default.nix index bdb6af3..8fac813 100644 --- a/pkgs/zsh-done/default.nix +++ b/pkgs/zsh-done/default.nix @@ -26,7 +26,7 @@ stdenvNoCC.mkDerivation rec { description = '' A zsh plug-in to receive notifications when long processes finish ''; - homepage = "https://gitea.belanyi.fr/ambroisie/zsh-done"; + homepage = "https://git.belanyi.fr/ambroisie/zsh-done"; license = licenses.mit; platforms = platforms.unix; maintainers = with maintainers; [ ambroisie ]; From d97da124ee39432b20ae3ebeba218f5ed6577589 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Mar 2024 20:20:41 +0000 Subject: [PATCH 013/379] templates: fix homepage links --- templates/c++-cmake/flake.nix | 2 +- templates/c++-meson/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index cb468e7..db3b35c 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -52,7 +52,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://gitea.belanyi.fr/ambroisie/project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 9cfed0d..5957c62 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -52,7 +52,7 @@ meta = with lib; { description = "A C++ project"; - homepage = "https://gitea.belanyi.fr/ambroisie/project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; license = licenses.mit; maintainers = with maintainers; [ ambroisie ]; platforms = platforms.unix; From 8a4fdf6a56f69e9dbf6852a520ab43257c7731b1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Mar 2024 20:21:41 +0000 Subject: [PATCH 014/379] templates: fix description typo --- templates/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/default.nix b/templates/default.nix index f58fd72..31c3a81 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -5,6 +5,6 @@ }; "c++-meson" = { path = ./c++-meson; - description = "A C++ project using CMake"; + description = "A C++ project using Meson"; }; } From f729f6a0980b439ed3d8143f2af82860c27bd5bd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 2 Apr 2024 12:25:05 +0200 Subject: [PATCH 015/379] hosts: nixos: porthos: secrets: add 'lohr' owner --- hosts/nixos/porthos/secrets/secrets.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index bea380c..c43376b 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -31,8 +31,14 @@ in publicKeys = all; }; - "lohr/secret.age".publicKeys = all; - "lohr/ssh-key.age".publicKeys = all; + "lohr/secret.age" = { + owner = "lohr"; + publicKeys = all; + }; + "lohr/ssh-key.age" = { + owner = "lohr"; + publicKeys = all; + }; "matrix/mail.age" = { owner = "matrix-synapse"; From 8f120e2129ceb2e32945cb5eecaaf43968d8f9cf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 2 Apr 2024 12:25:34 +0200 Subject: [PATCH 016/379] nixos: services: lohr: fix SSH key creation In the migration to `tmpfiles.d(5)`, I used the wrong type of file. Using `f` would write the path to the file as its content, rather than copy it. Unfortunately `C` and `C+` do not overwrite an existing file, so using a symlink it the correct solution here. This means the SSH key file must have `lohr` as an owner... Perhaps I should make it so the service can read the file itself, rather than rely on the filesystem location, so that I don't have to contort myself quite so much to make it work. --- modules/nixos/services/lohr/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index 21aadba..21ed93b 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -99,7 +99,7 @@ in }; }; "${lohrHome}/.ssh/id_ed25519" = { - "f+" = { + "L+" = { user = "lohr"; group = "lohr"; mode = "0700"; From 10a3e684c8fa837958210610c920e3dd83bfcf55 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 7 Apr 2024 13:28:26 +0200 Subject: [PATCH 017/379] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 4308e9c..808a777 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1712079060, + "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "1381a759b205dff7a6818733118d02253340fd5e", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1709336216, - "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1711604890, - "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=", + "lastModified": 1712390667, + "narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=", "owner": "nix-community", "repo": "home-manager", - "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df", + "rev": "b787726a8413e11b074cde42704b4af32d95545c", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711523803, - "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1711622043, - "narHash": "sha256-nCNcHYlmmPPIDRkDCvNoEog+AuG7jdmkhkU0fqoS82A=", + "lastModified": 1712485930, + "narHash": "sha256-Gx1kXJYnYENoJKWdZpTSDj9fAbnhSzp/cTpFFIXre/M=", "owner": "nix-community", "repo": "NUR", - "rev": "b7ff69e152caedbe4d0e40173d61732ac139a09c", + "rev": "e4dfbd7eb86b3ac1bf5b7d5c4ca200dba5cbb5a9", "type": "github" }, "original": { @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1711519547, - "narHash": "sha256-Q7YmSCUJmDl71fJv/zD9lrOCJ1/SE/okZ2DsrmRjzhY=", + "lastModified": 1712055707, + "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7d47a32e5cd1ea481fab33c516356ce27c8cef4a", + "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a", "type": "github" }, "original": { From 6b51b4e2ab49dfe4a853ad5873e9d4741eafaefa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 7 Apr 2024 13:30:40 +0200 Subject: [PATCH 018/379] nixos: services: rss-bridge: fix deprecated option --- modules/nixos/services/rss-bridge/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/rss-bridge/default.nix b/modules/nixos/services/rss-bridge/default.nix index 85e37c2..52b1030 100644 --- a/modules/nixos/services/rss-bridge/default.nix +++ b/modules/nixos/services/rss-bridge/default.nix @@ -11,7 +11,9 @@ in config = lib.mkIf cfg.enable { services.rss-bridge = { enable = true; - whitelist = [ "*" ]; # Whitelist all + config = { + system.enabled_bridges = [ "*" ]; # Whitelist all + }; virtualHost = "rss-bridge.${config.networking.domain}"; }; From 6efe2c12ba7e580418ca8a17b14185422defa67e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Apr 2024 21:19:54 +0200 Subject: [PATCH 019/379] nixos: services: woodpecker: exec: fix NodeJS I need it for Tree Sitter support... --- modules/nixos/services/woodpecker/agent-exec/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/woodpecker/agent-exec/default.nix b/modules/nixos/services/woodpecker/agent-exec/default.nix index 7ae21c8..24161b0 100644 --- a/modules/nixos/services/woodpecker/agent-exec/default.nix +++ b/modules/nixos/services/woodpecker/agent-exec/default.nix @@ -44,6 +44,8 @@ in serviceConfig = { # Same option as upstream, without @setuid SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap"; + # NodeJS requires RWX memory... + MemoryDenyWriteExecute = lib.mkForce false; BindPaths = [ "/nix/var/nix/daemon-socket/socket" From 3e6b9f716167eef4c6a030f4c6570f4ea28a7c44 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Apr 2024 10:01:17 +0000 Subject: [PATCH 020/379] home: vim: ftdetect: add bp Unfortunately, the `blueprint` filetype name is already taken... --- modules/home/vim/ftdetect/blueprint.lua | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/ftdetect/blueprint.lua diff --git a/modules/home/vim/ftdetect/blueprint.lua b/modules/home/vim/ftdetect/blueprint.lua new file mode 100644 index 0000000..d3fb395 --- /dev/null +++ b/modules/home/vim/ftdetect/blueprint.lua @@ -0,0 +1,6 @@ +-- Use `bp` filetype for Blueprint files +vim.filetype.add({ + extension = { + bp = "bp", + }, +}) From 95c688766f7af1bd06e22ce150aa4628167455d8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Apr 2024 10:01:17 +0000 Subject: [PATCH 021/379] home: vim: ftplugin: add bp --- modules/home/vim/after/ftplugin/bp.vim | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 modules/home/vim/after/ftplugin/bp.vim diff --git a/modules/home/vim/after/ftplugin/bp.vim b/modules/home/vim/after/ftplugin/bp.vim new file mode 100644 index 0000000..1224e7a --- /dev/null +++ b/modules/home/vim/after/ftplugin/bp.vim @@ -0,0 +1,7 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Add comment format +setlocal comments=b://,s1:/*,mb:*,ex:*/ +setlocal commentstring=//\ %s +let b:undo_ftplugin.='|setlocal comments< commentstring<' From a4ede5f6f403a6f73d8ac34ee56892be2e1a4f4f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 May 2023 13:04:06 +0000 Subject: [PATCH 022/379] templates: add rust-cargo --- templates/default.nix | 4 + templates/rust-cargo/.envrc | 5 + templates/rust-cargo/.gitignore | 6 ++ templates/rust-cargo/.woodpecker/check.yml | 31 ++++++ templates/rust-cargo/Cargo.lock | 7 ++ templates/rust-cargo/Cargo.toml | 8 ++ templates/rust-cargo/flake.nix | 112 +++++++++++++++++++++ templates/rust-cargo/rustfmt.toml | 0 templates/rust-cargo/src/main.rs | 3 + 9 files changed, 176 insertions(+) create mode 100644 templates/rust-cargo/.envrc create mode 100644 templates/rust-cargo/.gitignore create mode 100644 templates/rust-cargo/.woodpecker/check.yml create mode 100644 templates/rust-cargo/Cargo.lock create mode 100644 templates/rust-cargo/Cargo.toml create mode 100644 templates/rust-cargo/flake.nix create mode 100644 templates/rust-cargo/rustfmt.toml create mode 100644 templates/rust-cargo/src/main.rs diff --git a/templates/default.nix b/templates/default.nix index 31c3a81..44db753 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -7,4 +7,8 @@ path = ./c++-meson; description = "A C++ project using Meson"; }; + "rust-cargo" = { + path = ./rust-cargo; + description = "A Rust project using Cargo"; + }; } diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc new file mode 100644 index 0000000..de77fcb --- /dev/null +++ b/templates/rust-cargo/.envrc @@ -0,0 +1,5 @@ +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/rust-cargo/.gitignore b/templates/rust-cargo/.gitignore new file mode 100644 index 0000000..5f360ff --- /dev/null +++ b/templates/rust-cargo/.gitignore @@ -0,0 +1,6 @@ +# Rust build directory +/target + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/rust-cargo/.woodpecker/check.yml b/templates/rust-cargo/.woodpecker/check.yml new file mode 100644 index 0000000..4ff7dba --- /dev/null +++ b/templates/rust-cargo/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notifiy + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/rust-cargo/Cargo.lock b/templates/rust-cargo/Cargo.lock new file mode 100644 index 0000000..4f9c86e --- /dev/null +++ b/templates/rust-cargo/Cargo.lock @@ -0,0 +1,7 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "project" +version = "0.0.0" diff --git a/templates/rust-cargo/Cargo.toml b/templates/rust-cargo/Cargo.toml new file mode 100644 index 0000000..4dfdc0b --- /dev/null +++ b/templates/rust-cargo/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "project" +version = "0.0.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix new file mode 100644 index 0000000..6d50369 --- /dev/null +++ b/templates/rust-cargo/flake.nix @@ -0,0 +1,112 @@ +{ + description = "A Rust project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + pre-commit-hooks = { + type = "github"; + owner = "cachix"; + repo = "pre-commit-hooks.nix"; + ref = "master"; + inputs = { + flake-utils.follows = "futils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, pre-commit-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; rustPlatform.buildRustPackage { + pname = "project"; + version = (final.lib.importTOML ./Cargo.toml).package.version; + + src = self; + + cargoLock = { + lockFile = "${self}/Cargo.lock"; + }; + + meta = with lib; { + description = "A Rust project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = pre-commit-hooks.lib.${system}.run { + src = self; + + hooks = { + clippy = { + enable = true; + settings = { + denyWarnings = true; + }; + }; + + nixpkgs-fmt = { + enable = true; + }; + + rustfmt = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = with self.packages.${system}; [ + project + ]; + + packages = with pkgs; [ + clippy + rust-analyzer + rustfmt + ]; + + RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/rust-cargo/rustfmt.toml b/templates/rust-cargo/rustfmt.toml new file mode 100644 index 0000000..e69de29 diff --git a/templates/rust-cargo/src/main.rs b/templates/rust-cargo/src/main.rs new file mode 100644 index 0000000..e7a11a9 --- /dev/null +++ b/templates/rust-cargo/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +} From 7e0cb867deb17d2f5b23670510147bb6dc59470f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Apr 2024 15:19:29 +0000 Subject: [PATCH 023/379] pkgs: remove 'digestpp' I have packaged it upstream. --- pkgs/default.nix | 2 -- pkgs/digestpp/default.nix | 31 ------------------------------- 2 files changed, 33 deletions(-) delete mode 100644 pkgs/digestpp/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index e82a90c..a45bd7f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,8 +12,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { diff-flake = pkgs.callPackage ./diff-flake { }; - digestpp = pkgs.callPackage ./digestpp { }; - dragger = pkgs.callPackage ./dragger { }; drone-rsync = pkgs.callPackage ./drone-rsync { }; diff --git a/pkgs/digestpp/default.nix b/pkgs/digestpp/default.nix deleted file mode 100644 index 2fd90db..0000000 --- a/pkgs/digestpp/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib -, fetchFromGitHub -, stdenv -}: -stdenv.mkDerivation { - pname = "digestpp"; - version = "0-unstable-2023-11-07"; - - src = fetchFromGitHub { - owner = "kerukuro"; - repo = "digestpp"; - rev = "ebb699402c244e22c3aff61d2239bcb2e87b8ef8"; - hash = "sha256-9X/P7DgZB6bSYjQWRli4iAXEFjhmACOVv3EYQrXuH5c="; - }; - - installPhase = '' - runHook preInstall - - mkdir -p $out/include/digestpp - cp -r *.hpp algorithm/ detail/ $out/include/digestpp - - runHook postInstall - ''; - - meta = with lib; { - description = "C++11 header-only message digest library"; - homepage = "https://github.com/kerukuro/digestpp"; - license = licenses.unlicense; - maintainers = with maintainers; [ ambroisie ]; - }; -} From e43cdbfa6519753cb5fb6d674d88eeecbd03e9ab Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Apr 2024 15:19:56 +0000 Subject: [PATCH 024/379] pkgs: remove 'sqlite_orm' I have packaged it upstream. --- pkgs/default.nix | 2 -- pkgs/sqlite_orm/default.nix | 32 -------------------------------- 2 files changed, 34 deletions(-) delete mode 100644 pkgs/sqlite_orm/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index a45bd7f..0212887 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -28,8 +28,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { rbw-pass = pkgs.callPackage ./rbw-pass { }; - sqlite_orm = pkgs.callPackage ./sqlite_orm { }; - unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { }; zsh-done = pkgs.callPackage ./zsh-done { }; diff --git a/pkgs/sqlite_orm/default.nix b/pkgs/sqlite_orm/default.nix deleted file mode 100644 index 3891eee..0000000 --- a/pkgs/sqlite_orm/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib -, cmake -, fetchFromGitHub -, sqlite -, stdenv -}: -stdenv.mkDerivation (finalAttrs: { - pname = "sqlite_orm"; - version = "1.8.2"; - - src = fetchFromGitHub { - owner = "fnc12"; - repo = "sqlite_orm"; - rev = "v${finalAttrs.version}"; - hash = "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc="; - }; - - nativeBuildInputs = [ - cmake - ]; - - propagatedBuildInputs = [ - sqlite - ]; - - meta = with lib; { - description = "Light header only SQLite ORM"; - homepage = "https://sqliteorm.com/"; - license = licenses.agpl3Only; # MIT license is commercial - maintainers = with maintainers; [ ambroisie ]; - }; -}) From 06b760e3ee7ffe73a78753295a6d4e10ef6fe98a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Apr 2024 15:20:09 +0000 Subject: [PATCH 025/379] pkgs: remove 'bt-migrate' I have packaged it upstream. --- pkgs/bt-migrate/default.nix | 61 ------------------------------------- pkgs/default.nix | 2 -- 2 files changed, 63 deletions(-) delete mode 100644 pkgs/bt-migrate/default.nix diff --git a/pkgs/bt-migrate/default.nix b/pkgs/bt-migrate/default.nix deleted file mode 100644 index df99c55..0000000 --- a/pkgs/bt-migrate/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib -, boost -, cmake -, cxxopts -, digestpp -, fetchFromGitHub -, fmt -, jsoncons -, pugixml -, sqlite_orm -, stdenv -}: -stdenv.mkDerivation { - pname = "bt-migrate"; - version = "0-unstable-2023-08-17"; - - src = fetchFromGitHub { - owner = "mikedld"; - repo = "bt-migrate"; - rev = "e15a489c0c76f98355586ebbee08223af4e9bf50"; - hash = "sha256-kA6yxhbIh3ThmgF8Zyoe3I79giLVmdNr9IIrw5Xx4s0="; - }; - - nativeBuildInputs = [ - cmake - ]; - - buildInputs = [ - boost - cxxopts - fmt - jsoncons - pugixml - sqlite_orm - ]; - - cmakeFlags = [ - (lib.strings.cmakeBool "USE_VCPKG" false) - # NOTE: digestpp does not have proper CMake packaging (yet?) - (lib.strings.cmakeBool "USE_FETCHCONTENT" true) - (lib.strings.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DIGESTPP" "${digestpp}/include/digestpp") - ]; - - # NOTE: no install target in CMake... - installPhase = '' - runHook preInstall - - mkdir -p $out/bin - cp BtMigrate $out/bin - - runHook postInstall - ''; - - meta = with lib; { - description = "Torrent state migration tool"; - homepage = "https://github.com/mikedld/bt-migrate"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ ambroisie ]; - mainProgram = "BtMigrate"; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 0212887..6b7fce1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,7 +1,5 @@ { pkgs }: pkgs.lib.makeScope pkgs.newScope (pkgs: { - bt-migrate = pkgs.callPackage ./bt-migrate { }; - bw-pass = pkgs.callPackage ./bw-pass { }; change-audio = pkgs.callPackage ./change-audio { }; From 6a22a80d4203111dd77bcd4ae7594f2ae194403b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Apr 2024 14:06:21 +0000 Subject: [PATCH 026/379] home: direnv: update default flake Now that I (usually?) override `nixpkgs` in the registry, there's not much use in defaulting to `pkgs`. --- modules/home/direnv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/direnv/default.nix b/modules/home/direnv/default.nix index 93a1f3b..4f1f4b6 100644 --- a/modules/home/direnv/default.nix +++ b/modules/home/direnv/default.nix @@ -8,8 +8,8 @@ in defaultFlake = mkOption { type = types.str; - default = "pkgs"; - example = "nixpkgs"; + default = "nixpkgs"; + example = "pkgs"; description = '' Which flake from the registry should be used for use pkgs by default. From b735eb4b98fd60f3e3f3bcdca33aec1eedc4719e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Apr 2024 14:08:00 +0000 Subject: [PATCH 027/379] home: direnv: set 'DIRENV_DEFAULT_FLAKE' as needed --- modules/home/direnv/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/direnv/default.nix b/modules/home/direnv/default.nix index 4f1f4b6..67beb62 100644 --- a/modules/home/direnv/default.nix +++ b/modules/home/direnv/default.nix @@ -7,8 +7,8 @@ in enable = my.mkDisableOption "direnv configuration"; defaultFlake = mkOption { - type = types.str; - default = "nixpkgs"; + type = with types; nullOr str; + default = null; example = "pkgs"; description = '' Which flake from the registry should be used for @@ -39,7 +39,7 @@ in in lib.my.genAttrs' files linkLibFile; - home.sessionVariables = { + home.sessionVariables = lib.mkIf (cfg.defaultFlake != null) { DIRENV_DEFAULT_FLAKE = cfg.defaultFlake; }; }; From f9db06a6d43d4fdce7595c6a5b5acfe7af84b971 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 22 Apr 2024 20:58:45 +0200 Subject: [PATCH 028/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 808a777..8ee39d7 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1712390667, - "narHash": "sha256-ebq+fJZfobqpsAdGDGpxNWSySbQejRwW9cdiil6krCo=", + "lastModified": 1713809191, + "narHash": "sha256-9Tb5JKcacjxNF1f7gsu/4l4Gxa2qflq9x1hhdl10iwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "b787726a8413e11b074cde42704b4af32d95545c", + "rev": "e866aae5bbbcfe6798ca05d3004a4e62f1828954", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712439257, - "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1712485930, - "narHash": "sha256-Gx1kXJYnYENoJKWdZpTSDj9fAbnhSzp/cTpFFIXre/M=", + "lastModified": 1713810384, + "narHash": "sha256-ze9APypWwgcNXvtc+Y/In/PCGmIzm/VefrwQKG7ge7E=", "owner": "nix-community", "repo": "NUR", - "rev": "e4dfbd7eb86b3ac1bf5b7d5c4ca200dba5cbb5a9", + "rev": "5d454967f1d978fe45956d25ed7ee15b9910da18", "type": "github" }, "original": { @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1712055707, - "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=", + "lastModified": 1713775815, + "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a", + "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4", "type": "github" }, "original": { From c18054cad72c92a347a87ddaa63bf1b0ffa2a023 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Mar 2024 20:30:25 +0100 Subject: [PATCH 029/379] nixos: services: podgrab: use 'media' group --- modules/nixos/services/podgrab/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 5ceebb6..f1a8eb2 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -29,8 +29,13 @@ in services.podgrab = { enable = true; inherit (cfg) passwordFile port; + + group = "media"; }; + # Set-up media group + users.groups.media = { }; + my.services.nginx.virtualHosts = { podgrab = { inherit (cfg) port; From 5df0574f41017e67462fcc7809fd117f2f7944be Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Mar 2024 20:30:25 +0100 Subject: [PATCH 030/379] nixos: services: podgrab: add 'dataDir' --- modules/nixos/services/podgrab/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index f1a8eb2..ea89e4e 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -17,6 +17,15 @@ in ''; }; + dataDir = mkOption { + type = with types; nullOr str; + default = null; + example = "/mnt/podgrab"; + description = '' + Path to the directory to store the podcasts. Use default if null + ''; + }; + port = mkOption { type = types.port; default = 8080; @@ -31,6 +40,7 @@ in inherit (cfg) passwordFile port; group = "media"; + dataDirectory = lib.mkIf (cfg.dataDir != null) cfg.dataDir; }; # Set-up media group From 7ebbb10568f12929b54308d6aa96defad93c9d82 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Mar 2024 20:32:05 +0100 Subject: [PATCH 031/379] hosts: nixos: porthos: migrate podgrab 'dataDir' I want to share it with `audiobookshelf`, so putting it in `/data/media` makes it easier. --- hosts/nixos/porthos/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a67ae3b..d84c2fa 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -134,6 +134,7 @@ in podgrab = { enable = true; passwordFile = secrets."podgrab/password".path; + dataDir = "/data/media/podcasts"; port = 9598; }; # Regular backups From 2dedb41a47e83aa3a86b4ad8062d7348fa7a35c9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Mar 2024 19:59:34 +0100 Subject: [PATCH 032/379] nixos: services: add audiobookshelf --- .../nixos/services/audiobookshelf/default.nix | 39 +++++++++++++++++++ modules/nixos/services/default.nix | 1 + 2 files changed, 40 insertions(+) create mode 100644 modules/nixos/services/audiobookshelf/default.nix diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix new file mode 100644 index 0000000..8c9719d --- /dev/null +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -0,0 +1,39 @@ +# Audiobook and podcast library +{ config, lib, ... }: +let + cfg = config.my.services.audiobookshelf; +in +{ + options.my.services.audiobookshelf = with lib; { + enable = mkEnableOption "Audiobookshelf, a self-hosted podcast manager"; + + port = mkOption { + type = types.port; + default = 8000; + example = 4242; + description = "The port on which Audiobookshelf will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + services.audiobookshelf = { + enable = true; + inherit (cfg) port; + + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + audiobookshelf = { + inherit (cfg) port; + # Proxy websockets for RPC + extraConfig = { + locations."/".proxyWebsockets = true; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3b32d06..60b2478 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -4,6 +4,7 @@ imports = [ ./adblock ./aria + ./audiobookshelf ./backup ./blog ./calibre-web From 929c8ea9b0322339429113318440336e2931fbe2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Mar 2024 20:00:17 +0100 Subject: [PATCH 033/379] hosts: nixos: porthos: services: audiobookshelf --- hosts/nixos/porthos/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d84c2fa..23901f7 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -10,6 +10,11 @@ in adblock = { enable = true; }; + # Audiobook and podcast library + audiobookshelf = { + enable = true; + port = 9599; + }; # Backblaze B2 backup backup = { enable = true; From df79f36c873d08fabe18ec8bfcb87ff6f5eb4edd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 4 May 2024 16:06:14 +0200 Subject: [PATCH 034/379] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 8ee39d7..c1084e9 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1712079060, - "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", + "lastModified": 1714136352, + "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", "owner": "ryantm", "repo": "agenix", - "rev": "1381a759b205dff7a6818733118d02253340fd5e", + "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1713809191, - "narHash": "sha256-9Tb5JKcacjxNF1f7gsu/4l4Gxa2qflq9x1hhdl10iwM=", + "lastModified": 1714679908, + "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e866aae5bbbcfe6798ca05d3004a4e62f1828954", + "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1714635257, + "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1713810384, - "narHash": "sha256-ze9APypWwgcNXvtc+Y/In/PCGmIzm/VefrwQKG7ge7E=", + "lastModified": 1714825428, + "narHash": "sha256-6U4cppyR0u6sqSSVr3GMrnIXhP2YGR0knfgrUGtr/1Y=", "owner": "nix-community", "repo": "NUR", - "rev": "5d454967f1d978fe45956d25ed7ee15b9910da18", + "rev": "5847f3365c16afafc10c56994beadd4cdc8552ee", "type": "github" }, "original": { @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1713775815, - "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=", + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4", + "rev": "2849da033884f54822af194400f8dff435ada242", "type": "github" }, "original": { From 8d2cf7f2c0a133e718f147222db9ae04d68c1155 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 4 May 2024 16:06:24 +0200 Subject: [PATCH 035/379] nixos: profiles: laptop: fix renamed option --- modules/nixos/profiles/laptop/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/profiles/laptop/default.nix b/modules/nixos/profiles/laptop/default.nix index 20a29d7..68c65b8 100644 --- a/modules/nixos/profiles/laptop/default.nix +++ b/modules/nixos/profiles/laptop/default.nix @@ -9,7 +9,7 @@ in config = lib.mkIf cfg.enable { # Enable touchpad support - services.xserver.libinput.enable = true; + services.libinput.enable = true; # Enable TLP power management my.services.tlp.enable = true; From 6162f4f4d52fc3bd2bcac2659ce6fc836a959345 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 4 May 2024 22:51:11 +0200 Subject: [PATCH 036/379] modules: services: nextcloud: bump to 29 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 51195df..bb3169a 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 48beb9f1fe7cba2554da18727a2c0a2b34393d17 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 7 May 2024 11:10:29 +0000 Subject: [PATCH 037/379] nixos: services: postgres: simplify update script --- modules/nixos/services/postgresql/default.nix | 27 ++++++++++++------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 6f51f3e..1c06736 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -27,17 +27,26 @@ in environment.systemPackages = let - newpg = config.containers.temp-pg.config.services.postgresql; + pgCfg = config.services.postgresql; + newPackage' = pkgs.postgresql_13; + + oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; + oldData = pgCfg.dataDir; + oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin"; + + newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; + newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; + newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin"; in [ (pkgs.writeScriptBin "upgrade-pg-cluster" '' #!/usr/bin/env bash - set -x - export OLDDATA="${config.services.postgresql.dataDir}" - export NEWDATA="${newpg.dataDir}" - export OLDBIN="${config.services.postgresql.package}/bin" - export NEWBIN="${newpg.package}/bin" + set -eux + export OLDDATA="${oldData}" + export NEWDATA="${newData}" + export OLDBIN="${oldBin}" + export NEWBIN="${newBin}" if [ "$OLDDATA" -ef "$NEWDATA" ]; then echo "Cannot migrate to same data directory" >&2 @@ -46,13 +55,13 @@ in install -d -m 0700 -o postgres -g postgres "$NEWDATA" cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" + sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" systemctl stop postgresql # old one - sudo -u postgres $NEWBIN/pg_upgrade \ + sudo -u postgres "$NEWBIN/pg_upgrade" \ --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir $OLDBIN --new-bindir $NEWBIN \ + --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \ "$@" '') ]; From 0745e450b9a28041b875012eb935b224b3a05862 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 7 May 2024 11:40:03 +0000 Subject: [PATCH 038/379] nixos: services: postgres: remove unused container --- modules/nixos/services/postgresql/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 1c06736..7559bb6 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -20,11 +20,6 @@ in # Taken from the manual (lib.mkIf cfg.upgradeScript { - containers.temp-pg.config.services.postgresql = { - enable = true; - package = pkgs.postgresql_13; - }; - environment.systemPackages = let pgCfg = config.services.postgresql; From f6c476a07f2e7d1e8671cfe01a749d7ca5a0e4a2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 7 May 2024 11:20:40 +0000 Subject: [PATCH 039/379] nixos: services: postgres: add post-upgrade advice --- modules/nixos/services/postgresql/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 7559bb6..bbe46d4 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -58,6 +58,13 @@ in --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \ "$@" + + cat << EOF + Run the following commands after setting: + services.postgresql.package = pkgs.postgresql_${lib.versions.major newPackage.version} + sudo -u postgres vacuumdb --all --analyze-in-stages + ${newData}/delete_old_cluster.sh + EOF '') ]; }) From 811a9f44c59545ca6944328e54138dca9ead2896 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 10 May 2024 09:35:47 +0000 Subject: [PATCH 040/379] home: vim: ftplugin: add json --- modules/home/vim/after/ftplugin/json.vim | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/ftplugin/json.vim diff --git a/modules/home/vim/after/ftplugin/json.vim b/modules/home/vim/after/ftplugin/json.vim new file mode 100644 index 0000000..3f7b09d --- /dev/null +++ b/modules/home/vim/after/ftplugin/json.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Use a small indentation value on JSON files +setlocal shiftwidth=2 +let b:undo_ftplugin.='|setlocal shiftwidth<' From 1cba7b609daacf7ef6c5c3ff0f8b3f3c865c92dc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 May 2024 14:28:45 +0000 Subject: [PATCH 041/379] home: vim: null-ls: remove 'clang-format' I should be relying on `clangd` instead, which should always be available whenever `clang-format` was. --- modules/home/vim/plugin/settings/null-ls.lua | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index e7265c7..eadf16a 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -18,16 +18,6 @@ null_ls.register({ }), }) --- C, C++ -null_ls.register({ - null_ls.builtins.formatting.clang_format.with({ - -- Only used if available, but prefer clangd formatting if available - condition = function() - return utils.is_executable("clang-format") and not utils.is_executable("clangd") - end, - }), -}) - -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ From 9e89b4dd36b3b98430a8460e7c53f1e6185f116d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 19 May 2024 22:32:54 +0200 Subject: [PATCH 042/379] flake: bump inputs --- flake.lock | 39 ++++++++++++++++++--------------------- flake.nix | 1 - 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index c1084e9..5fa4910 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1715865404, + "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1714679908, - "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=", + "lastModified": 1715930644, + "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848", + "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1715961556, + "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1714825428, - "narHash": "sha256-6U4cppyR0u6sqSSVr3GMrnIXhP2YGR0knfgrUGtr/1Y=", + "lastModified": 1716149933, + "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=", "owner": "nix-community", "repo": "NUR", - "rev": "5847f3365c16afafc10c56994beadd4cdc8552ee", + "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a", "type": "github" }, "original": { @@ -185,9 +185,6 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": [ - "futils" - ], "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" @@ -197,11 +194,11 @@ ] }, "locked": { - "lastModified": 1714478972, - "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "lastModified": 1715870890, + "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "2849da033884f54822af194400f8dff435ada242", + "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9c29183..a07ee15 100644 --- a/flake.nix +++ b/flake.nix @@ -63,7 +63,6 @@ repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; }; From ccab4d09528edc84a5759a4106b18c3d3fef556d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 15:12:45 +0000 Subject: [PATCH 043/379] overlays: add 'gruvbox-nvim-delimiters' To fix [1] and [2] until the plug-in gets bumped. [1]: https://github.com/ellisonleao/gruvbox.nvim/issues/335 [2]: https://github.com/ellisonleao/gruvbox.nvim/issues/340 --- overlays/gruvbox-nvim-delimiters/default.nix | 4 ++++ overlays/gruvbox-nvim-delimiters/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/gruvbox-nvim-delimiters/default.nix create mode 100644 overlays/gruvbox-nvim-delimiters/generated.nix diff --git a/overlays/gruvbox-nvim-delimiters/default.nix b/overlays/gruvbox-nvim-delimiters/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/gruvbox-nvim-delimiters/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/gruvbox-nvim-delimiters/generated.nix b/overlays/gruvbox-nvim-delimiters/generated.nix new file mode 100644 index 0000000..7a27a3d --- /dev/null +++ b/overlays/gruvbox-nvim-delimiters/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/ellisonleao/gruvbox.nvim/pull/319 + (fetchpatch { + name = "add-Delimiter-highlight-group.patch"; + url = "https://github.com/ellisonleao/gruvbox.nvim/commit/20f90039564b293330bf97acc36dda8dd9e721a0.patch"; + hash = "sha256-it4SbgK/2iDVyvtXBfVW2YN9DqELfKsMkuCaunERGcE="; + }) + ]; + }); +} From 89056e3d5d7b5be3ee630430e36c919d4ef3cb0f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 23 May 2024 11:27:48 +0000 Subject: [PATCH 044/379] home: vim: lspconfig: migrate to 'ruff' This replaces and enhances the experience from the old `ruff-lsp` wrapper. --- modules/home/vim/plugin/settings/lspconfig.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 628eab9..b3f8954 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -53,8 +53,8 @@ if utils.is_executable("pyright") then }) end -if utils.is_executable("ruff-lsp") then - lspconfig.ruff_lsp.setup({ +if utils.is_executable("ruff") then + lspconfig.ruff.setup({ capabilities = capabilities, on_attach = lsp.on_attach, }) From 201fabbc147e59ba49f8743ceef3fe0ce84e5056 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:18:05 +0100 Subject: [PATCH 045/379] home: vim: remove redundant ftdetect files These have been added upstream and made redundant as part of the update to v0.10. --- modules/home/vim/ftdetect/blueprint.lua | 6 ------ modules/home/vim/ftdetect/gn.lua | 7 ------- modules/home/vim/ftdetect/kbuild.lua | 6 ------ modules/home/vim/ftdetect/tikz.lua | 6 ------ 4 files changed, 25 deletions(-) delete mode 100644 modules/home/vim/ftdetect/blueprint.lua delete mode 100644 modules/home/vim/ftdetect/gn.lua delete mode 100644 modules/home/vim/ftdetect/kbuild.lua delete mode 100644 modules/home/vim/ftdetect/tikz.lua diff --git a/modules/home/vim/ftdetect/blueprint.lua b/modules/home/vim/ftdetect/blueprint.lua deleted file mode 100644 index d3fb395..0000000 --- a/modules/home/vim/ftdetect/blueprint.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Use `bp` filetype for Blueprint files -vim.filetype.add({ - extension = { - bp = "bp", - }, -}) diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua deleted file mode 100644 index 37d772e..0000000 --- a/modules/home/vim/ftdetect/gn.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GN filetype for Chromium Generate Ninja files -vim.filetype.add({ - extension = { - gn = "gn", - gni = "gn", - }, -}) diff --git a/modules/home/vim/ftdetect/kbuild.lua b/modules/home/vim/ftdetect/kbuild.lua deleted file mode 100644 index 799570e..0000000 --- a/modules/home/vim/ftdetect/kbuild.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Kbuild is just a Makefile under a different name -vim.filetype.add({ - filename = { - ["Kbuild"] = "make", - }, -}) diff --git a/modules/home/vim/ftdetect/tikz.lua b/modules/home/vim/ftdetect/tikz.lua deleted file mode 100644 index 93b7db0..0000000 --- a/modules/home/vim/ftdetect/tikz.lua +++ /dev/null @@ -1,6 +0,0 @@ --- Use LaTeX filetype for TikZ files -vim.filetype.add({ - extension = { - tikz = "tex", - }, -}) From a60287f8cf85e1f0bc0ddf40b110b4744244dee0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:26:12 +0100 Subject: [PATCH 046/379] home: vim: remove 'nvim-osc52' OSC52 supports has been added upstream, and is set up automatically when `SSH_TTY` is set (and a few other conditions) in v0.10. --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/ssh.lua | 17 ----------------- 2 files changed, 18 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/ssh.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 07711cc..2e85ba3 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -58,7 +58,6 @@ in # General enhancements vim-qf # Better quick-fix list - nvim-osc52 # Send clipboard data through terminal escape for SSH # Other wrappers git-messenger-vim # A simple blame window diff --git a/modules/home/vim/plugin/settings/ssh.lua b/modules/home/vim/plugin/settings/ssh.lua deleted file mode 100644 index 992a707..0000000 --- a/modules/home/vim/plugin/settings/ssh.lua +++ /dev/null @@ -1,17 +0,0 @@ -if not require("ambroisie.utils").is_ssh() then - return -end - -local function copy(lines, _) - require("osc52").copy(table.concat(lines, "\n")) -end - -local function paste() - return { vim.fn.split(vim.fn.getreg(""), "\n"), vim.fn.getregtype("") } -end - -vim.g.clipboard = { - name = "osc52", - copy = { ["+"] = copy, ["*"] = copy }, - paste = { ["+"] = paste, ["*"] = paste }, -} From cc82d7575f370f44d4ab0f12b339bee8869fc894 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:27:39 +0100 Subject: [PATCH 047/379] home: vim: do not set 'termguicolors' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index c94fc53..3a74c4f 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -86,8 +86,6 @@ set mouse= " Set dark mode by default set background=dark -" 24 bit colors -set termguicolors " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From 212f280d921e035b5f9c015be50564240eddb074 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:33:02 +0100 Subject: [PATCH 048/379] home: vim: remove commenting plug-ins Rely on the new built-in support which was added upstream as part of v0.10. Crucially, upstream supports using tree-sitter aware comment strings by default. --- modules/home/vim/after/plugin/mappings/commentary.lua | 10 ---------- modules/home/vim/default.nix | 2 -- 2 files changed, 12 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/commentary.lua diff --git a/modules/home/vim/after/plugin/mappings/commentary.lua b/modules/home/vim/after/plugin/mappings/commentary.lua deleted file mode 100644 index 6ed3b89..0000000 --- a/modules/home/vim/after/plugin/mappings/commentary.lua +++ /dev/null @@ -1,10 +0,0 @@ -local wk = require("which-key") - -local keys = { - name = "Comment/uncomment", - c = "Current line", - u = "Uncomment the current and adjacent commented lines", - ["gc"] = "Uncomment the current and adjacent commented lines", -} - -wk.register(keys, { prefix = "gc" }) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 2e85ba3..509ae58 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -40,7 +40,6 @@ in lualine-lsp-progress # Show progress for LSP servers # tpope essentials - vim-commentary # Easy comments vim-eunuch # UNIX integrations vim-fugitive # A 'git' wrapper vim-git # Sane git syntax files @@ -69,7 +68,6 @@ in none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects - nvim-ts-context-commentstring # Comment string in nested language blocks plenary-nvim # 'null-ls', 'telescope' dependency # Completion From e0b66e89f9cd85abccad9307b4d3863955cd4818 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 May 2024 20:39:08 +0100 Subject: [PATCH 049/379] home: vim: ftplugin: remove bp It's now part of the upstream runtime as of v0.10, so this file is redundant and can be removed. --- modules/home/vim/after/ftplugin/bp.vim | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/after/ftplugin/bp.vim diff --git a/modules/home/vim/after/ftplugin/bp.vim b/modules/home/vim/after/ftplugin/bp.vim deleted file mode 100644 index 1224e7a..0000000 --- a/modules/home/vim/after/ftplugin/bp.vim +++ /dev/null @@ -1,7 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Add comment format -setlocal comments=b://,s1:/*,mb:*,ex:*/ -setlocal commentstring=//\ %s -let b:undo_ftplugin.='|setlocal comments< commentstring<' From b90da603b1a67ebaa01b9b8ebcffc0f64ab452fe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 24 May 2024 14:08:10 +0000 Subject: [PATCH 050/379] home: nix: fix typo --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index 0934189..f8d65ce 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -27,7 +27,7 @@ in }; inputs = { - link = my.mkDisableOption "link inputs to `/etc/nix/inputs/`"; + link = my.mkDisableOption "link inputs to `$XDG_CONFIG_HOME/nix/inputs/`"; addToRegistry = my.mkDisableOption "add inputs and self to registry"; From 442d267ca244dc92b6177fa795e308c361eb73f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 May 2024 13:48:54 +0000 Subject: [PATCH 051/379] home: vim: lsp: add missing type hint --- modules/home/vim/lua/ambroisie/lsp.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 31a5bd1..dc47366 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -5,7 +5,7 @@ local lsp_format = require("lsp-format") --- Move to the next/previous diagnostic, automatically showing the diagnostics --- float if necessary. ---- @param forward whether to go forward or backwards +--- @param forward bool whether to go forward or backwards local function goto_diagnostic(forward) vim.validate({ forward = { forward, "boolean" }, From 5af0230c5883000d5c1570dc958e42320e8bc517 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 29 May 2024 11:13:30 +0000 Subject: [PATCH 052/379] flake: bump inputs And undo the overlay for `gruvbox-nvim`. This reverts commit ccab4d09528edc84a5759a4106b18c3d3fef556d. --- flake.lock | 30 +++++++++---------- overlays/gruvbox-nvim-delimiters/default.nix | 4 --- .../gruvbox-nvim-delimiters/generated.nix | 14 --------- 3 files changed, 15 insertions(+), 33 deletions(-) delete mode 100644 overlays/gruvbox-nvim-delimiters/default.nix delete mode 100644 overlays/gruvbox-nvim-delimiters/generated.nix diff --git a/flake.lock b/flake.lock index 5fa4910..5191e9f 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1715290355, - "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1715930644, - "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", + "lastModified": 1716930911, + "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=", "owner": "nix-community", "repo": "home-manager", - "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", + "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715961556, - "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", + "lastModified": 1716769173, + "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", + "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1716149933, - "narHash": "sha256-0Ui2HmmKvSqxXfT5kCzTu2EO+kqYxavPZHROxQLsI14=", + "lastModified": 1716972321, + "narHash": "sha256-iB8kNkc+p/9NwmrXgnChB6JFcUtSBSdGESRVliiTCMI=", "owner": "nix-community", "repo": "NUR", - "rev": "0d0e224fe23a49977d871ae2fe2f14c84b03322a", + "rev": "3ced449a2fdd845ffde002790691bedf6958f00c", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1715870890, - "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=", + "lastModified": 1716213921, + "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1", + "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", "type": "github" }, "original": { diff --git a/overlays/gruvbox-nvim-delimiters/default.nix b/overlays/gruvbox-nvim-delimiters/default.nix deleted file mode 100644 index 832e71d..0000000 --- a/overlays/gruvbox-nvim-delimiters/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/gruvbox-nvim-delimiters/generated.nix b/overlays/gruvbox-nvim-delimiters/generated.nix deleted file mode 100644 index 7a27a3d..0000000 --- a/overlays/gruvbox-nvim-delimiters/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - gruvbox-nvim = prev.gruvbox-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/ellisonleao/gruvbox.nvim/pull/319 - (fetchpatch { - name = "add-Delimiter-highlight-group.patch"; - url = "https://github.com/ellisonleao/gruvbox.nvim/commit/20f90039564b293330bf97acc36dda8dd9e721a0.patch"; - hash = "sha256-it4SbgK/2iDVyvtXBfVW2YN9DqELfKsMkuCaunERGcE="; - }) - ]; - }); -} From 82a0c65901f3209c47359db9bcdd1bc32e68e3a2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 4 Jun 2024 22:49:10 +0100 Subject: [PATCH 053/379] home: firefox: tridactyl: add LWN comment toggle Ideally, I would instead be targeting the `::before` pseudo-element, which is the _actual_ button, but it doesn't work... --- modules/home/firefox/tridactyl/tridactylrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 4dc53cf..5a8ef06 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -15,8 +15,8 @@ bind --mode=input editor_rm " Binds {{{ " Reddit et al. {{{ -" Toggle comments on Reddit, Hacker News, Lobste.rs -bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] +" Toggle comments on Reddit, Hacker News, Lobste.rs, LWN +bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"],[class="CommentTitle"] " Make `gu` take me back to subreddit from comments bindurl reddit.com gu urlparent 3 From c08c8c79d38b36270140b43a2885abe11318bf04 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 10 Jun 2024 12:53:13 +0000 Subject: [PATCH 054/379] home: firefox: tridactyl: fix DDG mapping --- modules/home/firefox/tridactyl/tridactylrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 5a8ef06..36bd59d 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -26,8 +26,8 @@ bindurl www.google.com f hint -Jc #search a bindurl www.google.com F hint -Jbc #search a " Only hint search results on DuckDuckGo -bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] -bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result-title-a"] +bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result"] +bindurl ^https://duckduckgo.com F hint -Jbc [data-testid="result"] " Only hint item pages on Hacker News bindurl news.ycombinator.com ;f hint -Jc .age > a From 7ea10f7823c3e8d5a66fb7bec6df4c2fd2c8055c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Jun 2024 10:06:31 +0000 Subject: [PATCH 055/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5191e9f..8ad503c 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1716930911, - "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=", + "lastModified": 1718141734, + "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086", + "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716769173, - "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=", + "lastModified": 1717974879, + "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632", + "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1716972321, - "narHash": "sha256-iB8kNkc+p/9NwmrXgnChB6JFcUtSBSdGESRVliiTCMI=", + "lastModified": 1718184302, + "narHash": "sha256-opRL7+wsIxy+r0zP4BkrKUEiljIXhXdboIylH04ggOg=", "owner": "nix-community", "repo": "NUR", - "rev": "3ced449a2fdd845ffde002790691bedf6958f00c", + "rev": "4b71c3c633d0a1784960a2350012dbb809bb4dac", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1716213921, - "narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=", + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "type": "github" }, "original": { From 10a7111f1c8a0857f9ce06869e1b9f8923025da7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Jun 2024 21:26:57 +0200 Subject: [PATCH 056/379] nixos: services: mealie: fix DB auth Turns out the package update [1] was because someone couldn't make it work on the previous version, and added a new setting to configure it more easily :-). [1]: https://github.com/NixOS/nixpkgs/pull/314294 --- modules/nixos/services/mealie/default.