From 62de2772a40744cd5045a54c3191c373ad849332 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 4 Nov 2024 11:02:35 +0000 Subject: [PATCH 001/109] home: vim: do not italicize comments --- modules/home/vim/init.vim | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 8202cad..0b54676 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -102,7 +102,11 @@ gruvbox.setup({ DiffText = { fg = colors.yellow, bg = colors.bg0 }, -- Directories "pop" better in blue Directory = { link = "GruvboxBlueBold" }, - } + }, + italic = { + -- Comments should not be italic, for e.g: box drawing + comments = false, + }, }) EOF " Use my preferred colorscheme From 46bd23ff077063827304b9d1555a1a4f267f0c1f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 6 Nov 2024 10:53:58 +0000 Subject: [PATCH 002/109] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 249cddd..af4cbfa 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1729864948, - "narHash": "sha256-CeGSqbN6S8JmzYJX/HqZjr7dMGlvHLLnJJarwB45lPs=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "0c0268a3c80d30b989d0aadbd65f38d4fa27a9a0", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729665710, - "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1729868220, - "narHash": "sha256-OxHE1U+FIIaQ50nZpt/VxLH0bokiqsEqAshehlHhOFs=", + "lastModified": 1730885145, + "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=", "owner": "nix-community", "repo": "NUR", - "rev": "70b30d23d33ca2acfb267430b08ddf82ff7116b2", + "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1729104314, - "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { From 7b42368e2f144cab111d8856928cfc1d21bf0489 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Nov 2024 11:45:11 +0000 Subject: [PATCH 003/109] hosts: nixos: porthos: services: remove tandoor I fully transitioned to using Mealie instead. This reverts commit 493636decb178a23e85c593bd38cbcb1982df8cc. --- hosts/nixos/porthos/services.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index a2339f4..109b4e5 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,11 +149,6 @@ in }; # Because I still need to play sysadmin ssh-server.enable = true; - # Recipe manager - tandoor-recipes = { - enable = true; - secretKeyFile = secrets."tandoor-recipes/secret-key".path; - }; # Torrent client and webui transmission = { enable = true; From ab8a5daefe9773dbb69fce4667910819f748cb94 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Nov 2024 20:05:06 +0000 Subject: [PATCH 004/109] hosts: porthos: secrets: acme: use OVH API I switched registrar, as OVH was ~4x cheaper. This needs a small change to the module to both refer to OVH instead of Gandi in the documentation, and make use of the correct API. I also needed to disable the propagation check, as it looks like OVH is slower than Gandi, and leads to spurious errors... --- hosts/nixos/porthos/secrets/acme/dns-key.age | 15 ++++++++------- modules/nixos/services/nginx/default.nix | 6 ++++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index fce2a84..d7f159e 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y --> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw ---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg -r&{~v?}= -}+ SQM[]k MAtmM/Ls|ޅmCiYC}x \ No newline at end of file +-> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs +aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY +-> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ +PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ +--- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg +1CԹULfI1Hmb}m šg0`XG>\>8rz+Y`ʢ.JBU!z¸Z50*ٟI] I +ĵo۰g¿tncz[{ +j&NNo{ -eP=L 6.SP:e \ No newline at end of file diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e305b29..e5a87de 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -86,7 +86,7 @@ in type = types.str; example = "/var/lib/acme/creds.env"; description = '' - Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) + OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`) ''; }; }; @@ -281,6 +281,7 @@ in locations."/" = { extraConfig = + # FIXME: check that X-User is dropped otherwise (args.extraConfig.locations."/".extraConfig or "") + '' # Use SSO auth_request /sso-auth; @@ -414,7 +415,8 @@ in { "${domain}" = { extraDomainNames = [ "*.${domain}" ]; - dnsProvider = "gandiv5"; + dnsProvider = "ovh"; + dnsPropagationCheck = false; # OVH is slow inherit (cfg.acme) credentialsFile; }; }; From 138d4d2bd9d7460dbe2bb48c1473c5bf9a07522e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 15 Nov 2024 21:36:11 +0100 Subject: [PATCH 005/109] nixos: services: nextcloud: add collabora This needs to be configured through the "Nextcloud Office" app, specifically the WOPI setting is important for security (I put both the external IP, as well as `::1` and `127.0.0.1`). --- .../nixos/services/nextcloud/collabora.nix | 58 +++++++++++++++++++ modules/nixos/services/nextcloud/default.nix | 4 ++ 2 files changed, 62 insertions(+) create mode 100644 modules/nixos/services/nextcloud/collabora.nix diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix new file mode 100644 index 0000000..d62181f --- /dev/null +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -0,0 +1,58 @@ +# Document editor with Nextcloud +{ config, lib, ... }: +let + cfg = config.my.services.nextcloud.collabora; +in +{ + options.my.services.nextcloud.collabora = with lib; { + enable = mkEnableOption "Collabora integration"; + + port = mkOption { + type = types.port; + default = 9980; + example = 8080; + description = "Internal port for API"; + }; + }; + + config = lib.mkIf cfg.enable { + services.collabora-online = { + enable = true; + inherit (cfg) port; + + aliasGroups = [ + { + host = "https://collabora.${config.networking.domain}"; + # Allow using from nextcloud + aliases = [ "https://${config.services.nextcloud.hostName}" ]; + } + ]; + + settings = { + # Rely on reverse proxy for SSL + ssl = { + enable = false; + termination = true; + }; + }; + }; + + my.services.nginx.virtualHosts = { + collabora = { + inherit (cfg) port; + + extraConfig = { + # Too bad for the repetition... + locations."~ ^/cool/(.*)/ws$" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + locations."^~ /cool/adminws" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index e2c4746..fe94177 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -4,6 +4,10 @@ let cfg = config.my.services.nextcloud; in { + imports = [ + ./collabora.nix + ]; + options.my.services.nextcloud = with lib; { enable = mkEnableOption "Nextcloud"; maxSize = mkOption { From ae230b5df7b17e222e5cebe8fc055c01d0361f24 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 15 Nov 2024 21:38:16 +0100 Subject: [PATCH 006/109] hosts: porthos: services: enable collabora --- hosts/nixos/porthos/services.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 109b4e5..ffd150a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -95,6 +95,9 @@ in nextcloud = { enable = true; passwordFile = secrets."nextcloud/password".path; + collabora = { + enable = true; + }; }; nix-cache = { enable = true; From e9d96138d5b5c6c678e2298618a3faa444bd37a9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:46:31 +0000 Subject: [PATCH 007/109] nixos: services: nginx: add 'websocketsLocations' This accounts for the overwhelming majority of my usage of `extraConfig`. --- modules/nixos/services/nginx/default.nix | 44 ++++++++++++++++++------ 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e5a87de..5a372ed 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -17,6 +17,16 @@ let ''; }; + websocketsLocations = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "/socket" ]; + description = '' + Which locations on this virtual host should be configured for + websockets. + ''; + }; + port = mkOption { type = with types; nullOr port; default = null; @@ -108,12 +118,7 @@ in }; jellyfin = { port = 8096; - extraConfig = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - }; + websocketsLocations = [ "/socket" ]; }; }; description = '' @@ -195,6 +200,19 @@ in } configured. ''; })) + ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: + let + proxyPass = [ "port" "socket" ]; + proxyPassUsed = lib.any (v: args.${v} != null) proxyPass; + in + { + assertion = args.websocketsLocations != [ ] -> proxyPassUsed; + message = '' + Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${ + lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass) + }. + ''; + })) ++ ( let ports = lib.my.mapFilter @@ -241,6 +259,14 @@ in virtualHosts = let domain = config.networking.domain; + mkProxyPass = { websocketsLocations, ... }: proxyPass: + let + websockets = lib.genAttrs websocketsLocations (_: { + inherit proxyPass; + proxyWebsockets = true; + }); + in + { "/" = { inherit proxyPass; }; } // websockets; mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair "${subdomain}.${domain}" (lib.my.recursiveMerge [ @@ -251,8 +277,7 @@ in } # Proxy to port (lib.optionalAttrs (args.port != null) { - locations."/".proxyPass = - "http://127.0.0.1:${toString args.port}"; + locations = mkProxyPass args "http://127.0.0.1:${toString args.port}"; }) # Serve filesystem content (lib.optionalAttrs (args.root != null) { @@ -260,8 +285,7 @@ in }) # Serve to UNIX socket (lib.optionalAttrs (args.socket != null) { - locations."/".proxyPass = - "http://unix:${args.socket}"; + locations = mkProxyPass args "http://unix:${args.socket}"; }) # Redirect to a different domain (lib.optionalAttrs (args.redirect != null) { From 6a1a35a3840bc40cc095a6e98702b705e67aa43f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:49:31 +0000 Subject: [PATCH 008/109] nixos: services: migrate to 'websocketsLocations' --- modules/nixos/services/aria/default.nix | 4 +--- .../nixos/services/audiobookshelf/default.nix | 4 +--- modules/nixos/services/jellyfin/default.nix | 6 +----- modules/nixos/services/nextcloud/collabora.nix | 16 ++++------------ modules/nixos/services/paperless/default.nix | 6 +----- 5 files changed, 8 insertions(+), 28 deletions(-) diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix index 2d1b3e2..acbf0b7 100644 --- a/modules/nixos/services/aria/default.nix +++ b/modules/nixos/services/aria/default.nix @@ -65,9 +65,7 @@ in aria-rpc = { port = cfg.rpcPort; # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix index da9ec55..04ec8b9 100644 --- a/modules/nixos/services/audiobookshelf/default.nix +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -30,9 +30,7 @@ in audiobookshelf = { inherit (cfg) port; # Proxy websockets for RPC - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index e8910a5..6edeb67 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -27,17 +27,13 @@ in my.services.nginx.virtualHosts = { jellyfin = { port = 8096; + websocketsLocations = [ "/socket" ]; extraConfig = { locations."/" = { extraConfig = '' proxy_buffering off; ''; }; - # Too bad for the repetition... - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; }; }; }; diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index d62181f..f8f42a7 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -40,18 +40,10 @@ in my.services.nginx.virtualHosts = { collabora = { inherit (cfg) port; - - extraConfig = { - # Too bad for the repetition... - locations."~ ^/cool/(.*)/ws$" = { - proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; - proxyWebsockets = true; - }; - locations."^~ /cool/adminws" = { - proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; - proxyWebsockets = true; - }; - }; + websocketsLocations = [ + "~ ^/cool/(.*)/ws$" + "^~ /cool/adminws" + ]; }; }; }; diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f62879a..eceae1c 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -152,11 +152,7 @@ in sso = { enable = true; }; - - # Enable websockets on root - extraConfig = { - locations."/".proxyWebsockets = true; - }; + websocketsLocations = [ "/" ]; }; }; From 60050113bc6a167449a56f0a17f2820e776f97bf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Nov 2024 15:53:19 +0000 Subject: [PATCH 009/109] nixos: services: nginx: modify example Now that `websocketLocations` exists, it makes little sense to use `proxyWebsockets` in an example, so use a different one. --- modules/nixos/services/nginx/default.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 5a372ed..3bba9f4 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -70,10 +70,13 @@ let extraConfig = mkOption { type = types.attrs; # FIXME: forward type of virtualHosts example = { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; + extraConfig = '' + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + ''; + + locations."/".extraConfig = '' + client_max_body_size 1G; + ''; }; default = { }; description = '' From 2ffbc13513088245c5bdfa680a34eeb40468fbf1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 20 Nov 2024 21:05:16 +0100 Subject: [PATCH 010/109] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index af4cbfa..fd8354f 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1732025103, + "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "rev": "a46e702093a5c46e192243edbd977d5749e7f294", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1730885145, - "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=", + "lastModified": 1732131502, + "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=", "owner": "nix-community", "repo": "NUR", - "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991", + "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1730814269, - "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "lastModified": 1732021966, + "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "type": "github" }, "original": { From 7f0cd6612eccf07046df860650f2f95ad85fea95 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 14 Nov 2024 21:29:24 +0100 Subject: [PATCH 011/109] nixos: services: paperless: remove MKL work-around Instead, rely on the upstream service's work-around [1]. This will reduce the amount of package builds I need to do when updating my server... [1]: https://github.com/NixOS/nixpkgs/pull/299008 This reverts commit e2ec4d3032ee3d3dc3be935b0e2af9ad7ff0c511. --- modules/nixos/services/paperless/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index eceae1c..321dfa3 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.services.paperless; in @@ -80,9 +80,6 @@ in # Misc PAPERLESS_TIME_ZONE = config.time.timeZone; PAPERLESS_ADMIN_USER = cfg.username; - - # Fix classifier hangs - LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib"; }; # Admin password From 6a5c4a627aa9b26a7aeb7e324ae9b3b533f9a04f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Nov 2024 13:31:08 +0100 Subject: [PATCH 012/109] nixos: services: pyload: add fail2ban jail --- modules/nixos/services/pyload/default.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix index 88889bf..7257d0f 100644 --- a/modules/nixos/services/pyload/default.nix +++ b/modules/nixos/services/pyload/default.nix @@ -53,6 +53,20 @@ in }; }; - # FIXME: fail2ban + services.fail2ban.jails = { + pyload = '' + enabled = true + filter = pyload + port = http,https + ''; + }; + + environment.etc = { + "fail2ban/filter.d/pyload.conf".text = '' + [Definition] + failregex = ^.*Login failed for user '.