From c1ffe096312ca96aca76b07fa0db465d44331778 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Mar 2024 12:32:40 +0000 Subject: [PATCH 01/15] nixos: services: add forgejo --- modules/nixos/services/default.nix | 1 + modules/nixos/services/forgejo/default.nix | 162 +++++++++++++++++++++ 2 files changed, 163 insertions(+) create mode 100644 modules/nixos/services/forgejo/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 90dd3e1..3b32d06 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -10,6 +10,7 @@ ./drone ./fail2ban ./flood + ./forgejo ./gitea ./grocy ./indexers diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix new file mode 100644 index 0000000..0f3dfc5 --- /dev/null +++ b/modules/nixos/services/forgejo/default.nix @@ -0,0 +1,162 @@ +# A low-ressource, full-featured git forge. +{ config, lib, ... }: +let + cfg = config.my.services.forgejo; +in +{ + options.my.services.forgejo = with lib; { + enable = mkEnableOption "Forgejo"; + port = mkOption { + type = types.port; + default = 3042; + example = 8080; + description = "Internal port"; + }; + mail = { + enable = mkEnableOption { + description = "mailer configuration"; + }; + host = mkOption { + type = types.str; + example = "smtp.example.com"; + description = "Host for the mail account"; + }; + port = mkOption { + type = types.port; + default = 465; + example = 587; + description = "Port for the mail account"; + }; + user = mkOption { + type = types.str; + example = "forgejo@example.com"; + description = "User for the mail account"; + }; + passwordFile = mkOption { + type = types.str; + example = "/run/secrets/forgejo-mail-password.txt"; + description = "Password for the mail account"; + }; + protocol = mkOption { + type = types.str; + default = "smtps"; + example = "smtp"; + description = "Protocol for connection"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.my.services.gitea.enable; + message = '' + `config.my.services.forgejo` is incompatible with + `config.my.services.gitea`. + ''; + } + ]; + + services.forgejo = + let + inherit (config.networking) domain; + forgejoDomain = "git.${domain}"; + in + { + enable = true; + + user = "git"; + group = "git"; + + lfs.enable = true; + + useWizard = false; + + database = { + type = "postgres"; # Automatic setup + user = "git"; # User needs to be the same as forgejo user + name = "git"; # Name must be the same as user for `ensureDBOwnership` + }; + + # NixOS module uses `forgejo dump` to backup repositories and the database, + # but it produces a single .zip file that's not very backup friendly. + # I configure my backup system manually below. + dump.enable = false; + + mailerPasswordFile = lib.mkIf cfg.mail.enable cfg.mail.passwordFile; + + settings = { + DEFAULT = { + APP_NAME = "Ambroisie's forge"; + }; + + server = { + HTTP_PORT = cfg.port; + DOMAIN = forgejoDomain; + ROOT_URL = "https://${forgejoDomain}"; + }; + + mailer = lib.mkIf cfg.mail.enable { + ENABLED = true; + SMTP_ADDR = cfg.mail.host; + SMTP_PORT = cfg.mail.port; + FROM = "Forgejo <${cfg.mail.user}>"; + USER = cfg.mail.user; + PROTOCOL = cfg.mail.protocol; + }; + + service = { + DISABLE_REGISTRATION = true; + }; + + session = { + # only send cookies via HTTPS + COOKIE_SECURE = true; + }; + }; + }; + + users.users.git = { + description = "Forgejo Service"; + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "git"; + isSystemUser = true; + }; + users.groups.git = { }; + + my.services.nginx.virtualHosts = { + # Proxy to Forgejo + git = { + inherit (cfg) port; + }; + # Redirect `forgejo.