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 55ac376..96b9e14 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -35,12 +35,8 @@ in # Use PostgreSQL DB_ENGINE = "postgres"; - POSTGRES_USER = "mealie"; - POSTGRES_PASSWORD = ""; - POSTGRES_SERVER = "/run/postgresql"; - # Pydantic and/or mealie doesn't handle the URI correctly, hijack it - # with query parameters... - POSTGRES_DB = "mealie?host=/run/postgresql&dbname=mealie"; + # Make it work with socket auth + POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; }; From d37c767a2f0999fbe10e7c2b6a969c1bf39137f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Jun 2024 21:29:19 +0200 Subject: [PATCH 057/379] nixos: services: forgejo: fix deprecated config --- modules/nixos/services/forgejo/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 0f3dfc5..18538be 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -83,7 +83,11 @@ in # I configure my backup system manually below. dump.enable = false; - mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; + secrets = { + mailer = lib.mkIf cfg.mail.enable { + PASSWD = cfg.mail.passwordFile; + }; + }; settings = { DEFAULT = { From 6a9ac77b0c366819a9f10110850c56a311a03cab Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 14 Jun 2024 21:17:21 +0100 Subject: [PATCH 058/379] nixos: hardware: bluetooth: remove pipewire conf Turns out the wireplumber configuration I was setting up is redundant with the upstream default (which work better, becomes they use a quirks database...). It was also out-of-date due to the update to v0.5, which changed the configuration format... --- modules/nixos/hardware/bluetooth/default.nix | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index c019b31..e9b1991 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -24,24 +24,6 @@ in extraModules = [ pkgs.pulseaudio-modules-bt ]; package = pkgs.pulseaudioFull; }; - - services.pipewire.wireplumber.configPackages = [ - (pkgs.writeTextDir "share/wireplumber/bluetooth.lua.d/51-bluez-config.lua" '' - bluez_monitor.properties = { - -- SBC XQ provides better audio - ["bluez5.enable-sbc-xq"] = true, - - -- mSBC provides better audio + microphone - ["bluez5.enable-msbc"] = true, - - -- Synchronize volume with bluetooth device - ["bluez5.enable-hw-volume"] = true, - - -- FIXME: Some devices may now support both hsp_ag and hfp_ag - ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" - } - '') - ]; }) # Support for A2DP audio profile From 64331981d0015e04c45267fcff5087092f1db9fa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Jun 2024 10:11:50 +0000 Subject: [PATCH 059/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8ad503c..084af23 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1716561646, - "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "lastModified": 1718371084, + "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", "owner": "ryantm", "repo": "agenix", - "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "rev": "3a56735779db467538fb2e577eda28a9daacaca6", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1718141734, - "narHash": "sha256-cA+6l8ZCZ7MXGijVuY/1f55+wF/RT4PlTR9+g4bx86w=", + "lastModified": 1718526747, + "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", "owner": "nix-community", "repo": "home-manager", - "rev": "892f76bd0aa09a0f7f73eb41834b8a904b6d0fad", + "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717974879, - "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", + "lastModified": 1718318537, + "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", + "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1718184302, - "narHash": "sha256-opRL7+wsIxy+r0zP4BkrKUEiljIXhXdboIylH04ggOg=", + "lastModified": 1718606072, + "narHash": "sha256-+BKOI7p2YoNwNQgfdIldS0hmihEjBBLWPOek624sgeg=", "owner": "nix-community", "repo": "NUR", - "rev": "4b71c3c633d0a1784960a2350012dbb809bb4dac", + "rev": "6af362f6660ce325faacb9e180e3c2e8d2af3fdd", "type": "github" }, "original": { From 7c61d6dffc119069db44361dedc075ffc036f87d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Jun 2024 11:17:22 +0000 Subject: [PATCH 060/379] nixos: hardware: graphics: use AMDVLK options --- modules/nixos/hardware/graphics/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 3baac02..51ac445 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -35,19 +35,22 @@ in (lib.mkIf (cfg.gpuFlavor == "amd") { boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; + hardware.amdgpu = { + # Vulkan + amdvlk = lib.mkIf cfg.amd.amdvlk { + enable = true; + support32Bit = { + enable = true; + }; + }; + }; + hardware.opengl = { extraPackages = with pkgs; [ # OpenCL rocmPackages.clr rocmPackages.clr.icd - ] - ++ lib.optional cfg.amd.amdvlk amdvlk - ; - - extraPackages32 = with pkgs; [ - ] - ++ lib.optional cfg.amd.amdvlk driversi686Linux.amdvlk - ; + ]; }; }) From 9ab49e06f9abf377b34c86a3e52ea1ba0225f189 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Jun 2024 12:15:41 +0000 Subject: [PATCH 061/379] nixos: hardware: graphics: add 32bit Intel drivers --- modules/nixos/hardware/graphics/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 51ac445..65f1056 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -72,6 +72,13 @@ in intel-vaapi-driver libvdpau-va-gl ]; + + extraPackages32 = with pkgs.driversi686Linux; [ + # VA API + intel-media-driver + intel-vaapi-driver + libvdpau-va-gl + ]; }; }) ]); From eb94fca939189fb8f761ffda549d6fc6c4ff3943 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 18 Jun 2024 09:21:42 +0000 Subject: [PATCH 062/379] home: nix: use 'nix.nixPath' Freshly merged upstream, I've only been waiting ~1 year for it. --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index f8d65ce..c0bbcc8 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -96,7 +96,7 @@ in }) (lib.mkIf cfg.inputs.addToNixPath { - home.sessionVariables.NIX_PATH = "${config.xdg.configHome}/nix/inputs\${NIX_PATH:+:$NIX_PATH}"; + nix.nixPath = [ "${config.xdg.configHome}/nix/inputs" ]; }) ]); } From 468eaa9ed47f3c5077a1e176d3a53e7dc3087fcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 18 Jun 2024 13:13:42 +0000 Subject: [PATCH 063/379] home: nixpkgs: use 'escapeShellArg' --- modules/home/nixpkgs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/nixpkgs/default.nix b/modules/home/nixpkgs/default.nix index 720fc9b..a4946db 100644 --- a/modules/home/nixpkgs/default.nix +++ b/modules/home/nixpkgs/default.nix @@ -13,8 +13,8 @@ in ]; home.sessionVariables = { - GITHUB_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; - GITHUB_API_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; + GITHUB_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; + GITHUB_API_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; }; }; } From c2362795d80946805f613a9351ab934a4b33d38d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Jun 2024 15:38:12 +0000 Subject: [PATCH 064/379] flake: bump inputs Fixup `bash-language-server` which has been migrated out of `nodePackages`. --- flake.lock | 24 ++++++++++++------------ modules/home/vim/default.nix | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 084af23..9a9275f 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1718526747, - "narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=", + "lastModified": 1718788307, + "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792", + "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718318537, - "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", + "lastModified": 1718895438, + "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", + "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1718606072, - "narHash": "sha256-+BKOI7p2YoNwNQgfdIldS0hmihEjBBLWPOek624sgeg=", + "lastModified": 1718980488, + "narHash": "sha256-cULCoFNaBcyB9TUMmL6oDKu2FygaZbfn6I5mYwRC4G8=", "owner": "nix-community", "repo": "NUR", - "rev": "6af362f6660ce325faacb9e180e3c2e8d2af3fdd", + "rev": "ef74ae1e19df0d2118a4f27d6127f1153469a25e", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1718879355, + "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a", "type": "github" }, "original": { diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 509ae58..d7280fb 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -102,7 +102,7 @@ in nixpkgs-fmt # Shell - nodePackages.bash-language-server + bash-language-server shfmt ]; }; From b73f6af5e018a337aceb72295aa0d3c7b74bbea7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Jun 2024 15:38:32 +0000 Subject: [PATCH 065/379] nixos: services: flood: use upstream module --- modules/nixos/services/flood/default.nix | 26 ++++-------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index 155e73d..b95bac5 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -1,5 +1,5 @@ # A nice UI for various torrent clients -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.flood; in @@ -13,31 +13,13 @@ in example = 3000; description = "Internal port for Flood UI"; }; - - stateDir = mkOption { - type = types.str; - default = "flood"; - example = "floodUI"; - description = "Directory under `/var/run` for storing Flood's files"; - }; }; config = lib.mkIf cfg.enable { - systemd.services.flood = { - description = "Flood torrent UI"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + services.flood = { + enable = true; - serviceConfig = { - ExecStart = lib.concatStringsSep " " [ - (lib.getExe pkgs.flood) - "--port ${builtins.toString cfg.port}" - "--rundir /var/lib/${cfg.stateDir}" - ]; - DynamicUser = true; - StateDirectory = cfg.stateDir; - ReadWritePaths = ""; - }; + inherit (cfg) port; }; my.services.nginx.virtualHosts = { From 105e0fbfd0c5d6177490486468098c5634508b5b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Jun 2024 19:51:53 +0100 Subject: [PATCH 066/379] ci: fix typo --- .woodpecker/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/check.yml b/.woodpecker/check.yml index e04cd46..9e885aa 100644 --- a/.woodpecker/check.yml +++ b/.woodpecker/check.yml @@ -7,7 +7,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: From a15f7ec270ed7b2da17f1d7fc8ccf148f5a0cfe4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Jun 2024 19:52:10 +0100 Subject: [PATCH 067/379] templates: fix typo --- templates/c++-cmake/.woodpecker/check.yml | 2 +- templates/c++-meson/.woodpecker/check.yml | 2 +- templates/rust-cargo/.woodpecker/check.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/c++-cmake/.woodpecker/check.yml b/templates/c++-cmake/.woodpecker/check.yml index 4ff7dba..272c0e4 100644 --- a/templates/c++-cmake/.woodpecker/check.yml +++ b/templates/c++-cmake/.woodpecker/check.yml @@ -12,7 +12,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: diff --git a/templates/c++-meson/.woodpecker/check.yml b/templates/c++-meson/.woodpecker/check.yml index 4ff7dba..272c0e4 100644 --- a/templates/c++-meson/.woodpecker/check.yml +++ b/templates/c++-meson/.woodpecker/check.yml @@ -12,7 +12,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: diff --git a/templates/rust-cargo/.woodpecker/check.yml b/templates/rust-cargo/.woodpecker/check.yml index 4ff7dba..272c0e4 100644 --- a/templates/rust-cargo/.woodpecker/check.yml +++ b/templates/rust-cargo/.woodpecker/check.yml @@ -12,7 +12,7 @@ steps: commands: - nix flake check -- name: notifiy +- name: notify image: bash environment: ADDRESS: From fc5cb1a47d2a7046dd0d9eef5b5b8cf21c5736bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Jun 2024 09:54:50 +0000 Subject: [PATCH 068/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9a9275f..83ccfd7 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1718788307, - "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=", + "lastModified": 1719438532, + "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca", + "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718895438, - "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=", + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1718980488, - "narHash": "sha256-cULCoFNaBcyB9TUMmL6oDKu2FygaZbfn6I5mYwRC4G8=", + "lastModified": 1719564461, + "narHash": "sha256-wCFs1sf1tPoV3nCG5N5KaakAKm88FyzN6pRdOsOqNZg=", "owner": "nix-community", "repo": "NUR", - "rev": "ef74ae1e19df0d2118a4f27d6127f1153469a25e", + "rev": "7369862c4a8f293f6fde79044369dad7dfc04798", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1718879355, - "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=", + "lastModified": 1719259945, + "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a", + "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", "type": "github" }, "original": { From b8952655378f033a484b98f6c748c7beef8740ae Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Jun 2024 18:10:26 +0100 Subject: [PATCH 069/379] nixos: hardware: graphics: fix renamed option --- modules/nixos/hardware/graphics/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 65f1056..89bb1cd 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -26,7 +26,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { - hardware.opengl = { + hardware.graphics = { enable = true; }; } @@ -45,7 +45,7 @@ in }; }; - hardware.opengl = { + hardware.graphics = { extraPackages = with pkgs; [ # OpenCL rocmPackages.clr @@ -62,7 +62,7 @@ in VDPAU_DRIVER = "va_gl"; }; - hardware.opengl = { + hardware.graphics = { extraPackages = with pkgs; [ # Open CL intel-compute-runtime From dc90e14e60f755cbe5d0b2ccdceed92221b53ffa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 1 Jul 2024 09:59:14 +0000 Subject: [PATCH 070/379] home: vim: lspconfig: add 'starpls' --- modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index b3f8954..2f355f4 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -76,3 +76,11 @@ if utils.is_executable("bash-language-server") then on_attach = lsp.on_attach, }) end + +-- Starlark +if utils.is_executable("starpls") then + lspconfig.starpls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end From f11cdb367514db86063f9c2342a7e29d21dac473 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:10:07 +0000 Subject: [PATCH 071/379] home: gdb: use 'mkPackageOption' --- modules/home/gdb/default.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index fe8eb69..9e7d81f 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -9,14 +9,7 @@ in rr = { enable = my.mkDisableOption "rr configuration"; - package = mkOption { - type = types.package; - default = pkgs.rr; - defaultText = literalExample "pkgs.rr"; - description = '' - Package providing rr - ''; - }; + package = mkPackageOption pkgs "rr" { }; }; }; From 4943df69ef8015ee0f36ef3997fb60a52d6e7903 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:12:21 +0000 Subject: [PATCH 072/379] home: gdb: add 'package' option --- modules/home/gdb/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index 9e7d81f..efb49e2 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -6,6 +6,8 @@ in options.my.home.gdb = with lib; { enable = my.mkDisableOption "gdb configuration"; + package = mkPackageOption pkgs "gdb" { }; + rr = { enable = my.mkDisableOption "rr configuration"; @@ -16,7 +18,7 @@ in config = lib.mkIf cfg.enable (lib.mkMerge [ { home.packages = with pkgs; [ - gdb + cfg.package ]; xdg = { From abb78d63e24dadbe6c76af753a9433b44d62d323 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:10:28 +0000 Subject: [PATCH 073/379] home: calibre: add 'package' option --- modules/home/calibre/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/calibre/default.nix b/modules/home/calibre/default.nix index 6edf654..de7c126 100644 --- a/modules/home/calibre/default.nix +++ b/modules/home/calibre/default.nix @@ -5,11 +5,13 @@ in { options.my.home.calibre = with lib; { enable = mkEnableOption "calibre configuration"; + + package = mkPackageOption pkgs "calibre" { }; }; config = lib.mkIf cfg.enable { home.packages = with pkgs; [ - calibre + cfg.package ]; }; } From 1644e952435590c2f263624c7e649e91248eae63 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:11:30 +0000 Subject: [PATCH 074/379] home: discord: add 'package' option --- modules/home/discord/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index 7348bb4..bfa5d40 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -7,11 +7,13 @@ in { options.my.home.discord = with lib; { enable = mkEnableOption "discord configuration"; + + package = mkPackageOption pkgs "discord" { }; }; config = lib.mkIf cfg.enable { home.packages = with pkgs; [ - discord + cfg.package ]; xdg.configFile."discord/settings.json".source = From 04de570926161cf47201322fae92168a7f07aa34 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 8 Jul 2024 13:27:30 +0000 Subject: [PATCH 075/379] home: atuin: add 'package' option --- modules/home/atuin/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index b8973cc..3f06263 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -1,15 +1,19 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.my.home.atuin; in { options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; + + # I want the full experience by default + package = mkPackageOption pkgs "atuin" { }; }; config = lib.mkIf cfg.enable { programs.atuin = { enable = true; + inherit (cfg) package; flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p From 6a6f3aed63cb2cf04f42a17d5329bfeed3c4f62f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 21:40:36 +0100 Subject: [PATCH 076/379] home: vim: migrate to 'oil.nvim' --- modules/home/vim/after/ftplugin/netrw.vim | 6 ------ modules/home/vim/default.nix | 2 +- modules/home/vim/plugin/settings/oil.lua | 19 +++++++++++++++++++ 3 files changed, 20 insertions(+), 7 deletions(-) delete mode 100644 modules/home/vim/after/ftplugin/netrw.vim create mode 100644 modules/home/vim/plugin/settings/oil.lua diff --git a/modules/home/vim/after/ftplugin/netrw.vim b/modules/home/vim/after/ftplugin/netrw.vim deleted file mode 100644 index e3689f8..0000000 --- a/modules/home/vim/after/ftplugin/netrw.vim +++ /dev/null @@ -1,6 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Don't show Netrw in buffer list -setlocal bufhidden=delete -let b:undo_ftplugin='|setlocal bufhidden<' diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index d7280fb..e2c3504 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -46,7 +46,6 @@ in vim-repeat # Enanche '.' for plugins vim-rsi # Readline mappings vim-unimpaired # Some ex command mappings - vim-vinegar # Better netrw # Languages rust-vim @@ -85,6 +84,7 @@ in dressing-nvim # Integrate native UI hooks with Telescope etc... gitsigns-nvim # Fast git UI integration nvim-surround # Deal with pairs, now in Lua + oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua new file mode 100644 index 0000000..451345d --- /dev/null +++ b/modules/home/vim/plugin/settings/oil.lua @@ -0,0 +1,19 @@ +local oil = require("oil") +local wk = require("which-key") + +oil.setup({ + view_options = { + -- Show files and directories that start with "." by default + show_hidden = true, + -- But never '..' + is_always_hidden = function(name, bufnr) + return name == ".." + end, + }, +}) + +local keys = { + ["-"] = { oil.open, "Open parent directory" }, +} + +wk.register(keys) From 452399ee4c036663e2aef0a802120445591931a6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 22:16:51 +0100 Subject: [PATCH 077/379] home: vim: oil: add detail view toggle mapping --- modules/home/vim/plugin/settings/oil.lua | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index 451345d..e4a6716 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -1,6 +1,8 @@ local oil = require("oil") local wk = require("which-key") +local detail = false + oil.setup({ view_options = { -- Show files and directories that start with "." by default @@ -10,6 +12,19 @@ oil.setup({ return name == ".." end, }, + keymaps = { + ["gd"] = { + desc = "Toggle file detail view", + callback = function() + detail = not detail + if detail then + oil.set_columns({ "icon", "permissions", "size", "mtime" }) + else + oil.set_columns({ "icon" }) + end + end, + }, + }, }) local keys = { From 0de9966127b4177ad0c0760c72e9849c383a0a5f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 22:45:48 +0100 Subject: [PATCH 078/379] home: vim: remove redundant 'nobackup' It's already the default. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 3a74c4f..eba0c25 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -38,8 +38,6 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Disable backups, we have source control for that -set nobackup " Disable swapfiles too set noswapfile " }}} From 16d68022ebfaf8108ab73a99c54a84bbc811511d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 10 Jul 2024 22:47:14 +0100 Subject: [PATCH 079/379] home: vim: enable swap and undo files Trying it on for size, since NeoVim does use XDG directories for those. --- modules/home/vim/init.vim | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index eba0c25..a5a06f4 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -38,8 +38,10 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Disable swapfiles too -set noswapfile +" Enable swap files +set swapfile +" And undo files +set undofile " }}} " UI and UX parameters {{{ From 88e4d72366955f31f6dcae0caeffb78cdb7b810a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 19:52:03 +0100 Subject: [PATCH 080/379] home: vim: git: use lua in visual mappings I thought the partial staging feature had broken, but it looks to be unrelated [1]. [1]: https://github.com/lewis6991/gitsigns.nvim/issues/1088 --- modules/home/vim/plugin/settings/git.lua | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 4dbebca..5ae03e1 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -1,6 +1,15 @@ local gitsigns = require("gitsigns") local wk = require("which-key") +--- Transform `f` into a function which acts on the current visual selection +local function make_visual(f) + return function() + local first = vim.fn.line("v") + local last = vim.fn.line(".") + f({ first, last }) + end +end + gitsigns.setup({ current_line_blame_opts = { -- Show the blame quickly @@ -43,13 +52,12 @@ local objects = { local visual = { ["ih"] = { gitsigns.select_hunk, "Git hunk" }, - -- Only the actual command can make use of the visual selection... ["g"] = { name = "Git", - p = { ":Gitsigns preview_hunk", "Preview selection" }, - r = { ":Gitsigns reset_hunk", "Restore selection" }, - s = { ":Gitsigns stage_hunk", "Stage selection" }, - u = { ":Gitsigns undo_stage_hunk", "Undo stage selection" }, + p = { gitsigns.preview_hunk, "Preview selection" }, + r = { make_visual(gitsigns.reset_hunk), "Restore selection" }, + s = { make_visual(gitsigns.stage_hunk), "Stage selection" }, + u = { gitsigns.undo_stage_hunk, "Undo stage selection" }, }, } From 966934a8bc1475b20fe03b2749916fb769d36051 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:11:51 +0100 Subject: [PATCH 081/379] home: vim: git: use lua in hunk mappings --- modules/home/vim/plugin/settings/git.lua | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 5ae03e1..0ef647e 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -10,6 +10,20 @@ local function make_visual(f) end end +local function nav_hunk(dir) + return function() + if vim.wo.diff then + local map = { + prev = "[c", + next = "]c", + } + vim.cmd.normal({ map[dir], bang = true }) + else + gitsigns.nav_hunk(dir) + end + end +end + gitsigns.setup({ current_line_blame_opts = { -- Show the blame quickly @@ -19,8 +33,8 @@ gitsigns.setup({ local keys = { -- Navigation - ["[c"] = { "&diff ? '[c' : 'Gitsigns prev_hunk'", "Previous hunk/diff", expr = true }, - ["]c"] = { "&diff ? ']c' : 'Gitsigns next_hunk'", "Next hunk/diff", expr = true }, + ["[c"] = { nav_hunk("prev"), "Previous hunk/diff" }, + ["]c"] = { nav_hunk("next"), "Next hunk/diff" }, -- Commands ["g"] = { From bcd9a31bb8f61d6355f4c9ee4a6e777087889b09 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:34:51 +0100 Subject: [PATCH 082/379] home: vim: lua: utils: add 'partial' Love me some functional goodness. This was taken from [1]. [1]: https://reddit.com/r/lua/comments/fh2go5 --- modules/home/vim/lua/ambroisie/utils.lua | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index 3d2dd3b..c9e9292 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -48,4 +48,22 @@ M.list_lsp_clients = function(bufnr) return names end +--- partially apply a function with given arguments +M.partial = function(f, ...) + local a = { ... } + local a_len = select("#", ...) + + return function(...) + local tmp = { ... } + local tmp_len = select("#", ...) + + -- Merge arg lists + for i = 1, tmp_len do + a[a_len + i] = tmp[i] + end + + return f(unpack(a, 1, a_len + tmp_len)) + end +end + return M From 5592a120a4f0c9c40d7f3228d2b989f8d3d8c149 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:38:40 +0100 Subject: [PATCH 083/379] home: vim: git: use 'partial' --- modules/home/vim/plugin/settings/git.lua | 26 +++++++++++------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 0ef647e..de5bb69 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -1,4 +1,5 @@ local gitsigns = require("gitsigns") +local utils = require("ambroisie.utils") local wk = require("which-key") --- Transform `f` into a function which acts on the current visual selection @@ -11,16 +12,14 @@ local function make_visual(f) end local function nav_hunk(dir) - return function() - if vim.wo.diff then - local map = { - prev = "[c", - next = "]c", - } - vim.cmd.normal({ map[dir], bang = true }) - else - gitsigns.nav_hunk(dir) - end + if vim.wo.diff then + local map = { + prev = "[c", + next = "]c", + } + vim.cmd.normal({ map[dir], bang = true }) + else + gitsigns.nav_hunk(dir) end end @@ -33,8 +32,8 @@ gitsigns.setup({ local keys = { -- Navigation - ["[c"] = { nav_hunk("prev"), "Previous hunk/diff" }, - ["]c"] = { nav_hunk("next"), "Next hunk/diff" }, + ["[c"] = { utils.partial(nav_hunk, "prev"), "Previous hunk/diff" }, + ["]c"] = { utils.partial(nav_hunk, "next"), "Next hunk/diff" }, -- Commands ["g"] = { @@ -42,8 +41,7 @@ local keys = { -- Actions b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" }, d = { gitsigns.diffthis, "Diff buffer" }, - -- stylua: ignore - D = { function() gitsigns.diffthis("~") end, "Diff buffer against last commit" }, + D = { utils.partial(gitsigns.diffthis, "~"), "Diff buffer against last commit" }, g = { "Git", "Git status" }, h = { gitsigns.toggle_deleted, "Show deleted hunks" }, L = { ":spT:Gllog --follow -- %:p", "Current buffer log" }, From 5ffe2653c0499afda8b2c9b933b2ef9554c23510 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 12 Jul 2024 20:59:58 +0100 Subject: [PATCH 084/379] home: vim: git: work around partial staging issue See [1]. [1]: https://github.com/lewis6991/gitsigns.nvim/issues/929 --- modules/home/vim/plugin/settings/git.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index de5bb69..404abfc 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -28,6 +28,8 @@ gitsigns.setup({ -- Show the blame quickly delay = 100, }, + -- Work-around for https://github.com/lewis6991/gitsigns.nvim/issues/929 + signs_staged_enable = false, }) local keys = { From 280829b54f55760119c37b15c2d68e6e6535001d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jul 2024 20:34:09 +0100 Subject: [PATCH 085/379] home: vim: signtoggle: fix toggling Don't know how I missed this for so long... --- modules/home/vim/plugin/signtoggle.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index d6a26e2..60f6a65 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -9,7 +9,7 @@ vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=yes", + command = "setlocal signcolumn=no", }) -- Never show the sign column in a terminal buffer From a7c542784c2ceb2ad4bbe605b8362794a69f0193 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jul 2024 20:40:37 +0100 Subject: [PATCH 086/379] home: vim: numbertoggle: use lua callbacks Use `vim.opt` because those are local options (i.e: similar to `set` it defaults to setting it locally, `vim.opt_local` is not necessary). --- modules/home/vim/plugin/numbertoggle.lua | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index 1f97fc8..8042710 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -7,17 +7,28 @@ local numbertoggle = vim.api.nvim_create_augroup("numbertoggle", { clear = true vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "InsertLeave", "WinEnter" }, { pattern = "*", group = numbertoggle, - command = "if &nu | setlocal rnu | endif", + callback = function() + if vim.opt.number:get() then + vim.opt.relativenumber = true + end + end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" }, { pattern = "*", group = numbertoggle, - command = "if &nu | setlocal nornu | endif", + callback = function() + if vim.opt.number:get() then + vim.opt.relativenumber = false + end + end, }) -- Never show the sign column in a terminal buffer vim.api.nvim_create_autocmd({ "TermOpen" }, { pattern = "*", group = numbertoggle, - command = "setlocal nonu nornu", + callback = function() + vim.opt.number = false + vim.opt.relativenumber = false + end, }) From 5918a0b9e6b246f69607c78d2dd68192849d724c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jul 2024 20:40:59 +0100 Subject: [PATCH 087/379] home: vim: signtoggle: use lua callbacks Use `vim.opt` because this is a local option (i.e: similar to `set` it defaults to setting it locally, `vim.opt_local` is not necessary). --- modules/home/vim/plugin/signtoggle.lua | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 60f6a65..9765a81 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -4,17 +4,23 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=yes", + callback = function() + vim.opt.signcolumn = "yes" + end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=no", + callback = function() + vim.opt.signcolumn = "no" + end, }) -- Never show the sign column in a terminal buffer vim.api.nvim_create_autocmd({ "TermOpen" }, { pattern = "*", group = signtoggle, - command = "setlocal signcolumn=no", + callback = function() + vim.opt.signcolumn = "no" + end, }) From 82f49f1389591f04440471422e542608edb6a326 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 19 Jul 2024 11:10:49 +0000 Subject: [PATCH 088/379] home: vim: telescope: move mappings from 'after' --- .../home/vim/after/plugin/mappings/telescope.lua | 15 --------------- modules/home/vim/plugin/settings/telescope.lua | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/telescope.lua diff --git a/modules/home/vim/after/plugin/mappings/telescope.lua b/modules/home/vim/after/plugin/mappings/telescope.lua deleted file mode 100644 index 0867b36..0000000 --- a/modules/home/vim/after/plugin/mappings/telescope.lua +++ /dev/null @@ -1,15 +0,0 @@ -local wk = require("which-key") -local telescope_builtin = require("telescope.builtin") - -local keys = { - f = { - name = "Fuzzy finder", - b = { telescope_builtin.buffers, "Open buffers" }, - f = { telescope_builtin.git_files, "Git tracked files" }, - F = { telescope_builtin.find_files, "Files" }, - g = { telescope_builtin.live_grep, "Grep string" }, - G = { telescope_builtin.grep_string, "Grep string under cursor" }, - }, -} - -wk.register(keys, { prefix = "" }) diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 4548ec5..64cc298 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -1,4 +1,6 @@ local telescope = require("telescope") +local telescope_builtin = require("telescope.builtin") +local wk = require("which-key") telescope.setup({ defaults = { @@ -22,3 +24,16 @@ telescope.setup({ telescope.load_extension("fzf") telescope.load_extension("lsp_handlers") + +local keys = { + f = { + name = "Fuzzy finder", + b = { telescope_builtin.buffers, "Open buffers" }, + f = { telescope_builtin.git_files, "Git tracked files" }, + F = { telescope_builtin.find_files, "Files" }, + g = { telescope_builtin.live_grep, "Grep string" }, + G = { telescope_builtin.grep_string, "Grep string under cursor" }, + }, +} + +wk.register(keys, { prefix = "" }) From 3438290e32adb1dfcc3e69b86f83effa279a7c27 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 19 Jul 2024 11:13:11 +0000 Subject: [PATCH 089/379] home: vim: tree-sitter: move mappings from 'after' --- .../mappings/tree-sitter-textobjects.lua | 30 ------------------ .../home/vim/plugin/settings/tree-sitter.lua | 31 +++++++++++++++++++ 2 files changed, 31 insertions(+), 30 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua diff --git a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua b/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua deleted file mode 100644 index 631731c..0000000 --- a/modules/home/vim/after/plugin/mappings/tree-sitter-textobjects.lua +++ /dev/null @@ -1,30 +0,0 @@ -local wk = require("which-key") - -local motions = { - ["]m"] = "Next method start", - ["]M"] = "Next method end", - ["]S"] = "Next statement start", - ["]]"] = "Next class start", - ["]["] = "Next class end", - ["[m"] = "Previous method start", - ["[M"] = "Previous method end", - ["[S"] = "Previous statement start", - ["[["] = "Previous class start", - ["[]"] = "Previous class end", -} - -local objects = { - ["aa"] = "a parameter", - ["ia"] = "inner parameter", - ["ab"] = "a block", - ["ib"] = "inner block", - ["ac"] = "a class", - ["ic"] = "inner class", - ["af"] = "a function", - ["if"] = "inner function", - ["ak"] = "a comment", - ["aS"] = "a statement", -} - -wk.register(motions, { mode = "n" }) -wk.register(objects, { mode = "o" }) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 5503857..4584c85 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,4 +1,6 @@ local ts_config = require("nvim-treesitter.configs") +local wk = require("which-key") + ts_config.setup({ highlight = { enable = true, @@ -51,3 +53,32 @@ ts_config.setup({ }, }, }) + +local motions = { + ["]m"] = "Next method start", + ["]M"] = "Next method end", + ["]S"] = "Next statement start", + ["]]"] = "Next class start", + ["]["] = "Next class end", + ["[m"] = "Previous method start", + ["[M"] = "Previous method end", + ["[S"] = "Previous statement start", + ["[["] = "Previous class start", + ["[]"] = "Previous class end", +} + +local objects = { + ["aa"] = "a parameter", + ["ia"] = "inner parameter", + ["ab"] = "a block", + ["ib"] = "inner block", + ["ac"] = "a class", + ["ic"] = "inner class", + ["af"] = "a function", + ["if"] = "inner function", + ["ak"] = "a comment", + ["aS"] = "a statement", +} + +wk.register(motions, { mode = "n" }) +wk.register(objects, { mode = "o" }) From c6735f3912041595610b64f4b2231ca836b39ebe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 19 Jul 2024 11:32:10 +0000 Subject: [PATCH 090/379] home: vime: tree-sitter: remove 'which-key' The plug-in now has support for setting mapping descriptions by itself. --- .../home/vim/plugin/settings/tree-sitter.lua | 70 ++++++------------- 1 file changed, 20 insertions(+), 50 deletions(-) diff --git a/modules/home/vim/plugin/settings/tree-sitter.lua b/modules/home/vim/plugin/settings/tree-sitter.lua index 4584c85..d5fff46 100644 --- a/modules/home/vim/plugin/settings/tree-sitter.lua +++ b/modules/home/vim/plugin/settings/tree-sitter.lua @@ -1,5 +1,4 @@ local ts_config = require("nvim-treesitter.configs") -local wk = require("which-key") ts_config.setup({ highlight = { @@ -16,16 +15,16 @@ ts_config.setup({ -- Jump to matching text objects lookahead = true, keymaps = { - ["aa"] = "@parameter.outer", - ["ia"] = "@parameter.inner", - ["ab"] = "@block.outer", - ["ib"] = "@block.inner", - ["ac"] = "@class.outer", - ["ic"] = "@class.inner", - ["af"] = "@function.outer", - ["if"] = "@function.inner", - ["ak"] = "@comment.outer", - ["aS"] = "@statement.outer", + ["aa"] = { query = "@parameter.outer", desc = "a parameter" }, + ["ia"] = { query = "@parameter.inner", desc = "inner parameter" }, + ["ab"] = { query = "@block.outer", desc = "a block" }, + ["ib"] = { query = "@block.inner", desc = "inner block" }, + ["ac"] = { query = "@class.outer", desc = "a class" }, + ["ic"] = { query = "@class.inner", desc = "inner class" }, + ["af"] = { query = "@function.outer", desc = "a function" }, + ["if"] = { query = "@function.inner", desc = "inner function" }, + ["ak"] = { query = "@comment.outer", desc = "a comment" }, + ["aS"] = { query = "@statement.outer", desc = "a statement" }, }, }, move = { @@ -33,52 +32,23 @@ ts_config.setup({ -- Add to jump list set_jumps = true, goto_next_start = { - ["]m"] = "@function.outer", - ["]S"] = "@statement.outer", - ["]]"] = "@class.outer", + ["]m"] = { query = "@function.outer", desc = "Next method start" }, + ["]S"] = { query = "@statement.outer", desc = "Next statement start" }, + ["]]"] = { query = "@class.outer", desc = "Next class start" }, }, goto_next_end = { - ["]M"] = "@function.outer", - ["]["] = "@class.outer", + ["]M"] = { query = "@function.outer", desc = "Next method end" }, + ["]["] = { query = "@class.outer", desc = "Next class end" }, }, goto_previous_start = { - ["[m"] = "@function.outer", - ["[S"] = "@statement.outer", - ["[["] = "@class.outer", + ["[m"] = { query = "@function.outer", desc = "Previous method start" }, + ["[S"] = { query = "@statement.outer", desc = "Previous statement start" }, + ["[["] = { query = "@class.outer", desc = "Previous class start" }, }, goto_previous_end = { - ["[M"] = "@function.outer", - ["[]"] = "@class.outer", + ["[M"] = { query = "@function.outer", desc = "Previous method end" }, + ["[]"] = { query = "@class.outer", desc = "Previous class end" }, }, }, }, }) - -local motions = { - ["]m"] = "Next method start", - ["]M"] = "Next method end", - ["]S"] = "Next statement start", - ["]]"] = "Next class start", - ["]["] = "Next class end", - ["[m"] = "Previous method start", - ["[M"] = "Previous method end", - ["[S"] = "Previous statement start", - ["[["] = "Previous class start", - ["[]"] = "Previous class end", -} - -local objects = { - ["aa"] = "a parameter", - ["ia"] = "inner parameter", - ["ab"] = "a block", - ["ib"] = "inner block", - ["ac"] = "a class", - ["ic"] = "inner class", - ["af"] = "a function", - ["if"] = "inner function", - ["ak"] = "a comment", - ["aS"] = "a statement", -} - -wk.register(motions, { mode = "n" }) -wk.register(objects, { mode = "o" }) From abaa7119e7ba773045e66be0884796b323919346 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 11:34:42 +0100 Subject: [PATCH 091/379] home: vim: consistent 'unimpaired' mapping names --- modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index f502056..e171d8f 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -86,7 +86,7 @@ local keys = { z = "Spell checking", }, ["]o"] = { - name = "Option off", + name = "Disable option", b = "Light background", c = "Cursor line", d = "Diff", @@ -105,7 +105,7 @@ local keys = { z = "Spell checking", }, ["yo"] = { - name = "Option toggle", + name = "Toggle option", b = "Light background", c = "Cursor line", d = "Diff", From 326f9d039a2811531e48dacb6b30590fe6172e6a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 22 Jul 2024 16:05:54 +0000 Subject: [PATCH 092/379] home: vim: disable 'swapfile' As before, I still dislike this option and find its downsides worse than its upsides. --- modules/home/vim/init.vim | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index a5a06f4..0186614 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -38,9 +38,9 @@ set tabstop=8 " File parameters {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -" Enable swap files -set swapfile -" And undo files +" Disable swap files +set noswapfile +" Enable undo files set undofile " }}} From 997f208d305cbedfbfbd9f6e93d3caf95225775a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 24 Jul 2024 16:33:09 +0000 Subject: [PATCH 093/379] home: vim: remove irrelevant filetype plugins I don't make use of their non-upstreamed functionality. --- modules/home/vim/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index e2c3504..a063483 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -48,11 +48,7 @@ in vim-unimpaired # Some ex command mappings # Languages - rust-vim vim-beancount - vim-jsonnet - vim-nix - vim-toml # General enhancements vim-qf # Better quick-fix list From 442eef04826277d1eb562665b49b3215e59b445e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jul 2024 09:39:38 +0000 Subject: [PATCH 094/379] home: vim: git: fix deprecated functions --- modules/home/vim/plugin/settings/git.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 404abfc..0e3bc5e 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -54,8 +54,8 @@ local keys = { s = { gitsigns.stage_hunk, "Stage hunk" }, S = { gitsigns.stage_buffer, "Stage buffer" }, u = { gitsigns.undo_stage_hunk, "Undo stage hunk" }, - ["["] = { gitsigns.prev_hunk, "Previous hunk" }, - ["]"] = { gitsigns.next_hunk, "Next hunk" }, + ["["] = { utils.partial(gitsigns.nav_hunk, "prev"), "Previous hunk" }, + ["]"] = { utils.partial(gitsigns.nav_hunk, "next"), "Next hunk" }, }, } From b5216a6a50de84bed2de995e623e82f91bce35a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jul 2024 20:28:04 +0200 Subject: [PATCH 095/379] pkgs: unbound-zones-adblock: fix version --- pkgs/unbound-zones-adblock/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 642ac41..2a6d4b7 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,7 +1,7 @@ { lib, gawk, stdenvNoCC, stevenblack-blocklist }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = stevenblack-blocklist.rev; + inherit (stevenblack-blocklist) version; src = stevenblack-blocklist; From d04de7d21307a24e2bdefd98bca02194e1931f96 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 22:41:42 +0100 Subject: [PATCH 096/379] flake: bump inputs And fix renamed packages. --- flake.lock | 36 ++++++++++++++++++------------------ modules/home/gtk/default.nix | 4 ++-- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 83ccfd7..6b84846 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1718371084, - "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", + "lastModified": 1720546205, + "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "owner": "ryantm", "repo": "agenix", - "rev": "3a56735779db467538fb2e577eda28a9daacaca6", + "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1719438532, - "narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=", + "lastModified": 1721852138, + "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=", "owner": "nix-community", "repo": "home-manager", - "rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9", + "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1721743106, + "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1719564461, - "narHash": "sha256-wCFs1sf1tPoV3nCG5N5KaakAKm88FyzN6pRdOsOqNZg=", + "lastModified": 1721930286, + "narHash": "sha256-IUr/laHRe52MkPlOSflG1GThgQo+ECmAP7O51RxLduI=", "owner": "nix-community", "repo": "NUR", - "rev": "7369862c4a8f293f6fde79044369dad7dfc04798", + "rev": "3ea857d2abb7f3825976cefc50894d35ca55f8c4", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1719259945, - "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { diff --git a/modules/home/gtk/default.nix b/modules/home/gtk/default.nix index 62d3f81..f10087d 100644 --- a/modules/home/gtk/default.nix +++ b/modules/home/gtk/default.nix @@ -21,12 +21,12 @@ in }; iconTheme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; theme = { - package = pkgs.gnome.gnome-themes-extra; + package = pkgs.gnome-themes-extra; name = "Adwaita"; }; }; From 4de788695034d7b5f4847fb23dad1a9431e51593 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 22:57:28 +0100 Subject: [PATCH 097/379] nixos: system: packages: fix deprecated config --- modules/nixos/system/packages/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index 5c29aa0..ebea06f 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -14,12 +14,14 @@ in config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs; [ - vim wget ]; programs = { - vim.defaultEditor = true; # Modal editing is life + vim = { + enable = true; + defaultEditor = true; # Modal editing is life + }; zsh = { enable = true; # Use integrations From 58760280be64aa68500573111564ee7cf37dae6c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Jul 2024 22:43:19 +0100 Subject: [PATCH 098/379] home: vim: update for 'which-key' v3 It complains quite loudly about the legacy mapping syntax. --- .../home/vim/after/plugin/mappings/misc.lua | 4 +- .../vim/after/plugin/mappings/unimpaired.lua | 238 +++++++++--------- modules/home/vim/lua/ambroisie/lsp.lua | 45 ++-- modules/home/vim/plugin/settings/git.lua | 67 +++-- modules/home/vim/plugin/settings/oil.lua | 4 +- .../home/vim/plugin/settings/telescope.lua | 16 +- .../home/vim/plugin/settings/which-key.lua | 27 +- 7 files changed, 208 insertions(+), 193 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua index 6aa25a2..12dbffc 100644 --- a/modules/home/vim/after/plugin/mappings/misc.lua +++ b/modules/home/vim/after/plugin/mappings/misc.lua @@ -1,7 +1,7 @@ local wk = require("which-key") local keys = { - [""] = { "nohls", "Clear search highlight" }, + { "", "nohls", desc = "Clear search highlight" }, } -wk.register(keys, { prefix = "" }) +wk.add(keys) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index e171d8f..a0336d1 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -3,126 +3,124 @@ local wk = require("which-key") local lsp = require("ambroisie.lsp") local keys = { - -- Edition and navigation mappins - ["["] = { - name = "Previous", - [""] = "Insert blank line above", - [""] = "Previous location list file", - [""] = "Previous quickfix list file", - [""] = "Previous tag in preview window", - a = "Previous argument", - A = "First argument", - b = "Previous buffer", - B = "First buffer", - e = "Exchange previous line", - f = "Previous file in directory", - l = "Previous location list entry", - L = "First Location list entry", - n = "Previous conflict marker/diff hunk", - p = "Paste line above", - P = "Paste line above", - q = "Previous quickfix list entry", - Q = "First quickfix list entry", - t = "Previous matching tag", - T = "First matching tag", - z = "Previous fold", - -- Encoding - C = "C string encode", - u = "URL encode", - x = "XML encode", - y = "C string encode", - -- Custom - d = { lsp.goto_prev_diagnostic, "Previous diagnostic" }, - }, - ["]"] = { - name = "Next", - [""] = "Insert blank line below", - [""] = "Next location list file", - [""] = "Next quickfix list file", - [""] = "Next tag in preview window", - a = "Next argument", - A = "Last argument", - b = "Next buffer", - B = "Last buffer", - e = "Exchange next line", - f = "Next file in directory", - l = "Next location list entry", - L = "Last Location list entry", - n = "Next conflict marker/diff hunk", - p = "Paste line below", - P = "Paste line below", - q = "Next quickfix list entry", - Q = "Last quickfix list entry", - t = "Next matching tag", - T = "Last matching tag", - z = "Next fold", - -- Decoding - C = "C string decode", - u = "URL decode", - x = "XML decode", - y = "C string decode", - -- Custom - d = { lsp.goto_next_diagnostic, "Next diagnostic" }, - }, + -- Previous + { "[", group = "Previous" }, + -- Edition and navigation mappings + { "[", desc = "Insert blank line above" }, + { "[", desc = "Previous location list file" }, + { "[", desc = "Previous quickfix list file" }, + { "[", desc = "Previous tag in preview window" }, + { "[a", desc = "Previous argument" }, + { "[A", desc = "First argument" }, + { "[b", desc = "Previous buffer" }, + { "[B", desc = "First buffer" }, + { "[e", desc = "Exchange previous line" }, + { "[f", desc = "Previous file in directory" }, + { "[l", desc = "Previous location list entry" }, + { "[L", desc = "First Location list entry" }, + { "[n", desc = "Previous conflict marker/diff hunk" }, + { "[p", desc = "Paste line above" }, + { "[P", desc = "Paste line above" }, + { "[q", desc = "Previous quickfix list entry" }, + { "[Q", desc = "First quickfix list entry" }, + { "[t", desc = "Previous matching tag" }, + { "[T", desc = "First matching tag" }, + { "[z", desc = "Previous fold" }, + -- Encoding + { "[C", desc = "C string encode" }, + { "[u", desc = "URL encode" }, + { "[x", desc = "XML encode" }, + { "[y", desc = "C string encode" }, + -- Custom + { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" }, - -- Option mappings - ["[o"] = { - name = "Enable option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatEnable", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - r = "Relative line numbers", - p = { "lwindow", "Location list" }, - q = { "cwindow", "Quickfix list" }, - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, - ["]o"] = { - name = "Disable option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatDisable", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - p = { "lclose", "Location list" }, - q = { "cclose", "Quickfix list" }, - r = "Relative line numbers", - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, - ["yo"] = { - name = "Toggle option", - b = "Light background", - c = "Cursor line", - d = "Diff", - f = { "FormatToggle", "LSP Formatting" }, - h = "Search high-lighting", - i = "Case insensitive search", - l = "List mode", - n = "Line numbers", - p = { "(qf_loc_toggle)", "Location list" }, - q = { "(qf_qf_toggle)", "Quickfix list" }, - r = "Relative line numbers", - u = "Cursor column", - v = "Virtual editing", - w = "Text wrapping", - x = "Cursor line and column", - z = "Spell checking", - }, + -- Next + { "]", group = "Next" }, + -- Edition and navigation mappings + { "]", desc = "Insert blank line below" }, + { "]", desc = "Next location list file" }, + { "]", desc = "Next quickfix list file" }, + { "]", desc = "Next tag in preview window" }, + { "]a", desc = "Next argument" }, + { "]A", desc = "Last argument" }, + { "]b", desc = "Next buffer" }, + { "]B", desc = "Last buffer" }, + { "]e", desc = "Exchange next line" }, + { "]f", desc = "Next file in directory" }, + { "]l", desc = "Next location list entry" }, + { "]L", desc = "Last Location list entry" }, + { "]n", desc = "Next conflict marker/diff hunk" }, + { "]p", desc = "Paste line below" }, + { "]P", desc = "Paste line below" }, + { "]q", desc = "Next quickfix list entry" }, + { "]Q", desc = "Last quickfix list entry" }, + { "]t", desc = "Next matching tag" }, + { "]T", desc = "Last matching tag" }, + { "]z", desc = "Next fold" }, + -- Decoding + { "]C", desc = "C string decode" }, + { "]u", desc = "URL decode" }, + { "]x", desc = "XML decode" }, + { "]y", desc = "C string decode" }, + -- Custom + { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, + + -- Enable option + { "[o", desc = "Enable option" }, + { "[ob", desc = "Light background" }, + { "[oc", desc = "Cursor line" }, + { "[od", desc = "Diff" }, + { "[of", "FormatEnable", desc = "LSP Formatting" }, + { "[oh", desc = "Search high-lighting" }, + { "[oi", desc = "Case insensitive search" }, + { "[ol", desc = "List mode" }, + { "[on", desc = "Line numbers" }, + { "[or", desc = "Relative line numbers" }, + { "[op", "lwindow", desc = "Location list" }, + { "[oq", "cwindow", desc = "Quickfix list" }, + { "[ou", desc = "Cursor column" }, + { "[ov", desc = "Virtual editing" }, + { "[ow", desc = "Text wrapping" }, + { "[ox", desc = "Cursor line and column" }, + { "[oz", desc = "Spell checking" }, + + -- Disable option + { "]o", desc = "Disable option" }, + { "]ob", desc = "Light background" }, + { "]oc", desc = "Cursor line" }, + { "]od", desc = "Diff" }, + { "]of", "FormatDisable", desc = "LSP Formatting" }, + { "]oh", desc = "Search high-lighting" }, + { "]oi", desc = "Case insensitive search" }, + { "]ol", desc = "List mode" }, + { "]on", desc = "Line numbers" }, + { "]op", "lclose", desc = "Location list" }, + { "]oq", "cclose", desc = "Quickfix list" }, + { "]or", desc = "Relative line numbers" }, + { "]ou", desc = "Cursor column" }, + { "]ov", desc = "Virtual editing" }, + { "]ow", desc = "Text wrapping" }, + { "]ox", desc = "Cursor line and column" }, + { "]oz", desc = "Spell checking" }, + + -- Toggle option + { "yo", group = "Toggle option" }, + { "yob", desc = "Light background" }, + { "yoc", desc = "Cursor line" }, + { "yod", desc = "Diff" }, + { "yof", "FormatToggle", desc = "LSP