*' \[CLIENT: \]$ + journalmatch = _SYSTEMD_UNIT=pyload.service + ''; + }; }; } From fe49e470269f9f8a2445e7ce6f219a4fd6d18561 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 12:02:29 +0000 Subject: [PATCH 013/109] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fd8354f..cd3f50c 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1732025103, - "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a46e702093a5c46e192243edbd977d5749e7f294", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1732131502, - "narHash": "sha256-kWc3mjgEUh+2xzaluNxLMvEHRkfJ37pRBtXcwekKefM=", + "lastModified": 1732704680, + "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", "owner": "nix-community", "repo": "NUR", - "rev": "13b44543c4e5d20bb2976ddde846c7341e4c41dd", + "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", "type": "github" }, "original": { From e39fef275c2eee50708080e932ae48bb1845c997 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 12:05:41 +0000 Subject: [PATCH 014/109] nixos: services: paperless: use 'environmentFile' That way I don't have to configure all services to make use of it. Someday I'll find the will to add the `postgresql.service` dependency upstream, truly removing the need to configure any service at all. --- modules/nixos/services/paperless/default.nix | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 321dfa3..c8967e1 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -84,43 +84,30 @@ in # Admin password passwordFile = cfg.passwordFile; + + # Secret key + environmentFile = cfg.secretKeyFile; }; systemd.services = { paperless-scheduler = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-consumer = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-web = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; paperless-task-queue = { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - - serviceConfig = { - EnvironmentFile = cfg.secretKeyFile; - }; }; }; From f2168378fc1b658eeb24ec364953c4160de041f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 27 Nov 2024 15:12:10 +0000 Subject: [PATCH 015/109] home: direnv: lib: also watch '.python-version' It's used by `uv` as a kind of configuration file, so watch it as well. --- modules/home/direnv/lib/python.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh index 780fbe6..b4b2bce 100644 --- a/modules/home/direnv/lib/python.sh +++ b/modules/home/direnv/lib/python.sh @@ -53,4 +53,5 @@ layout_uv() { PATH_add "$VIRTUAL_ENV/bin" watch_file pyproject.toml watch_file uv.lock + watch_file .python-version } From 83da7ba9c8c8d54b8fd7585ee009505e9a36dafa Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 11:24:30 +0000 Subject: [PATCH 016/109] home: tmux: explicitly disable mouse support It's disabled by default, but make it explicit :-). --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 71ce4ca..dc7fed1 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -47,6 +47,7 @@ in clock24 = true; # I'm one of those heathens escapeTime = 0; # Let vim do its thing instead historyLimit = 100000; # Bigger buffer + mouse = false; # I dislike mouse support terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ From e8a41187e75b84cee2aae14663bb4fd5229e256d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:05:45 +0000 Subject: [PATCH 017/109] home: xdg: create 'HISTFILE' parent directory In fbd3b70d61bd733af033545d4cfe4809fbb068a3, I forgot to modify the `.keep` file to be created in `$XDG_STATE_HOME/bash/`. --- modules/home/xdg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 270200e..e4c1887 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,11 +30,11 @@ in }; # A tidy home is a tidy mind dataFile = { - "bash/.keep".text = ""; "gdb/.keep".text = ""; "tig/.keep".text = ""; }; stateFile = { + "bash/.keep".text = ""; "python/.keep".text = ""; }; }; From 8b61af1ac3cff8450234534b29420a51aa4b9de5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:07:07 +0000 Subject: [PATCH 018/109] home: xdg: remove 'gdb' directory I have an actual module to configure `gdb`, and it uses `$XDG_STATE_HOME` anyway... --- modules/home/xdg/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index e4c1887..479ba1e 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,7 +30,6 @@ in }; # A tidy home is a tidy mind dataFile = { - "gdb/.keep".text = ""; "tig/.keep".text = ""; }; stateFile = { From da3c29bbafe60b2e30172a6c5da452b2efeb8a34 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:07:50 +0000 Subject: [PATCH 019/109] home: xdg: add comment about 'tig' To explain why I didn't modify it as part of my `$XDG_STATE_HOME` migration in fbd3b70d61bd733af033545d4cfe4809fbb068a3. --- modules/home/xdg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index 479ba1e..803167f 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -30,7 +30,7 @@ in }; # A tidy home is a tidy mind dataFile = { - "tig/.keep".text = ""; + "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically... }; stateFile = { "bash/.keep".text = ""; From b38658405ad50a54876c5c7537e6f1815542c83c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:17:31 +0000 Subject: [PATCH 020/109] home: tmux: add binding to refresh configuration Don't rely on `tmux-sensible` to set it up. --- modules/home/tmux/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index dc7fed1..23dff05 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -81,6 +81,9 @@ in ]; extraConfig = '' + # Refresh configuration + bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From 98c90d77c51b74dc5888c7e0647fdd9f35511964 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:50:29 +0000 Subject: [PATCH 021/109] home: tmux: add sloppy window switching bindings Another set of bindings which were setup by `tmux-sensible`, that I want to enable explicitly to avoid issues when it is disabled by default. --- modules/home/tmux/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 23dff05..bb23b44 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -84,6 +84,10 @@ in # Refresh configuration bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Accept sloppy Ctrl key when switching windows, on top of default mapping + bind-key -N "Select the previous window" C-p previous-window + bind-key -N "Select the next window" C-n next-window + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From c74acda957fb2fb86560e7507390b482b2705ebf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 19:58:50 +0000 Subject: [PATCH 022/109] nixos: system: packages: remove 'wget' --- modules/nixos/system/packages/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index ebea06f..6a78ff6 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -1,5 +1,5 @@ # Common packages -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.system.packages; in @@ -13,10 +13,6 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - wget - ]; - programs = { vim = { enable = true; From 3ac85b87623fb4d64c93c996d21ffac7fd832979 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 29 Nov 2024 14:29:32 +0000 Subject: [PATCH 023/109] home: packages: add 'tree' --- modules/home/packages/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index 1362a06..b0f8d67 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -26,6 +26,7 @@ in fd file ripgrep + tree ] ++ cfg.additionalPackages); nixpkgs.config = { From baa853477d78bfd63cbed78c1d9e703a4d8c3d9d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 2 Dec 2024 20:36:37 +0000 Subject: [PATCH 024/109] nixos: hardware: sound: remove ALSA `sound.enable` was removed from the latest release, and is unnecessary with PulseAudio. --- modules/nixos/hardware/sound/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index e8ba7f7..1cf12cb 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,9 +54,6 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - # ALSA - sound.enable = true; - hardware.pulseaudio.enable = true; }) ]); From ad1cfbd6f03e0b38f690d8563af02c1c04d8b731 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 3 Dec 2024 10:43:09 +0000 Subject: [PATCH 025/109] flake: bump inputs Allow-list the build inputs for `sonarr` until the package is fixed upstream [1]. [1]: https://github.com/NixOS/nixpkgs/issues/360592 --- flake.lock | 18 +++++++++--------- modules/nixos/services/servarr/default.nix | 10 ++++++++++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index cd3f50c..0aeab37 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1733175814, + "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "bf23fe41082aa0289c209169302afd3397092f22", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733015953, + "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1732704680, - "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=", + "lastModified": 1733215745, + "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=", "owner": "nix-community", "repo": "NUR", - "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e", + "rev": "251d756a74e67bda25d89327b01a3da19dddabae", "type": "github" }, "original": { diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..4aa0de7 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -96,5 +96,15 @@ in # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") + + # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved + (lib.mkIf cfg.sonarr.enable { + nixpkgs.config.permittedInsecurePackages = [ + "aspnetcore-runtime-6.0.36" + "aspnetcore-runtime-wrapped-6.0.36" + "dotnet-sdk-6.0.428" + "dotnet-sdk-wrapped-6.0.428" + ]; + }) ]); } From 35c547a090afdf77a1fb42125170649ef1247ab8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 3 Dec 2024 10:43:33 +0000 Subject: [PATCH 026/109] home: tmux: enable focus events Since `tmux-sensible` was disabled by default, we should enable this explicitly now. --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index bb23b44..ae8b8f0 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -48,6 +48,7 @@ in escapeTime = 0; # Let vim do its thing instead historyLimit = 100000; # Bigger buffer mouse = false; # I dislike mouse support + focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info plugins = with pkgs.tmuxPlugins; [ From 19120bca2943d5a03d9116bc547f89197059694b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 8 Dec 2024 16:08:48 -0500 Subject: [PATCH 027/109] nixos: hardware: graphics: use 'initrd' option --- modules/nixos/hardware/graphics/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/hardware/graphics/default.nix b/modules/nixos/hardware/graphics/default.nix index 89bb1cd..7d8b359 100644 --- a/modules/nixos/hardware/graphics/default.nix +++ b/modules/nixos/hardware/graphics/default.nix @@ -33,9 +33,8 @@ in # AMD GPU (lib.mkIf (cfg.gpuFlavor == "amd") { - boot.initrd.kernelModules = lib.mkIf cfg.amd.enableKernelModule [ "amdgpu" ]; - hardware.amdgpu = { + initrd.enable = cfg.amd.enableKernelModule; # Vulkan amdvlk = lib.mkIf cfg.amd.amdvlk { enable = true; From cb5eb68d35ce1a70c8d7b8560b23586f065c79e1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Dec 2024 00:46:47 +0100 Subject: [PATCH 028/109] flake: bump inputs And fix deprecated NUR overlay attribute. --- flake.lock | 60 +++++++++++++++++++++++++++++++----------- flake.nix | 4 +++ flake/home-manager.nix | 2 +- flake/nixos.nix | 2 +- 4 files changed, 51 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 0aeab37..0db428a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1733873195, + "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733015953, - "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=", + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "type": "github" }, "original": { @@ -167,12 +167,21 @@ } }, "nur": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, "locked": { - "lastModified": 1733215745, - "narHash": "sha256-RIlhnKlObJ1sEdzBP6Nuy4jLUiQnmWWXVsRHRbv6SzY=", + "lastModified": 1733873876, + "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=", "owner": "nix-community", "repo": "NUR", - "rev": "251d756a74e67bda25d89327b01a3da19dddabae", + "rev": "77c8486c65517272727884ca62b9322092f4f643", "type": "github" }, "original": { @@ -194,11 +203,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1733665616, + "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", "type": "github" }, "original": { @@ -235,6 +244,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a07ee15..f0bb79c 100644 --- a/flake.nix +++ b/flake.nix @@ -55,6 +55,10 @@ owner = "nix-community"; repo = "NUR"; ref = "master"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + }; }; pre-commit-hooks = { diff --git a/flake/home-manager.nix b/flake/home-manager.nix index 34af375..add889e 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -25,7 +25,7 @@ let inherit system; overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; }; diff --git a/flake/nixos.nix b/flake/nixos.nix index b48b551..fa656dc 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -7,7 +7,7 @@ let } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlay + inputs.nur.overlays.default ]; } # Include generic settings From c5a375d1657cac9ed2b2aa449c9380298a390ad7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 11 Dec 2024 00:48:54 +0100 Subject: [PATCH 029/109] nixos: services: paperless: use automatic DB setup That way I don't have to worry about the `postgresql.service` dependency anymore :-). --- modules/nixos/services/paperless/default.nix | 40 ++------------------ 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c8967e1..63f456b 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -61,11 +61,6 @@ in PAPERLESS_ENABLE_HTTP_REMOTE_USER = true; PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER"; - # Use PostgreSQL - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBUSER = "paperless"; - PAPERLESS_DBNAME = "paperless"; - # Security settings PAPERLESS_ALLOWED_HOSTS = paperlessDomain; PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}"; @@ -87,40 +82,11 @@ in # Secret key environmentFile = cfg.secretKeyFile; - }; - systemd.services = { - paperless-scheduler = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + # Automatic PostgreSQL provisioning + database = { + createLocally = true; }; - - paperless-consumer = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - - paperless-web = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - - paperless-task-queue = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; - }; - - # Set-up database - services.postgresql = { - enable = true; - ensureDatabases = [ "paperless" ]; - ensureUsers = [ - { - name = "paperless"; - ensureDBOwnership = true; - } - ]; }; # Set-up media group From b2d2ff179840437f5659102c03356a112c2c24df Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Dec 2024 00:19:31 +0100 Subject: [PATCH 030/109] nixos: services: postgres: fix renamed option --- modules/nixos/services/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index bbe46d4..3dcf6d1 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -27,11 +27,11 @@ in oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldData = pgCfg.dataDir; - oldBin = "${if pgCfg.extraPlugins == [] then oldPackage else oldPackage.withPackages pgCfg.extraPlugins}/bin"; + oldBin = "${if pgCfg.extensions == [] then oldPackage else oldPackage.withPackages pgCfg.extensions}/bin"; newPackage = if pgCfg.enableJIT then newPackage'.withJIT else newPackage'; newData = "/var/lib/postgresql/${newPackage.psqlSchema}"; - newBin = "${if pgCfg.extraPlugins == [] then newPackage else newPackage.withPackages pgCfg.extraPlugins}/bin"; + newBin = "${if pgCfg.extensions == [] then newPackage else newPackage.withPackages pgCfg.extensions}/bin"; in [ (pkgs.writeScriptBin "upgrade-pg-cluster" '' From dec5dabf02ed6a901f9f9feb97ffcd8973e54237 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 16 Dec 2024 00:20:18 +0100 Subject: [PATCH 031/109] modules: services: postgres: upgrade version --- modules/nixos/services/postgresql/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index 