` to actual forge subdomain + forgejo = { + redirect = config.services.forgejo.settings.server.ROOT_URL; + }; + }; + + my.services.backup = { + paths = [ + config.services.forgejo.lfs.contentDir + config.services.forgejo.repositoryRoot + ]; + }; + + services.fail2ban.jails = { + forgejo = '' + enabled = true + filter = forgejo + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + }; + }; +} From b41fd9e48ecc27f79757f014272c2c190e0c7d9b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Mar 2024 12:32:40 +0000 Subject: [PATCH 02/15] hosts: nixos: porthos: secrets: add forgejo mail --- hosts/nixos/porthos/secrets/forgejo/mail-password.age | 10 ++++++++++ hosts/nixos/porthos/secrets/secrets.nix | 5 +++++ 2 files changed, 15 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/forgejo/mail-password.age diff --git a/hosts/nixos/porthos/secrets/forgejo/mail-password.age b/hosts/nixos/porthos/secrets/forgejo/mail-password.age new file mode 100644 index 0000000..67ef695 --- /dev/null +++ b/hosts/nixos/porthos/secrets/forgejo/mail-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg Lhgx43wR8PtAMf5v1eJxKlUBSAoOLdOOn/QaQrwF8zA +jfUCpgNzkHCNTWCqtErDaLMmg1Oy+s9zUra1JLCi+J4 +-> ssh-ed25519 jPowng kSeQ/SmMrzd8ByVu3YHWeZyKmqFZvQSBnDunkB8e6wc +WRmnfrV5xcRXA9t0ZXx6YvbRl0sX4PTrw63VVKX4Ei4 +--- a+LLM1gP9g1AbUapbeeKaS4cEcRBmPo3MHU2DSWTAds +,F6⬘ ix̏e| + +Ϝ,{ v!z$P;TKW + qG \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index 3545e3a..bea380c 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -21,6 +21,11 @@ in "drone/secret.age".publicKeys = all; "drone/ssh/private-key.age".publicKeys = all; + "forgejo/mail-password.age" = { + owner = "git"; + publicKeys = all; + }; + "gitea/mail-password.age" = { owner = "git"; publicKeys = all; From f3207468f979d5bffc42e131152d33bff6d8548c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 9 Mar 2024 13:34:38 +0100 Subject: [PATCH 03/15] nixos: services: woodpecker: configurable forge --- modules/nixos/services/woodpecker/default.nix | 6 ++++++ modules/nixos/services/woodpecker/server/default.nix | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix index 34ffca6..8fa692e 100644 --- a/modules/nixos/services/woodpecker/default.nix +++ b/modules/nixos/services/woodpecker/default.nix @@ -8,6 +8,12 @@ options.my.services.woodpecker = with lib; { enable = mkEnableOption "Woodpecker CI"; + forge = mkOption { + type = types.enum [ "gitea" "forgejo" ]; + default = "gitea"; + example = "forgejo"; + description = "Which Forge to connect to"; + }; runners = mkOption { type = with types; listOf (enum [ "exec" "docker" ]); default = [ ]; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index f02a5c5..adf533e 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -17,7 +17,7 @@ in WOODPECKER_GRPC_ADDR = ":${toString cfg.rpcPort}"; WOODPECKER_GITEA = "true"; - WOODPECKER_GITEA_URL = config.services.gitea.settings.server.ROOT_URL; + WOODPECKER_GITEA_URL = config.services.${cfg.forge}.settings.server.ROOT_URL; WOODPECKER_LOG_LEVEL = "debug"; }; From 0f33dbd5c24440fd243725fd96f8081ad66750d8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Mar 2024 12:32:40 +0000 Subject: [PATCH 04/15] hosts: nixos: porthos: switch to forgejo This required a quick rename to migrate from one to the other. --- hosts/nixos/porthos/services.nix | 8 ++++---- modules/nixos/services/woodpecker/default.nix | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index c872160..a67ae3b 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -36,14 +36,14 @@ in flood = { enable = true; }; - # Gitea forge - gitea = { + # Forgejo forge + forgejo = { enable = true; mail = { enable = true; host = "smtp.migadu.com"; - user = lib.my.mkMailAddress "gitea" "belanyi.fr"; - passwordFile = secrets."gitea/mail-password".path; + user = lib.my.mkMailAddress "forgejo" "belanyi.fr"; + passwordFile = secrets."forgejo/mail-password".path; }; }; # Meta-indexers diff --git a/modules/nixos/services/woodpecker/default.nix b/modules/nixos/services/woodpecker/default.nix index 8fa692e..012eaae 100644 --- a/modules/nixos/services/woodpecker/default.nix +++ b/modules/nixos/services/woodpecker/default.nix @@ -10,8 +10,8 @@ enable = mkEnableOption "Woodpecker CI"; forge = mkOption { type = types.enum [ "gitea" "forgejo" ]; - default = "gitea"; - example = "forgejo"; + default = "forgejo"; + example = "gitea"; description = "Which Forge to connect to"; }; runners = mkOption { From 5d3160fb0de293fbc100f511be6d1034fdd91877 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 5 Mar 2024 00:45:31 +0100 Subject: [PATCH 05/15] hosts: nixos: porthos: migrate to new host OVH/Kimsufi are deprecating my current server by the end of the year. So let's migrate to a new host. This was more painful than initially planned, OVH introduced a change to their rescue system which messes with the NixOS installation [1]. In the end I used a kexec image [2] to run the installation. [1]: https://github.com/NixOS/nix/issues/7790 [2]: https://github.com/nix-community/nixos-images --- hosts/nixos/porthos/boot.nix | 11 ++++---- hosts/nixos/porthos/default.nix | 8 +----- hosts/nixos/porthos/hardware.nix | 13 +++++++-- hosts/nixos/porthos/install.sh | 29 ++++++++++++++------ hosts/nixos/porthos/networking.nix | 29 ++++++-------------- modules/home/ssh/default.nix | 2 +- modules/nixos/services/wireguard/default.nix | 2 +- 7 files changed, 48 insertions(+), 46 deletions(-) diff --git a/hosts/nixos/porthos/boot.nix b/hosts/nixos/porthos/boot.nix index fbc5db7..461e969 100644 --- a/hosts/nixos/porthos/boot.nix +++ b/hosts/nixos/porthos/boot.nix @@ -3,15 +3,14 @@ { boot = { - # Use the GRUB 2 boot loader. - loader.grub = { - enable = true; - # Define on which hard drive you want to install Grub. - device = "/dev/disk/by-id/ata-HGST_HUS724020ALA640_PN2181P6J58M1P"; + # Use the systemd-boot EFI boot loader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; initrd = { - availableKernelModules = [ "uhci_hcd" "ahci" "usbhid" ]; + availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; diff --git a/hosts/nixos/porthos/default.nix b/hosts/nixos/porthos/default.nix index 2dea899..bd1bdb1 100644 --- a/hosts/nixos/porthos/default.nix +++ b/hosts/nixos/porthos/default.nix @@ -16,11 +16,5 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/nixos/porthos/hardware.nix b/hosts/nixos/porthos/hardware.nix index 5a6e0d7..2172c5c 100644 --- a/hosts/nixos/porthos/hardware.nix +++ b/hosts/nixos/porthos/hardware.nix @@ -1,5 +1,5 @@ # Hardware configuration -{ lib, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ @@ -11,9 +11,18 @@ fsType = "ext4"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + my.hardware = { + firmware = { + cpuFlavor = "intel"; + }; + }; } diff --git a/hosts/nixos/porthos/install.sh b/hosts/nixos/porthos/install.sh index 8edc175..e6ba0aa 100644 --- a/hosts/nixos/porthos/install.sh +++ b/hosts/nixos/porthos/install.sh @@ -3,7 +3,7 @@ SWAP_SIZE=16GiB parted /dev/sda --script -- \ - mklabel msdos \ + mklabel gpt \ mkpart primary 512MiB -$SWAP_SIZE \ mkpart primary linux-swap -$SWAP_SIZE 100% \ mkpart ESP fat32 1MiB 512MiB \ @@ -11,14 +11,24 @@ parted /dev/sda --script -- \ parted /dev/sdb --script -- \ mklabel gpt \ - mkpart primary 0MiB 100% + mkpart primary 0% 100% +parted /dev/sdc --script -- \ + mklabel gpt \ + mkpart primary 0% 100% +parted /dev/sdd --script -- \ + mklabel gpt \ + mkpart primary 0% 100% mkfs.ext4 -L media1 /dev/sda1 mkfs.ext4 -L media2 /dev/sdb1 +mkfs.ext4 -L media3 /dev/sdc1 +mkfs.ext4 -L media4 /dev/sdd1 pvcreate /dev/sda1 pvcreate /dev/sdb1 -vgcreate lvm /dev/sda1 /dev/sdb1 +pvcreate /dev/sdc1 +pvcreate /dev/sdd1 +vgcreate lvm /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 lvcreate -l 100%FREE -n media lvm mkfs.ext4 -L nixos /dev/mapper/lvm-media @@ -27,17 +37,17 @@ mkfs.fat -F 32 -n boot /dev/sda3 mount /dev/disk/by-label/nixos /mnt swapon /dev/sda2 +mkdir -p /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot apt install sudo useradd -m -G sudo setupuser -# shellcheck disable=2117 -su setupuser cat << EOF # Run the following commands as setup user -curl -L https://nixos.org/nix/install | sh -. $HOME/.nix-profile/etc/profile.d/nix.sh -nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install +. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh +nix profile install nixpkgs#nixos-install-tools sudo "$(which nixos-generate-config)" --root /mnt # Change uuids to labels @@ -54,3 +64,6 @@ git crypt unlock nixos-install --root /mnt --flake '.#' EOF + +# shellcheck disable=2117 +su setupuser diff --git a/hosts/nixos/porthos/networking.nix b/hosts/nixos/porthos/networking.nix index 1e2c9cd..717652b 100644 --- a/hosts/nixos/porthos/networking.nix +++ b/hosts/nixos/porthos/networking.nix @@ -6,30 +6,17 @@ hostName = "porthos"; # Define your hostname. domain = "belanyi.fr"; # Define your domain. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = true; interfaces = { - bond0.useDHCP = true; - bonding_masters.useDHCP = true; - dummy0.useDHCP = true; - erspan0.useDHCP = true; - eth0.useDHCP = true; - eth1.useDHCP = true; - gre0.useDHCP = true; - gretap0.useDHCP = true; - ifb0.useDHCP = true; - ifb1.useDHCP = true; - ip6tnl0.useDHCP = true; - sit0.useDHCP = true; - teql0.useDHCP = true; - tunl0.useDHCP = true; + eno1.useDHCP = true; + eno2.useDHCP = true; }; }; # Which interface is used to connect to the internet - my.hardware.networking.externalInterface = "eth0"; + my.hardware.networking.externalInterface = "eno1"; } diff --git a/modules/home/ssh/default.nix b/modules/home/ssh/default.nix index 674cf6a..748b195 100644 --- a/modules/home/ssh/default.nix +++ b/modules/home/ssh/default.nix @@ -49,7 +49,7 @@ in }; porthos = { - hostname = "91.121.177.163"; + hostname = "37.187.146.15"; identityFile = "~/.ssh/shared_rsa"; user = "ambroisie"; }; diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix index 26e54e0..a76e424 100644 --- a/modules/nixos/services/wireguard/default.nix +++ b/modules/nixos/services/wireguard/default.nix @@ -13,7 +13,7 @@ let porthos = { clientNum = 1; publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ="; - externalIp = "91.121.177.163"; + externalIp = "37.187.146.15"; }; # "Clients" From 6140e1c8f926eced8867c71b18cdefa0f8a22f7a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 9 Mar 2024 22:00:17 +0100 Subject: [PATCH 06/15] nixos: services: lohr: migrate to tmpfiles This is better than a custom script. --- modules/nixos/services/lohr/default.nix | 34 ++++++++++++++----------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index dd4eea8..21aadba 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -59,21 +59,6 @@ in "LOHR_HOME=${lohrHome}" "LOHR_CONFIG=" ]; - ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${ - pkgs.writeScript "copy-ssh-key" '' - #!