Formatting" }, + { "yoh", desc = "Search high-lighting" }, + { "yoi", desc = "Case insensitive search" }, + { "yol", desc = "List mode" }, + { "yon", desc = "Line numbers" }, + { "yop", "(qf_loc_toggle)", desc = "Location list" }, + { "yoq", "(qf_qf_toggle)", desc = "Quickfix list" }, + { "yor", desc = "Relative line numbers" }, + { "you", desc = "Cursor column" }, + { "yov", desc = "Virtual editing" }, + { "yow", desc = "Text wrapping" }, + { "yox", desc = "Cursor line and column" }, + { "yoz", desc = "Spell checking" }, } -wk.register(keys) +wk.add(keys) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index dc47366..1912623 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -87,31 +87,30 @@ M.on_attach = function(client, bufnr) end local keys = { - K = { vim.lsp.buf.hover, "Show symbol information" }, - [""] = { vim.lsp.buf.signature_help, "Show signature information" }, - ["gd"] = { vim.lsp.buf.definition, "Go to definition" }, - ["gD"] = { vim.lsp.buf.declaration, "Go to declaration" }, - ["gi"] = { vim.lsp.buf.implementation, "Go to implementation" }, - ["gr"] = { vim.lsp.buf.references, "List all references" }, - - ["c"] = { - name = "Code", - a = { vim.lsp.buf.code_action, "Code actions" }, - d = { cycle_diagnostics_display, "Cycle diagnostics display" }, - D = { show_buffer_diagnostics, "Show buffer diagnostics" }, - r = { vim.lsp.buf.rename, "Rename symbol" }, - s = { vim.lsp.buf.signature_help, "Show signature" }, - t = { vim.lsp.buf.type_definition, "Go to type definition" }, - w = { - name = "Workspace", - a = { vim.lsp.buf.add_workspace_folder, "Add folder to workspace" }, - l = { list_workspace_folders, "List folders in workspace" }, - r = { vim.lsp.buf.remove_workspace_folder, "Remove folder from workspace" }, - }, - }, + buffer = bufnr, + -- LSP navigation + { "K", vim.lsp.buf.hover, desc = "Show symbol information" }, + { "", vim.lsp.buf.signature_help, desc = "Show signature information" }, + { "gd", vim.lsp.buf.definition, desc = "Go to definition" }, + { "gD", vim.lsp.buf.declaration, desc = "Go to declaration" }, + { "gi", vim.lsp.buf.implementation, desc = "Go to implementation" }, + { "gr", vim.lsp.buf.references, desc = "List all references" }, + -- Code + { "c", group = "Code" }, + { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, + { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, + { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, + { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, + { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, + { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, + -- Workspace + { "cw", group = "Workspace" }, + { "cwa", vim.lsp.buf.add_workspace_folder, desc = "Add folder to workspace" }, + { "cwl", list_workspace_folders, desc = "List folders in workspace" }, + { "cwr", vim.lsp.buf.remove_workspace_folder, desc = "Remove folder from workspace" }, } - wk.register(keys, { buffer = bufnr }) + wk.add(keys) end return M diff --git a/modules/home/vim/plugin/settings/git.lua b/modules/home/vim/plugin/settings/git.lua index 0e3bc5e..b9b92a6 100644 --- a/modules/home/vim/plugin/settings/git.lua +++ b/modules/home/vim/plugin/settings/git.lua @@ -34,47 +34,42 @@ gitsigns.setup({ local keys = { -- Navigation - ["[c"] = { utils.partial(nav_hunk, "prev"), "Previous hunk/diff" }, - ["]c"] = { utils.partial(nav_hunk, "next"), "Next hunk/diff" }, - + { "[c", utils.partial(nav_hunk, "prev"), desc = "Previous hunk/diff" }, + { "]c", utils.partial(nav_hunk, "next"), desc = "Next hunk/diff" }, -- Commands - ["g"] = { - name = "Git", - -- Actions - b = { gitsigns.toggle_current_line_blame, "Toggle blame virtual text" }, - d = { gitsigns.diffthis, "Diff buffer" }, - D = { utils.partial(gitsigns.diffthis, "~"), "Diff buffer against last commit" }, - g = { "Git", "Git status" }, - h = { gitsigns.toggle_deleted, "Show deleted hunks" }, - L = { ":spT:Gllog --follow -- %:p", "Current buffer log" }, - m = { "(git-messenger)", "Current line blame" }, - p = { gitsigns.preview_hunk, "Preview hunk" }, - r = { gitsigns.reset_hunk, "Restore hunk" }, - R = { gitsigns.reset_buffer, "Restore buffer" }, - s = { gitsigns.stage_hunk, "Stage hunk" }, - S = { gitsigns.stage_buffer, "Stage buffer" }, - u = { gitsigns.undo_stage_hunk, "Undo stage hunk" }, - ["["] = { utils.partial(gitsigns.nav_hunk, "prev"), "Previous hunk" }, - ["]"] = { utils.partial(gitsigns.nav_hunk, "next"), "Next hunk" }, - }, + { "g", group = "Git" }, + { "gb", gitsigns.toggle_current_line_blame, desc = "Toggle blame virtual text" }, + { "gd", gitsigns.diffthis, desc = "Diff buffer" }, + { "gD", utils.partial(gitsigns.diffthis, "~"), desc = "Diff buffer against last commit" }, + { "gg", "Git", desc = "Git status" }, + { "gh", gitsigns.toggle_deleted, desc = "Show deleted hunks" }, + { "gL", ":spT:Gllog --follow -- %:p", desc = "Current buffer log" }, + { "gm", "(git-messenger)", desc = "Current line blame" }, + { "gp", gitsigns.preview_hunk, desc = "Preview hunk" }, + { "gr", gitsigns.reset_hunk, desc = "Restore hunk" }, + { "gR", gitsigns.reset_buffer, desc = "Restore buffer" }, + { "gs", gitsigns.stage_hunk, desc = "Stage hunk" }, + { "gS", gitsigns.stage_buffer, desc = "Stage buffer" }, + { "gu", gitsigns.undo_stage_hunk, desc = "Undo stage hunk" }, + { "g[", utils.partial(gitsigns.nav_hunk, "prev"), desc = "Previous hunk" }, + { "g]", utils.partial(gitsigns.nav_hunk, "next"), desc = "Next hunk" }, } local objects = { - ["ih"] = { gitsigns.select_hunk, "Git hunk" }, + mode = "o", + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, } - +-- Visual local visual = { - ["ih"] = { gitsigns.select_hunk, "Git hunk" }, - - ["g"] = { - name = "Git", - p = { gitsigns.preview_hunk, "Preview selection" }, - r = { make_visual(gitsigns.reset_hunk), "Restore selection" }, - s = { make_visual(gitsigns.stage_hunk), "Stage selection" }, - u = { gitsigns.undo_stage_hunk, "Undo stage selection" }, - }, + mode = { "x" }, + { "ih", gitsigns.select_hunk, desc = "Git hunk" }, + { "g", group = "Git" }, + { "gp", gitsigns.preview_hunk, desc = "Preview selection" }, + { "gr", make_visual(gitsigns.reset_hunk), desc = "Restore selection" }, + { "gs", make_visual(gitsigns.stage_hunk), desc = "Stage selection" }, + { "gu", gitsigns.undo_stage_hunk, desc = "Undo stage selection" }, } -wk.register(keys, { buffer = bufnr }) -wk.register(objects, { buffer = bufnr, mode = "o" }) -wk.register(visual, { buffer = bufnr, mode = "x" }) +wk.add(keys) +wk.add(objects) +wk.add(visual) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index e4a6716..a160725 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -28,7 +28,7 @@ oil.setup({ }) local keys = { - ["-"] = { oil.open, "Open parent directory" }, + { "-", oil.open, desc = "Open parent directory" }, } -wk.register(keys) +wk.add(keys) diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 64cc298..1a23928 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -26,14 +26,12 @@ telescope.load_extension("fzf") telescope.load_extension("lsp_handlers") local keys = { - f = { - name = "Fuzzy finder", - b = { telescope_builtin.buffers, "Open buffers" }, - f = { telescope_builtin.git_files, "Git tracked files" }, - F = { telescope_builtin.find_files, "Files" }, - g = { telescope_builtin.live_grep, "Grep string" }, - G = { telescope_builtin.grep_string, "Grep string under cursor" }, - }, + { "f", group = "Fuzzy finder" }, + { "fb", telescope_builtin.buffers, desc = "Open buffers" }, + { "ff", telescope_builtin.git_files, desc = "Git tracked files" }, + { "fF", telescope_builtin.find_files, desc = "Files" }, + { "fg", telescope_builtin.live_grep, desc = "Grep string" }, + { "fG", telescope_builtin.grep_string, desc = "Grep string under cursor" }, } -wk.register(keys, { prefix = "" }) +wk.add(keys) diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 2edfd70..81f398f 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -1,2 +1,27 @@ local wk = require("which-key") -wk.setup() +wk.setup({ + icons = { + -- I don't like icons + mappings = false, + breadcrumb = "»", + separator = "âžœ", + group = "+", + ellipsis = "…", + keys = { + Up = "ï¢ ", + Down = "ï£ ", + Left = "ï  ", + Right = "ï¡ ", + C = "", + M = "", + D = "", + S = "", + CR = "", + Esc = " ", + NL = "", + BS = "", + Space = "", + Tab = " ", + }, + }, +}) From 6b7510cfd943763ca09b91ea83bc2510bf0f6c86 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jul 2024 20:17:50 +0100 Subject: [PATCH 099/379] home: vim: show directories in blue Blue is much more readable when the night filter kicks in. --- modules/home/vim/init.vim | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 0186614..93eb133 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -100,6 +100,8 @@ gruvbox.setup({ DiffChange = { fg = colors.aqua, bg = "NONE" }, DiffDelete = { fg = colors.red, bg = "NONE" }, DiffText = { fg = colors.yellow, bg = colors.bg0 }, + -- Directories "pop" better in blue + Directory = { link = "GruvboxBlueBold" }, } }) EOF From ace266b02c3a45ce717ca457d9f79b49513e71cf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jul 2024 10:06:02 +0000 Subject: [PATCH 100/379] overlays: add 'none-ls-root-bug' Will be removed when the plug-in gets its next bump. --- overlays/none-ls-root-bug/default.nix | 4 ++++ overlays/none-ls-root-bug/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/none-ls-root-bug/default.nix create mode 100644 overlays/none-ls-root-bug/generated.nix diff --git a/overlays/none-ls-root-bug/default.nix b/overlays/none-ls-root-bug/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/none-ls-root-bug/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/none-ls-root-bug/generated.nix b/overlays/none-ls-root-bug/generated.nix new file mode 100644 index 0000000..16d3b25 --- /dev/null +++ b/overlays/none-ls-root-bug/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + none-ls-nvim = prev.none-ls-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/nvimtools/none-ls.nvim/pull/163 + (fetchpatch { + name = "fix-get-root-directory.patch"; + url = "https://github.com/nvimtools/none-ls.nvim/commit/2cde745aadc2c36f6860a77a556494870675771a.patch"; + hash = "sha256-BtIjrT6ME2mR/5Ez9h+6r+fy0jYkBkw6/A9NConKRVs="; + }) + ]; + }); +} From 0d820cc2f41074564984ea0a2ba72c63bc08ef70 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jul 2024 11:52:17 +0000 Subject: [PATCH 101/379] home: vim: move 'nohls' to 'which-key' --- modules/home/vim/after/plugin/mappings/misc.lua | 7 ------- modules/home/vim/plugin/settings/which-key.lua | 6 ++++++ 2 files changed, 6 insertions(+), 7 deletions(-) delete mode 100644 modules/home/vim/after/plugin/mappings/misc.lua diff --git a/modules/home/vim/after/plugin/mappings/misc.lua b/modules/home/vim/after/plugin/mappings/misc.lua deleted file mode 100644 index 12dbffc..0000000 --- a/modules/home/vim/after/plugin/mappings/misc.lua +++ /dev/null @@ -1,7 +0,0 @@ -local wk = require("which-key") - -local keys = { - { "", "nohls", desc = "Clear search highlight" }, -} - -wk.add(keys) diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 81f398f..76a2117 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -25,3 +25,9 @@ wk.setup({ }, }, }) + +local keys = { + { "", "nohls", desc = "Clear search highlight" }, +} + +wk.add(keys) From 9ed2dcefdeef07a3359985c2859b5ec1c02a8386 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jul 2024 11:54:11 +0000 Subject: [PATCH 102/379] home: vim: which-key: use lua callbacks --- modules/home/vim/plugin/settings/which-key.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/settings/which-key.lua b/modules/home/vim/plugin/settings/which-key.lua index 76a2117..3dc260a 100644 --- a/modules/home/vim/plugin/settings/which-key.lua +++ b/modules/home/vim/plugin/settings/which-key.lua @@ -27,7 +27,7 @@ wk.setup({ }) local keys = { - { "", "nohls", desc = "Clear search highlight" }, + { "", vim.cmd.nohlsearch, desc = "Clear search highlight" }, } wk.add(keys) From 1e2872c5c7ce6c07abdd4850bd100706606993f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 27 Jul 2024 15:09:52 +0100 Subject: [PATCH 103/379] home: vim: fix '+'/'-' highlighting in diffs I'm not a big fan of the new highlighting [1]. [1]: https://github.com/nvim-treesitter/nvim-treesitter/pull/6619 --- modules/home/vim/after/queries/diff/highlights.scm | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 modules/home/vim/after/queries/diff/highlights.scm diff --git a/modules/home/vim/after/queries/diff/highlights.scm b/modules/home/vim/after/queries/diff/highlights.scm new file mode 100644 index 0000000..c998725 --- /dev/null +++ b/modules/home/vim/after/queries/diff/highlights.scm @@ -0,0 +1,5 @@ +; extends + +; I want to the line added/removed markers to be the correct color +"+" @diff.plus +"-" @diff.minus From 93dfe0411493683dab491f632f3f27286bf59a19 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 4 Aug 2024 11:37:33 +0100 Subject: [PATCH 104/379] hosts: nixos: aramis: home: use 'pinentry-rofi' --- hosts/nixos/aramis/home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 64b63ce..abf472a 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = pkgs.pinentry-gtk2; + bitwarden.pinentry = pkgs.pinentry-rofi; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = pkgs.pinentry-gtk2; + gpg.pinentry = pkgs.pinentry-rofi; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client From f240730c4f6fd32738b944b5ef836768da10adf2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 Aug 2024 14:15:12 +0000 Subject: [PATCH 105/379] flake: bump inputs And remove the overlay for `none-ls`, which has been fixed. This reverts commit ace266b02c3a45ce717ca457d9f79b49513e71cf. --- flake.lock | 36 ++++++++++++------------- overlays/none-ls-root-bug/default.nix | 4 --- overlays/none-ls-root-bug/generated.nix | 14 ---------- 3 files changed, 18 insertions(+), 36 deletions(-) delete mode 100644 overlays/none-ls-root-bug/default.nix delete mode 100644 overlays/none-ls-root-bug/generated.nix diff --git a/flake.lock b/flake.lock index 6b84846..751e70c 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1720546205, - "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", + "lastModified": 1722339003, + "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", "owner": "ryantm", "repo": "agenix", - "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", + "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1721852138, - "narHash": "sha256-JH8N5uoqoVA6erV4O40VtKKHsnfmhvMGbxMNDLtim5o=", + "lastModified": 1723015306, + "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", "owner": "nix-community", "repo": "home-manager", - "rev": "304a011325b7ac7b8c9950333cd215a7aa146b0e", + "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721743106, - "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc14ed91132ee3a26255d01d8fd0c1f5bff27b2f", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1721930286, - "narHash": "sha256-IUr/laHRe52MkPlOSflG1GThgQo+ECmAP7O51RxLduI=", + "lastModified": 1723036652, + "narHash": "sha256-YIKo7vD/wkItzqIzg7u9bxYPhPwKhJbRbFcENuT0p68=", "owner": "nix-community", "repo": "NUR", - "rev": "3ea857d2abb7f3825976cefc50894d35ca55f8c4", + "rev": "2ee33d83d919b2375ebeeee175fab2af02dff92f", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1721042469, - "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "lastModified": 1722857853, + "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", "type": "github" }, "original": { diff --git a/overlays/none-ls-root-bug/default.nix b/overlays/none-ls-root-bug/default.nix deleted file mode 100644 index 832e71d..0000000 --- a/overlays/none-ls-root-bug/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/none-ls-root-bug/generated.nix b/overlays/none-ls-root-bug/generated.nix deleted file mode 100644 index 16d3b25..0000000 --- a/overlays/none-ls-root-bug/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - none-ls-nvim = prev.none-ls-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/nvimtools/none-ls.nvim/pull/163 - (fetchpatch { - name = "fix-get-root-directory.patch"; - url = "https://github.com/nvimtools/none-ls.nvim/commit/2cde745aadc2c36f6860a77a556494870675771a.patch"; - hash = "sha256-BtIjrT6ME2mR/5Ez9h+6r+fy0jYkBkw6/A9NConKRVs="; - }) - ]; - }); -} From 8ed69de4be87e5f558216df84d6563a5d3727778 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 10 Aug 2024 12:09:02 +0100 Subject: [PATCH 106/379] hosts: nixos: aramis: home: remove 'pinentry-rofi' I'm not sure why, but it's messing with my `gpg-agent`... But I didn't get any issues with `rbw`. I'll try and figure out why. This reverts commit 93dfe0411493683dab491f632f3f27286bf59a19. --- hosts/nixos/aramis/home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index abf472a..64b63ce 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = pkgs.pinentry-rofi; + bitwarden.pinentry = pkgs.pinentry-gtk2; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = pkgs.pinentry-rofi; + gpg.pinentry = pkgs.pinentry-gtk2; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client From 483c5d23e0b6fe8b9379c4245a79876d1a1fc585 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 14 Aug 2024 12:50:20 +0000 Subject: [PATCH 107/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 751e70c..9c8bb14 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1722339003, - "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1723015306, - "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", + "lastModified": 1723399884, + "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", "owner": "nix-community", "repo": "home-manager", - "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", + "rev": "086f619dd991a4d355c07837448244029fc2d9ab", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1723362943, + "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "a58bc8ad779655e790115244571758e8de055e3d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1723036652, - "narHash": "sha256-YIKo7vD/wkItzqIzg7u9bxYPhPwKhJbRbFcENuT0p68=", + "lastModified": 1723632306, + "narHash": "sha256-WzILwMkbQ4S1ks1g5AzeHNTIWj5AcJ6PwQDUnHNWmM8=", "owner": "nix-community", "repo": "NUR", - "rev": "2ee33d83d919b2375ebeeee175fab2af02dff92f", + "rev": "dc6d7986f1d0a0d03f1a270e22352181f074e70a", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1722857853, - "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", + "lastModified": 1723202784, + "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", + "rev": "c7012d0c18567c889b948781bc74a501e92275d1", "type": "github" }, "original": { From e94bdef69050914da09e280d97b8022254adc600 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 28 Jul 2024 11:53:10 +0200 Subject: [PATCH 108/379] hosts: nixos: porthos: secrets: fix SSO owner --- hosts/nixos/porthos/secrets/secrets.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index c43376b..a9b9c51 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -81,9 +81,18 @@ in "pyload/credentials.age".publicKeys = all; - "sso/auth-key.age".publicKeys = all; - "sso/ambroisie/password-hash.age".publicKeys = all; - "sso/ambroisie/totp-secret.age".publicKeys = all; + "sso/auth-key.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; + "sso/ambroisie/password-hash.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; + "sso/ambroisie/totp-secret.age" = { + owner = "nginx-sso"; + publicKeys = all; + }; "tandoor-recipes/secret-key.age".publicKeys = all; From 44c11fc431b4b349dfa350f6cf9b3a1f83fd3a0d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 109/379] pkgs: lohr: 0.4.5 -> 0.4.6 --- pkgs/lohr/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index ddeac7a..b89ccff 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -1,16 +1,16 @@ { lib, fetchFromGitHub, rustPlatform }: rustPlatform.buildRustPackage rec { pname = "lohr"; - version = "0.4.5"; + version = "0.4.6"; src = fetchFromGitHub { owner = "alarsyo"; repo = "lohr"; rev = "v${version}"; - hash = "sha256-p6E/r+OxFTpxDpOKSlacOxvRLfHSKg1mHNAfTytfqDY="; + hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; + cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo="; meta = with lib; { description = "Git mirroring daemon"; From 10727f9eea517935c8b968540d7a9ff0cf6c4b4f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 26 Aug 2024 22:40:46 +0200 Subject: [PATCH 110/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9c8bb14..ee428c0 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1723399884, - "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "086f619dd991a4d355c07837448244029fc2d9ab", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723362943, - "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", + "lastModified": 1724479785, + "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a58bc8ad779655e790115244571758e8de055e3d", + "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1723632306, - "narHash": "sha256-WzILwMkbQ4S1ks1g5AzeHNTIWj5AcJ6PwQDUnHNWmM8=", + "lastModified": 1724704503, + "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=", "owner": "nix-community", "repo": "NUR", - "rev": "dc6d7986f1d0a0d03f1a270e22352181f074e70a", + "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1723202784, - "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=", + "lastModified": 1724440431, + "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "c7012d0c18567c889b948781bc74a501e92275d1", + "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", "type": "github" }, "original": { From 445cb43cb42270065d312ded3d69160e2603833c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 10:34:37 +0000 Subject: [PATCH 111/379] nixos: services: nix-cache: fix deprecated config --- modules/nixos/services/nix-cache/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index 1ce3161..f3a29aa 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -40,7 +40,7 @@ in inherit (cfg) priority; }; - signKeyPath = cfg.secretKeyFile; + signKeyPaths = [ cfg.secretKeyFile ]; }; my.services.nginx.virtualHosts = { From fb4047b2b303f2dbdf91a862ee4ab543594c21dd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 112/379] nixos: services: nginx: sso: align with upstream This aligns with the PR I opened on nixpkgs [1]. [1]: https://github.com/NixOS/nixpkgs/pull/325838 --- modules/nixos/services/nginx/sso/default.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix index 4a78282..d60e31b 100644 --- a/modules/nixos/services/nginx/sso/default.nix +++ b/modules/nixos/services/nginx/sso/default.nix @@ -59,15 +59,10 @@ in StateDirectory = "nginx-sso"; WorkingDirectory = "/var/lib/nginx-sso"; # The files to be merged might not have the correct permissions - ExecStartPre = ''+${pkgs.writeShellScript "merge-nginx-sso-config" '' + ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' rm -f '${confPath}' ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - - # Fix permissions - chown nginx-sso:nginx-sso ${confPath} - chmod 0600 ${confPath} - '' - }''; + ''; ExecStart = lib.mkForce '' ${lib.getExe pkg} \ --config ${confPath} \ From 52197a4f965dab7fe16bfc2fe6f301da8bc184a4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 113/379] nixos: services: pirate: add readarr --- modules/nixos/services/pirate/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index e500b54..822a8aa 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -10,6 +10,7 @@ let bazarr = 6767; lidarr = 8686; radarr = 7878; + readarr = 8787; sonarr = 8989; }; @@ -67,6 +68,10 @@ in enable = lib.my.mkDisableOption "Radarr"; }; + readarr = { + enable = lib.my.mkDisableOption "Readarr"; + }; + sonarr = { enable = lib.my.mkDisableOption "Sonarr"; }; @@ -85,6 +90,9 @@ in # Radarr for movies (mkFullConfig "radarr") (mkFail2Ban "radarr") + # Readarr for books + (mkFullConfig "readarr") + (mkFail2Ban "readarr") # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") From 6f00036b7963ac6674a40c5d2bc8fe8a25fe79cf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Sep 2024 12:07:33 +0200 Subject: [PATCH 114/379] overlays: add 'downgrade-transmission' The 4.0.6 release is buggy and widely blacklisted. --- overlays/downgrade-transmission/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 overlays/downgrade-transmission/default.nix diff --git a/overlays/downgrade-transmission/default.nix b/overlays/downgrade-transmission/default.nix new file mode 100644 index 0000000..9d3fc8a --- /dev/null +++ b/overlays/downgrade-transmission/default.nix @@ -0,0 +1,14 @@ +self: prev: +{ + transmission_4 = prev.transmission_4.overrideAttrs (_: { + version = "4.0.5"; + + src = self.fetchFromGitHub { + owner = "transmission"; + repo = "transmission"; + rev = "4.0.5"; + hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4="; + fetchSubmodules = true; + }; + }); +} From 0d2b9c969940e403a48af210dd856c2d086d360a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 5 Sep 2024 10:39:01 +0000 Subject: [PATCH 115/379] nixos: services: rename 'servarr' --- hosts/nixos/porthos/services.nix | 16 ++++++++-------- modules/nixos/services/default.nix | 2 +- .../services/{pirate => servarr}/default.nix | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) rename modules/nixos/services/{pirate => servarr}/default.nix (96%) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 23901f7..38e827b 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -127,14 +127,6 @@ in passwordFile = secrets."paperless/password".path; secretKeyFile = secrets."paperless/secret-key".path; }; - # The whole *arr software suite - pirate = { - enable = true; - # ... But not Lidarr because I don't care for music that much - lidarr = { - enable = false; - }; - }; # Podcast automatic downloader podgrab = { enable = true; @@ -152,6 +144,14 @@ in rss-bridge.enable = true; # Usenet client sabnzbd.enable = true; + # The whole *arr software suite + servarr = { + enable = true; + # ... But not Lidarr because I don't care for music that much + lidarr = { + enable = false; + }; + }; # Because I stilll need to play sysadmin ssh-server.enable = true; # Recipe manager diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 60b2478..e877c8f 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -26,7 +26,6 @@ ./nginx ./nix-cache ./paperless - ./pirate ./podgrab ./postgresql ./postgresql-backup @@ -34,6 +33,7 @@ ./quassel ./rss-bridge ./sabnzbd + ./servarr ./ssh-server ./tandoor-recipes ./tlp diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/servarr/default.nix similarity index 96% rename from modules/nixos/services/pirate/default.nix rename to modules/nixos/services/servarr/default.nix index 822a8aa..e25d9cf 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -4,7 +4,7 @@ # [1]: https://youtu.be/I26Ql-uX6AM { config, lib, ... }: let - cfg = config.my.services.pirate; + cfg = config.my.services.servarr; ports = { bazarr = 6767; @@ -53,7 +53,7 @@ let ]); in { - options.my.services.pirate = { + options.my.services.servarr = { enable = lib.mkEnableOption "Media automation"; bazarr = { From 9b7bab8e8306e8138b5559929f28f46ac4333768 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 5 Sep 2024 18:09:50 +0200 Subject: [PATCH 116/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ee428c0..0c1b965 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724479785, - "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1724704503, - "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=", + "lastModified": 1725551138, + "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=", "owner": "nix-community", "repo": "NUR", - "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448", + "rev": "06bc57134f691188397ebeffa9b88552cc8090d3", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1724440431, - "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { From a713913eefd3a201f971c456c648099d5ca1e3e1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 22 Aug 2024 23:44:40 +0200 Subject: [PATCH 117/379] nixos: services: add pdf-edit --- modules/nixos/services/default.nix | 1 + modules/nixos/services/pdf-edit/default.nix | 73 +++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 modules/nixos/services/pdf-edit/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index e877c8f..1211ee6 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -26,6 +26,7 @@ ./nginx ./nix-cache ./paperless + ./pdf-edit ./podgrab ./postgresql ./postgresql-backup diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix new file mode 100644 index 0000000..d59507b --- /dev/null +++ b/modules/nixos/services/pdf-edit/default.nix @@ -0,0 +1,73 @@ +{ config, lib, ... }: +let + cfg = config.my.services.pdf-edit; +in +{ + options.my.services.pdf-edit = with lib; { + enable = mkEnableOption "PDF edition service"; + + port = mkOption { + type = types.port; + default = 8089; + example = 8080; + description = "Internal port for webui"; + }; + + loginFile = mkOption { + type = types.str; + example = "/run/secrets/pdf-edit/login.env"; + description = '' + `SECURITY_INITIALLOGIN_USERNAME` and `SECURITY_INITIALLOGIN_PASSWORD` + defined in the format of 'EnvironmentFile' (see `systemd.exec(5)`). + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.stirling-pdf = lib.mkIf cfg.enable { + enable = true; + + environment = { + SERVER_PORT = cfg.port; + SECURITY_CSRFDISABLED = "false"; + + SYSTEM_SHOWUPDATE = "false"; # We don't care about update notifications + INSTALL_BOOK_AND_ADVANCED_HTML_OPS = "true"; # Installed by the module + + SECURITY_ENABLELOGIN = "true"; + SECURITY_LOGINATTEMPTCOUNT = "-1"; # Rely on fail2ban instead + }; + + environmentFiles = [ cfg.loginFile ]; + }; + + my.services.nginx.virtualHosts = { + pdf-edit = { + inherit (cfg) port; + + extraConfig = { + # Allow upload of PDF files up to 1G + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; + }; + }; + }; + + services.fail2ban.jails = { + stirling-pdf = '' + enabled = true + filter = stirling-pdf + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/stirling-pdf.conf".text = '' + [Definition] + failregex = ^.*Failed login attempt from IP: $ + journalmatch = _SYSTEMD_UNIT=stirling-pdf.service + ''; + }; + }; +} From 90dcf3a1641aa93a4ce14cc8a9c49ba3efec8108 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 22 Aug 2024 23:45:16 +0200 Subject: [PATCH 118/379] hosts: nixos: porthos: secrets: add pdf-edit --- hosts/nixos/porthos/secrets/pdf-edit/login.age | 8 ++++++++ hosts/nixos/porthos/secrets/secrets.nix | 2 ++ 2 files changed, 10 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/pdf-edit/login.age diff --git a/hosts/nixos/porthos/secrets/pdf-edit/login.age b/hosts/nixos/porthos/secrets/pdf-edit/login.age new file mode 100644 index 0000000..7f13f88 --- /dev/null +++ b/hosts/nixos/porthos/secrets/pdf-edit/login.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk +Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA +-> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4 +zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY +--- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc +ü4+ø2{‘hE7!Ò­GA`×_@Íß—´¡R_ý§6J„ñL4v,‚6%ô‡øó#^® Ù¹ åB­§OøF‚|’7ܽÉL]œÙjR¨ +BþóÛ¾éaòs]xSÎ pbÞo#¬J1QŸ=t}5Õ>Oï‘{+¼. M"7e»yý÷— \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index a9b9c51..a8a9819 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -77,6 +77,8 @@ in "paperless/password.age".publicKeys = all; "paperless/secret-key.age".publicKeys = all; + "pdf-edit/login.age".publicKeys = all; + "podgrab/password.age".publicKeys = all; "pyload/credentials.age".publicKeys = all; From f91286d13b9e111355f11d0e54da897444207471 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 6 Sep 2024 20:52:26 +0100 Subject: [PATCH 119/379] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0c1b965..88fda1a 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725628988, + "narHash": "sha256-Y6TBMTGu4bddUwszGjlcOuN0soVc1Gv43hp+1sT/GNI=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "127ccc3eb7e36fa75e8c3fbd8a343154f66cc1c6", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1725551138, - "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=", + "lastModified": 1725647621, + "narHash": "sha256-GzILohiffZJQYq0dTg6PW36S0N0jV4rhcUmNbKxP+p8=", "owner": "nix-community", "repo": "NUR", - "rev": "06bc57134f691188397ebeffa9b88552cc8090d3", + "rev": "fa9112b06f678299e8c85dade3654cf8c5d7e1b4", "type": "github" }, "original": { From fbd3b70d61bd733af033545d4cfe4809fbb068a3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 29 Aug 2024 10:10:26 +0000 Subject: [PATCH 120/379] home: use 'XDG_STATE_HOME' for history files It's specified as the place to put them, so let's make use of it I guess. --- modules/home/gdb/default.nix | 4 ++-- modules/home/pager/default.nix | 2 +- modules/home/wget/default.nix | 2 +- modules/home/xdg/default.nix | 9 ++++++--- modules/home/zsh/default.nix | 2 +- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/modules/home/gdb/default.nix b/modules/home/gdb/default.nix index efb49e2..1ffc6bd 100644 --- a/modules/home/gdb/default.nix +++ b/modules/home/gdb/default.nix @@ -23,11 +23,11 @@ in xdg = { configFile."gdb/gdbinit".source = ./gdbinit; - dataFile. "gdb/.keep".text = ""; + stateFile."gdb/.keep".text = ""; }; home.sessionVariables = { - GDBHISTFILE = "${config.xdg.dataHome}/gdb/gdb_history"; + GDBHISTFILE = "${config.xdg.stateHome}/gdb/gdb_history"; }; } diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index e304097..1119440 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -15,7 +15,7 @@ in # Clear the screen on start and exit LESS = "-R -+X -c"; # Better XDG compliance - LESSHISTFILE = "${config.xdg.dataHome}/less/history"; + LESSHISTFILE = "${config.xdg.stateHome}/less/history"; LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; diff --git a/modules/home/wget/default.nix b/modules/home/wget/default.nix index 32c13c0..1be5397 100644 --- a/modules/home/wget/default.nix +++ b/modules/home/wget/default.nix @@ -20,7 +20,7 @@ in }; xdg.configFile."wgetrc".text = '' - hsts-file = ${config.xdg.dataHome}/wget-hsts + hsts-file = ${config.xdg.stateHome}/wget-hsts ''; }; } diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index fb2668c..e180f27 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -34,6 +34,9 @@ in "gdb/.keep".text = ""; "tig/.keep".text = ""; }; + stateFile = { + "python/.keep".text = ""; + }; }; # I want a tidier home @@ -43,13 +46,13 @@ in CARGO_HOME = "${dataHome}/cargo"; DOCKER_CONFIG = "${configHome}/docker"; GRADLE_USER_HOME = "${dataHome}/gradle"; - HISTFILE = "${dataHome}/bash/history"; + HISTFILE = "${stateHome}/bash/history"; INPUTRC = "${configHome}/readline/inputrc"; - PSQL_HISTORY = "${dataHome}/psql_history"; + PSQL_HISTORY = "${stateHome}/psql_history"; PYTHONPYCACHEPREFIX = "${cacheHome}/python/"; PYTHONUSERBASE = "${dataHome}/python/"; PYTHON_HISTORY = "${stateHome}/python/history"; - REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; + REDISCLI_HISTFILE = "${stateHome}/redis/rediscli_history"; REPO_CONFIG_DIR = "${configHome}/repo"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index a277366..11b6cb2 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -68,7 +68,7 @@ in ignoreSpace = true; ignoreDups = true; share = false; - path = "${config.xdg.dataHome}/zsh/zsh_history"; + path = "${config.xdg.stateHome}/zsh/zsh_history"; }; plugins = [ From e67b055a7bde91d1ee9d601a2ce71e0965459490 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Sep 2024 15:27:51 +0000 Subject: [PATCH 121/379] home: vim: fix unimpaired mapping groups --- modules/home/vim/after/plugin/mappings/unimpaired.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index a0336d1..82aab05 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -66,7 +66,7 @@ local keys = { { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, -- Enable option - { "[o", desc = "Enable option" }, + { "[o", group = "Enable option" }, { "[ob", desc = "Light background" }, { "[oc", desc = "Cursor line" }, { "[od", desc = "Diff" }, @@ -85,7 +85,7 @@ local keys = { { "[oz", desc = "Spell checking" }, -- Disable option - { "]o", desc = "Disable option" }, + { "]o", group = "Disable option" }, { "]ob", desc = "Light background" }, { "]oc", desc = "Cursor line" }, { "]od", desc = "Diff" }, From 6529bea6bb1af7cc082cad514321bb694a297ed8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Sep 2024 10:28:32 +0000 Subject: [PATCH 122/379] home: nixpkgs: don't use 'escapeShellArg' I don't know what I was thinking exactly when I wrote this, but I clearly hadn't tested it. We can't use `escapeShellArg` as we need to expand the `$XDG_RUNTIME_DIR` variable used in those paths... This reverts commit 468eaa9ed47f3c5077a1e176d3a53e7dc3087fcc. --- modules/home/nixpkgs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/nixpkgs/default.nix b/modules/home/nixpkgs/default.nix index a4946db..720fc9b 100644 --- a/modules/home/nixpkgs/default.nix +++ b/modules/home/nixpkgs/default.nix @@ -13,8 +13,8 @@ in ]; home.sessionVariables = { - GITHUB_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; - GITHUB_API_TOKEN = ''$(cat ${lib.escapeShellArg config.age.secrets."github/token".path})''; + GITHUB_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; + GITHUB_API_TOKEN = ''$(cat "${config.age.secrets."github/token".path}")''; }; }; } From 4f73945e283a15a4cd03178d27bd957fd30a066e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 12 Sep 2024 12:07:22 +0000 Subject: [PATCH 123/379] home: direnv: silence 'layout_poetry' --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 15a273f..650115d 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -14,7 +14,7 @@ layout_poetry() { fi # create venv if it doesn't exist - poetry run true + poetry run -q -- true # shellcheck disable=2155 export VIRTUAL_ENV=$(poetry env info --path) From 8a6af0e5b73c4e1a87e8da95aa339526a909495f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 12 Sep 2024 12:08:50 +0000 Subject: [PATCH 124/379] home: direnv: only mention 'poetry init' `poetry new` creates a new directory, which isn't really what we're interested in here. --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 650115d..eae6d26 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -9,7 +9,7 @@ layout_poetry() { if [[ ! -f pyproject.toml ]]; then # shellcheck disable=2016 - log_error 'layout_poetry: no pyproject.toml found. Use `poetry new` or `poetry init` to create one first' + log_error 'layout_poetry: no pyproject.toml found. Use `poetry init` to create one first' return 1 fi From 8d344b5d5104aa550cf1e2388f5b9bf2573dec41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 12 Sep 2024 13:23:19 +0000 Subject: [PATCH 125/379] home: direnv: add 'layout_uv' I haven't really played with it yet, but from my small experiments this should be good enough for my (future) purposes. --- modules/home/direnv/lib/python.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index eae6d26..d1e67a2 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -23,3 +23,34 @@ layout_poetry() { watch_file pyproject.toml watch_file poetry.lock } + +layout_uv() { + if ! has uv; then + # shellcheck disable=2016 + log_error 'layout_uv: `uv` is not in PATH' + return 1 + fi + + if [[ ! -f pyproject.toml ]]; then + # shellcheck disable=2016 + log_error 'layout_uv: no pyproject.toml found. Use `uv init` to create one first' + return 1 + fi + + local default_venv="$PWD/.venv" + : "${VIRTUAL_ENV:=$default_venv}" + + # Use non-default venv path if required + if [ "$VIRTUAL_ENV" != "$default_venv" ]; then + export UV_PROJECT_ENVIRONMENT="$VIRTUAL_ENV" + fi + + # create venv if it doesn't exist + uv venv -q + + export VIRTUAL_ENV + export UV_ACTIVE=1 + PATH_add "$VIRTUAL_ENV/bin" + watch_file pyproject.toml + watch_file uv.lock +} From 4a38757db92d2b621812558c219479cc2872ce33 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 19 Sep 2024 11:58:55 +0000 Subject: [PATCH 126/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 88fda1a..393a824 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1725628988, - "narHash": "sha256-Y6TBMTGu4bddUwszGjlcOuN0soVc1Gv43hp+1sT/GNI=", + "lastModified": 1726611255, + "narHash": "sha256-/bxaYvIK6/d3zqpW26QFS0rqfd0cO4qreSNWvYLTl/w=", "owner": "nix-community", "repo": "home-manager", - "rev": "127ccc3eb7e36fa75e8c3fbd8a343154f66cc1c6", + "rev": "d2493de5cd1da06b6a4c3e97f4e7d5dd791df457", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1726463316, + "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1725647621, - "narHash": "sha256-GzILohiffZJQYq0dTg6PW36S0N0jV4rhcUmNbKxP+p8=", + "lastModified": 1726739127, + "narHash": "sha256-eI3C3B30nSiobx/Ld3n7ZL38Omn2zEIAwCgtgwCQaQc=", "owner": "nix-community", "repo": "NUR", - "rev": "fa9112b06f678299e8c85dade3654cf8c5d7e1b4", + "rev": "cb39c55630fd1660784dc5f60eb48adaeb9e950e", "type": "github" }, "original": { From c1eab0edeef61911777341fb8f4f4e7f19c51a21 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 20 Sep 2024 14:39:53 +0000 Subject: [PATCH 127/379] nixos: services: jellyfin: add fail2ban jail The upstream documentation adds quotes around the IP, but I don't see them in my logs. Let's split the difference by making them optional. --- modules/nixos/services/jellyfin/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index f5aaa99..e8910a5 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -41,5 +41,21 @@ in }; }; }; + + services.fail2ban.jails = { + jellyfin = '' + enabled = true + filter = jellyfin + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/jellyfin.conf".text = '' + [Definition] + failregex = ^.*Authentication request for .* has been denied \(IP: "?"?\)\. + journalmatch = _SYSTEMD_UNIT=jellyfin.service + ''; + }; }; } From 129d4b3a5a6e5ad1dbd80b3a04f3ff5bc32cf6e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 22 Aug 2024 23:46:25 +0200 Subject: [PATCH 128/379] hosts: nixos: porthos: services: enable pdf-edit --- hosts/nixos/porthos/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 38e827b..5792be3 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -127,6 +127,11 @@ in passwordFile = secrets."paperless/password".path; secretKeyFile = secrets."paperless/secret-key".path; }; + # Sometimes, editing PDFs is useful + pdf-edit = { + enable = true; + loginFile = secrets."pdf-edit/login".path; + }; # Podcast automatic downloader podgrab = { enable = true; From cedac6bbf46605fffd52859dc7d5ffdb55e78cec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 00:43:17 +0200 Subject: [PATCH 129/379] nixos: services: mealie: add fail2ban jail --- modules/nixos/services/mealie/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 96b9e14..664d5ba 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -71,5 +71,21 @@ in }; }; }; + + services.fail2ban.jails = { + mealie = '' + enabled = true + filter = mealie + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/mealie.conf".text = '' + [Definition] + failregex = ^.*ERROR.*Incorrect username or password from + journalmatch = _SYSTEMD_UNIT=mealie.service + ''; + }; }; } From f24cf2e16d7d25c387851a888e6615768d24b47d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 01:10:52 +0200 Subject: [PATCH 130/379] nixos: services: audiobookshelf: add fail2ban jail --- .../nixos/services/audiobookshelf/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix index 8c9719d..da9ec55 100644 --- a/modules/nixos/services/audiobookshelf/default.nix +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -35,5 +35,21 @@ in }; }; }; + + services.fail2ban.jails = { + audiobookshelf = '' + enabled = true + filter = audiobookshelf + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/audiobookshelf.conf".text = '' + [Definition] + failregex = ^.*ERROR: \[Auth\] Failed login attempt for username ".*" from ip + journalmatch = _SYSTEMD_UNIT=audiobookshelf.service + ''; + }; }; } From 96e1a54638c98d64a3a38fd193844d6d5c3e66da Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 01:26:06 +0200 Subject: [PATCH 131/379] nixos: services: nextcloud: add fail2ban jail --- modules/nixos/services/nextcloud/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index bb3169a..d173fc0 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -87,5 +87,25 @@ in "${config.services.nextcloud.home}/data/appdata_*/preview" ]; }; + + services.fail2ban.jails = { + nextcloud = '' + enabled = true + filter = nextcloud + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/nextcloud.conf".text = '' + [Definition] + _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) + datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: + journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service + ''; + }; }; } From a059828a587eb271d42656d8e315c083ff47b921 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 01:58:56 +0200 Subject: [PATCH 132/379] nixos: services: miniflux: add fail2ban jail --- modules/nixos/services/miniflux/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 5104c8b..400ae00 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -48,5 +48,21 @@ in inherit (cfg) port; }; }; + + services.fail2ban.jails = { + miniflux = '' + enabled = true + filter = miniflux + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/miniflux.conf".text = '' + [Definition] + failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip= + journalmatch = _SYSTEMD_UNIT=miniflux.service + ''; + }; }; } From 1aa3385e137f81cb05975829dedb90e89f1c0e6d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 02:12:48 +0200 Subject: [PATCH 133/379] nixos: services: navidrome: add fail2ban jail --- modules/nixos/services/navidrome/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 944a97a..c513b91 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -52,5 +52,21 @@ in inherit (cfg) port; }; }; + + services.fail2ban.jails = { + navidrome = '' + enabled = true + filter = navidrome + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/navidrome.conf".text = '' + [Definition] + failregex = ^.*msg="Unsuccessful login".*X-Real-Ip:\[\] + journalmatch = _SYSTEMD_UNIT=navidrome.service + ''; + }; }; } From 2b64a00dc98535f71859f66986b416d941aa0291 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 02:13:30 +0200 Subject: [PATCH 134/379] nixos: services: flood: add fail2ban note --- modules/nixos/services/flood/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index b95bac5..f3fe90b 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -27,5 +27,7 @@ in inherit (cfg) port; }; }; + + # NOTE: unfortunately flood does not log connection failures for fail2ban }; } From 1f40ac4a9f09743a13e234e493eb7e9345c6d03d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 22 Sep 2024 02:21:01 +0200 Subject: [PATCH 135/379] nixos: services: grocy: add fail2ban note --- modules/nixos/services/grocy/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/grocy/default.nix b/modules/nixos/services/grocy/default.nix index 87927d6..9045b03 100644 --- a/modules/nixos/services/grocy/default.nix +++ b/modules/nixos/services/grocy/default.nix @@ -36,5 +36,7 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + # NOTE: unfortunately grocy does not log connection failures for fail2ban }; } From 0f3c5d1d63b2fbe8a08382af1e28c571a2620b64 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Sep 2024 10:43:50 +0000 Subject: [PATCH 136/379] nixos: services: transmission: add fail2ban note --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index aeb88b7..ac8b24d 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -90,5 +90,7 @@ in allowedTCPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ]; }; + + # NOTE: unfortunately transmission does not log connection failures for fail2ban }; } From b6279108e090c620d5d9a7fdbb4ccb556212cfb0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Sep 2024 10:44:09 +0000 Subject: [PATCH 137/379] nixos: services: vikunja: add fail2ban note --- modules/nixos/services/vikunja/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 6e7700f..7838a79 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -99,5 +99,7 @@ in config.services.vikunja.settings.files.basepath ]; }; + + # NOTE: unfortunately vikunja does not log connection failures for fail2ban }; } From 3aab65d9eac7d06a987f8f92de792da400845210 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 24 Sep 2024 13:13:15 +0000 Subject: [PATCH 138/379] nixos: services: tandoor-recipes: add fail2ban note --- modules/nixos/services/tandoor-recipes/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 48ad7a8..3447bee 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -82,5 +82,7 @@ in }; }; }; + + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } From b0029448c6d5ddbfa46f2b7c4785ca82787e4fcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 25 Sep 2024 14:10:34 +0000 Subject: [PATCH 139/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 393a824..7112362 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1726611255, - "narHash": "sha256-/bxaYvIK6/d3zqpW26QFS0rqfd0cO4qreSNWvYLTl/w=", + "lastModified": 1727246346, + "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", "owner": "nix-community", "repo": "home-manager", - "rev": "d2493de5cd1da06b6a4c3e97f4e7d5dd791df457", + "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726463316, - "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1726739127, - "narHash": "sha256-eI3C3B30nSiobx/Ld3n7ZL38Omn2zEIAwCgtgwCQaQc=", + "lastModified": 1727272134, + "narHash": "sha256-q8xoi2eO23zhOmgBtJTj0QlcABoMeVB0CAWufTR3wyw=", "owner": "nix-community", "repo": "NUR", - "rev": "cb39c55630fd1660784dc5f60eb48adaeb9e950e", + "rev": "8dbbe7f3575d0ff0998f92f811fb8bf4e3f0d3b1", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", "type": "github" }, "original": { From 20db71996c678e75c999d733a713805691fa9991 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 25 Sep 2024 16:25:40 +0000 Subject: [PATCH 140/379] pkgs: add 'cgt-calc' --- pkgs/cgt-calc/default.nix | 47 +++++++++++++++++++++++++++++++++++++++ pkgs/default.nix | 2 ++ 2 files changed, 49 insertions(+) create mode 100644 pkgs/cgt-calc/default.nix diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix new file mode 100644 index 0000000..9966944 --- /dev/null +++ b/pkgs/cgt-calc/default.nix @@ -0,0 +1,47 @@ +{ lib +, fetchFromGitHub +, python3Packages +, withTeXLive ? true +, texliveSmall +}: +python3Packages.buildPythonApplication rec { + pname = "cgt-calc"; + version = "1.13.