3dcf6d1..1dca164 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -14,7 +14,7 @@ in # Let other services enable postgres when they need it (lib.mkIf cfg.enable { services.postgresql = { - package = pkgs.postgresql_13; + package = pkgs.postgresql_17; }; }) @@ -23,7 +23,7 @@ in environment.systemPackages = let pgCfg = config.services.postgresql; - newPackage' = pkgs.postgresql_13; + newPackage' = pkgs.postgresql_17; oldPackage = if pgCfg.enableJIT then pgCfg.package.withJIT else pgCfg.package; oldData = pgCfg.dataDir; From 747b344b766e22ac7bb3ba4152db60de49cd12be Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 15 Dec 2024 17:50:43 -0500 Subject: [PATCH 032/109] pkgs: remove 'cgt-calc' It's been merged upstream. --- pkgs/cgt-calc/default.nix | 47 --------------------------------------- pkgs/default.nix | 2 -- 2 files changed, 49 deletions(-) delete mode 100644 pkgs/cgt-calc/default.nix diff --git a/pkgs/cgt-calc/default.nix b/pkgs/cgt-calc/default.nix deleted file mode 100644 index 9966944..0000000 --- a/pkgs/cgt-calc/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib -, fetchFromGitHub -, python3Packages -, withTeXLive ? true -, texliveSmall -}: -python3Packages.buildPythonApplication rec { - pname = "cgt-calc"; - version = "1.13.0"; - pyproject = true; - - src = fetchFromGitHub { - owner = "KapJI"; - repo = "capital-gains-calculator"; - rev = "v${version}"; - hash = "sha256-y/Y05wG89nccXyxfjqazyPJhd8dOkfwRJre+Rzx97Hw="; - }; - - build-system = with python3Packages; [ - poetry-core - ]; - - dependencies = with python3Packages; [ - defusedxml - jinja2 - pandas - requests - types-requests - yfinance - ]; - - makeWrapperArgs = lib.optionals withTeXLive [ - "--prefix" - "PATH" - ":" - "${lib.getBin texliveSmall}/bin" - ]; - - meta = with lib; { - description = "UK capital gains tax calculator"; - homepage = "https://github.com/KapJI/capital-gains-calculator"; - license = with licenses; [ mit ]; - mainProgram = "cgt-calc"; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 949bcf7..6b7fce1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -2,8 +2,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { bw-pass = pkgs.callPackage ./bw-pass { }; - cgt-calc = pkgs.callPackage ./cgt-calc { }; - change-audio = pkgs.callPackage ./change-audio { }; change-backlight = pkgs.callPackage ./change-backlight { }; From 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:12:46 -0500 Subject: [PATCH 033/109] overlays: add 'lsp-format-nvim-indentation' To fix the issue I reported upstream [1]. [1]: https://github.com/lukas-reineke/lsp-format.nvim/issues/94 --- overlays/lsp-format-nvim-indentation/default.nix | 4 ++++ overlays/lsp-format-nvim-indentation/generated.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 overlays/lsp-format-nvim-indentation/default.nix create mode 100644 overlays/lsp-format-nvim-indentation/generated.nix diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/lsp-format-nvim-indentation/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix new file mode 100644 index 0000000..1902207 --- /dev/null +++ b/overlays/lsp-format-nvim-indentation/generated.nix @@ -0,0 +1,14 @@ +{ fetchpatch, ... }: + +_final: prev: { + lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: { + patches = (oa.patches or [ ]) ++ [ + # https://github.com/lukas-reineke/lsp-format.nvim/issues/94 + (fetchpatch { + name = "use-effective-indentation"; + url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch"; + hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk="; + }) + ]; + }); +} From 322fbc970b12c187eb32a3c6ea57fe81cb4625db Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:14:16 -0500 Subject: [PATCH 034/109] home: vim: lsp: rely on 'bashls' formatting I finally figured out why I was getting the wrong indentation, turns out it was an issue in `lsp-format.nvim`. With that fixed/worked around, I can now rely completely on `bash-language-server` for formatting. I'll also rely on `shfmt` automatically detecting the type of file, as (Neo)Vim cannot be made to reliably set `ft=bash` for Bash scripts and `ft=sh` for POSIX shell. Finally, I removed spaces after redirections, I've now come around to liking the default (no spaces) better. --- .../home/vim/plugin/settings/lspconfig.lua | 10 +++++++ modules/home/vim/plugin/settings/null-ls.lua | 26 ------------------- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 9e9425c..1f9abfd 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -74,6 +74,16 @@ if utils.is_executable("bash-language-server") then filetypes = { "bash", "sh", "zsh" }, capabilities = capabilities, on_attach = lsp.on_attach, + settings = { + bashIde = { + shfmt = { + -- Simplify the code + simplifyCode = true, + -- Indent switch cases + caseIndent = true, + }, + }, + }, }) end diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index eadf16a..258a209 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -46,29 +46,3 @@ null_ls.register({ condition = utils.is_executable_condition("isort"), }), }) - --- Shell (non-POSIX) -null_ls.register({ - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use bash dialect - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "bash" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) - --- Shell (POSIX) -null_ls.register({ - null_ls.builtins.formatting.shfmt.with({ - -- Indent with 4 spaces, simplify the code, indent switch cases, - -- add space after redirection, use POSIX - extra_args = { "-i", "4", "-s", "-ci", "-sr", "-ln", "posix" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shfmt"), - }), -}) From f4f1aad1c08bc232908cb8ce3e3ee2a0b6c38645 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:33:22 -0500 Subject: [PATCH 035/109] pkgs: fix shell formatting Ran `shfmt --write --indent 4 --simplify --case-indent`, in accordance with my editor settings. --- pkgs/bw-pass/bw-pass | 2 +- pkgs/change-audio/change-audio | 2 +- pkgs/diff-flake/diff-flake | 14 +++++++------- pkgs/osc52/osc52 | 2 +- pkgs/osc777/osc777 | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkgs/bw-pass/bw-pass b/pkgs/bw-pass/bw-pass index 124714a..0e974b7 100755 --- a/pkgs/bw-pass/bw-pass +++ b/pkgs/bw-pass/bw-pass @@ -66,7 +66,7 @@ query_password() { printf '%s\n' "$PASSWORD" } -if [ $# -lt 1 ] || [ $# -gt 2 ]; then +if [ $# -lt 1 ] || [ $# -gt 2 ]; then usage exit 1 fi diff --git a/pkgs/change-audio/change-audio b/pkgs/change-audio/change-audio index 612fecf..5a1fb9c 100755 --- a/pkgs/change-audio/change-audio +++ b/pkgs/change-audio/change-audio @@ -62,7 +62,7 @@ do_toggle() { } case "$1" in - up|down) + up | down) do_change_volume "$@" ;; toggle) diff --git a/pkgs/diff-flake/diff-flake b/pkgs/diff-flake/diff-flake index 0572b4e..a2a3513 100755 --- a/pkgs/diff-flake/diff-flake +++ b/pkgs/diff-flake/diff-flake @@ -81,23 +81,23 @@ parse_args() { shift case "$opt" in - -h|--help) + -h | --help) usage exit ;; - -f|--flake-output) + -f | --flake-output) FLAKE_OUTPUTS+=("$1") shift ;; - -o|--output) + -o | --output) OUTPUT_FILE="$1" shift ;; - -n|--new-rev) + -n | --new-rev) NEW_REV="$(git rev-parse "$1")" shift ;; - -p|--previous-rev) + -p | --previous-rev) PREVIOUS_REV="$(git rev-parse "$1")" shift ;; @@ -157,7 +157,7 @@ list_dev_shells() { } diff_output() { - local PREV NEW; + local PREV NEW PREV="$(mktemp --dry-run)" NEW="$(mktemp --dry-run)" @@ -169,7 +169,7 @@ diff_output() { printf 'Closure diff for `%s`:\n```\n' "$1" nix store diff-closures "$PREV" "$NEW" | sanitize_output printf '```\n\n' - } >> "$OUTPUT_FILE" + } >>"$OUTPUT_FILE" } parse_args "$@" diff --git a/pkgs/osc52/osc52 b/pkgs/osc52/osc52 index f64ccb6..de3a982 100755 --- a/pkgs/osc52/osc52 +++ b/pkgs/osc52/osc52 @@ -15,7 +15,7 @@ usage() { exec 1>&2 fi - cat << EOF + cat <&2 fi - cat << EOF + cat < Send a notification (title and message) to the host system using the OSC 777 escape sequence: From c75a307c58f3280fa326f764a1517a04e37898ec Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:39:15 -0500 Subject: [PATCH 036/109] home: wm: i3: fix 'pavucontrol' float --- modules/home/wm/i3/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index c432864..ec4f87f 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -127,7 +127,7 @@ in { class = "^Blueman-.*$"; } { title = "^htop$"; } { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } - { class = "^Pavucontrol.*$"; } + { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = ".?blueman-manager.*$"; } ]; From ead8101b8d94e88dd648a694d117bc8f4f10fcd7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:45:52 -0500 Subject: [PATCH 037/109] home: wm: i3: match 'blueman' float explicitly This is more of a work-around due to the wrapper in nixpkgs' packaging of that application, so might as well make that explicit and narrow. --- modules/home/wm/i3/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index ec4f87f..92d1381 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -129,7 +129,7 @@ in { class = "^Thunderbird$"; instance = "Mailnews"; window_role = "filterlist"; } { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } - { class = ".?blueman-manager.*$"; } + { class = "^\\.blueman-manager-wrapped$"; } ]; }; From b7b6705391fccf00ca277f57bb8b730fc0e78bf1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Dec 2024 20:47:24 -0500 Subject: [PATCH 038/109] home: wm: i3: make 'arandr' float Another work-around due to a wrapper in nixpkgs. --- modules/home/wm/i3/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/wm/i3/default.nix b/modules/home/wm/i3/default.nix index 92d1381..029a14b 100644 --- a/modules/home/wm/i3/default.nix +++ b/modules/home/wm/i3/default.nix @@ -130,6 +130,7 @@ in { class = "^pavucontrol.*$"; } { class = "^Arandr$"; } { class = "^\\.blueman-manager-wrapped$"; } + { class = "^\\.arandr-wrapped$"; } ]; }; From 5cae5632d31be145211fb927eed6af24216db3b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 21 Dec 2024 17:06:37 -0500 Subject: [PATCH 039/109] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0db428a..bc1d34b 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1733873195, - "narHash": "sha256-dTosiZ3sZ/NKoLKQ++v8nZdEHya0eTNEsaizNp+MUPM=", + "lastModified": 1734808199, + "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", "owner": "nix-community", "repo": "home-manager", - "rev": "f26aa4b76fb7606127032d33ac73d7d507d82758", + "rev": "f342df3ad938f205a913973b832f52c12546aac6", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1733873876, - "narHash": "sha256-6YHWh0+E74hBiH0N+LeZPSWRvbmudF6mtEtFpRo3LWc=", + "lastModified": 1734810357, + "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=", "owner": "nix-community", "repo": "NUR", - "rev": "77c8486c65517272727884ca62b9322092f4f643", + "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1733665616, - "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", + "lastModified": 1734797603, + "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", + "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", "type": "github" }, "original": { From e65b3ed1fc7977b9214c5bdbe1369c3decc96454 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 23 Dec 2024 22:42:42 -0500 Subject: [PATCH 040/109] home: vim: ftplugin: add query --- modules/home/vim/after/ftplugin/query.vim | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/ftplugin/query.vim diff --git a/modules/home/vim/after/ftplugin/query.vim b/modules/home/vim/after/ftplugin/query.vim new file mode 100644 index 0000000..fd2ac73 --- /dev/null +++ b/modules/home/vim/after/ftplugin/query.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Use a small indentation value on query files +setlocal shiftwidth=2 +let b:undo_ftplugin.='|setlocal shiftwidth<' From 2996481327151763beece5cc24acb7913c2a5399 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 28 Dec 2024 13:24:21 -0500 Subject: [PATCH 041/109] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index bc1d34b..a1385ba 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1734808199, - "narHash": "sha256-MxlUcLjE8xLbrI1SJ2B2jftlg4wdutEILa3fgqwA98I=", + "lastModified": 1735381016, + "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "f342df3ad938f205a913973b832f52c12546aac6", + "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1735291276, + "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1734810357, - "narHash": "sha256-Oa6d+y1/PVaPrZ/GYwvmTK9kSrc5Qx/8D3DFN2TzpVA=", + "lastModified": 1735408823, + "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", "owner": "nix-community", "repo": "NUR", - "rev": "e7b7b92a7c97a91f1465ab433bbdf6d00df1db8e", + "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", "type": "github" }, "original": { From 9c50691ede84ad83e1d7fa4dc3334f38cee08630 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 28 Dec 2024 13:28:03 -0500 Subject: [PATCH 042/109] nixos: services: nginx: sso: use upstream module It's finally been merged, so let's get rid of this module. --- modules/nixos/services/nginx/default.nix | 4 - modules/nixos/services/nginx/sso/default.nix | 84 -------------------- 2 files changed, 88 deletions(-) delete mode 100644 modules/nixos/services/nginx/sso/default.nix diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 3bba9f4..cb27604 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -87,10 +87,6 @@ let }); in { - imports = [ - ./sso - ]; - options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; diff --git a/modules/nixos/services/nginx/sso/default.nix b/modules/nixos/services/nginx/sso/default.nix deleted file mode 100644 index d60e31b..0000000 --- a/modules/nixos/services/nginx/sso/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -# I must override the module to allow having runtime secrets -{ config, lib, pkgs, utils, ... }: -let - cfg = config.services.nginx.sso; - pkg = lib.getBin cfg.package; - confPath = "/var/lib/nginx-sso/config.json"; -in -{ - disabledModules = [ "services/security/nginx-sso.nix" ]; - - - options.services.nginx.sso = with lib; { - enable = mkEnableOption "nginx-sso service"; - - package = mkOption { - type = types.package; - default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; - description = '' - The nginx-sso package that should be used. - ''; - }; - - configuration = mkOption { - type = types.attrsOf types.unspecified; - default = { }; - example = literalExample '' - { - listen = { addr = "127.0.0.1"; port = 8080; }; - - providers.token.tokens = { - myuser = "MyToken"; - }; - - acl = { - rule_sets = [ - { - rules = [ { field = "x-application"; equals = "MyApp"; } ]; - allow = [ "myuser" ]; - } - ]; - }; - } - ''; - description = '' - nginx-sso configuration - (documentation) - as a Nix attribute set. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - systemd.services.nginx-sso = { - description = "Nginx SSO Backend"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - StateDirectory = "nginx-sso"; - WorkingDirectory = "/var/lib/nginx-sso"; - # The files to be merged might not have the correct permissions - ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" '' - rm -f '${confPath}' - ${utils.genJqSecretsReplacementSnippet cfg.configuration confPath} - ''; - ExecStart = lib.mkForce '' - ${lib.getExe pkg} \ - --config ${confPath} \ - --frontend-dir ${pkg}/share/frontend - ''; - Restart = "always"; - User = "nginx-sso"; - Group = "nginx-sso"; - }; - }; - - users.users.nginx-sso = { - isSystemUser = true; - group = "nginx-sso"; - }; - - users.groups.nginx-sso = { }; - }; -} From debf061dd2f03d166b543da5a182b2645d90a6b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:35:20 +0000 Subject: [PATCH 043/109] treewide: add 'shell=bash' for '.envrc' files Looks like the `shellcheck` pre-commit hook starting running on those files as well. --- .envrc | 1 + templates/c++-cmake/.envrc | 1 + templates/c++-meson/.envrc | 1 + templates/rust-cargo/.envrc | 1 + 4 files changed, 4 insertions(+) mode change 100644 => 100755 templates/c++-cmake/.envrc diff --git a/.envrc b/.envrc index f5141c2..a6b1f81 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-cmake/.envrc b/templates/c++-cmake/.envrc old mode 100644 new mode 100755 index de77fcb..390d06d --- a/templates/c++-cmake/.envrc +++ b/templates/c++-cmake/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/c++-meson/.envrc b/templates/c++-meson/.envrc index de77fcb..390d06d 100644 --- a/templates/c++-meson/.envrc +++ b/templates/c++-meson/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi diff --git a/templates/rust-cargo/.envrc b/templates/rust-cargo/.envrc index de77fcb..390d06d 100644 --- a/templates/rust-cargo/.envrc +++ b/templates/rust-cargo/.envrc @@ -1,3 +1,4 @@ +# shellcheck shell=bash if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" fi From 2cf14c92d33bf47db9856932e9cb4a6ce92ad4fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:37:07 +0000 Subject: [PATCH 044/109] flake: bump inputs --- flake.lock | 33 +++++++++++++++------------------ flake.nix | 1 - 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index a1385ba..a95fb34 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1735381016, - "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735291276, - "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=", + "lastModified": 1736701207, + "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "634fd46801442d760e09493a794c4f15db2d0cbb", + "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1735408823, - "narHash": "sha256-1VjQeMQer5nXNYtw+BG+s78ucaEoxO5oqj+yRmM8MMs=", + "lastModified": 1736786866, + "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=", "owner": "nix-community", "repo": "NUR", - "rev": "8283ea92deac8cdb6fd63ff04049ac9e879bf5eb", + "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891", "type": "github" }, "original": { @@ -197,17 +197,14 @@ "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" ] }, "locked": { - "lastModified": 1734797603, - "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=", + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f0bb79c..afd3c80 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,6 @@ ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; }; }; From 9f2ed2ae5a5348cd2c97acc95be795a24d0bbe14 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:37:41 +0000 Subject: [PATCH 045/109] nixos: hardware: fix renamed 'pulseaudio' config --- modules/nixos/hardware/bluetooth/default.nix | 2 +- modules/nixos/hardware/sound/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index e9b1991..b14ac21 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -20,7 +20,7 @@ in # Support for additional bluetooth codecs (lib.mkIf cfg.loadExtraCodecs { - hardware.pulseaudio = { + services.pulseaudio = { extraModules = [ pkgs.pulseaudio-modules-bt ]; package = pkgs.pulseaudioFull; }; diff --git a/modules/nixos/hardware/sound/default.nix b/modules/nixos/hardware/sound/default.nix index 1cf12cb..cd453de 100644 --- a/modules/nixos/hardware/sound/default.nix +++ b/modules/nixos/hardware/sound/default.nix @@ -54,7 +54,7 @@ in # Pulseaudio setup (lib.mkIf cfg.pulse.enable { - hardware.pulseaudio.enable = true; + services.pulseaudio.enable = true; }) ]); } From c99b5b2532cc1654a38bca9cd2ad7460f35aa278 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 13 Jan 2025 17:38:05 +0000 Subject: [PATCH 046/109] nixos: services: komga: use 'settings' --- modules/nixos/services/komga/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index e1dc780..160d6ce 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -21,10 +21,10 @@ in inherit (cfg) port; group = "media"; - }; - systemd.services.komga.environment = { - LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban + settings = { + logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban + }; }; # Set-up media group From f08787625b73ce88487303814e13e7355721dddd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 28 Jan 2025 12:34:20 +0000 Subject: [PATCH 047/109] flake: bump inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a95fb34..8884f79 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1736785676, - "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", + "lastModified": 1737968762, + "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", + "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736701207, - "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736786866, - "narHash": "sha256-JaWZU7wFWsI4rGAemVciyhTxadaZyubJpLqupKLZUtI=", + "lastModified": 1738059992, + "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=", "owner": "nix-community", "repo": "NUR", - "rev": "16ff3063cb4a4cf6fb5f48ca7dc55c27f2ea4891", + "rev": "c46c836963685acbd2430439f859b60f230b3643", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { From 1540483955f38bb57af7706c7e458378028e36f4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 30 Jan 2025 13:06:49 +0100 Subject: [PATCH 048/109] nixos: services: komga: fix deprecated option --- modules/nixos/services/komga/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index 160d6ce..9af3cd1 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -18,11 +18,11 @@ in config = lib.mkIf cfg.enable { services.komga = { enable = true; - inherit (cfg) port; group = "media"; settings = { + server.port = cfg.port; logging.level.org.gotson.komga = "DEBUG"; # Needed for fail2ban }; }; From 533e3b9a9f198d1a8168060db694f3a6ae6464b0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 29 Jan 2025 19:14:54 +0100 Subject: [PATCH 049/109] nixos: services: add homebox --- modules/nixos/services/default.nix | 1 + modules/nixos/services/homebox/default.nix | 42 ++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 modules/nixos/services/homebox/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 651f3f8..3992385 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -14,6 +14,7 @@ ./forgejo ./gitea ./grocy + ./homebox ./indexers ./jellyfin ./komga diff --git a/modules/nixos/services/homebox/default.nix b/modules/nixos/services/homebox/default.nix new file mode 100644 index 0000000..d79e331 --- /dev/null +++ b/modules/nixos/services/homebox/default.nix @@ -0,0 +1,42 @@ +# Home inventory made easy +{ config, lib, ... }: +let + cfg = config.my.services.homebox; +in +{ + options.my.services.homebox = with lib; { + enable = mkEnableOption "Homebox home inventory"; + + port = mkOption { + type = types.port; + default = 7745; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.homebox = { + enable = true; + + settings = { + # FIXME: mailer? + HBOX_WEB_PORT = toString cfg.port; + }; + }; + + my.services.nginx.virtualHosts = { + homebox = { + inherit (cfg) port; + }; + }; + + my.services.backup = { + paths = [ + config.services.homebox.settings.HBOX_STORAGE_DATA + ]; + }; + + # NOTE: unfortunately homebox does not log connection failures for fail2ban + }; +} From 2cbcbb7b3a6819a66c7e2fb84a623e6bea087d35 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 4 Feb 2025 15:15:28 +0000 Subject: [PATCH 050/109] home: secrets: fix path to 'keys' --- modules/home/secrets/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/secrets/secrets.nix b/modules/home/secrets/secrets.nix index f474342..27cdb4e 100644 --- a/modules/home/secrets/secrets.nix +++ b/modules/home/secrets/secrets.nix @@ -1,6 +1,6 @@ # Common secrets let - keys = import ../../keys; + keys = import ../../../keys; all = builtins.attrValues keys.users; in From 9c4d853037aaca039709c7bd013738b5528e31fe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Feb 2025 11:28:27 +0000 Subject: [PATCH 051/109] home: secrets: github: update token --- modules/home/secrets/github/token.age | Bin 369 -> 253 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/modules/home/secrets/github/token.age b/modules/home/secrets/github/token.age index 1d36ccdc3cc89a5b9c5bd9df4e8b62445fe4b3b0..3e8bb5a8329daf21e005a46c76ade14a887d5952 100644 GIT binary patch delta 217 zcmey!^p|mhPJO9wfw_@)QdN0wwn1o$iD_`MPquGrqD5eZwnt=ogkNHcrDcY;t7THQ zFPCqzYm`%&fs3WThev@yg-ft$REC*}p?+?0MMZ`|NL5LoS5$JTS4Mt*B$uwPu7YEx zn{i%RYEYhwWnN@KRgR^PTUbV9eoC5aZlYO=SypmIL{Mdjxk-U@peGk^#jIn8)9!jl zD=c=X^7Ym#tkv=mzIfc}u-Q)8ry`Fp%Cxecmb~(l>&(K)4JmrZW=LuO*_m_GTgBny T^33`v>=u2U1}$?cyY#C8DZ^1= delta 334 zcmey%_>pOXPJKpUxwlJVUanhtPOxD_rb)S{n?Y5MNuIlpb6#+2q@jyRm`hSpfk|>j zHdkbDP*spmzGYHXj+s|Usb`6&V`;9Zk%g0aqCr(^rJJdfn`KtEr&FO(AeXM4LSaf- zS!Ax6ZhBE_VsWa1l7Y2?k)=YQf`7gaSGGyITe5p{czu#dXhEP~Mq*BgV{u|?QfgkF zxrd{3RAgkKv42^KQCMlYSxI3*uz{0fq?fOYiFU3*sE12RMm|?YcxsMch*_$8VS#^C zYCup?KslGLuC9W4R$57(b9hQrj-gR;L~==XRc=LYv9?c%r+c Date: Wed, 12 Feb 2025 14:26:07 +0000 Subject: [PATCH 052/109] pkgs: lohr: use 'useFetchCargoVendor' The previous fetcher is in the process of being deprecated. --- pkgs/lohr/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/lohr/default.nix b/pkgs/lohr/default.nix index b89ccff..aeb13b1 100644 --- a/pkgs/lohr/default.nix +++ b/pkgs/lohr/default.nix @@ -10,7 +10,8 @@ rustPlatform.buildRustPackage rec { hash = "sha256-dunQgtap+XCK5LoSyOqIY/6p6HizBeiyPWNuCffwjDU="; }; - cargoHash = "sha256-EUhyrhPe+mUgMmm4o+bxRIiSNReJRfw+/O1fPr8r7lo="; + useFetchCargoVendor = true; + cargoHash = "sha256-R3/N/43+bGx6acE/rhBcrk6kS5zQu8NJ1sVvKJJkK9w="; meta = with lib; { description = "Git mirroring daemon"; From 40a841031fe465b7225927d1d493627e547cab59 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:27:15 +0000 Subject: [PATCH 053/109] flake: bump inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8884f79..b7ca708 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1737968762, - "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", + "lastModified": 1739314552, + "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", + "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1738059992, - "narHash": "sha256-VeNLLucQTlED2cqD3uofh968tm7u7UgwCdY5+jo/BSc=", + "lastModified": 1739229047, + "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=", "owner": "nix-community", "repo": "NUR", - "rev": "c46c836963685acbd2430439f859b60f230b3643", + "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b", "type": "github" }, "original": { From 374886a63f01f2f736ce4502e61ba017403a77fc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:30:00 +0000 Subject: [PATCH 054/109] nixos: services: servarr: remove build work-around It's been fixed upstream. This partially reverts commit ad1cfbd6f03e0b38f690d8563af02c1c04d8b731. --- modules/nixos/services/servarr/default.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 4aa0de7..e25d9cf 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -96,15 +96,5 @@ in # Sonarr for shows (mkFullConfig "sonarr") (mkFail2Ban "sonarr") - - # HACK: until https://github.com/NixOS/nixpkgs/issues/360592 is resolved - (lib.mkIf cfg.sonarr.enable { - nixpkgs.config.permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; - }) ]); } From 80b4c9ffcd8e610e39e473a6425001e9e939386f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 12 Feb 2025 14:31:20 +0000 Subject: [PATCH 055/109] home: mail: accounts: use 'migadu' flavor --- modules/home/mail/accounts/default.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/modules/home/mail/accounts/default.nix b/modules/home/mail/accounts/default.nix index 202b9bc..5216ad5 100644 --- a/modules/home/mail/accounts/default.nix +++ b/modules/home/mail/accounts/default.nix @@ -26,20 +26,7 @@ let }; migaduConfig = { - imap = { - host = "imap.migadu.com"; - port = 993; - tls = { - enable = true; - }; - }; - smtp = { - host = "smtp.migadu.com"; - port = 465; - tls = { - enable = true; - }; - }; + flavor = "migadu.com"; }; gmailConfig = { From f474c033d5d89d9cf84bbc18f878eb1bb9fed4d3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 14:40:39 +0000 Subject: [PATCH 056/109] nixos: services: nginx: remove zstd compression The zstd module is unmaintained and buggy, remove it preventively. The option itself will probably be removed soon [1]. [1]: https://github.com/NixOS/nixpkgs/pull/381678 --- modules/nixos/services/nginx/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index cb27604..1e9e38a 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -253,7 +253,6 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - recommendedZstdSettings = true; virtualHosts = let From 8f5be69a4e297c8289399ae09b805090042ebfcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Feb 2025 15:33:40 +0100 Subject: [PATCH 057/109] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b7ca708..c4ae7ba 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1739314552, - "narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=", + "lastModified": 1739790043, + "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd", + "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739580444, + "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "8bb37161a0488b89830168b81c48aed11569cb93", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739229047, - "narHash": "sha256-sSTgA86wdk8d544c2+gzrfvVPHQF4mbsomvLOW2thn0=", + "lastModified": 1739796551, + "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=", "owner": "nix-community", "repo": "NUR", - "rev": "8348d89f30598a73fee7efb4b5d34c3de201e71b", + "rev": "827aa6eeaf92cc085f84947f6c32002792b67497", "type": "github" }, "original": { From 1237ef41742323d88d639877d38cd6ec05d9cf91 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:22:00 +0000 Subject: [PATCH 058/109] home: git: include local configuration properly Using `includes` ensures that the local configuration is included at the end of the configuration file. --- modules/home/git/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 1bb2215..8791cb2 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -123,11 +123,6 @@ in defaultBranch = "main"; }; - # Local configuration, not-versioned - include = { - path = "config.local"; - }; - merge = { conflictStyle = "zdiff3"; }; @@ -167,8 +162,8 @@ in }; }; - # Multiple identities includes = [ + # Multiple identities { condition = "gitdir:~/git/EPITA/"; contents = { @@ -187,6 +182,10 @@ in }; }; } + # Local configuration, not-versioned + { + path = "config.local"; + } ]; ignores = From 337d7309c61e39bd77db6537acde9a301dade42f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 Feb 2025 16:41:54 +0000 Subject: [PATCH 059/109] home: git: use 'mkAfter' for config includes This should ensure that they will be included at the very end of the configuration, even if other modules add more includes. Notably, this ensures that the local configuration can override any other setting. --- modules/home/git/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index 8791cb2..c88008f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -162,7 +162,7 @@ in }; }; - includes = [ + includes = lib.mkAfter [ # Multiple identities { condition = "gitdir:~/git/EPITA/"; From d3a953247c270ca2e771bac5343123c4239c0da3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 14:15:01 +0000 Subject: [PATCH 060/109] home: packages: disable on 'useGlobalPkgs' It doesn't do anything when `useGlobalPkgs` is set, and has started warning about its upcoming deprecation. --- modules/home/packages/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/home/packages/default.nix b/modules/home/packages/default.nix index b0f8d67..43f7111 100644 --- a/modules/home/packages/default.nix +++ b/modules/home/packages/default.nix @@ -1,6 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: let cfg = config.my.home.packages; + useGlobalPkgs = osConfig.home-manager.useGlobalPkgs or false; in { options.my.home.packages = with lib; { @@ -29,7 +30,7 @@ in tree ] ++ cfg.additionalPackages); - nixpkgs.config = { + nixpkgs.config = lib.mkIf (!useGlobalPkgs) { inherit (cfg) allowAliases allowUnfree; }; }; From 852696409a4319a9767814c4483072d4bb9cbd61 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 17:07:43 +0000 Subject: [PATCH 061/109] home: pager: remove 'LESSKEY' It should do the lookup in `$XDG_CONFIG_HOME/lesskey` automatically now. --- modules/home/pager/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index 1119440..a35da2c 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -16,7 +16,6 @@ in LESS = "-R -+X -c"; # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; - LESSKEY = "${config.xdg.configHome}/less/lesskey"; }; }; } From e43570fe5bfa8a6258d11c3eb8f7738cb045a5ce Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Feb 2025 17:04:21 +0000 Subject: [PATCH 062/109] home: pager: allow quitting without screen clear --- modules/home/pager/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/pager/default.nix b/modules/home/pager/default.nix index a35da2c..e84dcb7 100644 --- a/modules/home/pager/default.nix +++ b/modules/home/pager/default.nix @@ -17,5 +17,10 @@ in # Better XDG compliance LESSHISTFILE = "${config.xdg.stateHome}/less/history"; }; + + xdg.configFile."lesskey".text = '' + # Quit without clearing the screen on `Q` + Q toggle-option -!