${pkgs.bash}/bin/bash - # Ensure the key is not there - mkdir -p '${lohrHome}/.ssh' - rm -f '${lohrHome}/.ssh/id_ed25519' - - # Move the key into place - cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519' - - # Fix permissions - chown -R lohr:lohr '${lohrHome}/.ssh' - chmod -R 0700 '${lohrHome}/.ssh' - '' - }''; ExecStart = let configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; @@ -103,5 +88,24 @@ in inherit (cfg) port; }; }; + + # SSH key provisioning + systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) { + "${lohrHome}/.ssh" = { + d = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + }; + }; + "${lohrHome}/.ssh/id_ed25519" = { + "f+" = { + user = "lohr"; + group = "lohr"; + mode = "0700"; + argument = cfg.sshKeyFile; + }; + }; + }; }; } From 08f4175412cc2257f3a30db51e310f4208009560 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 11:52:42 +0000 Subject: [PATCH 07/15] overlays: add none-ls-shellcheck-nvim --- overlays/none-ls-shellcheck-nvim/default.nix | 4 ++++ overlays/none-ls-shellcheck-nvim/generated.nix | 15 +++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 overlays/none-ls-shellcheck-nvim/default.nix create mode 100644 overlays/none-ls-shellcheck-nvim/generated.nix diff --git a/overlays/none-ls-shellcheck-nvim/default.nix b/overlays/none-ls-shellcheck-nvim/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/none-ls-shellcheck-nvim/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/none-ls-shellcheck-nvim/generated.nix b/overlays/none-ls-shellcheck-nvim/generated.nix new file mode 100644 index 0000000..ee93a88 --- /dev/null +++ b/overlays/none-ls-shellcheck-nvim/generated.nix @@ -0,0 +1,15 @@ +{ vimUtils, fetchFromGitHub }: +_final: _prev: +{ + none-ls-shellcheck-nvim = vimUtils.buildVimPlugin { + pname = "none-ls-shellcheck.nvim"; + version = "2024-02-28"; + src = fetchFromGitHub { + owner = "gbprod"; + repo = "none-ls-shellcheck.nvim"; + rev = "1eed283a7ede771b522a0a9f30bb604f02f51d64"; + sha256 = "1hs0q9a0xwyqml0bfmplk89f1dk4nyg6aapfarnx44zqiw1183kn"; + }; + meta.homepage = "https://github.com/gbprod/none-ls-shellcheck.nvim/"; + }; +} From 30247ce3a07a8d804fa471dc69f4c1186a40421e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 11:53:19 +0000 Subject: [PATCH 08/15] home: vim: null-ls: fix deprecated builtins `none-ls` deprecated a lot of unmaintained builtins, or ones that they find has been replaced by a compete LSP server. This removes those deprecated builtins, or uses a shim until I migrate to the relevant LSP configuration (for `bash-language-server`). --- modules/home/vim/default.nix | 1 + modules/home/vim/plugin/settings/null-ls.lua | 26 +++----------------- 2 files changed, 5 insertions(+), 22 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 871bf40..3e1aee4 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -68,6 +68,7 @@ in lsp-format-nvim # Simplified formatting configuration lsp_lines-nvim # Show diagnostics *over* regions none-ls-nvim # LSP integration for linters and formatters + none-ls-shellcheck-nvim # shellcheck shim for none-ls nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects nvim-ts-context-commentstring # Comment string in nested language blocks diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 0eaa55c..9915194 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -28,14 +28,6 @@ null_ls.register({ }), }) --- Haskell -null_ls.register({ - null_ls.builtins.formatting.brittany.with({ - -- Only used if available - condition = utils.is_executable_condition("brittany"), - }), -}) - -- Nix null_ls.register({ null_ls.builtins.formatting.nixpkgs_fmt.with({ @@ -50,16 +42,6 @@ null_ls.register({ -- Python null_ls.register({ - null_ls.builtins.diagnostics.flake8.with({ - -- Only used if available, but prefer pflake8 if available - condition = function() - return utils.is_executable("flake8") and not utils.is_executable("pflake8") - end, - }), - null_ls.builtins.diagnostics.pyproject_flake8.with({ - -- Only used if available - condition = utils.is_executable_condition("pflake8"), - }), null_ls.builtins.diagnostics.mypy.with({ -- Only used if available condition = utils.is_executable_condition("mypy"), @@ -81,13 +63,13 @@ null_ls.register({ -- Shell (non-POSIX) null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ + require("none-ls-shellcheck.diagnostics").with({ -- Restrict to bash and zsh filetypes = { "bash", "zsh" }, -- Only used if available condition = utils.is_executable_condition("shellcheck"), }), - null_ls.builtins.diagnostics.shellcheck.with({ + require("none-ls-shellcheck.code_actions").with({ -- Show error code in message diagnostics_format = "[#{c}] #{m}", -- Require explicit empty string test, use bash dialect @@ -110,13 +92,13 @@ null_ls.register({ -- Shell (POSIX) null_ls.register({ - null_ls.builtins.code_actions.shellcheck.with({ + require("none-ls-shellcheck.diagnostics").with({ -- Restrict to POSIX sh filetypes = { "sh" }, -- Only used if available condition = utils.is_executable_condition("shellcheck"), }), - null_ls.builtins.diagnostics.shellcheck.with({ + require("none-ls-shellcheck.code_actions").with({ -- Show error code in message diagnostics_format = "[#{c}] #{m}", -- Require explicit empty string test From f13a6fb023bf16954531e27aea752a2d24a18fbd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 12:01:15 +0000 Subject: [PATCH 09/15] home: vim: lspconfig: add 'ruff-lsp' Since everybody is moving towards using it instead of other linters... --- modules/home/vim/plugin/settings/lspconfig.lua | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 794a765..7b2d95f 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -52,6 +52,13 @@ if utils.is_executable("pyright") then }) end +if utils.is_executable("ruff-lsp") then + lspconfig.ruff_lsp.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + -- Rust if utils.is_executable("rust-analyzer") then lspconfig.rust_analyzer.setup({ From 7a3e64f814c9be720eb5e638c5a7d63cd9b5537d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 12:04:38 +0000 Subject: [PATCH 10/15] home: vim: lspconfig: add 'hls' If I ever end up actually learning it... --- modules/home/vim/plugin/settings/lspconfig.lua | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 7b2d95f..178898a 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -29,6 +29,14 @@ if utils.is_executable("clangd") then }) end +-- Haskell +if utils.is_executable("haskell-language-server-wrapper") then + lspconfig.hls.setup({ + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end + -- Nix if utils.is_executable("nil") then lspconfig.nil_ls.setup({ From dc27b5991220a1d019c339686af484f396660025 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 12:20:53 +0000 Subject: [PATCH 11/15] home: vim: lspconfig: migrate to 'bashls' Since `none-ls` has removed their `shellcheck` built-in. This actually makes the diagnostics more robust to POSIX/non-POSIX scripts (the LSP server detects it at runtime, which is more robust than the `ftdetect` scripts). Nice bonus: the shellcheck code is shown in the diagnostics message without any configuration! I'm not sure if I can configure `avoid-nullary-conditions` -- though it seems like this check is broken at the moment (I couldn't get it to trigger during my tests). --- modules/home/vim/default.nix | 3 +- .../home/vim/plugin/settings/lspconfig.lua | 9 ++++++ modules/home/vim/plugin/settings/null-ls.lua | 32 ------------------- 3 files changed, 10 insertions(+), 34 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 3e1aee4..07711cc 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -68,7 +68,6 @@ in