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "KapJI"; + repo = "capital-gains-calculator"; + rev = "v${version}"; + hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw="; + }; + + build-system = with python3Packages; [ + poetry-core + ]; + + dependencies = with python3Packages; [ + defusedxml + jinja2 + pandas + requests + types-requests + yfinance + ]; + + makeWrapperArgs = lib.optionals withTeXLive [ + "--prefix" + "PATH" + ":" + "${lib.getBin texliveSmall}/bin" + ]; + + meta = with lib; { + description = "UK capital gains tax calculator"; + homepage = "https://github.com/KapJI/capital-gains-calculator"; + license = with licenses; [ mit ]; + mainProgram = "cgt-calc"; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 6b7fce1..949bcf7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,6 +2,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { bw-pass = pkgs.callPackage ./bw-pass { }; + cgt-calc = pkgs.callPackage ./cgt-calc { }; + change-audio = pkgs.callPackage ./change-audio { }; change-backlight = pkgs.callPackage ./change-backlight { }; From cbba752b54825e09245088d42b0e1d0e0910f33f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Sep 2024 13:44:23 +0000 Subject: [PATCH 141/379] nixos: services: nginx: remove 'literalExample' Those examples do not use functions or any other "difficult to render" expression. --- modules/nixos/services/nginx/default.nix | 72 +++++++++++------------- 1 file changed, 32 insertions(+), 40 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 7980ad9..e305b29 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -59,14 +59,12 @@ let extraConfig = mkOption { type = types.attrs; # FIXME: forward type of virtualHosts - example = litteralExample '' - { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - } - ''; + example = { + locations."/socket" = { + proxyPass = "http://127.0.0.1:8096/"; + proxyWebsockets = true; + }; + }; default = { }; description = '' Any extra configuration that should be applied to this virtual host. @@ -100,26 +98,24 @@ in virtualHosts = mkOption { type = types.attrsOf virtualHostOption; default = { }; - example = litteralExample '' - { - gitea = { - subdomain = "git"; - port = 8080; - }; - dev = { - root = "/var/www/dev"; - }; - jellyfin = { - port = 8096; - extraConfig = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; + example = { + gitea = { + subdomain = "git"; + port = 8080; + }; + dev = { + root = "/var/www/dev"; + }; + jellyfin = { + port = 8096; + extraConfig = { + locations."/socket" = { + proxyPass = "http://127.0.0.1:8096/"; + proxyWebsockets = true; }; }; - } - ''; + }; + }; description = '' List of virtual hosts to set-up using default settings. ''; @@ -163,25 +159,21 @@ in }; }; }); - example = litteralExample '' - { - alice = { - passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; - totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; - }; - } - ''; + example = { + alice = { + passwordHashFile = "/var/lib/nginx-sso/alice/password-hash.txt"; + totpSecretFile = "/var/lib/nginx-sso/alice/totp-secret.txt"; + }; + }; description = "Definition of users"; }; groups = mkOption { type = with types; attrsOf (listOf str); - example = litteralExample '' - { - root = [ "alice" ]; - users = [ "alice" "bob" ]; - } - ''; + example = { + root = [ "alice" ]; + users = [ "alice" "bob" ]; + }; description = "Groups of users"; }; }; From 898523d079c724e16ad4f1f4b6e8f110e6d96e8f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Sep 2024 13:48:26 +0000 Subject: [PATCH 142/379] treewide: fix typos --- hosts/nixos/porthos/services.nix | 2 +- modules/home/firefox/tridactyl/tridactylrc | 2 +- modules/home/mail/accounts/default.nix | 4 ++-- modules/home/tmux/default.nix | 2 +- modules/home/vim/init.vim | 2 +- modules/home/vim/lua/ambroisie/lsp.lua | 2 +- modules/home/wm/default.nix | 2 +- modules/home/wm/screen-lock/default.nix | 4 ++-- modules/home/xdg/default.nix | 2 +- modules/home/zsh/options.zsh | 2 +- modules/nixos/hardware/trackball/default.nix | 2 +- modules/nixos/profiles/default.nix | 2 +- modules/nixos/services/forgejo/default.nix | 2 +- modules/nixos/services/gitea/default.nix | 2 +- modules/nixos/services/podgrab/default.nix | 2 +- modules/nixos/services/vikunja/default.nix | 2 +- modules/nixos/services/wireguard/default.nix | 2 +- pkgs/unbound-zones-adblock/default.nix | 2 +- 18 files changed, 20 insertions(+), 20 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 5792be3..7a38cea 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -157,7 +157,7 @@ in enable = false; }; }; - # Because I stilll need to play sysadmin + # Because I still need to play sysadmin ssh-server.enable = true; # Recipe manager tandoor-recipes = { diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 36bd59d..775719c 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -4,7 +4,7 @@ " Use dark color scheme colorscheme dark -" Make tridactyl open Vim in my prefered terminal +" Make tridactyl open Vim in my preferred terminal set editorcmd @editorcmd@ " Remove editor file after use diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 8886139..202b9bc 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -58,7 +58,7 @@ in { config.accounts.email.accounts = { personal = lib.mkMerge [ - # Common configuraton + # Common configuration (mkConfig { domain = "belanyi.fr"; address = "bruno"; @@ -70,7 +70,7 @@ in ]; gmail = lib.mkMerge [ - # Common configuraton + # Common configuration (mkConfig { domain = "gmail.com"; address = "brunobelanyi"; diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 501b954..71ce4ca 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -30,7 +30,7 @@ in }); default = { ${config.my.home.terminal.program} = { }; }; - defaultText = litteralExpression '' + defaultText = literalExpression '' { ''${config.my.home.terminal.program} = { }; }; ''; example = { xterm-256color = { }; }; diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 93eb133..8202cad 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -1,4 +1,4 @@ -" Basic configuraion {{{ +" Basic configuration {{{ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" " Use UTF-8 set encoding=utf-8 diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 1912623..eb53da6 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -42,7 +42,7 @@ end --- shared LSP configuration callback --- @param client native client configuration ---- @param bufnr int? buffer number of the attched client +--- @param bufnr int? buffer number of the attached client M.on_attach = function(client, bufnr) -- Format on save lsp_format.on_attach(client, bufnr) diff --git a/modules/home/wm/default.nix b/modules/home/wm/default.nix index 449918a..ae1e136 100644 --- a/modules/home/wm/default.nix +++ b/modules/home/wm/default.nix @@ -58,7 +58,7 @@ in service = "some-service-name"; } ]; - description = "list of block configurations, merged with the defauls"; + description = "list of block configurations, merged with the defaults"; }; }; }; diff --git a/modules/home/wm/screen-lock/default.nix b/modules/home/wm/screen-lock/default.nix index 3b2ead6..5e6874e 100644 --- a/modules/home/wm/screen-lock/default.nix +++ b/modules/home/wm/screen-lock/default.nix @@ -2,7 +2,7 @@ let cfg = config.my.home.wm.screen-lock; - notficationCmd = + notificationCmd = let duration = toString (cfg.notify.delay * 1000); notifyCmd = "${lib.getExe pkgs.libnotify} -u critical -t ${duration}"; @@ -48,7 +48,7 @@ in "-notify" "${toString cfg.notify.delay}" "-notifier" - notficationCmd + notificationCmd ]; }; }; diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index e180f27..270200e 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -11,7 +11,7 @@ in enable = true; # File types mime.enable = true; - # File associatons + # File associations mimeApps = { enable = true; }; diff --git a/modules/home/zsh/options.zsh b/modules/home/zsh/options.zsh index 32da8d8..7bcad03 100644 --- a/modules/home/zsh/options.zsh +++ b/modules/home/zsh/options.zsh @@ -12,7 +12,7 @@ setopt rc_quotes setopt auto_resume # Show history expansion before running a command setopt hist_verify -# Append commands to history as they are exectuted +# Append commands to history as they are executed setopt inc_append_history_time # Remove useless whitespace from commands setopt hist_reduce_blanks diff --git a/modules/nixos/hardware/trackball/default.nix b/modules/nixos/hardware/trackball/default.nix index 7a99247..a9b24e3 100644 --- a/modules/nixos/hardware/trackball/default.nix +++ b/modules/nixos/hardware/trackball/default.nix @@ -11,7 +11,7 @@ in config = lib.mkIf cfg.enable { services.xserver = { # This section must be *after* the one configured by `libinput` - # for the `ScrollMethod` configuration to not be overriden + # for the `ScrollMethod` configuration to not be overridden inputClassSections = lib.mkAfter [ # MX Ergo '' diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix index 43d5a84..dbd4be3 100644 --- a/modules/nixos/profiles/default.nix +++ b/modules/nixos/profiles/default.nix @@ -1,4 +1,4 @@ -# Configuration that spans accross system and home, or are almagations of modules +# Configuration that spans across system and home, or are almagations of modules { ... }: { imports = [ diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 18538be..511724b 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -1,4 +1,4 @@ -# A low-ressource, full-featured git forge. +# A low-resource, full-featured git forge. { config, lib, ... }: let cfg = config.my.services.forgejo; diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 212f59c..95bdf42 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -1,4 +1,4 @@ -# A low-ressource, full-featured git forge. +# A low-resource, full-featured git forge. { config, lib, ... }: let cfg = config.my.services.gitea; diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index ea89e4e..3ced8d3 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -13,7 +13,7 @@ in example = "/run/secrets/password.env"; description = '' The path to a file containing the PASSWORD environment variable - definition for Podgrab's authentification. + definition for Podgrab's authentication. ''; }; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 7838a79..2753da3 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -41,7 +41,7 @@ in service = { # Only allow registration of users through the CLI enableregistration = false; - # Ues the host's timezone + # Use the host's timezone timezone = config.time.timeZone; # Use UNIX socket for serving the API unixsocket = socketPath; diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index a76e424..840ac33 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -206,7 +206,7 @@ in ]; } - # Additional inteface is only used to get access to "LAN" from wireguard + # Additional interface is only used to get access to "LAN" from wireguard (lib.mkIf cfg.internal.enable { networking.wg-quick.interfaces."${cfg.internal.name}" = mkInterface [ "${cfg.net.v4.subnet}.0/${toString cfg.net.v4.mask}" diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 2a6d4b7..11a6c90 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -30,7 +30,7 @@ stdenvNoCC.mkDerivation { description = "Unified host lists, ready to be used by unbound"; longDescription = '' This is a simple derivation based on StevenBlack's unified hosts list. - The files have been modified for easy use wih unbound. + The files have been modified for easy use with unbound. ''; homepage = "https://github.com/StevenBlack/hosts"; license = licenses.mit; From 38f3ac0ce5883f6aee526b91240bca153019584b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 27 Sep 2024 14:11:03 +0000 Subject: [PATCH 143/379] home: vim: lspconfig: add 'typos-lsp' --- modules/home/vim/default.nix | 3 +++ modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index a063483..8e6bd5c 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -100,6 +100,9 @@ in # Shell bash-language-server shfmt + + # Generic + typos-lsp ]; }; diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 2f355f4..9e9425c 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -84,3 +84,11 @@ if utils.is_executable("starpls") then on_attach = lsp.on_attach, }) end + +-- Generic +if utils.is_executable("typos-lsp") then + lspconfig.typos_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end From 79f08ea5a1a8060db0074d3eb9576283f27ca29f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 30 Sep 2024 13:47:26 +0000 Subject: [PATCH 144/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 7112362..5c355bf 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1727246346, - "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", + "lastModified": 1727383923, + "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", + "rev": "ffe2d07e771580a005e675108212597e5b367d2d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1727348695, + "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1727272134, - "narHash": "sha256-q8xoi2eO23zhOmgBtJTj0QlcABoMeVB0CAWufTR3wyw=", + "lastModified": 1727701468, + "narHash": "sha256-C7Trw/LSFXDpN6RcDqoH8oaXDIQsCbI7aVwOT68ElUs=", "owner": "nix-community", "repo": "NUR", - "rev": "8dbbe7f3575d0ff0998f92f811fb8bf4e3f0d3b1", + "rev": "a885f104ba4ef8431d0fbe7ecbabac024779afb1", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1726745158, - "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", + "lastModified": 1727514110, + "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", + "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8", "type": "github" }, "original": { From 09f763bc164946c6e548b933fad626b0a7bf689e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 30 Sep 2024 22:10:38 +0200 Subject: [PATCH 145/379] nixos: services: add komga --- modules/nixos/services/default.nix | 1 + modules/nixos/services/komga/default.nix | 55 ++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 modules/nixos/services/komga/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 1211ee6..651f3f8 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -16,6 +16,7 @@ ./grocy ./indexers ./jellyfin + ./komga ./lohr ./matrix ./mealie diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix new file mode 100644 index 0000000..e1dc780 --- /dev/null +++ b/modules/nixos/services/komga/default.nix @@ -0,0 +1,55 @@ +# A Comics/Manga media server +{ config, lib, ... }: +let + cfg = config.my.services.komga; +in +{ + options.my.services.komga = with lib; { + enable = mkEnableOption "Komga comics server"; + + port = mkOption { + type = types.port; + default = 4584; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.komga = { + enable = true; + inherit (cfg) port; + + group = "media"; + }; + + systemd.services.komga.environment = { + LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + komga = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + komga = '' + enabled = true + filter = komga + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/komga.conf".text = '' + [Definition] + failregex = ^.* ip=,.*Bad credentials.*$ + journalmatch = _SYSTEMD_UNIT=komga.service + ''; + }; + }; +} From eec65dc6b31b02fec85b5c65e30079fad1f9227a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 1 Oct 2024 16:54:44 +0200 Subject: [PATCH 146/379] hosts: nixos: porthos: services: remove podgrab Podgrab is unmaintained... I'll rely on Audiobookshelf to both download and play podcasts. --- hosts/nixos/porthos/services.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 7a38cea..ec3db67 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -132,13 +132,6 @@ in enable = true; loginFile = secrets."pdf-edit/login".path; }; - # Podcast automatic downloader - podgrab = { - enable = true; - passwordFile = secrets."podgrab/password".path; - dataDir = "/data/media/podcasts"; - port = 9598; - }; # Regular backups postgresql-backup.enable = true; pyload = { From b10d936c0a98aef3b4c078b7f7886e2db39758da Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Oct 2024 11:35:11 +0000 Subject: [PATCH 147/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5c355bf..752a214 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1727383923, - "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=", + "lastModified": 1728337164, + "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffe2d07e771580a005e675108212597e5b367d2d", + "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727348695, - "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", + "lastModified": 1728241625, + "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", + "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1727701468, - "narHash": "sha256-C7Trw/LSFXDpN6RcDqoH8oaXDIQsCbI7aVwOT68ElUs=", + "lastModified": 1728385750, + "narHash": "sha256-M2Qgz4Opif8uN9/I/dWRtyZRcuHRv+02B1+FgJk6LyY=", "owner": "nix-community", "repo": "NUR", - "rev": "a885f104ba4ef8431d0fbe7ecbabac024779afb1", + "rev": "7fc13fc5ea634482f96525f06132646d5aa01f7f", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1727514110, - "narHash": "sha256-0YRcOxJG12VGDFH8iS8pJ0aYQQUAgo/r3ZAL+cSh9nk=", + "lastModified": 1728092656, + "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "85f7a7177c678de68224af3402ab8ee1bcee25c8", + "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a", "type": "github" }, "original": { From 8e81d148bdda429cad565fc1cf6b327ba7eec29a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 10 Oct 2024 13:53:19 +0000 Subject: [PATCH 148/379] home: direnv: warn on non-existent version --- modules/home/direnv/lib/android.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh index fa2f856..64321e1 100644 --- a/modules/home/direnv/lib/android.sh +++ b/modules/home/direnv/lib/android.sh @@ -32,10 +32,16 @@ use_android() { -b|--build-tools) build_tools_version="$2" shift 2 + if ! [ -e "$ANDROID_HOME/build-tools/$build_tools_version" ]; then + log_error "use_android: build-tools version '$build_tools_version' does not exist" + fi ;; -n|--ndk) ndk_version="$2" shift 2 + if ! [ -e "$ANDROID_HOME/ndk/$ndk_version" ]; then + log_error "use_android: NDK version '$ndk_version' does not exist" + fi ;; --) shift From 0547ebc33c8d8891bbbeea44d31d50bc6b5dd01f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Oct 2024 10:43:52 +0000 Subject: [PATCH 149/379] home: wm: i3: remove 'FIXME' Add a clearer message about why I don't use the `startup` section. --- modules/home/wm/i3/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 69246f0..c432864 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -371,8 +371,7 @@ in }; startup = [ - # FIXME - # { commdand; always; notification; } + # NOTE: rely on systemd user services instead... ]; window = { From a09cef76c5b13c052eeed4b52531516204bd8839 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 17 Oct 2024 15:26:17 +0200 Subject: [PATCH 150/379] nixos: services: nextcloud: bump to 30 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d173fc0..e2c4746 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From cf1aeaf0884d2420ed7c55d94a859ffe527f3cbf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 23 Oct 2024 13:49:19 +0000 Subject: [PATCH 151/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 752a214..fb392a4 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1728337164, - "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", + "lastModified": 1729551526, + "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", + "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1729413321, + "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1728385750, - "narHash": "sha256-M2Qgz4Opif8uN9/I/dWRtyZRcuHRv+02B1+FgJk6LyY=", + "lastModified": 1729688743, + "narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=", "owner": "nix-community", "repo": "NUR", - "rev": "7fc13fc5ea634482f96525f06132646d5aa01f7f", + "rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1728092656, - "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=", + "lastModified": 1729104314, + "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a", + "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "type": "github" }, "original": { From 46df8b5b5b38be165849382e4c3ecc7c9e4b4201 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 21 Oct 2024 14:24:42 +0000 Subject: [PATCH 152/379] home: direnv: lib: fix shellcheck directive I like it better with a space in it. --- modules/home/direnv/lib/android.sh | 2 +- modules/home/direnv/lib/nix.sh | 2 +- modules/home/direnv/lib/postgres.sh | 2 +- modules/home/direnv/lib/python.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/home/direnv/lib/android.sh b/modules/home/direnv/lib/android.sh index 64321e1..9344aea 100644 --- a/modules/home/direnv/lib/android.sh +++ b/modules/home/direnv/lib/android.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash # shellcheck disable=2155 use_android() { diff --git a/modules/home/direnv/lib/nix.sh b/modules/home/direnv/lib/nix.sh index a65eb31..4b6c547 100644 --- a/modules/home/direnv/lib/nix.sh +++ b/modules/home/direnv/lib/nix.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash use_pkgs() { if ! has nix; then diff --git a/modules/home/direnv/lib/postgres.sh b/modules/home/direnv/lib/postgres.sh index c2e6a8f..46e171d 100644 --- a/modules/home/direnv/lib/postgres.sh +++ b/modules/home/direnv/lib/postgres.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash layout_postgres() { if ! has postgres || ! has initdb; then diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index d1e67a2..780fbe6 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -1,4 +1,4 @@ -#shellcheck shell=bash +# shellcheck shell=bash layout_poetry() { if ! has poetry; then From 6d2ac0c473561aa75156788c26b0b7e6b442d241 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 28 Oct 2024 10:38:40 +0000 Subject: [PATCH 153/379] modules: services: matrix: remove sliding sync The functionality has been folded into `synapse` itself, and the module has been removed from the unstable branch. This reverts commit b4c2cc581b6b79db1961e0aa840fad6d17ee6652. --- hosts/nixos/porthos/services.nix | 3 -- modules/nixos/services/matrix/default.nix | 39 ----------------------- 2 files changed, 42 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ec3db67..a2339f4 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -69,9 +69,6 @@ in mailConfigFile = secrets."matrix/mail".path; # Only necessary when doing the initial registration secretFile = secrets."matrix/secret".path; - slidingSync = { - secretFile = secrets."matrix/sliding-sync-secret".path; - }; }; mealie = { enable = true; diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b958f76..f423834 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -26,21 +26,6 @@ in description = "Shared secret to register users"; }; - slidingSync = { - port = mkOption { - type = types.port; - default = 8009; - example = 8084; - description = "Port used by sliding sync server"; - }; - - secretFile = mkOption { - type = types.str; - example = "/var/lib/matrix/sliding-sync-secret-file.env"; - description = "Secret file which contains SYNCV3_SECRET definition"; - }; - }; - mailConfigFile = mkOption { type = types.str; example = "/var/lib/matrix/email-config.yaml"; @@ -106,17 +91,6 @@ in ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; }; - services.matrix-sliding-sync = { - enable = true; - - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; - }; - - environmentFile = cfg.slidingSync.secretFile; - }; - my.services.nginx.virtualHosts = { # Element Web app deployment chat = { @@ -130,9 +104,6 @@ in "m.identity_server" = { "base_url" = "https://vector.im"; }; - "org.matrix.msc3575.proxy" = { - "url" = "https://matrix-sync.${domain}"; - }; }; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico @@ -152,10 +123,6 @@ in matrix-client = { port = clientPort.private; }; - # Sliding sync - matrix-sync = { - inherit (cfg.slidingSync) port; - }; }; # Those are too complicated to use my wrapper... @@ -178,11 +145,6 @@ in "/_matrix" = proxyToClientPort; "/_synapse/client" = proxyToClientPort; - - # Sliding sync - "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; - }; }; listen = [ @@ -228,7 +190,6 @@ in client = { "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; - "org.matrix.msc3575.proxy" = { "url" = "https://matrix-sync.${domain}"; }; }; # ACAO required to allow element-web on any URL to request this json file in From 67eb7bdd4bfe4b78c476a3e2ef3ef09727fb992b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 28 Oct 2024 10:43:54 +0000 Subject: [PATCH 154/379] hosts: nixos: porthos: secrets: remove matrix sync Remove the secret, as it not used anymore. This reverts commit 52413dcaf7d937a69002be661b8a6c26443e162c. --- .../nixos/porthos/secrets/matrix/sliding-sync-secret.age | 8 -------- hosts/nixos/porthos/secrets/secrets.nix | 3 --- 2 files changed, 11 deletions(-) delete mode 100644 hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age deleted file mode 100644 index e938cfa..0000000 --- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E -OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c --> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg -cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg ---- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY -"W9Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ -Û}ð §ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆB ÃUpJClï²OÈ™³œnOÁ\ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index a8a9819..68e90f2 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -48,9 +48,6 @@ in owner = "matrix-synapse"; publicKeys = all; }; - "matrix/sliding-sync-secret.age" = { - publicKeys = all; - }; "mealie/mail.age" = { publicKeys = all; From 5b66145be378013d673db5b31514437c76991c02 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 28 Oct 2024 10:32:19 +0000 Subject: [PATCH 155/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fb392a4..249cddd 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1729551526, - "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", + "lastModified": 1729864948, + "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", + "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729413321, - "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=", + "lastModified": 1729665710, + "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26", + "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1729688743, - "narHash": "sha256-Oe1PRxUAXSwRUcRIH+saPgMsIEEm7PfL81+M5IDCqvg=", + "lastModified": 1729868220, + "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=", "owner": "nix-community", "repo": "NUR", - "rev": "2680c1d6af171ee32198c8f2f5dc07ce1d5bd2ea", + "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2", "type": "github" }, "original": { From 07552f30705ac3b268cf4f2301d9b28a9ba7089d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 21 Oct 2024 10:06:48 +0000 Subject: [PATCH 156/379] nixos: system: nix: configure GC --- modules/nixos/system/nix/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index ad13539..12a395e 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -22,6 +22,10 @@ in options.my.system.nix = with lib; { enable = my.mkDisableOption "nix configuration"; + gc = { + enable = my.mkDisableOption "nix GC configuration"; + }; + cache = { selfHosted = my.mkDisableOption "self-hosted cache"; }; @@ -62,6 +66,22 @@ in }; } + (lib.mkIf cfg.gc.enable { + nix.gc = { + automatic = true; + + # Every week, with some wiggle room + dates = "weekly"; + randomizedDelaySec = "10min"; + + # Use a persistent timer for e.g: laptops + persistent = true; + + # Delete old profiles automatically after 15 days + options = "--delete-older-than 15d"; + }; + }) + (lib.mkIf cfg.cache.selfHosted { nix = { settings = { From 8475d92314d9e6e522910e1d96263cfa396881e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 21 Oct 2024 10:07:21 +0000 Subject: [PATCH 157/379] home: nix: configure GC --- modules/home/nix/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index c0bbcc8..c67cc6a 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -22,6 +22,10 @@ in options.my.home.nix = with lib; { enable = my.mkDisableOption "nix configuration"; + gc = { + enable = my.mkDisableOption "nix GC configuration"; + }; + cache = { selfHosted = my.mkDisableOption "self-hosted cache"; }; @@ -60,6 +64,22 @@ in }; } + (lib.mkIf cfg.gc.enable { + nix.gc = { + automatic = true; + + # Every week, with some wiggle room + frequency = "weekly"; + randomizedDelaySec = "10min"; + + # Use a persistent timer for e.g: laptops + persistent = true; + + # Delete old profiles automatically after 15 days + options = "--delete-older-than 15d"; + }; + }) + (lib.mkIf cfg.cache.selfHosted { nix = { settings = { From 62de2772a40744cd5045a54c3191c373ad849332 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Nov 2024 11:02:35 +0000 Subject: [PATCH 158/379] home: vim: do not italicize comments --- modules/home/vim/init.vim | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 8202cad..0b54676 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -102,7 +102,11 @@ gruvbox.setup({ DiffText = { fg = colors.yellow, bg = colors.bg0 }, -- Directories "pop" better in blue Directory = { link = "GruvboxBlueBold" }, - } + }, + italic = { + -- Comments should not be italic, for e.g: box drawing + comments = false, + }, }) EOF " Use my preferred colorscheme From 46bd23ff077063827304b9d1555a1a4f267f0c1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Nov 2024 10:53:58 +0000 Subject: [PATCH 159/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 249cddd..af4cbfa 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1729864948, - "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729665710, - "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1729868220, - "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=", + "lastModified": 1730885145, + "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=", "owner": "nix-community", "repo": "NUR", - "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2", + "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1729104314, - "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { From 7b42368e2f144cab111d8856928cfc1d21bf0489 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Nov 2024 11:45:11 +0000 Subject: [PATCH 160/379] hosts: nixos: porthos: services: remove tandoor I fully transitioned to using Mealie instead. This reverts commit 493636decb178a23e85c593bd38cbcb1982df8cc. --- hosts/nixos/porthos/services.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a2339f4..109b4e5 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,11 +149,6 @@ in }; # Because I still need to play sysadmin ssh-server.enable = true; - # Recipe manager - tandoor-recipes = { - enable = true; - secretKeyFile = secrets."tandoor-recipes/secret-key".path; - }; # Torrent client and webui transmission = { enable = true; From ab8a5daefe9773dbb69fce4667910819f748cb94 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Nov 2024 20:05:06 +0000 Subject: [PATCH 161/379] hosts: porthos: secrets: acme: use OVH API I switched registrar, as OVH was ~4x cheaper. This needs a small change to the module to both refer to OVH instead of Gandi in the documentation, and make use of the correct API. I also needed to disable the propagation check, as it looks like OVH is slower than Gandi, and leads to spurious errors... --- hosts/nixos/porthos/secrets/acme/dns-key.age | 15 ++++++++------- modules/nixos/services/nginx/default.nix | 6 ++++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index fce2a84..d7f159e 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y --> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw ---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg -¾r ú&…¥‹{~v?¨}=Ä -}+ ¿SQ’M[²]Œ±k MÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€ \ No newline at end of file +-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs +aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY +-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ +PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ +--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg +1ÌÉCÔ¹ð¤ŽULfI1¸Hm»Ûòb}m”” ÁÅ¡ìg•ß0¦¢–¤`XG>\>¹8rŽz+Š›Y ™¼`—Ê¢.JBUÏ!z¸Z50ú*õ¡ÙŸ¤×ÖÇ®IôÔ]¹‹Ïå I +ĵ¿–oÒÛ°…g„®„ÒêÁ³Â¿Ÿt’©nƒºãcz[»{ +jçå&ÁõõNæ°Nÿo{õš½‚ -eP¾=L‰™ 6¦.SP:»e¶– \ No newline at end of file diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e305b29..e5a87de 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -86,7 +86,7 @@ in type = types.str; example = "/var/lib/acme/creds.env"; description = '' - Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) + OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) ''; }; }; @@ -281,6 +281,7 @@ in locations."/" = { extraConfig = + # FIXME: check that X-User is dropped otherwise (args.extraConfig.locations."/".extraConfig or "") + '' # Use SSO auth_request /sso-auth; @@ -414,7 +415,8 @@ in { "${domain}" = { extraDomainNames = [ "*.${domain}" ]; - dnsProvider = "gandiv5"; + dnsProvider = "ovh"; + dnsPropagationCheck = false; # OVH is slow inherit (cfg.acme) credentialsFile; }; }; From 138d4d2bd9d7460dbe2bb48c1473c5bf9a07522e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 15 Nov 2024 21:36:11 +0100 Subject: [PATCH 162/379] nixos: services: nextcloud: add collabora This needs to be configured through the "Nextcloud Office" app, specifically the WOPI setting is important for security (I put both the external IP, as well as `::1` and `127.0.0.1`). --- .../nixos/services/nextcloud/collabora.nix | 58 +++++++++++++++++++ modules/nixos/services/nextcloud/default.nix | 4 ++ 2 files changed, 62 insertions(+) create mode 100644 modules/nixos/services/nextcloud/collabora.nix diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix new file mode 100644 index 0000000..d62181f --- /dev/null +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -0,0 +1,58 @@ +# Document editor with Nextcloud +{ config, lib, ... }: +let + cfg = config.my.services.nextcloud.collabora; +in +{ + options.my.services.nextcloud.collabora = with lib; { + enable = mkEnableOption "Collabora integration"; + + port = mkOption { + type = types.port; + default = 9980; + example = 8080; + description = "Internal port for API"; + }; + }; + + config = lib.mkIf cfg.enable { + services.collabora-online = { + enable = true; + inherit (cfg) port; + + aliasGroups = [ + { + host = "https://collabora.${config.networking.domain}"; + # Allow using from nextcloud + aliases = [ "https://${config.services.nextcloud.hostName}" ]; + } + ]; + + settings = { + # Rely on reverse proxy for SSL + ssl = { + enable = false; + termination = true; + }; + }; + }; + + my.services.nginx.virtualHosts = { + collabora = { + inherit (cfg) port; + + extraConfig = { + # Too bad for the repetition... + locations."~ ^/cool/(.*)/ws$" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + locations."^~ /cool/adminws" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index e2c4746..fe94177 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -4,6 +4,10 @@ let cfg = config.my.services.nextcloud; in { + imports = [ + ./collabora.nix + ]; + options.my.services.nextcloud = with lib; { enable = mkEnableOption "Nextcloud"; maxSize = mkOption { From ae230b5df7b17e222e5cebe8fc055c01d0361f24 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 15 Nov 2024 21:38:16 +0100 Subject: [PATCH 163/379] hosts: porthos: services: enable collabora --- hosts/nixos/porthos/services.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 109b4e5..ffd150a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -95,6 +95,9 @@ in nextcloud = { enable = true; passwordFile = secrets."nextcloud/password".path; + collabora = { + enable = true; + }; }; nix-cache = { enable = true; From e9d96138d5b5c6c678e2298618a3faa444bd37a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:46:31 +0000 Subject: [PATCH 164/379] nixos: services: nginx: add 'websocketsLocations' This accounts for the overwhelming majority of my usage of `extraConfig`. --- modules/nixos/services/nginx/default.nix | 44 ++++++++++++++++++------ 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e5a87de..5a372ed 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -17,6 +17,16 @@ let ''; }; + websocketsLocations = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "/socket" ]; + description = '' + Which locations on this virtual host should be configured for + websockets. + ''; + }; + port = mkOption { type = with types; nullOr port; default = null; @@ -108,12 +118,7 @@ in }; jellyfin = { port = 8096; - extraConfig = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - }; + websocketsLocations = [ "/socket" ]; }; }; description = '' @@ -195,6 +200,19 @@ in } configured. ''; })) + ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: + let + proxyPass = [ "port" "socket" ]; + proxyPassUsed = lib.any (v: args.${v} != null) proxyPass; + in + { + assertion = args.websocketsLocations != [ ] -> proxyPassUsed; + message = '' + Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${ + lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass) + }. + ''; + })) ++ ( let ports = lib.my.mapFilter @@ -241,6 +259,14 @@ in virtualHosts = let domain = config.networking.domain; + mkProxyPass = { websocketsLocations, ... }: proxyPass: + let + websockets = lib.genAttrs websocketsLocations (_: { + inherit proxyPass; + proxyWebsockets = true; + }); + in + { "/" = { inherit proxyPass; }; } // websockets; mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair "${subdomain}.${domain}" (lib.my.recursiveMerge [ @@ -251,8 +277,7 @@ in } # Proxy to port (lib.optionalAttrs (args.port != null) { - locations."/".proxyPass = - "http://127.0.0.1:${toString args.port}"; + locations = mkProxyPass args "http://127.0.0.1:${toString args.port}"; }) # Serve filesystem content (lib.optionalAttrs (args.root != null) { @@ -260,8 +285,7 @@ in }) # Serve to UNIX socket (lib.optionalAttrs (args.socket != null) { - locations."/".proxyPass = - "http://unix:${args.socket}"; + locations = mkProxyPass args "http://unix:${args.socket}"; }) # Redirect to a different domain (lib.optionalAttrs (args.redirect != null) { From 6a1a35a3840bc40cc095a6e98702b705e67aa43f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:49:31 +0000 Subject: [PATCH 165/379] nixos: services: migrate to 'websocketsLocations' --- modules/nixos/services/aria/default.nix | 4 +--- .../nixos/services/audiobookshelf/default.nix | 4 +--- modules/nixos/services/jellyfin/default.nix | 6 +----- modules/nixos/services/nextcloud/collabora.nix | 16 ++++------------ modules/nixos/services/paperless/default.nix | 6 +----- 5 files changed, 8 insertions(+), 28 deletions(-) diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix index 2d1b3e2..acbf0b7 100644 --- a/modules/nixos/services/aria/default.nix +++ b/modules/nixos/services/aria/default.nix @@ -65,9 +65,7 @@ in aria-rpc = { port = cfg.rpcPort; # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix index da9ec55..04ec8b9 100644 --- a/modules/nixos/services/audiobookshelf/default.nix +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -30,9 +30,7 @@ in audiobookshelf = { inherit (cfg) port; # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index e8910a5..6edeb67 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -27,17 +27,13 @@ in my.services.nginx.virtualHosts = { jellyfin = { port = 8096; + websocketsLocations = [ "/socket" ]; extraConfig = { locations."/" = { extraConfig = '' proxy_buffering off; ''; }; - # Too bad for the repetition... - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; }; }; }; diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index d62181f..f8f42a7 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -40,18 +40,10 @@ in my.services.nginx.virtualHosts = { collabora = { inherit (cfg) port; - - extraConfig = { - # Too bad for the repetition... - locations."~ ^/cool/(.*)/ws$" = { - proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; - proxyWebsockets = true; - }; - locations."^~ /cool/adminws" = { - proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; - proxyWebsockets = true; - }; - }; + websocketsLocations = [ + "~ ^/cool/(.*)/ws$" + "^~ /cool/adminws" + ]; }; }; }; diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f62879a..eceae1c 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -152,11 +152,7 @@ in sso = { enable = true; }; - - # Enable websockets on root - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; From 60050113bc6a167449a56f0a17f2820e776f97bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:53:19 +0000 Subject: [PATCH 166/379] nixos: services: nginx: modify example Now that `websocketLocations` exists, it makes little sense to use `proxyWebsockets` in an example, so use a different one. --- modules/nixos/services/nginx/default.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 5a372ed..3bba9f4 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -70,10 +70,13 @@ let extraConfig = mkOption { type = types.attrs; # FIXME: forward type of virtualHosts example = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; + extraConfig = '' + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + ''; + + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; }; default = { }; description = '' From 2ffbc13513088245c5bdfa680a34eeb40468fbf1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 20 Nov 2024 21:05:16 +0100 Subject: [PATCH 167/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index af4cbfa..fd8354f 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1732025103, + "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "rev": "a46e702093a5c46e192243edbd977d5749e7f294", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1730885145, - "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=", + "lastModified": 1732131502, + "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=", "owner": "nix-community", "repo": "NUR", - "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991", + "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1730814269, - "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "lastModified": 1732021966, + "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "type": "github" }, "original": { From 7f0cd6612eccf07046df860650f2f95ad85fea95 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Nov 2024 21:29:24 +0100 Subject: [PATCH 168/379] nixos: services: paperless: remove MKL work-around Instead, rely on the upstream service's work-around [1]. This will reduce the amount of package builds I need to do when updating my server... [1]: https://github.com/NixOS/nixpkgs/pull/299008 This reverts commit e2ec4d3032ee3d3dc3be935b0e2af9ad7ff0c511. --- modules/nixos/services/paperless/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index eceae1c..321dfa3 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.paperless; in @@ -80,9 +80,6 @@ in # Misc PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = cfg.username; - - # Fix classifier hangs - LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib"; }; # Admin password From 6a5c4a627aa9b26a7aeb7e324ae9b3b533f9a04f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Nov 2024 13:31:08 +0100 Subject: [PATCH 169/379] nixos: services: pyload: add fail2ban jail --- modules/nixos/services/pyload/default.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix index 88889bf..7257d0f 100644 --- a/modules/nixos/services/pyload/default.nix +++ b/modules/nixos/services/pyload/default.nix @@ -53,6 +53,20 @@ in }; }; - # FIXME: fail2ban + services.fail2ban.jails = { + pyload = '' + enabled = true + filter = pyload + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/pyload.conf".text = '' + [Definition] + failregex = ^.*Login failed for user '.*' \[CLIENT: \]$ + journalmatch = _SYSTEMD_UNIT=pyload.service + ''; + }; }; } From fe49e470269f9f8a2445e7ce6f219a4fd6d18561 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 12:02:29 +0000 Subject: [PATCH 170/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fd8354f..cd3f50c 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1732025103, - "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a46e702093a5c46e192243edbd977d5749e7f294", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1732131502, - "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=", + "lastModified": 1732704680, + "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", "owner": "nix-community", "repo": "NUR", - "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd", + "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", "type": "github" }, "original": { From e39fef275c2eee50708080e932ae48bb1845c997 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 12:05:41 +0000 Subject: [PATCH 171/379] nixos: services: paperless: use 'environmentFile' That way I don't have to configure all services to make use of it. Someday I'll find the will to add the `postgresql.service` dependency upstream, truly removing the need to configure any service at all. --- modules/nixos/services/paperless/default.nix | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 321dfa3..c8967e1 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -84,43 +84,30 @@ in # Admin password passwordFile = cfg.passwordFile; + + # Secret key + environmentFile = cfg.secretKeyFile; }; systemd.services = { paperless-scheduler = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-consumer = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-web = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-task-queue = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; }; From f2168378fc1b658eeb24ec364953c4160de041f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 15:12:10 +0000 Subject: [PATCH 172/379] home: direnv: lib: also watch '.python-version' It's used by `uv` as a kind of configuration file, so watch it as well. --- modules/home/direnv/lib/python.