^Predraw-on-quit\nq + ''; }; } From 84f1186b6c6888ed3ebc1fb6072a259e509b3271 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:38:07 +0000 Subject: [PATCH 063/109] home: tmux: add 'enableResurrect' To be used on the cloudtop with its frequent reboots. --- modules/home/tmux/default.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index ae8b8f0..5371643 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -20,6 +20,8 @@ in enablePassthrough = mkEnableOption "tmux DCS passthrough sequence"; + enableResurrect = mkEnableOption "tmux-resurrect plugin"; + terminalFeatures = mkOption { type = with types; attrsOf (submodule { options = { @@ -51,7 +53,7 @@ in focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info - plugins = with pkgs.tmuxPlugins; [ + plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode open # Better pane management @@ -79,6 +81,13 @@ in set -g status-right '#{prefix_highlight} %a %Y-%m-%d %H:%M' ''; } + # Resurrect sessions + (lib.optionalAttrs cfg.enableResurrect { + plugin = resurrect; + extraConfig = '' + set -g @resurrect-dir '${config.xdg.stateHome}/tmux/resurrect' + ''; + }) ]; extraConfig = '' From 105bcbd53a30d349bb68276249a77793ec5f2d19 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:39:46 +0000 Subject: [PATCH 064/109] hosts: home: mousqueton: enable 'tmux-resurrect' --- hosts/homes/ambroisie@mousqueton/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/homes/ambroisie@mousqueton/default.nix b/hosts/homes/ambroisie@mousqueton/default.nix index 44e62e6..37884d7 100644 --- a/hosts/homes/ambroisie@mousqueton/default.nix +++ b/hosts/homes/ambroisie@mousqueton/default.nix @@ -15,6 +15,9 @@ # I use scripts that use the passthrough sequence often on this host enablePassthrough = true; + # Frequent reboots mean that session persistence can be handy + enableResurrect = true; + terminalFeatures = { # HTerm uses `xterm-256color` as its `$TERM`, so use that here xterm-256color = { }; From edeb67238bc24dc982075bb5f6787d8035b578b3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Feb 2025 13:58:02 +0000 Subject: [PATCH 065/109] home: tmux: enable aggressive resize Generally useful, rarely gets in the way, I'd rather have it enabled by default. --- modules/home/tmux/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 5371643..08b9202 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -52,6 +52,7 @@ in mouse = false; # I dislike mouse support focusEvents = true; # Report focus events terminal = "tmux-256color"; # I want accurate termcap info + aggressiveResize = true; # Automatic resize when switching client size plugins = with pkgs.tmuxPlugins; builtins.filter (attr: attr != { }) [ # Open high-lighted files in copy mode From 0dc8ac443313724285d54447330311f3b2e0856b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 12:36:10 +0000 Subject: [PATCH 066/109] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c4ae7ba..bd5cf0a 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1739790043, - "narHash": "sha256-4gK4zdNDQ4PyGFs7B6zp9iPIBy9E+bVJiZ0XAmncvgQ=", + "lastModified": 1740624780, + "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1ea92cdfb85bd7b0995b550581d9fd1c3370bf9", + "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739580444, - "narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=", + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bb37161a0488b89830168b81c48aed11569cb93", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739796551, - "narHash": "sha256-XcTK29rOc0WxcSJDHUK8JQege9CzSVVAcjHdswOVFPA=", + "lastModified": 1740655932, + "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=", "owner": "nix-community", "repo": "NUR", - "rev": "827aa6eeaf92cc085f84947f6c32002792b67497", + "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a", "type": "github" }, "original": { From 88c00bb83d7d83d9af480f9de8027175bdd32ec7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 12:44:10 +0000 Subject: [PATCH 067/109] home: firefox: fix deprecated option --- modules/home/firefox/default.nix | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/modules/home/firefox/default.nix b/modules/home/firefox/default.nix index 02c74f2..6346dc9 100644 --- a/modules/home/firefox/default.nix +++ b/modules/home/firefox/default.nix @@ -61,19 +61,21 @@ in "ui.systemUsesDarkTheme" = true; # Dark mode }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; ([ - bitwarden - consent-o-matic - form-history-control - reddit-comment-collapser - reddit-enhancement-suite - refined-github - sponsorblock - ublock-origin - ] - ++ lib.optional (cfg.tridactyl.enable) tridactyl - ++ lib.optional (cfg.ff2mpv.enable) ff2mpv - ); + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; ([ + bitwarden + consent-o-matic + form-history-control + reddit-comment-collapser + reddit-enhancement-suite + refined-github + sponsorblock + ublock-origin + ] + ++ lib.optional (cfg.tridactyl.enable) tridactyl + ++ lib.optional (cfg.ff2mpv.enable) ff2mpv + ); + }; }; }; }; From ca618b53ccef400567eef305c634854ca16529fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 27 Feb 2025 16:59:15 +0000 Subject: [PATCH 068/109] home: vim: oil: explicitly remove icons They started appearing on the latest bump, it looks like my configuration started including `nvim-web-devicons` (see [1]). I'll probably remove this configuration on the next nixpkgs bump (it's a good canary to check that I *never* include icons in the future). [1]: https://github.com/NixOS/nixpkgs/pull/382668 --- modules/home/vim/plugin/settings/oil.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/plugin/settings/oil.lua b/modules/home/vim/plugin/settings/oil.lua index a160725..74d5007 100644 --- a/modules/home/vim/plugin/settings/oil.lua +++ b/modules/home/vim/plugin/settings/oil.lua @@ -4,6 +4,8 @@ local wk = require("which-key") local detail = false oil.setup({ + -- Don't show icons + columns = {}, view_options = { -- Show files and directories that start with "." by default show_hidden = true, From dc4221fc17fc3d36e75f4d47b6e1a552969ab29f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 17 Mar 2025 13:02:02 +0000 Subject: [PATCH 069/109] flake: bump inputs And remove the overlay for `lsp-format.nvim`, which has been fixed. This reverts commit 92e5fbe7df0c74a33baccfdb9fc82859217e0b3a. --- flake.lock | 30 +++++++++---------- .../lsp-format-nvim-indentation/default.nix | 4 --- .../lsp-format-nvim-indentation/generated.nix | 14 --------- 3 files changed, 15 insertions(+), 33 deletions(-) delete mode 100644 overlays/lsp-format-nvim-indentation/default.nix delete mode 100644 overlays/lsp-format-nvim-indentation/generated.nix diff --git a/flake.lock b/flake.lock index bd5cf0a..6db188a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1740624780, - "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1740655932, - "narHash": "sha256-BSTcgL2C74x0TgVdVEWfIz2SHkwIFMN0Dvv1lCoOhCA=", + "lastModified": 1741294988, + "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", "owner": "nix-community", "repo": "NUR", - "rev": "1ca8ff37f33a560c4a292ed83774434854f0b39a", + "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1742058297, + "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", "type": "github" }, "original": { diff --git a/overlays/lsp-format-nvim-indentation/default.nix b/overlays/lsp-format-nvim-indentation/default.nix deleted file mode 100644 index 832e71d..0000000 --- a/overlays/lsp-format-nvim-indentation/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/lsp-format-nvim-indentation/generated.nix b/overlays/lsp-format-nvim-indentation/generated.nix deleted file mode 100644 index 1902207..0000000 --- a/overlays/lsp-format-nvim-indentation/generated.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ fetchpatch, ... }: - -_final: prev: { - lsp-format-nvim = prev.lsp-format-nvim.overrideAttrs (oa: { - patches = (oa.patches or [ ]) ++ [ - # https://github.com/lukas-reineke/lsp-format.nvim/issues/94 - (fetchpatch { - name = "use-effective-indentation"; - url = "https://github.com/liskin/lsp-format.nvim/commit/3757ac443bdf5bd166673833794553229ee8d939.patch"; - hash = "sha256-Dv+TvXrU/IrrPxz2MSPbLmRxch+qkHbI3AyFMj/ssDk="; - }) - ]; - }); -} From 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 19 Mar 2025 11:45:07 +0000 Subject: [PATCH 070/109] home: git: add 'ignoreRevsFile' I'm surprised I hadn't configured it already. `.git-blame-ignore-revs` is the usual name, as most forges automatically detect and use it. --- modules/home/git/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index c88008f..bd085b8 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -75,6 +75,7 @@ in # Makes it a bit more readable blame = { coloring = "repeatedLines"; + ignoreRevsFile = ".git-blame-ignore-revs"; markIgnoredLines = true; markUnblamables = true; }; From 9156a8211d6388e274698e834d010710d727d425 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 11:47:59 +0000 Subject: [PATCH 071/109] flake: bump inputs --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6db188a..2eff24a 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1742771635, + "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1742058297, - "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { From 6fc81e45e98bcb4190641c53aad62a28cb782367 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 11:58:56 +0000 Subject: [PATCH 072/109] home: zsh: migrate to 'initContent' This also fixes a small ordering issue: my alias definitions used to be defined at the very end of the file, they're now slotted _before_ the `zshrc.local` import. --- modules/home/zsh/default.nix | 40 +++++++++++++++++------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/modules/home/zsh/default.nix b/modules/home/zsh/default.nix index 11b6cb2..f4092d8 100644 --- a/modules/home/zsh/default.nix +++ b/modules/home/zsh/default.nix @@ -87,28 +87,26 @@ in # Modal editing is life, but CLI benefits from emacs gymnastics defaultKeymap = "emacs"; - # Make those happen early to avoid doing double the work - initExtraFirst = lib.mkBefore '' - ${ - lib.optionalString cfg.launchTmux '' - # Launch tmux unless already inside one - if [ -z "$TMUX" ]; then - exec tmux new-session - fi - '' - } - ''; + initContent = lib.mkMerge [ + # Make those happen early to avoid doing double the work + (lib.mkBefore (lib.optionalString cfg.launchTmux '' + # Launch tmux unless already inside one + if [ -z "$TMUX" ]; then + exec tmux new-session + fi + '')) - initExtra = lib.mkAfter '' - source ${./completion-styles.zsh} - source ${./extra-mappings.zsh} - source ${./options.zsh} + (lib.mkAfter '' + source ${./completion-styles.zsh} + source ${./extra-mappings.zsh} + source ${./options.zsh} - # Source local configuration - if [ -f "$ZDOTDIR/zshrc.local" ]; then - source "$ZDOTDIR/zshrc.local" - fi - ''; + # Source local configuration + if [ -f "$ZDOTDIR/zshrc.local" ]; then + source "$ZDOTDIR/zshrc.local" + fi + '') + ]; localVariables = { # I like having the full path @@ -151,7 +149,7 @@ in }; # Use OSC-777 to send the notification through SSH - initExtra = lib.mkIf cfg.notify.ssh.useOsc777 '' + initContent = lib.mkIf cfg.notify.ssh.useOsc777 '' done_send_notification() { local exit_status="$1" local title="$2" From b2758839e8a0fe5cb613542172d6bfd36ba088ee Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 24 Mar 2025 16:51:45 +0000 Subject: [PATCH 073/109] home: vim: lspconfig: add 'harper' Support for more languages is upcoming, I also need to check how to handle custom words/dictionaries. --- modules/home/vim/plugin/settings/lspconfig.lua | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 1f9abfd..f8e65d8 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -96,6 +96,13 @@ if utils.is_executable("starpls") then end -- Generic +if utils.is_executable("harper-ls") then + lspconfig.harper_ls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + if utils.is_executable("typos-lsp") then lspconfig.typos_lsp.setup({ capabilities = capabilities, From abec0dd226d765a54976be0a07442c4ce45b3cdb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Mar 2025 14:30:07 +0000 Subject: [PATCH 074/109] home: git: remove 'ignoreRevsFile' I remember why I didn't set it globally now, it's because `git blame` complains and errors out, rather than silently ignoring the setting, when the file doesn't exist in a repo... This reverts commit 5ae2eacd49042d3c00e3d2e666c355bcb89e10d1. --- modules/home/git/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix index bd085b8..c88008f 100644 --- a/modules/home/git/default.nix +++ b/modules/home/git/default.nix @@ -75,7 +75,6 @@ in # Makes it a bit more readable blame = { coloring = "repeatedLines"; - ignoreRevsFile = ".git-blame-ignore-revs"; markIgnoredLines = true; markUnblamables = true; }; From 458ea144c447cb15ed07351992f9cbe8f74489db Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 25 Mar 2025 16:52:58 +0000 Subject: [PATCH 075/109] home: vim: remove 'fastfold' configuration I missed it in the original commit that removed the plug-in from my configuration... --- modules/home/vim/plugin/settings/fastfold.lua | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/fastfold.lua diff --git a/modules/home/vim/plugin/settings/fastfold.lua b/modules/home/vim/plugin/settings/fastfold.lua deleted file mode 100644 index 78ee937..0000000 --- a/modules/home/vim/plugin/settings/fastfold.lua +++ /dev/null @@ -1,5 +0,0 @@ --- Intercept all fold commands --- stylua: ignore -vim.g.fastfold_fold_command_suffixes = { - "x", "X", "a", "A", "o", "O", "c", "C", "r", "R", "m", "M", "i", "n", "N", -} From 1841ff391d13eb31b3ff670b9c9f4563ecc7140b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 28 Mar 2025 15:27:21 +0000 Subject: [PATCH 076/109] flake: dev-shells: remove redundant 'pre-commit' It's already being installed by the shell hook. --- flake/dev-shells.