lsp-format-nvim # Simplified formatting configuration lsp_lines-nvim # Show diagnostics *over* regions none-ls-nvim # LSP integration for linters and formatters - none-ls-shellcheck-nvim # shellcheck shim for none-ls nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects nvim-ts-context-commentstring # Comment string in nested language blocks @@ -106,7 +105,7 @@ in nixpkgs-fmt # Shell - shellcheck + nodePackages.bash-language-server shfmt ]; }; diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index 178898a..c2de2ea 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -74,3 +74,12 @@ if utils.is_executable("rust-analyzer") then on_attach = lsp.on_attach, }) end + +-- Shell +if utils.is_executable("bash-language-server") then + lspconfig.bashls.setup({ + filetypes = { "bash", "sh", "zsh" }, + capabilities = capabilities, + on_attach = lsp.on_attach, + }) +end diff --git a/modules/home/vim/plugin/settings/null-ls.lua b/modules/home/vim/plugin/settings/null-ls.lua index 9915194..c372751 100644 --- a/modules/home/vim/plugin/settings/null-ls.lua +++ b/modules/home/vim/plugin/settings/null-ls.lua @@ -63,22 +63,6 @@ null_ls.register({ -- Shell (non-POSIX) null_ls.register({ - require("none-ls-shellcheck.diagnostics").with({ - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - require("none-ls-shellcheck.code_actions").with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test, use bash dialect - extra_args = { "-s", "bash", "-o", "avoid-nullary-conditions" }, - -- Restrict to bash and zsh - filetypes = { "bash", "zsh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use bash dialect @@ -92,22 +76,6 @@ null_ls.register({ -- Shell (POSIX) null_ls.register({ - require("none-ls-shellcheck.diagnostics").with({ - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), - require("none-ls-shellcheck.code_actions").with({ - -- Show error code in message - diagnostics_format = "[#{c}] #{m}", - -- Require explicit empty string test - extra_args = { "-o", "avoid-nullary-conditions" }, - -- Restrict to POSIX sh - filetypes = { "sh" }, - -- Only used if available - condition = utils.is_executable_condition("shellcheck"), - }), null_ls.builtins.formatting.shfmt.with({ -- Indent with 4 spaces, simplify the code, indent switch cases, -- add space after redirection, use POSIX From 9749f0aa28dc945125066aaf47cb6066237ce6f6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 12:29:34 +0000 Subject: [PATCH 12/15] overlays: remove none-ls-shellcheck-nvim --- overlays/none-ls-shellcheck-nvim/default.nix | 4 ---- overlays/none-ls-shellcheck-nvim/generated.nix | 15 --------------- 2 files changed, 19 deletions(-) delete mode 100644 overlays/none-ls-shellcheck-nvim/default.nix delete mode 100644 overlays/none-ls-shellcheck-nvim/generated.nix diff --git a/overlays/none-ls-shellcheck-nvim/default.nix b/overlays/none-ls-shellcheck-nvim/default.nix deleted file mode 100644 index 832e71d..0000000 --- a/overlays/none-ls-shellcheck-nvim/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: prev: -{ - vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); -} diff --git a/overlays/none-ls-shellcheck-nvim/generated.nix b/overlays/none-ls-shellcheck-nvim/generated.nix deleted file mode 100644 index ee93a88..0000000 --- a/overlays/none-ls-shellcheck-nvim/generated.