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 780fbe6..b4b2bce 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -53,4 +53,5 @@ layout_uv() { PATH_add "$VIRTUAL_ENV/bin" watch_file pyproject.toml watch_file uv.lock + watch_file .python-version } From 83da7ba9c8c8d54b8fd7585ee009505e9a36dafa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 11:24:30 +0000 Subject: [PATCH 173/379] home: tmux: explicitly disable mouse support It's disabled by default, but make it explicit :-). --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 71ce4ca..dc7fed1 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -47,6 +47,7 @@ in clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead historyLimit = 100000; # Bigger buffer + mouse = false; # I dislike mouse support terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ From e8a41187e75b84cee2aae14663bb4fd5229e256d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:05:45 +0000 Subject: [PATCH 174/379] home: xdg: create 'HISTFILE' parent directory In fbd3b70d61bd733af033545d4cfe4809fbb068a3, I forgot to modify the `.keep` file to be created in `$XDG_STATE_HOME/bash/`. --- modules/home/xdg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 270200e..e4c1887 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,11 +30,11 @@ in }; # A tidy home is a tidy mind dataFile = { - "bash/.keep".text = ""; "gdb/.keep".text = ""; "tig/.keep".text = ""; }; stateFile = { + "bash/.keep".text = ""; "python/.keep".text = ""; }; }; From 8b61af1ac3cff8450234534b29420a51aa4b9de5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:07:07 +0000 Subject: [PATCH 175/379] home: xdg: remove 'gdb' directory I have an actual module to configure `gdb`, and it uses `$XDG_STATE_HOME` anyway... --- modules/home/xdg/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index e4c1887..479ba1e 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,7 +30,6 @@ in }; # A tidy home is a tidy mind dataFile = { - "gdb/.keep".text = ""; "tig/.keep".text = ""; }; stateFile = { From da3c29bbafe60b2e30172a6c5da452b2efeb8a34 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:07:50 +0000 Subject: [PATCH 176/379] home: xdg: add comment about 'tig' To explain why I didn't modify it as part of my `$XDG_STATE_HOME` migration in fbd3b70d61bd733af033545d4cfe4809fbb068a3. --- modules/home/xdg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 479ba1e..803167f 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,7 +30,7 @@ in }; # A tidy home is a tidy mind dataFile = { - "tig/.keep".text = ""; + "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically... }; stateFile = { "bash/.keep".text = ""; From b38658405ad50a54876c5c7537e6f1815542c83c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:17:31 +0000 Subject: [PATCH 177/379] home: tmux: add binding to refresh configuration Don't rely on `tmux-sensible` to set it up. --- modules/home/tmux/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index dc7fed1..23dff05 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -81,6 +81,9 @@ in ]; extraConfig = '' + # Refresh configuration + bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From 98c90d77c51b74dc5888c7e0647fdd9f35511964 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:50:29 +0000 Subject: [PATCH 178/379] home: tmux: add sloppy window switching bindings Another set of bindings which were setup by `tmux-sensible`, that I want to enable explicitly to avoid issues when it is disabled by default. --- modules/home/tmux/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 23dff05..bb23b44 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -84,6 +84,10 @@ in # Refresh configuration bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Accept sloppy Ctrl key when switching windows, on top of default mapping + bind-key -N "Select the previous window" C-p previous-window + bind-key -N "Select the next window" C-n next-window + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From c74acda957fb2fb86560e7507390b482b2705ebf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 19:58:50 +0000 Subject: [PATCH 179/379] nixos: system: packages: remove 'wget' --- modules/nixos/system/packages/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index ebea06f..6a78ff6 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -1,5 +1,5 @@ # Common packages -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.system.packages; in @@ -13,10 +13,6 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - wget - ]; - programs = { vim = { enable = true; From 3ac85b87623fb4d64c93c996d21ffac7fd832979 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 29 Nov 2024 14:29:32 +0000 Subject: [PATCH 180/379] home: packages: add 'tree' --- modules/home/packages/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index 1362a06..b0f8d67 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -26,6 +26,7 @@ in fd file ripgrep + tree ] ++ cfg.additionalPackages); nixpkgs.config = { From baa853477d78bfd63cbed78c1d9e703a4d8c3d9d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 2 Dec 2024 20:36:37 +0000 Subject: [PATCH 181/379] nixos: hardware: sound: remove ALSA `sound.enable` was removed from the latest release, and is unnecessary with PulseAudio. --- modules/nixos/hardware/sound/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index e8ba7f7..1cf12cb 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,9 +54,6 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - # ALSA - sound.enable = true; - hardware.pulseaudio.enable = true; }) ]); From ad1cfbd6f03e0b38f690d8563af02c1c04d8b731 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 3 Dec 2024 10:43:09 +0000 Subject: [PATCH 182/379] flake: bump inputs Allow-list the build inputs for `sonarr` until the package is fixed upstream [1]. [1]: https://github.com/NixOS/nixpkgs/issues/360592 --- flake.lock | 18 +++++++++--------- modules/nixos/services/servarr/default.nix | 10 ++++++++++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index cd3f50c..0aeab37 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1733175814, + "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "bf23fe41082aa0289c209169302afd3397092f22", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733015953, + "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1732704680, - "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", + "lastModified": 1733215745, + "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=", "owner": "nix-community", "repo": "NUR", - "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", + "rev": "251d756a74e67bda25d89327b01a3da19dddabae", "type": "github" }, "original": { diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..4aa0de7 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -96,5 +96,15 @@ in # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") + + # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved + (lib.mkIf cfg.sonarr.enable { + nixpkgs.config.permittedInsecurePackages = [ + "aspnetcore-runtime-6.0.36" + "aspnetcore-runtime-wrapped-6.0.36" + "dotnet-sdk-6.0.428" + "dotnet-sdk-wrapped-6.0.428" + ]; + }) ]); } From 35c547a090afdf77a1fb42125170649ef1247ab8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 3 Dec 2024 10:43:33 +0000 Subject: [PATCH 183/379] home: tmux: enable focus events Since `tmux-sensible` was disabled by default, we should enable this explicitly now. --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index bb23b44..ae8b8f0 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,6 +48,7 @@ in escapeTime = 0; # Let vim do its thing instead historyLimit = 100000; # Bigger buffer mouse = false; # I dislike mouse support + focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ From 19120bca2943d5a03d9116bc547f89197059694b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 8 Dec 2024 16:08:48 -0500 Subject: [PATCH 184/379] nixos: hardware: graphics: use 'initrd' option --- modules/nixos/hardware/graphics/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 89bb1cd..7d8b359 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -33,9 +33,8 @@ in # AMD GPU (lib.mkIf (cfg.gpuFlavor == "amd") { - boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; - hardware.amdgpu = { + initrd.enable = cfg.amd.enableKernelModule; # Vulkan amdvlk = lib.mkIf cfg.amd.amdvlk { enable = true; From cb5eb68d35ce1a70c8d7b8560b23586f065c79e1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Dec 2024 00:46:47 +0100 Subject: [PATCH 185/379] flake: bump inputs And fix deprecated NUR overlay attribute. --- flake.lock | 60 +++++++++++++++++++++++++++++++----------- flake.nix | 4 +++ flake/home-manager.nix | 2 +- flake/nixos.nix | 2 +- 4 files changed, 51 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 0aeab37..0db428a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1733873195, + "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733015953, - "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "type": "github" }, "original": { @@ -167,12 +167,21 @@ } }, "nur": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, "locked": { - "lastModified": 1733215745, - "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=", + "lastModified": 1733873876, + "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=", "owner": "nix-community", "repo": "NUR", - "rev": "251d756a74e67bda25d89327b01a3da19dddabae", + "rev": "77c8486c65517272727884ca62b9322092f4f643", "type": "github" }, "original": { @@ -194,11 +203,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1733665616, + "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", "type": "github" }, "original": { @@ -235,6 +244,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a07ee15..f0bb79c 100644 --- a/flake.nix +++ b/flake.nix @@ -55,6 +55,10 @@ owner = "nix-community"; repo = "NUR"; ref = "master"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + }; }; pre-commit-hooks = { diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 34af375..add889e 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -25,7 +25,7 @@ let inherit system; overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; }; diff --git a/flake/nixos.nix b/flake/nixos.nix index b48b551..fa656dc 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -7,7 +7,7 @@ let } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; } # Include generic settings From c5a375d1657cac9ed2b2aa449c9380298a390ad7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Dec 2024 00:48:54 +0100 Subject: [PATCH 186/379] nixos: services: paperless: use automatic DB setup That way I don't have to worry about the `postgresql.service` dependency anymore :-). --- modules/nixos/services/paperless/default.nix | 40 ++------------------ 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c8967e1..63f456b 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -61,11 +61,6 @@ in PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Use PostgreSQL - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBUSER = "paperless"; - PAPERLESS_DBNAME = "paperless"; - # Security settings PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; @@ -87,40 +82,11 @@ in # Secret key environmentFile = cfg.secretKeyFile; - }; - systemd.services = { - paperless-scheduler = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; - - paperless-consumer = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - - paperless-web = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - - paperless-task-queue = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - }; - - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "paperless" ]; - ensureUsers = [ - { - name = "paperless"; - ensureDBOwnership = true; - } - ]; }; # Set-up media group From b2d2ff179840437f5659102c03356a112c2c24df Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Dec 2024 00:19:31 +0100 Subject: [PATCH 187/379] nixos: services: postgres: fix renamed option --- modules/nixos/services/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index bbe46d4..3dcf6d1 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -27,11 +27,11 @@ in oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldData = pgCfg.dataDir; - oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin"; + oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin"; newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; - newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin"; + newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin"; in [ (pkgs.writeScriptBin "upgrade-pg-cluster" '' From dec5dabf02ed6a901f9f9feb97ffcd8973e54237 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Dec 2024 00:20:18 +0100 Subject: [PATCH 188/379] modules: services: postgres: upgrade version --- modules/nixos/services/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 3dcf6d1..1dca164 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -14,7 +14,7 @@ in # Let other services enable postgres when they need it (lib.mkIf cfg.enable { services.postgresql = { - package = pkgs.postgresql_13; + package = pkgs.postgresql_17; }; }) @@ -23,7 +23,7 @@ in environment.systemPackages = let pgCfg = config.services.postgresql; - newPackage' = pkgs.postgresql_13; + newPackage' = pkgs.postgresql_17; oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldData = pgCfg.dataDir; From 747b344b766e22ac7bb3ba4152db60de49cd12be Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 15 Dec 2024 17:50:43 -0500 Subject: [PATCH 189/379] pkgs: remove 'cgt-calc' It's been merged upstream. --- pkgs/cgt-calc/default.nix | 47 --------------------------------------- pkgs/default.nix | 2 -- 2 files changed, 49 deletions(-) delete mode 100644 pkgs/cgt-calc/default.nix diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix deleted file mode 100644 index 9966944..0000000 --- a/pkgs/cgt-calc/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib -, fetchFromGitHub -, python3Packages -, withTeXLive ? true -, texliveSmall -}: -python3Packages.buildPythonApplication rec { - pname = "cgt-calc"; - version = "1.13.0"; - pyproject = true; - - src = fetchFromGitHub { - owner = "KapJI"; - repo = "capital-gains-calculator"; - rev = "v${version}"; - hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw="; - }; - - build-system = with python3Packages; [ - poetry-core - ]; - - dependencies = with python3Packages; [ - defusedxml - jinja2 - pandas - requests - types-requests - yfinance - ]; - - makeWrapperArgs = lib.optionals withTeXLive [ - "--prefix" - "PATH" - ":" - "${lib.getBin texliveSmall}/bin" - ]; - - meta = with lib; { - description = "UK capital gains tax calculator"; - homepage = "https://github.com/KapJI/capital-gains-calculator"; - license = with licenses; [ mit ]; - mainProgram = "cgt-calc"; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 949bcf7..6b7fce1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,8 +2,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { bw-pass = pkgs.callPackage ./bw-pass { }; - cgt-calc = pkgs.callPackage ./cgt-calc { }; - change-audio = pkgs.callPackage ./change-audio { }; change-backlight = pkgs.callPackage ./change-backlight { }; From 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:12:46 -0500 Subject: [PATCH 190/379] overlays: add 'lsp-format-nvim-indentation' To fix the issue I reported upstream [1]. [1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94 --- overlays/lsp-format-nvim-indentation/default.nix | 4 ++++ overlays/lsp-format-nvim-indentation/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/lsp-format-nvim-indentation/default.nix create mode 100644 overlays/lsp-format-nvim-indentation/generated.nix diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/lsp-format-nvim-indentation/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix new file mode 100644 index 0000000..1902207 --- /dev/null +++ b/overlays/lsp-format-nvim-indentation/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/lukas-reineke/lsp-format.nvim/issues/94 + (fetchpatch { + name = "use-effective-indentation"; + url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch"; + hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk="; + }) + ]; + }); +} From 322fbc970b12c187eb32a3c6ea57fe81cb4625db Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:14:16 -0500 Subject: [PATCH 191/379] home: vim: lsp: rely on 'bashls' formatting I finally figured out why I was getting the wrong indentation, turns out it was an issue in `lsp-format.nvim`. With that fixed/worked around, I can now rely completely on `bash-language-server` for formatting. I'll also rely on `shfmt` automatically detecting the type of file, as (Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and `ft=sh` for POSIX shell. Finally, I removed spaces after redirections, I've now come around to liking the default (no spaces) better. --- .../home/vim/plugin/settings/lspconfig.lua | 10 +++++++ modules/home/vim/plugin/settings/null-ls.lua | 26 ------------------- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 9e9425c..1f9abfd 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -74,6 +74,16 @@ if utils.is_executable("bash-language-server") then filetypes = { "bash", "sh", "zsh" }, capabilities = capabilities, on_attach = lsp.on_attach, + settings = { + bashIde = { + shfmt = { + -- Simplify the code + simplifyCode = true, + -- Indent switch cases + caseIndent = true, + }, + }, + }, }) end diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index eadf16a..258a209 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -46,29 +46,3 @@ null_ls.register({ condition = utils.is_executable_condition("isort"), }), }) - --- Shell (non-POSIX) -null_ls.register({ - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use bash dialect - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) - --- Shell (POSIX) -null_ls.register({ - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use POSIX - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) From f4f1aad1c08bc232908cb8ce3e3ee2a0b6c38645 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:33:22 -0500 Subject: [PATCH 192/379] pkgs: fix shell formatting Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance with my editor settings. --- pkgs/bw-pass/bw-pass | 2 +- pkgs/change-audio/change-audio | 2 +- pkgs/diff-flake/diff-flake | 14 +++++++------- pkgs/osc52/osc52 | 2 +- pkgs/osc777/osc777 | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkgs/bw-pass/bw-pass b/pkgs/bw-pass/bw-pass index 124714a..0e974b7 100755 --- a/pkgs/bw-pass/bw-pass +++ b/pkgs/bw-pass/bw-pass @@ -66,7 +66,7 @@ query_password() { printf '%s\n' "$PASSWORD" } -if [ $# -lt 1 ] || [ $# -gt 2 ]; then +if [ $# -lt 1 ] || [ $# -gt 2 ]; then usage exit 1 fi diff --git a/pkgs/change-audio/change-audio b/pkgs/change-audio/change-audio index 612fecf..5a1fb9c 100755 --- a/pkgs/change-audio/change-audio +++ b/pkgs/change-audio/change-audio @@ -62,7 +62,7 @@ do_toggle() { } case "$1" in - up|down) + up | down) do_change_volume "$@" ;; toggle) diff --git a/pkgs/diff-flake/diff-flake b/pkgs/diff-flake/diff-flake index 0572b4e..a2a3513 100755 --- a/pkgs/diff-flake/diff-flake +++ b/pkgs/diff-flake/diff-flake @@ -81,23 +81,23 @@ parse_args() { shift case "$opt" in - -h|--help) + -h | --help) usage exit ;; - -f|--flake-output) + -f | --flake-output) FLAKE_OUTPUTS+=("$1") shift ;; - -o|--output) + -o | --output) OUTPUT_FILE="$1" shift ;; - -n|--new-rev) + -n | --new-rev) NEW_REV="$(git rev-parse "$1")" shift ;; - -p|--previous-rev) + -p | --previous-rev) PREVIOUS_REV="$(git rev-parse "$1")" shift ;; @@ -157,7 +157,7 @@ list_dev_shells() { } diff_output() { - local PREV NEW; + local PREV NEW PREV="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)" @@ -169,7 +169,7 @@ diff_output() { printf 'Closure diff for `%s`:\n```\n' "$1" nix store diff-closures "$PREV" "$NEW" | sanitize_output printf '```\n\n' - } >> "$OUTPUT_FILE" + } >>"$OUTPUT_FILE" } parse_args "$@" diff --git a/pkgs/osc52/osc52 b/pkgs/osc52/osc52 index f64ccb6..de3a982 100755 --- a/pkgs/osc52/osc52 +++ b/pkgs/osc52/osc52 @@ -15,7 +15,7 @@ usage() { exec 1>&2 fi - cat << EOF + cat <&2 fi - cat << EOF + cat < Send a notification (title and message) to the host system using the OSC 777 escape sequence: From c75a307c58f3280fa326f764a1517a04e37898ec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:39:15 -0500 Subject: [PATCH 193/379] home: wm: i3: fix 'pavucontrol' float --- modules/home/wm/i3/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index c432864..ec4f87f 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,7 +127,7 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } - { class = "^Pavucontrol.*$"; } + { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = ".?blueman-manager.*$"; } ]; From ead8101b8d94e88dd648a694d117bc8f4f10fcd7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:45:52 -0500 Subject: [PATCH 194/379] home: wm: i3: match 'blueman' float explicitly This is more of a work-around due to the wrapper in nixpkgs' packaging of that application, so might as well make that explicit and narrow. --- modules/home/wm/i3/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index ec4f87f..92d1381 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -129,7 +129,7 @@ in { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } - { class = ".?blueman-manager.*$"; } + { class = "^\\.blueman-manager-wrapped$"; } ]; }; From b7b6705391fccf00ca277f57bb8b730fc0e78bf1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:47:24 -0500 Subject: [PATCH 195/379] home: wm: i3: make 'arandr' float Another work-around due to a wrapper in nixpkgs. --- modules/home/wm/i3/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 92d1381..029a14b 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -130,6 +130,7 @@ in { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } + { class = "^\\.arandr-wrapped$"; } ]; }; From 5cae5632d31be145211fb927eed6af24216db3b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 21 Dec 2024 17:06:37 -0500 Subject: [PATCH 196/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0db428a..bc1d34b 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1733873195, - "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=", + "lastModified": 1734808199, + "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", "owner": "nix-community", "repo": "home-manager", - "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758", + "rev": "f342df3ad938f205a913973b832f52c12546aac6", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1733873876, - "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=", + "lastModified": 1734810357, + "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=", "owner": "nix-community", "repo": "NUR", - "rev": "77c8486c65517272727884ca62b9322092f4f643", + "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1733665616, - "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", + "lastModified": 1734797603, + "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", + "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", "type": "github" }, "original": { From e65b3ed1fc7977b9214c5bdbe1369c3decc96454 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 23 Dec 2024 22:42:42 -0500 Subject: [PATCH 197/379] home: vim: ftplugin: add query --- modules/home/vim/after/ftplugin/query.vim | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/ftplugin/query.vim diff --git a/modules/home/vim/after/ftplugin/query.vim b/modules/home/vim/after/ftplugin/query.vim new file mode 100644 index 0000000..fd2ac73 --- /dev/null +++ b/modules/home/vim/after/ftplugin/query.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Use a small indentation value on query files +setlocal shiftwidth=2 +let b:undo_ftplugin.='|setlocal shiftwidth<' From 2996481327151763beece5cc24acb7913c2a5399 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 28 Dec 2024 13:24:21 -0500 Subject: [PATCH 198/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index bc1d34b..a1385ba 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1734808199, - "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", + "lastModified": 1735381016, + "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "f342df3ad938f205a913973b832f52c12546aac6", + "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1735291276, + "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1734810357, - "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=", + "lastModified": 1735408823, + "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", "owner": "nix-community", "repo": "NUR", - "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e", + "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", "type": "github" }, "original": { From 9c50691ede84ad83e1d7fa4dc3334f38cee08630 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 28 Dec 2024 13:28:03 -0500 Subject: [PATCH 199/379] nixos: services: nginx: sso: use upstream module It's finally been merged, so let's get rid of this module. --- modules/nixos/services/nginx/default.nix | 4 - modules/nixos/services/nginx/sso/default.nix | 84 -------------------- 2 files changed, 88 deletions(-) delete mode 100644 modules/nixos/services/nginx/sso/default.nix diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 3bba9f4..cb27604 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -87,10 +87,6 @@ let }); in { - imports = [ - ./sso - ]; - options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix deleted file mode 100644 index d60e31b..0000000 --- a/modules/nixos/services/nginx/sso/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -# I must override the module to allow having runtime secrets -{ config, lib, pkgs, utils, ... }: -let - cfg = config.services.nginx.sso; - pkg = lib.getBin cfg.package; - confPath = "/var/lib/nginx-sso/config.json"; -in -{ - disabledModules = [ "services/security/nginx-sso.nix" ]; - - - options.services.nginx.sso = with lib; { - enable = mkEnableOption "nginx-sso service"; - - package = mkOption { - type = types.package; - default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; - description = '' - The nginx-sso package that should be used. - ''; - }; - - configuration = mkOption { - type = types.attrsOf types.unspecified; - default = { }; - example = literalExample '' - { - listen = { addr = "127.0.0.1"; port = 8080; }; - - providers.token.tokens = { - myuser = "MyToken"; - }; - - acl = { - rule_sets = [ - { - rules = [ { field = "x-application"; equals = "MyApp"; } ]; - allow = [ "myuser" ]; - } - ]; - }; - } - ''; - description = '' - nginx-sso configuration - (documentation) - as a Nix attribute set. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - systemd.services.nginx-sso = { - description = "Nginx SSO Backend"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - StateDirectory = "nginx-sso"; - WorkingDirectory = "/var/lib/nginx-sso"; - # The files to be merged might not have the correct permissions - ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' - rm -f '${confPath}' - ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - ''; - ExecStart = lib.mkForce '' - ${lib.getExe pkg} \ - --config ${confPath} \ - --frontend-dir ${pkg}/share/frontend - ''; - Restart = "always"; - User = "nginx-sso"; - Group = "nginx-sso"; - }; - }; - - users.users.nginx-sso = { - isSystemUser = true; - group = "nginx-sso"; - }; - - users.groups.nginx-sso = { }; - }; -} From debf061dd2f03d166b543da5a182b2645d90a6b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:35:20 +0000 Subject: [PATCH 200/379] treewide: add 'shell=bash' for '.envrc' files Looks like the `shellcheck` pre-commit hook starting running on those files as well. --- .envrc | 1 + templates/c++-cmake/.envrc | 1 + templates/c++-meson/.envrc | 1 + templates/rust-cargo/.envrc | 1 + 4 files changed, 4 insertions(+) mode change 100644 => 100755 templates/c++-cmake/.envrc diff --git a/.envrc b/.envrc index f5141c2..a6b1f81 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc old mode 100644 new mode 100755 index de77fcb..390d06d --- a/templates/c++-cmake/.envrc +++ b/templates/c++-cmake/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc index de77fcb..390d06d 100644 --- a/templates/c++-meson/.envrc +++ b/templates/c++-meson/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc index de77fcb..390d06d 100644 --- a/templates/rust-cargo/.envrc +++ b/templates/rust-cargo/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi From 2cf14c92d33bf47db9856932e9cb4a6ce92ad4fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:37:07 +0000 Subject: [PATCH 201/379] flake: bump inputs --- flake.lock | 33 +++++++++++++++------------------ flake.nix | 1 - 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index a1385ba..a95fb34 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1735381016, - "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735291276, - "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", + "lastModified": 1736701207, + "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", + "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1735408823, - "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", + "lastModified": 1736786866, + "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=", "owner": "nix-community", "repo": "NUR", - "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", + "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891", "type": "github" }, "original": { @@ -197,17 +197,14 @@ "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" ] }, "locked": { - "lastModified": 1734797603, - "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f0bb79c..afd3c80 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,6 @@ ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; }; }; From 9f2ed2ae5a5348cd2c97acc95be795a24d0bbe14 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:37:41 +0000 Subject: [PATCH 202/379] nixos: hardware: fix renamed 'pulseaudio' config --- modules/nixos/hardware/bluetooth/default.nix | 2 +- modules/nixos/hardware/sound/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index e9b1991..b14ac21 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -20,7 +20,7 @@ in # Support for additional bluetooth codecs (lib.mkIf cfg.loadExtraCodecs { - hardware.pulseaudio = { + services.pulseaudio = { extraModules = [ pkgs.pulseaudio-modules-bt ]; package = pkgs.pulseaudioFull; }; diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index 1cf12cb..cd453de 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,7 +54,7 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - hardware.pulseaudio.enable = true; + services.pulseaudio.enable = true; }) ]); } From c99b5b2532cc1654a38bca9cd2ad7460f35aa278 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:38:05 +0000 Subject: [PATCH 203/379] nixos: services: komga: use 'settings' --- modules/nixos/services/komga/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index e1dc780..160d6ce 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -21,10 +21,10 @@ in inherit (cfg) port; group = "media"; - }; - systemd.services.komga.environment = { - LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban + settings = { + logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban + }; }; # Set-up media group From f08787625b73ce88487303814e13e7355721dddd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Jan 2025 12:34:20 +0000 Subject: [PATCH 204/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a95fb34..8884f79 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1736785676, - "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", + "lastModified": 1737968762, + "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", + "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736701207, - "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736786866, - "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=", + "lastModified": 1738059992, + "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=", "owner": "nix-community", "repo": "NUR", - "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891", + "rev": "c46c836963685acbd2430439f859b60f230b3643", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { From 1540483955f38bb57af7706c7e458378028e36f4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 30 Jan 2025 13:06:49 +0100 Subject: [PATCH 205/379] nixos: services: komga: fix deprecated option --- modules/nixos/services/komga/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index 160d6ce..9af3cd1 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -18,11 +18,11 @@ in config = lib.mkIf cfg.enable { services.komga = { enable = true; - inherit (cfg) port; group = "media"; settings = { + server.port = cfg.port; logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban }; }; From 533e3b9a9f198d1a8168060db694f3a6ae6464b0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 29 Jan 2025 19:14:54 +0100 Subject: [PATCH 206/379] nixos: services: add homebox --- modules/nixos/services/default.nix | 1 + modules/nixos/services/homebox/default.nix | 42 ++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 modules/nixos/services/homebox/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 651f3f8..3992385 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -14,6 +14,7 @@ ./forgejo ./gitea ./grocy + ./homebox ./indexers ./jellyfin ./komga diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix new file mode 100644 index 0000000..d79e331 --- /dev/null +++ b/modules/nixos/services/homebox/default.nix @@ -0,0 +1,42 @@ +# Home inventory made easy +{ config, lib, ... }: +let + cfg = config.my.services.homebox; +in +{ + options.my.services.homebox = with lib; { + enable = mkEnableOption "Homebox home inventory"; + + port = mkOption { + type = types.port; + default = 7745; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.homebox = { + enable = true; + + settings = { + # FIXME: mailer? + HBOX_WEB_PORT = toString cfg.port; + }; + }; + + my.services.nginx.virtualHosts = { + homebox = { + inherit (cfg) port; + }; + }; + + my.services.backup = { + paths = [ + config.services.homebox.settings.HBOX_STORAGE_DATA + ]; + }; + + # NOTE: unfortunately homebox does not log connection failures for fail2ban + }; +} From 2cbcbb7b3a6819a66c7e2fb84a623e6bea087d35 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 4 Feb 2025 15:15:28 +0000 Subject: [PATCH 207/379] home: secrets: fix path to 'keys' --- modules/home/secrets/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/secrets/secrets.nix b/modules/home/secrets/secrets.nix index f474342..27cdb4e 100644 --- a/modules/home/secrets/secrets.nix +++ b/modules/home/secrets/secrets.nix @@ -1,6 +1,6 @@ # Common secrets let - keys = import ../../keys; + keys = import ../../../keys; all = builtins.attrValues keys.users; in From 9c4d853037aaca039709c7bd013738b5528e31fe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Feb 2025 11:28:27 +0000 Subject: [PATCH 208/379] home: secrets: github: update token --- modules/home/secrets/github/token.age | Bin 369 -> 253 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/modules/home/secrets/github/token.age b/modules/home/secrets/github/token.age index 1d36ccdc3cc89a5b9c5bd9df4e8b62445fe4b3b0..3e8bb5a8329daf21e005a46c76ade14a887d5952 100644 GIT binary patch delta 217 zcmey!^p|mhPJO9wfw_@)QdN0wwn1o$iD_`MPquGrqD5eZwnt=ogkNHcrDcY;t7THQ zFPCqzYm`%&fs3WThev@yg-ft$REC*}p?+?0MMZ`|NL5LoS5$JTS4Mt*B$uwPu7YEx zn{i%RYEYhwWnN@KRgR^PTUbV9eoC5aZlYO=SypmIL{Mdjxk-U@peGk^#jIn8)9!jl zD=c=X^7Ym#tkv=mzIfc}u-Q)8ry`Fp%Cxecmb~(l>&(K)4JmrZW=LuO*_m_GTgBny T^33`v>=u2U1}$?cyY#C8DZ^1= delta 334 zcmey%_>pOXPJKpUxwlJVUanhtPOxD_rb)S{n?Y5MNuIlpb6#+2q@jyRm`hSpfk|>j zHdkbDP*spmzGYHXj+s|Usb`6&V`;9Zk%g0aqCr(^rJJdfn`KtEr&FO(AeXM4LSaf- zS!Ax6ZhBE_VsWa1l7Y2?k)=YQf`7gaSGGyITe5p{czu#dXhEP~Mq*BgV{u|?QfgkF zxrd{3RAgkKv42^KQCMlYSxI3*uz{0fq?fOYiFU3*sE12RMm|?YcxsMch*_$8VS#^C zYCup?KslGLuC9W4R$57(b9hQrj-gR;L~==XRc=LYv9?c%r+c Date: Wed, 12 Feb 2025 14:26:07 +0000 Subject: [PATCH 209/379] pkgs: lohr: use 'useFetchCargoVendor' The previous fetcher is in the process of being deprecated. --- pkgs/lohr/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index b89ccff..aeb13b1 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,8 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo="; + useFetchCargoVendor = true; + cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { description = "Git mirroring daemon"; From 40a841031fe465b7225927d1d493627e547cab59 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:27:15 +0000 Subject: [PATCH 210/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8884f79..b7ca708 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1737968762, - "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", + "lastModified": 1739314552, + "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", + "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1738059992, - "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=", + "lastModified": 1739229047, + "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=", "owner": "nix-community", "repo": "NUR", - "rev": "c46c836963685acbd2430439f859b60f230b3643", + "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b", "type": "github" }, "original": { From 374886a63f01f2f736ce4502e61ba017403a77fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:30:00 +0000 Subject: [PATCH 211/379] nixos: services: servarr: remove build work-around It's been fixed upstream. This partially reverts commit ad1cfbd6f03e0b38f690d8563af02c1c04d8b731. --- modules/nixos/services/servarr/default.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 4aa0de7..e25d9cf 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -96,15 +96,5 @@ in # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") - - # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved - (lib.mkIf cfg.sonarr.enable { - nixpkgs.config.permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; - }) ]); } From 80b4c9ffcd8e610e39e473a6425001e9e939386f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:31:20 +0000 Subject: [PATCH 212/379] home: mail: accounts: use 'migadu' flavor --- modules/home/mail/accounts/default.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 202b9bc..5216ad5 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -26,20 +26,7 @@ let }; migaduConfig = { - imap = { - host = "imap.migadu.com"; - port = 993; - tls = { - enable = true; - }; - }; - smtp = { - host = "smtp.migadu.com"; - port = 465; - tls = { - enable = true; - }; - }; + flavor = "migadu.com"; }; gmailConfig = { From f474c033d5d89d9cf84bbc18f878eb1bb9fed4d3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 14:40:39 +0000 Subject: [PATCH 213/379] nixos: services: nginx: remove zstd compression The zstd module is unmaintained and buggy, remove it preventively. The option itself will probably be removed soon [1]. [1]: https://github.com/NixOS/nixpkgs/pull/381678 --- modules/nixos/services/nginx/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index cb27604..1e9e38a 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -253,7 +253,6 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - recommendedZstdSettings = true; virtualHosts = let From 8f5be69a4e297c8289399ae09b805090042ebfcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Feb 2025 15:33:40 +0100 Subject: [PATCH 214/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b7ca708..c4ae7ba 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1739314552, - "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", + "lastModified": 1739790043, + "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", + "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739580444, + "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "8bb37161a0488b89830168b81c48aed11569cb93", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739229047, - "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=", + "lastModified": 1739796551, + "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=", "owner": "nix-community", "repo": "NUR", - "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b", + "rev": "827aa6eeaf92cc085f84947f6c32002792b67497", "type": "github" }, "original": { From 1237ef41742323d88d639877d38cd6ec05d9cf91 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:22:00 +0000 Subject: [PATCH 215/379] home: git: include local configuration properly Using `includes` ensures that the local configuration is included at the end of the configuration file. --- modules/home/git/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 1bb2215..8791cb2 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -123,11 +123,6 @@ in defaultBranch = "main"; }; - # Local configuration, not-versioned - include = { - path = "config.local"; - }; - merge = { conflictStyle = "zdiff3"; }; @@ -167,8 +162,8 @@ in }; }; - # Multiple identities includes = [ + # Multiple identities { condition = "gitdir:~/git/EPITA/"; contents = { @@ -187,6 +182,10 @@ in }; }; } + # Local configuration, not-versioned + { + path = "config.local"; + } ]; ignores = From 337d7309c61e39bd77db6537acde9a301dade42f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:41:54 +0000 Subject: [PATCH 216/379] home: git: use 'mkAfter' for config includes This should ensure that they will be included at the very end of the configuration, even if other modules add more includes. Notably, this ensures that the local configuration can override any other setting. --- modules/home/git/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 8791cb2..c88008f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -162,7 +162,7 @@ in }; }; - includes = [ + includes = lib.mkAfter [ # Multiple identities { condition = "gitdir:~/git/EPITA/"; From d3a953247c270ca2e771bac5343123c4239c0da3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 14:15:01 +0000 Subject: [PATCH 217/379] home: packages: disable on 'useGlobalPkgs' It doesn't do anything when `useGlobalPkgs` is set, and has started warning about its upcoming deprecation. --- modules/home/packages/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index b0f8d67..43f7111 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -1,6 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: let cfg = config.my.home.packages; + useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false; in { options.my.home.packages = with lib; { @@ -29,7 +30,7 @@ in tree ] ++ cfg.additionalPackages); - nixpkgs.config = { + nixpkgs.config = lib.mkIf (!useGlobalPkgs) { inherit (cfg) allowAliases allowUnfree; }; }; From 852696409a4319a9767814c4483072d4bb9cbd61 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 17:07:43 +0000 Subject: [PATCH 218/379] home: pager: remove 'LESSKEY' It should do the lookup in `$XDG_CONFIG_HOME/lesskey` automatically now. --- modules/home/pager/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index 1119440..a35da2c 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -16,7 +16,6 @@ in LESS = "-R -+X -c"; # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; - LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; } From e43570fe5bfa8a6258d11c3eb8f7738cb045a5ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 17:04:21 +0000 Subject: [PATCH 219/379] home: pager: allow quitting without screen clear --- modules/home/pager/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index a35da2c..e84dcb7 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -17,5 +17,10 @@ in # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; + + xdg.configFile."lesskey".text = '' + # Quit without clearing the screen on `Q` + Q toggle-option -!^Predraw-on-quit\nq + ''; }; } From 84f1186b6c6888ed3ebc1fb6072a259e509b3271 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:38:07 +0000 Subject: [PATCH 220/379] home: tmux: add 'enableResurrect' To be used on the cloudtop with its frequent reboots. --- modules/home/tmux/default.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index ae8b8f0..5371643 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -20,6 +20,8 @@ in enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; + enableResurrect = mkEnableOption "tmux-resurrect plugin"; + terminalFeatures = mkOption { type = with types; attrsOf (submodule { options = { @@ -51,7 +53,7 @@ in focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info - plugins = with pkgs.tmuxPlugins; [ + plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode open # Better pane management @@ -79,6 +81,13 @@ in set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M' ''; } + # Resurrect sessions + (lib.optionalAttrs cfg.enableResurrect { + plugin = resurrect; + extraConfig = '' + set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect' + ''; + }) ]; extraConfig = '' From 105bcbd53a30d349bb68276249a77793ec5f2d19 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:39:46 +0000 Subject: [PATCH 221/379] hosts: home: mousqueton: enable 'tmux-resurrect' --- hosts/homes/ambroisie@mousqueton/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 44e62e6..37884d7 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -15,6 +15,9 @@ # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; + # Frequent reboots mean that session persistence can be handy + enableResurrect = true; + terminalFeatures = { # HTerm uses `xterm-256color` as its `$TERM`, so use that here xterm-256color = { }; From edeb67238bc24dc982075bb5f6787d8035b578b3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:58:02 +0000 Subject: [PATCH 222/379] home: tmux: enable aggressive resize Generally useful, rarely gets in the way, I'd rather have it enabled by default. --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 5371643..08b9202 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -52,6 +52,7 @@ in mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info + aggressiveResize = true; # Automatic resize when switching client size plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode From 0dc8ac443313724285d54447330311f3b2e0856b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 12:36:10 +0000 Subject: [PATCH 223/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c4ae7ba..bd5cf0a 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1739790043, - "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=", + "lastModified": 1740624780, + "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9", + "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739580444, - "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=", + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bb37161a0488b89830168b81c48aed11569cb93", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739796551, - "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=", + "lastModified": 1740655932, + "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=", "owner": "nix-community", "repo": "NUR", - "rev": "827aa6eeaf92cc085f84947f6c32002792b67497", + "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a", "type": "github" }, "original": { From 88c00bb83d7d83d9af480f9de8027175bdd32ec7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 12:44:10 +0000 Subject: [PATCH 224/379] home: firefox: fix deprecated option --- modules/home/firefox/default.nix | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 02c74f2..6346dc9 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -61,19 +61,21 @@ in "ui.systemUsesDarkTheme" = true; # Dark mode }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; ([ - bitwarden - consent-o-matic - form-history-control - reddit-comment-collapser - reddit-enhancement-suite - refined-github - sponsorblock - ublock-origin - ] - ++ lib.optional (cfg.tridactyl.enable) tridactyl - ++ lib.optional (cfg.ff2mpv.enable) ff2mpv - ); + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; ([ + bitwarden + consent-o-matic + form-history-control + reddit-comment-collapser + reddit-enhancement-suite + refined-github + sponsorblock + ublock-origin + ] + ++ lib.optional (cfg.tridactyl.enable) tridactyl + ++ lib.optional (cfg.ff2mpv.enable) ff2mpv + ); + }; }; }; }; From ca618b53ccef400567eef305c634854ca16529fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 16:59:15 +0000 Subject: [PATCH 225/379] home: vim: oil: explicitly remove icons They started appearing on the latest bump, it looks like my configuration started including `nvim-web-devicons` (see [1]). I'll probably remove this configuration on the next nixpkgs bump (it's a good canary to check that I *never* include icons in the future). [1]: https://github.com/NixOS/nixpkgs/pull/382668 --- modules/home/vim/plugin/settings/oil.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index a160725..74d5007 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -4,6 +4,8 @@ local wk = require("which-key") local detail = false oil.setup({ + -- Don't show icons + columns = {}, view_options = { -- Show files and directories that start with "." by default show_hidden = true, From dc4221fc17fc3d36e75f4d47b6e1a552969ab29f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Mar 2025 13:02:02 +0000 Subject: [PATCH 226/379] flake: bump inputs And remove the overlay for `lsp-format.nvim`, which has been fixed. This reverts commit 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a. --- flake.lock | 30 +++++++++---------- .../lsp-format-nvim-indentation/default.nix | 4 --- .../lsp-format-nvim-indentation/generated.nix | 14 --------- 3 files changed, 15 insertions(+), 33 deletions(-) delete mode 100644 overlays/lsp-format-nvim-indentation/default.nix delete mode 100644 overlays/lsp-format-nvim-indentation/generated.nix diff --git a/flake.lock b/flake.lock index bd5cf0a..6db188a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1740624780, - "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1740655932, - "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=", + "lastModified": 1741294988, + "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", "owner": "nix-community", "repo": "NUR", - "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a", + "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1742058297, + "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", "type": "github" }, "original": { diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix deleted file mode 100644 index 832e71d..0000000 --- a/overlays/lsp-format-nvim-indentation/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix deleted file mode 100644 index 1902207..0000000 --- a/overlays/lsp-format-nvim-indentation/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/lukas-reineke/lsp-format.nvim/issues/94 - (fetchpatch { - name = "use-effective-indentation"; - url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch"; - hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk="; - }) - ]; - }); -} From 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Mar 2025 11:45:07 +0000 Subject: [PATCH 227/379] home: git: add 'ignoreRevsFile' I'm surprised I hadn't configured it already. `.git-blame-ignore-revs` is the usual name, as most forges automatically detect and use it. --- modules/home/git/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c88008f..bd085b8 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -75,6 +75,7 @@ in # Makes it a bit more readable blame = { coloring = "repeatedLines"; + ignoreRevsFile = ".git-blame-ignore-revs"; markIgnoredLines = true; markUnblamables = true; }; From 9156a8211d6388e274698e834d010710d727d425 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 11:47:59 +0000 Subject: [PATCH 228/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6db188a..2eff24a 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1742771635, + "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1742058297, - "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { From 6fc81e45e98bcb4190641c53aad62a28cb782367 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 11:58:56 +0000 Subject: [PATCH 229/379] home: zsh: migrate to 'initContent' This also fixes a small ordering issue: my alias definitions used to be defined at the very end of the file, they're now slotted _before_ the `zshrc.local` import. --- modules/home/zsh/default.nix | 40 +++++++++++++++++------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 11b6cb2..f4092d8 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -87,28 +87,26 @@ in # Modal editing is life, but CLI benefits from emacs gymnastics defaultKeymap = "emacs"; - # Make those happen early to avoid doing double the work - initExtraFirst = lib.mkBefore '' - ${ - lib.optionalString cfg.launchTmux '' - # Launch tmux unless already inside one - if [ -z "$TMUX" ]; then - exec tmux new-session - fi - '' - } - ''; + initContent = lib.mkMerge [ + # Make those happen early to avoid doing double the work + (lib.mkBefore (lib.optionalString cfg.launchTmux '' + # Launch tmux unless already inside one + if [ -z "$TMUX" ]; then + exec tmux new-session + fi + '')) - initExtra = lib.mkAfter '' - source ${./completion-styles.zsh} - source ${./extra-mappings.zsh} - source ${./options.zsh} + (lib.mkAfter '' + source ${./completion-styles.zsh} + source ${./extra-mappings.zsh} + source ${./options.zsh} - # Source local configuration - if [ -f "$ZDOTDIR/zshrc.local" ]; then - source "$ZDOTDIR/zshrc.local" - fi - ''; + # Source local configuration + if [ -f "$ZDOTDIR/zshrc.local" ]; then + source "$ZDOTDIR/zshrc.local" + fi + '') + ]; localVariables = { # I like having the full path @@ -151,7 +149,7 @@ in }; # Use OSC-777 to send the notification through SSH - initExtra = lib.mkIf cfg.notify.ssh.useOsc777 '' + initContent = lib.mkIf cfg.notify.ssh.useOsc777 '' done_send_notification() { local exit_status="$1" local title="$2" From b2758839e8a0fe5cb613542172d6bfd36ba088ee Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 16:51:45 +0000 Subject: [PATCH 230/379] home: vim: lspconfig: add 'harper' Support for more languages is upcoming, I also need to check how to handle custom words/dictionaries. --- modules/home/vim/plugin/settings/lspconfig.lua | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 1f9abfd..f8e65d8 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -96,6 +96,13 @@ if utils.is_executable("starpls") then end -- Generic +if utils.is_executable("harper-ls") then + lspconfig.harper_ls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + if utils.is_executable("typos-lsp") then lspconfig.typos_lsp.setup({ capabilities = capabilities, From abec0dd226d765a54976be0a07442c4ce45b3cdb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Mar 2025 14:30:07 +0000 Subject: [PATCH 231/379] home: git: remove 'ignoreRevsFile' I remember why I didn't set it globally now, it's because `git blame` complains and errors out, rather than silently ignoring the setting, when the file doesn't exist in a repo... This reverts commit 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1. --- modules/home/git/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index bd085b8..c88008f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -75,7 +75,6 @@ in # Makes it a bit more readable blame = { coloring = "repeatedLines"; - ignoreRevsFile = ".git-blame-ignore-revs"; markIgnoredLines = true; markUnblamables = true; }; From 458ea144c447cb15ed07351992f9cbe8f74489db Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Mar 2025 16:52:58 +0000 Subject: [PATCH 232/379] home: vim: remove 'fastfold' configuration I missed it in the original commit that removed the plug-in from my configuration... --- modules/home/vim/plugin/settings/fastfold.lua | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/fastfold.lua diff --git a/modules/home/vim/plugin/settings/fastfold.lua b/modules/home/vim/plugin/settings/fastfold.lua deleted file mode 100644 index 78ee937..0000000 --- a/modules/home/vim/plugin/settings/fastfold.lua +++ /dev/null @@ -1,5 +0,0 @@ --- Intercept all fold commands --- stylua: ignore -vim.g.fastfold_fold_command_suffixes = { - "x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N", -} From 1841ff391d13eb31b3ff670b9c9f4563ecc7140b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Mar 2025 15:27:21 +0000 Subject: [PATCH 233/379] flake: dev-shells: remove redundant 'pre-commit' It's already being installed by the shell hook. --- flake/dev-shells.