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake/dev-shells.nix b/flake/dev-shells.nix index d5f5989..87464a4 100644 --- a/flake/dev-shells.nix +++ b/flake/dev-shells.nix @@ -6,7 +6,6 @@ name = "NixOS-config"; nativeBuildInputs = with pkgs; [ - gitAndTools.pre-commit nixpkgs-fmt ]; From 37e88c2707072bc4cc244669c084dccb74b52ab3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 14:41:21 +0000 Subject: [PATCH 077/109] flake: bump inputs And fix the small `jq` breakage. --- flake.lock | 18 +++++++++--------- modules/home/jq/default.nix | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2eff24a..a2d931a 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1742771635, - "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", + "lastModified": 1743607567, + "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", "owner": "nix-community", "repo": "home-manager", - "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", + "rev": "49748c74cdbae03d70381f150b810f92617f23aa", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "type": "github" }, "original": { diff --git a/modules/home/jq/default.nix b/modules/home/jq/default.nix index 57e266f..53e5986 100644 --- a/modules/home/jq/default.nix +++ b/modules/home/jq/default.nix @@ -17,6 +17,7 @@ in strings = "0;32"; arrays = "1;39"; objects = "1;39"; + objectKeys = "1;34"; }; }; } From dfb3c353ecc6e2152dfc2440544db2ffbd99a20b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:15:04 +0000 Subject: [PATCH 078/109] home: vim: remove 'lsp_lines' It's been upstreamed! --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/lsp-lines.lua | 3 --- 2 files changed, 4 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/lsp-lines.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 8e6bd5c..b65e935 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -59,7 +59,6 @@ in # LSP and linting nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration - lsp_lines-nvim # Show diagnostics *over* regions none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects diff --git a/modules/home/vim/plugin/settings/lsp-lines.lua b/modules/home/vim/plugin/settings/lsp-lines.lua deleted file mode 100644 index 9c79818..0000000 --- a/modules/home/vim/plugin/settings/lsp-lines.lua +++ /dev/null @@ -1,3 +0,0 @@ -local lsp_lines = require("lsp_lines") - -lsp_lines.setup() From 274d143031cbc350673c8bed520fa0f2522319c0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:17:59 +0000 Subject: [PATCH 079/109] home: vim: fix deprecated calls --- modules/home/vim/lua/ambroisie/lsp.lua | 17 +++++++---------- modules/home/vim/lua/ambroisie/utils.lua | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index eb53da6..3989202 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -5,14 +5,15 @@ local lsp_format = require("lsp-format") --- Move to the next/previous diagnostic, automatically showing the diagnostics --- float if necessary. ---- @param forward bool whether to go forward or backwards -local function goto_diagnostic(forward) +--- @param count number whether to go count or backwards +local function goto_diagnostic(count) vim.validate({ - forward = { forward, "boolean" }, + count = { count, "number" }, }) local opts = { float = false, + count = count, } -- Only show floating diagnostics if they are otherwise not displayed @@ -21,23 +22,19 @@ local function goto_diagnostic(forward) opts.float = true end - if forward then - vim.diagnostic.goto_next(opts) - else - vim.diagnostic.goto_prev(opts) - end + vim.diagnostic.jump(opts) end --- Move to the next diagnostic, automatically showing the diagnostics float if --- necessary. M.goto_next_diagnostic = function() - goto_diagnostic(true) + goto_diagnostic(1) end --- Move to the previous diagnostic, automatically showing the diagnostics float --- if necessary. M.goto_prev_diagnostic = function() - goto_diagnostic(false) + goto_diagnostic(-1) end --- shared LSP configuration callback diff --git a/modules/home/vim/lua/ambroisie/utils.lua b/modules/home/vim/lua/ambroisie/utils.lua index c9e9292..0ee7c83 100644 --- a/modules/home/vim/lua/ambroisie/utils.lua +++ b/modules/home/vim/lua/ambroisie/utils.lua @@ -38,7 +38,7 @@ end --- @param bufnr int? buffer number --- @return table all active LSP client names M.list_lsp_clients = function(bufnr) - local clients = vim.lsp.get_active_clients({ bufnr = bufnr }) + local clients = vim.lsp.get_clients({ bufnr = bufnr }) local names = {} for _, client in ipairs(clients) do From 4ef1b08f4ee444ab9dcb1513421cf78a79449242 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:55:00 +0000 Subject: [PATCH 080/109] home: vim: lualine: use built-in 'branch' It now supports worktrees correctly (or at least I can't figure out which issue I used to have with it...). As a bonus, it also supports showing the correct branch for an `oil` buffer. This reverts commit 481d5f6f53e1e6ff1d8f29d3ac996af723be2381. --- modules/home/vim/plugin/settings/lualine.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 5219a95..31ad3c4 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -30,7 +30,7 @@ lualine.setup({ { "mode" }, }, lualine_b = { - { "FugitiveHead" }, + { "branch" }, { "filename", symbols = { readonly = "🔒" } }, }, lualine_c = { From c1efc4316d7fe2bedd222d02e148e9ec8f7f6707 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 29 Mar 2025 16:44:00 +0000 Subject: [PATCH 081/109] home: vim: lualine: add custom 'oil' extension I don't like the built-in one. --- modules/home/vim/plugin/settings/lualine.lua | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/home/vim/plugin/settings/lualine.lua b/modules/home/vim/plugin/settings/lualine.lua index 31ad3c4..bbe4647 100644 --- a/modules/home/vim/plugin/settings/lualine.lua +++ b/modules/home/vim/plugin/settings/lualine.lua @@ -1,4 +1,5 @@ local lualine = require("lualine") +local oil = require("oil") local utils = require("ambroisie.utils") local function list_spell_languages() @@ -57,5 +58,21 @@ lualine.setup({ extensions = { "fugitive", "quickfix", + { + sections = { + lualine_a = { + { "mode" }, + }, + lualine_b = { + { "branch" }, + }, + lualine_c = { + function() + return vim.fn.fnamemodify(oil.get_current_dir(), ":~") + end, + }, + }, + filetypes = { "oil" }, + }, }, }) From 262dc48425c2b62305b5202abad20f71cf92aaed Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 2 Apr 2025 20:02:33 +0100 Subject: [PATCH 082/109] home: vim: use default 'diffopt:linematch' It's now been defaulted to `linematch:40` on v0.11. --- modules/home/vim/init.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/vim/init.vim b/modules/home/vim/init.vim index 0b54676..39ef32e 100644 --- a/modules/home/vim/init.vim +++ b/modules/home/vim/init.vim @@ -68,8 +68,6 @@ set listchars=tab:>─,trail:·,nbsp:¤ " Use patience diff set diffopt+=algorithm:patience -" Align similar lines in each hunk -set diffopt+=linematch:50 " Don't redraw when executing macros set lazyredraw From 2583cc6c12817a9f1012ba24bfe32aeb4b7794a3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 3 Apr 2025 21:16:58 +0100 Subject: [PATCH 083/109] home: vim: lua: lsp: add count to diagnostic maps --- modules/home/vim/lua/ambroisie/lsp.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index 3989202..e57bdaf 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -28,13 +28,13 @@ end --- Move to the next diagnostic, automatically showing the diagnostics float if --- necessary. M.goto_next_diagnostic = function() - goto_diagnostic(1) + goto_diagnostic(vim.v.count1) end --- Move to the previous diagnostic, automatically showing the diagnostics float --- if necessary. M.goto_prev_diagnostic = function() - goto_diagnostic(-1) + goto_diagnostic(-vim.v.count1) end --- shared LSP configuration callback From 36aa641ec0d861b7abffc8204b6538b7dc0367a2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 3 Apr 2025 21:23:30 +0100 Subject: [PATCH 084/109] home: vim: rely on built-in diagnostic jump config This reduces the surface area of my configuration. --- .../vim/after/plugin/mappings/unimpaired.lua | 4 -- modules/home/vim/lua/ambroisie/lsp.lua | 38 ++----------------- .../home/vim/plugin/settings/lspconfig.lua | 4 ++ 3 files changed, 8 insertions(+), 38 deletions(-) diff --git a/modules/home/vim/after/plugin/mappings/unimpaired.lua b/modules/home/vim/after/plugin/mappings/unimpaired.lua index 82aab05..765b6b1 100644 --- a/modules/home/vim/after/plugin/mappings/unimpaired.lua +++ b/modules/home/vim/after/plugin/mappings/unimpaired.lua @@ -31,8 +31,6 @@ local keys = { { "[u", desc = "URL encode" }, { "[x", desc = "XML encode" }, { "[y", desc = "C string encode" }, - -- Custom - { "[d", lsp.goto_prev_diagnostic, desc = "Previous diagnostic" }, -- Next { "]", group = "Next" }, @@ -62,8 +60,6 @@ local keys = { { "]u", desc = "URL decode" }, { "]x", desc = "XML decode" }, { "]y", desc = "C string decode" }, - -- Custom - { "]d", lsp.goto_next_diagnostic, desc = "Next diagnostic" }, -- Enable option { "[o", group = "Enable option" }, diff --git a/modules/home/vim/lua/ambroisie/lsp.lua b/modules/home/vim/lua/ambroisie/lsp.lua index e57bdaf..e48de12 100644 --- a/modules/home/vim/lua/ambroisie/lsp.lua +++ b/modules/home/vim/lua/ambroisie/lsp.lua @@ -3,40 +3,6 @@ local M = {} -- Simplified LSP formatting configuration local lsp_format = require("lsp-format") ---- Move to the next/previous diagnostic, automatically showing the diagnostics ---- float if necessary. ---- @param count number whether to go count or backwards -local function goto_diagnostic(count) - vim.validate({ - count = { count, "number" }, - }) - - local opts = { - float = false, - count = count, - } - - -- Only show floating diagnostics if they are otherwise not displayed - local config = vim.diagnostic.config() - if not (config.virtual_text or config.virtual_lines) then - opts.float = true - end - - vim.diagnostic.jump(opts) -end - ---- Move to the next diagnostic, automatically showing the diagnostics float if ---- necessary. -M.goto_next_diagnostic = function() - goto_diagnostic(vim.v.count1) -end - ---- Move to the previous diagnostic, automatically showing the diagnostics float ---- if necessary. -M.goto_prev_diagnostic = function() - goto_diagnostic(-vim.v.count1) -end - --- shared LSP configuration callback --- @param client native client configuration --- @param bufnr int? buffer number of the attached client @@ -76,6 +42,10 @@ M.on_attach = function(client, bufnr) vim.diagnostic.config({ virtual_text = text, virtual_lines = lines, + jump = { + -- Show float on jump if no diagnostic text is otherwise shown + float = not (text or lines), + }, }) end diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index f8e65d8..7817d4c 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -16,6 +16,10 @@ vim.diagnostic.config({ update_in_insert = false, -- Show highest severity first severity_sort = true, + jump = { + -- Show float on diagnostic jumps + float = true, + }, }) -- Inform servers we are able to do completion, snippets, etc... From d48d5c45e04b67e7642ac5f36c5fd1c81f7cd19d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 4 Apr 2025 15:24:43 +0000 Subject: [PATCH 085/109] home: vim: remove 'friendly-snippets' I never use them... --- modules/home/vim/default.nix | 1 - modules/home/vim/plugin/settings/luasnip.lua | 1 - 2 files changed, 2 deletions(-) delete mode 100644 modules/home/vim/plugin/settings/luasnip.lua diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index b65e935..20a74ff 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -66,7 +66,6 @@ in # Completion luasnip # Snippet manager compatible with LSP - friendly-snippets # LSP snippets collection nvim-cmp # Completion engine cmp-async-path # More responsive path completion cmp-buffer # Words from open buffers diff --git a/modules/home/vim/plugin/settings/luasnip.lua b/modules/home/vim/plugin/settings/luasnip.lua deleted file mode 100644 index 80309d7..0000000 --- a/modules/home/vim/plugin/settings/luasnip.lua +++ /dev/null @@ -1 +0,0 @@ -require("luasnip.loaders.from_vscode").lazy_load() From 53569f17a6850d00856ad4788516ff947f8907ad Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:27:04 +0100 Subject: [PATCH 086/109] treewide: pre-commit-hooks.nix renaming --- flake.lock | 50 +++++++++++++++++----------------- flake.nix | 4 +-- flake/checks.nix | 2 +- templates/c++-cmake/flake.nix | 8 +++--- templates/c++-meson/flake.nix | 8 +++--- templates/rust-cargo/flake.nix | 8 +++--- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index a2d931a..353a392 100644 --- a/flake.lock +++ b/flake.lock @@ -108,10 +108,33 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -191,38 +214,15 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "flake-parts": "flake-parts", "futils": "futils", + "git-hooks": "git-hooks", "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", "systems": "systems" } }, diff --git a/flake.nix b/flake.nix index afd3c80..5076729 100644 --- a/flake.nix +++ b/flake.nix @@ -61,10 +61,10 @@ }; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { nixpkgs.follows = "nixpkgs"; diff --git a/flake/checks.nix b/flake/checks.nix index 98e49bd..73e64d5 100644 --- a/flake/checks.nix +++ b/flake/checks.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ - inputs.pre-commit-hooks.flakeModule + inputs.git-hooks.flakeModule ]; perSystem = { ... }: { diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index db3b35c..36fd5ad 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 5957c62..961ba1f 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -69,7 +69,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 6d50369..b9031d9 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -16,10 +16,10 @@ ref = "nixos-unstable"; }; - pre-commit-hooks = { + git-hooks = { type = "github"; owner = "cachix"; - repo = "pre-commit-hooks.nix"; + repo = "git-hooks.nix"; ref = "master"; inputs = { flake-utils.follows = "futils"; @@ -28,7 +28,7 @@ }; }; - outputs = { self, futils, nixpkgs, pre-commit-hooks }: + outputs = { self, futils, nixpkgs, git-hooks }: { overlays = { default = final: _prev: { @@ -60,7 +60,7 @@ ]; }; - pre-commit = pre-commit-hooks.lib.${system}.run { + pre-commit = git-hooks.lib.${system}.run { src = self; hooks = { From 418494004b3479f0e523d3f72eb995aab8dddf41 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:29:51 +0100 Subject: [PATCH 087/109] templates: use 'pre-commit.enabledPackages' --- templates/c++-cmake/flake.nix | 6 +++--- templates/c++-meson/flake.nix | 6 +++--- templates/rust-cargo/flake.nix | 7 +++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index 36fd5ad..eecb007 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index 961ba1f..a435777 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -92,12 +92,12 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clang-tools + self.checks.${system}.pre-commit.enabledPackages ]; inherit (pre-commit) shellHook; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index b9031d9..502d902 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -88,14 +88,13 @@ devShells = { default = pkgs.mkShell { - inputsFrom = with self.packages.${system}; [ - project + inputsFrom = [ + self.packages.${system}.project ]; packages = with pkgs; [ - clippy rust-analyzer - rustfmt + self.checks.${system}.pre-commit.enabledPackages ]; RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; From 62ddec5c2346959e395b42775fbd82284bc8886f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:46:14 +0100 Subject: [PATCH 088/109] templates: remove unused 'follows' --- templates/c++-cmake/flake.nix | 1 - templates/c++-meson/flake.nix | 1 - templates/rust-cargo/flake.