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ vimUtils, fetchFromGitHub }: -_final: _prev: -{ - none-ls-shellcheck-nvim = vimUtils.buildVimPlugin { - pname = "none-ls-shellcheck.nvim"; - version = "2024-02-28"; - src = fetchFromGitHub { - owner = "gbprod"; - repo = "none-ls-shellcheck.nvim"; - rev = "1eed283a7ede771b522a0a9f30bb604f02f51d64"; - sha256 = "1hs0q9a0xwyqml0bfmplk89f1dk4nyg6aapfarnx44zqiw1183kn"; - }; - meta.homepage = "https://github.com/gbprod/none-ls-shellcheck.nvim/"; - }; -} From b2dc051e6ad854c26784174c5b7823ebc9dbaec0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 9 Mar 2024 21:49:12 +0100 Subject: [PATCH 13/15] flake: bump inputs And fix the breaking changes in Vikunja (which actually make my configuration simpler). --- flake.lock | 24 +++++++++++----------- modules/nixos/services/vikunja/default.nix | 23 ++------------------- 2 files changed, 14 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index cd0b2de..ce8318f 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1709204054, - "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f3367769a93b226c467551315e9e270c3f78b15", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709150264, - "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1709206595, - "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=", + "lastModified": 1710013455, + "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=", "owner": "nix-community", "repo": "NUR", - "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed", + "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36", "type": "github" }, "original": { diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 9767d00..6e7700f 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -30,8 +30,6 @@ in frontendScheme = "https"; frontendHostname = vikunjaDomain; - setupNginx = false; - database = { type = "postgres"; user = "vikunja"; @@ -61,28 +59,11 @@ in # This is a weird setup my.services.nginx.virtualHosts = { ${subdomain} = { - # Serve the root for the web-ui - root = config.services.vikunja.package-frontend; - - extraConfig = { - locations = { - "/" = { - tryFiles = "try_files $uri $uri/ /"; - }; - - # Serve the API through a UNIX socket - "~* ^/(api|dav|\\.well-known)/" = { - proxyPass = "http://unix:${socketPath}"; - extraConfig = '' - client_max_body_size 20M; - ''; - }; - }; - }; + socket = socketPath; }; }; - systemd.services.vikunja-api = { + systemd.services.vikunja = { serviceConfig = { # Use a system user to simplify using the CLI DynamicUser = lib.mkForce false; From 276cc7e5f2dcdfe2929128323501b261bcb5b455 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 13:53:11 +0000 Subject: [PATCH 14/15] home: xdg: add '_JAVA_OPTIONS' --- modules/home/xdg/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix index aac5058..b7ba32b 100644 --- a/modules/home/xdg/default.nix +++ b/modules/home/xdg/default.nix @@ -55,5 +55,6 @@ in REDISCLI_HISTFILE = "${dataHome}/redis/rediscli_history"; REPO_CONFIG_DIR = "${configHome}/repo"; XCOMPOSECACHE = "${dataHome}/X11/xcompose"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${configHome}/java"; }; } From 801f097c511e60414b287dcb945073f37c4b7f83 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 11 Mar 2024 14:48:14 +0000 Subject: [PATCH 15/15] home: vim: lspconfig: remove 'rnix-lsp' It's been abandoned, `nil` is a better language server nowadays. --- modules/home/vim/plugin/settings/lspconfig.lua | 7 ------- 1 file changed, 7 deletions(-) diff --git a/modules/home/vim/plugin/settings/lspconfig.lua b/modules/home/vim/plugin/settings/lspconfig.lua index c2de2ea..628eab9 100644 --- a/modules/home/vim/plugin/settings/lspconfig.lua +++ b/modules/home/vim/plugin/settings/lspconfig.lua @@ -45,13 +45,6 @@ if utils.is_executable("nil") then }) end -if utils.is_executable("rnix-lsp") then - lspconfig.rnix.setup({ - capabilities = capabilities, - on_attach = lsp.on_attach, - }) -end - -- Python if utils.is_executable("pyright") then lspconfig.pyright.setup({