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake/dev-shells.nix b/flake/dev-shells.nix index d5f5989..87464a4 100644 --- a/flake/dev-shells.nix +++ b/flake/dev-shells.nix @@ -6,7 +6,6 @@ name = "NixOS-config"; nativeBuildInputs = with pkgs; [ - gitAndTools.pre-commit nixpkgs-fmt ]; From 37e88c2707072bc4cc244669c084dccb74b52ab3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 14:41:21 +0000 Subject: [PATCH 234/379] flake: bump inputs And fix the small `jq` breakage. --- flake.lock | 18 +++++++++--------- modules/home/jq/default.nix | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2eff24a..a2d931a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1742771635, - "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", + "lastModified": 1743607567, + "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", "owner": "nix-community", "repo": "home-manager", - "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", + "rev": "49748c74cdbae03d70381f150b810f92617f23aa", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "type": "github" }, "original": { diff --git a/modules/home/jq/default.nix b/modules/home/jq/default.nix index 57e266f..53e5986 100644 --- a/modules/home/jq/default.nix +++ b/modules/home/jq/default.nix @@ -17,6 +17,7 @@ in strings = "0;32"; arrays = "1;39"; objects = "1;39"; + objectKeys = "1;34"; }; }; } From dfb3c353ecc6e2152dfc2440544db2ffbd99a20b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:15:04 +0000 Subject: [PATCH 235/379] home: vim: remove 'lsp_lines' It's been upstreamed! --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/lsp-lines.lua | 3 --- 2 files changed, 4 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/lsp-lines.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 8e6bd5c..b65e935 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -59,7 +59,6 @@ in # LSP and linting nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration - lsp_lines-nvim # Show diagnostics *over* regions none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects diff --git a/modules/home/vim/plugin/settings/lsp-lines.lua b/modules/home/vim/plugin/settings/lsp-lines.lua deleted file mode 100644 index 9c79818..0000000 --- a/modules/home/vim/plugin/settings/lsp-lines.lua +++ /dev/null @@ -1,3 +0,0 @@ -local lsp_lines = require("lsp_lines") - -lsp_lines.setup() From 274d143031cbc350673c8bed520fa0f2522319c0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:17:59 +0000 Subject: [PATCH 236/379] home: vim: fix deprecated calls --- modules/home/vim/lua/ambroisie/lsp.lua | 17 +++++++---------- modules/home/vim/lua/ambroisie/utils.lua | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index eb53da6..3989202 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -5,14 +5,15 @@ local lsp_format = require("lsp-format") --- Move to the next/previous diagnostic, automatically showing the diagnostics --- float if necessary. ---- @param forward bool whether to go forward or backwards -local function goto_diagnostic(forward) +--- @param count number whether to go count or backwards +local function goto_diagnostic(count) vim.validate({ - forward = { forward, "boolean" }, + count = { count, "number" }, }) local opts = { float = false, + count = count, } -- Only show floating diagnostics if they are otherwise not displayed @@ -21,23 +22,19 @@ local function goto_diagnostic(forward) opts.float = true end - if forward then - vim.diagnostic.goto_next(opts) - else - vim.diagnostic.goto_prev(opts) - end + vim.diagnostic.jump(opts) end --- Move to the next diagnostic, automatically showing the diagnostics float if --- necessary. M.goto_next_diagnostic = function() - goto_diagnostic(true) + goto_diagnostic(1) end --- Move to the previous diagnostic, automatically showing the diagnostics float --- if necessary. M.goto_prev_diagnostic = function() - goto_diagnostic(false) + goto_diagnostic(-1) end --- shared LSP configuration callback diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index c9e9292..0ee7c83 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -38,7 +38,7 @@ end --- @param bufnr int? buffer number --- @return table all active LSP client names M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_active_clients({ bufnr = bufnr }) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) local names = {} for _, client in ipairs(clients) do From 4ef1b08f4ee444ab9dcb1513421cf78a79449242 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:55:00 +0000 Subject: [PATCH 237/379] home: vim: lualine: use built-in 'branch' It now supports worktrees correctly (or at least I can't figure out which issue I used to have with it...). As a bonus, it also supports showing the correct branch for an `oil` buffer. This reverts commit 481d5f6f53e1e6ff1d8f29d3ac996af723be2381. --- modules/home/vim/plugin/settings/lualine.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 5219a95..31ad3c4 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -30,7 +30,7 @@ lualine.setup({ { "mode" }, }, lualine_b = { - { "FugitiveHead" }, + { "branch" }, { "filename", symbols = { readonly = "🔒" } }, }, lualine_c = { From c1efc4316d7fe2bedd222d02e148e9ec8f7f6707 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:44:00 +0000 Subject: [PATCH 238/379] home: vim: lualine: add custom 'oil' extension I don't like the built-in one. --- modules/home/vim/plugin/settings/lualine.lua | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 31ad3c4..bbe4647 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,4 +1,5 @@ local lualine = require("lualine") +local oil = require("oil") local utils = require("ambroisie.utils") local function list_spell_languages() @@ -57,5 +58,21 @@ lualine.setup({ extensions = { "fugitive", "quickfix", + { + sections = { + lualine_a = { + { "mode" }, + }, + lualine_b = { + { "branch" }, + }, + lualine_c = { + function() + return vim.fn.fnamemodify(oil.get_current_dir(), ":~") + end, + }, + }, + filetypes = { "oil" }, + }, }, }) From 262dc48425c2b62305b5202abad20f71cf92aaed Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Apr 2025 20:02:33 +0100 Subject: [PATCH 239/379] home: vim: use default 'diffopt:linematch' It's now been defaulted to `linematch:40` on v0.11. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 0b54676..39ef32e 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤ " Use patience diff set diffopt+=algorithm:patience -" Align similar lines in each hunk -set diffopt+=linematch:50 " Don't redraw when executing macros set lazyredraw From 2583cc6c12817a9f1012ba24bfe32aeb4b7794a3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 3 Apr 2025 21:16:58 +0100 Subject: [PATCH 240/379] home: vim: lua: lsp: add count to diagnostic maps --- modules/home/vim/lua/ambroisie/lsp.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 3989202..e57bdaf 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -28,13 +28,13 @@ end --- Move to the next diagnostic, automatically showing the diagnostics float if --- necessary. M.goto_next_diagnostic = function() - goto_diagnostic(1) + goto_diagnostic(vim.v.count1) end --- Move to the previous diagnostic, automatically showing the diagnostics float --- if necessary. M.goto_prev_diagnostic = function() - goto_diagnostic(-1) + goto_diagnostic(-vim.v.count1) end --- shared LSP configuration callback From 36aa641ec0d861b7abffc8204b6538b7dc0367a2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 3 Apr 2025 21:23:30 +0100 Subject: [PATCH 241/379] home: vim: rely on built-in diagnostic jump config This reduces the surface area of my configuration. --- .../vim/after/plugin/mappings/unimpaired.lua | 4 -- modules/home/vim/lua/ambroisie/lsp.lua | 38 ++----------------- .../home/vim/plugin/settings/lspconfig.lua | 4 ++ 3 files changed, 8 insertions(+), 38 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index 82aab05..765b6b1 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -31,8 +31,6 @@ local keys = { { "[u", desc = "URL encode" }, { "[x", desc = "XML encode" }, { "[y", desc = "C string encode" }, - -- Custom - { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" }, -- Next { "]", group = "Next" }, @@ -62,8 +60,6 @@ local keys = { { "]u", desc = "URL decode" }, { "]x", desc = "XML decode" }, { "]y", desc = "C string decode" }, - -- Custom - { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, -- Enable option { "[o", group = "Enable option" }, diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index e57bdaf..e48de12 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -3,40 +3,6 @@ local M = {} -- Simplified LSP formatting configuration local lsp_format = require("lsp-format") ---- Move to the next/previous diagnostic, automatically showing the diagnostics ---- float if necessary. ---- @param count number whether to go count or backwards -local function goto_diagnostic(count) - vim.validate({ - count = { count, "number" }, - }) - - local opts = { - float = false, - count = count, - } - - -- Only show floating diagnostics if they are otherwise not displayed - local config = vim.diagnostic.config() - if not (config.virtual_text or config.virtual_lines) then - opts.float = true - end - - vim.diagnostic.jump(opts) -end - ---- Move to the next diagnostic, automatically showing the diagnostics float if ---- necessary. -M.goto_next_diagnostic = function() - goto_diagnostic(vim.v.count1) -end - ---- Move to the previous diagnostic, automatically showing the diagnostics float ---- if necessary. -M.goto_prev_diagnostic = function() - goto_diagnostic(-vim.v.count1) -end - --- shared LSP configuration callback --- @param client native client configuration --- @param bufnr int? buffer number of the attached client @@ -76,6 +42,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.config({ virtual_text = text, virtual_lines = lines, + jump = { + -- Show float on jump if no diagnostic text is otherwise shown + float = not (text or lines), + }, }) end diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index f8e65d8..7817d4c 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -16,6 +16,10 @@ vim.diagnostic.config({ update_in_insert = false, -- Show highest severity first severity_sort = true, + jump = { + -- Show float on diagnostic jumps + float = true, + }, }) -- Inform servers we are able to do completion, snippets, etc... From d48d5c45e04b67e7642ac5f36c5fd1c81f7cd19d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 4 Apr 2025 15:24:43 +0000 Subject: [PATCH 242/379] home: vim: remove 'friendly-snippets' I never use them... --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/luasnip.lua | 1 - 2 files changed, 2 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/luasnip.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index b65e935..20a74ff 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -66,7 +66,6 @@ in # Completion luasnip # Snippet manager compatible with LSP - friendly-snippets # LSP snippets collection nvim-cmp # Completion engine cmp-async-path # More responsive path completion cmp-buffer # Words from open buffers diff --git a/modules/home/vim/plugin/settings/luasnip.lua b/modules/home/vim/plugin/settings/luasnip.lua deleted file mode 100644 index 80309d7..0000000 --- a/modules/home/vim/plugin/settings/luasnip.lua +++ /dev/null @@ -1 +0,0 @@ -require("luasnip.loaders.from_vscode").lazy_load() From 53569f17a6850d00856ad4788516ff947f8907ad Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:27:04 +0100 Subject: [PATCH 243/379] treewide: pre-commit-hooks.nix renaming --- flake.lock | 50 +++++++++++++++++----------------- flake.nix | 4 +-- flake/checks.nix | 2 +- templates/c++-cmake/flake.nix | 8 +++--- templates/c++-meson/flake.nix | 8 +++--- templates/rust-cargo/flake.nix | 8 +++--- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index a2d931a..353a392 100644 --- a/flake.lock +++ b/flake.lock @@ -108,10 +108,33 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -191,38 +214,15 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "flake-parts": "flake-parts", "futils": "futils", + "git-hooks": "git-hooks", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", "systems": "systems" } }, diff --git a/flake.nix b/flake.nix index afd3c80..5076729 100644 --- a/flake.nix +++ b/flake.nix @@ -61,10 +61,10 @@ }; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; diff --git a/flake/checks.nix b/flake/checks.nix index 98e49bd..73e64d5 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ - inputs.pre-commit-hooks.flakeModule + inputs.git-hooks.flakeModule ]; perSystem = { ... }: { diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index db3b35c..36fd5ad 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 5957c62..961ba1f 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 6d50369..b9031d9 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -60,7 +60,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { From 418494004b3479f0e523d3f72eb995aab8dddf41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:29:51 +0100 Subject: [PATCH 244/379] templates: use 'pre-commit.enabledPackages' --- templates/c++-cmake/flake.nix | 6 +++--- templates/c++-meson/flake.nix | 6 +++--- templates/rust-cargo/flake.nix | 7 +++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index 36fd5ad..eecb007 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 961ba1f..a435777 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index b9031d9..502d902 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -88,14 +88,13 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clippy rust-analyzer - rustfmt + self.checks.${system}.pre-commit.enabledPackages ]; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; From 62ddec5c2346959e395b42775fbd82284bc8886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:46:14 +0100 Subject: [PATCH 245/379] templates: remove unused 'follows' --- templates/c++-cmake/flake.nix | 1 - templates/c++-meson/flake.nix | 1 - templates/rust-cargo/flake.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index eecb007..7796f5e 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index a435777..cb14eb5 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 502d902..efd8358 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; From ca98b8367c2ae384acd56271696f9a57de7f82f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:18:06 +0100 Subject: [PATCH 246/379] templates: add python-uv --- templates/default.nix | 4 + templates/python-uv/.envrc | 6 ++ templates/python-uv/.gitignore | 6 ++ templates/python-uv/.woodpecker/check.yml | 31 ++++++ templates/python-uv/flake.nix | 112 ++++++++++++++++++++ templates/python-uv/pyproject.toml | 17 +++ templates/python-uv/src/project/__init__.py | 2 + 7 files changed, 178 insertions(+) create mode 100644 templates/python-uv/.envrc create mode 100644 templates/python-uv/.gitignore create mode 100644 templates/python-uv/.woodpecker/check.yml create mode 100644 templates/python-uv/flake.nix create mode 100644 templates/python-uv/pyproject.toml create mode 100644 templates/python-uv/src/project/__init__.py diff --git a/templates/default.nix b/templates/default.nix index 44db753..51864cd 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -7,6 +7,10 @@ path = ./c++-meson; description = "A C++ project using Meson"; }; + "python-uv" = { + path = ./python-uv; + description = "A Python project using uv"; + }; "rust-cargo" = { path = ./rust-cargo; description = "A Rust project using Cargo"; diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc new file mode 100644 index 0000000..390d06d --- /dev/null +++ b/templates/python-uv/.envrc @@ -0,0 +1,6 @@ +# shellcheck shell=bash +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore new file mode 100644 index 0000000..c79d1e8 --- /dev/null +++ b/templates/python-uv/.gitignore @@ -0,0 +1,6 @@ +# Virtual environments +.venv + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml new file mode 100644 index 0000000..272c0e4 --- /dev/null +++ b/templates/python-uv/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notify + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix new file mode 100644 index 0000000..5059e64 --- /dev/null +++ b/templates/python-uv/flake.nix @@ -0,0 +1,112 @@ +{ + description = "A Python project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + git-hooks = { + type = "github"; + owner = "cachix"; + repo = "git-hooks.nix"; + ref = "master"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, git-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; python3.pkgs.buildPythonApplication { + pname = "project"; + version = (final.lib.importTOML ./pyproject.toml).project.version; + pyproject = true; + + src = self; + + build-system = with python3.pkgs; [ setuptools ]; + + pythonImportsCheck = [ "project" ]; + + meta = with lib; { + description = "A Python project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = git-hooks.lib.${system}.run { + src = self; + + hooks = { + mypy = { + enable = true; + }; + + nixpkgs-fmt = { + enable = true; + }; + + ruff = { + enable = true; + }; + + ruff-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = [ + self.packages.${system}.project + ]; + + packages = with pkgs; [ + uv + self.checks.${system}.pre-commit.enabledPackages + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml new file mode 100644 index 0000000..7b2d896 --- /dev/null +++ b/templates/python-uv/pyproject.toml @@ -0,0 +1,17 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + + +[project] +name = "project" +version = "0.0.0" +description = "project description" +requires-python = ">=3.12" +dependencies = [] + +[project.scripts] +project = "project:main" + +[dependency-groups] +dev = [] diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py new file mode 100644 index 0000000..b06117d --- /dev/null +++ b/templates/python-uv/src/project/__init__.py @@ -0,0 +1,2 @@ +def main() -> None: + print("Hello, world!") From 7791ad09073529a8b01e534928fc0c61da139d53 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:00:10 +0000 Subject: [PATCH 247/379] nixos: services: servarr: fix 'enableAll' logic I renamed the option and refactored how it worked to make it more explicit that it enables the entire suite by default, with explicit opt-out of individual components (or fine-grained opt-in as an alternative). --- hosts/nixos/porthos/services.nix | 2 +- modules/nixos/services/servarr/default.nix | 20 +++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ffd150a..021a6ae 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -144,7 +144,7 @@ in sabnzbd.enable = true; # The whole *arr software suite servarr = { - enable = true; + enableAll = true; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..65c409a 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,8 @@ let enable = true; group = "media"; }; + # Set-up media group + users.groups.media = { }; }; mkRedirection = service: { @@ -54,34 +56,30 @@ let in { options.my.services.servarr = { - enable = lib.mkEnableOption "Media automation"; + enableAll = lib.mkEnableOption "media automation suite"; bazarr = { - enable = lib.my.mkDisableOption "Bazarr"; + enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; }; lidarr = { - enable = lib.my.mkDisableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; radarr = { - enable = lib.my.mkDisableOption "Radarr"; + enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; }; readarr = { - enable = lib.my.mkDisableOption "Readarr"; + enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; }; sonarr = { - enable = lib.my.mkDisableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # Set-up media group - users.groups.media = { }; - } + config = (lib.mkMerge [ # Bazarr does not log authentication failures... (mkFullConfig "bazarr") # Lidarr for music From 860c13ab1f456bc37ef092453c75c09ee08fc950 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:51:21 +0000 Subject: [PATCH 248/379] nixos: services: servarr: extract bazarr It's not an actual *arr package, but closely related to them. Extract its configuration to a sub-module. --- modules/nixos/services/servarr/bazarr.nix | 29 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 11 +++----- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 modules/nixos/services/servarr/bazarr.nix diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix new file mode 100644 index 0000000..2d27c95 --- /dev/null +++ b/modules/nixos/services/servarr/bazarr.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.bazarr; +in +{ + options.my.services.servarr.bazarr = with lib; { + enable = lib.mkEnableOption "Bazarr" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.bazarr = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + bazarr = { + port = 6767; + }; + }; + + # Bazarr does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 65c409a..53fd14b 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,7 +7,6 @@ let cfg = config.my.services.servarr; ports = { - bazarr = 6767; lidarr = 8686; radarr = 7878; readarr = 8787; @@ -55,13 +54,13 @@ let ]); in { + imports = [ + ./bazarr.nix + ]; + options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - bazarr = { - enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; - }; - lidarr = { enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; @@ -80,8 +79,6 @@ in }; config = (lib.mkMerge [ - # Bazarr does not log authentication failures... - (mkFullConfig "bazarr") # Lidarr for music (mkFullConfig "lidarr") (mkFail2Ban "lidarr") From 1f876d3e214081aa3bd006a9b78fe5772473c382 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:53:32 +0000 Subject: [PATCH 249/379] nixos: services: servarr: bazarr: add 'port' --- modules/nixos/services/servarr/bazarr.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix index 2d27c95..637da0c 100644 --- a/modules/nixos/services/servarr/bazarr.nix +++ b/modules/nixos/services/servarr/bazarr.nix @@ -7,12 +7,20 @@ in enable = lib.mkEnableOption "Bazarr" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 6767; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.bazarr = { enable = true; group = "media"; + listenPort = cfg.port; }; # Set-up media group @@ -20,7 +28,7 @@ in my.services.nginx.virtualHosts = { bazarr = { - port = 6767; + inherit (cfg) port; }; }; From 8e6be43817d1337df7a5169bf62ae7d05e5689fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:07:21 +0000 Subject: [PATCH 250/379] nixox: services: servarr: refactor starr config Makes it slightly DRY-er and more readable. --- modules/nixos/services/servarr/default.nix | 87 ++-------------------- modules/nixos/services/servarr/starr.nix | 51 +++++++++++++ 2 files changed, 56 insertions(+), 82 deletions(-) create mode 100644 modules/nixos/services/servarr/starr.nix diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 53fd14b..398461b 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -2,94 +2,17 @@ # Relevant link [1]. # # [1]: https://youtu.be/I26Ql-uX6AM -{ config, lib, ... }: -let - cfg = config.my.services.servarr; - - ports = { - lidarr = 8686; - radarr = 7878; - readarr = 8787; - sonarr = 8989; - }; - - mkService = service: { - services.${service} = { - enable = true; - group = "media"; - }; - # Set-up media group - users.groups.media = { }; - }; - - mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { - port = ports.${service}; - }; - }; - }; - - mkFail2Ban = service: lib.mkIf cfg.${service}.enable { - services.fail2ban.jails = { - ${service} = '' - enabled = true - filter = ${service} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${service}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${service}.service - ''; - }; - }; - - mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ - (mkService service) - (mkRedirection service) - ]); -in +{ lib, ... }: { imports = [ ./bazarr.nix + (import ./starr.nix "lidarr") + (import ./starr.nix "radarr") + (import ./starr.nix "readarr") + (import ./starr.nix "sonarr") ]; options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - - lidarr = { - enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; - }; - - radarr = { - enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; - }; - - readarr = { - enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; - }; - - sonarr = { - enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; - }; }; - - config = (lib.mkMerge [ - # Lidarr for music - (mkFullConfig "lidarr") - (mkFail2Ban "lidarr") - # Radarr for movies - (mkFullConfig "radarr") - (mkFail2Ban "radarr") - # Readarr for books - (mkFullConfig "readarr") - (mkFail2Ban "readarr") - # Sonarr for shows - (mkFullConfig "sonarr") - (mkFail2Ban "sonarr") - ]); } diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix new file mode 100644 index 0000000..e9c84f9 --- /dev/null +++ b/modules/nixos/services/servarr/starr.nix @@ -0,0 +1,51 @@ +# Templated *arr configuration +starr: +{ config, lib, ... }: +let + cfg = config.my.services.servarr.${starr}; + ports = { + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; + }; +in +{ + options.my.services.servarr.${starr} = with lib; { + enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.${starr} = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + ${starr} = { + port = ports.${starr}; + }; + }; + + services.fail2ban.jails = { + ${starr} = '' + enabled = true + filter = ${starr} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${starr}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${starr}.service + ''; + }; + }; +} From d783b5f5ee598ddd82e585c12d8e397c55a1e3b1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:12:16 +0000 Subject: [PATCH 251/379] nixos: services: servarr: starr: add 'port' Now that declarative configurations are supported for those applications. --- modules/nixos/services/servarr/starr.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix index e9c84f9..2bf7c11 100644 --- a/modules/nixos/services/servarr/starr.nix +++ b/modules/nixos/services/servarr/starr.nix @@ -15,12 +15,25 @@ in enable = lib.mkEnableOption (lib.toSentenceCase starr) // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = ports.${starr}; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.${starr} = { enable = true; group = "media"; + + settings = { + server = { + port = cfg.port; + }; + }; }; # Set-up media group @@ -28,7 +41,7 @@ in my.services.nginx.virtualHosts = { ${starr} = { - port = ports.${starr}; + port = cfg.port; }; }; From f825d047b5f17cdff8cd096660abf48ed79e7f72 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:21:24 +0000 Subject: [PATCH 252/379] nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related. --- hosts/nixos/porthos/services.nix | 4 -- modules/nixos/services/indexers/default.nix | 30 ------------ modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++ 4 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 modules/nixos/services/servarr/prowlarr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 021a6ae..9017894 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,10 +51,6 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Meta-indexers - indexers = { - prowlarr.enable = true; - }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..00bf316 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -5,13 +5,11 @@ let jackettPort = 9117; nzbhydraPort = 5076; - prowlarrPort = 9696; in { options.my.services.indexers = with lib; { jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; }; config = lib.mkMerge [ @@ -46,33 +44,5 @@ in }; }; }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) ]; } diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 398461b..1bca773 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") (import ./starr.nix "readarr") diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 0000000..ce044c6 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +} From 950cf4dd059e74d87084747b25e70138753b82d5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:27:18 +0000 Subject: [PATCH 253/379] nixos: services: servarr: migrate jackett --- hosts/nixos/porthos/services.nix | 4 +++ modules/nixos/services/indexers/default.nix | 22 -------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/jackett.nix | 33 +++++++++++++++++++++ 4 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 modules/nixos/services/servarr/jackett.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 9017894..d45846a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -145,6 +145,10 @@ in lidarr = { enable = false; }; + # I only use Prowlarr nowadays + jackett = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 00bf316..5d81079 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -3,36 +3,14 @@ let cfg = config.my.services.indexers; - jackettPort = 9117; nzbhydraPort = 5076; in { options.my.services.indexers = with lib; { - jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; }; config = lib.mkMerge [ - (lib.mkIf cfg.jackett.enable { - services.jackett = { - enable = true; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - port = jackettPort; - }; - }; - }) - (lib.mkIf cfg.nzbhydra.enable { services.nzbhydra2 = { enable = true; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 1bca773..06a1cef 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./jackett.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix new file mode 100644 index 0000000..756df9b --- /dev/null +++ b/modules/nixos/services/servarr/jackett.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.jackett; +in +{ + options.my.services.servarr.jackett = with lib; { + enable = lib.mkEnableOption "Jackett" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.jackett = { + enable = true; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + port = 9117; + }; + }; + + # Jackett does not log authentication failures... + }; +} From c823edf58415c1f07eebd03a21617c09447cafbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:28:04 +0000 Subject: [PATCH 254/379] nixos: services: servarr: jackett: add 'port' --- modules/nixos/services/servarr/jackett.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix index 756df9b..481cd3d 100644 --- a/modules/nixos/services/servarr/jackett.nix +++ b/modules/nixos/services/servarr/jackett.nix @@ -7,11 +7,19 @@ in enable = lib.mkEnableOption "Jackett" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 9117; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.jackett = { enable = true; + inherit (cfg) port; }; # Jackett wants to eat *all* my RAM if left to its own devices @@ -24,7 +32,7 @@ in my.services.nginx.virtualHosts = { jackett = { - port = 9117; + inherit (cfg) port; }; }; From b1ade723837cbffcfc8a1ac24fa96566392e5e3d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:32:39 +0000 Subject: [PATCH 255/379] nixos: services: servarr: migrate nzbhydra --- hosts/nixos/porthos/services.nix | 3 +++ modules/nixos/services/default.nix | 1 - modules/nixos/services/indexers/default.nix | 26 --------------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/nzbhydra.nix | 25 ++++++++++++++++++++ 5 files changed, 29 insertions(+), 27 deletions(-) delete mode 100644 modules/nixos/services/indexers/default.nix create mode 100644 modules/nixos/services/servarr/nzbhydra.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d45846a..7efddfa 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,6 +149,9 @@ in jackett = { enable = false; }; + nzbhydra = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3992385..27f8765 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -15,7 +15,6 @@ ./gitea ./grocy ./homebox - ./indexers ./jellyfin ./komga ./lohr diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix deleted file mode 100644 index 5d81079..0000000 --- a/modules/nixos/services/indexers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Torrent and usenet meta-indexers -{ config, lib, ... }: -let - cfg = config.my.services.indexers; - - nzbhydraPort = 5076; -in -{ - options.my.services.indexers = with lib; { - nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.nzbhydra.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = nzbhydraPort; - }; - }; - }) - ]; -} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 06a1cef..23838fd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./bazarr.nix ./jackett.nix + ./nzbhydra.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix new file mode 100644 index 0000000..4112c30 --- /dev/null +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.nzbhydra; +in +{ + options.my.services.servarr.nzbhydra = with lib; { + enable = lib.mkEnableOption "NZBHydra2" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = 5076; + }; + }; + + # NZBHydra2 does not log authentication failures... + }; +} From ec965800e4a1cd0d8a26f7e2ba50d31e85aaf9b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:34:25 +0000 Subject: [PATCH 256/379] nixos: services: servarr: nzbhydra: fix websockets From what I could read, NZBHydra2 *might* require proxying websockets in new versions (better safe than sorry). --- modules/nixos/services/servarr/nzbhydra.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix index 4112c30..7b63986 100644 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -17,6 +17,7 @@ in my.services.nginx.virtualHosts = { nzbhydra = { port = 5076; + websocketsLocations = [ "/" ]; }; }; From 351026418678281890d469c7d183516f34bba445 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 22:49:11 +0200 Subject: [PATCH 257/379] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 353a392..d86d6b5 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743607567, - "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", + "lastModified": 1743869639, + "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "49748c74cdbae03d70381f150b810f92617f23aa", + "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { From 215eb4c91ac722b8da4bb38c6791695021c3b516 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 22:59:51 +0100 Subject: [PATCH 258/379] nixos: services: servarr: add autobrr --- hosts/nixos/porthos/services.nix | 3 ++ modules/nixos/services/servarr/autobrr.nix | 62 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 66 insertions(+) create mode 100644 modules/nixos/services/servarr/autobrr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 7efddfa..cb77fbe 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -141,6 +141,9 @@ in # The whole *arr software suite servarr = { enableAll = true; + autobrr = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix new file mode 100644 index 0000000..afb07f4 --- /dev/null +++ b/modules/nixos/services/servarr/autobrr.nix @@ -0,0 +1,62 @@ +# IRC-based +{ config, lib, ... }: +let + cfg = config.my.services.servarr.autobrr; +in +{ + options.my.services.servarr.autobrr = with lib; { + enable = mkEnableOption "autobrr IRC announce tracker" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 7474; + example = 8080; + description = "Internal port for webui"; + }; + + sessionSecretFile = mkOption { + type = types.str; + example = "/run/secrets/autobrr-secret.txt"; + description = '' + File containing the session secret. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.autobrr = { + enable = true; + + settings = { + inherit (cfg) port; + checkForUpdates = false; + }; + + secretFile = cfg.sessionSecretFile; + }; + + my.services.nginx.virtualHosts = { + autobrr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + autobrr = '' + enabled = true + filter = autobrr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/autobrr.conf".text = '' + [Definition] + failregex = ^.*Auth: invalid login \[.*\] from: $ + journalmatch = _SYSTEMD_UNIT=autobrr.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 23838fd..409fcdc 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -5,6 +5,7 @@ { lib, ... }: { imports = [ + ./autobrr.nix ./bazarr.nix ./jackett.nix ./nzbhydra.nix From 979814e9dea51880a2ed2c3f37033b994160441d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 21:58:19 +0000 Subject: [PATCH 259/379] hosts: nixos: porthos: secrets: add autobrr --- hosts/nixos/porthos/secrets/secrets.nix | 2 ++ .../porthos/secrets/servarr/autobrr/session-secret.age | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 68e90f2..425756c 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -80,6 +80,8 @@ in "pyload/credentials.age".publicKeys = all; + "servarr/autobrr/session-secret.age".publicKeys = all; + "sso/auth-key.age" = { owner = "nginx-sso"; publicKeys = all; diff --git a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age new file mode 100644 index 0000000..e98b94a --- /dev/null +++ b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0 ++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o +-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI +Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE +--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94 + ¯mCùºÆ‘'hK.Ðì/™Xu(€«Õ×g$½'¼šM{fK˜” !ÛMZ²oR÷®ˆüÎÕÍŸö;yb \ No newline at end of file From b8c649d5bff68813cb8589c776cf39a17cef91ea Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Mar 2025 20:22:01 +0200 Subject: [PATCH 260/379] hosts: nixos: porthos: services: enable autobrr --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index cb77fbe..784eb31 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -142,7 +142,7 @@ in servarr = { enableAll = true; autobrr = { - enable = false; + sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 08f7c2bd7912696047e815adbb92adf89f4e47c7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 20:24:21 +0200 Subject: [PATCH 261/379] nixos: services: nextcloud: bump to 31 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index fe94177..cf1b876 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 01529075369d01274302efaaa8df55aac77b1a21 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 10:19:30 +0000 Subject: [PATCH 262/379] flake: nixos: use 'self.dirtyRev' if available --- flake/nixos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index fa656dc..bf9eac8 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -3,7 +3,7 @@ let defaultModules = [ { # Let 'nixos-version --json' know about the Git revision - system.configurationRevision = self.rev or "dirty"; + system.configurationRevision = self.rev or self.dirtyRev or "dirty"; } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ From a1cab7f60649123658bb8df098c5eff934d0364b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 15:50:22 +0000 Subject: [PATCH 263/379] flake: home-manager: set overlays in module I need to inherit `lib` to make sure it picks up my version, not the one from `pkgs`. I can't use `extraSpecialArgs` like NixOS, due to it missing from upstream [1]. [1]: https://github.com/nix-community/home-manager/pull/3969 --- flake/home-manager.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index add889e..093ae8c 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -3,6 +3,11 @@ let defaultModules = [ # Include generic settings "${self}/modules/home" + { + nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ + inputs.nur.overlays.default + ]; + } { # Basic user information defaults home.username = lib.mkDefault "ambroisie"; @@ -21,18 +26,15 @@ let # * not letting me set `lib` as an extraSpecialArgs # * not respecting `nixpkgs.overlays` [1] # [1]: https://github.com/nix-community/home-manager/issues/2954 - pkgs = import inputs.nixpkgs { - inherit system; - - overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlays.default - ]; - }; + pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ "${self}/hosts/homes/${name}" ]; + # Use my extended lib in NixOS configuration + inherit (self) lib; + extraSpecialArgs = { # Inject inputs to use them in global registry inherit inputs; From e5bf5a3ba1ce7c6d2aa09658303dcabf72bb09b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 11:41:07 +0200 Subject: [PATCH 264/379] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d86d6b5..9e61219 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743689281, - "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", + "lastModified": 1744174375, + "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", + "rev": "ef3a956f697525883b77192cbe208233ea0f8f79", "type": "github" }, "original": { From 439a6bc930ea7eabb372824c71d4a9174d4588b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:26:04 +0200 Subject: [PATCH 265/379] nixos: services: homebox: use postgres --- modules/nixos/services/homebox/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index d79e331..bde59e6 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -19,6 +19,11 @@ in services.homebox = { enable = true; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + settings = { # FIXME: mailer? HBOX_WEB_PORT = toString cfg.port; From 1dd1dbb917b17da7864a4ac20a977869ff752ac2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:26:42 +0200 Subject: [PATCH 266/379] nixos: services: homebox: proxy websockets Should avoid a bunch of error logs, and ensure that e.g: adding a label does not require a refresh to show it in a list. --- modules/nixos/services/homebox/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index bde59e6..8ed5d77 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -33,6 +33,7 @@ in my.services.nginx.virtualHosts = { homebox = { inherit (cfg) port; + websocketsLocations = [ "/api" ]; }; }; From bd55ecc016eb49eca60b98ab0d2a22eca49a95ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 9 Apr 2025 12:27:51 +0200 Subject: [PATCH 267/379] hosts: nixos: porthos: services: enable homebox --- hosts/nixos/porthos/services.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 784eb31..561da27 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,6 +51,10 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; + # Home inventory + homebox = { + enable = true; + }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service From a28295da27b96301bba49cd68cb6ae017be4be76 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Apr 2025 19:01:08 +0200 Subject: [PATCH 268/379] nixos: services: servarr: autobrr: fix comment --- modules/nixos/services/servarr/autobrr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index afb07f4..4465a78 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -1,4 +1,4 @@ -# IRC-based +# IRC-based indexer { config, lib, ... }: let cfg = config.my.services.servarr.autobrr; From a0473a5c6cd191ea649c250dc7e8f6094e74adba Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 11:27:47 +0200 Subject: [PATCH 269/379] nixos: services: servarr: autobrr: fix fail2ban The log line for authentication failures has been updated since the original PR. It also happens to be logged in JSON, and I'm a bit too lazy to match it more properly than this. --- modules/nixos/services/servarr/autobrr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index 4465a78..398e878 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -54,7 +54,7 @@ in environment.etc = { "fail2ban/filter.d/autobrr.conf".text = '' [Definition] - failregex = ^.*Auth: invalid login \[.*\] from: $ + failregex = "message":"Auth: Failed login attempt username: \[.*\] ip: " journalmatch = _SYSTEMD_UNIT=autobrr.service ''; }; From e82ae4a2192191e2894969fe3107fdbcd36c8c92 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:19:57 +0000 Subject: [PATCH 270/379] home: vim: numbertoggle: remove 'TermOpen' event It's now part of upstream's default setup. --- modules/home/vim/plugin/numbertoggle.lua | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/home/vim/plugin/numbertoggle.lua b/modules/home/vim/plugin/numbertoggle.lua index 8042710..b1e3df2 100644 --- a/modules/home/vim/plugin/numbertoggle.lua +++ b/modules/home/vim/plugin/numbertoggle.lua @@ -22,13 +22,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "InsertEnter", "WinLeave" end end, }) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = numbertoggle, - callback = function() - vim.opt.number = false - vim.opt.relativenumber = false - end, -}) From 67936af4c73f8664448efc80b072f40c568517c6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:19:57 +0000 Subject: [PATCH 271/379] home: vim: signtoggle: remove 'TermOpen' event It's now part of upstream's default setup. --- modules/home/vim/plugin/signtoggle.lua | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 9765a81..6a7640c 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -15,12 +15,3 @@ vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { vim.opt.signcolumn = "no" end, }) - --- Never show the sign column in a terminal buffer -vim.api.nvim_create_autocmd({ "TermOpen" }, { - pattern = "*", - group = signtoggle, - callback = function() - vim.opt.signcolumn = "no" - end, -}) From 6f5ac4e55f644a5e5a473e9fda752fbebdec7455 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 10:24:30 +0000 Subject: [PATCH 272/379] home: vim: signtoggle: only show signs if 'number' If a buffer doesn't show a number column, I probably also don't want a sign column to be toggled on/off in there. --- modules/home/vim/plugin/signtoggle.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/home/vim/plugin/signtoggle.lua b/modules/home/vim/plugin/signtoggle.lua index 6a7640c..3deca34 100644 --- a/modules/home/vim/plugin/signtoggle.lua +++ b/modules/home/vim/plugin/signtoggle.lua @@ -1,17 +1,21 @@ local signtoggle = vim.api.nvim_create_augroup("signtoggle", { clear = true }) --- Only show sign column for the currently focused buffer +-- Only show sign column for the currently focused buffer, if it has a number column vim.api.nvim_create_autocmd({ "BufEnter", "FocusGained", "WinEnter" }, { pattern = "*", group = signtoggle, callback = function() - vim.opt.signcolumn = "yes" + if vim.opt.number:get() then + vim.opt.signcolumn = "yes" + end end, }) vim.api.nvim_create_autocmd({ "BufLeave", "FocusLost", "WinLeave" }, { pattern = "*", group = signtoggle, callback = function() - vim.opt.signcolumn = "no" + if vim.opt.number:get() then + vim.opt.signcolumn = "no" + end end, }) From 26ee59ef6e4f28ccbdbcf87eb28bb4074a87c840 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 14 Apr 2025 13:54:52 +0000 Subject: [PATCH 273/379] home: atuin: use 'uk' dialect for dates This should be for date *parsing*, from my looking at the code. Unlikely to be relevant, but might as well set it to the saner of the two options. --- modules/home/atuin/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 3f06263..8c02e69 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -21,6 +21,8 @@ in ]; settings = { + # Reasonable date format + dialect = "uk"; # The package is managed by Nix update_check = false; # I don't care for the fancy display From c69aaa7adb604593d20d38d0037caaf24cb41f3e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 15:25:18 +0200 Subject: [PATCH 274/379] nixos: services: servarr: autobrr: fix websockets I found some logs complaining about websockets before enabling this. --- modules/nixos/services/servarr/autobrr.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix index 398e878..c3370cb 100644 --- a/modules/nixos/services/servarr/autobrr.nix +++ b/modules/nixos/services/servarr/autobrr.nix @@ -40,6 +40,7 @@ in my.services.nginx.virtualHosts = { autobrr = { inherit (cfg) port; + websocketsLocations = [ "/api" ]; }; }; From e4bc0444bfe7fdc7a43afcbda1ec7379f8286301 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 15:29:10 +0200 Subject: [PATCH 275/379] nixos: services: transmission: fix umask I want downloads to be readable by the `media` group. The permissions weren't correctly applied without `umask`. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ac8b24d..16d51e3 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -65,6 +65,8 @@ in # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; + + umask = "002"; # To go with `downloadDirPermissions` }; }; From 1b6a48d6c27a88c98c6c99cbe642ee681c362cbd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 17:07:23 +0200 Subject: [PATCH 276/379] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9e61219..65b8f04 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744174375, - "narHash": "sha256-oxI9TLgnQbQ/WL0tIwVSIooLbXq4PW1QUhf5aQmXFgk=", + "lastModified": 1744777043, + "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ef3a956f697525883b77192cbe208233ea0f8f79", + "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0", "type": "github" }, "original": { From c40090d17607efbec1d58cefa95f0745ab0806b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:51:46 +0200 Subject: [PATCH 277/379] nixos: services: servarr: add cross-seed --- hosts/nixos/porthos/services.nix | 3 + modules/nixos/services/servarr/cross-seed.nix | 96 +++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 100 insertions(+) create mode 100644 modules/nixos/services/servarr/cross-seed.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 561da27..a95840a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -148,6 +148,9 @@ in autobrr = { sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; + cross-seed = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/cross-seed.nix b/modules/nixos/services/servarr/cross-seed.nix new file mode 100644 index 0000000..74f216a --- /dev/null +++ b/modules/nixos/services/servarr/cross-seed.nix @@ -0,0 +1,96 @@ +# Automatic cross-seeding for video media +{ config, lib, ... }: +let + cfg = config.my.services.servarr.cross-seed; +in +{ + options.my.services.servarr.cross-seed = with lib; { + enable = mkEnableOption "cross-seed daemon" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 2468; + example = 8080; + description = "Internal port for daemon"; + }; + + linkDirectory = mkOption { + type = types.str; + default = "/data/downloads/complete/links"; + example = "/var/lib/cross-seed/links"; + description = "Link directory"; + }; + + secretSettingsFile = mkOption { + type = types.str; + example = "/run/secrets/cross-seed-secrets.json"; + description = '' + File containing secret settings. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.cross-seed = { + enable = true; + group = "media"; + + # Rely on recommended defaults for tracker snatches etc... + useGenConfigDefaults = true; + + settings = { + inherit (cfg) port; + host = "127.0.0.1"; + + # Inject torrents to client directly + action = "inject"; + # Query the client for torrents to match + useClientTorrents = true; + # Use hardlinks + linkType = "hardlink"; + # Use configured link directory + linkDirs = [ cfg.linkDirectory ]; + # Match as many torrents as possible + matchMode = "partial"; + # Cross-seed full season if at least 50% of episodes are already downloaded + seasonFromEpisodes = 0.5; + }; + + settingsFile = cfg.secretSettingsFile; + }; + + systemd.services.cross-seed = { + serviceConfig = { + # Loose umask to make cross-seed links readable by `media` + UMask = "0002"; + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + cross-seed = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + cross-seed = '' + enabled = true + filter = cross-seed + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/cross-seed.conf".text = '' + [Definition] + failregex = ^.