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/templates/c++-cmake/flake.nix b/templates/c++-cmake/flake.nix index eecb007..7796f5e 100644 --- a/templates/c++-cmake/flake.nix +++ b/templates/c++-cmake/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/c++-meson/flake.nix b/templates/c++-meson/flake.nix index a435777..cb14eb5 100644 --- a/templates/c++-meson/flake.nix +++ b/templates/c++-meson/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; diff --git a/templates/rust-cargo/flake.nix b/templates/rust-cargo/flake.nix index 502d902..efd8358 100644 --- a/templates/rust-cargo/flake.nix +++ b/templates/rust-cargo/flake.nix @@ -22,7 +22,6 @@ repo = "git-hooks.nix"; ref = "master"; inputs = { - flake-utils.follows = "futils"; nixpkgs.follows = "nixpkgs"; }; }; From ca98b8367c2ae384acd56271696f9a57de7f82f8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 18:18:06 +0100 Subject: [PATCH 089/109] templates: add python-uv --- templates/default.nix | 4 + templates/python-uv/.envrc | 6 ++ templates/python-uv/.gitignore | 6 ++ templates/python-uv/.woodpecker/check.yml | 31 ++++++ templates/python-uv/flake.nix | 112 ++++++++++++++++++++ templates/python-uv/pyproject.toml | 17 +++ templates/python-uv/src/project/__init__.py | 2 + 7 files changed, 178 insertions(+) create mode 100644 templates/python-uv/.envrc create mode 100644 templates/python-uv/.gitignore create mode 100644 templates/python-uv/.woodpecker/check.yml create mode 100644 templates/python-uv/flake.nix create mode 100644 templates/python-uv/pyproject.toml create mode 100644 templates/python-uv/src/project/__init__.py diff --git a/templates/default.nix b/templates/default.nix index 44db753..51864cd 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -7,6 +7,10 @@ path = ./c++-meson; description = "A C++ project using Meson"; }; + "python-uv" = { + path = ./python-uv; + description = "A Python project using uv"; + }; "rust-cargo" = { path = ./rust-cargo; description = "A Rust project using Cargo"; diff --git a/templates/python-uv/.envrc b/templates/python-uv/.envrc new file mode 100644 index 0000000..390d06d --- /dev/null +++ b/templates/python-uv/.envrc @@ -0,0 +1,6 @@ +# shellcheck shell=bash +if ! has nix_direnv_version || ! nix_direnv_version 3.0.0; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.0/direnvrc" "sha256-21TMnI2xWX7HkSTjFFri2UaohXVj854mgvWapWrxRXg=" +fi + +use flake diff --git a/templates/python-uv/.gitignore b/templates/python-uv/.gitignore new file mode 100644 index 0000000..c79d1e8 --- /dev/null +++ b/templates/python-uv/.gitignore @@ -0,0 +1,6 @@ +# Virtual environments +.venv + +# Nix generated files +/.pre-commit-config.yaml +/result diff --git a/templates/python-uv/.woodpecker/check.yml b/templates/python-uv/.woodpecker/check.yml new file mode 100644 index 0000000..272c0e4 --- /dev/null +++ b/templates/python-uv/.woodpecker/check.yml @@ -0,0 +1,31 @@ +labels: + backend: local + +steps: +- name: pre-commit check + image: bash + commands: + - nix develop --command pre-commit run --all + +- name: nix flake check + image: bash + commands: + - nix flake check + +- name: notify + image: bash + environment: + ADDRESS: + from_secret: matrix_homeserver + ROOM: + from_secret: matrix_roomid + USER: + from_secret: matrix_username + PASS: + from_secret: matrix_password + commands: + - nix run github:ambroisie/matrix-notifier + when: + status: + - failure + - success diff --git a/templates/python-uv/flake.nix b/templates/python-uv/flake.nix new file mode 100644 index 0000000..5059e64 --- /dev/null +++ b/templates/python-uv/flake.nix @@ -0,0 +1,112 @@ +{ + description = "A Python project"; + + inputs = { + futils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "main"; + }; + + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "nixos-unstable"; + }; + + git-hooks = { + type = "github"; + owner = "cachix"; + repo = "git-hooks.nix"; + ref = "master"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; + }; + + outputs = { self, futils, nixpkgs, git-hooks }: + { + overlays = { + default = final: _prev: { + project = with final; python3.pkgs.buildPythonApplication { + pname = "project"; + version = (final.lib.importTOML ./pyproject.toml).project.version; + pyproject = true; + + src = self; + + build-system = with python3.pkgs; [ setuptools ]; + + pythonImportsCheck = [ "project" ]; + + meta = with lib; { + description = "A Python project"; + homepage = "https://git.belanyi.fr/ambroisie/project"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + }; + }; + }; + }; + } // futils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + self.overlays.default + ]; + }; + + pre-commit = git-hooks.lib.${system}.run { + src = self; + + hooks = { + mypy = { + enable = true; + }; + + nixpkgs-fmt = { + enable = true; + }; + + ruff = { + enable = true; + }; + + ruff-format = { + enable = true; + }; + }; + }; + in + { + checks = { + inherit (self.packages.${system}) project; + + inherit pre-commit; + }; + + devShells = { + default = pkgs.mkShell { + inputsFrom = [ + self.packages.${system}.project + ]; + + packages = with pkgs; [ + uv + self.checks.${system}.pre-commit.enabledPackages + ]; + + inherit (pre-commit) shellHook; + }; + }; + + packages = futils.lib.flattenTree { + default = pkgs.project; + inherit (pkgs) project; + }; + }); +} diff --git a/templates/python-uv/pyproject.toml b/templates/python-uv/pyproject.toml new file mode 100644 index 0000000..7b2d896 --- /dev/null +++ b/templates/python-uv/pyproject.toml @@ -0,0 +1,17 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + + +[project] +name = "project" +version = "0.0.0" +description = "project description" +requires-python = ">=3.12" +dependencies = [] + +[project.scripts] +project = "project:main" + +[dependency-groups] +dev = [] diff --git a/templates/python-uv/src/project/__init__.py b/templates/python-uv/src/project/__init__.py new file mode 100644 index 0000000..b06117d --- /dev/null +++ b/templates/python-uv/src/project/__init__.py @@ -0,0 +1,2 @@ +def main() -> None: + print("Hello, world!") From 7791ad09073529a8b01e534928fc0c61da139d53 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:00:10 +0000 Subject: [PATCH 090/109] nixos: services: servarr: fix 'enableAll' logic I renamed the option and refactored how it worked to make it more explicit that it enables the entire suite by default, with explicit opt-out of individual components (or fine-grained opt-in as an alternative). --- hosts/nixos/porthos/services.nix | 2 +- modules/nixos/services/servarr/default.nix | 20 +++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ffd150a..021a6ae 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -144,7 +144,7 @@ in sabnzbd.enable = true; # The whole *arr software suite servarr = { - enable = true; + enableAll = true; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..65c409a 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,8 @@ let enable = true; group = "media"; }; + # Set-up media group + users.groups.media = { }; }; mkRedirection = service: { @@ -54,34 +56,30 @@ let in { options.my.services.servarr = { - enable = lib.mkEnableOption "Media automation"; + enableAll = lib.mkEnableOption "media automation suite"; bazarr = { - enable = lib.my.mkDisableOption "Bazarr"; + enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; }; lidarr = { - enable = lib.my.mkDisableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; radarr = { - enable = lib.my.mkDisableOption "Radarr"; + enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; }; readarr = { - enable = lib.my.mkDisableOption "Readarr"; + enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; }; sonarr = { - enable = lib.my.mkDisableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # Set-up media group - users.groups.media = { }; - } + config = (lib.mkMerge [ # Bazarr does not log authentication failures... (mkFullConfig "bazarr") # Lidarr for music From 860c13ab1f456bc37ef092453c75c09ee08fc950 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:51:21 +0000 Subject: [PATCH 091/109] nixos: services: servarr: extract bazarr It's not an actual *arr package, but closely related to them. Extract its configuration to a sub-module. --- modules/nixos/services/servarr/bazarr.nix | 29 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 11 +++----- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 modules/nixos/services/servarr/bazarr.nix diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix new file mode 100644 index 0000000..2d27c95 --- /dev/null +++ b/modules/nixos/services/servarr/bazarr.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.bazarr; +in +{ + options.my.services.servarr.bazarr = with lib; { + enable = lib.mkEnableOption "Bazarr" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.bazarr = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + bazarr = { + port = 6767; + }; + }; + + # Bazarr does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 65c409a..53fd14b 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,7 +7,6 @@ let cfg = config.my.services.servarr; ports = { - bazarr = 6767; lidarr = 8686; radarr = 7878; readarr = 8787; @@ -55,13 +54,13 @@ let ]); in { + imports = [ + ./bazarr.nix + ]; + options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - bazarr = { - enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; - }; - lidarr = { enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; @@ -80,8 +79,6 @@ in }; config = (lib.mkMerge [ - # Bazarr does not log authentication failures... - (mkFullConfig "bazarr") # Lidarr for music (mkFullConfig "lidarr") (mkFail2Ban "lidarr") From 1f876d3e214081aa3bd006a9b78fe5772473c382 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:53:32 +0000 Subject: [PATCH 092/109] nixos: services: servarr: bazarr: add 'port' --- modules/nixos/services/servarr/bazarr.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix index 2d27c95..637da0c 100644 --- a/modules/nixos/services/servarr/bazarr.nix +++ b/modules/nixos/services/servarr/bazarr.nix @@ -7,12 +7,20 @@ in enable = lib.mkEnableOption "Bazarr" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 6767; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.bazarr = { enable = true; group = "media"; + listenPort = cfg.port; }; # Set-up media group @@ -20,7 +28,7 @@ in my.services.nginx.virtualHosts = { bazarr = { - port = 6767; + inherit (cfg) port; }; }; From 8e6be43817d1337df7a5169bf62ae7d05e5689fb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:07:21 +0000 Subject: [PATCH 093/109] nixox: services: servarr: refactor starr config Makes it slightly DRY-er and more readable. --- modules/nixos/services/servarr/default.nix | 87 ++-------------------- modules/nixos/services/servarr/starr.nix | 51 +++++++++++++ 2 files changed, 56 insertions(+), 82 deletions(-) create mode 100644 modules/nixos/services/servarr/starr.nix diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 53fd14b..398461b 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -2,94 +2,17 @@ # Relevant link [1]. # # [1]: https://youtu.be/I26Ql-uX6AM -{ config, lib, ... }: -let - cfg = config.my.services.servarr; - - ports = { - lidarr = 8686; - radarr = 7878; - readarr = 8787; - sonarr = 8989; - }; - - mkService = service: { - services.${service} = { - enable = true; - group = "media"; - }; - # Set-up media group - users.groups.media = { }; - }; - - mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { - port = ports.${service}; - }; - }; - }; - - mkFail2Ban = service: lib.mkIf cfg.${service}.enable { - services.fail2ban.jails = { - ${service} = '' - enabled = true - filter = ${service} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${service}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${service}.service - ''; - }; - }; - - mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ - (mkService service) - (mkRedirection service) - ]); -in +{ lib, ... }: { imports = [ ./bazarr.nix + (import ./starr.nix "lidarr") + (import ./starr.nix "radarr") + (import ./starr.nix "readarr") + (import ./starr.nix "sonarr") ]; options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - - lidarr = { - enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; - }; - - radarr = { - enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; - }; - - readarr = { - enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; - }; - - sonarr = { - enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; - }; }; - - config = (lib.mkMerge [ - # Lidarr for music - (mkFullConfig "lidarr") - (mkFail2Ban "lidarr") - # Radarr for movies - (mkFullConfig "radarr") - (mkFail2Ban "radarr") - # Readarr for books - (mkFullConfig "readarr") - (mkFail2Ban "readarr") - # Sonarr for shows - (mkFullConfig "sonarr") - (mkFail2Ban "sonarr") - ]); } diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix new file mode 100644 index 0000000..e9c84f9 --- /dev/null +++ b/modules/nixos/services/servarr/starr.nix @@ -0,0 +1,51 @@ +# Templated *arr configuration +starr: +{ config, lib, ... }: +let + cfg = config.my.services.servarr.${starr}; + ports = { + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; + }; +in +{ + options.my.services.servarr.${starr} = with lib; { + enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.${starr} = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + ${starr} = { + port = ports.${starr}; + }; + }; + + services.fail2ban.jails = { + ${starr} = '' + enabled = true + filter = ${starr} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${starr}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${starr}.service + ''; + }; + }; +} From d783b5f5ee598ddd82e585c12d8e397c55a1e3b1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:12:16 +0000 Subject: [PATCH 094/109] nixos: services: servarr: starr: add 'port' Now that declarative configurations are supported for those applications. --- modules/nixos/services/servarr/starr.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix index e9c84f9..2bf7c11 100644 --- a/modules/nixos/services/servarr/starr.nix +++ b/modules/nixos/services/servarr/starr.nix @@ -15,12 +15,25 @@ in enable = lib.mkEnableOption (lib.toSentenceCase starr) // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = ports.${starr}; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.${starr} = { enable = true; group = "media"; + + settings = { + server = { + port = cfg.port; + }; + }; }; # Set-up media group @@ -28,7 +41,7 @@ in my.services.nginx.virtualHosts = { ${starr} = { - port = ports.${starr}; + port = cfg.port; }; }; From f825d047b5f17cdff8cd096660abf48ed79e7f72 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:21:24 +0000 Subject: [PATCH 095/109] nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related. --- hosts/nixos/porthos/services.nix | 4 -- modules/nixos/services/indexers/default.nix | 30 ------------ modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++ 4 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 modules/nixos/services/servarr/prowlarr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 021a6ae..9017894 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,10 +51,6 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Meta-indexers - indexers = { - prowlarr.enable = true; - }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..00bf316 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -5,13 +5,11 @@ let jackettPort = 9117; nzbhydraPort = 5076; - prowlarrPort = 9696; in { options.my.services.indexers = with lib; { jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; }; config = lib.mkMerge [ @@ -46,33 +44,5 @@ in }; }; }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) ]; } diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 398461b..1bca773 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") (import ./starr.nix "readarr") diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 0000000..ce044c6 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +} From 950cf4dd059e74d87084747b25e70138753b82d5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:27:18 +0000 Subject: [PATCH 096/109] nixos: services: servarr: migrate jackett --- hosts/nixos/porthos/services.nix | 4 +++ modules/nixos/services/indexers/default.nix | 22 -------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/jackett.nix | 33 +++++++++++++++++++++ 4 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 modules/nixos/services/servarr/jackett.