*Unauthorized API access attempt to .* from $ + journalmatch = _SYSTEMD_UNIT=cross-seed.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 409fcdc..dca57cf 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./autobrr.nix ./bazarr.nix + ./cross-seed.nix ./jackett.nix ./nzbhydra.nix ./prowlarr.nix From 058096079eadcf5fb488f00156dcd6d3a5489256 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:52:10 +0200 Subject: [PATCH 278/379] hosts: nixos: porthos: secrets: add cross-seed --- hosts/nixos/porthos/secrets/secrets.nix | 1 + .../servarr/cross-seed/configuration.json.age | Bin 0 -> 1282 bytes 2 files changed, 1 insertion(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 425756c..b3812b4 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -81,6 +81,7 @@ in "pyload/credentials.age".publicKeys = all; "servarr/autobrr/session-secret.age".publicKeys = all; + "servarr/cross-seed/configuration.json.age".publicKeys = all; "sso/auth-key.age" = { owner = "nginx-sso"; diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age new file mode 100644 index 0000000000000000000000000000000000000000..e9af03f472da8411b7106cf733ba1d389201263a GIT binary patch literal 1282 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;^Y%D)lpW z_Vox$^UBlD_YJRfEOs*TaI7%TamjG@@%MBN_6+q4%rlBG4CFEk(T)lZswgWlj0|@T zOfI%GGIq@J$u08_b}~sxN^>zZ3kh=Z)~^WiGeNg4DR)FdraKP>Q?&_key4;IpeNQjT-={NB3)O=pQ;MLzxPQS!oIb3v^1Sri)Zs9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe z3*(03pW)Xgwfh=0Gjk-(y5bwTz)`wS;CJZJWp^yK``2&nXpHTb_IM9_Qkgn(YnF5BSA*H`bfRnLD#;ukQR_DQvniFx=(b?Qj2! zjwJcLmRIPtk}o>ACGkbuS&frT;XOMSX2r>6bGA<`5MKBvH)cmpdxG$^g=^xroJ_lW zj8(z<=7Gg4?T`5IWK_04n)k`A_^6Ro?}Rfup7}iebiiEhj^WR)BYmZDuN1^h=f3NB z6c#wu{Eyn*Tra+3;%3F&h3x;{ z^$9+GF!jix1q_uog>SvI7|Yxv)Rh!9ZmoJe^Hct_oFjD>yg&T+$mUMnlCH0>@~5aB{o`yCkb0pdG)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+T zNuQ?QSKG(kYxG~eg5$-Dk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRb zwqIJFxK>UPFfTilIA`aV#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGd$II~ zp4Y!@)U{7*rY!nfB+ayF=43{`-Tk2xT8jLvukPx;c-d-lXH&IZ+b@X|F$b9DSJ}w? zn|)=Ec)*@~w|7Ctwy8c>9*bKP8$9m~Z2lAQOWRa0DSvOJ^E$QZQ65=0Za0753*7ZutHTFF1He;Ff2n;b$@S zO@^oRdHR_y1$Hbr^txewUfIF>X6zzqJWZZTPgB_3-hUQrYkHDkaX$G8Gn2mmfp2fO a3$3o2qvJ8ZJ$CJ3_b3jI6I)+s@Bjd%=|BMh literal 0 HcmV?d00001 From ee1139713c908ab43cd86b86fc984f1824395ca2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Apr 2025 14:52:38 +0200 Subject: [PATCH 279/379] hosts: nixos: porthos: services: enable cross-seed --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a95840a..96f15d3 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,7 +149,7 @@ in sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; cross-seed = { - enable = false; + secretSettingsFile = secrets."servarr/cross-seed/configuration.json".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 135cef25365c25a1efaa912489c960a5fe839663 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 16 Apr 2025 16:04:52 +0000 Subject: [PATCH 280/379] home: atuin: add daemon Enabled by default, I probably won't have a reason *not* to use it. --- modules/home/atuin/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index 8c02e69..dbd9690 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -8,6 +8,10 @@ in # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; + + daemon = { + enable = my.mkDisableOption "atuin daemon"; + }; }; config = lib.mkIf cfg.enable { @@ -15,6 +19,10 @@ in enable = true; inherit (cfg) package; + daemon = lib.mkIf cfg.daemon.enable { + enable = true; + }; + flags = [ # I *despise* this hijacking of the up key, even though I use Ctrl-p "--disable-up-arrow" From 29b47d7f84c67428d44ccc1f385161f187702661 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 22 Apr 2025 13:04:36 +0000 Subject: [PATCH 281/379] home: tmux: rename 'mkTerminalFeature' This is a more accurate name to describe what the function is doing. --- modules/home/tmux/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 08b9202..82ceb3a 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -6,7 +6,7 @@ let (config.my.home.wm.windowManager != null) ]; - mkTerminalFlags = opt: flag: + mkTerminalFeature = opt: flag: let mkFlag = term: ''set -as terminal-features ",${term}:${flag}"''; enabledTerminals = lib.filterAttrs (_: v: v.${opt}) cfg.terminalFeatures; @@ -123,9 +123,9 @@ in } # Force OSC8 hyperlinks for each relevant $TERM - ${mkTerminalFlags "hyperlinks" "hyperlinks"} + ${mkTerminalFeature "hyperlinks" "hyperlinks"} # Force 24-bit color for each relevant $TERM - ${mkTerminalFlags "trueColor" "RGB"} + ${mkTerminalFeature "trueColor" "RGB"} ''; }; } From ec1c94676a727ee7b6e20c377ad0f7d05af9d69e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 22 Apr 2025 13:15:04 +0000 Subject: [PATCH 282/379] home: vim: highlight over-extended commit subjects --- modules/home/vim/after/queries/gitcommit/highlights.scm | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/queries/gitcommit/highlights.scm diff --git a/modules/home/vim/after/queries/gitcommit/highlights.scm b/modules/home/vim/after/queries/gitcommit/highlights.scm new file mode 100644 index 0000000..05162c9 --- /dev/null +++ b/modules/home/vim/after/queries/gitcommit/highlights.scm @@ -0,0 +1,6 @@ +; extends + +; Highlight over-extended subject lines (rely on wrapping for message body) +((subject) @comment.error + (#vim-match? @comment.error ".\{50,}") + (#offset! @comment.error 0 50 0 0)) From 946eab9ec00bfba393d1ed292a28f0f692048096 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:26:39 +0000 Subject: [PATCH 283/379] home: git: extract 'delta' configuration I want to be able to re-use it between different source control systems (e.g: `jj`). As a first step, extract it to a proper module so that I can have it live in a single space. --- modules/home/default.nix | 1 + modules/home/delta/default.nix | 61 ++++++++++++++++++++++++++++++++++ modules/home/git/default.nix | 28 ---------------- 3 files changed, 62 insertions(+), 28 deletions(-) create mode 100644 modules/home/delta/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index c8183cf..e642e87 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,6 +8,7 @@ ./bluetooth ./calibre ./comma + ./delta ./dircolors ./direnv ./discord diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix new file mode 100644 index 0000000..e9350bb --- /dev/null +++ b/modules/home/delta/default.nix @@ -0,0 +1,61 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.home.delta; +in +{ + options.my.home.delta = with lib; { + enable = my.mkDisableOption "delta configuration"; + + package = mkPackageOption pkgs "delta" { }; + + git = { + enable = my.mkDisableOption "git integration"; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + # For its configuration + assertion = cfg.enable -> cfg.git.enable; + message = '' + `config.my.home.delta` must enable `config.my.home.delta.git` to be + properly configured. + ''; + } + ]; + + home.packages = [ cfg.package ]; + + programs.git = lib.mkIf cfg.git.enable { + delta = { + enable = true; + inherit (cfg) package; + + options = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + }; + }; +} diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c88008f..ca59a5f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -42,34 +42,6 @@ in lfs.enable = true; - delta = { - enable = true; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; - }; - # There's more extraConfig = { # Makes it a bit more readable From 2eb2a83dca68ffd2ff5380300fbaec23e8038e6a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 24 Apr 2025 09:29:37 +0000 Subject: [PATCH 284/379] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 65b8f04..6bd45a8 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743869639, - "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", + "lastModified": 1745439012, + "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", + "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744777043, - "narHash": "sha256-O6jgTxz9BKUiaJl03JsVHvSjtCOC8gHfDvC2UCfcLMc=", + "lastModified": 1745469902, + "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7a6f7f4c1c69eee05641beaa40e7f85da8e69fb0", + "rev": "4975ac49a527b505803958595fcb191c9e889f60", "type": "github" }, "original": { From 89bc60609f07b4f3cff4cb4e0610f1b8243a9ad3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 24 Apr 2025 12:46:24 +0200 Subject: [PATCH 285/379] home: firefox: tridactyl: use 'replaceVars' --- modules/home/firefox/tridactyl/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/home/firefox/tridactyl/default.nix b/modules/home/firefox/tridactyl/default.nix index 35b58c2..26ddfad 100644 --- a/modules/home/firefox/tridactyl/default.nix +++ b/modules/home/firefox/tridactyl/default.nix @@ -12,9 +12,7 @@ let in { config = lib.mkIf cfg.enable { - xdg.configFile."tridactyl/tridactylrc".source = pkgs.substituteAll { - src = ./tridactylrc; - + xdg.configFile."tridactyl/tridactylrc".source = pkgs.replaceVars ./tridactylrc { editorcmd = lib.concatStringsSep " " [ # Use my configured terminal term From bfda64288ead8796e1f3c8a5980fabb228f2e844 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:05:22 +0100 Subject: [PATCH 286/379] nix: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 6bd45a8..584d942 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -36,11 +36,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1745439012, - "narHash": "sha256-TwbdiH28QK7Da2JQTqFHdb+UCJq6QbF2mtf+RxHVzEA=", + "lastModified": 1746040799, + "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d31710fb2cd536b1966fee2af74e99a0816a61a8", + "rev": "5f217e5a319f6c186283b530f8c975e66c028433", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745469902, - "narHash": "sha256-+kHgeD+3+WZZcOaIsS6XwQWb+qbYYWYXzoEjdmdW6OY=", + "lastModified": 1745930157, + "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4975ac49a527b505803958595fcb191c9e889f60", + "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", "type": "github" }, "original": { From c5be292dfca50b740acf130bb0c3138fb4261a26 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:34:11 +0100 Subject: [PATCH 287/379] nixos: profiles: wm: fix i3lock PAM service This was announced as a breaking change, and would lock me out if not set. I wish the transition went a bit slower, by first introducing the option for each PAM service, and *then* toggling it. Oh well. --- modules/nixos/profiles/wm/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/profiles/wm/default.nix b/modules/nixos/profiles/wm/default.nix index c227328..bca4d70 100644 --- a/modules/nixos/profiles/wm/default.nix +++ b/modules/nixos/profiles/wm/default.nix @@ -24,6 +24,8 @@ in my.home.udiskie.enable = true; # udiskie fails if it can't find this dbus service services.udisks2.enable = true; + # Ensure i3lock can actually unlock the session + security.pam.services.i3lock.enable = true; }) ]; } From 4b6f62b25ab9bccf84aa994ac8e8b79a42632e00 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 30 Apr 2025 21:36:50 +0100 Subject: [PATCH 288/379] home: gpg: fix deprecated config --- modules/home/gpg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix index 51c865a..2a00baf 100644 --- a/modules/home/gpg/default.nix +++ b/modules/home/gpg/default.nix @@ -17,7 +17,7 @@ in services.gpg-agent = { enable = true; enableSshSupport = true; # One agent to rule them all - pinentryPackage = cfg.pinentry; + pinentry.package = cfg.pinentry; extraConfig = '' allow-loopback-pinentry ''; From e3243ebe80d7c3e55337227d1e4177022d78ca05 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 May 2025 17:59:03 +0100 Subject: [PATCH 289/379] nixos: services: nextcloud: simplify DB handling I *think* the option didn't exist when I originally used this module. --- modules/nixos/services/nextcloud/default.nix | 22 +++++--------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index cf1b876..d8d4fce 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -44,11 +44,15 @@ in adminuser = cfg.admin; adminpassFile = cfg.passwordFile; dbtype = "pgsql"; - dbhost = "/run/postgresql"; }; https = true; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; + }; + settings = { overwriteprotocol = "https"; # Nginx only allows SSL }; @@ -60,22 +64,6 @@ in }; }; - services.postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - }; - - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - # The service above configures the domain, no need for my wrapper services.nginx.virtualHosts."nextcloud.${config.networking.domain}" = { forceSSL = true; From 921d604ebea0d265815c76c60a85efa0929bc1ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 2 May 2025 22:35:33 +0100 Subject: [PATCH 290/379] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1282 -> 1364 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e9af03f472da8411b7106cf733ba1d389201263a..1499a56c21c9911f5a7111177b3458e418cb4b1c 100644 GIT binary patch delta 1337 zcmZqTy23R~+#=N{Kdj6( zkju?CG(W`1q_`?PSKrs8&^6REIMFhosHDiCI6uQN-`^~&Dk-2MG@~>spG((Hp}06h zH#Nn`)YQ;YAuAxiJTF}#B-zj1%rDG1C(EQFDzM7fuRbiR%*Qjgytq`~%%sfKHQ2B) zIV&p6FxSX}%Pci3(7?>gG(SDeGd#u5&&15d(>chkDl^|Zr8Lzd-Q6ravLGxV#oR5D zOIKG{A*d>)D4@V8C#1Y6B-7Nm(juua&p*OE*Uccf#3SF)#LqI&&)hxRB`~p^Yxyd> zj1~K?AFEe4*c%Y58#y;-`z!&8)Tv=jGo`~r_eAP+vgUnQnY4O$&c(W!cUcYk)~Byu z7Vzw@$d$U!zGgcb()tRwY`S*Zy*t7{bAo+2mn5_5`<;szWvw3^-gZ;4wr6wbV}m{m zd#2gfbYzy8RB#p=DDJkBTcaa%;L*aG_3u~ATWG{_FFEEz{e{%6|2DLE)+t6^YG6z` z{A5PL1Fns#@q)XPE=n6m+~kVqJ@igxBk!iS4|MwPt~j;Y#z|+*+yi>9=iQDHGtMxmlmx_$beugPX zC;Bt}=|BBkD}!4icUS!ciOom#Ivr*InYoqZI92{v^Vwc!8_chE_cKSY;`RSeWPFul z&X?ET`*duvY47@lcRoKh`e8Y7LgQ1NNpr*|*IP3%T(3NrlaO?fgQuS3;l0yGIg|F? z{!}L(zr@krBgDYT>E`5BUmn_sn!7X~3~^2tpJcLOcJqtK2^lfZ3r}Bjtbg}%_5#Dc zqDk?V!FnzapA{-pnoWw@EXX9*aZ2FU?%n@uHofl(KhksITjrT*E{~sAZ&>ZykP>k@ zhBG{FR`T)SXCGh595Gz;>=&N`r=!=ejvIe@x_`g<75JTLv5v#rE1e3rcP=`!Rz?4m zgj1iKWZ`x@qp2_DpQWy0WNDJ-Z8<-u{`0#QS+Dv2GkAPmM8Ix=voUBj3W$k#l{*-0QbL{ZE-J+QnJC>Fo*gsol04UVk^a``q54u_trU9f8|D zo0jM{s5;GNSTlFCVb7OefzKNq*{bHwf6q{&cXOiI)9pXkwKE>R=Mp=o=s-YT;TDy5 z^KNdbFDf}(SvHYtZ5jXevMiA!!7o^w**8>XUjFyP_wgz2<%gCmICJvImNvx*|6_Sc ztKTo5bYT83`FY!TEDjyWR=HIko%HP2pJ^whY?PS)`5ONVx_xf*(=~mX3m+^yw_&OO zPnYN248r+y*$z+f+OWn`%%DuxQ`vk+S&!fq$Jt+Zm?w4Bx4zE1EjJ_2EP26Uj$>}E zf99q5{9E+3{kYq<)s=;t{-jy0yYsvL)+|#|)k_`I)&<@vSC=ThFPfPa+kXGa|C?3& zyXVAA<7!)|wXdxFcrr(Oit`Rm|2HR}Z#wv8p3Vh4tLYSxJDgG{VwPHIo zeaf^J!vop2KROTB)y=Hm{d)H6ef$D;Onn{)&aNpaKY#K9d)G5+8AQE#OR7#0Z4=(_&r^bDJ`Uv34fERD`MG{=0+ zDWQe(h2f6cGk8CDwcdR7)oJG4PdmRPvwmBt)u|BJa&&H(RXdxa_pF@k=V?Y+|39{5 zpRZXh*QprkDgDa!?(xIv(!ZNuYX=;`p A&j0`b delta 1254 zcmcb@)xp}06h zH#Nn`)YQ;YAuAxiJTG0r(aAKzuhb+hQ$H-o$yK*g3Dnza+ze zOIKG{!7{3>pft!-JJH)R#3wSq%``0_(J55BI78dqG|@vlu{b0*Ezcy$E7;M3OU$$T zOi$zTjC!Hcr%_pq^|q{YqMUTMUJzZUVt;dS=>JF7+R}RBrb5r1v-C{wp8EOYkag9@ z)IA4kjVJC|Y3IoQ*ClIrh09m5{4=J%+`Vg-neY9xKl=8hz%@_gr=Qy~_0FeN`!ZZ# zIsSQEYn31=Hib3r>Y}T<+>2#>PcO^gn!vE4G25=@|NZ>vdZp7Hf%(t>={NB3)O=pQ z;MLzxPQS!oIb3v^1Sri)Zs z9eVB=lXAmyUEuZlJ%3cK^Gi!u7w2uv-`dOQZ$FXe3*(03pW)Xgwfh=0Gjk-(y5bwT zz)`wS;CJZJWp^yK``6cR?P!ecm-u`$!`J)Iie_WYNnV^!zD|qcP^n5{2%328Ms|6- z@AQiavYQKyn=~HGV3O+PXL~ByUSaPOTg$Jo;j~M@fBArHo@+0o5ql@v8@t$IB3Q~tA@BXt(MKm7N|=1$#|?pB@p;PPcl`yxH*%`*$~r>GtM<7^X< zdZE50G)BVZ)G22c?)L5Mi!54$;;YvkVqAOw@6QYkJHc+TNuQ?QSKG(kYxG~eg5$-D zk9TiY9FCcs7awN$Li4RTlb1v|*GGSr=bP_ytXh#jaoPRbwqIJFxK>UPFfTilIA`aV z#ZKF@6J~T=_+H2N?wKE_+oI|3g2V15M&`b+lZ*TGyMD3sho0BJY}B<+Yo;vvTO`f2 zXy#-_zTN$y6IzP=tgr6szIfSca%WSuUE42-6EO#v=2zLs{F{Ack9feIe7AQ&# Date: Sat, 3 May 2025 13:56:12 +0100 Subject: [PATCH 291/379] home: vim: lua: lsp: configure inlay hints --- modules/home/vim/lua/ambroisie/lsp.lua | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index e48de12..fef0487 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -53,6 +53,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.open_float(nil, { scope = "buffer" }) end + local function toggle_inlay_hints() + vim.lsp.inlay_hint.enable(not vim.lsp.inlay_hint.is_enabled()) + end + local keys = { buffer = bufnr, -- LSP navigation @@ -67,6 +71,7 @@ M.on_attach = function(client, bufnr) { "ca", vim.lsp.buf.code_action, desc = "Code actions" }, { "cd", cycle_diagnostics_display, desc = "Cycle diagnostics display" }, { "cD", show_buffer_diagnostics, desc = "Show buffer diagnostics" }, + { "ch", toggle_inlay_hints, desc = "Toggle inlay hints" }, { "cr", vim.lsp.buf.rename, desc = "Rename symbol" }, { "cs", vim.lsp.buf.signature_help, desc = "Show signature" }, { "ct", vim.lsp.buf.type_definition, desc = "Go to type definition" }, From d2a8894eb298a2fbdee409b20995c51d6dcbaf4e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 5 May 2025 18:06:41 +0100 Subject: [PATCH 292/379] home: wm: i3: make 'firefox' history float --- modules/home/wm/i3/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 029a14b..5f22bbe 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,6 +127,7 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } + { class = "^firefox$"; instance = "Places"; window_role = "Organizer"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } From a9ba93f834db067e9d791c4299ceab483c8ef6f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 11:27:12 +0000 Subject: [PATCH 293/379] home: delta: assert git is enabled --- modules/home/delta/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index e9350bb..58ee031 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -23,6 +23,13 @@ in properly configured. ''; } + { + assertion = cfg.enable -> config.programs.git.enable; + message = '' + `config.my.home.delta` relies on `config.programs.git` to be + enabled. + ''; + } ]; home.packages = [ cfg.package ]; From 07d8f5a03fbc5a1e36e6425953ad30f2c7037287 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 17:25:28 +0200 Subject: [PATCH 294/379] flake: nixos: use 'nixpkgs.hostPlatform' This is the proper way to set `system` nowadays. --- flake/nixos.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index bf9eac8..0fbd3a6 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -15,8 +15,10 @@ let ]; buildHost = name: system: lib.nixosSystem { - inherit system; modules = defaultModules ++ [ + { + nixpkgs.hostPlatform = system; + } "${self}/hosts/nixos/${name}" ]; specialArgs = { From 8a8e4f93a513ad3aaafdbeced14a61d5f961ff1d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 7 May 2025 17:16:44 +0000 Subject: [PATCH 295/379] flake: home-manager: remove obsolete comment --- flake/home-manager.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 093ae8c..88a74e8 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -22,10 +22,6 @@ let ]; mkHome = name: system: inputs.home-manager.lib.homeManagerConfiguration { - # Work-around for home-manager - # * not letting me set `lib` as an extraSpecialArgs - # * not respecting `nixpkgs.overlays` [1] - # [1]: https://github.com/nix-community/home-manager/issues/2954 pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ From 77839ab2ef3003c38324cade0810b41d1c84cc8c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 13:29:35 +0000 Subject: [PATCH 296/379] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 584d942..ef7aba8 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1746683680, + "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "16762245d811fdd74b417cc922223dc8eb741e8b", "type": "github" }, "original": { From 0c5836bc56e9048e27db4081595ff7cb566f9c31 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:22:11 +0200 Subject: [PATCH 297/379] nixos: services: paperless: use 'PAPERLESS_URL' --- modules/nixos/services/paperless/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 63f456b..9cdac38 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -53,17 +53,13 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; settings = - let - paperlessDomain = "paperless.${config.networking.domain}"; - in { # Use SSO PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; # Security settings - PAPERLESS_ALLOWED_HOSTS = paperlessDomain; - PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From a997d36964830a96b13c99175c51165614686edf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:22:35 +0200 Subject: [PATCH 298/379] nixos: services: paperless: fix formatting --- modules/nixos/services/paperless/default.nix | 32 ++++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 9cdac38..f345e8a 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,26 +52,26 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - settings = - { - # Use SSO - PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; - PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; + settings = { + # Use SSO + PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; + PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true; + PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Security settings - PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + # Security settings + PAPERLESS_URL = "https://paperless.${config.networking.domain}"; - # OCR settings - PAPERLESS_OCR_LANGUAGE = "fra+eng"; + # OCR settings + PAPERLESS_OCR_LANGUAGE = "fra+eng"; - # Workers - PAPERLESS_TASK_WORKERS = 3; - PAPERLESS_THREADS_PER_WORKER = 4; + # Workers + PAPERLESS_TASK_WORKERS = 3; + PAPERLESS_THREADS_PER_WORKER = 4; - # Misc - PAPERLESS_TIME_ZONE = config.time.timeZone; - PAPERLESS_ADMIN_USER = cfg.username; - }; + # Misc + PAPERLESS_TIME_ZONE = config.time.timeZone; + PAPERLESS_ADMIN_USER = cfg.username; + }; # Admin password passwordFile = cfg.passwordFile; From 1dc65a37e7dc8041ee639dac882c5e2503708170 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 8 May 2025 23:29:30 +0200 Subject: [PATCH 299/379] nixos: services: paperless: set proxy settings --- modules/nixos/services/paperless/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f345e8a..b6965ca 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -60,6 +60,8 @@ in # Security settings PAPERLESS_URL = "https://paperless.${config.networking.domain}"; + PAPERLESS_USE_X_FORWARD_HOST = true; + PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]''; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From 5b545a28f10c90d07f0442fb8c5823b1cb53f2f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 9 May 2025 00:02:07 +0200 Subject: [PATCH 300/379] nixos: services: mealie: use automatic DB setup --- modules/nixos/services/mealie/default.nix | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 664d5ba..3b4d4f7 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -38,27 +38,13 @@ in # Make it work with socket auth POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; - }; - systemd.services = { - mealie = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "mealie" ]; - ensureUsers = [ - { - name = "mealie"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { mealie = { inherit (cfg) port; From f14f5c7f8aa3e87cb025e04b3f8cac2b1315d596 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 14 May 2025 18:51:12 +0000 Subject: [PATCH 301/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ef7aba8..b90b54a 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1746537231, + "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746040799, - "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=", + "lastModified": 1747225851, + "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f217e5a319f6c186283b530f8c975e66c028433", + "rev": "6bf057fc8326e83bda05a669fc08d106547679fb", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746683680, - "narHash": "sha256-+5zk+UbG0+GQlKt+gIKm+OhlYvHmkAHFXvf7hl1HDeM=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16762245d811fdd74b417cc922223dc8eb741e8b", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { From 97bcc5f34ed0b7154829f4bd0a43b485f16205b7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 18 May 2025 02:14:36 +0200 Subject: [PATCH 302/379] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1364 -> 1528 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index 1499a56c21c9911f5a7111177b3458e418cb4b1c..e319f3a823c4eb4c84b15f6630ea5fbf42f9092b 100644 GIT binary patch delta 1502 zcmcb@^@DqYPJM)-VR?CgkBPZawo9aGMoCdYRk>4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x37jXhvyNK9{bYLUD11 zZfc5=si~o*LRLV2d0x6gNV1>1nO~T3PL@eURA7~{Uwv3snU7~~d2y+}nMs+eYp`Kq za#mEBVXlz{msx67pn;i}X?}W`XLyRApNW}^r*n{7Rc5|-N@=P^y1Q9;WI7txsRS zEa2H)kt=ndea&_>r1ceU*>vr+dv}C^<^=n4E=gw9_d6Fc%341-yzQo7ZO`V=#|C{C z_Dr*{>BuZGso*R$P~2@Lw?;?kz@vpV>))@Kx6p{=UUJNb`U|OB|7~dTtW%7-)WDc> z_{off2V5If;{|soU6eMCxXBgId+43YM&3;;B> zMU&z!gY{e&vq3U-{a~ z*FQGab)CFyN4|xhBj@^rxz}%h`kyjcw2QNN)7ul~Q@d?9y#8)-_qn}8V^8LyI|8?R zHZ9R@P<5Kkux9RN!=5j{0-rZJvQ^EU|DK^l@8(3ar`vz7YiB%s&n0$F(Sd-x!YwNA z=H1*So? zR=;09>A?J7^7FRwSR6W#t#Ye8I_cT3KhsW1*(fpp^ELh#bo<=qr)&B&7d}{aZo^Xl zpDxe48HDravK^k{wPB5?m_eDWr?UBuvL3-Jj$MtD9NB`}OSC`}hUynEE^poLy5;e*WZzB>QVlyR#GCM9pjMT)w+% z|MIqz9@5-VzPpQ7zOP%b@b($oWBkAKquxptFf0(7(RKaL=@~X>zuXE|SsI;jXpZ@s zQ$h>n3&S0?XYhXRYQ6dDtJBQ8pLTvpX8pEOt5YGc<>=fnt9CX;?^!w7&(n;u{(o%A zK3}t1u2V76Q~H(d-Q$PTrGGcS)($vyhjINiudWlzW8FbX?;=Q2YG0CoF! AMgRZ+ From c1e2114c57e9e0027b3e17b7fbf48253b22fb651 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 23 May 2025 22:56:19 +0100 Subject: [PATCH 303/379] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b90b54a..e0456b8 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1746537231, - "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747225851, - "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "6bf057fc8326e83bda05a669fc08d106547679fb", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { From 24407448d498d637b94d04d9b06816f432c9197b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 27 May 2025 11:16:46 +0000 Subject: [PATCH 304/379] hosts: homes: mousqueton: disable 'atuin' package The system-provided package is built without its sync functionality. To ensure the module works as written, I can't use `pkgs.emptyDirectory` for this unfortunately... --- hosts/homes/ambroisie@mousqueton/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 37884d7..1383618 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -7,6 +7,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; From 9751fdb888d0d72801bff0c0381b057e0431f2a8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 27 May 2025 11:39:15 +0000 Subject: [PATCH 305/379] hosts: homes: bazin: disable 'atuin' package Same as on `mousqueton`. --- hosts/homes/ambroisie@bazin/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index f52fbce..365b70d 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -4,6 +4,20 @@ services.gpg-agent.enable = lib.mkForce false; my.home = { + atuin = { + package = pkgs.stdenv.mkDerivation { + pname = "atuin"; + version = "18.4.0"; + + buildCommand = '' + mkdir -p $out/bin + ln -s /usr/bin/atuin $out/bin/atuin + ''; + + meta.mainProgram = "atuin"; + }; + }; + git = { package = pkgs.emptyDirectory; }; From a67a54bda27092c9f89e60bf3ce75839e914f9b4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 24 May 2025 22:33:21 +0200 Subject: [PATCH 306/379] nixos: services: paperless: use structured setting The module should stringify it to JSON automatically, so might as well use the more readable option. --- modules/nixos/services/paperless/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index b6965ca..1195977 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -61,7 +61,7 @@ in # Security settings PAPERLESS_URL = "https://paperless.${config.networking.domain}"; PAPERLESS_USE_X_FORWARD_HOST = true; - PAPERLESS_PROXY_SSL_HEADER = ''["HTTP_X_FORWARDED_PROTO", "https"]''; + PAPERLESS_PROXY_SSL_HEADER = [ "HTTP_X_FORWARDED_PROTO" "https" ]; # OCR settings PAPERLESS_OCR_LANGUAGE = "fra+eng"; From 98d39717e2aa0306865982191afa200b5914426b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 31 May 2025 22:37:21 +0100 Subject: [PATCH 307/379] home: direnv: lib: don't erase pre-existing venv Turns out `uv venv` isn't idempotent, it removes the existing virtual environment by default. Thankfully, there's a flag to fix it. --- modules/home/direnv/lib/python.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index b4b2bce..b1be8a9 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -46,7 +46,7 @@ layout_uv() { fi # create venv if it doesn't exist - uv venv -q + uv venv -q --allow-existing export VIRTUAL_ENV export UV_ACTIVE=1 From 151570cccaf8511688769ee0665868340054ba30 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Jun 2025 10:36:33 +0000 Subject: [PATCH 308/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e0456b8..219d87d 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1749400020, + "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { From 971f90581397286a3ffb424970cb5c1e9471a203 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 9 Jun 2025 13:52:29 +0200 Subject: [PATCH 309/379] nixos: services: mealie: remove DB settings Looks like I missed them in the original commit to migrate to `database.createLocally`. --- modules/nixos/services/mealie/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 3b4d4f7..8c02398 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,11 +32,6 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; - - # Use PostgreSQL - DB_ENGINE = "postgres"; - # Make it work with socket auth - POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql"; }; # Automatic PostgreSQL provisioning From 1b275e1a8a8291b3ed9789d25c2592ba52b8d9ec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 17 Jun 2025 09:29:24 +0000 Subject: [PATCH 310/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 219d87d..94ab916 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1749636823, + "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "623c56286de5a3193aa38891a6991b28f9bab056", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1749400020, - "narHash": "sha256-0nTmHO8AYgRYk5v6zw5oZ3x9nh+feb+Isn7WNe318M0=", + "lastModified": 1750127463, + "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "2835e8ba0ad99ba86d4a5e497a962ec9fa35e48f", + "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { From 112e3403615f65807dfcc28929b2b8a19656859e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 17 Jun 2025 09:26:09 +0000 Subject: [PATCH 311/379] home: do not hard-code username The flake module already sets it with `mkDefault`, making it easier to override it for a specific host. --- modules/home/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/default.nix b/modules/home/default.nix index e642e87..1c40377 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -51,9 +51,6 @@ # First sane reproducible version home.stateVersion = "20.09"; - # Who am I? - home.username = "ambroisie"; - # Start services automatically systemd.user.startServices = "sd-switch"; } From 03bb62777079b4a8ecc755570cc04a45095ca013 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:23:34 +0200 Subject: [PATCH 312/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 94ab916..a4da84d 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1750127463, - "narHash": "sha256-K2xFtlD3PcKAZriOE3LaBLYmVfGQu+rIF4Jr1RFYR0Q=", + "lastModified": 1751429452, + "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", "owner": "nix-community", "repo": "home-manager", - "rev": "28eef8722d1af18ca13e687dbf485e1c653a0402", + "rev": "df12269039dcf752600b1bcc176bacf2786ec384", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { From d61840651698e3ad05325039e9aa2a6cf9ad6aa2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:24:16 +0200 Subject: [PATCH 313/379] nixos: services: use 'postgresql.target' This is now the more correct dependency to use in service definitions, to guarantee read-write access with users and permissions. --- modules/nixos/services/drone/server/default.nix | 4 ++-- modules/nixos/services/tandoor-recipes/default.nix | 4 ++-- modules/nixos/services/woodpecker/server/default.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e49..d6148f4 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -6,8 +6,8 @@ in config = lib.mkIf cfg.enable { systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = [ cfg.secretFile diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 3447bee..169eec8 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -49,8 +49,8 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { EnvironmentFile = cfg.secretKeyFile; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index adf533e..caf0179 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -24,8 +24,8 @@ in }; systemd.services.woodpecker-server = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; + after = [ "postgresql.target" ]; + requires = [ "postgresql.target" ]; serviceConfig = { # Set username for DB access From 5d8722397010e1c1ddbc4d59abe53b7a6bd55584 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 13:26:22 +0200 Subject: [PATCH 314/379] nixos: services: transmission: use 'trgui-ng' I like it much better than the built-in UI. --- modules/nixos/services/transmission/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 16d51e3..ddd77d4 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -47,6 +47,7 @@ in enable = true; package = pkgs.transmission_4; group = "media"; + webHome = pkgs.trgui-ng-web; downloadDirPermissions = "775"; From 66ec807dc6729a8aabd7cb5f42797e246f36befa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Jul 2025 14:01:15 +0200 Subject: [PATCH 315/379] hosts: nixos: aramis: home: use 'trgui-ng' It looks and works much better than the old one. Unfortunately, it's a Tauri app. --- hosts/nixos/aramis/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 64b63ce..221b1ea 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,7 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - transgui # Transmission remote + trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; From 8d809e3ac3c05eb9ca6de3279fee2a8c72cdd293 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:40:08 +0000 Subject: [PATCH 316/379] flake: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index a4da84d..dc32e95 100644 --- a/flake.lock +++ b/flake.lock @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751952840, + "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", "type": "github" }, "original": { From b093faf00d8066e19d144c34533a32602a4fb8f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 8 Jul 2025 10:42:13 +0000 Subject: [PATCH 317/379] nixos: services: tandoor-recipes: use automatic DB --- .../services/tandoor-recipes/default.nix | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 169eec8..4b4ed1a 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -26,18 +26,16 @@ in services.tandoor-recipes = { enable = true; + database = { + createLocally = true; + }; + port = cfg.port; extraConfig = let tandoorRecipesDomain = "recipes.${config.networking.domain}"; in { - # Use PostgreSQL - DB_ENGINE = "django.db.backends.postgresql"; - POSTGRES_HOST = "/run/postgresql"; - POSTGRES_USER = "tandoor_recipes"; - POSTGRES_DB = "tandoor_recipes"; - # Security settings ALLOWED_HOSTS = tandoorRecipesDomain; CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}"; @@ -49,27 +47,12 @@ in systemd.services = { tandoor-recipes = { - after = [ "postgresql.target" ]; - requires = [ "postgresql.target" ]; - serviceConfig = { EnvironmentFile = cfg.secretKeyFile; }; }; }; - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "tandoor_recipes" ]; - ensureUsers = [ - { - name = "tandoor_recipes"; - ensureDBOwnership = true; - } - ]; - }; - my.services.nginx.virtualHosts = { recipes = { inherit (cfg) port; From 2473bca1671ddaab0ce6de70d5471bf304133af6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 11 Jul 2025 14:24:23 +0000 Subject: [PATCH 318/379] home: vim: telescope: remove LSP handlers The plug-in was broken with the update to 0.11, and I would like to try using the built-in quickfixlist-based handlers for a while. This reverts commit 8d4a1e61b4f26f7443f7c8b0b65643f0bd312e9f. --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/telescope.lua | 1 - 2 files changed, 2 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 20a74ff..930a853 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -80,7 +80,6 @@ in nvim-surround # Deal with pairs, now in Lua oil-nvim # Better alternative to NetrW telescope-fzf-native-nvim # Use 'fzf' fuzzy matching algorithm - telescope-lsp-handlers-nvim # Use 'telescope' for various LSP actions telescope-nvim # Fuzzy finder interface which-key-nvim # Show available mappings ]; diff --git a/modules/home/vim/plugin/settings/telescope.lua b/modules/home/vim/plugin/settings/telescope.lua index 1a23928..810d51c 100644 --- a/modules/home/vim/plugin/settings/telescope.lua +++ b/modules/home/vim/plugin/settings/telescope.lua @@ -23,7 +23,6 @@ telescope.setup({ }) telescope.load_extension("fzf") -telescope.load_extension("lsp_handlers") local keys = { { "f", group = "Fuzzy finder" }, From 979ae901c4057308ce1da3bbf2388e2addd99d7f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:52:21 +0000 Subject: [PATCH 319/379] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dc32e95..0f205ab 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1751429452, - "narHash": "sha256-4s5vRtaqdNhVBnbOWOzBNKrRa0ShQTLoEPjJp3joeNI=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "df12269039dcf752600b1bcc176bacf2786ec384", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751952840, - "narHash": "sha256-SIkjQb9PPGvR/EcZAU8UZEnO9dwY2Z/BrDWgtyZd7OA=", + "lastModified": 1752644555, + "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27278798fe68d7f81131dd7ab62b8ea2b795cd56", + "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", "type": "github" }, "original": { From 13b61346f5cca39d1ba2c66717e14a6d01b99acc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 15 Jul 2025 09:54:23 +0000 Subject: [PATCH 320/379] home: tmux: increase history scrollback Even *longer*. --- modules/home/tmux/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 82ceb3a..3ea047a 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,7 +48,7 @@ in keyMode = "vi"; # Home-row keys and other niceties clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead - historyLimit = 100000; # Bigger buffer + historyLimit = 1000000; # Bigger buffer mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info From add796768567599e9d6b2a54c80baac84d7681b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:49:24 +0100 Subject: [PATCH 321/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 0f205ab..e96a7a0 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1753121425, + "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753617834, + "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "72cc1e3134a35005006f06640724319caa424737", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752644555, - "narHash": "sha256-oeRcp4VEyZ/3ZgfRRoq60/08l2zy0K53l8MdfSIYd24=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9100a4f6bf446603b9575927c8585162f9ec9aa6", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { From 2a515754a2c8bb87fe756d9862d3bb04c6be2bbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 27 Jul 2025 20:48:06 +0100 Subject: [PATCH 322/379] home: zsh: use absolute path to 'XDG_CONFIG_HOME' The path handling has been fixed upstream, which makes this module more readable. --- modules/home/zsh/default.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index f4092d8..08b4101 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -1,14 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.zsh; - - # Have a nice relative path for XDG_CONFIG_HOME, without leading `/` - relativeXdgConfig = - let - noHome = lib.removePrefix config.home.homeDirectory; - noSlash = lib.removePrefix "/"; - in - noSlash (noHome config.xdg.configHome); in { options.my.home.zsh = with lib; { @@ -57,7 +49,7 @@ in programs.zsh = { enable = true; - dotDir = "${relativeXdgConfig}/zsh"; # Don't clutter $HOME + dotDir = "${config.xdg.configHome}/zsh"; # Don't clutter $HOME enableCompletion = true; history = { From 4b7c6c1f5eb7cbd7254a8f69050b17c9d4723837 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 29 Jul 2025 16:13:58 +0000 Subject: [PATCH 323/379] pkgs: comma: fix 'nix-locate' invocation --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 4367a26..857b9c9 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -12,7 +12,7 @@ usage() { find_program() { local CANDIDATE - CANDIDATE="$(nix-locate --top-level --minimal --at-root --whole-name "/bin/$1")" + CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" fi From 7786c591b5f1e5745eb73b3a60ebe5e0704669a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 11:13:52 +0000 Subject: [PATCH 324/379] pkgs: comma: add 'COMMA_PICKER' --- pkgs/comma/comma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/comma/comma b/pkgs/comma/comma index 857b9c9..b03a7f2 100755 --- a/pkgs/comma/comma +++ b/pkgs/comma/comma @@ -14,7 +14,7 @@ find_program() { local CANDIDATE CANDIDATE="$(nix-locate --minimal --at-root --whole-name "/bin/$1")" if [ "$(printf '%s\n' "$CANDIDATE" | wc -l)" -gt 1 ]; then - CANDIDATE="$(printf '%s' "$CANDIDATE" | fzf-tmux)" + CANDIDATE="$(printf '%s' "$CANDIDATE" | "${COMMA_PICKER:-fzf-tmux}")" fi printf '%s' "$CANDIDATE" } From f94fc468aa3c3bed51611d083d01e5adbecf75dd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Aug 2025 14:28:34 +0000 Subject: [PATCH 325/379] home: zsh: ignore more commands for notification --- modules/home/zsh/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 08b4101..1e85cce 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -14,10 +14,12 @@ in exclude = mkOption { type = with types; listOf str; default = [ + "bat" "delta" "direnv reload" "fg" "git (?!push|pull|fetch)" + "home-manager (?!switch|build|news)" "htop" "less" "man" From a10270f8e16b9e397782a8cd9297e516247b049e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:00:26 +0000 Subject: [PATCH 326/379] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index e96a7a0..080c212 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754337839, + "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1753617834, - "narHash": "sha256-WEVfKrdIdu5CpppJ0Va3vzP0DKlS+ZTLbBjugMO2Drg=", + "lastModified": 1754365350, + "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "72cc1e3134a35005006f06640724319caa424737", + "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1754372978, + "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1741294988, - "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "lastModified": 1753980880, + "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "owner": "nix-community", "repo": "NUR", - "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", + "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "type": "github" }, "original": { From dd7b6135315c51812e6928087b20235c9fb7638d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Aug 2025 11:03:01 +0000 Subject: [PATCH 327/379] pkgs: lohr: remove 'useFetchCargoVendor' It's now turned on by default. --- pkgs/lohr/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index aeb13b1..d8545e0 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,6 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - useFetchCargoVendor = true; cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { From f1d7da7fcb72aff435a975adfe710810ab064d93 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:11:26 +0200 Subject: [PATCH 328/379] nixos: services: matrix: refactor well-knowns --- modules/nixos/services/matrix/default.nix | 54 ++++++++++------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index f423834..b43dbcc 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -14,6 +14,26 @@ let clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; + + serverConfig = { + "m.server" = "${matrixDomain}:${toString federationPort.public}"; + }; + clientConfig = { + "m.homeserver" = { + "base_url" = "https://${matrixDomain}"; + "server_name" = domain; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; + }; + }; + + # ACAO required to allow element-web on any URL to request this json file + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; in { options.my.services.matrix = with lib; { @@ -96,15 +116,7 @@ in chat = { root = pkgs.element-web.override { conf = { - default_server_config = { - "m.homeserver" = { - "base_url" = "https://${matrixDomain}"; - "server_name" = domain; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; + default_server_config = clientConfig; showLabsSettings = true; defaultCountryCode = "FR"; # cocorico roomDirectory = { @@ -176,28 +188,8 @@ in forceSSL = true; useACMEHost = domain; - locations."= /.well-known/matrix/server".extraConfig = - let - server = { "m.server" = "${matrixDomain}:${toString federationPort.public}"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${matrixDomain}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; From 0792e8c7cb1b75e608372e44fb36a885f28a998e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 00:34:40 +0200 Subject: [PATCH 329/379] nixos: services: matrix: fix element-web config --- modules/nixos/services/matrix/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b43dbcc..42f7b4e 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -117,10 +117,11 @@ in root = pkgs.element-web.override { conf = { default_server_config = clientConfig; - showLabsSettings = true; - defaultCountryCode = "FR"; # cocorico - roomDirectory = { + show_labs_settings = true; + default_country_code = "FR"; # cocorico + room_directory = { "servers" = [ + domain "matrix.org" "mozilla.org" ]; From bd019258cb4f15e028bc4cb7a68353abe270e6ac Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:39:55 +0200 Subject: [PATCH 330/379] nixos: services: matrix: simplify listeners --- modules/nixos/services/matrix/default.nix | 93 ++++++++--------------- 1 file changed, 30 insertions(+), 63 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 42f7b4e..83dac7c 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,13 +10,11 @@ let cfg = config.my.services.matrix; - federationPort = { public = 8448; private = 11338; }; - clientPort = { public = 443; private = 11339; }; domain = config.networking.domain; matrixDomain = "matrix.${domain}"; serverConfig = { - "m.server" = "${matrixDomain}:${toString federationPort.public}"; + "m.server" = "${matrixDomain}:443"; }; clientConfig = { "m.homeserver" = { @@ -39,6 +37,13 @@ in options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; + port = mkOption { + type = types.port; + default = 8448; + example = 8008; + description = "Internal port for listeners"; + }; + secretFile = mkOption { type = with types; nullOr str; default = null; @@ -78,22 +83,22 @@ in enable_registration = false; listeners = [ - # Federation { + inherit (cfg) port; bind_addresses = [ "::1" ]; - port = federationPort.private; - tls = false; # Terminated by nginx. + type = "http"; + tls = false; x_forwarded = true; - resources = [{ names = [ "federation" ]; compress = false; }]; - } - - # Client - { - bind_addresses = [ "::1" ]; - port = clientPort.private; - tls = false; # Terminated by nginx. - x_forwarded = true; - resources = [{ names = [ "client" ]; compress = false; }]; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; } ]; @@ -130,11 +135,8 @@ in }; }; # Dummy VHosts for port collision detection - matrix-federation = { - port = federationPort.private; - }; - matrix-client = { - port = clientPort.private; + matrix-dummy = { + inherit (cfg) port; }; }; @@ -144,45 +146,15 @@ in onlySSL = true; useACMEHost = domain; - locations = - let - proxyToClientPort = { - proxyPass = "http://[::1]:${toString clientPort.private}"; - }; - in - { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; - "/_matrix" = proxyToClientPort; - "/_synapse/client" = proxyToClientPort; - }; - - listen = [ - { addr = "0.0.0.0"; port = clientPort.public; ssl = true; } - { addr = "[::]"; port = clientPort.public; ssl = true; } - ]; - - }; - - # same as above, but listening on the federation port - "${matrixDomain}_federation" = { - onlySSL = true; - serverName = matrixDomain; - useACMEHost = domain; - - locations."/".return = "404"; - - locations."/_matrix" = { - proxyPass = "http://[::1]:${toString federationPort.private}"; + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; }; - - listen = [ - { addr = "0.0.0.0"; port = federationPort.public; ssl = true; } - { addr = "[::]"; port = federationPort.public; ssl = true; } - ]; }; "${domain}" = { @@ -197,11 +169,6 @@ in # For administration tools. environment.systemPackages = [ pkgs.matrix-synapse ]; - networking.firewall.allowedTCPPorts = [ - clientPort.public - federationPort.public - ]; - my.services.backup = { paths = [ config.services.matrix-synapse.dataDir From 1e31b2dfea4e2161c371806b262b924349ab31f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 10:42:23 +0200 Subject: [PATCH 331/379] nixos: services: matrix: simplify VHost --- modules/nixos/services/matrix/default.nix | 31 ++++++++++------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 83dac7c..763d9b1 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -134,29 +134,26 @@ in }; }; }; - # Dummy VHosts for port collision detection - matrix-dummy = { + matrix = { + # Somewhat unused, but necessary for port collision detection inherit (cfg) port; + + extraConfig = { + locations = { + # Or do a redirect instead of the 404, or whatever is appropriate + # for you. But do not put a Matrix Web client here! See the + # Element web section below. + "/".return = "404"; + + "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + }; + }; }; }; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { - ${matrixDomain} = { - onlySSL = true; - useACMEHost = domain; - - locations = { - # Or do a redirect instead of the 404, or whatever is appropriate - # for you. But do not put a Matrix Web client here! See the - # Element web section below. - "/".return = "404"; - - "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; - }; - }; - "${domain}" = { forceSSL = true; useACMEHost = domain; From fa7b4910f5cac8bc1f50cc396174ecceae8b1fd5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:06:04 +0200 Subject: [PATCH 332/379] nixos: services: matrix: fix proxy to synapse I want to make use of the `/_synapse/matrix/` sub-path, so just proxy the whole of `/_synapse/`. --- modules/nixos/services/matrix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 763d9b1..dfd5b50 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -146,7 +146,7 @@ in "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; - "/_synapse/client".proxyPass = "http://[::1]:${toString cfg.port}"; + "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; }; }; }; From 9cadbe6256b8ea9db3c2acc3eeb0e02b903d7579 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 11:07:37 +0200 Subject: [PATCH 333/379] nixos: services: matrix: add admin interface --- modules/nixos/services/matrix/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index dfd5b50..837d150 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -10,6 +10,8 @@ let cfg = config.my.services.matrix; + adminPkg = pkgs.synapse-admin-etkecc; + domain = config.networking.domain; matrixDomain = "matrix.${domain}"; @@ -147,6 +149,22 @@ in "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; "/_synapse".proxyPass = "http://[::1]:${toString cfg.port}"; + + "= /admin".return = "307 /admin/"; + "/admin/" = { + alias = "${adminPkg}/"; + priority = 500; + tryFiles = "$uri $uri/ /index.html"; + }; + "~ ^/admin/.*\\.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff|woff2|ttf|eot|webp)$" = { + priority = 400; + root = adminPkg; + extraConfig = '' + rewrite ^/admin/(.*)$ /$1 break; + expires 30d; + more_set_headers "Cache-Control: public"; + ''; + }; }; }; }; From 7a85a4440716f752c8f004330c9e2aa1a3c9886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 20:06:40 +0200 Subject: [PATCH 334/379] nixos: services: matrix: remove obsolete comment --- modules/nixos/services/matrix/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 837d150..483a72a 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -1,10 +1,4 @@ -# Matrix homeserver setup, using different endpoints for federation and client -# traffic. The main trick for this is defining two nginx servers endpoints for -# matrix.domain.com, each listening on different ports. -# -# Configuration shamelessly stolen from [1] -# -# [1]: https://github.com/alarsyo/nixos-config/blob/main/services/matrix.nix +# Matrix homeserver setup. { config, lib, pkgs, ... }: let From 30348a1e193318b1d8bbb8f6d828226f49e8eaa7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 3 Aug 2025 22:28:22 +0200 Subject: [PATCH 335/379] nixos: services: matrix: add Facebook bridge I probably won't actually use it, after test-driving it quickly. But now that the effort has been expanded, might as well keep it if only as a future reference. --- modules/nixos/services/matrix/bridges.nix | 143 ++++++++++++++++++++++ modules/nixos/services/matrix/default.nix | 4 + 2 files changed, 147 insertions(+) create mode 100644 modules/nixos/services/matrix/bridges.nix diff --git a/modules/nixos/services/matrix/bridges.nix b/modules/nixos/services/matrix/bridges.nix new file mode 100644 index 0000000..70f4118 --- /dev/null +++ b/modules/nixos/services/matrix/bridges.nix @@ -0,0 +1,143 @@ +# Matrix bridges for some services I use +{ config, lib, ... }: +let + cfg = config.my.services.matrix.bridges; + synapseCfg = config.services.matrix-synapse; + + domain = config.networking.domain; + serverName = synapseCfg.settings.server_name; + + mkBridgeOption = n: lib.mkEnableOption "${n} bridge" // { default = cfg.enable; }; + mkPortOption = n: default: lib.mkOption { + type = lib.types.port; + inherit default; + example = 8080; + description = "${n} bridge port"; + }; + mkEnvironmentFileOption = n: lib.mkOption { + type = lib.types.str; + example = "/run/secret/matrix/${lib.toLower n}-bridge-secrets.env"; + description = '' + Path to a file which should contain the secret values for ${n} bridge. + + Using through the following format: + + ``` + MATRIX_APPSERVICE_AS_TOKEN= + MATRIX_APPSERVICE_HS_TOKEN= + ``` + + Each bridge should use a different set of secrets, as they each register + their own independent double-puppetting appservice. + ''; + }; +in +{ + options.my.services.matrix.bridges = with lib; { + enable = mkEnableOption "bridges configuration"; + + admin = mkOption { + type = types.str; + default = "ambroisie"; + example = "admin"; + description = "Local username for the admin"; + }; + + facebook = { + enable = mkBridgeOption "Facebook"; + + port = mkPortOption "Facebook" 29321; + + environmentFile = mkEnvironmentFileOption "Facebook"; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.facebook.enable { + services.mautrix-meta.instances.facebook = { + enable = true; + # Automatically register the bridge with synapse + registerToSynapse = true; + + # Provide `AS_TOKEN`, `HS_TOKEN` + inherit (cfg.facebook) environmentFile; + + settings = { + homeserver = { + domain = serverName; + address = "http://localhost:${toString config.my.services.matrix.port}"; + }; + + appservice = { + hostname = "localhost"; + inherit (cfg.facebook) port; + address = "http://localhost:${toString cfg.facebook.port}"; + public_address = "https://facebook-bridge.${domain}"; + + as_token = "$MATRIX_APPSERVICE_AS_TOKEN"; + hs_token = "$MATRIX_APPSERVICE_HS_TOKEN"; + + bot = { + username = "fbbot"; + }; + }; + + backfill = { + enabled = true; + }; + + bridge = { + delivery_receipts = true; + permissions = { + "*" = "relay"; + ${serverName} = "user"; + "@${cfg.admin}:${serverName}" = "admin"; + }; + }; + + database = { + type = "postgres"; + uri = "postgres:///mautrix-meta-facebook?host=/var/run/postgresql/"; + }; + + double_puppet = { + secrets = { + ${serverName} = "as_token:$MATRIX_APPSERVICE_AS_TOKEN"; + }; + }; + + network = { + # Don't be picky on Facebook/Messenger + allow_messenger_com_on_fb = true; + displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FB)''; + }; + + provisioning = { + shared_secret = "disable"; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "mautrix-meta-facebook" ]; + ensureUsers = [{ + name = "mautrix-meta-facebook"; + ensureDBOwnership = true; + }]; + }; + + systemd.services.mautrix-meta-facebook = { + wants = [ "postgres.service" ]; + after = [ "postgres.service" ]; + }; + + my.services.nginx.virtualHosts = { + # Proxy to the bridge + "facebook-bridge" = { + inherit (cfg.facebook) port; + }; + }; + }) + ]; +} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 483a72a..04d24a0 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -30,6 +30,10 @@ let ''; in { + imports = [ + ./bridges.nix + ]; + options.my.services.matrix = with lib; { enable = mkEnableOption "Matrix Synapse"; From b1c9279c637956d134793431e0760d71a0e8bd97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 2 Aug 2025 14:46:32 +0200 Subject: [PATCH 336/379] nixos: services: add thelounge --- modules/nixos/services/default.nix | 1 + modules/nixos/services/thelounge/default.nix | 59 ++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 modules/nixos/services/thelounge/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 27f8765..e03eca1 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -38,6 +38,7 @@ ./servarr ./ssh-server ./tandoor-recipes + ./thelounge ./tlp ./transmission ./vikunja diff --git a/modules/nixos/services/thelounge/default.nix b/modules/nixos/services/thelounge/default.nix new file mode 100644 index 0000000..e224839 --- /dev/null +++ b/modules/nixos/services/thelounge/default.nix @@ -0,0 +1,59 @@ +# Web IRC client +{ config, lib, ... }: +let + cfg = config.my.services.thelounge; +in +{ + options.my.services.thelounge = with lib; { + enable = mkEnableOption "The Lounge, a self-hosted web IRC client"; + + port = mkOption { + type = types.port; + default = 9050; + example = 4242; + description = "The port on which The Lounge will listen for incoming HTTP traffic."; + }; + }; + + config = lib.mkIf cfg.enable { + services.thelounge = { + enable = true; + inherit (cfg) port; + + extraConfig = { + reverseProxy = true; + }; + }; + + my.services.nginx.virtualHosts = { + irc = { + inherit (cfg) port; + # Proxy websockets for RPC + websocketsLocations = [ "/" ]; + + extraConfig = { + locations."/".extraConfig = '' + proxy_read_timeout 1d; + ''; + }; + }; + }; + + services.fail2ban.jails = { + thelounge = '' + enabled = true + filter = thelounge + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/thelounge.conf".text = '' + [Definition] + failregex = Authentication failed for user .* from $ + Authentication for non existing user attempted from $ + journalmatch = _SYSTEMD_UNIT=thelounge.service + ''; + }; + }; +} From 17ceaa5620c49c5445b99945475c477122637ce7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Aug 2025 15:37:08 +0000 Subject: [PATCH 337/379] nixos: services: matrix: fix out-dated comments --- modules/nixos/services/matrix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 04d24a0..97dec2e 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -142,7 +142,7 @@ in locations = { # Or do a redirect instead of the 404, or whatever is appropriate # for you. But do not put a Matrix Web client here! See the - # Element web section below. + # Element web section above. "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:${toString cfg.port}"; @@ -168,7 +168,7 @@ in }; }; - # Those are too complicated to use my wrapper... + # Setup well-known locations services.nginx.virtualHosts = { "${domain}" = { forceSSL = true; From 8688206ff530dc8fc6da6d2e6e68dcc56dc77622 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:05:13 +0000 Subject: [PATCH 338/379] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 080c212..7ee0f96 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754337839, - "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754365350, - "narHash": "sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ=", + "lastModified": 1754886238, + "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", "owner": "nix-community", "repo": "home-manager", - "rev": "c5d7e957397ecb7d48b99c928611c6e780db1b56", + "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754372978, - "narHash": "sha256-ByII9p9ek0k9UADC/hT+i9ueM2mw0Zxiz+bOlydU6Oo=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ebe222ec7ef9de52478f76cba3f0324c1d1119f", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { From 8c506ea03cfcbbc805eb5e9b26863fa5a0260400 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 8 Aug 2025 09:56:33 +0000 Subject: [PATCH 339/379] home: xdg: enable 'preferXdgDirectories' At the moment this only makes a difference for `dircolors`. --- modules/home/xdg/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 803167f..7a0c517 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -56,4 +56,7 @@ in XCOMPOSECACHE = "${dataHome}/X11/xcompose"; _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; + + # Some modules *optionally* use `XDG_*_HOME` when told to + config.home.preferXdgDirectories = lib.mkIf cfg.enable true; } From 5f073875e63aadc7ac925b4fd078248d94f565cd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Aug 2025 10:18:35 +0000 Subject: [PATCH 340/379] home: tmux: use consistent commenting style --- modules/home/tmux/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 3ea047a..e3e3daf 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -61,8 +61,8 @@ in pain-control # Better session management sessionist + # X clipboard integration { - # X clipboard integration plugin = yank; extraConfig = '' # Use 'clipboard' because of misbehaving apps (e.g: firefox) @@ -71,8 +71,8 @@ in set -g @yank_action 'copy-pipe' ''; } + # Show when prefix has been pressed { - # Show when prefix has been pressed plugin = prefix-highlight; extraConfig = '' # Also show when I'm in copy or sync mode From e2ae3e02d91291327f883db2bf6fc6a14e269828 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Aug 2025 11:00:38 +0000 Subject: [PATCH 341/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 7ee0f96..f4d5f57 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1754416808, - "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "lastModified": 1755446520, + "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754886238, - "narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", + "lastModified": 1755491080, + "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", + "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From f3af8f9ba8b0042875d9c856cb6ec5b37889ddcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Aug 2025 12:06:37 +0000 Subject: [PATCH 342/379] home: atuin: remove bad comment Most likely a copy-paste error. --- modules/home/atuin/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/atuin/default.nix b/modules/home/atuin/default.nix index dbd9690..40d2b04 100644 --- a/modules/home/atuin/default.nix +++ b/modules/home/atuin/default.nix @@ -6,7 +6,6 @@ in options.my.home.atuin = with lib; { enable = my.mkDisableOption "atuin configuration"; - # I want the full experience by default package = mkPackageOption pkgs "atuin" { }; daemon = { From 1a109b6b1f48919cc07a2a3c853858e5900eede4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:39:23 +0000 Subject: [PATCH 343/379] flake: bump inputs And fix a renamed package. --- flake.lock | 18 +++++++++--------- modules/nixos/profiles/x/default.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index f4d5f57..ca1b422 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755446520, - "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=", + "lastModified": 1755960406, + "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e", + "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755491080, - "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", + "lastModified": 1756022458, + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1756125398, + "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", "type": "github" }, "original": { diff --git a/modules/nixos/profiles/x/default.nix b/modules/nixos/profiles/x/default.nix index ea77939..874f36f 100644 --- a/modules/nixos/profiles/x/default.nix +++ b/modules/nixos/profiles/x/default.nix @@ -13,7 +13,7 @@ in # Nice wallpaper services.xserver.displayManager.lightdm.background = let - wallpapers = "${pkgs.plasma5Packages.plasma-workspace-wallpapers}/share/wallpapers"; + wallpapers = "${pkgs.kdePackages.plasma-workspace-wallpapers}/share/wallpapers"; in "${wallpapers}/summer_1am/contents/images/2560x1600.jpg"; From a889dfbb1a9ce76410e6655ba82616a4c20a3e71 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 11:40:40 +0000 Subject: [PATCH 344/379] home: nix: fix renamed option --- modules/home/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/nix/default.nix b/modules/home/nix/default.nix index c67cc6a..2f435a8 100644 --- a/modules/home/nix/default.nix +++ b/modules/home/nix/default.nix @@ -69,7 +69,7 @@ in automatic = true; # Every week, with some wiggle room - frequency = "weekly"; + dates = "weekly"; randomizedDelaySec = "10min"; # Use a persistent timer for e.g: laptops From 31147abd9176c9b8afbfa4924df0f589f041b3fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:07:41 +0000 Subject: [PATCH 345/379] home: add trgui --- modules/home/default.nix | 1 + modules/home/trgui/default.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 modules/home/trgui/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index 1c40377..ad3b979 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -38,6 +38,7 @@ ./ssh ./terminal ./tmux + ./trgui ./udiskie ./vim ./wget diff --git a/modules/home/trgui/default.nix b/modules/home/trgui/default.nix new file mode 100644 index 0000000..ee545a9 --- /dev/null +++ b/modules/home/trgui/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.home.trgui; +in +{ + options.my.home.trgui = with lib; { + enable = mkEnableOption "Transmission GUI onfiguration"; + + package = mkPackageOption pkgs "TrguiNG" { default = "trgui-ng"; }; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + cfg.package + ]; + }; +} From 1800cb9daa62bf87d55b98baf84a0d2d9a70129c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Aug 2025 13:08:58 +0000 Subject: [PATCH 346/379] hosts: nixos: aramis: use 'trgui' module --- hosts/nixos/aramis/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 221b1ea..7578582 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -20,7 +20,6 @@ element-desktop # Matrix client jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI - trgui-ng # Transmission remote ]; # Minimal video player mpv.enable = true; @@ -28,6 +27,8 @@ nm-applet.enable = true; # Terminal terminal.program = "alacritty"; + # Transmission remote + trgui.enable = true; # Zathura document viewer zathura.enable = true; }; From 3fa1664b5c574632c67848e44c167c77cf638ccb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:47:11 +0000 Subject: [PATCH 347/379] home: delta: use stand-alone configuration file Ideally, I'd like for `delta` to just read a configuration file at `$XDG_CONFIG_HOME/delta/config` by default, but upstream seems somewhat reticent to the idea :-/. So instead, let's keep relying on `git` being enabled, but rather than inlining the configuration, let's store it where I think it should belong and include it into `gitconfig`. --- modules/home/delta/default.nix | 59 ++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 24 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 58ee031..16d3d59 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,6 +1,9 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; + + configFormat = pkgs.formats.gitIni { }; + configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -34,35 +37,43 @@ in home.packages = [ cfg.package ]; + xdg.configFile."delta/config".source = configFormat.generate "delta-config" { + delta = { + features = "diff-highlight decorations"; + + # Less jarring style for `diff-highlight` emulation + diff-highlight = { + minus-style = "red"; + minus-non-emph-style = "red"; + minus-emph-style = "bold red 52"; + + plus-style = "green"; + plus-non-emph-style = "green"; + plus-emph-style = "bold green 22"; + + whitespace-error-style = "reverse red"; + }; + + # Personal preference for easier reading + decorations = { + commit-style = "raw"; # Do not recolor meta information + keep-plus-minus-markers = true; + paging = "always"; + }; + }; + }; + programs.git = lib.mkIf cfg.git.enable { delta = { enable = true; inherit (cfg) package; - - options = { - features = "diff-highlight decorations"; - - # Less jarring style for `diff-highlight` emulation - diff-highlight = { - minus-style = "red"; - minus-non-emph-style = "red"; - minus-emph-style = "bold red 52"; - - plus-style = "green"; - plus-non-emph-style = "green"; - plus-emph-style = "bold green 22"; - - whitespace-error-style = "reverse red"; - }; - - # Personal preference for easier reading - decorations = { - commit-style = "raw"; # Do not recolor meta information - keep-plus-minus-markers = true; - paging = "always"; - }; - }; }; + + includes = [ + { + path = configPath; + } + ]; }; }; } From 3dd4f07609a8d8c9f15530745aa68ba458b943f3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:35:39 +0000 Subject: [PATCH 348/379] hosts: nixos: aramis: home: drop 'jellyfin-media-player' It's about to be made broken due to using QtWebEngine 5, which is EOL and marked insecure in new nixpkgs. --- hosts/nixos/aramis/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 7578582..e8c99e4 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -18,7 +18,6 @@ # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client - jellyfin-media-player # Wraps the webui and mpv together pavucontrol # Audio mixer GUI ]; # Minimal video player From b9bc37d365c607bdda473c9f2a0a992f0e8f6cc0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:14:25 +0000 Subject: [PATCH 349/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ca1b422..e86674e 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756022458, - "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756125398, - "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", + "lastModified": 1756936398, + "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5", + "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", "type": "github" }, "original": { From e6c95245b27e5ac6fbac237d222c56a39ba401f9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 4 Sep 2025 11:17:27 +0000 Subject: [PATCH 350/379] home: ssh: disable default config It's been deprecated. This also makes my `addKeysToAgent` configuration more explicit. --- modules/home/ssh/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 748b195..b0b4167 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -17,6 +17,7 @@ in { programs.ssh = { enable = true; + enableDefaultConfig = false; includes = [ # Local configuration, not-versioned @@ -53,11 +54,12 @@ in identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; - }; - extraConfig = '' - AddKeysToAgent yes - ''; + # `*` is automatically made the last match block by the module + "*" = { + addKeysToAgent = "yes"; + }; + }; }; } From fa6bcabf95d8d1d860612880198271b6d31cbb0a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 11 Sep 2025 13:33:27 +0000 Subject: [PATCH 351/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e86674e..d510422 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1757578556, + "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756936398, - "narHash": "sha256-/o1TTpMIICpjrMHBilL9lYm/r69uhdK1L8j1pfY6tWU=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47f28ad9378956563df9a884fd1b209b64336ba3", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { From 27da55519c74d63010d67153041aed789b9add97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 25 Jul 2025 17:57:07 +0200 Subject: [PATCH 352/379] hosts: nixos: porthos: secrets: update cross-seed --- .../servarr/cross-seed/configuration.json.age | Bin 1528 -> 2031 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age b/hosts/nixos/porthos/secrets/servarr/cross-seed/configuration.json.age index e319f3a823c4eb4c84b15f6630ea5fbf42f9092b..94fdf975d6418d394c62c42e572374b24865a776 100644 GIT binary patch delta 2009 zcmeyt{hohedfX?k{` z1y`7VVx&c?t9gk}QGTLxrkh!^t9em@esE}{g_)bXV|KY;V0m7Fd!m_FI+w1ULUD11 zZfc5=si~o*LRLV2d0x7Lc4U~PQL39qp1E1MdzE&0T786jgi(<}SWvRRr>}W=NOneY zrcYjImWfk2S4vnwc0qtaN}6SkajCw(qj8|KuW4wYgetwcC zm#(g^f^l-HWw5zNc~GcZlw(O$j#rLXR7JXTSaMlrp{u)Zm9JTfp`lNNdw8ZVSDWh2 z#!s*K@6<=xMeC=_?o%thNw!FzUK4zk}9+{djIX+e!sW%u-<*K zg`x6<({7nAg+QS)2}b2ZmsR#`cpQHtgw@qh{oS4Gr>yq1s#KP78(f|7M(2v?f%cFe zdK+w(Zm`yo-MD;X``@U5HMtds3LFpZa5q1Cf75z}isUzQ>VLkt(ynF|81>FrXLCH$ z&Wg1ktsTOTJ1K~>PqjR-D6s8Rtp3~@hpFB>^wx-#gs$M}+jXGsy0-4(1ewXs50~V9 zigIN*cem0SAT8vTwG@xF2&}V%g5S zbvLK-3d;z?W9>pkOWr#(XkWXVVP|5$)ZhG+qZ8B2YbTa}`trR_>-1!U!(B7G11l{bt?>D>|=Kub_=9QkS@T}J?SIitfI~6^tt!|Y)v2h;1n)1`V z^%<7OY!&Qdwto1vAxZbHfJdh+7gNxYqZbm7g{+Ugy6ZIe(uq2;z6)gUTv&2mIwWs} z`Jb6(eo-4|_i@JaeX8Aga9R4TNoQQjnCdU9=-tg%yWXYGos)OrL|50Lsa>f#I|Tn( zm;8>rDZ-*VTesuU&gWORr%Bgeue7R^~XAzs7N@4HA;{rsO9 z(lcKkSH8CF)vc%7PI{P}PhjU&yYZyV>r;N$oW#dc`PN(KH6K_c*=RX)jl4ik>7nF) zi}y3+>-Q_2J1E(mqogFoT;R$fBa%KTE2z-p=sQbU3)SaQ8?7D|xwkx1+x=Ulwobr`hivkGzlMSL?8Q-sbhbg}o$K$mIIH zn0HrR$J-qIx@KYe{<}(PTLeqJn~Z~X9<@w9f4_O%`H!FKAJtY##bwWRs!*8z{MRC` zI-BiZr>zmYS)$ z*m*YGcj9~FFg0lr+tj)MjT`d&KJjcaDB}82=PS>xrn-*l#vVq~IgZkasoUcwy?*9n zH#IWykeL|GQm@(g<#EC39dVNl8!f#inVDF< z$!ubHtf#Ue)$W-%d&^UW%1wOYr(Dfmq(9@P%IEI)U~jA!nzX*@t#PvD zDtUul9?IUFi#z5V4msEVsjKen0zdPe`3<|x6EvO#&f&HE_d~?})olj5HA3MR%BGr2 z_*Z=pntyD?-8F6pjf9_a2=2euvi3vMm(aqg=Y$zvh(BeT)V|(D)9IV@nu9!v*JR{n z&M`7N^;$&l_*0NFLr7&|#!U16tojWXxUPF{dfv<5`Qu`Q$PKIfAJ1iO80l}nptO9+ z?i90~zY5O$PSC#n$>b|9fBch~(ckU}{JdRZUvsv-eaW*k$0Qn;-O6fSw@bnP-KruH z#&1F$=Wd>1*mhZ}{V-cHgWhihiEFIvEw?Hz_}LitY2LL* zt@Z1oj|R+tZ+Ggb>@tQY@q5qN3J5UR2b!JHXuRSz#rx+HDSvbIJ)7;%?4Q(sVDEgB zDX|yxcpJEV-JA|Od%LWCbNvl}&yV&e`Toj}<$%nuu`;S@J6{!d_~ppE)|WJbR<50BIXQa& z+@HM~=S~$}b5jXYU(#)V<;K6#-sL^Wip$!Eo@>XNquY$E z7?Hu=vv9MR$YZ_4OQGumFMo6W5x^rP=Mt)AETV`3V z1(#E4QAJ@+N^qv5r>~)BvQubgdVynQWKwEazOiRuRf$n@d4RJ~l2Kr;1(&X!LUD11 zZfc5=si~o*LRLV2d0x7LTcA^FQMP_+ScYYkbCiF2Kz*uLx|y4Yvy+>npMhItskXmS zqIsZaWtO7}muXf=R=J;Zl8HxhR8p98WpSjBN1#htPF{*xP+m@HvU6p4X<2GTMrw)$ zm#(g^f>}hNuTxTJMdzPPBsB^Mmo>ycf*D2@n z37;fCdeuv+?>w+R<0Yeo{}QfuMmN)!+&k=0a;^TSYwE4IY0U~Q?{9Yfw0X#~C0&SF zX}+aS((K$VJ-bblR?1ZG`JdIke`#ik!jg~Af1G*t+V950$FnqoQUr|mohx^EF@65T z!^>7rb@N!fc}v>LkM#>r%T@8aynXUz(Vrc1N_9sTE>E4Nw7mX$h0l{u+OqtM1bTj@ z{(q8F`{LD`c_O|u&izgQ`QeY>?OCTZ*t+M1PUGCN>2JW}-2Va(cQ3Qqb*%S#`^L*J zG+q`LyViT9Zd*R-NA%IVo*yc{RKzX66}P)FtGzy)v4%Z9f!XkKo!$0ChYdC^i?TxQ zn;!e4|M;`7(CJ-Ed03yy+^*NF)SaH%BJzKE^2OXKtanWAHZ%#J&b~Tv%d`CgUAeXM zmqgG0v{sNa#44C8s9yZV?WjFxZhl>tDqUQvv?~1K4ePy1>-d}J>u|1KJ8x&IqfYo+ zv*Wuy^8DMJ_IAY~9#8ikC1JDBo^u^VY~lYmh;NKyxvQY*wpb@t-T7Qi$XnlQ^#W44 zZ`SP8{vYOUcPhZZFKDgXN`tTQ-^=Rxdu|@>URiWR^t<<$J0G5AKAz@imKnqS{_7*H z#FFImH@qBwus*nwkZR2-_kL^j^KWZC&P&xjDY@4u!1R1$kMd!|Dd)3Oj?a-1@bQuJ zGhz?e+$&-I#Jc~q!JT&{OXn-=ZTu><_0+@qFGA5bx1N1jc_%AC@a99t6+hbVFjPD* zlbM&YU~#mT=C-yyD6{*CAU zbAcA213k_z6ZG$z|4sdxvnDiormsueVi3I=hEAwk9|GFUKP*( zmVCWq#*6=IN3OVUo_;VjW9z5BgI6P(MYo&%yc#j-Pdb0amK!C$A9UOt4%p@|(ERo= zklTIkm2$WJ$%@ynyzZJ(QCwgDr_KO<~sq1K!1b7eBA@YG1o_ZS9v8 z<^gMpl?pxQNNIoN50~D4D9GRL(1pc$?pxUA*sb!4%qx!Ga!2Fh)W#z7ZdRxIg}XfB zp55k34$-WbeoQ+va{*q&I@m&wc zd^er?vXJvLKbtK3YbrlQ;`sKm-4o}XlD+TIschDg_~GD{&rUZ^itg#_SzfzD;_Y=d zZS&;ktru!-w(1*&1`97TayHfcbHvdhOU!CRc)|p!BKv182~T_$y*_L?x3k From 4c3e3d471fa61dcd5de24f0338b36e3b29c83f1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 13 Sep 2025 19:10:39 +0200 Subject: [PATCH 353/379] modules: services: nginx: fix SSL renewal, again I'd previously fixed this in 1e10c6630b2c46bd40c2b23fa6a4f7c8fa751823, however NixOS has recently updated how the renewal units work [1], which broke it. [1]: https://github.com/NixOS/nixpkgs/pull/422076 --- modules/nixos/services/nginx/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 1e9e38a..ff530b0 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -444,7 +444,7 @@ in }; }; - systemd.services."acme-${domain}" = { + systemd.services."acme-order-renew-${domain}" = { serviceConfig = { Environment = [ # Since I do a "weird" setup with a wildcard CNAME From 445b3d1422651d1604eda311f74ff0260386f76e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 18 Sep 2025 10:03:06 +0000 Subject: [PATCH 354/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d510422..b9c0fd5 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1757588530, - "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1757578556, - "narHash": "sha256-w1PGkTGow5XzsjccV364No46rkuGxTqo7m/4cfhnkIk=", + "lastModified": 1758184248, + "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", "owner": "nix-community", "repo": "home-manager", - "rev": "b7112b12ea5b8c3aa6af344498ed9ca27dd03ba3", + "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { From 9f9c1e571b7a871db4a19d9bfe7fc3ebf9b24875 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Sep 2025 13:22:30 +0000 Subject: [PATCH 355/379] home: zsh: do not notify on 'home-manager news' --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 1e85cce..3c1e515 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -19,7 +19,7 @@ in "direnv reload" "fg" "git (?!push|pull|fetch)" - "home-manager (?!switch|build|news)" + "home-manager (?!switch|build)" "htop" "less" "man" From 5b47fc63656b7583fb427386339c7adce3cc7e97 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:23:54 +0200 Subject: [PATCH 356/379] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b9c0fd5..1889e0c 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1758184248, - "narHash": "sha256-TOazVsj8D1LTGQ6q8xdtfoPs9Z+PiqUS952WvZPssR0=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf7056c6a2d893d80db18d06d7e730d6515aaae8", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1759422813, + "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", "type": "github" }, "original": { From 62533d435b9d86cf0c1271cd0a14ed73a67584f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:18:38 +0000 Subject: [PATCH 357/379] home: vim: lspconfig: use native configuration The `nvim-lspconfig` "framework" is being deprecated to use the native `vim.lsp.config` and `vim.lsp.enable` functionality. I _could_ remove the `is_executable` checks, as native LSP handling does _not_ loudly error out when enabling a server which isn't executable. However I think `:LspInfo` is more readable if I don't. --- .../home/vim/plugin/settings/lspconfig.lua | 57 ++++++------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 7817d4c..68158b2 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -1,4 +1,3 @@ -local lspconfig = require("lspconfig") local lsp = require("ambroisie.lsp") local utils = require("ambroisie.utils") @@ -25,59 +24,45 @@ vim.diagnostic.config({ -- Inform servers we are able to do completion, snippets, etc... local capabilities = require("cmp_nvim_lsp").default_capabilities() +-- Shared configuration +vim.lsp.config("*", { + capabilities = capabilities, + on_attach = lsp.on_attach, +}) + -- C/C++ if utils.is_executable("clangd") then - lspconfig.clangd.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("clangd") end -- Haskell if utils.is_executable("haskell-language-server-wrapper") then - lspconfig.hls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("hls") end -- Nix if utils.is_executable("nil") then - lspconfig.nil_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("nil_ls") end -- Python if utils.is_executable("pyright") then - lspconfig.pyright.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("pyright") end if utils.is_executable("ruff") then - lspconfig.ruff.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("ruff") end -- Rust if utils.is_executable("rust-analyzer") then - lspconfig.rust_analyzer.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("rust_analyzer") end -- Shell if utils.is_executable("bash-language-server") then - lspconfig.bashls.setup({ + vim.lsp.config("bashls", { filetypes = { "bash", "sh", "zsh" }, - capabilities = capabilities, - on_attach = lsp.on_attach, settings = { bashIde = { shfmt = { @@ -89,27 +74,19 @@ if utils.is_executable("bash-language-server") then }, }, }) + vim.lsp.enable("bashls") end -- Starlark if utils.is_executable("starpls") then - lspconfig.starpls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("starpls") end -- Generic if utils.is_executable("harper-ls") then - lspconfig.harper_ls.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("harper_ls") end if utils.is_executable("typos-lsp") then - lspconfig.typos_lsp.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) + vim.lsp.enable("typos_lsp") end From 6b1b5300cdc275422e1eab5cdc24b7f6f6798d1b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 3 Oct 2025 12:39:18 +0000 Subject: [PATCH 358/379] home: vim: lspconfig: simplify LSP config Despite what I just said in the previous commit, I decided to remove the `is_executable` checks and always enable all servers. I figured out that NeoVim actually handles `PATH` modifications pretty well in this scenario: making a previously unavailable server executable will automatically enable it. --- .../home/vim/plugin/settings/lspconfig.lua | 73 +++++++------------ 1 file changed, 26 insertions(+), 47 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 68158b2..1596e84 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -30,38 +30,20 @@ vim.lsp.config("*", { on_attach = lsp.on_attach, }) --- C/C++ -if utils.is_executable("clangd") then - vim.lsp.enable("clangd") -end - --- Haskell -if utils.is_executable("haskell-language-server-wrapper") then - vim.lsp.enable("hls") -end - --- Nix -if utils.is_executable("nil") then - vim.lsp.enable("nil_ls") -end - --- Python -if utils.is_executable("pyright") then - vim.lsp.enable("pyright") -end - -if utils.is_executable("ruff") then - vim.lsp.enable("ruff") -end - --- Rust -if utils.is_executable("rust-analyzer") then - vim.lsp.enable("rust_analyzer") -end - --- Shell -if utils.is_executable("bash-language-server") then - vim.lsp.config("bashls", { +local servers = { + -- C/C++ + clangd = {}, + -- Haskell + hls = {}, + -- Nix + nil_ls = {}, + -- Python + pyright = {}, + ruff = {}, + -- Rust + rust_analyzer = {}, + -- Shell + bashls = { filetypes = { "bash", "sh", "zsh" }, settings = { bashIde = { @@ -73,20 +55,17 @@ if utils.is_executable("bash-language-server") then }, }, }, - }) - vim.lsp.enable("bashls") -end + }, + -- Starlark + starpls = {}, + -- Generic + harper_ls = {}, + typos_lsp = {}, +} --- Starlark -if utils.is_executable("starpls") then - vim.lsp.enable("starpls") -end - --- Generic -if utils.is_executable("harper-ls") then - vim.lsp.enable("harper_ls") -end - -if utils.is_executable("typos-lsp") then - vim.lsp.enable("typos_lsp") +for server, config in pairs(servers) do + if not vim.tbl_isempty(config) then + vim.lsp.config(server, config) + end + vim.lsp.enable(server) end From 2df05aaa1a2f85601df107f16bfec70b9239eab4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:33:49 +0000 Subject: [PATCH 359/379] flake: bump inputs And fix a breaking change leading to an evaluation failure. --- flake.lock | 36 +++++++++++----------- modules/nixos/services/homebox/default.nix | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 1889e0c..1a8a934 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760969583, + "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759422813, - "narHash": "sha256-WNkZqscW/dPLK5NMKH/jCkYMaVm/3KWgPmKMq65IXxk=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a7c84e1e740f004e0fe5c2577a63d1e659a496c", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1753980880, - "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", + "lastModified": 1759781536, + "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", "owner": "nix-community", "repo": "NUR", - "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", + "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", "type": "github" }, "original": { diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix index 8ed5d77..524a6d7 100644 --- a/modules/nixos/services/homebox/default.nix +++ b/modules/nixos/services/homebox/default.nix @@ -39,7 +39,7 @@ in my.services.backup = { paths = [ - config.services.homebox.settings.HBOX_STORAGE_DATA + (lib.removePrefix "file://" config.services.homebox.settings.HBOX_STORAGE_CONN_STRING) ]; }; From 9ddc77958ab4c647df7173a3a5eee08ae88f926b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:35:02 +0000 Subject: [PATCH 360/379] home: git: fix deprecated config --- modules/home/git/default.nix | 38 +++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index ca59a5f..c3a51a0 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -21,29 +21,31 @@ in config.programs.git = lib.mkIf cfg.enable { enable = true; - # Who am I? - userEmail = mkMailAddress "bruno" "belanyi.fr"; - userName = "Bruno BELANYI"; - inherit (cfg) package; - aliases = { - git = "!git"; - lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; - lola = "lol --all"; - assume = "update-index --assume-unchanged"; - unassume = "update-index --no-assume-unchanged"; - assumed = "!git ls-files -v | grep ^h | cut -c 3-"; - pick = "log -p -G"; - push-new = "!git push -u origin " - + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; - root = "git rev-parse --show-toplevel"; - }; - lfs.enable = true; # There's more - extraConfig = { + settings = { + # Who am I? + user = { + email = mkMailAddress "bruno" "belanyi.fr"; + name = "Bruno BELANYI"; + }; + + alias = { + git = "!git"; + lol = "log --graph --decorate --pretty=oneline --abbrev-commit --topo-order"; + lola = "lol --all"; + assume = "update-index --assume-unchanged"; + unassume = "update-index --no-assume-unchanged"; + assumed = "!git ls-files -v | grep ^h | cut -c 3-"; + pick = "log -p -G"; + push-new = "!git push -u origin " + + ''"$(git branch | grep '^* ' | cut -f2- -d' ')"''; + root = "git rev-parse --show-toplevel"; + }; + # Makes it a bit more readable blame = { coloring = "repeatedLines"; From 4000a848ef21903b7d593160b509173c2fe81736 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 20 Oct 2025 09:39:19 +0000 Subject: [PATCH 361/379] home: delta: use upstream module --- modules/home/delta/default.nix | 42 +++++----------------------------- 1 file changed, 6 insertions(+), 36 deletions(-) diff --git a/modules/home/delta/default.nix b/modules/home/delta/default.nix index 16d3d59..e76edc6 100644 --- a/modules/home/delta/default.nix +++ b/modules/home/delta/default.nix @@ -1,9 +1,6 @@ { config, pkgs, lib, ... }: let cfg = config.my.home.delta; - - configFormat = pkgs.formats.gitIni { }; - configPath = "${config.xdg.configHome}/delta/config"; in { options.my.home.delta = with lib; { @@ -17,28 +14,14 @@ in }; config = lib.mkIf cfg.enable { - assertions = [ - { - # For its configuration - assertion = cfg.enable -> cfg.git.enable; - message = '' - `config.my.home.delta` must enable `config.my.home.delta.git` to be - properly configured. - ''; - } - { - assertion = cfg.enable -> config.programs.git.enable; - message = '' - `config.my.home.delta` relies on `config.programs.git` to be - enabled. - ''; - } - ]; + programs.delta = { + enable = true; - home.packages = [ cfg.package ]; + inherit (cfg) package; - xdg.configFile."delta/config".source = configFormat.generate "delta-config" { - delta = { + enableGitIntegration = cfg.git.enable; + + options = { features = "diff-highlight decorations"; # Less jarring style for `diff-highlight` emulation @@ -62,18 +45,5 @@ in }; }; }; - - programs.git = lib.mkIf cfg.git.enable { - delta = { - enable = true; - inherit (cfg) package; - }; - - includes = [ - { - path = configPath; - } - ]; - }; }; } From a20c8f820dcf77e0b0a75c67d2edf38d97488ba2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:30:49 +0000 Subject: [PATCH 362/379] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1a8a934..f56e8f2 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1760969583, - "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { From c536ee0136969aa1715e07939dfac9b02342f60d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 27 Oct 2025 12:31:12 +0000 Subject: [PATCH 363/379] home: zsh: add 'zsh-completion-sync' It's gated behind `completionSync.enable`, as it does make entering/leaving direnv-enabled projects slower (due to the calls to `compinit`). This might need a bit more work to avoid multiple `compinit`s at shell startup, will refine in the future if necessary. --- modules/home/zsh/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 3c1e515..6c6a469 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -8,6 +8,10 @@ in launchTmux = mkEnableOption "auto launch tmux at shell start"; + completionSync = { + enable = mkEnableOption "zsh-completion-sync plugin"; + }; + notify = { enable = mkEnableOption "zsh-done notification"; @@ -118,6 +122,18 @@ in }; } + (lib.mkIf cfg.completionSync.enable { + programs.zsh = { + plugins = [ + { + name = "zsh-completion-sync"; + file = "share/zsh-completion-sync/zsh-completion-sync.plugin.zsh"; + src = pkgs.zsh-completion-sync; + } + ]; + }; + }) + (lib.mkIf cfg.notify.enable { programs.zsh = { plugins = [ From 983bf0f7646ea2ebdff895751eea7054b9140b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 3 Nov 2025 17:22:29 +0100 Subject: [PATCH 364/379] nixos: services: nextcloud: bump to 32 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index d8d4fce..dd3b386 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 41c506749ef389c9a2f11dd3f3d17493892820f2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:39:11 +0000 Subject: [PATCH 365/379] flake: overlays: use 'lib' It's a `lib` function, not _really_ a Nixpkgs one. Also it's about to break after the next flake update :-). --- flake/overlays.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake/overlays.nix b/flake/overlays.nix index 0c47989..c10afc3 100644 --- a/flake/overlays.nix +++ b/flake/overlays.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ self, lib, ... }: let default-overlays = import "${self}/overlays"; @@ -8,7 +8,7 @@ let # Expose my custom packages pkgs = _final: prev: { - ambroisie = prev.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); + ambroisie = lib.recurseIntoAttrs (import "${self}/pkgs" { pkgs = prev; }); }; }; in From 44246b4ea146b1ca7b4687b35e0b833decb35b89 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 11:56:25 +0000 Subject: [PATCH 366/379] flake: NUR has renamed its branch to 'main' --- flake.lock | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index f56e8f2..50f38e4 100644 --- a/flake.lock +++ b/flake.lock @@ -209,7 +209,7 @@ }, "original": { "owner": "nix-community", - "ref": "master", + "ref": "main", "repo": "NUR", "type": "github" } diff --git a/flake.nix b/flake.nix index 5076729..0bdd180 100644 --- a/flake.nix +++ b/flake.nix @@ -54,7 +54,7 @@ type = "github"; owner = "nix-community"; repo = "NUR"; - ref = "master"; + ref = "main"; inputs = { flake-parts.follows = "flake-parts"; nixpkgs.follows = "nixpkgs"; From fe681d3f16eea4d87d55d02c1e8e915eaaf415e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 14:35:53 +0000 Subject: [PATCH 367/379] flake: bump inputs --- flake.lock | 54 ++++++++++++++++-------------------------------------- 1 file changed, 16 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 50f38e4..d95de52 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1762435363, + "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { @@ -196,15 +196,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1759781536, - "narHash": "sha256-v/X5gKmgVoGtu5elYyUu2w037PyWVhrqnWzXkLJ9xnY=", + "lastModified": 1762602346, + "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", "owner": "nix-community", "repo": "NUR", - "rev": "c30a53a5947bcc874b3f8842e6fe5c34bc81d8dd", + "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", "type": "github" }, "original": { @@ -241,27 +240,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", From 0ac983a71f8cec556babe577e65b513173143417 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 9 Oct 2025 10:47:23 +0000 Subject: [PATCH 368/379] home: vim: do not set 'background' explicitly Rely on the new behaviour from v0.10 which detects it more intelligently. --- modules/home/vim/init.vim | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 39ef32e..1142925 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -81,9 +81,6 @@ set updatetime=250 " Disable all mouse integrations set mouse= -" Set dark mode by default -set background=dark - " Setup some overrides for gruvbox lua << EOF local gruvbox = require("gruvbox") From bbdbc1e55cb8b2125b2ece2ff1c9d4c5922d821b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Oct 2025 12:43:53 +0000 Subject: [PATCH 369/379] home: vim: ftdetect: remove glsl GLSL is now correctly detected starting with v0.11. This reverts commit b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3. --- modules/home/vim/ftdetect/glsl.lua | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 modules/home/vim/ftdetect/glsl.lua diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1dd..0000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) From 6e73c936b09d46c8427963b5139588804aceddaa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 7 Nov 2025 14:48:49 +0000 Subject: [PATCH 370/379] home: zsh: fix plug-in path The upstream commit [1] said it was a non-breaking change, but didn't actually setup the symlinks for this package... [1]: 10f01ded353d5a76c6acbecaa0ac5e5063f60c13 --- modules/home/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 6c6a469..9524262 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -72,7 +72,7 @@ in plugins = [ { name = "fast-syntax-highlighting"; - file = "share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"; + file = "share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh"; src = pkgs.zsh-fast-syntax-highlighting; } { From 1b4111e28fc68d5b4592f3238854ba1164443c7e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 8 Nov 2025 22:12:42 +0100 Subject: [PATCH 371/379] nixos: services: nextcloud: use declarative apps Now that the `notify_push` module declaratively installs _its_ app [1], I should declaratively install _all_ apps. [1]: https://github.com/NixOS/nixpkgs/pull/451501 --- modules/nixos/services/nextcloud/collabora.nix | 6 ++++++ modules/nixos/services/nextcloud/default.nix | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a7..408b232 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -16,6 +16,12 @@ in }; config = lib.mkIf cfg.enable { + services.nextcloud = { + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) richdocuments; + }; + }; + services.collabora-online = { enable = true; inherit (cfg) port; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index dd3b386..24515ff 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -62,6 +62,16 @@ in # Allow using the push service without hard-coding my IP in the configuration bendDomainToLocalhost = true; }; + + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + deck + tasks + ; + # notify_push is automatically installed by the module + }; }; # The service above configures the domain, no need for my wrapper From 6124d07c1b846d316e03e78a3cb65a77ce2e9832 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:35:54 +0100 Subject: [PATCH 372/379] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d95de52..b041409 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1762435363, - "narHash": "sha256-BTmHXtuuwVO1dRs6jPHcHCoO6+A7G3+GzrgeluiSkww=", + "lastModified": 1763313531, + "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", "owner": "nix-community", "repo": "home-manager", - "rev": "432bc8a5da66638b5f139588efd6c4bd327e4cdc", + "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1763283776, + "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1762602346, - "narHash": "sha256-BVzjmS25ihrfnfpfLD6gzXqMp9vP0hOyjIWkV0LP6E0=", + "lastModified": 1763378400, + "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", "owner": "nix-community", "repo": "NUR", - "rev": "fe5118da8d7e09651e0362ff130d194bc1441185", + "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", "type": "github" }, "original": { From ad6a0bf4d3e5c5914160b2f427ef153d534b1030 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Nov 2025 22:36:18 +0100 Subject: [PATCH 373/379] nixos: services: mealie: extend session timeout --- modules/nixos/services/mealie/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 8c02398..837bff2 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -32,6 +32,7 @@ in BASE_URL = "https://mealie.${config.networking.domain}"; TZ = config.time.timeZone; ALLOw_SIGNUP = "false"; + TOKEN_TIME = 24 * 180; # 180 days }; # Automatic PostgreSQL provisioning From 127e26b259624c6a57bc839abdde4f245c3099b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:38:30 +0100 Subject: [PATCH 374/379] nixos: services: transmission: use high file limit Seeding a lot of files means keeping them all open. The actual limit was cargo-culted from an open issue. --- modules/nixos/services/transmission/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ddd77d4..2ed01fd 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -71,10 +71,12 @@ in }; }; - # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { + # Transmission wants to eat *all* my RAM if left to its own devices MemoryMax = "33%"; + # Avoid errors due to high number of open files. + LimitNOFILE = 1048576; }; }; From b37bde6eaf150033149d0bbd5d924d0f9fb4b145 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 12:45:22 +0100 Subject: [PATCH 375/379] nixos: services: transmission: use longer timeout It looks like Transmission takes time roughly proportional with the number of open files to stop, so let's increase the timeout slightly. --- modules/nixos/services/transmission/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 2ed01fd..6a7fbc7 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -77,6 +77,8 @@ in MemoryMax = "33%"; # Avoid errors due to high number of open files. LimitNOFILE = 1048576; + # Longer stop timeout to finish all torrents + TimeoutStopSec = "5m"; }; }; From 29fb7c5066132e12b98a6cb7a7f9ba3c5460d8c1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Nov 2025 13:57:48 +0000 Subject: [PATCH 376/379] home: discord: use upstream module --- modules/home/discord/default.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/home/discord/default.nix b/modules/home/discord/default.nix index bfa5d40..f9892df 100644 --- a/modules/home/discord/default.nix +++ b/modules/home/discord/default.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: let cfg = config.my.home.discord; - - jsonFormat = pkgs.formats.json { }; in { options.my.home.discord = with lib; { @@ -12,14 +10,15 @@ in }; config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - cfg.package - ]; + programs.discord = { + enable = true; - xdg.configFile."discord/settings.json".source = - jsonFormat.generate "discord.json" { + inherit (cfg) package; + + settings = { # Do not keep me from using the app just to force an update SKIP_HOST_UPDATE = true; }; + }; }; } From 3020c6433b0056aa805cdabd8d4c30f82cfb47e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Nov 2025 00:20:07 +0100 Subject: [PATCH 377/379] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b041409..b84e16d 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1763313531, - "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763283776, - "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1763378400, - "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", + "lastModified": 1764449851, + "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", "owner": "nix-community", "repo": "NUR", - "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", + "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", "type": "github" }, "original": { From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 22 Nov 2025 23:34:06 +0100 Subject: [PATCH 378/379] hosts: nixos: porthos: secrets: sso: remove owner Now that the service uses `LoadCredential` [1], I can make the files root-owned. [1]: https://github.com/NixOS/nixpkgs/pull/460305 --- hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index b3812b4..f1842b4 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -83,18 +83,9 @@ in "servarr/autobrr/session-secret.age".publicKeys = all; "servarr/cross-seed/configuration.json.age".publicKeys = all; - "sso/auth-key.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/password-hash.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/totp-secret.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; + "sso/auth-key.age".publicKeys = all; + "sso/ambroisie/password-hash.age".publicKeys = all; + "sso/ambroisie/totp-secret.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all; From 5cd9155a5838d54c3606f6b0851e54252ea0774c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 23 Nov 2025 17:08:35 +0100 Subject: [PATCH 379/379] nixos: services: mealie: backup state directory Somehow forgot to do this when first writing the module. --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 837bff2..f3774e1 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -54,6 +54,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true