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 9017894..d45846a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -145,6 +145,10 @@ in lidarr = { enable = false; }; + # I only use Prowlarr nowadays + jackett = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 00bf316..5d81079 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -3,36 +3,14 @@ let cfg = config.my.services.indexers; - jackettPort = 9117; nzbhydraPort = 5076; in { options.my.services.indexers = with lib; { - jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; }; config = lib.mkMerge [ - (lib.mkIf cfg.jackett.enable { - services.jackett = { - enable = true; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - port = jackettPort; - }; - }; - }) - (lib.mkIf cfg.nzbhydra.enable { services.nzbhydra2 = { enable = true; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 1bca773..06a1cef 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./jackett.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix new file mode 100644 index 0000000..756df9b --- /dev/null +++ b/modules/nixos/services/servarr/jackett.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.jackett; +in +{ + options.my.services.servarr.jackett = with lib; { + enable = lib.mkEnableOption "Jackett" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.jackett = { + enable = true; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + port = 9117; + }; + }; + + # Jackett does not log authentication failures... + }; +} From c823edf58415c1f07eebd03a21617c09447cafbb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:28:04 +0000 Subject: [PATCH 097/109] nixos: services: servarr: jackett: add 'port' --- modules/nixos/services/servarr/jackett.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix index 756df9b..481cd3d 100644 --- a/modules/nixos/services/servarr/jackett.nix +++ b/modules/nixos/services/servarr/jackett.nix @@ -7,11 +7,19 @@ in enable = lib.mkEnableOption "Jackett" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 9117; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.jackett = { enable = true; + inherit (cfg) port; }; # Jackett wants to eat *all* my RAM if left to its own devices @@ -24,7 +32,7 @@ in my.services.nginx.virtualHosts = { jackett = { - port = 9117; + inherit (cfg) port; }; }; From b1ade723837cbffcfc8a1ac24fa96566392e5e3d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:32:39 +0000 Subject: [PATCH 098/109] nixos: services: servarr: migrate nzbhydra --- hosts/nixos/porthos/services.nix | 3 +++ modules/nixos/services/default.nix | 1 - modules/nixos/services/indexers/default.nix | 26 --------------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/nzbhydra.nix | 25 ++++++++++++++++++++ 5 files changed, 29 insertions(+), 27 deletions(-) delete mode 100644 modules/nixos/services/indexers/default.nix create mode 100644 modules/nixos/services/servarr/nzbhydra.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d45846a..7efddfa 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,6 +149,9 @@ in jackett = { enable = false; }; + nzbhydra = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3992385..27f8765 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -15,7 +15,6 @@ ./gitea ./grocy ./homebox - ./indexers ./jellyfin ./komga ./lohr diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix deleted file mode 100644 index 5d81079..0000000 --- a/modules/nixos/services/indexers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Torrent and usenet meta-indexers -{ config, lib, ... }: -let - cfg = config.my.services.indexers; - - nzbhydraPort = 5076; -in -{ - options.my.services.indexers = with lib; { - nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.nzbhydra.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = nzbhydraPort; - }; - }; - }) - ]; -} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 06a1cef..23838fd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./bazarr.nix ./jackett.nix + ./nzbhydra.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix new file mode 100644 index 0000000..4112c30 --- /dev/null +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.nzbhydra; +in +{ + options.my.services.servarr.nzbhydra = with lib; { + enable = lib.mkEnableOption "NZBHydra2" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = 5076; + }; + }; + + # NZBHydra2 does not log authentication failures... + }; +} From ec965800e4a1cd0d8a26f7e2ba50d31e85aaf9b9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:34:25 +0000 Subject: [PATCH 099/109] nixos: services: servarr: nzbhydra: fix websockets From what I could read, NZBHydra2 *might* require proxying websockets in new versions (better safe than sorry). --- modules/nixos/services/servarr/nzbhydra.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix index 4112c30..7b63986 100644 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -17,6 +17,7 @@ in my.services.nginx.virtualHosts = { nzbhydra = { port = 5076; + websocketsLocations = [ "/" ]; }; }; From 351026418678281890d469c7d183516f34bba445 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 22:49:11 +0200 Subject: [PATCH 100/109] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 353a392..d86d6b5 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743607567, - "narHash": "sha256-kTzKPDFmNzwO1cK4fiJgPB/iSw7HgBAmknRTeAPJAeI=", + "lastModified": 1743869639, + "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "49748c74cdbae03d70381f150b810f92617f23aa", + "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { From 215eb4c91ac722b8da4bb38c6791695021c3b516 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 22:59:51 +0100 Subject: [PATCH 101/109] nixos: services: servarr: add autobrr --- hosts/nixos/porthos/services.nix | 3 ++ modules/nixos/services/servarr/autobrr.nix | 62 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 1 + 3 files changed, 66 insertions(+) create mode 100644 modules/nixos/services/servarr/autobrr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 7efddfa..cb77fbe 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -141,6 +141,9 @@ in # The whole *arr software suite servarr = { enableAll = true; + autobrr = { + enable = false; + }; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix new file mode 100644 index 0000000..afb07f4 --- /dev/null +++ b/modules/nixos/services/servarr/autobrr.nix @@ -0,0 +1,62 @@ +# IRC-based +{ config, lib, ... }: +let + cfg = config.my.services.servarr.autobrr; +in +{ + options.my.services.servarr.autobrr = with lib; { + enable = mkEnableOption "autobrr IRC announce tracker" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 7474; + example = 8080; + description = "Internal port for webui"; + }; + + sessionSecretFile = mkOption { + type = types.str; + example = "/run/secrets/autobrr-secret.txt"; + description = '' + File containing the session secret. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.autobrr = { + enable = true; + + settings = { + inherit (cfg) port; + checkForUpdates = false; + }; + + secretFile = cfg.sessionSecretFile; + }; + + my.services.nginx.virtualHosts = { + autobrr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + autobrr = '' + enabled = true + filter = autobrr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/autobrr.conf".text = '' + [Definition] + failregex = ^.*Auth: invalid login \[.*\] from: $ + journalmatch = _SYSTEMD_UNIT=autobrr.service + ''; + }; + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 23838fd..409fcdc 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -5,6 +5,7 @@ { lib, ... }: { imports = [ + ./autobrr.nix ./bazarr.nix ./jackett.nix ./nzbhydra.nix From 979814e9dea51880a2ed2c3f37033b994160441d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 13 Feb 2025 21:58:19 +0000 Subject: [PATCH 102/109] hosts: nixos: porthos: secrets: add autobrr --- hosts/nixos/porthos/secrets/secrets.nix | 2 ++ .../porthos/secrets/servarr/autobrr/session-secret.age | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 68e90f2..425756c 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -80,6 +80,8 @@ in "pyload/credentials.age".publicKeys = all; + "servarr/autobrr/session-secret.age".publicKeys = all; + "sso/auth-key.age" = { owner = "nginx-sso"; publicKeys = all; diff --git a/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age new file mode 100644 index 0000000..e98b94a --- /dev/null +++ b/hosts/nixos/porthos/secrets/servarr/autobrr/session-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg bu09lB+fjaPP31cUQZP6EqSPuseucgNK7k9vAS08iS0 ++NGL+b2QD/qGo6hqHvosAXzHZtDvfodmPdcgnrKlD1o +-> ssh-ed25519 jPowng QDCdRBGWhtdvvMCiDH52cZHz1/W7aomhTatZ4+9IKwI +Ou3jjV/O55G1CPgGS33l3eWhhYWrVdwVNPSiE14d5rE +--- q0ssmpG50OX1WaNSInc2hbtH3DbTwQGDU74VGEoMh94 +mCƑ'hK./Xu(g$'M{fK !MZoR՝͟;yb \ No newline at end of file From b8c649d5bff68813cb8589c776cf39a17cef91ea Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Mar 2025 20:22:01 +0200 Subject: [PATCH 103/109] hosts: nixos: porthos: services: enable autobrr --- hosts/nixos/porthos/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index cb77fbe..784eb31 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -142,7 +142,7 @@ in servarr = { enableAll = true; autobrr = { - enable = false; + sessionSecretFile = secrets."servarr/autobrr/session-secret".path; }; # ... But not Lidarr because I don't care for music that much lidarr = { From 08f7c2bd7912696047e815adbb92adf89f4e47c7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 5 Apr 2025 20:24:21 +0200 Subject: [PATCH 104/109] nixos: services: nextcloud: bump to 31 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index fe94177..cf1b876 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -35,7 +35,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 01529075369d01274302efaaa8df55aac77b1a21 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 10:19:30 +0000 Subject: [PATCH 105/109] flake: nixos: use 'self.dirtyRev' if available --- flake/nixos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake/nixos.nix b/flake/nixos.nix index fa656dc..bf9eac8 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -3,7 +3,7 @@ let defaultModules = [ { # Let 'nixos-version --json' know about the Git revision - system.configurationRevision = self.rev or "dirty"; + system.configurationRevision = self.rev or self.dirtyRev or "dirty"; } { nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ From 05a643eb9504ba188f12328d562341f6e43ec761 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 15:50:22 +0000 Subject: [PATCH 106/109] flake: home-manager: set overlays in module I need to inherit `lib` to make sure it picks up my version, not the one from `pkgs`. I can't use `extraSpecialArgs` like NixOS, due to it missing from upstream [1]. [1]: https://github.com/nix-community/home-manager/pull/3969 --- flake/home-manager.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/flake/home-manager.nix b/flake/home-manager.nix index add889e..093ae8c 100644 --- a/flake/home-manager.nix +++ b/flake/home-manager.nix @@ -3,6 +3,11 @@ let defaultModules = [ # Include generic settings "${self}/modules/home" + { + nixpkgs.overlays = (lib.attrValues self.overlays) ++ [ + inputs.nur.overlays.default + ]; + } { # Basic user information defaults home.username = lib.mkDefault "ambroisie"; @@ -21,18 +26,15 @@ let # * not letting me set `lib` as an extraSpecialArgs # * not respecting `nixpkgs.overlays` [1] # [1]: https://github.com/nix-community/home-manager/issues/2954 - pkgs = import inputs.nixpkgs { - inherit system; - - overlays = (lib.attrValues self.overlays) ++ [ - inputs.nur.overlays.default - ]; - }; + pkgs = inputs.nixpkgs.legacyPackages.${system}; modules = defaultModules ++ [ "${self}/hosts/homes/${name}" ]; + # Use my extended lib in NixOS configuration + inherit (self) lib; + extraSpecialArgs = { # Inject inputs to use them in global registry inherit inputs; From 4f567d060a94d542401dab680cc6493d9fa07102 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 31 Oct 2024 14:09:23 +0000 Subject: [PATCH 107/109] flake: add 'nixgl' There's now a home-manager module for it, let's try it out. --- flake.lock | 25 +++++++++++++++++++++++++ flake.nix | 11 +++++++++++ 2 files changed, 36 insertions(+) diff --git a/flake.lock b/flake.lock index d86d6b5..8a54c50 100644 --- a/flake.lock +++ b/flake.lock @@ -173,6 +173,30 @@ "type": "github" } }, + "nixgl": { + "inputs": { + "flake-utils": [ + "futils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1713543440, + "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=", + "owner": "nix-community", + "repo": "nixGL", + "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "nixGL", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1743689281, @@ -221,6 +245,7 @@ "futils": "futils", "git-hooks": "git-hooks", "home-manager": "home-manager", + "nixgl": "nixgl", "nixpkgs": "nixpkgs", "nur": "nur", "systems": "systems" diff --git a/flake.nix b/flake.nix index 5076729..403f308 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,17 @@ }; }; + nixgl = { + type = "github"; + owner = "nix-community"; + repo = "nixGL"; + ref = "main"; + inputs = { + flake-utils.follows = "futils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + nixpkgs = { type = "github"; owner = "NixOS"; From 2d3a9ed75e4cc36d6a8df076c15685def5dd7839 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 31 Oct 2024 14:14:59 +0000 Subject: [PATCH 108/109] home: add 'nix-gl' --- modules/home/default.nix | 1 + modules/home/nix-gl/default.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 modules/home/nix-gl/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index c8183cf..dd3e3cb 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -27,6 +27,7 @@ ./mail ./mpv ./nix + ./nix-gl ./nix-index ./nixpkgs ./nm-applet diff --git a/modules/home/nix-gl/default.nix b/modules/home/nix-gl/default.nix new file mode 100644 index 0000000..e7b9a4f --- /dev/null +++ b/modules/home/nix-gl/default.nix @@ -0,0 +1,17 @@ +{ config, inputs, lib, ... }: +let + cfg = config.my.home.nix-gl; +in +{ + options.my.home.nix-gl = with lib; { + enable = mkEnableOption "nixGL configuration"; + }; + + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + nixGL = { + inherit (inputs.nixgl) packages; + }; + } + ]); +} From 77845244ea07adf0665ad7f7c54fd4ee97a1f949 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 7 Apr 2025 16:15:16 +0000 Subject: [PATCH 109/109] WIP: nixgl wrappers --- modules/home/nix-gl/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home/nix-gl/default.nix b/modules/home/nix-gl/default.nix index e7b9a4f..0f261f9 100644 --- a/modules/home/nix-gl/default.nix +++ b/modules/home/nix-gl/default.nix @@ -11,6 +11,10 @@ in { nixGL = { inherit (inputs.nixgl) packages; + + defaultWrapper = "mesa"; + + installScripts = [ "mesa" ]; }; } ]);